Menu
▾
▴
RE: [Ipmitool-devel] Serial over LAN on Intel IPMI 2.0
|
From: <Hol...@fu...> - 2005-05-13 05:46:42
|
Chris, I am currently in the process of evaluating the changes required to ipmitool to make it work with an original Intel BMC. At least I saw **ONCE** valid console redirection data in ipmitool. I will keep you updated on the progress. ipmitool uses in the original implementation fixed encryption and authentication for SOL data, which I modified to use the session parameters. But, you also need to take care of the SOL config parameters in the BMC - which seem to overwrite the parameters on the session.=20 Well, many things to check/test/figure out to have it working smoothly.=20 So, I cannot promise a short term solution for this.=20 =20 =20 The lanplus interface has originaly been written by Jeremy Ellington to support the Newisys implementation of IPMI 2.0. =20 Best Regards =20 Holger Liebig ________________________________ From: Chris St Amand [mailto:chr...@sy...]=20 Sent: Thursday, May 12, 2005 8:58 PM To: Liebig, Holger Subject: RE: [Ipmitool-devel] Serial over LAN on Intel IPMI 2.0 =09 =09 I am sure you already realized, but I am specifically referring to console redirection.=20 =20 Cheers ________________________________ From: Chris St Amand [mailto:chr...@sy...]=20 Sent: Thursday, May 12, 2005 10:13 AM To: 'Hol...@fu...' Subject: RE: [Ipmitool-devel] Serial over LAN on Intel IPMI 2.0 =09 =09 That did the trick! =20 =20 Last question if you don't mind. What tool are you using to actually view the SOL data coming from the managed machine? What is your process to connect this tool to the incoming stream? Sorry if this is a bit of a newbie question... I am new to IPMI. I am hoping to avoid using the Intel tools (dpccli/dpcproxy). =20 =20 Cheers =20 Chris St Amand ________________________________ From: Hol...@fu... [mailto:Hol...@fu...]=20 Sent: Monday, May 09, 2005 9:08 AM To: chr...@sy... Subject: RE: [Ipmitool-devel] Serial over LAN on Intel IPMI 2.0 =09 =09 The 'out of resources' might come from the fact, that the session resources will not be closed/dropped from the first Open Session commands. Please make sure that the lanplus interface is working before switching to SOL testing (e.g. test with 'mc info' command or with 'sel info') =20 Also you could give the attached Cygwin binary a try, which works fine - at least with my Intel BMC.=20 If it is working make sure you use the latest sources from CVS since there was a change missing in the opensession request (which is now coupled with the -o intelplus option). I always specify the command as the last one on the command line - at least with the Cygwin version there is some trouble when not doing so.=20 =20 e.g=20 ipmitool -I lanplus -o intelplus -H 192.168.100.218 -U admin -P 1234 -vv mc info =20 also you can start a shell when everything is working and start the sol activate from there. =20 ipmitool -I lanplus -o intelplus -H 192.168.100.218 -U admin -P 1234 shell sol info sol activate exit =20 Holger ________________________________ From: Chris St Amand [mailto:chr...@sy...]=20 Sent: Monday, May 09, 2005 2:56 PM To: Liebig, Holger; ipm...@li... Subject: RE: [Ipmitool-devel] Serial over LAN on Intel IPMI 2.0 =09 =09 Thanks for the info Holger. There was no change in response with the -o intelplus option. It still seems to alternate between saying "insufficient resources for session" and "invalid integrity check value" when I execure the same command multiple times. Just in case I was putting the -o intelplus option in the wrong place, I tried: ipmitool -I lanplus -H 192.168.100.218 -U admin -P 1234 -o intelplus -a sol activate -vvvv ...and... ipmitool -I lanplus -H 192.168.100.218 -U admin -P 1234 -a sol activate -o intelplus -vvvv. =20 =20 I may dig into ipmitool myself to try to get this working. If I figure out anything, I will definitely send it along.