ipmitool Duncan Laurie ipmitool-devel@lists.sourceforge.net Overview ======== ipmitool is a utility for managing and configuring devices that support the Intelligent Platform Management Interface. IPMI is an open standard for monitoring, logging, recovery, inventory, and control of hardware that is implemented independent of the main CPU, BIOS, and OS. The service processor (or Baseboard Management Controller, BMC) is the brain behind platform management and its primary purpose is to handle the autonomous sensor monitoring and event logging features. The ipmitool program provides a simple command-line interface to this BMC. It features the ability to read the sensor data repository (SDR) and print sensor values, display the contents of the System Event Log (SEL), print Field Replaceable Unit (FRU) inventory information, read and set LAN configuration parameters, and perform remote chassis power control. Background ========== I originally wrote ipmitool while between projects and employeed at Sun Microsystems. Sun had just embarked on a new line of general-purpose x86 servers that inclued an OEM Intel board with an IPMIv1.5 BMC on board. It started with an idea that remote chassis power control would be a handy feature for my systems in the lab and from there it grew into a multi- purpose tool that lots of people found useful. I decided to release it under a BSD license and give others the chance to make use of it. ipmitool was not written to provide large-scale (aka Enterprise) management application functionality. The functionality that ipmitool proivides is easily accomplished by sending simple IPMI request messages and parsing the returned response. It is intended to be used by system administrators who like the simplicity and scriptability of command-line utilities, as well as those debugging or developing their own BMC implementations. Requirements ============ Obviously the largest requirement is hardware with a service processor that supports the IPMI specification. Many x86-based servers are now comming with IPMI support, check with your preferred hardware vendor about available prodcuts. Once you are certain you have the required hardware, you then need to decide how you want to access the BMC. The most common case involve access through the System Interface or over the LAN. (or serial, but currently ipmitool does not support the serial interface) System Interface ---------------- There are multiple types of system interfaces, but they are all similar enough to allow a single well-designed driver to support them all. Different types of system interfaces include Keyboard Controller Style (KCS), Block Transfer (BT), System Management Interface Chip (SMIC) and SMBus. Different hardware vendors will have different preference and implementations. On Linux the OpenIPMI kernel driver should support all of these system interfaces and it should be a simple matter of loading the right kernel modules and setting up the device node to use it. The driver module names vary slightly in different kernel versions, but for all releases you need these two modules: ipmi_msghandler: incoming and outgoing message handler ipmi_devintf: character device interface to IPMI driver For 2.4.x and early 2.6.x kernels you need to choose a module based on the type of system interface your hardware supports. For example: ipmi_kcs_drv: Keyboard Controller Style driver More recent 2.6.x kernels have combined these into a single module: ipmi_si: a universal IPMI system interface driver See the documentation that comes with your distribution and/or kernel for more information on what kernel modules are required. Once the required modules are loaded and the driver has found a suitable system interface to the BMC then you need to ensure the device node at /dev/ipmi0 is pointing at the correct major number. This is because OpenIPMI is given a dynamically assigned major number when it is loaded, but depending on what other modules are present this number may be anywhere from 254 on down. The easiest way to tell is to check the output of /proc/devices and see what major number the "ipmidev" device is assigned to. There is a sample script included with ipmitool called ipmi.init that can be used to automate this process at bootup. LAN Interface ------------- This is often referred to as "IPMI-over-LAN" and defines how IPMI messages can be sent to and from the BMC encapsulated in Remote Management Control Protocol (RMCP) packets which are then transferred as UDP datagrams. IPMI-over-LAN is only supported with version 1.5 and higher of the IPMI specification. The RMCP packet format is defined by the Alert Standard Forum, and it has been followed up with the RMCP+ protocol that adds encryption and payload support. The IPMIv2 specification was updated accordingly to to support the RMCP+ protocol and brings with it enhanced security with encryption as well as support for Serial over LAN. There are different types of LAN interfaces as well. Some systems have shared management networks where the NIC will intercept UDP packets to port 623 and redirect them to the BMC over SMBUS. This