ipmitool(1) | ipmitool(1) |
ipmitool - utility for controlling IPMI-enabled devices
[ <options> ] <command> [ <sub-commands and sub-options> ]
<options> := [ <general-options> | <conditional-opts> ]
Any recognized option is accepted. Conditional options may be ignored or it's usage postponed until shell or exec processes relevant command.
<general-options> := [ -h | -V | -v | -I <interface> |
-H <address> |
-d <N> | -p <port> | -c | -U <username> |
-L <privlvl> | -l <lun> | -m <local_address> |
-N <sec> | -R <count> | <password-option> |
<oem-option> | <bridge-options> ]
<conditional-opts> := [ <lan-options> |
<lanplus-options> |
<command-options> ]
Bridging:
<bridge-options> := -t <target_address> [ -b <channel> |
[ -T <address> | -B <channel> ] ]
Options used with -I lan:
<lan-options> := [ -A <authtype> ]
Options used with -I lanplus:
<lanplus-options> := [ -C <ciphersuite> | <key-option> ]
Option groups setting same value:
<key-option> := [ -k <key> | -K | -y <hex_key> | -Y ]
<password-option> := [ -f <password_file> | -a | -P
<password> | -E ]
<oem-option> := [ -o <oemtype> | -g | -s ]
Options used with specific command <command-options>:
<options-sdr> := [ -S <sdr_cache_file> ]
<options-sel> := [ -O <sel_oem> ]
<options-sol> := [ -e <sol_escape_char> ]
This program lets you manage Intelligent Platform Management Interface (IPMI) functions of either the local system, via a kernel device driver, or a remote system, using IPMI v1.5 and IPMI v2.0. These functions include printing FRU information, LAN configuration, sensor readings, and remote chassis power control.
IPMI management of a local system interface requires a compatible
IPMI kernel driver to be installed and configured. On Linux this driver is
called OpenIPMI and it is included in standard distributions. On
Solaris this driver is called BMC and is included in Solaris 10.
Management of a remote station requires the IPMI-over-LAN interface to be
enabled and configured. Depending on the particular requirements of each
system it may be possible to enable the LAN interface using
over the system interface.
NOTE: In
1.8.18 and earlier the default was 3, which was insecure and was not
supported by some more recent BMC implementations.
If no password method is specified then
will prompt the user for a password. If no password is entered at the prompt,
the remote server password will default to NULL.
There are several security issues be be considered before enabling the IPMI LAN interface. A remote station has the ability to control a system's power state as well as being able to gather certain platform information. To reduce vulnerability it is strongly advised that the IPMI LAN interface only be enabled in 'trusted' environments where system security is not an issue or where there is a dedicated secure 'management network'.
Further it is strongly advised that you should not enable IPMI for remote access without setting a password, and that that password should not be the same as any other password on that system.
When an IPMI password is changed on a remote machine with the IPMIv1.5 lan interface the new password is sent across the network as clear text. This could be observed and then used to attack the remote system. It is thus recommended that IPMI password management only be done over IPMIv2.0 lanplus interface or the system interface on the local station.
For IPMI v1.5, the maximum password length is 16 characters; longer passwords might be truncated or rejected by the server, or rejected by
For IPMI v2.0, the maximum password length is 20 characters; longer passwords will be rejected by
> ipmitool help
Commands:
bmc Deprecated. Use mc
channel Configure Management Controller channels
chassis Get chassis status and set power state
dcmi Data Center Management Interface
delloem Manage Dell OEM Extensions.
echo Used to echo lines to stdout in scripts
ekanalyzer run FRU-Ekeying analyzer using FRU files
event Send events to MC
exec Run list of commands from file
firewall Configure Firmware Firewall
fru Print built-in FRU and scan for FRU locators
fwum Update IPMC using Kontron OEM Firmware Update Manager
gendev Read/Write Device associated with Generic Device locators sdr
hpm Update HPM components using PICMG HPM.1 file
i2c Send an I2C Master Write-Read command and print response
ime Upgrade/Query Intel ME firmware
isol Configure and connect Intel IPMIv1.5 Serial-over-LAN
kontronoem Manage Kontron OEM Extensions
lan Configure LAN Channels
mc Management Controller status and global enables
nm Node Manager
pef Configure Platform Event Filtering (PEF)
picmg Run a PICMG/ATA extended command
power Shortcut to chassis power commands
raw Send a RAW IPMI request and print response
sdr Print Sensor Data Repository entries and readings
sel Print System Event Log (SEL)
sensor Print detailed sensor information
session Print session information
set Set runtime variable for shell and exec
shell Launch interactive IPMI shell
sol Configure and connect IPMIv2.0 Serial-over-LAN
spd Print SPD info from remote I2C device
sunoem Manage Sun OEM Extensions
tsol Configure and connect Tyan IPMIv1.5 Serial-over-LAN
user Configure Management Controller users
Displays information about the authentication capabilities of the selected channel at the specified privilege level.
Displays information about the selected channel. If no channel is given it will display information about the currently used channel.
> ipmitool channel info
Channel 0xf info:
Channel Medium Type : System Interface
Channel Protocol Type : KCS
Session Support : session-less
Active Session Count : 0
Protocol Vendor ID : 7154
Configure the given userid as the default on the given channel number. When the given channel is subsequently used, the user is identified implicitly by the given userid.
Configure user access information on the given channel for the given userid.
Displays the list of cipher suites supported for the given application (ipmi or sol) on the given channel.
Identify interval.
Default is 15 seconds.
0 - Off
force - To turn on indefinitely
What to do when power is restored.
Show available options.
Last restart cause.
Get power on hours.
Do not change boot device order.
Force PXE boot.
Force boot from default Hard-drive.
