IPMI is an open standard for monitoring, logging, recovery, inventory, and control of hardware that is implemented independent of the main CPU, BIOS, and OS. The service processor (or Baseboard Management Controller, BMC) is the brain behind platform management and its primary purpose is to handle the autonomous sensor monitoring and event logging features.
The ipmitool program provides a simple command-line interface to BMC. It features the ability to read the sensor data repository (SDR) and print sensor values, display the contents of the System Event Log (SEL), print Field Replaceable Unit (FRU) inventory information, read and set LAN configuration parameters, and perform remote chassis power control.
It was originally written to take advantage of IPMI-over-LAN interfaces but is also capable of using a system interface as provided by a kernel device driver such as OpenIPMI on Linux and BMC on Solaris 10 or the new OpenIPMI-compatible driver in FreeBSD.
Install Packages
Example 1: Check Chassis Status
# ipmitool chassis status
System Power : on
Power Overload : false
Power Interlock : inactive
Main Power Fault : false
Power Control Fault : false
Power Restore Policy : previous
Last Power Event : command
Chassis Intrusion : inactive
Front-Panel Lockout : inactive
Drive Fault : false
Cooling/Fan Fault : false
Example 2: Check sel list
# ipmitool sel elist | more
1 | Pre-Init Time-stamp | Power Supply VRM Status | Presence detected | Asserted
2 | Pre-Init Time-stamp | Power Supply VRM Status | Presence detected | Asserted
3 | Pre-Init Time-stamp | Power Unit Sys pwr monitor | Power off/down | Deasserted
...
Example 3: Check Sensor list
# ipmitool sensor list
Ambient Temp | 22.000 | degrees C | ok | na | na | na | 38.000 | 41.000 | 45.000
AVG Power | 300.000 | Watts | ok | na | na | na | na | na | na
Fan 1 Tach | 4125.000 | RPM | ok | na | 750.000 | na | na | na | na
...
Example 4: Print out device FRU
# ipmitool fru
FRU Device Description : Builtin FRU Device (ID 0)
Chassis Type : Main Server Chassis
Chassis Part Number : 797971U
Chassis Serial : KQHMRF1
Board Mfg Date : Wed Apr 21 13:09:00 2010
Board Mfg : FOXC
Board Product : IBM Planar
Board Serial : 7672K4 K1092
Board Part Number : 43W8292
Product Manufacturer : IBM
Product Name : IBM Product
Product Part Number : 797971U
Product Version : N/A
Product Serial : KQHMRF1
...
Example 5: Tempature and Fan status
# ipmitool sdr
Ambient Temp | 22 degrees C | ok
AVG Power | 300 Watts | ok
Fan 1 Tach | 4125 RPM | ok
Fan 2 Tach | 4425 RPM | ok
Fan 3 Tach | 4500 RPM | ok
Fan 4 Tach | 4725 RPM | ok
....
Remote Access mode
More useful if you can remotly access a server/chassis even when the OS Is down.
Note: For older version of platform like IMM/ILOM, they don't support ssh key, newer version all accept ssh key
Example 6: Remote access via admin interface
General command to get chassis status
ipmitool -H $host -U user -P<password> chassis status
For blade chassises, there are still slightly different on different platform, refer to your chassis guide for the detail.
Try them with this
PDSH_SSH_ARGS_APPEND="-i /home/trteam/.ssh/blade_center_key" pdsh -w $ibmchass -l admin "health -l a -f"
Some other chassises, particularly old chassises, you'd have to use -U -P, same like server's
ipmitool -H $host -U user -P<password> chassis status
With the example shown above, you can do wnatever scripting to capture the server/chassis status.
Example 7: Power on and off a Host remotely
Power On a Host
$ipmitool -H $host -v -I lanplus -U username -P <password> chassis power on
Power Off a Host
$ ipmitool -H $host -v -I lanplus -U username -P <password> chassis power off
Example 8: Power cycle a host remotely
Power Cycle a Host
$ ipmitool -H $host -v -I lanplus -U username -P <password> chassis power cycle
Example 9: Shutdown a host gracefully
Shut Down the Host Gracefully
$ ipmitool -H $host -v -I lanplus -U username -P <password> chassis power soft
Example 10: cluster management
You can use pdsh for a group of servers if you configured sshkey
PDSH_SSH_ARGS_APPEND="-i /home/trteam/.ssh/blade_center_key" pdsh -w $ibmchass -l admin "health -l a -f"
Some security concerns
There are several security issues be be considered before enabling the IPMI LAN interface. A remote station has the ability to control a system's power state as well as being able to gather certain platform information. To reduce vulnerability it is strongly advised that the IPMI LAN interface only be enabled in 'trusted' environments where system security is not an issue or where there is a dedicated secure 'management network'.
Further it is strongly advised that you should not enable IPMI for remote access without setting a password, and that that password should not be the same as any other password on that system.
When an IPMI password is changed on a remote machine with the IPMIv1.5 lan interface the new password is sent across the network as clear text. This could be observed and then used to attack the remote
system. It is thus recommended that IPMI password management only be done over IPMIv2.0 lanplus interface or the system interface on the local station.
For IPMI v1.5, the maximum password length is 16 characters. Passwords longer than 16 characters will be truncated.
For IPMI v2.0, the maximum password length is 20 characters; longer passwords are truncated.
Comments powered by CComment