ipmitool(1) - phpMan

ipmitool(1) ipmitool(1)

NAME
ipmitool - utility for controlling IPMI-enabled devices

SYNOPSIS
ipmitool [-c|-h|-d N|-v|-V] -I open <command>

ipmitool [-c|-h|-v|-V] -I lan -H <hostname>
[-p <port>]
[-U <username>]
[-A <authtype>]
[-L <privlvl>]
[-a|-E|-P|-f <password>]
[-o <oemtype>]
[-O <sel oem>]
[-e <esc_char>]
<command>

ipmitool [-c|-h|-v|-V] -I lanplus -H <hostname>
[-p <port>]
[-U <username>]
[-L <privlvl>]
[-a|-E|-P|-f <password>]
[-o <oemtype>]
[-O <sel oem>]
[-C <ciphersuite>]
[-k <kg_key>]
[-e <esc_char>]
<command>

DESCRIPTION
This program lets you manage Intelligent Platform Management Interface (IPMI) functions of
either the local system, via a kernel device driver, or a remote system, using IPMI V1.5
and IPMI v2.0. These functions include printing FRU information, LAN configuration, sensor
readings, and remote chassis power control.

IPMI management of a local system interface requires a compatible IPMI kernel driver to be
installed and configured. On Linux this driver is called OpenIPMI and it is included in
standard distributions. On Solaris this driver is called BMC and is included in Solaris
10. Management of a remote station requires the IPMI-over-LAN interface to be enabled and
configured. Depending on the particular requirements of each system it may be possible to
enable the LAN interface using ipmitool over the system interface.

OPTIONS
-a Prompt for the remote server password.

-A <authtype>
Specify an authentication type to use during IPMIv1.5 lan session activation. Sup-
ported types are NONE, PASSWORD, MD2, MD5, or OEM.

-c Present output in CSV (comma separated variable) format. This is not available
with all commands.

-e <sol_escape_char>
Use supplied character for SOL session escape character. The default is to use ~
but this can conflict with ssh sessions.

-k <key>
Use supplied Kg key for IPMIv2 authentication. The default is not to use any Kg
key.

-C <ciphersuite>
The remote server authentication, integrity, and encryption algorithms to use for
IPMIv2 lanplus connections. See table 22-19 in the IPMIv2 specification. The
default is 3 which specifies RAKP-HMAC-SHA1 authentication, HMAC-SHA1-96 integrity,
and AES-CBC-128 encryption algorightms.

-E The remote server password is specified by the environment variable IPMI_PASSWORD.

-f <password_file>
Specifies a file containing the remote server password. If this option is absent,
or if password_file is empty, the password will default to NULL.

-h Get basic usage help from the command line.

-H <address>
Remote server address, can be IP address or hostname. This option is required for
lan and lanplus interfaces.

-I <interface>
Selects IPMI interface to use. Supported interfaces that are compiled in are visi-
ble in the usage help output.

-L <privlvl>
Force session privilege level. Can be CALLBACK, USER, OPERATOR, ADMINISTRATOR.
Default is ADMINISTRATOR.

-m <local_address>
Set the local IPMB address. The default is 0x20 and there should be no need to
change it for normal operation.

-o <oemtype>
Select OEM type to support. This usually involves minor hacks in place in the code
to work around quirks in various BMCs from various manufacturers. Use -o list to
see a list of current supported OEM types.

-O <sel oem>
Open selected file and read OEM SEL event descriptions to be used during SEL list-
ings. See examples in contrib dir for file format.

-p <port>
Remote server UDP port to connect to. Default is 623.

-P <password>
Remote server password is specified on the command line. If supported it will be
obscured in the process list. Note! Specifying the password as a command line
option is not recommended.

-S <sdr_cache_file>
Use local file for remote SDR cache. Using a local SDR cache can drastically
increase performance for commands that require knowledge of the entire SDR to per-
form their function. Local SDR cache from a remote system can be created with the
sdr dump command.

-t <target_address>
Bridge IPMI requests to the remote target address.

-U <username>
Remote server username, default is NULL user.

-d N Use device number N to specify the /dev/ipmiN (or /dev/ipmi/N or /dev/ipmidev/N)
device to use for in-band BMC communication. Used to target a specific BMC on a
multi-node, multi-BMC system through the ipmi device driver interface. Default is
0.

