IPMI Analyse mit openipmish

Aus Thomas-Krenn-Wiki
Wechseln zu: Navigation, Suche

IPMI bietet umfangreiche Möglichkeiten zur Hardware-Überwachung. Mit dem Linux ipmitool können Sie Sensoren abfragen, Server remote einschalten oder auch IPMI konfigurieren. Für eine detaillierte Analyse bzw. für ein ausführliches Debugging eignet sich allerdings ein weiteres Tool. In diesem Artikel beschreiben wir wie Sie unter Linux mit openipmish IPMI im Detail analysieren. Ein konkretes Beispiel finden Sie im Artikel Detaillierte Analyse eines IPMI Sensors.

Installation

openipmish ist Bestandteil von OpenIPMI, das bereits bei den meisten Linux Distributionen direkt enthalten ist. Unter Debian/Ubuntu installieren Sie OpenIPMI einfach mit

apt-get install openipmi

Grundlagen

openipmish ist ein Shell Interface zu einem IPMI System. Hilfetexte zur Bedienung und den Funktionen bekommen Sie direkt nach dem Start von openipmish mit dem Kommando help:

user@ubuntu:~$ openipmish 
> help
help
  domain - Commands dealing with domains
  con - Commands dealing with connections
  entity - Commands dealing with entities
  mc - Commands dealing with MCs
  pet - Commands dealing with Platform Event Traps (PETs)
  lanparm - Commands dealing with LAN Parameters (lanparms)
  solparm - Commands dealing with SOL Parameters (solparms)
  fru - Commands dealing with FRUs
  pef - Commands dealing with PEF Parameters (pefs)
  sensor - Commands dealing with sensors
  control - Commands dealing with controls
  sel - Commands dealing with the SEL
  evinfo true | false - Enable/disable printing info about the object when an
    event is reported on it (such as entity info, domain info, etc.)
  debug <type> true | false -  Turn on/off the specific debugging.  The
    debugging types are: msg, rawmsg, events, con0, con1, con2, con3.  This is
    primarily for designers of OpenIPMI trying to debug problems.
  redisp_cmd on|off - If an asynchronous event comes in, redisplay the current
    working command.  This is on by default.
  exit - leave the program
  read <file> - Read commands from the file and execute them
> 

Verbindung zu einem IPMI BMC aufbauen

Eine Verbindung zu einem IPMI BMC können Sie über das domain Unterkommando aufbauen. Im folgenden Beispiel zeigen wir eine Verbindung über einen IPMI LAN Channel:

> domain list
Domains
> domain open dom1 lan -U ADMIN -P ADMIN 10.10.10.75
Event
  Object Type: Domain
  Name: dom1
  Operation: Add
> INFO: dom1 0 ipmi_lan.c(connection_up): Connection 0 to the BMC is up
INFO: dom1 0 ipmi_lan.c(connection_up): Connection to the BMC restored
Event
  Object Type: Domain
  Name: dom1
  Operation: Connection Change
  Connection Number: 0
  Port Number: 0
  Any Connection Up: true
  Error: 0
Domain Created: dom1

Event
  Object Type: Domain
  Name: dom1
  Operation: Connection Change
  Connection Number: 0
  Port Number: 0
  Any Connection Up: true
  Error: 0

Event
  Object Type: MC
  Name: dom1(0.20)
  Operation: Add
[...]
Event
  Object Type: MC
  Name: dom1(0.20)
  Operation: Change
[...]
Event
  Object Type: MC
  Name: dom1(0.20)
  Operation: Active Changed
  Active: true
[...]
Event
  Object Type: MC
  Name: dom1(0.20)
  Operation: Fully Up

Event
  Object Type: Domain
  Domain: dom1
  Operation: Domain fully up
> 

Die Domain steht nun zur Verfügung:

> domain list
Domains
  Name: dom1
> 

weitere Optionen

Mit dem Unterkommando help domain bekommen Sie ausführliche Informationen zu den möglichen Optionen für einen Verbindungsaufbau:

