[ClusterLabs] using IPMI for fencing - configuring IPMI with ipmitool - HELP
Digimer
lists at alteeve.ca
Tue Feb 28 16:05:34 EST 2017
On 28/02/17 12:39 PM, Lentes, Bernd wrote:
> Hi,
>
> i have a HP server ML 350 G9 with an ILO4 card. The riloe stonith agent does not work, i read in a book the recommendation to use the ipmi ressource agent instead.
> I'm trying to configure the respective ILO adapter with ipmitool. OMG. Ipmitool drives me crazy.
> It's a SLES 11 SP4 node. I did "/etc/init.d/ipmi start", some modules are loaded:
>
> ha-idg-1:~ # lsmod|grep -i ipmi
> ipmi_devintf 17560 0
> ipmi_si 53422 0
> ipmi_msghandler 49979 2 ipmi_devintf,ipmi_si
>
> I have a device file:
>
> ha-idg-1:~ # ll /dev/ipm*
> crw-rw---- 1 root root 246, 0 Feb 28 13:51 /dev/ipmi0
>
> What i found out/did already:
>
> For channel 2 i have two users configured:
>
> ipmitool> user list 2
> 1 Administrator true false true ADMINISTRATOR
> 2 root true false true ADMINISTRATOR
> 3 (Empty User) true false false NO ACCESS
> 4 (Empty User) true false false NO ACCESS
> 5 (Empty User) true false false NO ACCESS
> 6 (Empty User) true false false NO ACCESS
> 7 (Empty User) true false false NO ACCESS
> 8 (Empty User) true false false NO ACCESS
> 9 (Empty User) true false false NO ACCESS
> 10 (Empty User) true false false NO ACCESS
> 11 (Empty User) true false false NO ACCESS
> 12 (Empty User) true false false NO ACCESS
>
> User root has a passsword which i tested via "user test" and it was ok.
>
> Channel 2:
>
> ipmitool> channel info 2
> Channel 0x2 info:
> Channel Medium Type : 802.3 LAN
> Channel Protocol Type : IPMB-1.0
> Session Support : multi-session
> Active Session Count : 0
> Protocol Vendor ID : 7154
> Volatile(active) Settings
> Alerting : enabled
> Per-message Auth : disabled
> User Level Auth : enabled
> Access Mode : always available
> Non-Volatile Settings
> Alerting : enabled
> Per-message Auth : disabled
> User Level Auth : enabled
> Access Mode : always available
>
> ipmitool> lan print 2
> Set in Progress : Set Complete
> Auth Type Support :
> Auth Type Enable : Callback :
> : User :
> : Operator :
> : Admin :
> : OEM :
> IP Address Source : DHCP Address
> IP Address : 146.107.235.15
> Subnet Mask : 255.255.255.0
> MAC Address : 70:10:6f:47:0c:48
> SNMP Community String :
> BMC ARP Control : ARP Responses Enabled, Gratuitous ARP Disabled
> Default Gateway IP : 146.107.235.1
> 802.1q VLAN ID : Disabled
> 802.1q VLAN Priority : 0
> RMCP+ Cipher Suites : 0,1,2,3
> Cipher Suite Priv Max : XuuaXXXXXXXXXXX
> : X=Cipher Suite Unused
> : c=CALLBACK
> : u=USER
> : o=OPERATOR
> : a=ADMIN
> : O=OEM
>
> How can i grant principal access to channel 2 ?
> I tried:
>
> ipmitool> lan set 2 access on
> Set Channel Access for channel 2 failed: Unknown (0x83)
> ipmitool> lan set 2 access ON
> lan set access <on|off>
> ipmitool> lan set 2 access=ON
> lan set access <on|off>
>
> Does not seem to work.
>
> I did "lan set user 2", do not know if it's helpful.
>
> Also:
>
> ipmitool> channel authcap 2 4
> Channel number : 2
> IPMI v1.5 auth types :
> KG status : default (all zeroes)
> Per message authentication : disabled
> User level authentication : enabled
> Non-null user names exist : yes
> Null user names exist : no
> Anonymous login enabled : no
> Channel supports IPMI v1.5 : no
> Channel supports IPMI v2.0 : yes
>
> Don't know if it helps.
>
> I found https://www.thomas-krenn.com/de/wiki/IPMI_Konfiguration_unter_Linux_mittels_ipmitool (sorry, only in german):
>
> I did, as proposed:
>
> ha-idg-1:~ # ipmitool lan set 2 auth ADMIN MD5
> ha-idg-1:~ # ipmitool lan set 2 access on
> Set Channel Access for channel 2 failed: Unknown (0x83) <===== ???
>
> ha-idg-1:~ # ipmitool lan print 2
> Set in Progress : Set Complete
> Auth Type Support :
> Auth Type Enable : Callback :
> : User :
> : Operator :
> : Admin :
> : OEM :
> IP Address Source : DHCP Address
> IP Address : 146.107.235.15
> Subnet Mask : 255.255.255.0
> MAC Address : 70:10:6f:47:0c:48
> SNMP Community String :
> BMC ARP Control : ARP Responses Enabled, Gratuitous ARP Disabled
> Default Gateway IP : 146.107.235.1
> 802.1q VLAN ID : Disabled
> 802.1q VLAN Priority : 0
> RMCP+ Cipher Suites : 0,1,2,3
> Cipher Suite Priv Max : XuuaXXXXXXXXXXX
> : X=Cipher Suite Unused
> : c=CALLBACK
> : u=USER
> : o=OPERATOR
> : a=ADMIN
> : O=OEM
>
> Wtf ? Sorry, this is the first time in my carreer that i curse in a mailing list, but ipmitool really frustrates me.
> Why can't i set access to this channel ? I'm running the commands as root.
> It's ipmitool 1.8.15.
>
> Can someone help me in configuring IPMI that i can used it from the other node to fence this node ?
>
> Big Thanks in advance.
>
>
> Bernd
Would this help?
https://www.alteeve.com/w/AN!Cluster_Tutorial_2#What_is_IPMI
It covers configuring the IPMI BMC using ipmitool and then testing
fence_ipmilan. The part about configuring in rgmanager won't be of use,
but once you have the command line fence_ipmilan call working, you're
95% done.
digimer
--
Digimer
Papers and Projects: https://alteeve.com/w/
"I am, somehow, less interested in the weight and convolutions of
Einstein’s brain than in the near certainty that people of equal talent
have lived and died in cotton fields and sweatshops." - Stephen Jay Gould
More information about the Users
mailing list