-v Increase verbose output level. This option may be specified multiple times to
increase the level of debug output. If given three times you will get hexdumps of
all incoming and outgoing packets.

-V Display version information.

If no password method is specified then ipmitool will prompt the user for a password. If
no password is entered at the prompt, the remote server password will default to NULL.

SECURITY
There are several security issues be be considered before enabling the IPMI LAN interface.
A remote station has the ability to control a system's power state as well as being able
to gather certain platform information. To reduce vulnerability it is strongly advised
that the IPMI LAN interface only be enabled in 'trusted' environments where system secu-
rity is not an issue or where there is a dedicated secure 'management network'.

Further it is strongly advised that you should not enable IPMI for remote access without
setting a password, and that that password should not be the same as any other password on
that system.

When an IPMI password is changed on a remote machine with the IPMIv1.5 lan interface the
new password is sent across the network as clear text. This could be observed and then
used to attack the remote system. It is thus recommended that IPMI password management
only be done over IPMIv2.0 lanplus interface or the system interface on the local station.

For IPMI v1.5, the maximum password length is 16 characters. Passwords longer than 16
characters will be truncated.

For IPMI v2.0, the maximum password length is 20 characters; longer passwords are trun-
cated.

COMMANDS
help This can be used to get command-line help on ipmitool commands. It may also be
placed at the end of commands to get option usage help.

ipmitool help
Commands:
raw Send a RAW IPMI request and print response
lan Configure LAN Channels
chassis Get chassis status and set power state
event Send events to MC
mc Management Controller status and global enables
sdr Print Sensor Data Repository entries and readings
sensor Print detailed sensor information
fru Print built-in FRU and scan for FRU locators
sel Print System Event Log (SEL)
pef Configure Platform Event Filtering (PEF)
sol Configure and connect IPMIv2.0 Serial-over-LAN
tsol Configure and connect Tyan IPMIv1.5 Serial-over-LAN
isol Configure Intel IPMIv1.5 Serial-over-LAN
user Configure Management Controller users
channel Configure Management Controller channels
session Print session information
sunoem Manage Sun OEM Extensions
exec Run list of commands from file
set Set runtime variable for shell and exec

ipmitool chassis help
Chassis Commands: status, power, identify, policy, restart_cause, poh, bootdev

ipmitool chassis power help
chassis power Commands: status, on, off, cycle, reset, diag, soft

bmc|mc

reset <warm|cold>

Instructs the BMC to perform a warm or cold reset.

guid Display the Management Controller Globally Unique IDentifier.

info

Displays information about the BMC hardware, including device revision,
firmware revision, IPMI version supported, manufacturer ID, and information
on additional device support.

getenables

Displays a list of the currently enabled options for the BMC.

setenables <option>=[on|off]

Enables or disables the given option. This command is only supported over
the system interface according to the IPMI specification. Currently sup-
ported values for option include:

recv_msg_intr

Receive Message Queue Interrupt

event_msg_intr

Event Message Buffer Full Interrupt

event_msg

Event Message Buffer

system_event_log

System Event Logging

oem0

OEM-Defined option #0

oem1

OEM-Defined option #1

oem2

OEM-Defined option #2

channel

authcap <channel number> <max priv>

Displays information about the authentication capabilities of the selected
channel at the specified privilege level.

Possible privilege levels are:
1 Callback level
2 User level
3 Operator level
4 Administrator level
5 OEM Proprietary level

info [channel number]

Displays information about the selected channel. If no channel is given
it will display information about the currently used channel:

> ipmitool channel info
Channel 0xf info:
Channel Medium Type : System Interface
Channel Protocol Type : KCS
Session Support : session-less
Active Session Count : 0
Protocol Vendor ID : 7154

getaccess <channel number> [<userid>]

Configure the given userid as the default on the given channel number. When
the given channel is subsequently used, the user is identified implicitly by
the given userid.

setaccess <channel number> <userid> [<callin=on|off>]
[<ipmi=on|off>] [<link=on|off>] [<privilege=level>]

Configure user access information on the given channel for the given userid.

getciphers <ipmi|sol> [<channel>]

Displays the list of cipher suites supported for the given application (ipmi
or sol) on the given channel.

chassis

status

Displays information regarding the high-level status of the system chassis
and main power subsystem.

poh

This command will return the Power-On Hours counter.

identify <interval>

Control the front panel identify light. Default is 15. Use 0 to turn
off.

restart_cause

Query the chassis for the cause of the last system restart.

policy

Set the chassis power policy in the event power failure.

list

Return supported policies.

always-on

Turn on when power is restored.

