ipmitool 编译命令
git clone https://github.com/ipmitool/ipmitool.git
cd ipmitool && git checkout tags/IPMITOOL_1_8_18 -b 1.8.18
./bootstrap
./configure --enable-intf-lan --enable-intf-lanplus --enable-intf-open --enable-intf-imb --enable-intf-serial --enable-intf-bmc --enable-intf-usb --enable-intf-lipmi --enable-intf-dummy --enable-ipmishell --enable-solaris-opt --enable-static CFLAGS=-m64 LDFLAGS=-static
esxi使用的用以下命令:
./configure CFLAGS=-m64 LDFLAGS=-static #不支持lanplus
#编译后可以在esxi里面使用,关键参数:CFLAGS=-m64 LDFLAGS=-static 其他参数是用以开启相关功能
esxi shell里面直接运行ipmitool 可能会提示:./ipmitool: Operation not permitted
# 如果不禁止,就会提示:-sh: ./ipmitool: Operation not permitted
esxcli system settings advanced set -o /User/execInstalledOnly -i 0
# 关闭安全策略,允许未安装的二进制文件运行
esxcli system settings advanced set -o /User/execInstalledOnly -i 1
ipmitool相关命令
IPMI 允许通过多个通道与 BMC(Baseboard Management Controller)进行通信。每个通道可以配置为不同的接口类型,例如:
通道 0:通常是本地接口,允许通过系统的 IPMI 设备文件(如 /dev/ipmi0)进行访问。
通道 1:通常是网络接口,允许通过 LAN 访问 BMC。
不同通道可以设置不同的权限
一、用户管理
1、查看用户列表
1.1 查看本地通道用户列表和相应权限
root@ubuntu:~# ipmitool user list 0
ID Name Callin Link Auth IPMI Msg Channel Priv Limit
1 true false false Unknown (0x00)
2 ADMIN true false false Unknown (0x00)
3 true false false Unknown (0x00)
4 true false false Unknown (0x00)
5 true false false Unknown (0x00)
6 true false false Unknown (0x00)
7 true false false Unknown (0x00)
8 true false false Unknown (0x00)
9 true false false Unknown (0x00)
10 true false false Unknown (0x00)
1.2 查看网络通道用户列表和相应权限
root@ubuntu:~# ipmitool user list 1
ID Name Callin Link Auth IPMI Msg Channel Priv Limit
1 true false false Unknown (0x00)
2 ADMIN false false true ADMINISTRATOR
3 true false false Unknown (0x00)
4 true false false Unknown (0x00)
5 true false false Unknown (0x00)
6 true false false Unknown (0x00)
7 true false false Unknown (0x00)
8 true false false Unknown (0x00)
9 true false false Unknown (0x00)
10 true false false Unknown (0x00)
ipmi允许创建10个用户,每个用户可以在不同通道设置不同权限
2、添加用户(因为只能有10个用户,所以这里相当于给指定ID用户修改用户名和密码)
User Commands:
summary [<channel number>]
list [<channel number>]
set name <user id> <username>
set password <user id> [<password> <16|20>]
disable <user id>
enable <user id>
priv <user id> <privilege level> [<channel number>]
Privilege levels:
* 0x1 - Callback
* 0x2 - User
* 0x3 - Operator
* 0x4 - Administrator
* 0x5 - OEM Proprietary
* 0xF - No Access
1、修改用户名:(这里的3表示ID为3的用户,账号是通用的,不需要区分通道)
ipmitool user set name 3 test
2、修改用户密码
ipmitool user set password 3 test
3、启用相关账号
ipmitool user enable 3
4、停用账号
ipmitool user disable 3
5、设置账号级别
ipmitool user priv 3 4 1 #这里区分通道
3、通道权限设置
Channel Commands: authcap <channel number> <max privilege>
getaccess <channel number> [user id]
setaccess <channel number> <user id> [callin=on|off] [ipmi=on|off] [link=on|off] [privilege=level]
info [channel number]
getciphers <ipmi | sol> [channel]
setkg hex|plain <key> [channel]
Possible privilege levels are
:
1 Callback level
2 User level
3 Operator level
4 Administrator level
5 OEM Proprietary level
15 No access
3.1 查看通道权限
ipmitool channel getaccess 1 3 #1表示通道,3表示用户ID
3.2 设置通道权限
ipmitool channel setaccess 1 3 callin=off ipmi=on link=off privilege=4
本地通道(通道0)是通过调用/dev/ipmi0,只需要callin有权限即可
远程通道(通道1)
privilege 用以控制bmc web登录权限,也影响ipmitool命令执行
ipmi用于控制通过ipmitool远程访问权限(如通过ipmitool获取用户列表或者控制电源开关)
4、网络设置相关
ipmitool lan
LAN Commands:
print [<channel number>]
set <channel number> <command> <parameter>
alert print <channel number> <alert destination>
alert set <channel number> <alert destination> <command> <parameter>
stats get [<channel number>]
stats clear [<channel number>]
ipmitool lan set
usage: lan set <channel> <command> <parameter>
LAN set command/parameter options:
ipaddr <x.x.x.x> Set channel IP address
netmask <x.x.x.x> Set channel IP netmask
macaddr <x:x:x:x:x:x> Set channel MAC address
defgw ipaddr <x.x.x.x> Set default gateway IP address
defgw macaddr <x:x:x:x:x:x> Set default gateway MAC address