Force boot from default Hard-drive, request Safe Mode.
Force boot from Diagnostic Partition.
Force boot from CD/DVD.
Force boot into BIOS Setup.
Force boot from Floppy/primary removable media.
Read the Boot Initiator Mailbox in hex dump or in text mode.
By default the whole mailbox is read. If block number is specified, that particular block is read. For block 0 or when the whole mailbox is read, the Boot Initiator IANA Enterprise Number and the corresponding enterprise name are printed.
Write the specified <block> or the entire Boot Initiator Mailbox in text mode. It is required to specify a decimal IANA Enterprise Number recognized by the boot initiator on the target system. Refer to your target system manufacturer for details. The rest of the arguments are a text string.
When single block write is requested, the total length of <data> may not exceed 13 bytes for block 0, or 16 bytes otherwise.
Same as above, but the arguments after IANA PEN are separate data byte values separated by spaces.
Get value of system boot option number <opt_id>. Some boot options (e.g. option 7) can also take an optional numeric parameter.
Set a boot flag. Valid devices are:
Force PXE boot
Force boot from default Hard-drive
Force boot from default Hard-drive, request Safe Mode
Force boot from Diagnostic Partition
Force boot from CD/DVD
Force boot into BIOS Setup
Valid options are:
Clear valid bit on reset/power cycle cause by PEF
Automatically clear boot flag valid bit on timeout
Clear valid bit on reset/power cycle cause by watchdog
Clear valid bit on push button reset/soft reset
Clear valid bit on power up via power push button or wake event
Get the chassis self-test results
This command is used to discover supported capabilities in DCMI.
Platform power limit command options are:
Get power related readings from the system.
Get the configured power limits.
Set a power limit option.
Exception Actions are taken as "No Action", "Hard Power Off system and log events to SEL", or "Log event to SEL only".
Power Limit Requested in Watts.
Correction Time Limit in milliseconds.
Statistics Sampling period in seconds.
Activate the set power limit.
Deactivate the set power limit.
Prints the available DCMI sensors.
Prints the platforms asset tag.
Sets the platforms asset tag
Get management controller identifier string.
Set management controller identifier string. The maximum length is 64 bytes including a null terminator.
Thermal Limit policy get/set.
Get Thermal Limit values.
entityID is the physical entity that a sensor or device is associated with. instanceID is a particular instance of an entity. Entity Instance can be in one of two ranges, system-relative or device-relative. For example, a system with four processors could use an Entity Instance value of "0" to identify the first processor.
Set Thermal Limit values.
entityID is the physical entity that a sensor or device is associated with. instanceID is a particular instance of an entity. Entity Instance can be in one of two ranges, system-relative or device-relative. For example, a system with four processors could use an Entity Instance value of "0" to identify the first processor.
Get Temperature Sensor Readings.
Get DCMI Configuration Parameters.
Set DCMI Configuration Parameters.
Activate/restart DHCP
Discover DHCP Configuration.
Set DHCP Initial timeout interval, in seconds. The recommended default is four seconds.
Set DHCP Server contact timeout interval, in seconds. The recommended default timeout is two minutes.
Set DHCP Server contact retry interval, in seconds. The recommended default timeout is sixty-four seconds.
Ping/Pong Message for DCMI Discovery.
The delloem commands provide information on Dell-specific features.
Sets the drive backplane LEDs for a device.
{b:d.f} = PCI Address of device (eg. 06:00.0)
{state} = one or more of the following:
Allows you to set the LCD mode and user-defined string.
Allows you to set the LCD display mode to any of the preceding parameters.
Allows you to set the unit for the system ambient temperature mode.
Allows you to set the error display.
Displays the LCD screen information.
Allows you to set the vKVM status to active or inactive. When it is active and session is in progress, a message appears on LCD.
Displays the LCD status for vKVM display active or inactive and Front Panel access mode (viewandmodify, view-only or disabled).
Displays the information about the system NICs.
Displays the NIC MAC address and status of all NICs. It also displays the DRAC/iDRAC MAC address.
Displays the selected NICs MAC address and status.
Sets the NIC selection mode (dedicated, shared with lom1, shared with lom2,shared with lom3,shared with lom4,shared with failover lom1,shared with failover lom2,shared with failover lom3,shared with failover lom4,shared with Failover all loms, shared with Failover None).
Returns the current NIC selection mode (dedicated, shared with lom1, shared with lom2, shared with lom3, shared with lom4,shared with failover lom1, shared with failover lom2,shared with failover lom3,shared with failover lom4,shared with Failover all loms,shared with Failover None).
Returns the current active NIC (dedicated, LOM1, LOM2, LOM3 or LOM4).
Displays power tracking statistics.
Reset cumulative power reading.
Reset peak power reading.
Disables set power cap.
Shows Extended SD Card information.
For echoing lines to stdout in scripts.
Display point to point physical connectivity between carriers
and AMC modules.
Example:
> ipmitool ekanalyzer print carrier oc=fru oc=carrierfru
From Carrier file: fru
Number of AMC bays supported by Carrier: 2
AMC slot B1 topology:
Port 0 =====> On Carrier Device ID 0, Port 16
Port 1 =====> On Carrier Device ID 0, Port 12
Port 2 =====> AMC slot B2, Port 2
AMC slot B2 topology:
Port 0 =====> On Carrier Device ID 0, Port 3
Port 2 =====> AMC slot B1, Port 2
*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
From Carrier file: carrierfru
On Carrier Device ID 0 topology:
Port 0 =====> AMC slot B1, Port 4
Port 1 =====> AMC slot B1, Port 5
Port 2 =====> AMC slot B2, Port 6
Port 3 =====> AMC slot B2, Port 7
AMC slot B1 topology:
Port 0 =====> AMC slot B2, Port 0
AMC slot B1 topology:
Port 1 =====> AMC slot B2, Port 1
Number of AMC bays supported by Carrier: 2
Display power supply information between carrier and AMC modules.