Returned to previous state when power is restored.

always-off

Stay off after power is restored.

power

Performs a chassis control command to view and change the power state.

status

Show current chassis power status.

Power up chassis.

off

Power down chassis into soft off (S4/S5 state). WARNING: This com-
mand does not initiate a clean shutdown of the operating system
prior to powering down the system.

cycle

Provides a power off interval of at least 1 second. No action
should occur if chassis power is in S4/S5 state, but it is recom-
mended to check power state first and only issue a power cycle com-
mand if the system power is on or in lower sleep state than S4/S5.

reset

This command will perform a hard reset.

diag

Pulse a diagnostic interrupt (NMI) directly to the processor(s).

soft

Initiate a soft-shutdown of OS via ACPI. This can be done in a num-
ber of ways, commonly by simulating an overtemperture or by simulat-
ing a power button press. It is necessary for there to be Operating
System support for ACPI and some sort of daemon watching for events
for this soft power to work.

bootdev <device> [<clear-cmos=yes|no>]

Request the system to boot from an alternate boot device on next reboot.
The clear-cmos option, if supplied, will instruct the BIOS to clear its CMOS
on the next reboot.

Currently supported values for <device> are:

none

Do not change boot device

pxe

Force PXE boot

disk

Force boot from BIOS default boot device

safe

Force boot from BIOS default boot device, request Safe Mode

diag

Force boot from diagnostic partition

cdrom

Force boot from CD/DVD

bios

Force boot into BIOS setup

event

Send a pre-defined event to the System Event Log. The following events are
included as a means to test the functionality of the System Event Log compo-
nent of the BMC (an entry will be added each time the event n command is
executed).

Currently supported values for n are:
1 Temperature: Upper Critical: Going High
2 Voltage Threshold: Lower Critical: Going Low
3 Memory: Correctable ECC Error Detected

NOTE: These pre-defined events will likely not produce "accurate" SEL
records for a particular system because they will not be correctly tied to a
valid sensor number, but they are sufficient to verify correct operation of
the SEL.

file <filename>

Event log records specified in filename will be added to the System Event
Log.

The format of each line in the file is as follows:

<{EvM Revision} {Sensor Type} {Sensor Num} {Event Dir/Type} {Event Data 0}
{Event Data 1} {Event Data 2}>[# COMMENT]

Note: The Event Dir/Type field is encoded with the event direction as the
high bit (bit 7) and the event type as the low 7 bits.

e.g.:
0x4 0x2 0x60 0x1 0x52 0x0 0x0 # Voltage threshold: Lower Critical: Going Low

<sensorid> <state> [<eventdir>]

Generate a custom event based on existing sensor information. The optional
event direction can be either assert or deassert and defaults to assert. To
get a list of possible states for a sensor supply a state of list on the
command line. Each sensor may be different but some states will have
pre-defined shortcuts. For example:

> ipmitool -I open event p0.t_core
Finding sensor p0.t_core... ok
Sensor States:
lnr : Lower Non-Recoverable
lcr : Lower Critical
lnc : Lower Non-Critical
unc : Upper Non-Critical
ucr : Upper Critical
unr : Upper Non-Recoverable

> ipmitool -I open event ps0.prsnt
Finding sensor ps0.prsnt... ok
Sensor States:
Device Absent
Device Present
State State Shortcuts:
present absent
assert deassert
limit nolimit
fail nofail
yes no
on off
up down

exec <filename>

Execute ipmitool commands from filename. Each line is a complete command. The
syntax of the commands are defined by the COMMANDS section in this manpage. Each
line may have an optional comment at the end of the line, delimited with a `#' sym-
bol.