type of LAN interface requires that the BMC be configured with the same settings that the system uses. It also suffers from an increased security risk just by the nature of sharing that interface with normal traffic. I have also seen bugs in some implementations that have rendered the IPMI-over-LAN feature "dangerous" to enable in some situations. (in particular there can be an issue with RPC because it will sometimes choose to use port 623 and you will lose response packets...) There is a sample shell script included with ipmitool called bmclanconf that can be used to simplify the LAN settings configuration process using the System Interface to configure the settings. In some cases the hardware will come with a utility (often a DOS bootable CD) for configuring enabling the LAN interface as well. In order to support the IPMIv2.0 interface you must have an OpenSSL library with the required encrytion functions. Recent distributions should have no problems. The IPMIv1.5 interface will attempt to use OpenSSL for MD5 hash function at compile time but if that is not found it will use an internal library. IPMB Dual Bridging in IPMITOOL ------------------------------- IPMI offers a standard messaging interface. The following concepts are related to this messaging interface: Channel type : Communication channel type (SMS/KCS, IPMB, LAN) Channel number : Channel descriptor Requester : Address of the requester Responder : Address of the responder NetFN : The logical function for the request/response. Command : The command number Sequence : An ID identifiying the request/response pair Message tracking : The ability to match request/response pair. When a communication is issued through any of the channels, an application formats a request and expect a response. Direct Command -------------- The simplest form of communication is a "direct command" using SMS/KCS Example: ipmitool raw 6 4 55 00 This send raw command 4 (selftest) from netfn 6(application) to KCS, the driver takes care of 'message tracking' and provides the answer. Hopefully, the application also includes a "human readable" instance of the API: ipmitool mc selftest Selftest: passed Bridged Command --------------- One slightly more complicated communication mode is the so-called "bridged command" using IPMB. Example: ipmitool -m 0x94 -t 0x9a raw 6 4 55 00 or ipmitool -m 0x94 -t 0x9a mc selftest Selftest: passed This still sends the same command 4 (selftest) from netfn 6(application) to the target. However, to do so, the command is encapsulated (by the driver) and sent using the command 0x34 (send message) from netfn 6(application) to KCS. Then KCS is polled by the driver until a message has been received, then the driver uses command 0x33 (get message). The driver also tracks the message and makes sure the response matches the request. Then it decapsultates the message and gives the response back to the application. Dual Bridged Command -------------------- Things get a little more ugly when the application needs to reach a management controller sitting on an interface (or channel) not directly connected to the BMC/IPMC. In the case the application must encapsulate its message itself and request the IPMC to deal with message tracking itself. Its been working well with IPMITOOL on the LAN interface with: ipmitool -H <ip> -U <user> -P <password> -B 0 -T 0x8a -m 0x20 -t 0x7a -b 7 mc selftest However, trying to dual bridge commands locally with : ipmitool -B 0 -T 0x9a -m 0x94 -t 0x7a -b 7 mc selftest didn't work (it returned the same data as ipmitool -m 0x20 -t 0x7a -b 7 mc selftest ) The reason was that the "openipmi" interface pluging didn't encapsulate/decapsulate the message and didn't even detect the intent to double bridge the request. ./src/ipmitool -B 0 -T 0x8a -m 0x94 -t 0x7a -b 7 mc selftest -B 0 : transit channel for first bridge level (channel 0: IPMB-0) -T 0x8a : transit destination address (remote IPMC address) -m 0x94 : source address (local IPMC address on IPMB-0) -t 0x7a : remote target (AMC IPMB-L address) -b 7 : remote channel (channel 7: IPMB-L) The transit source address (remote IPMC address on remote channel) is automatically assigned by the remote IPMC. Payload Size Limit ------------------ Because some commands return a lot of data (fru read/get sdr) and because 2 levels of encapsulation are used, some command will fail. For instance this works. ipmitool -H <ip> -U <user> -P <password> -B 0 -T 0x8a -m 0x94 -t 0x7a -b 7 mc selftest but this does not: ipmitool -H <ip> -U <user> -P <password> -B 0 -T 0x8a -m 0x94 -t 0x7a -b 7 fru print. Usage ===== All invocations of ipmitool require specifying an interface to use, unless you want to use the default interface as set at compile time. Each call must also specify a command to run. You can see the list of supported interfaces and which is default as well as a list of top level commands in the usage output available with the -h option: usage: ipmitool [options...] <command> -h This help -V Show version information -v Verbose (can use multiple times) -c Display output in comma separated format -I intf Interface to use -H hostname Remote