1、关于ipmi
IPMI,即智能平台管理接口(Intelligent Platform Management Interface),IPMI的核心是一个专用芯片/控制器(BMC),独立于操作系统、BIOS和处理器,因此属于带外管理设备。正是因为如此,我们可以通过BMC来控制或者获取系统的各种信息,而不需要关注系统是否正常。比如,系统卡住了,可以通过ipmi reset系统,而不需要跑到机房断电;系统无法登录也可以远程屏幕查看是什么问题。
2、使用ipmi
如果要正常使用ipmi需要IPMI驱动和ipmitool,
其中驱动包含以下几个:
[root@localhost ipmi]# ls
ipmi_devintf.ko ipmi_msghandler.ko ipmi_poweroff.ko ipmi_si.ko ipmi_watchdog.ko
[root@localhost ipmi]# rpm -qf ipmi_devintf.ko
kernel-2.6.32-504.16.2.el6.x86_64
一般内核都会携带,但是默认只会加载其中四个,
[root@localhost ipmi]# lsmod | grep ipmi
ipmi_si 44751 2
ipmi_poweroff 8532 0
ipmi_watchdog 17874 0
ipmi_msghandler 38701 3 ipmi_si,ipmi_poweroff,ipmi_watchdog
在我们使用ipmi服务时,还需要启动该服务,才会加载完整的这5个ko,
[root@localhost ipmi]# service ipmi start
Starting ipmi drivers: [ OK ]
[root@localhost ipmi]# lsmod | grep ipmi
ipmi_devintf 7729 0
ipmi_si 44751 2
ipmi_poweroff 8532 0
ipmi_watchdog 17874 0
ipmi_msghandler 38701 4 ipmi_devintf,ipmi_si,ipmi_poweroff,ipmi_watchdog
除此之外,我们还需要安装ipmi相关工具包,
[root@localhost ipmi]# rpm -qa | grep -i ipmi
OpenIPMI-libs-2.0.16-14.el6.x86_64
ipmitool-1.8.11-16.el6.x86_64
OpenIPMI-2.0.16-14.el6.x86_64
3、配置ipmi
上面说过ipmi核心是一块专用的控制器,因此和一个独立系统类似,所以它也需要ip、用户、密码等。下面我们来一步步配置ipmi信息。
1. 通道配置
- 确认设备ipmi使用的通道
[root@localhost ipmi]# ipmitool lan print 1
Set in Progress : Set Complete
Auth Type Support : MD5 PASSWORD
...
如果能显示以上信息,说明该通道是可用的,否则会输出以下报错,
[root@localhost ipmi]# ipmitool lan print 4
Invalid channel: 4
不同型号设备通道各不相同,但大部分默认都是1通道。
- 使能该通道,以下均以通道1为例
ipmitool -I open lan set 1 access on
2、网络配置
- 设置通道ip为静态ip,并设置ip地址,掩码,网关
ipmitool -I open lan set 1 ipsrc static
ipmitool -I open lan set 1 ipaddr ${IP}
ipmitool -I open lan set 1 netmask ${MASK}
ipmitool -I open lan set 1 defgw ipaddr ${GATEWAY}
- 设置ipmi网卡响应arp请求,以及开启免费arp并设置arp发送间隔为1s
ipmitool -I open lan set 1 arp respond on
ipmitool -I open lan set 1 arp generate on
ipmitool -I open lan set 1 arp interval 1
3、用户配置
- 为该通道使能默认用户
ipmitool -I open lan set 1 user
- 设置ipmi用户名和密码,权限等,以用户id 2 为例
ipmitool -I open user enable 2 #使能用户id 2
ipmitool -I open user set name 2 ${USERNAME} #设置用户名
ipmitool -I open user set password 2 ${PASSWORD} #设置密码
ipmitool -I open channel setaccess 1 2 callin=on ipmi=on link=on privilege=4
ipmitool -I open user priv 1 4 2 #设置用户权限
ipmitool -I open user test 2 16 ${PASSWORD} #测试密码是否生效
4、SOL相关配置
- 使能通道id的payload功能,我理解就是携带数据
ipmitool -I open sol payload enable 1 2
- 使能通道sol(Serial Over LAN)功能,也就是远程查看屏幕
ipmitool -I open sol set enabled true 1
- 设置通道串口波特率
ipmitool -I open sol set non-volatile-bit-rate 115.2 1
ipmitool -I open sol set volatile-bit-rate 115.2 1
波特率有9.6 | 19.2 | 38.4 | 57.6 | 115.2(单位k)几种,大部分都是115200。
5、认证相关配置
- 设置通道密码优先等级
ipmitool -I open lan set 1 cipher_privs aaaaaaaaaaaaaaa
- 设置通道admin认证类型为password,即密码认证
ipmitool -I open lan set 1 auth ADMIN PASSWORD
- 设置snmp的community string,相当于snmp密码,默认为public
ipmitool -I open lan set 1 snmp public
4、命令参数详解
- ipmitool -I open lan set
[root@localhost ks]# ipmitool -I open lan set
usage: lan set <channel> <command> <parameter>
LAN set command/parameter options:
ipaddr <x.x.x.x> Set channel IP address
netmask <x.x.x.x> Set channel IP netmask
defgw ipaddr <x.x.x.x> Set default gateway IP address
snmp <community string> Set SNMP public community string
access <on|off> Enable or disable access to this channel