> help domain
domain - Commands dealing with domains
  list - List all the domains in the system
  info <domain> - Dump information about a domain
  new Obsolete, use domain open
  open <domain name> [<options>] <domain parms> [<domain parms>]- Set up a new
    domain using an argument parser.  Format for the connection's <domain parms>
    depends on the connections type.  Two connections (to two different MCs) can
    be done by specifying two sets of parms. Connections types are:
  smi 
     smi <num>
    where the <num> is the IPMI device number to connect to.
  lan 
     lan [-U <username>] [-P <password>] [-p[2] port] [-A <authtype>]
         [-L <privilege>] [-s] [-Ra <auth alg>] [-Ri <integ alg>]
         [-Rc <conf algo>] [-Rl] [-Rk <bmc key>] [-H <hackname>]
         [-M <max outstanding msgs>] <host1> [<host2>]
    If -s is supplied, then two host names are taken (the second port
    may be specified with -p2).  Otherwise, only one hostname is
    taken.  The defaults are an empty username and password (anonymous),
    port 623, admin privilege, and authtype defaulting to the most
    secure one available.
    privilege is one of: callback, user, operator, admin, or oem.  These
    select the specific commands that are available to the connection.
    Higher privileges (ones further to the right in the above list) have
    more commands available to them.
    authtype is one of the following: rmcp+, md5, md2, straight, or none.
    Setting this to anything but rmcp+ forces normal rmcp
    authentication.  By default the most secure method available is
    chosen, in the order given above.
    For RMCP+ connections, the authentication algorithms supported (-Ra)
    are: bmcpick, rakp_none, rakp_hmac_sha1, and rakp_hmac_md5.  The
    integrity algorithms (-Ri) supported are: bmcpick, none, hmac_sha1,
    hmac_md5, and md5.  The confidentiality algorithms (-Rc) are: bmcpick,
    aes_cbc_128, xrc4_128, and xrc_40.  The defaults are
    rackp_hmac_sha1, hmac_sha1, and aes_cb_128.  -Rl turns on lookup up
    names by the name and the privilege level (allowing the same name with
    different privileges and different passwords), the default is straight
    name lookup.  -Rk sets the BMC key, needed if the system does two-key
    lookups.  The -M option sets the maximum outstanding messages.
    The default is 2, ranges 1-63.
    The -H option enables certain hacks for broken platforms.  This may
    be listed multiple times to enable multiple hacks.  The currently
    available hacks are:
      intelplus - For Intel platforms that have broken RMCP+.
      rakp3_wrong_rolem - For systems that truncate role(m) in the RAKP3 msg.
      rmcpp_integ_sik - For systems that use SIK instead of K(1) for integrity.
  Options are:
 -[no]all - all automatic handling
    -[no]sdrs - sdr fetching
    -[no]frus - FRU fetching
    -[no]sel - SEL fetching
    -[no]ipmbscan - IPMB bus scanning
    -[no]oeminit - special OEM processing (like ATCA)
    -[no]seteventrcvr - setting event receivers
    -[no]activate - connection activation
    -[no]localonly - Just talk to the local BMC, (ATCA-only, for blades)
    -wait_til_up - wait until the domain is up before returning
  close <domain> - Close the domain
  fru <domain> <is_logical> <device_address> <device_id> <lun> <private_bus>
    <channel> - Fetch FRU data with the given parms
  msg <domain> <channel> <ipmb> <LUN> <NetFN> <command> [data...] - Send a
    message to the given address
  scan <domain> <channel> <ipmb addr> [ipmb addr] - scan an IPMB to add or
    remove it. If a range is given, then scan all IPMBs in the range
  presence <domain> - Check the presence of all entities in the domain
  sel_rescan_time <domain> <time in seconds> - Set the time between SEL rescans
    for all SELs in the domain.  Zero disables scans.
  rescan_sels <domain> - Rescan all the SELs in the domain
  ipmb_rescan_time <domain> <time in seconds> - Set the time between IPMB
    rescans for this domain.  zero disables scans.
  stats <domain> - Dump all the domain's statistics
> 

mc Operationen

mc list

> mc list
Domain
  Name: dom1
  MCs
    Name: dom1(0.20)
> 

mc info

> mc info dom1(0.20)
MC
  Name: dom1(0.20)
  Active: true
  GUID: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
        0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
  SEL Rescan Time: 10
  provides_device_sdrs: false
  device_available: false
  chassis_support: true
  bridge_support: false
  ipmb_event_generator: true
  ipmb_event_receiver: true
  fru_inventory_support: true
  sel_device_support: true
  sdr_repository_support: true
  sensor_device_support: true
  device_id: 0x20
  device_revision: 1
  fw_revision: 1.30
  version: 2.0
  manufacturer_id: 0xb980
  product_id: 0x605
  aux_fw_revision: 0x00 0x00 0x00 0x00
> 