host name for LAN interface -p port Remote RMCP port [default=623] -L level Remote session privilege level [default=USER] -A authtype Force use of authtype NONE, PASSWORD, MD2 or MD5 -U username Remote session username -P password Remote session password -f file Read remote session password from file -a Prompt for remote password -E Read password from IPMI_PASSWORD environment variable -m address Set local IPMB address -t address Bridge request to remote target address Interfaces: open Linux OpenIPMI Interface [default] imb Intel IMB Interface lan IPMI v1.5 LAN Interface lanplus IPMI v2.0 RMCP+ LAN Interface Commands: raw Send a RAW IPMI request and print response lan Configure LAN Channels chassis Get chassis status and set power state event Send pre-defined events to BMC bmc Print BMC status and configure global enables sdr Print Sensor Data Repository entries and readings sensor Print detailed sensor information fru Print built-in FRU and scan SDR for FRU locators sel Print System Evelnt Log sol Configure IPMIv2.0 Serial-over-LAN user Configure BMC users channel Configure BMC channels session Print session information shell Launch interactive IPMI shell exec Run list of commands from file set Set runtime variable for shell and exec Commands ======== More help on the supported commands can be found by running them with the help argument, for example "chassis help". There are a few commands with special meaning: > shell: This command will launch an shell interface to the ipmitool command set. You can use this for interactively entering commands to monitor system status. An example session: # ipmitool -I open shell ipmitool> chassis status System Power : off Power Overload : false Power Interlock : inactive Main Power Fault : false Power Control Fault : false Power Restore Policy : always-off Last Power Event : command Chassis Intrusion : active Front-Panel Lockout : inactive Drive Fault : false Cooling/Fan Fault : false ipmitool> user list 7 ID Name Callin Link Auth IPMI Msg Channel Priv Limit 1 true false true ADMINISTRATOR ipmitool> exit > exec: This command will read a text file and execute ipmitool commands in sequence. It can be used for scriptable commands: # cat lansetup.scr lan set 7 ipsrc static lan set 7 ipaddr 10.1.1.10 lan set 7 netmask 255.255.255.0 lan set 7 defgw ipaddr 10.1.1.254 # ipmitool -I open exec lansetup.scr Setting LAN IP Address to 10.1.1.10 Setting Lan Subnet Mask to 255.255.255.0 Setting Lan Default Gateway IP to 10.1.1.254 > set: This command can be used by the shell and exec modes to configure various session parameters: hostname <host> Session hostname username <user> Session username password <pass> Session password privlvl <level> Session privilege level force authtype <type> Authentication type force localaddr <addr> Local IPMB address targetaddr <addr> Remote target IPMB address port <port> Remote RMCP port csv [level] enable output in comma separated format verbose [level] Verbose level # cat getstatus.scr set hostname sf-v20z-1 set password admin chassis status # ipmitool -I lan exec getstatus.scr Set session hostname to lx50 Set session password System Power : off Power Overload : false Power Interlock : inactive Main Power Fault : false Power Control Fault : false Power Restore Policy : always-off Last Power Event : command Chassis Intrusion : active Front-Panel Lockout : inactive Drive Fault : false Cooling/Fan Fault : false ipmievd ======= Included with ipmitool is another utility called ipmievd that is a daemon which will listen for events from the BMC that are being sent to the SEL and also log those messages to syslog. By default when run (as root) with no arguments it will daemonize and poll on the OpenIPMI device waiting for an event notification. Upon receipt of an event it will log it to syslog with the LOG_LOCAL4 facility. You can test ipmievd by sending test events over the LAN interface with ipmitool: remote# ipmievd local$ ipmitool -I lan -H lx50 -P admin event help usage: event <num> 1 : Temperature - Upper Critical - Going High 2 : Voltage Threshold - Lower Critical - Going Low 3 : Memory - Correctable ECC local$ ipmitool -I lan -H lx50 -P admin event 1 Sending Temperature - Upper Critical - Going High event to BMC local$ ipmitool -I lan -H lx50 -P admin event 2 Sending Voltage Threshold - Lower Critical - Going Low event to BMC local$ ipmitool -I lan -H lx50 -P admin event 3 Sending Memory - Correctable ECC event to BMC remote# tail /var/log/messages (timestamps removed) ipmievd: Waiting for events... ipmievd: Temperature Sensor 30 - Upper Critical - going high ipmievd: Voltage Sensor 60 - Lower Critical - going low ipmievd: Memory Sensor 01 - Correctable ECC Resources ========= IPMItool homepage http://ipmitool.sourceforge.net IPMItool manpage http://ipmitool.sourceforge.net/manpage.html IPMItool overview paper from Linux.conf.au 2004 http://ipmitool.sourceforge.net/lca2004_ipmitool.pdf Intelligent Platform Management Interface specification http://www.intel.com/design/servers/ipmi/spec.htm OpenIPMI project: Linux IPMI kernel driver and userland library http://openipmi.sourceforge.net