ipmi hardware type manage nodes by using IPMI (Intelligent Platform Management Interface) protocol versions 2.0 or 1.5. It uses the IPMItool utility which is an open-source command-line interface (CLI) for controlling IPMI-enabled devices.
/install/configure-ipmi for the required dependencies.
ipmi hardware type is enabled by default starting with the Ocata release. To enable it explicitly, add the following to your
[DEFAULT] enabled_hardware_types = ipmi enabled_management_interfaces = ipmitool,noop enabled_power_interfaces = ipmitool
Optionally, enable the
vendor passthru interface
</contributor/vendor-passthru> and either or both
[DEFAULT] enabled_hardware_types = ipmi enabled_console_interfaces = ipmitool-socat,ipmitool-shellinabox,no-console enabled_management_interfaces = ipmitool,noop enabled_power_interfaces = ipmitool enabled_vendor_interfaces = ipmitool,no-vendor
Restart the Ironic conductor service.
/install/enabling-drivers for more details.
Nodes configured to use the IPMItool drivers should have the
driver field set to
The following configuration value is required and has to be added to the node's
ipmi_address: The IP address or hostname of the BMC.
Other options may be needed to match the configuration of the BMC, the following options are optional, but in most cases, it's considered a good practice to have them set:
ipmi_username: The username to access the BMC; defaults to NULL user.
ipmi_password: The password to access the BMC; defaults to NULL.
ipmi_port: The remote IPMI RMCP port. By default ipmitool will use the port 623.
It is highly recommend that you setup a username and password for your BMC.
openstack baremetal node create command can be used to enroll a node with an IPMItool-based driver. For example:
openstack baremetal node create --driver ipmi \ --driver-info ipmi_address=<address> \ --driver-info ipmi_username=<username> \ --driver-info ipmi_password=<password>
When a simple configuration such as providing the
password is not enough, the IPMItool driver contains many other options that can be used to address special usages.
A version of IPMItool higher or equal to 1.8.12 is required to use the bridging functionality.
There are two different bridging functionalities supported by the IPMItool-based drivers: single bridge and dual bridge.
The following configuration values need to be added to the node's
driver_info field so bridging can be used:
ipmi_bridging: The bridging type; default is no; other supported values are single for single bridge or dual for double bridge.
ipmi_local_address: The local IPMB address for bridged requests.
Required only if
ipmi_bridging is set to single or dual. This configuration is optional, if not specified it will be auto discovered by IPMItool.
ipmi_target_address: The destination address for bridged requests. Required only if
ipmi_bridgingis set to single or dual.
ipmi_target_channel: The destination channel for bridged requests. Required only if
ipmi_bridgingis set to single or dual.
Double bridge specific options:
ipmi_transit_address: The transit address for bridged requests. Required only if
ipmi_bridgingis set to dual.
ipmi_transit_channel: The transit channel for bridged requests. Required only if
ipmi_bridgingis set to dual.
ipmi_bridging should specify the type of bridging required: single or dual to access the bare metal node. If the parameter is not specified, the default value will be set to no.
openstack baremetal node set command can be used to set the required bridging information to the Ironic node enrolled with the IPMItool driver. For example:
openstack baremetal node set <UUID or name> \ --driver-info ipmi_local_address=<address> \ --driver-info ipmi_bridging=single \ --driver-info ipmi_target_channel=<channel> \ --driver-info ipmi_target_address=<target address>
openstack baremetal node set <UUID or name> \ --driver-info ipmi_local_address=<address> \ --driver-info ipmi_bridging=dual \ --driver-info ipmi_transit_channel=<transit channel> \ --driver-info ipmi_transit_address=<transit address> \ --driver-info ipmi_target_channel=<target channel> \ --driver-info ipmi_target_address=<target address>
The IPMItool-based drivers works with the versions 2.0 and 1.5 of the IPMI protocol. By default, the version 2.0 is used.
In order to change the IPMI protocol version in the bare metal node, the following option needs to be set to the node's
ipmi_protocol_version: The version of the IPMI protocol; default is 2.0. Supported values are 1.5 or 2.0.
openstack baremetal node set command can be used to set the desired protocol version:
openstack baremetal node set <UUID or name> --driver-info ipmi_protocol_version=<version>
Version 1.5 of the IPMI protocol does not support encryption. Therefore, it is highly recommended that version 2.0 is used.
IPMI 2.0 introduces support for encryption and allows setting which cipher suite to use. Traditionally,
ipmitool was using cipher suite 3 by default, but since SHA1 no longer complies with modern security requirement, recent versions (e.g. the one used in RHEL 8.2) are switching to suite 17.
Normally, the cipher suite to use is negotiated with the BMC using the special command. On some hardware the negotiation yields incorrect results and IPMI commands fail with :
Error in open session response message : no matching cipher suite Error: Unable to establish IPMI v2 / RMCP+ session
Another possible problem is
ipmitool commands taking very long (tens of seconds or even minutes) because the BMC does not support cipher suite negotiation. In both cases you can specify the required suite yourself, e.g.:
openstack baremetal node set <UUID or name> --driver-info ipmi_cipher_suite=3
While the Intelligent Platform Management Interface (IPMI) interface is based upon a defined standard, the Ironic community is aware of at least one vendor which utilizes a non-standard boot device selector. In essence, this could be something as simple as different interpretation of the standard.
As of October 2020, the known difference is with Supermicro hardware where a selector of
0x24, signifying a REMOTE boot device in the standard, must be used when a boot operation from the local disk subsystem is requested in UEFI mode. This is contrary to BIOS mode where the same BMC's expect the selector to be a value of
Because the BMC does not respond with any sort of error, nor do we want to risk BMC connectivity issues by explicitly querying all BMCs what vendor it may be before every operation, the vendor can automatically be recorded in the
vendor. When this is set to a value of
supermicro, Ironic will navigate the UEFI behavior difference enabling the UEFI to be requested with boot to disk.
baremetal node set <UUID or name> \ --properties vendor="supermicro"
Luckily, Ironic will attempt to perform this detection in power synchronization process, and record this value if not already set.
While similar issues may exist when setting the boot mode and target boot device in other vendors' BMCs, we are not aware of them at present. Should you encounter such an issue, please feel free to report this via Storyboard, and be sure to include the
chassis bootparam get 5 output value along with the
mc info output from your BMC.
ipmitool -I lanplus -H <BMC ADDRESS> -U <Username> -P <Password> \ mc info ipmitool -I lanplus -H <BMC ADDRESS> -U <Username> -P <Password> \ chassis bootparam get 5