Display both physical connectivity and power supply of each carrier and AMC modules.
Display the unmatched results of Ekeying match between an On-Carrier device and an AMC module or between 2 AMC modules
Display both matched result and unmatched results of Ekeying match between two cards or two modules.
Send a pre-defined test event to the System Event Log. The following events are included as a means to test the functionality of the System Event Log component of the BMC (an entry will be added each time the event N command is executed).
Currently supported values for N are:
1 Temperature: Upper Critical: Going High
2 Voltage Threshold: Lower Critical: Going Low
3 Memory: Correctable ECC
NOTE: These pre-defined events will likely not produce "accurate" SEL records for a particular system because they will not be correctly tied to a valid sensor number, but they are sufficient to verify correct operation of the SEL.
Event log records specified in <filename> will be added to the System Event Log.
The format of each line in the file is as follows:
<{EvM Revision} {Sensor Type} {Sensor Num} {Event Dir/Type} {Event Data 0} {Event Data 1} {Event Data 2}>[# COMMENT]
e.g.: 0x4 0x2 0x60 0x1 0x52 0x0 0x0 # Voltage threshold: Lower Critical: Going Low
EvM Revision - The "Event Message Revision" is 0x04 for messages that comply with the IPMI 2.0 Specification and 0x03 for messages that comply with the IPMI 1.0 Specification.
Sensor Type - Indicates the Event Type or Class.
Sensor Num - Represents the 'sensor' within the management controller that generated the Event Message.
Event Dir/Type - This field is encoded with the event direction as the high bit (bit 7) and the event type as the low 7 bits. Event direction is 0 for an assertion event and 1 for a deassertion event.
See the IPMI 2.0 specification for further details on the definitions for each field.
Get a list of all the possible Sensor States and pre-defined
Sensor State Shortcuts available for a particular sensor.
sensorid is the character string representation of the sensor and
must be enclosed in double quotes if it includes white space. Several
different commands including
sensor list may be used to obtain a list that includes the
sensorid strings representing the sensors on a given system.
> ipmitool -I open event "PS 2T Fan Fault" list
Finding sensor PS 2T Fan Fault... ok
Sensor States:
State Deasserted
State Asserted
Sensor State Shortcuts:
present absent
assert deassert
limit nolimit
fail nofail
yes no
on off
up down
Generate a custom event based on existing sensor information. The optional event direction can be either assert (the default) or deassert.
> ipmitool event "PS 2T Fan Fault" "State
Asserted"
Finding sensor PS 2T Fan Fault... ok
0 | Pre-Init Time-stamp | Fan PS 2T Fan Fault | State Asserted
> ipmitool event "PS 2T Fan Fault" "State
Deasserted"
Finding sensor PS 2T Fan Fault... ok
0 | Pre-Init Time-stamp | Fan PS 2T Fan Fault | State Desserted
e.g., a command file with two lines:
sdr list # get a list of sdr records
sel list # get a list of sel records
This command supports the Firmware Firewall capability. It may be used to add or remove security-based restrictions on certain commands/command sub-functions or to list the current firmware firewall restrictions set on any commands. For each firmware firewall command listed below, parameters may be included to cause the command to be executed with increasing granularity on a specific LUN, for a specific NetFn, for a specific IPMI Command, and finally for a specific command's sub-function (see Appendix H in the IPMI 2.0 Specification for a listing of any sub-function numbers that may be associated with a particular command).
Parameter syntax and dependencies are as follows:
[<channel H>] [<lun L> [ <netfn N> [<command C [<subfn S>]]]]
Note that if "netfn <N>" is specified, then "lun <L>" must also be specified; if "command <C>" is specified, then "netfn <N>" (and therefore "lun <L>") must also be specified, and so forth.
"channel <H>" is an optional and standalone parameter. If not specified, the requested operation will be performed on the current channel. Note that command support may vary from channel to channel.
Firmware firewall commands:
List firmware firewall information for the specified LUN, NetFn, and Command (if supplied) on the current or specified channel. Listed information includes the support, configurable, and enabled bits for the specified command or commands.
Some usage examples:
This command will list firmware firewall information for all NetFns for the specified LUN on either the current or the specified channel.
This command will print out all command information for a single LUN/NetFn pair.
This prints out detailed, human-readable information showing the support, configurable, and enabled bits for the specified command on the specified LUN/NetFn pair. Information will be printed about each of the command subfunctions.
Print out information for a specific sub-function.
This command is used to enable commands for a given NetFn/LUN combination on the specified channel.
This command is used to disable commands for a given NetFn/LUN combination on the specified channel. Great care should be taken if using the "force" option so as not to disable the "Set Command Enables" command.
This command may be used to reset the firmware firewall back to a state where all commands and command sub-functions are enabled.
Read all Field Replaceable Unit (FRU) inventory data and extract such information as serial number, part number, asset tags, and short strings describing the chassis, board, or product.
fru id is the digit ID of the FRU (see output of 'fru print'). fru file is the absolute pathname of a file in which to dump the binary FRU data pertaining to the specified FRU entity.
fru id is the digit ID of the FRU (see output of 'fru print'). fru file is the absolute pathname of a file from which to pull the binary FRU data before uploading it to the specified FRU.
Update a multirecord FRU location. fru id is the digit ID of the FRU (see output of 'fru print'). fru file is the absolute pathname of a file from which to pull the binary FRU data to upload into the specified multirecord FRU entity.