e.g., a command file with two lines:

sdr list # get a list of sdr records
sel list # get a list of sel records

fru

This command will read all Field Replaceable Unit (FRU) inventory data and
extract such information as serial number, part number, asset tags, and
short strings describing the chassis, board, or product.

i2c <i2caddr> <read bytes> [<write data>]

This will allow you to execute raw I2C commands with the Master Write-Read IPMI
command.

isol

setup <baud rate>

Setup baud rate for Intel IPMI v1.5 Serial-over-LAN.

lan

These commands will allow you to configure IPMI LAN channels with network informa-
tion so they can be used with the ipmitool lan and lanplus interfaces. NOTE: To
determine on which channel the LAN interface is located, issue the `channel info
number' command until you come across a valid 802.3 LAN channel. For example:

> ipmitool -I open channel info 1
Channel 0x1 info:
Channel Medium Type : 802.3 LAN
Channel Protocol Type : IPMB-1.0
Session Support : session-based
Active Session Count : 8
Protocol Vendor ID : 7154

print <channel>

Print the current configuration for the given channel.

set <channel> <parameter>

Set the given parameter on the given channel. Valid parameters are:

ipaddr <x.x.x.x>

Set the IP address for this channel.

netmask <x.x.x.x>

Set the netmask for this channel.

macaddr <xx:xx:xx:xx:xx:xx>

Set the MAC address for this channel.

defgw ipaddr <x.x.x.x>

Set the default gateway IP address.

defgw macaddr <xx:xx:xx:xx:xx:xx>

Set the default gateway MAC address.

bakgw ipaddr <x.x.x.x>

Set the backup gateway IP address.

bakgw macaddr <xx:xx:xx:xx:xx:xx>

Set the backup gateway MAC address.

password <pass>

Set the null user password.

snmp <community string>

Set the SNMP community string.

user

Enable user access mode for userid 1 (issue the `user' command to
display information about userids for a given channel).

access <on|off>

Set LAN channel access mode.

ipsrc <source>

Set the IP address source:
none unspecified
static manually configured static IP address
dhcp address obtained by BMC running DHCP
bios address loaded by BIOS or system software

arp respond <on|off>

Set BMC generated ARP responses.

arp generate <on|off>

Set BMC generated gratuitous ARPs.

arp interval <seconds>

Set BMC generated gratuitous ARP interval.

vlan id <off|id>

Disable VLAN operation or enable VLAN and set the ID.
ID: value of the virtual lan identifier between 1 and 4094 inclu-
sive.

vlan priority <priority>

Set the priority associated with VLAN frames.
ID: priority of the virtual lan frames between 0 and 7 inclusive.

auth <level,...> <type,...>

Set the valid authtypes for a given auth level.
Levels: callback, user, operator, admin
Types: none, md2, md5, password, oem

cipher_privs <privlist>

Correlates cipher suite numbers with the maximum privilege level
that is allowed to use it. In this way, cipher suites can
restricted to users with a given privilege level, so that, for exam-
ple, administrators are required to use a stronger cipher suite than
normal users.

The format of privlist is as follows. Each character represents a
privilege level and the character position identifies the cipher
suite number. For example, the first character represents cipher
suite 1 (cipher suite 0 is reserved), the second represents cipher
suite 2, and so on. privlist must be 15 characters in length.

Characters used in privlist and their associated privilege levels
are:

X Cipher Suite Unused
c CALLBACK
u USER
o OPERATOR
a ADMIN
O OEM

So, to set the maximum privilege for cipher suite 1 to USER and
suite 2 to ADMIN, issue the following command:

> ipmitool -I interface lan set channel cipher_privs uaXXXXXXXXXXXXX

pef

info

This command will query the BMC and print information about the PEF sup-
ported features.

status

This command prints the current PEF status (the last SEL entry processed by
the BMC, etc).

policy

This command lists the PEF policy table entries. Each policy entry
describes an alert destination. A policy set is a collection of table
entries. PEF alert actions reference policy sets.

list

This command lists the PEF table entries. Each PEF entry relates a sensor
event to an action. When PEF is active, each platform event causes the BMC
to scan this table for entries matching the event, and possible actions to
be taken. Actions are performed in priority order (higher criticality
first).

raw <netfn> <cmd> [<data>]

