IPMI Analyse mit openipmish
IPMI bietet umfangreiche Möglichkeiten zur Hardware-Überwachung. Mit dem Linux ipmitool können Sie Sensoren abfragen, Server remote einschalten oder auch IPMI konfigurieren. Für eine detaillierte Analyse bzw. für ein ausführliches Debugging eignet sich allerdings ein weiteres Tool. In diesem Artikel beschreiben wir wie Sie unter Linux mit openipmish IPMI im Detail analysieren. Ein konkretes Beispiel finden Sie im Artikel Detaillierte Analyse eines IPMI Sensors.
Installation
openipmish ist Bestandteil von OpenIPMI, das bereits bei den meisten Linux Distributionen direkt enthalten ist. Unter Debian/Ubuntu installieren Sie OpenIPMI einfach mit
apt-get install openipmi
Grundlagen
openipmish ist ein Shell Interface zu einem IPMI System. Hilfetexte zur Bedienung und den Funktionen bekommen Sie direkt nach dem Start von openipmish mit dem Kommando help:
user@ubuntu:~$ openipmish > help help domain - Commands dealing with domains con - Commands dealing with connections entity - Commands dealing with entities mc - Commands dealing with MCs pet - Commands dealing with Platform Event Traps (PETs) lanparm - Commands dealing with LAN Parameters (lanparms) solparm - Commands dealing with SOL Parameters (solparms) fru - Commands dealing with FRUs pef - Commands dealing with PEF Parameters (pefs) sensor - Commands dealing with sensors control - Commands dealing with controls sel - Commands dealing with the SEL evinfo true | false - Enable/disable printing info about the object when an event is reported on it (such as entity info, domain info, etc.) debug <type> true | false - Turn on/off the specific debugging. The debugging types are: msg, rawmsg, events, con0, con1, con2, con3. This is primarily for designers of OpenIPMI trying to debug problems. redisp_cmd on|off - If an asynchronous event comes in, redisplay the current working command. This is on by default. exit - leave the program read <file> - Read commands from the file and execute them >
Verbindung zu einem IPMI BMC aufbauen
Eine Verbindung zu einem IPMI BMC können Sie über das domain Unterkommando aufbauen. Im folgenden Beispiel zeigen wir eine Verbindung über einen IPMI LAN Channel:
> domain list Domains > domain open dom1 lan -U ADMIN -P ADMIN 10.10.10.75 Event Object Type: Domain Name: dom1 Operation: Add > INFO: dom1 0 ipmi_lan.c(connection_up): Connection 0 to the BMC is up INFO: dom1 0 ipmi_lan.c(connection_up): Connection to the BMC restored Event Object Type: Domain Name: dom1 Operation: Connection Change Connection Number: 0 Port Number: 0 Any Connection Up: true Error: 0 Domain Created: dom1 Event Object Type: Domain Name: dom1 Operation: Connection Change Connection Number: 0 Port Number: 0 Any Connection Up: true Error: 0 Event Object Type: MC Name: dom1(0.20) Operation: Add [...] Event Object Type: MC Name: dom1(0.20) Operation: Change [...] Event Object Type: MC Name: dom1(0.20) Operation: Active Changed Active: true [...] Event Object Type: MC Name: dom1(0.20) Operation: Fully Up Event Object Type: Domain Domain: dom1 Operation: Domain fully up >
Die Domain steht nun zur Verfügung:
> domain list Domains Name: dom1 >
weitere Optionen
Mit dem Unterkommando help domain bekommen Sie ausführliche Informationen zu den möglichen Optionen für einen Verbindungsaufbau:
> help domain domain - Commands dealing with domains list - List all the domains in the system info <domain> - Dump information about a domain new Obsolete, use domain open open <domain name> [<options>] <domain parms> [<domain parms>]- Set up a new domain using an argument parser. Format for the connection's <domain parms> depends on the connections type. Two connections (to two different MCs) can be done by specifying two sets of parms. Connections types are: smi smi <num> where the <num> is the IPMI device number to connect to. lan lan [-U <username>] [-P <password>] [-p[2] port] [-A <authtype>] [-L <privilege>] [-s] [-Ra <auth alg>] [-Ri <integ alg>] [-Rc <conf algo>] [-Rl] [-Rk <bmc key>] [-H <hackname>] [-M <max outstanding msgs>] <host1> [<host2>] If -s is supplied, then two host names are taken (the second port may be specified with -p2). Otherwise, only one hostname is taken. The defaults are an empty username and password (anonymous), port 623, admin privilege, and authtype defaulting to the most secure one available. privilege is one of: callback, user, operator, admin, or oem. These select the specific commands that are available to the connection. Higher privileges (ones further to the right in the above list) have more commands available to them. authtype is one of the following: rmcp+, md5, md2, straight, or none. Setting this to anything but rmcp+ forces normal rmcp authentication. By default the most secure method available is chosen, in the order given above. For RMCP+ connections, the authentication algorithms supported (-Ra) are: bmcpick, rakp_none, rakp_hmac_sha1, and