This command provides interactive editing of some supported records, namely PICMG Carrier Activation Record. fru id is the digit ID of the FRU (see output of 'fru print'); default is 0.
This command may be used to set a field string to a new value. It replaces the FRU data found at index in the specified section with the supplied string.
This command edits the data found in the multirecord area. Support for OEM specific records is limited.
Download specified firmware.
Install firmware upgrade. If the filename is specified, the file is downloaded first, otherwise the last firmware downloaded is used.
Ask IPMC to rollback to previous version.
Show firmware upgrade log.
List All Generic Device Locators.
Read to file eeprom specify by Generic Device Locators.
Write from file eeprom specify by Generic Device Locators
Download specified firmware.
Activate the newly uploaded firmware.
Get the target upgrade capabilities.
Abort the on-going firmware upgrade.
Show the rollback status.
Query the self test results.
This command may be used to execute raw I2C commands with the Master Write-Read IPMI command.
Print usage information
Displays information about the Manageability Engine (ME)
Upgrade the ME firmware with the specified image file
WARNING You MUST use a supported image provided by your board
vendor
Perform manual rollback of the ME firmware
Retrieve information about the Intel IPMI v1.5 Serial-Over-LAN configuration.
Configure parameters for Intel IPMI v1.5 Serial-over-LAN.
Causes
to enter Intel IPMI v1.5 Serial Over LAN mode. An RMCP+ connection is made
to the BMC, the terminal is set to raw mode, and user input is sent to
the serial console on the remote server. On exit, the SOL payload mode
is deactivated and the terminal is reset to its original settings.
Special escape sequences are provided to control the SOL session:
Note that escapes are only recognized immediately after newline.
OEM commands specific to Kontron devices.
Set FRU serial number.
Set FRU manufacturing date.
Select the next boot order on the Kontron CP6012.
These commands will allow you to configure IPMI LAN channels with
network information so they can be used with the
lan and lanplus interfaces. NOTE: To determine on which
channel the LAN interface is located, issue the `channel info number'
command until you come across a valid 802.3 LAN channel. For example:
> ipmitool -I open channel info 1
Channel 0x1 info:
Channel Medium Type : 802.3 LAN
Channel Protocol Type : IPMB-1.0
Session Support : session-based
Active Session Count : 8
Protocol Vendor ID : 7154
Print the current configuration for the given channel. The default will print information on the first found LAN channel.
Set the given command and parameter on the specified channel. Valid command/parameter options are:
Set the IP address for this channel.
Set the netmask for this channel.
Set the MAC address for this channel.
Set the default gateway IP address.
Set the default gateway MAC address.
Set the backup gateway IP address.
Set the backup gateway MAC address.
Set the null user password.
Set the SNMP community string.
Enable user access mode for userid 1 (issue the `user' command to display information about userids for a given channel).
Set LAN channel access mode.
Enable or disable PEF alerting for this channel.
Set the IP address source:
none unspecified
static manually configured static IP address
dhcp address obtained by BMC running DHCP
bios address loaded by BIOS or system software
Set BMC generated ARP responses.
Set BMC generated gratuitous ARPs.
Set BMC generated gratuitous ARP interval.
Disable VLAN operation or enable VLAN and set the ID.
ID: value of the virtual lan identifier between 1 and 4094 inclusive.
Set the priority associated with VLAN frames.
ID: priority of the virtual lan frames between 0 and 7 inclusive.
Set the valid authtypes for a given auth level.
Levels: callback, user, operator, admin
Types: none, md2, md5, password, oem
Correlates cipher suite numbers with the maximum privilege level that is allowed to use it. In this way, cipher suites can restricted to users with a given privilege level, so that, for example, administrators are required to use a stronger cipher suite than normal users.
The format of privlist is as follows. Each character represents a privilege level and the character position identifies the cipher suite number. For example, the first character represents cipher suite 0, the second represents cipher suite 1, and so on. privlist must be 15 characters in length.
Characters used in privlist and their associated privilege levels are:
X Cipher Suite Unused
c CALLBACK
u USER
o OPERATOR
a ADMIN
O OEM
So, to set the maximum privilege for cipher suite 0 to USER and suite 1 to ADMIN, issue the following command:
> ipmitool -I interface lan set channel cipher_privs uaXXXXXXXXXXXXX
Sets the Bad Password Threshold.
<thresh_num> If non-zero, this value determines the number of sequential bad passwords that will be allowed to be entered for the identified user before the user is automatically disabled from access on the channel.
<1|0> 1 = generate a Session Audit sensor "Invalid password disable" event message. 0 = do not generate an event message when the user is disabled.
<reset_interval> Attempt Count Reset Interval. The interval, in tens of seconds, for which the accumulated count of bad password attempts is retained before being automatically reset to zero.
<lockout_interval> User Lockout Interval. The interval, in tens of seconds, that the user will remain disabled after being disabled because the Bad Password Threshold number was reached.
Print alert information for the specified channel and destination. The default will print all alerts for all alert destinations on the first found LAN channel.
Set an alert on the given LAN channel and destination. Alert Destinations are listed via the 'lan alert print' command. Valid command/parameter options are:
Set alert IP address.
Set alert MAC address.
Set the channel gateway to use for alerts.
Set Alert Acknowledge on or off.
Set the destination type as PET or OEM.
Set ack timeout or unack retry interval.
Set the number of alert retries.
Retrieve information about the IP connections on the specified channel. The default will retrieve statistics on the first found LAN channel.
Clear all IP/UDP/RMCP Statistics to 0 on the specified channel. The default will clear statistics on the first found LAN channel.
Instructs the BMC to perform a warm or cold reset.
Display the Management Controller Globally Unique IDentifier.
