[ClusterLabs] Antw: using IPMI for fencing - configuring IPMI with ipmitool - HELP
Ulrich Windl
Ulrich.Windl at rz.uni-regensburg.de
Wed Mar 1 04:20:55 EST 2017
>>> "Lentes, Bernd" <bernd.lentes at helmholtz-muenchen.de> schrieb am 28.02.2017
um
18:39 in Nachricht
<476524732.41182296.1488303562492.JavaMail.zimbra at helmholtz-muenchen.de>:
> Hi,
>
> i have a HP server ML 350 G9 with an ILO4 card. The riloe stonith agent does
> not work, i read in a book the recommendation to use the ipmi ressource
agent
> instead.
Why don't you use SBD (as recommended)?
> I'm trying to configure the respective ILO adapter with ipmitool. OMG.
> Ipmitool drives me crazy.
> It's a SLES 11 SP4 node. I did "/etc/init.d/ipmi start", some modules are
> loaded:
>
> ha-idg-1:~ # lsmod|grep -i ipmi
> ipmi_devintf 17560 0
> ipmi_si 53422 0
> ipmi_msghandler 49979 2 ipmi_devintf,ipmi_si
>
> I have a device file:
>
> ha-idg-1:~ # ll /dev/ipm*
> crw-rw---- 1 root root 246, 0 Feb 28 13:51 /dev/ipmi0
>
> What i found out/did already:
>
> For channel 2 i have two users configured:
>
> ipmitool> user list 2
> 1 Administrator true false true ADMINISTRATOR
> 2 root true false true ADMINISTRATOR
> 3 (Empty User) true false false NO ACCESS
> 4 (Empty User) true false false NO ACCESS
> 5 (Empty User) true false false NO ACCESS
> 6 (Empty User) true false false NO ACCESS
> 7 (Empty User) true false false NO ACCESS
> 8 (Empty User) true false false NO ACCESS
> 9 (Empty User) true false false NO ACCESS
> 10 (Empty User) true false false NO ACCESS
> 11 (Empty User) true false false NO ACCESS
> 12 (Empty User) true false false NO ACCESS
>
> User root has a passsword which i tested via "user test" and it was ok.
>
> Channel 2:
>
> ipmitool> channel info 2
> Channel 0x2 info:
> Channel Medium Type : 802.3 LAN
> Channel Protocol Type : IPMB-1.0
> Session Support : multi-session
> Active Session Count : 0
> Protocol Vendor ID : 7154
> Volatile(active) Settings
> Alerting : enabled
> Per-message Auth : disabled
> User Level Auth : enabled
> Access Mode : always available
> Non-Volatile Settings
> Alerting : enabled
> Per-message Auth : disabled
> User Level Auth : enabled
> Access Mode : always available
>
> ipmitool> lan print 2
> Set in Progress : Set Complete
> Auth Type Support :
> Auth Type Enable : Callback :
> : User :
> : Operator :
> : Admin :
> : OEM :
> IP Address Source : DHCP Address
> IP Address : 146.107.235.15
> Subnet Mask : 255.255.255.0
> MAC Address : 70:10:6f:47:0c:48
> SNMP Community String :
> BMC ARP Control : ARP Responses Enabled, Gratuitous ARP Disabled
> Default Gateway IP : 146.107.235.1
> 802.1q VLAN ID : Disabled
> 802.1q VLAN Priority : 0
> RMCP+ Cipher Suites : 0,1,2,3
> Cipher Suite Priv Max : XuuaXXXXXXXXXXX
> : X=Cipher Suite Unused
> : c=CALLBACK
> : u=USER
> : o=OPERATOR
> : a=ADMIN
> : O=OEM
>
> How can i grant principal access to channel 2 ?
> I tried:
>
> ipmitool> lan set 2 access on
> Set Channel Access for channel 2 failed: Unknown (0x83)
> ipmitool> lan set 2 access ON
> lan set access <on|off>
> ipmitool> lan set 2 access=ON
> lan set access <on|off>
>
> Does not seem to work.
>
> I did "lan set user 2", do not know if it's helpful.
>
> Also:
>
> ipmitool> channel authcap 2 4
> Channel number : 2
> IPMI v1.5 auth types :
> KG status : default (all zeroes)
> Per message authentication : disabled
> User level authentication : enabled
> Non-null user names exist : yes
> Null user names exist : no
> Anonymous login enabled : no
> Channel supports IPMI v1.5 : no
> Channel supports IPMI v2.0 : yes
>
> Don't know if it helps.
>
> I found
>
https://www.thomas-krenn.com/de/wiki/IPMI_Konfiguration_unter_Linux_mittels_i
> pmitool (sorry, only in german):
>
> I did, as proposed:
>
> ha-idg-1:~ # ipmitool lan set 2 auth ADMIN MD5
> ha-idg-1:~ # ipmitool lan set 2 access on
> Set Channel Access for channel 2 failed: Unknown (0x83) <===== ???
>
> ha-idg-1:~ # ipmitool lan print 2
> Set in Progress : Set Complete
> Auth Type Support :
> Auth Type Enable : Callback :
> : User :
> : Operator :
> : Admin :
> : OEM :
> IP Address Source : DHCP Address
> IP Address : 146.107.235.15
> Subnet Mask : 255.255.255.0
> MAC Address : 70:10:6f:47:0c:48
> SNMP Community String :
> BMC ARP Control : ARP Responses Enabled, Gratuitous ARP Disabled
> Default Gateway IP : 146.107.235.1
> 802.1q VLAN ID : Disabled
> 802.1q VLAN Priority : 0
> RMCP+ Cipher Suites : 0,1,2,3
> Cipher Suite Priv Max : XuuaXXXXXXXXXXX
> : X=Cipher Suite Unused
> : c=CALLBACK
> : u=USER
> : o=OPERATOR
> : a=ADMIN
> : O=OEM
>
> Wtf ? Sorry, this is the first time in my carreer that i curse in a mailing
> list, but ipmitool really frustrates me.
> Why can't i set access to this channel ? I'm running the commands as root.
> It's ipmitool 1.8.15.
>
> Can someone help me in configuring IPMI that i can used it from the other
> node to fence this node ?
>
> Big Thanks in advance.
>
>
> Bernd
>
> --
> Bernd Lentes
>
> Systemadministration
> institute of developmental genetics
> Gebäude 35.34 - Raum 208
> HelmholtzZentrum München
> bernd.lentes at helmholtz-muenchen.de
> phone: +49 (0)89 3187 1241
> fax: +49 (0)89 3187 2294
>
> Erst wenn man sich auf etwas festlegt kann man Unrecht haben
> Scott Adams
>
>
> Helmholtz Zentrum Muenchen
> Deutsches Forschungszentrum fuer Gesundheit und Umwelt (GmbH)
> Ingolstaedter Landstr. 1
> 85764 Neuherberg
> www.helmholtz-muenchen.de
> Aufsichtsratsvorsitzende: MinDir'in Baerbel Brumme-Bothe
> Geschaeftsfuehrer: Prof. Dr. Guenther Wess, Heinrich Bassler, Dr. Alfons
> Enhsen
> Registergericht: Amtsgericht Muenchen HRB 6466
> USt-IdNr: DE 129521671
>
>
> _______________________________________________
> Users mailing list: Users at clusterlabs.org
> http://lists.clusterlabs.org/mailman/listinfo/users
>
> Project Home: http://www.clusterlabs.org
> Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> Bugs: http://bugs.clusterlabs.org
More information about the Users
mailing list