ipmi сервера lenovo настройка и команды

LAN Configuration

The first IPMI LAN channel will now be configured. Thereby, the configured IP address can be accessed at the first LAN port for the server. For the default gateway, both its IP address and MAC address must be configured.

[root@sr2500 ~]# ipmitool lan set 1 ipsrc static

[root@sr2500 ~]# ipmitool lan set 1 ipaddr 192.168.1.211

Setting LAN IP Address to 192.168.1.211

[root@sr2500 ~]# ipmitool lan set 1 netmask 255.255.255.0

Setting LAN Subnet Mask to 255.255.255.0

[root@sr2500 ~]# ipmitool lan set 1 defgw ipaddr 192.168.1.254

Setting LAN Default Gateway IP to 192.168.1.254

[root@sr2500 ~]# ipmitool lan set 1 defgw macaddr 00:0e:0c:aa:8e:13

Setting LAN Default Gateway MAC to 00:0e:0c:aa:8e:13

[root@sr2500 ~]# ipmitool lan set 1 arp respond on

Enabling BMC-generated ARP responses

[root@sr2500 ~]# ipmitool lan set 1 auth ADMIN MD5

[root@sr2500 ~]# ipmitool lan set 1 access on

When configuring LANs, older versions of ipmitool would not automatically reset Set in Progress to Set Complete. This can be done manually using a raw command (regarding this, see http://www.mail-archive.com/ipmitool-devel@lists.sourceforge.net/msg00095.html)

[root@sr2500 ~]# ipmitool lan print 1

Set in Progress         : Set In Progress

[…]

[root@sr2500 ~]# ipmitool raw 0x0c 1 1 0 0

ipmitool lan print 1

You can check the configuration using ipmitool lan print 1.

[root@sr2500 ~]# ipmitool lan print 1

Set in Progress         : Set Complete

Auth Type Support       : NONE MD5 PASSWORD

Auth Type Enable        : Callback :

                        : User     :

                        : Operator :

                        : Admin    : MD5

                        : OEM      :

IP Address Source       : Static Address

IP Address              : 192.168.1.211

Subnet Mask             : 255.255.255.0

MAC Address             : 00:0e:0c:ea:92:a2

SNMP Community String   :

IP Header               : TTL=0x40 Flags=0x40 Precedence=0x00 TOS=0x10

BMC ARP Control         : ARP Responses Enabled, Gratuitous ARP Disabled

Gratituous ARP Intrvl   : 2.0 seconds

Default Gateway IP      : 192.168.1.254

Default Gateway MAC     : 00:0e:0c:aa:8e:13

Backup Gateway IP       : 0.0.0.0

Backup Gateway MAC      : 00:00:00:00:00:00

RMCP+ Cipher Suites     : None

Cipher Suite Priv Max   : XXXXXXXXXXXXXXX

                        :     X=Cipher Suite Unused

                        :     c=CALLBACK

                        :     u=USER

                        :     o=OPERATOR

                        :     a=ADMIN

                        :     O=OEM

[root@sr2500 ~]#

User Configuration

A user will now be setup with admin rights.

[root@sr2500 ~]# ipmitool user set name 2 admin

[root@sr2500 ~]# ipmitool user set password 2

Password for user 2:

Password for user 2:

[root@sr2500 ~]# ipmitool channel setaccess 1 2 link=on ipmi=on callin=on privilege=4

[root@sr2500 ~]# ipmitool user enable 2

[root@sr2500 ~]#

The server can now be controlled by this user as described in Using ipmitool for Remote Control of Servers.

Users at the USER Privilege Level

If a user should only be used for querying sensor data, a custom privilege level can be setup for that. This user then has no rights for activating or deactivating the server, for example. A user named monitor will be created for this in the following example:

[root@sr2500 ~]# ipmitool user set name 3 monitor

[root@sr2500 ~]# ipmitool user set password 3

Password for user 3:

Password for user 3:

[root@sr2500 ~]# ipmitool channel setaccess 1 3 link=on ipmi=on callin=on privilege=2

[root@sr2500 ~]# ipmitool user enable 3

[root@sr2500 ~]# ipmitool channel getaccess 1 3

Maximum User IDs     : 15

Enabled User IDs     : 2

User ID              : 3

User Name            : monitor

Fixed Name           : No

Access Available     : call-in / callback

Link Authentication  : enabled

IPMI Messaging       : enabled

Privilege Level      : USER

[root@sr2500 ~]#

The importance of the various privilege numbers will be displayed when ipmitool channel is called without any additional parameters:

[root@sr2500 ~]# ipmitool channel

Channel Commands: authcap   <channel number> <max privilege>

                  getaccess <channel number> [user id]

                  setaccess <channel number> <user id> [callin=on|off] [ipmi=on|off] [link=on|off] [privilege=level]

                  info      [channel number]

                  getciphers <ipmi | sol> [channel]

Possible privilege levels are:

   1   Callback level

   2   User level

   3   Operator level

   4   Administrator level

   5   OEM Proprietary level

  15   No access

[root@sr2500 ~]#

The user just created (named ‘monitor’) has been assigned the USER privilege level. So that LAN access is allowed for this user, you must activate MD5 authentication for LAN access for this user group (USER privilege level):

[root@sr2500 ~]# ipmitool lan set 1 auth USER MD5

[root@sr2500 ~]#

MD5 will now also be listed as User Auth Type Enable for LAN Channel 1:

[root@sr2500 ~]# ipmitool lan print 1

Set in Progress         : Set Complete

Auth Type Support       : NONE MD5 PASSWORD

Auth Type Enable        : Callback :

                        : User     : MD5

                        : Operator :

                        : Admin    : MD5

                        : OEM      :

IP Address Source       : Static Address

IP Address              : 192.168.1.211

Subnet Mask             : 255.255.255.0

MAC Address             : 00:0e:0c:ea:92:a2

SNMP Community String   :

IP Header               : TTL=0x40 Flags=0x40 Precedence=0x00 TOS=0x10

BMC ARP Control         : ARP Responses Enabled, Gratuitous ARP Disabled

Gratituous ARP Intrvl   : 2.0 seconds

Default Gateway IP      : 192.168.1.254

Default Gateway MAC     : 00:0e:0c:aa:8e:13

Backup Gateway IP       : 0.0.0.0

Backup Gateway MAC      : 00:00:00:00:00:00

RMCP+ Cipher Suites     : 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14

Cipher Suite Priv Max   : XXXXXXXXXXXXXXX

                        :     X=Cipher Suite Unused

                        :     c=CALLBACK

                        :     u=USER

                        :     o=OPERATOR

                        :     a=ADMIN

                        :     O=OEM

Запись опубликована в рубрике Lenovo, Новости, Общее. Добавьте в закладки постоянную ссылку.