This is the default behavior for
Try to automatically detect the encoding based on the value of the version field and (for version 1) the timestamp. The version is considered valid if it is 1 through 5, and the timestamp is valid if the year is past or equal to UNIX Epoch (1970) and is before or equal to the current year.
If multiple encodings happen to have valid version fields, then precedence takes the one with version 1 and a valid timestamp. If neither one has that, then the precedence order is as follows: smbios, ipmi, rfc4122.
If neither encoding yields a valid version field, then
defaults to dump mode.
If this option is in use, then
will also print out the detected encoding and warn regarding IPMI
specification violation if the encoding isn't ipmi.
Decode GUID as if it was sent by BMC as prescribed by SMBIOS specification.
NOTE: This is a violation of IPMI specification, but many BMC implementations do it this way. If your BMC's GUID is shown correctly using this option, you may want to inform your BMC manufacturer that they have a bug.
Decode GUID according to IPMI specification. It MUST show the correct GUID. If it doesn't, try other options and inform your BMC manufacturer of the bug.
Decode GUID as if it was sent by BMC as prescribed by RFC4122 specification.
NOTE: This is a violation of IPMI specification. If your BMC's GUID is shown correctly using this option, you may want to inform your BMC manufacturer that they have a bug.
Dump as hex the data received from BMC in response to Get Device GUID command. No decoding or interpretation is performed. First received byte is dumped first.
Displays information about the BMC hardware, including device revision, firmware revision, IPMI version supported, manufacturer ID, and information on additional device support.
These commands allow a user to view and change the current state of the watchdog timer.
Check on the basic health of the BMC by executing the Get Self Test results command and report the results.
Displays a list of the currently enabled options for the BMC.
Enables or disables the given option. This command is only supported over the system interface according to the IPMI specification. Currently supported values for option include:
Receive Message Queue Interrupt
Event Message Buffer Full Interrupt
Event Message Buffer
System Event Logging
OEM-Defined option #0
OEM-Defined option #1
OEM-Defined option #2
Displays information regarding the high-level status of the system chassis and main power subsystem.
This command will return the Power-On Hours counter.
Control the front panel identify light. Default interval is 15 seconds. Use 0 to turn off. Use "force" to turn on indefinitely.
Query the chassis for the cause of the last system restart.
Check on the basic health of the BMC by executing the Get Self Test results command and report the results.
Set the chassis power policy in the event power failure.
Return supported policies.
Turn on when power is restored.
Returned to previous state when power is restored.
Stay off after power is restored.
Performs a chassis control command to view and change the power state.
Show current chassis power status.
Power up chassis.
Power down chassis into soft off (S4/S5 state). WARNING: This command does not initiate a clean shutdown of the operating system prior to powering down the system.
Provides a power off interval of at least 1 second. No action should occur if chassis power is in S4/S5 state, but it is recommended to check power state first and only issue a power cycle command if the system power is on or in lower sleep state than S4/S5.
This command will perform a hard reset.
Pulse a diagnostic interrupt (NMI) directly to the processor(s).
Initiate a soft-shutdown of OS via ACPI. This can be done in a number of ways, commonly by simulating an overtemperture or by simulating a power button press. It is necessary for there to be Operating System support for ACPI and some sort of daemon watching for events for this soft power to work.
Request the system to boot from an alternate boot device on next reboot. The clear-cmos option, if supplied, will instruct the BIOS to clear its CMOS on the next reboot. Various options may be used to modify the boot device settings. Run "bootdev none options=help" for a list of available boot device modifiers/options.
Do not change boot device
Force PXE boot
Force boot from BIOS default boot device
Force boot from BIOS default boot device, request Safe Mode
Force boot from diagnostic partition
Force boot from CD/DVD
Force boot into BIOS setup
Force boot from Floppy/primary removable media
Get or set various system boot option parameters.
Get boot parameter. Currently supported values for <param #> are:
0 - Set In Progress
1 - Service Partition Selector
2 - Service Partition Scan
3 - BMC Boot Flag Valid Bit Clearing
4 - Boot Info Acknowledge
5 - Boot Flags
6 - Boot Initiator Info
7 - Boot Initiator Mailbox
Set boot device parameter used for next boot. Various options may be used to change when the the next boot device is cleared. Run "options=help" for a list of available bootparam set device options.
Force PXE boot
Force boot from default hard-drive
Force boot from default hard-drive, request Safe Mode
Force boot from diagnostic partition
Force boot from CD/DVD
Force boot into BIOS setup
Clear valid bit on reset/power cycle caused by PEF
Automatically clear boot flag valid bit if Chassis Control command is not received within 60 seconds.
Clear valid bit on reset/power cycle caused by watchdog timeout
Clear valid bit on push button reset / soft-reset
Clear valid bit on power up via power push button or wake event
Clear the Node Manager Alert lan destination.
Set the Node Manager alert channel, lan destination, and alert string number.
Obtain the Node Manager power control capabilities and ranges.
Enable/disable all policies for all domains.
Enable/disable all policies of the specified domain.
Enable/disable the policy for the specified domain/policy combination.
Discover Node Manager presence as well as the Node Manager version, revision, and patch number.
Add a new power policy, or overwrite an existing policy. The correction parameter is the aggressiveness of frequency limiting, default is auto. The trig_lim is the correction time limit and must be at least 6000 and not greater than 65535. The stats setting is the averaging period in seconds and ranges from 1-65535. If domain is not supplied a default of platform is used.
Add a new inlet temp policy, or overwrite an existing policy. The correction parameter is the aggressiveness of frequency limiting, default is auto. The trig_lim is the correction time limit and must be at least 6000 and not greater than 65535. The stats setting is the averaging period in seconds and ranges from 1-65535. If domain is not supplied a default of platform is used.
Get a previously stored policy.
