IPMI on a Public LAN can be a major security liability providing anyone with the proper credentials direct hardware and console level access to your server. Please use good security practices when implementing IPMI access.
IN THIS ARTICLE
Outlines how to configure IPMI on first generation QC24 servers
- IPMI port location
- Verify IPMI LAN Configuration
- IPMI LAN Configuration with static IPs
- IPMI User Operations
- Connect via IPMI
REQUIREMENTS
- QC24 (Gen1) platform
- Root user access via ssh on the client facing network
sudo -s
NOTE: The IPMI Instructions listed below can be used the first generation QC24 and QC40 platforms. Reference the IPMI Quick Reference Guide for Qumulo K-series article or the IPMI Quick Reference Guide for all other platforms.
DETAILS
Qumulo node motherboards provide IPMI support which allow for off-band maintenance access even if the node is turned off when plugged into power.
- Nodes are configured to receive DHCP address assignments by default
-
The IPMI access network can be completely separate from your client facing network
-
The default IPMI account & password is ADMIN/ADMIN all uppercase
-
Note that this account name and password are completely independent of your Qumulo root/admin password
-
The instructions provided below have to be entered into each node that will be a member of your IPMI maintenance network.
IPMI Port Location
Verify IPMI LAN Configuration
- Use the following command:
# ipmitool lan print
IPMI LAN Configuration with static IPs
# ipmitool lan set 1 ipsrc static #Set IPMI ethernet interface to static IP
# ipmitool lan set 1 ipaddr XXX.XXX.XXX.XXX #Set the IP address of the interface
# ipmitool lan set 1 netmask 255.XXX.XXX.XXX #Set the Subnet Mask for the interface
# ipmitool lan set 1 defgw ipaddr XXX.XXX.XXX.XXX #Set the IP address of the Default Gateway
# ipmitool lan set 1 arp respond on #(Optional) Enable BMC ARP responses
Note: If you perform all the steps in this article and you continue to have network configuration issues, run the above set of commands using "lan set 3" instead.
IPMI User Operation Examples
List Current users on a QC24 (Gen1)
# ipmitool user list
ID Name Callin Link Auth IPMI Msg Channel Priv Limit
2 ADMIN true false false Unknown (0x00)
- Change default ADMIN user password
# ipmitool user set password 2
Password for user 2:
Password for user 2:
- Create new user
- Example: Create Admin user “netadmin” in user slot #4
# ipmitool user set name 4 netadmin
# ipmitool user set password 4
Password for user 4:
Password for user 4:
- Set user access
# ipmitool channel setaccess 1 4 link=on ipmi=on callin=on privilege=4
# ipmitool user enable 4
- Verify User Level Access
# ipmitool channel getaccess 1
Maximum User IDs : 10
Enabled User IDs : 2
User ID : 1
User Name :
Fixed Name : Yes
Access Available : call-in / callback
Link Authentication : disabled
IPMI Messaging : disabled
Privilege Level : Unknown (0x00)
User ID : 2
User Name : ADMIN
Fixed Name : Yes
Access Available : callback
Link Authentication : disabled
IPMI Messaging : enabled
Privilege Level : ADMINISTRATOR
..etc..
Connect to nodes via IPMI
Once configuration is complete, accessing the nodes via IPMI requires a Java-capable web browser using the IPs assigned by you or your DHCP server as outlined below. Use Firefox or Chrome for best results.
- IPMI Login Screen
- IPMI Control Panel
Troubleshooting
If you cannot connect to the IPMI management console and you are sure that your network configuration is correct, reset the BMC via a SSH or KVM Console session to the node in question:
# ipmitool bmc reset cold
RESOLUTION
You should now be able to successfully configure and connect to your nodes via IPMI on a QC24 (Gen1) server
ADDITIONAL RESOURCES
IPMI Quick Reference Guide for Qumulo K-series
QQ CLI: Networks and IP Addresses
Like what you see? Share this article with your network!
Comments
0 comments
Please sign in to leave a comment.