arp respond <on|off> Enable or disable BMC ARP responding
arp generate <on|off> Enable or disable BMC gratuitous ARP generation
arp interval <seconds> Set gratuitous ARP generation interval
auth <level> <type,..> Set channel authentication types
level = CALLBACK, USER, OPERATOR, ADMIN
type = NONE, MD2, MD5, PASSWORD, OEM
ipsrc <source> Set IP Address source
none = unspecified source
static = address manually configured to be static
dhcp = address obtained by BMC running DHCP
bios = address loaded by BIOS or system software
cipher_privs XXXXXXXXXXXXXXX Set RMCP+ cipher suite privilege levels
X = Cipher Suite Unused
c = CALLBACK
u = USER
o = OPERATOR
a = ADMIN
O = OEM
- ipmitool -I open user
[root@localhost ks]# ipmitool -I open user
User Commands:
list [<channel number>]
set name <user id> <username>
set password <user id> [<password>]
disable <user id>
enable <user id>
priv <user id> <privilege level> [<channel number>]
test <user id> <16|20> [<password]>
- ipmitool -I open sol
[root@localhost ks]# ipmitool -I open sol
SOL Commands: set <parameter> <value> [channel]
payload <enable|disable|status> [channel] [userid]
activate [<usesolkeepalive|nokeepalive>] [instance=<number>]
deactivate [instance=<number>]
[root@localhost ks]# ipmitool -I open sol set
SOL set parameters and values:
enabled true | false
non-volatile-bit-rate serial | 9.6 | 19.2 | 38.4 | 57.6 | 115.2
volatile-bit-rate serial | 9.6 | 19.2 | 38.4 | 57.6 | 115.2
- ipmitool -I open channel
[root@localhost ks]# ipmitool -I open channel
Channel Commands: setaccess <channel number> <user id> [callin=on|off] [ipmi=on|off] [link=on|off] [privilege=level]
Possible privilege levels are:
1 Callback level
2 User level
3 Operator level
4 Administrator level
5 OEM Proprietary level
15 No access
5、常用命令
1. 查看机箱电源状态:
ipmitool -I lanplus -H (IP) -U (用户名) -P (密码) power status
2. 开机:
ipmitool -I lanplus -H (IP) -U (用户名) -P (密码) power on
3. 关机:
ipmitool -I lanplus -H (IP) -U (用户名) -P (密码) power off
4. 重启机器:
ipmitool -I lanplus -H (IP) -U (用户名) -P (密码) power reset
5. pxe安装系统:
ipmitool -I lanplus -H (IP) -U (用户名) -P (密码) chassis bootdev pxe
6. 远程查看屏幕:
ipmitool -I lanplus -H (IP) -U (用户名) -P (密码) sol activate
7. 关闭当前远程查看屏幕的会话:
ipmitool -I lanplus -H (IP) -U (用户名) -P (密码) sol deactivate
8. 查看机器重启原因:
ipmitool -I open chassis restart_cause
6、常见问题
1、通道不可用
有时候即使ipmitool lan print能查看该通道信息,也无法使用,可以尝试其他通道,比如,2,3,8
2、ipmi服务无法启动
可尝试断电设备几分钟,如果还是无法启动,大概率BMC设备固件异常
3、密码无效
有些设备ipmi密码需要带特殊字符
4、用户名无效
有些设备对用户名有要求,可尝试root,admin,Admin,Administrator
5、snmp community string不一致
有些设备snmp community string不一致会导致ipmi无法通信,因此建议都设置为统一的字符串
6、kipmi0进程CPU跑高
设置ipmi相关模块参数,disable kipmi0进程,或者降低CPU使用率,
echo -e "options ipmi_si force_kipmid=0\noptions ipmi_si kipmid_max_busy_us=100" > /etc/modprobe.d/ipmi.conf
[root@localhost ks]# modinfo ipmi_si | grep -E "force_kipmid|kipmid_max_busy_us"
parm: force_kipmid:Force the kipmi daemon to be enabled (1) or disabled(0). Normally the IPMI driver auto-detects this, but the value may be overridden by this parm. (array of int)
parm: kipmid_max_busy_us:Max time (in microseconds) to busy-wait for IPMI data before sleeping. 0 (default) means to wait forever. Set to 100-500 if kipmid is using up a lot of CPU time. (array of uint)