Report policy number if any policy is limiting power.
Remove a policy. If domain is not supplied a default of platform is used.
Configure Node Manager power minimum and maximum power draw limits. The min and max values must be in the range of 0-65535. If domain is not supplied a default of platform is used.
Reset Node Manager communication statistics. If domain is not supplied a default of platform is used.
Reset Node Manager global statistics.
Reset Node Manager memory throttling statistics. If domain is not supplied a default of platform is used.
Reset Node Manager per policy statistics. If domain is not supplied a default of platform is used.
Reset Node Manager unhandled requests statistics. If domain is not supplied a default of platform is used.
Reset Node Manager response time statistics. If domain is not supplied a default of platform is used.
Reset Node Manager throttling statistics. If domain is not supplied a default of platform is used.
Report Node Manager communication failure statistics.
Report Node Manager cpu throttling statistics.
Report Node Manager memory throttling statistics.
Report Node Manager per policy power statistics (policy must be a power limit type policy). If domain is not supplied a default of platform is used.
Report Node Manager per policy temp statistics (policy must be an inlet temp limit policy). If domain is not supplied a default of platform is used.
Report Node Manager per policy throttling statistics. If domain is not supplied a default of platform is used.
Report Node Manager unhandled requests statistics.
Report Node Manager response time statistics.
Get Node Manager policy suspend periods. If domain is not supplied a default of platform is used.
Set Node Manager policy suspend periods. If domain is not supplied a default of platform is used. The <start> and <stop> values must be in the range of 0-239, which is the number of minutes past midnight divided by 6. The <repeat> value is the daily recurrence pattern. Bit 0 is repeat every Monday, bit 1 is repeat every Tuesday, on through bit 6 for Sunday.
Get Node Manager policy Alert Threshold settings. If domain is not supplied a default of platform is used.
Set Node Manager policy Alert Threshold values. If domain is not supplied a default of platform is used. The thresh_array is 1, 2, or 3 integers that set three alert threshold settings. The setting type is a power or temperature value which must match the type of policy.
This command will query the BMC and print information about the PEF supported features.
This command prints the current PEF status (the last SEL entry processed by the BMC, etc).
This command lists the PEF policy table entries. Each policy entry describes an alert destination. A policy set is a collection of table entries. PEF alert actions reference policy sets.
This command lists the PEF table entries. Each PEF entry relates a sensor event to an action. When PEF is active, each platform event causes the BMC to scan this table for entries matching the event, and possible actions to be taken. Actions are performed in priority order (higher criticality first).
Run a PICMG/ATA extended command. Get PICMG properties may be used to obtain and print Extension major version information, PICMG identifier, FRU Device ID and Max FRU Device ID.
Get address information. This command may return information on the Hardware address, IPMB-0 Address, FRU ID, Site/Entity ID, and Site/Entity Type.
Set various control options:
Activate the specified FRU.
Deactivate the specified FRU.
Get FRU activation policy.
Set FRU activation policy. lockmask is 1 or 0 to indicate action on the deactivation or activation locked bit respectively. lock is 1 or 0 to set/clear locked bit.
Shortcut to the chassis power commands. See the chassis power commands for usage information.
This will allow you to execute raw IPMI commands. For example to query the POH counter with a raw command:
> ipmitool -v raw 0x0 0xf
RAW REQ (netfn=0x0 cmd=0xf data_len=0)
RAW RSP (5 bytes)
3c 72 0c 00 00
Note that the OpenIPMI driver provided by the Linux kernel will reject the Get Message, Send Message and Read Event Message Buffer commands because it handles the message sequencing internally.
Prints information for sensor data records specified by sensor id.
This command will query the BMC for Sensor Data Record (SDR) Repository information.
This command will display all records from the SDR Repository of a specific type. Run with type list (or simply with no type) to see the list of available types. For example to query for all Temperature sensors:
> ipmitool sdr type Temperature
Baseboard Temp | 30h | ok | 7.1 | 28 degrees C
FntPnl Amb Temp | 32h | ok | 12.1 | 24 degrees C
Processor1 Temp | 98h | ok | 3.1 | 57 degrees C
Processor2 Temp | 99h | ok | 3.2 | 53 degrees C
This command will read the Sensor Data Records (SDR) and extract sensor information of a given type, then query each sensor and print its name, reading, and status. If invoked as elist then it will also print sensor number, entity id and instance, and asserted discrete states.
The default output will only display full and compact sensor types, to see all sensors use the all type with this command.
Displays all sensors associated with an entity. Get a list of valid entity ids on the target system by issuing the sdr elist command. A list of all entity ids can be found in the IPMI specifications.
Dumps raw SDR data to a file. This data file can then be used
as a local SDR cache of the remote managed system with the -S
<file> option on the
command line. This can greatly improve performance over system interface
or remote LAN.
Create the SDR Repository for the current configuration. Will perform a 'Clear SDR Repository' command so be careful.
Fill the SDR Repository using records stored in a binary data file. Will perform a 'Clear SDR Repository' command so be careful.
NOTE: System Event Log (SEL) entry-times are displayed as `Pre-Init Time-stamp' if the SEL clock needs to be set. Ensure that the SEL clock is accurate by invoking the sel time get and sel time set <time string> commands.
This command will query the BMC for information about the System Event Log (SEL) and its contents.
This command will clear the contents of the SEL. It cannot be undone so be careful.
When this command is invoked without arguments, the entire contents of the System Event Log are displayed. If invoked as elist (extended list) it will also use the Sensor Data Record entries to display the sensor ID for the sensor that caused each event. Note this can take a long time over the system interface.
Displays the first count (least-recent) entries in the SEL. If count is zero, all entries are displayed.
Displays the last count (most-recent) entries in the SEL. If count is zero, all entries are displayed.