bakgw ipaddr <x.x.x.x> Set backup gateway IP address
bakgw macaddr <x:x:x:x:x:x> Set backup gateway MAC address
password <password> Set session password for this channel
snmp <community string> Set SNMP public community string
user Enable default user for this channel
access <on|off> Enable or disable access to this channel
alert <on|off> Enable or disable PEF alerting for this channel
arp respond <on|off> Enable or disable BMC ARP responding
arp generate <on|off> Enable or disable BMC gratuitous ARP generation
arp interval <seconds> Set gratuitous ARP generation interval
vlan id <off|<id>> Disable or enable VLAN and set ID (1-4094)
vlan priority <priority> Set vlan priority (0-7)
auth <level> <type,..> Set channel authentication types
level = CALLBACK, USER, OPERATOR, ADMIN
type = NONE, MD2, MD5, PASSWORD, OEM
ipsrc <source> Set IP Address source
none = unspecified source
static = address manually configured to be static
dhcp = address obtained by BMC running DHCP
bios = address loaded by BIOS or system software
4.1 查看当前网络设置
ipmitool lan print 1 #默认为channel 1
显示如下:
Set in Progress : Set Complete
Auth Type Support : MD5
Auth Type Enable : Callback : MD5
: User : MD5
: Operator : MD5
: Admin : MD5
: OEM : MD5
IP Address Source : Unspecified
IP Address : 0.0.0.0
Subnet Mask : 0.0.0.0
MAC Address : 00:00:00:00:00:00
SNMP Community String : AMI
IP Header : TTL=0x40 Flags=0x40 Precedence=0x00 TOS=0x10
BMC ARP Control : ARP Responses Enabled, Gratuitous ARP Disabled
Gratituous ARP Intrvl : 0.0 seconds
Default Gateway IP : 0.0.0.0
Default Gateway MAC : 00:00:00:00:00:00
Backup Gateway IP : 0.0.0.0
Backup Gateway MAC : 00:00:00:00:00:00
802.1q VLAN ID : Disabled
802.1q VLAN Priority : 0
RMCP+ Cipher Suites : 0,1,2,3,6,7,8,11,12,15,16,17
Cipher Suite Priv Max : caaaaaaaaaaaXXX
: X=Cipher Suite Unused
: c=CALLBACK
: u=USER
: o=OPERATOR
: a=ADMIN
: O=OEM
Bad Password Threshold : 0
Invalid password disable: no
Attempt Count Reset Int.: 0
User Lockout Interval : 0
4.2 设置IP
ipmitool lan set 1 ipsrc static
ipmitool lan set 1 ipaddr 192.168.1.2
ipmitool lan set 1 netmask 255.255.255.0
ipmitool lan set 1 defgw ipaddr 192.168.1.1
5、获取传感器数据
ipmitool sdr list # 传感器简洁数据
ipmitool -v sdr list # 传感器详细数据
6、查看BMC信息
ipmitool mc info
7、电源管理
ipmitool power off # 硬关机,直接切断电源
ipmitool power soft # 软关机,即如同轻按一下开机扭
ipmitool power on # 硬开机
ipmitool power reset # 硬重启
ipmitool power status # 获取当前电源状态
ipmitool power cycle # 注意power cycle 和power reset的区别在于前者从掉电到上电有1秒钟的间隔,而后者是很快上电
8、设置启动设备
ipmitool chassis bootdev bios
ipmitool chassis bootdev pxe
ipmitool chassis bootdev disk
ipmitool chassis bootdev cdrom
ipmitool chassis bootdev pxe options=efiboot #设置下次启动为pxe,并且固件为efi;部分机器很变态,即使BIOS里面设置了是UEFI模式,ipmitool设置启动设备不加efi参数的话照样进入传统模式
9、远程操作
ipmitool -I lanplus -H (BMC的管理IP地址) -U (BMC登录用户名) -P (BMC 登录用户名的密码) lan print [ChannelNo]
参数说明:
-I 使用的接口,默认使用的是OpenIPMI, 部分是默认编译选项,部分需要编译的时候开启,比如lanplus
Interfaces:
open Linux OpenIPMI Interface [default]
imb Intel IMB Interface
lan IPMI v1.5 LAN Interface
lanplus IPMI v2.0 RMCP+ LAN Interface
free FreeIPMI IPMI Interface
serial-terminal Serial Interface, Terminal Mode
serial-basic Serial Interface, Basic Mode
dummy Linux DummyIPMI Interface
usb IPMI USB Interface(OEM Interface for AMI Devices)
10、SOL功能
说明:<9.6/19.2/38.4/57.6/115.2>其中115.2代表115200,即*1000是表示的波特率。
1. 设置SOL串口波特率:
ipmitool –H (BMC的管理IP地址) –I lanplus –U (BMC登录用户名) –P (BMC 登录用户名的密码) sol set volatile-bit-rate <9.6/19.2/38.4/57.6/115.2>
2. 打开SOL功能:
ipmitool –H (BMC的管理IP地址) –I lanplus –U (BMC登录用户名) –P (BMC 登录用户名的密码) sol activate
3. 关闭SOL功能:
ipmitool –H (BMC的管理IP地址) –I lanplus –U (BMC登录用户名) –P (BMC 登录用户名的密码) sol deactivate
11、BMC重启(有时BMC访问不了,重启可恢复)
ipmitool mc reset cold
12、系统日志类
ipmitool sel elist #显示所有系统事件日志
ipmitool sel clear #删除所有系统时间日志
ipmitool sel delete ID #删除第ID条SEL
ipmitool sel time get #显示当前BMC的时间
ipmitool sel time set "MM/DD/YYYY HH:MM:SS" #设置当前BMC的时间 24小时制