[ClusterLabs] using IPMI for fencing - configuring IPMI with ipmitool - HELP
Lentes, Bernd
bernd.lentes at helmholtz-muenchen.de
Tue Feb 28 12:39:22 EST 2017
Hi,
i have a HP server ML 350 G9 with an ILO4 card. The riloe stonith agent does not work, i read in a book the recommendation to use the ipmi ressource agent instead.
I'm trying to configure the respective ILO adapter with ipmitool. OMG. Ipmitool drives me crazy.
It's a SLES 11 SP4 node. I did "/etc/init.d/ipmi start", some modules are loaded:
ha-idg-1:~ # lsmod|grep -i ipmi
ipmi_devintf 17560 0
ipmi_si 53422 0
ipmi_msghandler 49979 2 ipmi_devintf,ipmi_si
I have a device file:
ha-idg-1:~ # ll /dev/ipm*
crw-rw---- 1 root root 246, 0 Feb 28 13:51 /dev/ipmi0
What i found out/did already:
For channel 2 i have two users configured:
ipmitool> user list 2
1 Administrator true false true ADMINISTRATOR
2 root true false true ADMINISTRATOR
3 (Empty User) true false false NO ACCESS
4 (Empty User) true false false NO ACCESS
5 (Empty User) true false false NO ACCESS
6 (Empty User) true false false NO ACCESS
7 (Empty User) true false false NO ACCESS
8 (Empty User) true false false NO ACCESS
9 (Empty User) true false false NO ACCESS
10 (Empty User) true false false NO ACCESS
11 (Empty User) true false false NO ACCESS
12 (Empty User) true false false NO ACCESS
User root has a passsword which i tested via "user test" and it was ok.
Channel 2:
ipmitool> channel info 2
Channel 0x2 info:
Channel Medium Type : 802.3 LAN
Channel Protocol Type : IPMB-1.0
Session Support : multi-session
Active Session Count : 0
Protocol Vendor ID : 7154
Volatile(active) Settings
Alerting : enabled
Per-message Auth : disabled
User Level Auth : enabled
Access Mode : always available
Non-Volatile Settings
Alerting : enabled
Per-message Auth : disabled
User Level Auth : enabled
Access Mode : always available
ipmitool> lan print 2
Set in Progress : Set Complete
Auth Type Support :
Auth Type Enable : Callback :
: User :
: Operator :
: Admin :
: OEM :
IP Address Source : DHCP Address
IP Address : 146.107.235.15
Subnet Mask : 255.255.255.0
MAC Address : 70:10:6f:47:0c:48
SNMP Community String :
BMC ARP Control : ARP Responses Enabled, Gratuitous ARP Disabled
Default Gateway IP : 146.107.235.1
802.1q VLAN ID : Disabled
802.1q VLAN Priority : 0
RMCP+ Cipher Suites : 0,1,2,3
Cipher Suite Priv Max : XuuaXXXXXXXXXXX
: X=Cipher Suite Unused
: c=CALLBACK
: u=USER
: o=OPERATOR
: a=ADMIN
: O=OEM
How can i grant principal access to channel 2 ?
I tried:
ipmitool> lan set 2 access on
Set Channel Access for channel 2 failed: Unknown (0x83)
ipmitool> lan set 2 access ON
lan set access <on|off>
ipmitool> lan set 2 access=ON
lan set access <on|off>
Does not seem to work.
I did "lan set user 2", do not know if it's helpful.
Also:
ipmitool> channel authcap 2 4
Channel number : 2
IPMI v1.5 auth types :
KG status : default (all zeroes)
Per message authentication : disabled
User level authentication : enabled
Non-null user names exist : yes
Null user names exist : no
Anonymous login enabled : no
Channel supports IPMI v1.5 : no
Channel supports IPMI v2.0 : yes
Don't know if it helps.
I found https://www.thomas-krenn.com/de/wiki/IPMI_Konfiguration_unter_Linux_mittels_ipmitool (sorry, only in german):
I did, as proposed:
ha-idg-1:~ # ipmitool lan set 2 auth ADMIN MD5
ha-idg-1:~ # ipmitool lan set 2 access on
Set Channel Access for channel 2 failed: Unknown (0x83) <===== ???
ha-idg-1:~ # ipmitool lan print 2
Set in Progress : Set Complete
Auth Type Support :
Auth Type Enable : Callback :
: User :
: Operator :
: Admin :
: OEM :
IP Address Source : DHCP Address
IP Address : 146.107.235.15
Subnet Mask : 255.255.255.0
MAC Address : 70:10:6f:47:0c:48
SNMP Community String :
BMC ARP Control : ARP Responses Enabled, Gratuitous ARP Disabled
Default Gateway IP : 146.107.235.1
802.1q VLAN ID : Disabled
802.1q VLAN Priority : 0
RMCP+ Cipher Suites : 0,1,2,3
Cipher Suite Priv Max : XuuaXXXXXXXXXXX
: X=Cipher Suite Unused
: c=CALLBACK
: u=USER
: o=OPERATOR
: a=ADMIN
: O=OEM
Wtf ? Sorry, this is the first time in my carreer that i curse in a mailing list, but ipmitool really frustrates me.
Why can't i set access to this channel ? I'm running the commands as root.
It's ipmitool 1.8.15.
Can someone help me in configuring IPMI that i can used it from the other node to fence this node ?
Big Thanks in advance.
Bernd
--
Bernd Lentes
Systemadministration
institute of developmental genetics
Gebäude 35.34 - Raum 208
HelmholtzZentrum München
bernd.lentes at helmholtz-muenchen.de
phone: +49 (0)89 3187 1241
fax: +49 (0)89 3187 2294
Erst wenn man sich auf etwas festlegt kann man Unrecht haben
Scott Adams
Helmholtz Zentrum Muenchen
Deutsches Forschungszentrum fuer Gesundheit und Umwelt (GmbH)
Ingolstaedter Landstr. 1
85764 Neuherberg
www.helmholtz-muenchen.de
Aufsichtsratsvorsitzende: MinDir'in Baerbel Brumme-Bothe
Geschaeftsfuehrer: Prof. Dr. Guenther Wess, Heinrich Bassler, Dr. Alfons Enhsen
Registergericht: Amtsgericht Muenchen HRB 6466
USt-IdNr: DE 129521671
More information about the Users
mailing list