mc sel_info

> mc sel_info dom1(0.20)
MC
  Name: dom1(0.20)
  SEL Version: 1.0
  SEL Count: 0
  SEL Slots Used: 0
  SEL Free Bytes: 10240
  SEL Last Addition Timestamp: -1
  SEL overflow: false
  SEL Supports Delete: false
  SEL Supports Partial Add: false
  SEL Supports Reserve: true
  SEL Supports Get SEL Allocation: true
> 

mc sdrs

Mit mc sdrs können Sie einzelne Sensor Data Repositories im Detail analysieren. Informationen zur Bedeutung der einzelnen Datenfelder finden Sie in der IPMI Spezifikation (siehe IPMI Grundlagen -> Einzelnachweise).

Hinweis: Bei dieser Abfrage kann es einige Sekunden dauern bis eine Ausgabe kommt nachdem Sie das Kommando abgesetzt haben.

> mc sdrs dom1(0.20) main
> MC
  Name: dom1(0.20)
  SDR
    Record ID: 4
    Type: 1
    Version: 1.5
    Data: 0x20 0x00 0x11 0x07 0x1c 0x7d 0x68 0x01
          0x01 0x95 0x7a 0x95 0x7a 0x3f 0x3f 0x00
          0x01 0x00 0x00 0x64 0x00 0x80 0xc0 0x00
          0xe2 0x07 0xa0 0xba 0x96 0xff 0x00 0xd0
          0xc6 0xbc 0x80 0x8a 0x94 0x02 0x02 0x00
          0x00 0x00 0xcb 0x53 0x79 0x73 0x74 0x65
          0x6d 0x20 0x54 0x65 0x6d 0x70
  SDR
    Record ID: 71
    Type: 1
    Version: 1.5
    Data: 0x20 0x00 0x12 0x07 0x01 0x7f 0x68 0xc0
          0x70 0x10 0x00 0x10 0x00 0xff 0x7f 0xc0
          0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
          0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
          0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
          0x00 0x00 0xc8 0x43 0x50 0x55 0x20 0x54
          0x65 0x6d 0x70
  SDR
    Record ID: 406
    Type: 1
    Version: 1.5
    Data: 0x20 0x00 0x45 0x07 0x21 0x7d 0x68 0x04
          0x01 0x95 0x7a 0x95 0x7a 0x3f 0x3f 0x00
          0x12 0x00 0x00 0xb9 0x00 0x00 0xc0 0x00
          0x01 0x07 0x80 0xaa 0x14 0xff 0x00 0xb2
          0xaf 0xac 0x10 0x11 0x12 0x01 0x01 0x00
          0x00 0x00 0xc5 0x46 0x41 0x4e 0x20 0x35
[...]
  SDR
    Record ID: 1612
    Type: 192
    Version: 1.5
    Data: 0x57 0x01 0x00 0x0d 0x01 0x88 0x00 0x1d
          0x1e 0x1f 0x20
  Total Size: 905
> 


Foto Werner Fischer.jpg

Autor: Werner Fischer

Werner Fischer, tätig im Bereich Communications / Knowledge Transfer bei Thomas-Krenn, hat sein Studium zu Computer- und Mediensicherheit an der FH Hagenberg abgeschlossen. Er ist regelmäßig Autor in Fachzeitschriften und Speaker bei Konferenzen wie LinuxCon, OSDC, OSMC, LinuxTag u.v.m. Seine Freizeit gestaltet er sehr abwechslungsreich. In einem Moment absolviert er seinen Abschluss im Klavierspielen, im anderen läuft er beim Linzmarathon in der Staffel mit oder interessiert sich für OpenStreetMap.


Das könnte Sie auch interessieren

FreeIPMI meldet ipmi ctx open outofband: BMC busy beim Versuch IPMI Sensoren abzufragen
IPMI Konfiguration unter Linux mittels ipmitool
IPMI Passwort zurücksetzen