"Fossies" - the Fresh Open Source Software Archive

Member "ironic-16.0.3/doc/source/admin/drivers/ipmitool.rst" (18 Jan 2021, 9507 Bytes) of package /linux/misc/openstack/ironic-16.0.3.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format (assuming markdown format). Alternatively you can here view or download the uninterpreted source code file. A member file download can also be achieved by clicking within a package contents listing on the according byte size field. See also the latest Fossies "Diffs" side-by-side code changes report for "ipmitool.rst": 16.0.2_vs_16.0.3.

IPMI driver

Overview

The ipmi hardware type manage nodes by using IPMI (Intelligent Platform Management Interface) protocol versions 2.0 or 1.5. It uses the IPMItool utility which is an open-source command-line interface (CLI) for controlling IPMI-enabled devices.

Glossary

Enabling the IPMI hardware type

Please see /install/configure-ipmi for the required dependencies.

  1. The ipmi hardware type is enabled by default starting with the Ocata release. To enable it explicitly, add the following to your ironic.conf:

    [DEFAULT]
    enabled_hardware_types = ipmi
    enabled_management_interfaces = ipmitool,noop
    enabled_power_interfaces = ipmitool

    Optionally, enable the vendor passthru interface </contributor/vendor-passthru> and either or both console interfaces </admin/console>:

    [DEFAULT]
    enabled_hardware_types = ipmi
    enabled_console_interfaces = ipmitool-socat,ipmitool-shellinabox,no-console
    enabled_management_interfaces = ipmitool,noop
    enabled_power_interfaces = ipmitool
    enabled_vendor_interfaces = ipmitool,no-vendor
  2. Restart the Ironic conductor service.

Please see /install/enabling-drivers for more details.

Registering a node with the IPMI driver

Nodes configured to use the IPMItool drivers should have the driver field set to ipmi.

The following configuration value is required and has to be added to the node's driver_info field:

Other options may be needed to match the configuration of the BMC, the following options are optional, but in most cases, it's considered a good practice to have them set:

Note

It is highly recommend that you setup a username and password for your BMC.

The openstack baremetal node create command can be used to enroll a node with an IPMItool-based driver. For example:

openstack baremetal node create --driver ipmi \
    --driver-info ipmi_address=<address> \
    --driver-info ipmi_username=<username> \
    --driver-info ipmi_password=<password>

Advanced configuration

When a simple configuration such as providing the address, username and password is not enough, the IPMItool driver contains many other options that can be used to address special usages.

Single/Double bridging functionality

Note

A version of IPMItool higher or equal to 1.8.12 is required to use the bridging functionality.

There are two different bridging functionalities supported by the IPMItool-based drivers: single bridge and dual bridge.

The following configuration values need to be added to the node's driver_info field so bridging can be used:

Double bridge specific options:

The parameter ipmi_bridging should specify the type of bridging required: single or dual to access the bare metal node. If the parameter is not specified, the default value will be set to no.

The openstack baremetal node set command can be used to set the required bridging information to the Ironic node enrolled with the IPMItool driver. For example:

Changing the version of the IPMI protocol

The IPMItool-based drivers works with the versions 2.0 and 1.5 of the IPMI protocol. By default, the version 2.0 is used.

In order to change the IPMI protocol version in the bare metal node, the following option needs to be set to the node's driver_info field:

The openstack baremetal node set command can be used to set the desired protocol version:

openstack baremetal node set <UUID or name> --driver-info ipmi_protocol_version=<version>

Warning

Version 1.5 of the IPMI protocol does not support encryption. Therefore, it is highly recommended that version 2.0 is used.

Cipher suites

IPMI 2.0 introduces support for encryption and allows setting which cipher suite to use. Traditionally, ipmitool was using cipher suite 3 by default, but since SHA1 no longer complies with modern security requirement, recent versions (e.g. the one used in RHEL 8.2) are switching to suite 17.

Normally, the cipher suite to use is negotiated with the BMC using the special command. On some hardware the negotiation yields incorrect results and IPMI commands fail with :

Error in open session response message : no matching cipher suite
Error: Unable to establish IPMI v2 / RMCP+ session

Another possible problem is ipmitool commands taking very long (tens of seconds or even minutes) because the BMC does not support cipher suite negotiation. In both cases you can specify the required suite yourself, e.g.:

openstack baremetal node set <UUID or name> --driver-info ipmi_cipher_suite=3

Static boot order configuration

See static-boot-order.

Vendor Differences

While the Intelligent Platform Management Interface (IPMI) interface is based upon a defined standard, the Ironic community is aware of at least one vendor which utilizes a non-standard boot device selector. In essence, this could be something as simple as different interpretation of the standard.

As of October 2020, the known difference is with Supermicro hardware where a selector of 0x24, signifying a REMOTE boot device in the standard, must be used when a boot operation from the local disk subsystem is requested in UEFI mode. This is contrary to BIOS mode where the same BMC's expect the selector to be a value of 0x08.

Because the BMC does not respond with any sort of error, nor do we want to risk BMC connectivity issues by explicitly querying all BMCs what vendor it may be before every operation, the vendor can automatically be recorded in the properties field vendor. When this is set to a value of supermicro, Ironic will navigate the UEFI behavior difference enabling the UEFI to be requested with boot to disk.

Example:

baremetal node set <UUID or name> \
    --properties vendor="supermicro"

Luckily, Ironic will attempt to perform this detection in power synchronization process, and record this value if not already set.

While similar issues may exist when setting the boot mode and target boot device in other vendors' BMCs, we are not aware of them at present. Should you encounter such an issue, please feel free to report this via Storyboard, and be sure to include the chassis bootparam get 5 output value along with the mc info output from your BMC.

Example:

ipmitool -I lanplus -H <BMC ADDRESS> -U <Username> -P <Password> \
    mc info
ipmitool -I lanplus -H <BMC ADDRESS> -U <Username> -P <Password> \
    chassis bootparam get 5