This will allow you to execute raw IPMI commands. For example to query the POH
counter with a raw command:

> ipmitool -v raw 0x0 0xf
RAW REQ (netfn=0x0 cmd=0xf data_len=0)
RAW RSP (5 bytes)
3c 72 0c 00 00

sdr

get <id> ... [<id>]

Prints information for sensor data records specified by sensor id.

info

This command will query the BMC for SDR information.

type <sensor type>

This command will display all records from the SDR of a specific type. Run
with type list to see the list of available types. For example to query for
all Temperature sensors:

> ipmitool sdr type Temperature
Baseboard Temp | 30h | ok | 7.1 | 28 degrees C
FntPnl Amb Temp | 32h | ok | 12.1 | 24 degrees C
Processor1 Temp | 98h | ok | 3.1 | 57 degrees C
Processor2 Temp | 99h | ok | 3.2 | 53 degrees C

This command will read the Sensor Data Records (SDR) and extract sensor
information of a given type, then query each sensor and print its name,
reading, and status. If invoked as elist then it will also print sensor
number, entity id and instance, and asserted discrete states.

The default output will only display full and compact sensor types, to see
all sensors use the all type with this command.

Valid types are:

all

All SDR records (Sensor and Locator)

full

Full Sensor Record

compact

Compact Sensor Record

event

Event-Only Sensor Record

mcloc

Management Controller Locator Record

fru

FRU Locator Record

generic

Generic SDR records

entity <id>[.<instance>]

Displays all sensors associated with an entity. Get a list of valid entity
ids on the target system by issuing the sdr elist command. A list of all
entity ids can be found in the IPMI specifications.

dump <file>

Dumps raw SDR data to a file. This data file can then be used as a local
SDR cache of the remote managed system with the -S <file> option on the
ipmitool command line. This can greatly improve performance over system
interface or remote LAN.

sel

NOTE: SEL entry-times are displayed as `Pre-Init Time-stamp' if the SEL clock needs
to be set. Ensure that the SEL clock is accurate by invoking the sel time get and
sel time set <time string> commands.

info

This command will query the BMC for information about the System Event Log
(SEL) and its contents.

clear

This command will clear the contents of the SEL. It cannot be undone so
be careful.

list | elist

When this command is invoked without arguments, the entire contents of the
System Event Log are displayed. If invoked as elist it will also use the
Sensor Data Record entries to display the sensor ID for the sensor that
caused each event. Note this can take a long time over the system inter-
face.

<count>|first <count>

Displays the first count (least-recent) entries in the SEL. If
count is zero, all entries are displayed.

last <count>

Displays the last count (most-recent) entries in the SEL. If count
is zero, all entries are displayed.

delete <number>

Delete a single event.

save <file>

Save SEL records to text file that can be fed back into the event file ipmi-
tool command. This can be useful for testing Event generation by building
an appropriate Platform Event Message file based on existing events. Please
see the help for that command to view the format of this file.

writeraw <file>

Save SEL records to a file in raw, binary format. This file can be fed back
to the sel readraw ipmitool command for viewing.

readraw <file>

Read and display SEL records from a binary file. Such a file can be created
using the sel writeraw ipmitool command.

time

get
Displays the SEL clock's current time.

set <time string>

Sets the SEL clock. Future SEL entries will use the time set by
this command. <time string> is of the form "MM/DD/YYYY HH:MM:SS".
Note that hours are in 24-hour form. It is recommended that the SEL
be cleared before setting the time.

sensor

list

Lists sensors and thresholds in a wide table format.

get <id> ... [<id>]

Prints information for sensors specified by name.

thresh <id> <threshold> <setting>

This allows you to set a particular sensor threshold value. The sensor is
specified by name.