Delete one or more SEL event records.
Read event entries from a file and add them to the SEL. New SEL entries area added onto the SEL after the last record in the SEL. Record added is of type 2 and is automatically timestamped.
Print information on the specified SEL Record entry.
Save SEL records to a text file that can be fed back into the
event file
command. This can be useful for testing Event generation by building an
appropriate Platform Event Message file based on existing events. Please
see the available help for the 'event file ...' command for a
description of the format of this file.
Save SEL records to a file in raw, binary format. This file
can be fed back to the sel readraw
command for viewing.
Read and display SEL records from a binary file. Such a file
can be created using the sel writeraw
command.
Sets the SEL clock. Future SEL entries will use the time set by this command. <time string> is of the form "MM/DD/YYYY HH:MM:SS". Note that hours are in 24-hour form. It is recommended that the SEL be cleared before setting the time.
Lists sensors and thresholds in a wide table format.
Prints information for sensors specified by name.
This allows you to set a particular sensor threshold value. The sensor is specified by name.
This allows you to set all lower thresholds for a sensor at the same time. The sensor is specified by name and the thresholds are listed in order of Lower Non-Recoverable, Lower Critical, and Lower Non-Critical.
This allows you to set all upper thresholds for a sensor at the same time. The sensor is specified by name and the thresholds are listed in order of Upper Non-Critical, Upper Critical, and Upper Non-Recoverable.
Get information about the specified session(s). You may identify sessions by their id, by their handle number, by their active status, or by using the keyword `all' to specify all sessions.
Session hostname.
Session username.
Session password.
Session privilege level force.
Authentication type force.
Local IPMB address.
Remote target IPMB address.
Remote RMCP port.
Enable output in comma separated format. Affects following commands: user, channel, isol, sunoem, sol, sensor, sdr, sel, session.
Verbosity level.
Retrieve information about the Serial-Over-LAN configuration on the specified channel. If no channel is given, it will display SOL configuration data for the currently used channel.
Enable, disable or show status of SOL payload for the user on the specified channel.
Configure parameters for Serial Over Lan. If no channel is given, it will display SOL configuration data for the currently used channel. Configuration parameter updates are automatically guarded with the updates to the set-in-progress parameter.
Causes
to enter Serial Over LAN mode, and is only available when using the
lanplus interface. An RMCP+ connection is made to the BMC, the terminal
is set to raw mode, and user input is sent to the serial console on the
remote server. On exit, the the SOL payload mode is deactivated and the
terminal is reset to its original settings.
If the instance is given, it will activate using the given instance number. The default is 1.
Special escape sequences are provided to control the SOL session:
Note that escapes are only recognized immediately after newline.
Deactivates Serial Over LAN mode on the BMC. Exiting Serial Over LAN mode should automatically cause this command to be sent to the BMC, but in the case of an unintentional exit from SOL mode, this command may be necessary to reset the state of the BMC.
If the instance is given, it will deactivate the given instance number. The default is 1.
This command may be used to read SPD (Serial Presence Detect) data using the I2C Master Write-Read IPMI command.
Execute the service processor command line interface commands. Without any command string, an interactive session is started in the service processor command line environment. If a command string is specified, the command string is executed on the service processor and the connection is closed.
These commands provide a way to get and set the status of LEDs on a Sun Microsystems server. Use 'sdr list generic' to get a list of devices that are controllable LEDs. The ledtype parameter is optional and not necessary to provide on the command line unless it is required by hardware.
Get status of a particular LED described by a Generic Device Locator record in the SDR. A sensorid of all will get the status of all available LEDS.
Set status of a particular LED described by a Generic Device Locator record in the SDR. A sensorid of all will set the status of all available LEDS to the specified ledmode and ledtype.
Return the full NAC name of a target identified by ipmi name.
Send and receive count packets. Each packet is 64 bytes.
q - Quiet. Displays output only at the start and end of the process.
Returns value of specified ILOM property.
Sets value of ILOM property. If timeout is not specified, the default value is 5 seconds. NOTE: setval must be executed locally on host!
This command will allow you to specify an SSH key to use for a particular user on the Service Processor. This key will be used for CLI logins to the SP and not for IPMI sessions. View available users and their userids with the 'user list' command.
This command will delete the SSH key for a specified userid.
Display the version of ILOM firmware.
This command will return various files from service processor and store them in specified destination file. Note that some files may not be present or be supported by your SP.
This command will test if various ILOM features are enabled.
This command allows Serial-over-LAN sessions to be established with Tyan IPMIv1.5 SMDC such as the M3289 or M3290. The default command run with no arguments will establish default SOL session back to local IP address. Optional arguments may be supplied in any order.
Send receiver IP address to SMDC which it will use to send serial traffic to. By default this detects the local IP address and establishes two-way session. Format of ipaddr is XX.XX.XX.XX
Configure UDP port to receive serial traffic on. By default this is 6230.
Confiure SOL session as read-only or read-write. Sessions are read-write by default.
Displays a summary of userid information, including maximum number of userids, the number of enabled users, and the number of fixed names defined.
Displays a list of user information for all defined userids.
Sets the username associated with the given userid.
Sets the password for the given userid. If no password is given, the password is cleared (set to the NULL password). Be careful when removing passwords from administrator-level accounts. If specified, 16 or 20 determines the maximum password length.
Disables access to the BMC by the given userid.
Enables access to the BMC by the given userid.
Set user privilege level on the specified channel. If the channel is not specified, the current channel will be used.
Determine whether a password has been stored as 16 or 20 bytes.
The
open interface utilizes the OpenIPMI kernel device driver. This driver
is present in all modern 2.4 and all 2.6 kernels and it should be present in
recent Linux distribution kernels. There are also IPMI driver kernel patches
for different kernel versions available from the OpenIPMI homepage.
