Monday 23 August 2010

IPMI Serial over LAN

Almost every server you are likely to come across has a built in baseboard management controller (BMC) that supports a pretty decent, if basic, set of out of band management tools. You can use this to remote manage the power state of your server (Check power state, power on\off\cycle), query fan\temperature\power supply sensors and get some information about the system (Serial numbers, basic spec). Life is a lot more pleasant for remote Server support with a full blown iDRAC\RiLO but IPMI can save you a lot of grief if you take a few minutes to set it up.

On systems that have an IPMI aware Operating System you can usually get the OS Host name as well which is a useful thing to check if you are using IPMI to forcibly reboot a box that you can’t actually get to physically. If you have a system that supports IPMI V2 (which I’d expect any server that’s under about 4 years old) you also get Serial over LAN (SOL) support which is very handy – you can remotely redirect the character mode console display and interact with the system over a LAN connection, at least until it switches to GUI mode. For most Linux distros it’s pretty easy to set it up so that you can log in over SOL.

Configuring basic IPMI operation is generally pretty straightforward but getting SOL requires a couple of more steps.

The main IPMI configuration has to be carried out at boot via the BMC option ROM – on Dell’s 9th and 10th gen servers (like the PE 2950\PE 1950\PE R300) you get prompted to “Press CTRL+E to enable Remote Access in 5 seconds”. Once in this option ROM setup screen you need to set up to following:

  • Set “IPMI over LAN” to ON
  • Set “Nic Selection” to shared unless you have a dedicated management port. In this mode the IPMI NIC piggybacks on the first on board NIC’s port but has a separate MAC address.
  • Open the “LAN Parameters” Section
    • Set “IP Address Source” to Static
    • Configure your ip address, subnet mask, default gateway and hostname to some useful values
    • Set “RMCP+ Encryption Key” something strong if you want to boost the security a bit – by default this is blank and the authentication handshake is really insecure.
    • Set “VLAN Enable” to On, and configure the VLAN if you have a separate management VLAN.
  • Return to the main menu and open the LAN User Configuration Section
    • The default user is root, level is admin, password is calvin
    • Set “Account User Login” to something other than the default
    • Pick a good password (secure but usable on a telnet screen where backspace is iffy)
    • Confirm the password.

Basic IPMI functions should now work and things like ipmitool and ipmish that you can download as part of the Dell DMC Utility will allow you to explore the options.

The following will now remotely power on a system where the default username hasn’t been updated.

ipmish -ip 192.168.1.10 -u root -p calvin power on

And the following will give you some info about the system and what it’s running:

ipmish -ip 192.168.1.10 -u root -p calvin sysinfo fru

Board Language Code             : English
Board Product Name              : FRU17T,DELL P/N
Board Serial Number             : CN1247088P007Z
Board Part Number               : 9JZ1294B0
Board FRU File ID               : 01
Host Name                       : helvickesx
Product Model                   : PowerEdge R300
Asset Tag                       :
Service Tag                     : 3A4CD9J
BIOS Version                    : 1.2.0
System OS Name                  : VMware ESXi 4.1.0 build-235786

ipmitool gives you more commands although some are not applicable to all platforms but it can give you more detail than you get with ipmish.

These are quite nifty things to be able to do with a powered off Server but the real plus with IPMI V2 is SOL. Enabling this requires a couple of more steps.

  • Reboot the machine and press F2 to open up the main BIOS configuration screen
  • Open up the “Serial Communication” section
  • Set “Serial Communication” to  “On with Console Redirection to COM2” – It has to be COM2, COM1 will not work.
  • Don’t worry about the “External Serial Connector” setting
  • Set the “Remote Terminal Type” to VT100\VT220
  • Set “Redirection after Boot” to Enabled – We want to be able to get into the BIOS after all.

For real Operating Systems you can redirect both boot and a terminal that you can login with through this interface – Brice Goglin has some details here on how to modify Grub and /etc/inittab to achieve this in his article on setting up IPMI.

To connect to your redirected console you can now use the sol capability of ipmitool :

ipmitool -I lanplus -H 192.168.1.10 -U root -P calvin sol activate

This implements a simple Telnet emulation that talks directly to the SOL protocol in the BMC and is the easiest way to check that it works. It renders anything other than very simple text quite poorly though and I prefer to use the SOL proxy that comes with the BMC Utilities to provide a more capable Telnet terminal connection. Once that is running connect via Telnet over port 623 to the machine running the proxy using your preferred Telnet client – Putty handles it pretty well. Once connected to the SOL proxy you then have to connect to your server’s BMC and activate the SOL proxy so it is a few more steps but the improved console is worth it if you are going to be playing around in the BIOS.

The basic steps are almost identical on all Dell 9, 10 & 11G servers and shouldn’t be dramatically different on any system running an Avocent BMC (which is most of them).

Once you are connected via SOL there are some useful escape combinations that are worth remembering:

  • ~.               exit the console.
  • <esc>1       F1
  • <esc>2       F2
  • <esc>0       F10
  • <esc>@      F12

1 comment:

none said...

This is great info on setting up IPMI and SOL on earlier Dell servers. The issue I'm having is that If I try to set this up on R310/R415 servers, I can get everything to work *until* I enable vlan. Once i enable vlan, i can still power up/down the machine, but SOL stops working. I've verified that I've set things up exactly as I have done with the R300's I have setup in the past. Anyone else having this problem? Is there a solution? Thanks.