Valid thresholds are:
unr Upper Non-Recoverable
ucr Upper Critical
unc Upper Non-Critical
lnc Lower Non-Critical
lcr Lower Critical
lnr Lower Non-Recoverable

thresh <id> lower <lnr> <lcr> <lnc>

This allows you to set all lower thresholds for a sensor at the same time.
The sensor is specified by name and the thresholds are listed in order of
Lower Non-Recoverable, Lower Critical, and Lower Non-Critical.

thresh <id> upper <unc> <ucr> <unr>

This allows you to set all upper thresholds for a sensor at the same time.
The sensor is specified by name and the thresholds are listed in order of
Upper Non-Critical, Upper Critical, and Upper Non-Recoverable.

session

info <active|all|id 0xnnnnnnnn|handle 0xnn>

Get information about the specified session(s). You may identify sessions
by their id, by their handle number, by their active status, or by using the
keyword `all' to specify all sessions.

shell
This command will launch an interactive shell which you can use to send multiple
ipmitool commands to a BMC and see the responses. This can be useful instead of
running the full ipmitool command each time. Some commands will make use of a Sen-
sor Data Record cache and you will see marked improvement in speed if these com-
mands are able to reuse the same cache in a shell session. LAN sessions will send
a periodic keepalive command to keep the IPMI session from timing out.

sol

info [<channel number>]

Retrieve information about the Serial-Over-LAN configuration on the speci-
fied channel. If no channel is given, it will display SOL configuration
data for the currently used channel.

set <parameter> <value> [<channel>]

Configure parameters for Serial Over Lan. If no channel is given, it will
display SOL configuration data for the currently used channel. Configura-
tion parameter updates are automatically guarded with the updates to the
set-in-progress parameter.

Valid parameters and values are:

set-in-progress
set-complete set-in-progress commit-write

enabled
true false

force-encryption
true false

force-authentication
true false

privilege-level
user operator admin oem

character-accumulate-level
Decimal number given in 5 milliseconds increments

character-send-threshold
Decimal number

retry-count
Decimal number. 0 indicates no retries after packet is transmitted.

retry-interval
Decimal number in 10 millisend increments. 0 indicates that retries
should be sent back to back.

non-volatile-bit-rate
serial, 19.2, 38.4, 57.6, 115.2. Setting this value to serial indi-
cates that the BMC should use the setting used by the IPMI over
serial channel.

volatile-bit-rate
serial, 19.2, 38.4, 57.6, 115.2. Setting this value to serial indi-
ates that the BMC should use the setting used by the IPMI over
serial channel.

activate

Causes ipmitool to enter Serial Over LAN mode, and is only available when
using the lanplus interface. An RMCP+ connection is made to the BMC, the
terminal is set to raw mode, and user input is sent to the serial console on
the remote server. On exit,the the SOL payload mode is deactivated and the
terminal is reset to its original settings.

Special escape sequences are provided to control the SOL session:

~. Terminate connection

~^Z Suspend ipmitool

~B Send break

~~ Send the escape character by typing it twice

~? Print the supported escape sequences

deactivate

Deactivates Serial Over LAN mode on the BMC. Exiting Serial Over LAN mode
should automatically cause this command to be sent to the BMC, but in the
case of an unintentional exit from SOL mode, this command may be necessary
to reset the state of the BMC.

sunoem

led

These commands provide a way to get and set the status of LEDs on a Sun
Microsystems server. Use 'sdr list generic' to get a list of devices that
are controllable LEDs. The ledtype parameter is optional and not necessary
to provide on the command line unless it is required by hardware.

get <sensorid> [<ledtype>]

Get status of a particular LED described by a Generic Device Locator
record in the SDR. A sensorid of all will get the status of all
available LEDS.

set <sensorid> <ledmode> [<ledtype>]

Set status of a particular LED described by a Generic Device Locator
record in the SDR. A sensorid of all will set the status of all
available LEDS to the specified ledmode and ledtype.

LED Mode is required for set operations:
OFF Off
ON Steady On
STANDBY 100ms on 2900ms off blink rate
SLOW 1HZ blink rate
FAST 4HZ blink rate

LED Type is optional:
OK2RM Ok to Remove
SERVICE Service Required
ACT Activity
LOCATE Locate

sshkey

set <userid> <keyfile>

This command will allow you to specify an SSH key to use for a par-
ticular user on the Service Processor. This key will be used for
CLI logins to the SP and not for IPMI sessions. View available
users and their userids with the 'user list' command.

del <userid>

This command will delete the SSH key for a specified userid.

tsol

This command allows Serial-over-LAN sessions to be established with Tyan IPMIv1.5
SMDC such as the M3289 or M3290. The default command run with no arguments will
establish default SOL session back to local IP address. Optional arguments may be
supplied in any order.

