IPMI on a Public LAN can be a major security liability providing anyone with the proper credentials direct hardware and console level access to your server. Please use good security practices when implementing IPMI access.
IN THIS ARTICLE
-
Outlines how to configure IPMI on Qumulo K-series servers
- IPMI port location
- Verify IPMI LAN Configuration
- IPMI LAN Configuration with static IPs
- IPMI User Operations
- Connect via IPMI
NOTE: The IPMI Instructions listed below can be used with the Qumulo K-series platform. Reference the IPMI Quick Reference Guide for QC24 (Gen1), IPMI Quick Reference Guide for Qumulo C-Series, or the IPMI Quick Reference Guide for all other platforms.
REQUIREMENTS
- Qumulo K-series 144T or 168T platform
- Root user access via ssh on the client facing network
sudo -s
DETAILS
Qumulo node motherboards provide IPMI support which allow for off-band maintenance access even if the node is turned off when plugged into power.
- Nodes are configured to receive DHCP address assignments by default
-
The IPMI access network can be completely separate from your client facing network
-
The default IPMI account & password is ADMIN/ADMIN all uppercase
-
Note that this account name and password are completely independent of your Qumulo root/admin password
-
The instructions provided below have to be entered into each node that will be a member of your IPMI maintenance network.
IPMI Port Location
Verify IPMI LAN Configuration
- Use the following command:
# ipmitool lan print 1
IPMI LAN Configuration with static IPs
# ipmitool lan set 1 ipsrc static #Set IPMI ethernet interface to static IP
# ipmitool lan set 1 ipaddr XXX.XXX.XXX.XXX #Set the IP address of the interface
# ipmitool lan set 1 netmask 255.XXX.XXX.XXX #Set the Subnet Mask for the interface
# ipmitool lan set 1 defgw ipaddr XXX.XXX.XXX.XXX #Set the IP address of the Default Gateway
# ipmitool lan set 1 arp respond on #(Optional) Enable BMC ARP responses
IPMI User Operation Examples
- List Current users
# ipmitool user list 1
ID Name Callin Link Auth IPMI Msg Channel Priv Limit
1 false false true ADMINISTRATOR
2 root false true true ADMINISTRATOR
- Change default ADMIN password
# ipmitool user set password 3
Password for user 3:
Password for user 3:
- Create new user
- Example: Create Admin user “netadmin” in user slot #4
# ipmitool user set name 4 netadmin
# ipmitool user set password 4
Password for user 4:
Password for user 4:
- Set user access
# ipmitool channel setaccess 1 4 link=on ipmi=on callin=on privilege=4
# ipmitool channel setaccess 2 4 link=on ipmi=on callin=on privilege=4
# ipmitool user enable 4
- Verify User Level Access
# ipmitool channel getaccess 1 4
Maximum User IDs : 10
Enabled User IDs : 4
User ID : 4
User Name : ADMIN
Fixed Name : No
Access Available : call-in / callback
Link Authentication : disabled
IPMI Messaging : enabled
Privilege Level : ADMINISTRATOR
Connect to nodes via IPMI
Once configuration is complete, accessing the nodes via IPMI requires a Java-capable web browser using the IPs assigned by you or your DHCP server as outlined below. Use Firefox or Chrome for best results.
Troubleshooting
If you cannot connect to the IPMI management console and you are sure that your network configuration is correct, reset the BMC via a SSH or KVM Console session to the node in question:
# ipmitool bmc reset cold
RESOLUTION
You should now be able to successfully configure and connect to your nodes via IPMI on Qumulo K-series platforms
ADDITIONAL RESOURCES
IPMI Quick Reference Guide for QC24 (Gen1)
IPMI Quick Reference Guide for Qumulo C-Series
QQ CLI: Networks and IP Addresses
Like what you see? Share this article with your network!
Comments
0 comments
Please sign in to leave a comment.