Re: IPMI console [Re: Chicken and egg, encrypted root FS on remote server]
On 21/02/2013, at 19:33, Steven Hartland kill...@multiplay.co.uk wrote: I had a quick look at the code and AFAIK it doesn't do anything (on 9.1 anyway). Actually at a guess I would say it's a hangover from sio(4) where 0x20 forced the device in question to be the console. According to the handbook, where I got the settings from, 0x20: Forces this unit to be the console (unless there is another higher priority console), regardless of the -h option discussed below. The flag 0x20 must be used together with the 0x10 flag. Yes but that is about sio, not uart. sio(4) has.. 0x00010 device is potential system console 0x00020 device is forced to become system console but uart(4) just has.. 0x00010 device is potential system console -- Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au The nice thing about standards is that there are so many of them to choose from. -- Andrew Tanenbaum GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to freebsd-hackers-unsubscr...@freebsd.org
Re: IPMI console [Re: Chicken and egg, encrypted root FS on remote server]
- Original Message - From: Daniel O'Connor On 21/02/2013, at 9:06, Steven Hartland kill...@multiplay.co.uk wrote: If I change the console redirect to com1, my screen stays blank. Would you perhaps know how to use com1 for redirect and connect to it using ipmi-console (or ipmi-tool)? We use the following on Supermicro servers works fine:- http://blog.multiplay.co.uk/2012/12/freebsd-serial-over-lan/ Nice! BTW do you know what flag 0x20 does for UART? 0x10 is documented but 0x20 is not. I had a quick look at the code and AFAIK it doesn't do anything (on 9.1 anyway). Actually at a guess I would say it's a hangover from sio(4) where 0x20 forced the device in question to be the console. According to the handbook, where I got the settings from, 0x20: Forces this unit to be the console (unless there is another higher priority console), regardless of the -h option discussed below. The flag 0x20 must be used together with the 0x10 flag. Regards Steve This e.mail is private and confidential between Multiplay (UK) Ltd. and the person or entity to whom it is addressed. In the event of misdirection, the recipient is prohibited from using, copying, printing or otherwise disseminating it or any information contained in it. In the event of misdirection, illegible or incomplete transmission please telephone +44 845 868 1337 or return the E.mail to postmas...@multiplay.co.uk. ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to freebsd-hackers-unsubscr...@freebsd.org
IPMI console [Re: Chicken and egg, encrypted root FS on remote server]
Hi Daniel, On Wed, Feb 20, 2013 at 10:55:47PM +1030, Daniel O'Connor wrote: On 20/02/2013, at 21:43, Paul Schenkeveld free...@psconsult.nl wrote: What about getting a remote console like HP's ILO or Dell's DRAC ? You get to login remotely, you can use some degree of access control... you can even remote boot. For new hardware I could indeed use this, the current hardware does not support remote console. I don't have experience with ILO nor DRAC but I do have experience with SuperMicro's KVM over LAN which does need a java client to run. If I can enter the passphrase over ssh that would be better as I can use any device including a smartphone to dial in and enter the passphrase. If you setup a serial console you don't need Java if you use ipmitool, eg ipmitool -H remoteip -U ADMIN -I lanplus sol activate Tried that with some Supermicro servers, the serial console allows me to get into BIOS config and shows boot messages up to starting the kernel, once the kernel starts output stops. In the BIOS setup, console redirect defaults to com2 port which explains why output stops after the loader passes control to the kernel. BTW, ipmitool always gives me Info: cannot activate SOL payload with encryption but ipmi-console (sysutils/freeipmi) works. If I change the console redirect to com1, my screen stays blank. Would you perhaps know how to use com1 for redirect and connect to it using ipmi-console (or ipmi-tool)? Thanks, Paul Schenkeveld ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to freebsd-hackers-unsubscr...@freebsd.org
Re: IPMI console [Re: Chicken and egg, encrypted root FS on remote server]