Send receiver IP address to SMDC which it will use to send serial traffic
to. By default this detects the local IP address and establishes two-way
session.

port=NUM

Configure UDP port to receive serial traffic on. By default this is 6230.

ro|rw

Confiure SOL session as read-only or read-write. Sessions are read-write by
default.

user

summary

Displays a summary of userid information, including maximum number of
userids, the number of enabled users, and the number of fixed names defined.

list

Displays a list of user information for all defined userids.

set

name <userid> <username>

Sets the username associated with the given userid.

password <userid> [<password>]

Sets the password for the given userid. If no password is given,
the password is cleared (set to the NULL password). Be careful when
removing passwords from administrator-level accounts.

disable <userid>

Disables access to the BMC by the given userid.

enable <userid>

Enables access to the BMC by the given userid.

test <userid> <16|20> [<password>]

Determine whether a password has been stored as 16 or 20 bytes.

OPEN INTERFACE
The ipmitool open interface utilizes the OpenIPMI kernel device driver. This driver is
present in all modern 2.4 and all 2.6 kernels and it should be present in recent Linux
distribution kernels. There are also IPMI driver kernel patches for different kernel ver-
sions available from the OpenIPMI homepage.

The required kernel modules is different for 2.4 and 2.6 kernels. The following kernel
modules must be loaded on a 2.4-based kernel in order for ipmitool to work:

ipmi_msghandler
Incoming and outgoing message handler for IPMI interfaces.

ipmi_kcs_drv
An IPMI Keyboard Controler Style (KCS) interface driver for the message handler.

ipmi_devintf
Linux character device interface for the message handler.

The following kernel modules must be loaded on a 2.6-based kernel in order for ipmitool to
work:

ipmi_msghandler
Incoming and outgoing message handler for IPMI interfaces.

ipmi_si
An IPMI system interface driver for the message handler. This module supports var-
ious IPMI system interfaces such as KCS, BT, SMIC, and even SMBus in 2.6 kernels.

ipmi_devintf
Linux character device interface for the message handler.

Once the required modules are loaded there will be a dynamic character device entry that
must exist at /dev/ipmi0. For systems that use devfs or udev this will appear at
/dev/ipmi/0.

To create the device node first determine what dynamic major number it was assigned by the
kernel by looking in /proc/devices and checking for the ipmidev entry. Usually if this is
the first dynamic device it will be major number 254 and the minor number for the first
system interface is 0 so you would create the device entry with:

mknod /dev/ipmi0 c 254 0

ipmitool includes some sample initialization scripts that can perform this task automati-
cally at start-up.

In order to have ipmitool use the OpenIPMI device interface you can specifiy it on the
command line:

ipmitool -I open <command>

BMC INTERFACE
The ipmitool bmc interface utilizes the bmc device driver as provided by Solaris 10 and
higher. In order to force ipmitool to make use of this interface you can specify it on
the command line:

ipmitool -I bmc <command>

The following files are associated with the bmc driver:

/platform/i86pc/kernel/drv/bmc
32-bit ELF kernel module for the bmc driver.

/platform/i86pc/kernel/drv/amd64/bmc
64-bit ELF kernel module for the bmc driver.

/dev/bmc
Character device node used to communicate with the bmc driver.

LIPMI INTERFACE
The ipmitool lipmi interface uses the Solaris 9 IPMI kernel device driver. It has been
superceeded by the bmc interface on Solaris 10. You can tell ipmitool to use this inter-
face by specifying it on the command line.

ipmitool -I lipmi <expression>

LAN INTERFACE
The ipmitool lan interface communicates with the BMC over an Ethernet LAN connection using
UDP under IPv4. UDP datagrams are formatted to contain IPMI request/response messages
with a IPMI session headers and RMCP headers.

IPMI-over-LAN uses version 1 of the Remote Management Control Protocol (RMCP) to support
pre-OS and OS-absent management. RMCP is a request-response protocol delivered using UDP
datagrams to port 623.

The LAN interface is an authenticatiod multi-session connection; messages delivered to the
BMC can (and should) be authenticated with a challenge/response protocol with either
straight password/key or MD5 message-digest algorithm. ipmitool will attempt to connect
with administrator privilege level as this is required to perform chassis power functions.