rakp_hmac_md5. The integrity algorithms (-Ri) supported are: bmcpick, none, hmac_sha1, hmac_md5, and md5. The confidentiality algorithms (-Rc) are: bmcpick, aes_cbc_128, xrc4_128, and xrc_40. The defaults are rackp_hmac_sha1, hmac_sha1, and aes_cb_128. -Rl turns on lookup up names by the name and the privilege level (allowing the same name with different privileges and different passwords), the default is straight name lookup. -Rk sets the BMC key, needed if the system does two-key lookups. The -M option sets the maximum outstanding messages. The default is 2, ranges 1-63. The -H option enables certain hacks for broken platforms. This may be listed multiple times to enable multiple hacks. The currently available hacks are: intelplus - For Intel platforms that have broken RMCP+. rakp3_wrong_rolem - For systems that truncate role(m) in the RAKP3 msg. rmcpp_integ_sik - For systems that use SIK instead of K(1) for integrity. Options are: -[no]all - all automatic handling -[no]sdrs - sdr fetching -[no]frus - FRU fetching -[no]sel - SEL fetching -[no]ipmbscan - IPMB bus scanning -[no]oeminit - special OEM processing (like ATCA) -[no]seteventrcvr - setting event receivers -[no]activate - connection activation -[no]localonly - Just talk to the local BMC, (ATCA-only, for blades) -wait_til_up - wait until the domain is up before returning close <domain> - Close the domain fru <domain> <is_logical> <device_address> <device_id> <lun> <private_bus> <channel> - Fetch FRU data with the given parms msg <domain> <channel> <ipmb> <LUN> <NetFN> <command> [data...] - Send a message to the given address scan <domain> <channel> <ipmb addr> [ipmb addr] - scan an IPMB to add or remove it. If a range is given, then scan all IPMBs in the range presence <domain> - Check the presence of all entities in the domain sel_rescan_time <domain> <time in seconds> - Set the time between SEL rescans for all SELs in the domain. Zero disables scans. rescan_sels <domain> - Rescan all the SELs in the domain ipmb_rescan_time <domain> <time in seconds> - Set the time between IPMB rescans for this domain. zero disables scans. stats <domain> - Dump all the domain's statistics >
mc Operationen
mc list
> mc list Domain Name: dom1 MCs Name: dom1(0.20) >
mc info
> mc info dom1(0.20) MC Name: dom1(0.20) Active: true GUID: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 SEL Rescan Time: 10 provides_device_sdrs: false device_available: false chassis_support: true bridge_support: false ipmb_event_generator: true ipmb_event_receiver: true fru_inventory_support: true sel_device_support: true sdr_repository_support: true sensor_device_support: true device_id: 0x20 device_revision: 1 fw_revision: 1.30 version: 2.0 manufacturer_id: 0xb980 product_id: 0x605 aux_fw_revision: 0x00 0x00 0x00 0x00 >
mc sel_info
> mc sel_info dom1(0.20) MC Name: dom1(0.20) SEL Version: 1.0 SEL Count: 0 SEL Slots Used: 0 SEL Free Bytes: 10240 SEL Last Addition Timestamp: -1 SEL overflow: false SEL Supports Delete: false SEL Supports Partial Add: false SEL Supports Reserve: true SEL Supports Get SEL Allocation: true >
mc sdrs
Mit mc sdrs können Sie einzelne Sensor Data Repositories im Detail analysieren. Informationen zur Bedeutung der einzelnen Datenfelder finden Sie in der IPMI Spezifikation (siehe IPMI Grundlagen -> Einzelnachweise).
Hinweis: Bei dieser Abfrage kann es einige Sekunden dauern bis eine Ausgabe kommt nachdem Sie das Kommando abgesetzt haben.
> mc sdrs dom1(0.20) main > MC Name: dom1(0.20) SDR Record ID: 4 Type: 1 Version: 1.5 Data: 0x20 0x00 0x11 0x07 0x1c 0x7d 0x68 0x01 0x01 0x95 0x7a 0x95 0x7a 0x3f 0x3f 0x00 0x01 0x00 0x00 0x64 0x00 0x80 0xc0 0x00 0xe2 0x07 0xa0 0xba 0x96 0xff 0x00 0xd0 0xc6 0xbc 0x80 0x8a 0x94 0x02 0x02 0x00 0x00 0x00 0xcb 0x53 0x79 0x73 0x74 0x65 0x6d 0x20 0x54 0x65 0x6d 0x70 SDR Record ID: 71 Type: 1 Version: 1.5 Data: 0x20 0x00 0x12 0x07 0x01 0x7f 0x68 0xc0 0x70 0x10 0x00 0x10 0x00 0xff 0x7f 0xc0 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0xc8 0x43 0x50 0x55 0x20 0x54 0x65 0x6d 0x70 SDR Record ID: 406 Type: 1 Version: 1.5 Data: 0x20 0x00 0x45 0x07 0x21 0x7d 0x68 0x04 0x01 0x95 0x7a 0x95 0x7a 0x3f 0x3f 0x00 0x12 0x00 0x00 0xb9 0x00 0x00 0xc0 0x00 0x01 0x07 0x80 0xaa 0x14 0xff 0x00 0xb2 0xaf 0xac 0x10 0x11 0x12 0x01 0x01 0x00 0x00 0x00 0xc5 0x46 0x41 0x4e 0x20 0x35 [...] SDR Record ID: 1612 Type: 192 Version: 1.5 Data: 0x57 0x01 0x00 0x0d 0x01 0x88 0x00 0x1d 0x1e 0x1f 0x20 Total Size: 905 >
Autor: Werner Fischer Werner Fischer arbeitet im Product Management Team von Thomas-Krenn. Er evaluiert dabei neueste Technologien und teilt sein Wissen in Fachartikeln, bei Konferenzen und im Thomas-Krenn Wiki. Bereits 2005 - ein Jahr nach seinem Abschluss des Studiums zu Computer- und Mediensicherheit an der FH Hagenberg - heuerte er beim bayerischen Server-Hersteller an. Als Öffi-Fan nutzt er gerne Bus & Bahn und genießt seinen morgendlichen Spaziergang ins Büro.
|