On the IBM Blade platform, you will probably never see out of band access via IPMI to the BMCs. The BMCs for most operations communicate via the Bladecenter internal RS485 bus to the Management Module. All external access is arbitrated by that.
The BMCs do talk via LAN, however their authentication mechanism is greatly simplified (probably to the point of non-compliance and hence even if you get ipmitool on that VLAN, it probably won't work), and talks over a special vlan tagged by the on-board NIC (the management module calls it the 'sol vlan' or something like that, default 4095), and all ethernet switch modules are configured to not let that VLAN out on external ports. It may be possible to get that on external ports depending on which switch module you buy, but that's really not going to end up a productive way to go. The rest of this post is going to be trying to help you use what you do have at your disposal, so will be considered offtopic for this list. You may want to reply to me directly instead of the list for further information and comments/requests (I have talked to the bladecenter management module developers a fair amount, so that may be useful to you) As far as remote management goes, your only realistic option is to use what the Management Module implements. I'm going to assume that since you have an LS21, you have the 'Advanced Management Module', it's the only option for BC-H (9U), but if you have the plain bladecenter (7U), it may be the first generation one (AMM has USB ports, MM had PS/2). I haven't worked with MM in a while, so all I'm about to say I've only first hand experienced through AMM. FYI, AMM runs linux under the covers, but that's ultimately not useful to anyone directly but the developers. -There is always the option of using a tool to do the same task, and hopefully even frontend IPMI and Blade management in a single package. MPcli I think is Blade/RSA specific, but I never use it anymore anyway. Director probably does it, but that's another tool that I don't use (who likes GUI anyway?). CSM would be appropriate for a lot of it, but that costs money and isn't better for this particular subset of functionality than xCAT. xCAT is cool (I'm biased, see it's changelog) and freely available, example usage: # rinv l1 all l1: Serial Number: XxXxXxX l1: Machine Type/Model: 4444aaa l1: Mac Address 1: 00:14:5E:6D:31:2E l1: Mac Address 2: 00:14:5E:B3:01:2E l1: VPD BIOS: 1.01 12/17/2006 (BAE122DUS) l1: VPD Diagnostics: 1.00 03/24/2006 (BAYT01AUS) l1: VPD BMC/Mgt processor: 1.13 n/a (BABT25A) mn:~ # rpower l1 stat l1: on mn:~ # rpower m9 off m9: off mn:~ # rcons l1 [Enter `^Ec?' for help] Welcome to SUSE Linux Enterprise Server 10 (x86_64) - Kernel 2.6.16.21-0.8-smp (console). l1 login: (l1 is one of my LS21s (was a prototype, hence bad serial/mtm), m9 was a node I could actually afford to turn off). I was going to show rvitals, but my sensor output on blades looks broken. On an ipmi system of mine: # rvitals p1 temp p1: Ambient Temp: 25 C (77 F) p1: CPU 1 Temp: 33 C (91 F) p1: CPU 2 Temp: 33 C (91 F) # rvitals p1 fanspeed p1: Fan 1 Tach: 3225 RPM p1: Fan 2 Tach: 2925 RPM p1: Fan 3 Tach: 2925 RPM In any event, it frontends and abstracts the details of the operation and is fairly quick at large scale command issuances (i.e. less than a second for many operations across 100 nodes or more), and has a nice notation for multiple nodes too: # rpower p1-p5 stat|xcoll #Can also do groups, unions, intersections, regex, read from file, etc. ============================== p1,p2,p3,p4,p5 ============================== on Anyway, if you want to learn more about how to proceed with xCAT, let me know and I'll provide some help/guidance. -There is the protocol that MPCli/CSM/Director speak to it. It's similar to the RSA cards. I don't know about it other than the tools that can use it to communicate (IBM closed spec, AFAIK, so I ignore it). -There is always the web interface (I suspect not sufficiently easily scalable/scriptible/fast for your desires, else you wouldn't be here). xCAT started by scripting for you the web interface, it was clunky and still slow, but faster than the web browser downloading all the elements and rendering it, then letting you interact. The major downside is that every little operation you try to do generates an eventlog about logging in. -They added (for both MM and AMM) a telnet CLI. This is moderately scriptable via expect and faster than web interface, and the only way into SOL. This is what xCAT has largely moved towards in the present. It still has the downside of logging on every command a login. The frequent logins for a constant unattended SOL monitoring situation is to disable the telnet idle timeout on the MM (telnetcfg -t 0 -T system:mm[1]). If you have redundant MMs, pick the active one, or try both and see which one takes it. -They implemented a SMASH/CLP interface. This isn't in my experience ultimately any more exciting than the plain telnet login. It has reduced functionality (some things the SMASH specification doesn't make provisions for), and the normal one is fine and not too hard to understand. Plus, to get this to work, you have to make SNMPv3 work first, which I'll get to in a moment. -SNMP I would definitely setup SNMPv3 and try to learn about it more. It's what I'm doing in xCAT 1.3 and it's the closest analog to the IPMI way of doing things (but still quite different). To enable your administrative user (say, user 1 which is usually USERID for example) via telnet: env -T system:mm[1] OK system:mm[2]> users -1 -ap sha -pp des -at set -ppw PASSW0RD OK (replace PASSW0RD with whatever (I like to match the login password because it's less to remember), or depending on your security requirements, you can do aes instead of des for more assurance, or take it the other way and do -pp none and skip the encryption, I'm going to assume you did it exactly as I put forth for the rest of my examples. Each firmware image comes with an mmblade.mib that snmpget/snmpwalk/etc can understand. I actually don't normally use it because I don't want to require people to find it and integrate it, but it may be handy for user friendly words at the command line. The bulk of the MIB contents is most easily browseable, IMO, at http://www.oidview.com/mibs/2/BLADE-MIB.html So let's say I want to check if a blade is on, I would do a powerRestartBladePowerSTate, which is per that web site: 1.3.6.1.4.1.2.3.51.2.22.1.6.1.1.4 So I would add a dot and the slot number of interest, and my command and get: # snmpget -a SHA -x DES -X PASSW0RD -A PASSW0RD -u USERID -l authPriv bch1-mm 1.3.6.1.4.1.2.3.51.2.22.1.6.1.1.4.1 SNMPv2-SMI::enterprises.2.3.51.2.22.1.6.1.1.4.1 = INTEGER: 1 If I loaded my blade mib... # snmpget -a SHA -x DES -X PASSW0RD -A PASSW0RD -u USERID -l authPriv -m ALL bch1-mm 1.3.6.1.4.1.2.3.51.2.22.1.6.1.1.4.1 BLADE-MIB::powerRestartBladePowerState.1 = INTEGER: on(1) It helpfully translates to human readable. On Wed, 2007-03-07 at 10:38 +0100, Alex Still wrote: > Hello, > > We've been using IPMI for a long time on various types of servers, but > are having problems getting it to work on HP and IBM blades (BL35p and > LS21, respectively). It works locally ("open" interface), but we can't > make the lan interface work, or set user privs. > > for example : > ipmitool user priv 3 2 > Set Privilege Level command failed (user 3) > > Anyone has experience with this kind of hardware ? Didn't find much > googling and the constructor's website are little help. (mostly docs > about their own solution, like IBM's "MPCLI"). > > Cheers, > > -- > Alex > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share your > opinions on IT & business topics through brief surveys-and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ Ipmitool-devel mailing list > Ipmitool-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/ipmitool-devel ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Ipmitool-devel mailing list Ipmitool-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ipmitool-devel
