[ClusterLabs] using IPMI for fencing - configuring IPMI with ipmitool - HELP

Lentes, Bernd bernd.lentes at helmholtz-muenchen.de
Tue Feb 28 12:39:22 EST 2017


Hi,

i have a HP server ML 350 G9 with an ILO4 card. The riloe stonith agent does not work, i read in a book the recommendation to use the ipmi ressource agent instead.
I'm trying to configure the respective ILO adapter with ipmitool. OMG. Ipmitool drives me crazy.
It's a SLES 11 SP4 node. I did "/etc/init.d/ipmi start", some modules are loaded:

ha-idg-1:~ # lsmod|grep -i ipmi
ipmi_devintf           17560  0
ipmi_si                53422  0
ipmi_msghandler        49979  2 ipmi_devintf,ipmi_si

I have a device file:

ha-idg-1:~ # ll /dev/ipm*
crw-rw---- 1 root root 246, 0 Feb 28 13:51 /dev/ipmi0

What i found out/did already:

For channel 2 i have two users configured:

ipmitool> user list 2
1   Administrator    true    false      true       ADMINISTRATOR
2   root             true    false      true       ADMINISTRATOR
3   (Empty User)     true    false      false      NO ACCESS
4   (Empty User)     true    false      false      NO ACCESS
5   (Empty User)     true    false      false      NO ACCESS
6   (Empty User)     true    false      false      NO ACCESS
7   (Empty User)     true    false      false      NO ACCESS
8   (Empty User)     true    false      false      NO ACCESS
9   (Empty User)     true    false      false      NO ACCESS
10  (Empty User)     true    false      false      NO ACCESS
11  (Empty User)     true    false      false      NO ACCESS
12  (Empty User)     true    false      false      NO ACCESS

User root has a passsword which i tested via "user test" and it was ok.

Channel 2:

ipmitool> channel info 2
Channel 0x2 info:
  Channel Medium Type   : 802.3 LAN
  Channel Protocol Type : IPMB-1.0
  Session Support       : multi-session
  Active Session Count  : 0
  Protocol Vendor ID    : 7154
  Volatile(active) Settings
    Alerting            : enabled
    Per-message Auth    : disabled
    User Level Auth     : enabled
    Access Mode         : always available
  Non-Volatile Settings
    Alerting            : enabled
    Per-message Auth    : disabled
    User Level Auth     : enabled
    Access Mode         : always available

ipmitool> lan print 2
Set in Progress         : Set Complete
Auth Type Support       :
Auth Type Enable        : Callback :
                        : User     :
                        : Operator :
                        : Admin    :
                        : OEM      :
IP Address Source       : DHCP Address
IP Address              : 146.107.235.15
Subnet Mask             : 255.255.255.0
MAC Address             : 70:10:6f:47:0c:48
SNMP Community String   :
BMC ARP Control         : ARP Responses Enabled, Gratuitous ARP Disabled
Default Gateway IP      : 146.107.235.1
802.1q VLAN ID          : Disabled
802.1q VLAN Priority    : 0
RMCP+ Cipher Suites     : 0,1,2,3
Cipher Suite Priv Max   : XuuaXXXXXXXXXXX
                        :     X=Cipher Suite Unused
                        :     c=CALLBACK
                        :     u=USER
                        :     o=OPERATOR
                        :     a=ADMIN
                        :     O=OEM

How can i grant principal access to channel 2 ?
I tried:

ipmitool> lan set 2 access on
Set Channel Access for channel 2 failed: Unknown (0x83)
ipmitool> lan set 2 access ON
lan set access <on|off>
ipmitool> lan set 2 access=ON
lan set access <on|off>

Does not seem to work.

I did "lan set user 2", do not know if it's helpful.

Also:

ipmitool> channel authcap 2 4
Channel number             : 2
IPMI v1.5  auth types      :
KG status                  : default (all zeroes)
Per message authentication : disabled
User level authentication  : enabled
Non-null user names exist  : yes
Null user names exist      : no
Anonymous login enabled    : no
Channel supports IPMI v1.5 : no
Channel supports IPMI v2.0 : yes

Don't know if it helps.

I found https://www.thomas-krenn.com/de/wiki/IPMI_Konfiguration_unter_Linux_mittels_ipmitool (sorry, only in german):

I did, as proposed:

ha-idg-1:~ # ipmitool lan set 2 auth ADMIN MD5
ha-idg-1:~ # ipmitool lan set 2 access on
Set Channel Access for channel 2 failed: Unknown (0x83)   <===== ???

ha-idg-1:~ # ipmitool lan print 2
Set in Progress         : Set Complete
Auth Type Support       :
Auth Type Enable        : Callback :
                        : User     :
                        : Operator :
                        : Admin    :
                        : OEM      :
IP Address Source       : DHCP Address
IP Address              : 146.107.235.15
Subnet Mask             : 255.255.255.0
MAC Address             : 70:10:6f:47:0c:48
SNMP Community String   :
BMC ARP Control         : ARP Responses Enabled, Gratuitous ARP Disabled
Default Gateway IP      : 146.107.235.1
802.1q VLAN ID          : Disabled
802.1q VLAN Priority    : 0
RMCP+ Cipher Suites     : 0,1,2,3
Cipher Suite Priv Max   : XuuaXXXXXXXXXXX
                        :     X=Cipher Suite Unused
                        :     c=CALLBACK
                        :     u=USER
                        :     o=OPERATOR
                        :     a=ADMIN
                        :     O=OEM

Wtf ? Sorry, this is the first time in my carreer that i curse in a mailing list, but ipmitool really frustrates me.
Why can't i set access to this channel ? I'm running the commands as root.
It's ipmitool 1.8.15.

Can someone help me in configuring IPMI that i can used it from the other node to fence this node ?

Big Thanks in advance.


Bernd

-- 
Bernd Lentes 

Systemadministration 
institute of developmental genetics 
Gebäude 35.34 - Raum 208 
HelmholtzZentrum München 
bernd.lentes at helmholtz-muenchen.de 
phone: +49 (0)89 3187 1241 
fax: +49 (0)89 3187 2294 

Erst wenn man sich auf etwas festlegt kann man Unrecht haben 
Scott Adams
 

Helmholtz Zentrum Muenchen
Deutsches Forschungszentrum fuer Gesundheit und Umwelt (GmbH)
Ingolstaedter Landstr. 1
85764 Neuherberg
www.helmholtz-muenchen.de
Aufsichtsratsvorsitzende: MinDir'in Baerbel Brumme-Bothe
Geschaeftsfuehrer: Prof. Dr. Guenther Wess, Heinrich Bassler, Dr. Alfons Enhsen
Registergericht: Amtsgericht Muenchen HRB 6466
USt-IdNr: DE 129521671





More information about the Users mailing list