The required kernel modules is different for 2.4 and 2.6 kernels.
The following kernel modules must be loaded on a 2.4-based kernel in order
for
to work:
The following kernel modules must be loaded on a 2.6-based kernel
in order for
to work:
Once the required modules are loaded there will be a dynamic character device entry that must exist at /dev/ipmi0. For systems that use devfs or udev this will appear at /dev/ipmi/0.
To create the device node first determine what dynamic major number it was assigned by the kernel by looking in /proc/devices and checking for the ipmidev entry. Usually if this is the first dynamic device it will be major number 254 and the minor number for the first system interface is 0 so you would create the device entry with:
mknod /dev/ipmi0 c 254 0
includes some sample initialization scripts that can perform this task automatically at start-up.
In order to have
use the OpenIPMI device interface you can specify it on the command line:
> ipmitool -I open <command>
The ipmitool bmc interface utilizes the bmc device driver as provided by Solaris 10 and higher. In order to force ipmitool to make use of this interface you can specify it on the command line:
> ipmitool -I bmc <command>
The following files are associated with the bmc driver:
The
lipmi interface uses the Solaris 9 IPMI kernel device driver. It has
been superceeded by the bmc interface on Solaris 10. You can tell
to use this interface by specifying it on the command line.
> ipmitool -I lipmi <expression>
The
lan interface communicates with the BMC over an Ethernet LAN connection
using UDP under IPv4. UDP datagrams are formatted to contain IPMI
request/response messages with a IPMI session headers and RMCP headers.
IPMI-over-LAN uses version 1 of the Remote Management Control Protocol (RMCP) to support pre-OS and OS-absent management. RMCP is a request-response protocol delivered using UDP datagrams to port 623.
The LAN interface is an authentication multi-session connection;
messages delivered to the BMC can (and should) be authenticated with a
challenge/response protocol with either straight password/key or MD5
message-digest algorithm.
will attempt to connect with administrator privilege level as this is required
to perform chassis power functions.
You can tell
to use the lan interface with the -I lan option:
> ipmitool -I lan -H <hostname> [-U <username>] [-P <password>] <command>
A hostname must be given on the command line in order to use the
lan interface with ipmitool. The password field is optional; if you
do not provide a password on the command line,
will attempt to connect without authentication. If you specify a password it
will use MD5 authentication if supported by the BMC and straight
password/key otherwise, unless overridden with a command line option.
Like the lan interface, the lanplus interface
communicates with the BMC over an Ethernet LAN connection using UDP under
IPv4. The difference is that the lanplus interface uses the RMCP+
protocol as described in the IPMI v2.0 specification. RMCP+ allows for
improved authentication and data integrity checks, as well as encryption and
the ability to carry multiple types of payloads. Generic Serial Over LAN
support requires RMCP+, so the
sol activate command requires the use of the lanplus
interface.
RMCP+ session establishment uses a symmetric challenge-response
protocol called RAKP (Remote Authenticated Key-Exchange Protocol)
which allows the negotiation of many options.
does not yet allow the user to specify the value of every option, defaulting
to the most obvious settings marked as required in the v2.0 specification.
Authentication and integrity HMACS are produced with SHA1, and encryption is
performed with AES-CBC-128. Role-level logins are not yet supported.
must be linked with the OpenSSL library in order to perform the encryption functions and support the lanplus interface. If the required packages are not found it will not be compiled in and supported.
You can tell
to use the lanplus interface with the -I lanplus option:
> ipmitool -I lanplus -H <hostname> [-U <username>] [-P <password>] <command>
A hostname must be given on the command line in order to use the lan interface with ipmitool. With the exception of the -A and -C options the rest of the command line options are identical to those available for the lan interface.
The -C option allows you specify the authentication, integrity, and encryption algorithms to use for for lanplus session based on the cipher suite ID found in the IPMIv2.0 specification in table 22-20. The default cipher suite is 17 which specifies RAKP-HMAC-SHA256 authentication, HMAC-SHA256-128 integrity, and AES-CBC-128 encryption algorithms.
The
free interface utilizes the FreeIPMI libfreeipmi drivers.
You can tell
to use the FreeIPMI interface with the -I option:
> ipmitool -I free <command>
The
imb interface supports the Intel IMB (Intel Inter-module Bus) Interface
through the /dev/imb device.
You can tell
to use the IMB interface with the -I option:
> ipmitool -I imb <command>
> ipmitool -I lan -H 1.2.3.4 -f passfile sdr list
Baseboard 1.25V | 1.24 Volts | ok
Baseboard 2.5V | 2.49 Volts | ok
Baseboard 3.3V | 3.32 Volts | ok
> ipmitool -I lan -H 1.2.3.4 -f passfile sensor get
"Baseboard 1.25V"
Locating sensor record...
Sensor ID : Baseboard 1.25V (0x10)
Sensor Type (Analog) : Voltage
Sensor Reading : 1.245 (+/- 0.039) Volts
Status : ok
Lower Non-Recoverable : na
Lower Critical : 1.078
Lower Non-Critical : 1.107
Upper Non-Critical : 1.382
Upper Critical : 1.431
Upper Non-Recoverable : na
> ipmitool -I lan -H 1.2.3.4 -f passfile chassis power
status
Chassis Power is on
> ipmitool -I lan -H 1.2.3.4 -f passfile chassis power on
Chassis Power Control: Up/On
Originally written by Duncan Laurie <duncan@iceblink.org>.
Numerous contributors over time.
Any bugs found in ipmitool please report via GitHub issue system at https://github.com/ipmitool/ipmitool/issues
Duncan Laurie |