You can tell ipmitool to use the lan interface with the -I lan option:

ipmitool -I lan -H <hostname> [-U <username>] [-P <password>] <command>

A hostname must be given on the command line in order to use the lan interface with ipmi-
tool. The password field is optional; if you do not provide a password on the command
line, ipmitool will attempt to connect without authentication. If you specify a password
it will use MD5 authentication if supported by the BMC and straight password/key
otherwise, unless overridden with a command line option.

LANPLUS INTERFACE
Like the lan interface, the lanplus interface communicates with the BMC over an Ethernet
LAN connection using UDP under IPv4. The difference is that the lanplus interface uses
the RMCP+ protocol as described in the IMPI v2.0 specification. RMCP+ allows for improved
authentication and data integrity checks, as well as encryption and the ability to carry
multiple types of payloads. Generic Serial Over LAN support requires RMCP+, so the ipmi-
tool sol activate command requires the use of the lanplus interface.

RMCP+ session establishment uses a symmetric challenge-response protocol called RAKP
(Remote Authenticated Key-Exchange Protocol) which allows the negotiation of many options.
ipmitool does not yet allow the user to specify the value of every option, defaulting to
the most obvious settings marked as required in the v2.0 specification. Authentication
and integrity HMACS are produced with SHA1, and encryption is performed with AES-CBC-128.
Role-level logins are not yet supported.

ipmitool must be linked with the OpenSSL library in order to perform the encryption func-
tions and support the lanplus interface. If the required packages are not found it will
not be compiled in and supported.

You can tell ipmitool to use the lanplus interface with the -I lanplus option:

ipmitool -I lanplus -H <hostname> [-U <username>] [-P <password>] <command>

A hostname must be given on the command line in order to use the lan interface with ipmi-
tool. With the exception of the -A and -C options the rest of the command line options
are identical to those available for the lan interface.

The -C option allows you specify the authentication, integrity, and encryption algorithms
to use for for lanplus session based on the cipher suite ID found in the IPMIv2.0 specifi-
cation in table 22-19. The default cipher suite is 3 which specifies RAKP-HMAC-SHA1
authentication, HMAC-SHA1-96 integrity, and AES-CBC-128 encryption algorightms.

FREE INTERFACE
The ipmitool free interface utilizes the FreeIPMI libfreeipmi drivers.

You can tell ipmitool to use the FreeIPMI interface with the -I option:

ipmitool -I free <command>

EXAMPLES
Example 1: Listing remote sensors

Example 2: Displaying status of a remote sensor

> ipmitool -I lan -H 1.2.3.4 -f passfile sensor get "Baseboard 1.25V"
Locating sensor record...
Sensor ID : Baseboard 1.25V (0x10)
Sensor Type (Analog) : Voltage
Sensor Reading : 1.245 (+/- 0.039) Volts
Status : ok
Lower Non-Recoverable : na
Lower Critical : 1.078
Lower Non-Critical : 1.107
Upper Non-Critical : 1.382
Upper Critical : 1.431
Upper Non-Recoverable : na

Example 3: Displaying the power status of a remote chassis

> ipmitool -I lan -H 1.2.3.4 -f passfile chassis power status
Chassis Power is on

Example 4: Controlling the power on a remote chassis

> ipmitool -I lan -H 1.2.3.4 -f passfile chassis power on
Chassis Power Control: Up/On

AUTHOR
Duncan Laurie <duncan AT iceblink.org>

SEE ALSO
IPMItool Homepage
http://ipmitool.sourceforge.net

Intelligent Platform Management Interface Specification
http://www.intel.com/design/servers/ipmi

OpenIPMI Homepage
http://openipmi.sourceforge.net

FreeIPMI Homepage
http://www.gnu.org/software/freeipmi/

Duncan Laurie ipmitool(1)

Generated by $Id: phpMan.php,v 4.49 2006/02/26 13:18:18 chedong Exp $ Author: Che Dong
On Apache
Under GNU General Public License
2012-05-26 00:35 @38.107.179.237 Crawled by CCBot/1.0 (+http://www.commoncrawl.org/bot.html)