On 20/02/2013 20:31, Paul Schenkeveld wrote: Hi Daniel, On Wed, Feb 20, 2013 at 10:55:47PM +1030, Daniel O'Connor wrote: On 20/02/2013, at 21:43, Paul Schenkeveld free...@psconsult.nl wrote: What about getting a remote console like HP's ILO or Dell's DRAC ? You get to login remotely, you can use some degree of access control... you can even remote boot. For new hardware I could indeed use this, the current hardware does not support remote console. I don't have experience with ILO nor DRAC but I do have experience with SuperMicro's KVM over LAN which does need a java client to run. If I can enter the passphrase over ssh that would be better as I can use any device including a smartphone to dial in and enter the passphrase. If you setup a serial console you don't need Java if you use ipmitool, eg ipmitool -H remoteip -U ADMIN -I lanplus sol activate Tried that with some Supermicro servers, the serial console allows me to get into BIOS config and shows boot messages up to starting the kernel, once the kernel starts output stops. In the BIOS setup, console redirect defaults to com2 port which explains why output stops after the loader passes control to the kernel. BTW, ipmitool always gives me Info: cannot activate SOL payload with encryption but ipmi-console (sysutils/freeipmi) works. If I change the console redirect to com1, my screen stays blank. Would you perhaps know how to use com1 for redirect and connect to it using ipmi-console (or ipmi-tool)? I have a supermicro using ipmi sol running happily using com2 my notes were ahem,less than through however hopefully they are enough? (FreeBSD 9.1-RELEASE) For Serial over lan (ipmi) edit /boot.config to contain -Dh edit /boot/loader.conf to add ipmi_load=YES hint.uart.0.flags= hint.uart.1.flags=0x10 console=comconsole vidconsole comconsole_speed=19200 boot_multicons=yes edit /etc/ttys change line for ttyu1 ttyu1 /usr/libexec/getty std.19200 vt100 on secure -- root@kyanite london]# ipmitool -I lanplus -U admin -E -H 192.168.22.118 sol activate Unable to read password from environment Password: [SOL Session operational. Use ~? for help] FreeBSD/amd64 (copia.namesco.net) (ttyu1) login: Hope thats helpful Vince Thanks, Paul Schenkeveld ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to freebsd-hackers-unsubscr...@freebsd.org ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to freebsd-hackers-unsubscr...@freebsd.org
Re: IPMI console [Re: Chicken and egg, encrypted root FS on remote server]
- Original Message - From: Paul Schenkeveld free...@psconsult.nl To: Daniel O'Connor docon...@gsoft.com.au Cc: hack...@freebsd.org Sent: Wednesday, February 20, 2013 8:31 PM Subject: IPMI console [Re: Chicken and egg, encrypted root FS on remote server] Hi Daniel, On Wed, Feb 20, 2013 at 10:55:47PM +1030, Daniel O'Connor wrote: On 20/02/2013, at 21:43, Paul Schenkeveld free...@psconsult.nl wrote: What about getting a remote console like HP's ILO or Dell's DRAC ? You get to login remotely, you can use some degree of access control... you can even remote boot. For new hardware I could indeed use this, the current hardware does not support remote console. I don't have experience with ILO nor DRAC but I do have experience with SuperMicro's KVM over LAN which does need a java client to run. If I can enter the passphrase over ssh that would be better as I can use any device including a smartphone to dial in and enter the passphrase. If you setup a serial console you don't need Java if you use ipmitool, eg ipmitool -H remoteip -U ADMIN -I lanplus sol activate Tried that with some Supermicro servers, the serial console allows me to get into BIOS config and shows boot messages up to starting the kernel, once the kernel starts output stops. In the BIOS setup, console redirect defaults to com2 port which explains why output stops after the loader passes control to the kernel. BTW, ipmitool always gives me Info: cannot activate SOL payload with encryption but ipmi-console (sysutils/freeipmi) works. If I change the console redirect to com1, my screen stays blank. Would you perhaps know how to use com1 for redirect and connect to it using ipmi-console (or ipmi-tool)? We use the following on Supermicro servers works fine:- http://blog.multiplay.co.uk/2012/12/freebsd-serial-over-lan/ Regards Steve This e.mail is private and confidential between Multiplay (UK) Ltd. and the person or entity to whom it is addressed. In the event of misdirection, the recipient is prohibited from using, copying, printing or otherwise disseminating it or any information contained in it. In the event of misdirection, illegible or incomplete transmission please telephone +44 845 868 1337 or return the E.mail to postmas...@multiplay.co.uk. ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to freebsd-hackers-unsubscr...@freebsd.org
Re: IPMI console [Re: Chicken and egg, encrypted root FS on remote server]
On 21/02/2013, at 9:06, Steven Hartland kill...@multiplay.co.uk wrote: If I change the console redirect to com1, my screen stays blank. Would you perhaps know how to use com1 for redirect and connect to it using ipmi-console (or ipmi-tool)? We use the following on Supermicro servers works fine:- http://blog.multiplay.co.uk/2012/12/freebsd-serial-over-lan/ Nice! BTW do you know what flag 0x20 does for UART? 0x10 is documented but 0x20 is not. I had a quick look at the code and AFAIK it doesn't do anything (on 9.1 anyway). Actually at a guess I would say it's a hangover from sio(4) where 0x20 forced the device in question to be the console. -- Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au The nice thing about standards is that there are so many of them to choose from. -- Andrew Tanenbaum GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to freebsd-hackers-unsubscr...@freebsd.org