SUMMARY
How to setup IPMI on an appliance.
ISSUE
The IPMI-LAN or iDRAC LAN interface can be used to remotely monitor and manage many Unitrends Appliances, this includes Power State, Sensor Monitoring & Alerting, This Out-of-Band Management solution gives you remote console access similar a to Network Enabled KVM, iDRAC, iLO) using an integrated baseboard management controller. For more information, see the iDRAC USAGE link below.
Use these instructions to enable and configuration IPMI or iDRAC on your system if it has the IPMI module or interface. (not all systems are capable of IPMI).
RESOLUTION
Note, IPMI LAN is available on Generation 8 and older 1U full rack depth appliances and larger as well as the MAX line only. iDRAC is available on all Generation 9 appliances for basic system management, however remote console features are available only on model 9010 and higher.
IPMI Set Up on OS eth0 NIC
Even if the OS is hung or not accessible, the system can be remotely diagnosed and/or restarted with IPMI LAN. Enable IPMI LAN on the appliance via local access, with one of these three methods:
- Option 1. Network Setup
- Option 3. Configure IPMI LAN or, Configure IDRAC LAN (model dependent)
- Configure the IPMI LAN IP address, netmask, gateway and the password for the idrac user root.
BIOS Settings: This option applies only to Generation 8 and lower appliances. Reboot and press DEL during boot (password is backup), then select Advanced and IPMI or BMC option.
See IPMI-LAN Configuration from BIOS for Remote Management for details.
iDRAC USAGE
Licenses
There are two License options Express and Enterprise. To find out what license your appliance uses, connect via SSH and execute the following command: racadm license view
- Express: The iDRAC Express version is the free bundled version that comes with the product. The Express version allows most iDRAC Enterprise features except a Dedicated NIC and an easy to use KVM java console (Virtual Remote Console). The Express version allows the use of shared NIC setup by leveraging one of the on-board 1GbE ports. This is an option in the Lifecycle Controller that you can select to utilize the LOMs to have the shared functionality.
- Enterprise: The iDRAC Enterprise allows for the use of the dedicated iDRAC network port as well as virtual remote console via the internal network KVM, as well as real-time storage configuration, management, CPU, Memory, and NIC monitoring.
The Enterprise license is enabled on the 9010 appliances and higher.
Default iDrac Password: The default iDrac password shipped with a generation 9 or higher unit is printed on a plastic card that slides out from the appliance bottom right side. Each unit ships with a unique assigned password. This password can be changed once logged onto the unit's iDrac interface. The idrac username is root.
GENERATION 8 APPLIANCES AND OLDER
SSH via Command Line: This option applies only to Generation 8 and lower appliances. You can use the command ipmiutil or ilan to configure IPMI. Below is an example of a command string used to fully configure IPMI: (ENSURE YOU CHOOSE AND SET A SECURE PASSWORD!)
ilan -e -I 192.168.106.14 -S 255.255.255.0 -G 192.168.106.1 -H 00:17:C5:B6:13:C8 -u ADMIN -p <yourChosenPassword> -y 2
Legend
-e = Enabled (-d to disable)
-I = IP Address -S = Subnet Mask -G = Router Gateway (IP v4)
-H = MAC Address of Router (only required for some routers)
-u = Username (Case sensitive and the default is ADMIN)
-p = Password (Case sensitive and the default is ADMIN)
-y = Interface connection (0=dedicated | 1=shared | 2=failover)
NOTE: If the option –y is not available (version < 2.9.1), you can choose using the smcoem lanport text value:
[root@UEB ~]# ipmiutil smcoem lanport failover
NOTE: The default user is ADMIN, and the default password is ADMIN. Choosing a different password is recommended (done when you use the -p option and specify the password).
(See note below additional options assigning the IPMI settings and port options.)
Restricting IPMI Set Up on Dedicated NIC (with setup via BIOS)
Note, IPMI by default presents it's management IP on both the IPMI port and the default ETH0 port concurrently. This process below is necessary to restrict communication to only the IPMI specific port if you do not with IPMI to be accessible on the standard NIC. This process is optional.
- Locate the IPMI port on the back of the appliance. There may be a black plug that needs to be popped out from the back, or it may be covered by a silver metal tab. In some cases, you may need to remove the top cover to push the plug out. This can be easily done with a flat head screwdriver.
- Plug in an ethernet cable from the appliance to the switch.
- On reboot of the appliance, press the Delete key to pull up the BIOS.
- The default password to enter is "backup"
- Go into the Advanced settings, then IPMI Configuration, then Set LAN Configuration. Enable IPMI, giving it a valid IP address.
- Once IPMI settings are enabled, connect a browser to the IP that was just given (e.g. http://192.168.134.52) to use the SuperMicro IPMI web menus. This includes the KVM Console function.
- Login with id: ADMIN / pw: ADMIN
- Once logged in to IPMI, go to the Remote Control tab and choose Console Redirection, then Launch Console.
Most older IPMI run on Java. You must add the address of the Unitrends Server into the Java security https://(ip address) to your java Exception Site List
To disable IPMI LAN and set its IP to 0.0.0.0 run this:
ipmiutil lan –d
Password reset without an Operating System.
IPMI does not have a jumper that allows you to clear the password, and the Motherboard BIOS does not offer the option to reset it. The only option is through the program called IPMICFG, which needs an OS to work from.
The steps below will show you how to create a bootable USB Flash Thumb Drive with Free-DOS with the IPMICFG program and files it in:
- Create a bootable DOS USB stick using Rufus.
- Download the latest IPMICFG utility released by Supermicro.
- Extract the archive and copy the contents of the 'DOS' folder on to your bootable DOS USB.
- Boot your server into DOS and navigate to the 'DOS' folder you copied on to the USB.
- Get the user ID of the IPMI user whose password you want to set:
ipmicfg -user list -
Set a new password for that user (the ADMIN user typically has an ID of 2). Change the your_password_here to what you want (the default is ADMIN):
ipmicfg -user setpwd 2 your_password_here - Login to the IPMI web GUI using the user of ADMIN and the password you just entered in step 6 above.
NOTES
IPMI has three options - Failover, Shared (or On-Board), and Dedicated.
If you choose the On-Board or Failover, the only other port that IPMI use (other than the dedicated one) is LAN port 1. The other LAN ports on 2,3, or 4 are not wired for IPMI functionalities.