=20 =20 Cheers =20 Chris ________________________________ From: Hol...@fu... [mailto:Hol...@fu...]=20 Sent: Monday, May 09, 2005 8:34 AM To: ipm...@li... Cc: chr...@sy... Subject: RE: [Ipmitool-devel] Serial over LAN on Intel IPMI 2.0 =09 =09 Chris, =20 Two things: # you need to specify the -o intelplus option in order activate the proper support for Intel's interpretation of IPMI 2.0 in ipmitool # Serial over LAN might require additional work with the Intel BMC in ipmitool.=20 =20 Good luck, =20 Holger =20 ________________________________ From: ipm...@li... [mailto:ipm...@li...] On Behalf Of Chris St Amand Sent: Friday, May 06, 2005 9:49 PM To: ipm...@li... Subject: [Ipmitool-devel] Serial over LAN on Intel IPMI 2.0 =09 =09 I am trying to establish a SOL connection with an Intel 2.0 IPMI machine. I believe/hope that the Intel IPMI 2.0 implementation properly supports the IPMI 2.0 SOL. The machine is an SE8520BD2 with an IPMI 2.0 add-on card. =20 =20 I receive different errors depending on what I try. The verbose output is below. Is this a problem with the machine itself? Or am I not sending correcfly formmatted commands? I am new to ipmitool and I suspect something I am doing is wrong because even though I put -P <password> it always asks me for my password again anyways. =20 My second? question is regarding the Howto by Tim. Do I follow the same process for an IPMI 2.0 machine or is there a more direct method since I am connecting to an Intel IPMI 2.0 machine which should have the correct IPMI 2.0 SOL compatibility. If I am not asking the right question, please feel free to tell me the right one and also the answer to it ;) =20 Thanks =20 - Chris = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Here is some of my output: =20 [root@localhost usr]# ipmitool -I lanplus -H 192.168.100.218 -U admin -P 1234 -a sol activate -vvvv Password: IPMI LAN host 192.168.100.218 port 623 =20 >> Sending IPMI command payload >> netfn : 0x06 >> command : 0x38 >> data : 0x8e 0x04 =20 BUILDING A v1.5 COMMAND >> IPMI Request Session Header >> Authtype : NONE >> Sequence : 0x00000000 >> Session ID : 0x00000000 >> IPMI Request Message Header >> Rs Addr : 20 >> NetFn : 06 >> Rs LUN : 0 >> Rq Addr : 81 >> Rq Seq : 00 >> Rq Lun : 0 >> Command : 38 >> sending packet (23 bytes) 06 00 ff 07 00 00 00 00 00 00 00 00 00 09 20 18 c8 81 00 38 8e 04 b5 << Received data (30 bytes) 06 00 ff 07 00 00 00 00 00 00 00 00 00 10 81 1c 63 20 00 38 00 01 86 0e 03 00 00 00 00 10 << IPMI Response Session Header << Authtype : NONE << Payload type : IPMI (0) << Session ID : 0x00000000 << Sequence : 0x00000000 << IPMI Msg/Payload Length : 16 << IPMI Response Message Header << Rq Addr : 81 << NetFn : 07 << Rq LUN : 0 << Rs Addr : 20 << Rq Seq : 00 << Rs Lun : 0 << Command : 38 << Compl Code : 0x00 IPMI Request Match found removed list entry seq=3D0x00 cmd=3D0x38 >> SENDING AN OPEN SESSION REQUEST =20 >> sending packet (48 bytes) 06 00 ff 07 06 10 00 00 00 00 00 00 00 00 20 00 00 00 00 00 a4 a3 a2 a0 00 00 00 08 01 00 00 00 01 00 00 08 01 00 00 00 02 00 00 08 01 00 00 00 << Received data (52 bytes) 06 00 ff 07 06 11 00 00 00 00 00 00 00 00 24 00 00 00 00 00 a4 a3 a2 a0 c2 73 2c 01 00 00 00 08 01 00 00 00 01 00 00 08 01 00 00 00 02 00 00 08 01 00 00 00 <<OPEN SESSION RESPONSE << Message tag : 0x00 << RMCP+ status : no errors << Maximum privilege level : Unknown (0x00) << Console Session ID : 0xa0a2a3a4 << BMC Session ID : 0x012c73c2 << Negotiated authenticatin algorithm : hmac_sha1 << Negotiated integrity algorithm : hmac_sha1_96 << Negotiated encryption algorithm : aes_cbc_128 =20 >> Console generated random number (16 bytes) a3 c8 19 5b 23 78 81 55 a6 d8 5f cd 8e 84 a2 87 >> SENDING A RAKP 1 MESSAGE =20 >> sending packet (49 bytes) 06 00 ff 07 06 12 00 00 00 00 00 00 00 00 21 00 00 00 00 00 c2 73 2c 01 a3 c8 19 5b 23 78 81 55 a6 d8 5f cd 8e 84 a2 87 14 00 00 05 61 64 6d 69 6e << Received data (76 bytes) 06 00 ff 07 06 13 00 00 00 00 00 00 00 00 3c 00 00 00 00 00 a4 a3 a2 a0 0e 5c d2 a3 cf d4 f5 2b 9d c0 5c ca 1c b5 49 f9 23 25 c4 85 45 f3 11 da 93 a4 00 04 23 af a1 66 89 1b 81 3e 23 8b d6 83 84 cf d8 50 ef a4 f9 dc 95 87 45 ae <<RAKP 2 MESSAGE << Message tag : 0x00 << RMCP+ status : no errors << Console Session ID : 0xa0a2a3a4 << BMC random number : 0x0e5cd2a3cfd4f52b9dc05cca1cb549f9 << BMC GUID : 0x2325c48545f311da93a4000423afa166 << Key exchange auth code [sha1] : 0x891b813e238bd68384cfd850efa4f9dc958745ae =20 bmc_rand (16 bytes) 0e 5c d2 a3 cf d4 f5 2b 9d c0 5c ca 1c b5 49 f9 >> rakp2 mac input buffer (63 bytes) a4 a3 a2 a0 c2 73 2c 01 a3 c8 19 5b 23 78 81 55 a6 d8 5f cd 8e 84 a2 87 0e 5c d2 a3 cf d4 f5 2b 9d c0 5c ca 1c b5 49 f9 23 25 c4 85 45 f3 11 da 93 a4 00 04 23 af a1 66 14 05 61 64 6d 69 6e >> rakp2 mac key (20 bytes) 31 32 33 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >> rakp2 mac as computed by the remote console (20 bytes) 89 1b 81 3e 23 8b d6 83 84 cf d8 50 ef a4 f9 dc 95 87 45 ae >> rakp3 mac input buffer (27 bytes) 0e 5c d2 a3 cf d4 f5 2b 9d c0 5c ca 1c b5 49 f9 a4 a3 a2 a0 14 05 61 64 6d 69 6e >> rakp3 mac key (20 bytes) 31 32 33 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 generated rakp3 mac (20 bytes) ca 0b 01 1f 7b 49 60 e5 b3 42 4d ac 22 62 3f 69 fc f5 18 72 session integrity key input (39 bytes) a3 c8 19 5b 23 78 81 55 a6 d8 5f cd 8e 84 a2 87 0e 5c d2 a3 cf d4 f5 2b 9d c0 5c ca 1c b5 49 f9 14 05 61 64 6d 69 6e Generated session integrity key (20 bytes) e3 a1 12 25 77 cf 1f 41 21 ff 04 de 08 47 d3 4b 8f b7 64 2b Generated K1 (20 bytes) e1 0e a7 39 7b b4 ab 71 d0 2c e0 cf a3 29 79 b4 4b 9c 41 a4 Generated K2 (20 bytes) 8c 5e 64 1a 93 6b 02 5a bb 8f c2 a3 01 88 d8 f0 8c b7 7c f1 >> SENDING A RAKP 3 MESSAGE =20 >> sending packet (44 bytes) 06 00 ff 07 06 14 00 00 00 00 00 00 00 00 1c 00 00 00 00 00 c2 73 2c 01 ca 0b 01 1f 7b 49 60 e5 b3 42 4d ac 22 62 3f 69 fc f5 18 72 << Received data (24 bytes) 06 00 ff 07 06 15 00 00 00 00 00 00 00 00 08 00 00 0f 00 00 a4 a3 a2 a0 <<RAKP 4 MESSAGE << Message tag : 0x00 << RMCP+ status : invalid integrity check value << Console Session ID : 0xa0a2a3a4 << Key exchange auth code [sha1] : 0x005cd2a3cfd4f52b9dc05cca =20 RAKP 4 message indicates an error : invalid integrity check value Error: Unable to establish IPMI v2 / RMCP+ session Error: No response activating SOL payload =09 =09 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =20 [root@localhost root]# ipmitool -I lanplus -H 192.168.100.218 -U admin -P 1234 bmc info -vvvv IPMI LAN host 192.168.100.218 port 623 =20 >> Sending IPMI command payload >> netfn : 0x06 >> command : 0x38 >> data : 0x8e 0x04 =20 BUILDING A v1.5 COMMAND >> IPMI Request Session Header >> Authtype : NONE >> Sequence : 0x00000000 >> Session ID : 0x00000000 >> IPMI Request Message Header >> Rs Addr : 20 >> NetFn : 06 >> Rs LUN : 0 >> Rq Addr : 81 >> Rq Seq : 00 >> Rq Lun : 0 >> Command : 38 >> sending packet (23 bytes) 06 00 ff 07 00 00 00 00 00 00 00 00 00 09 20 18 c8 81 00 38 8e 04 b5 << Received data (30 bytes) 06 00 ff 07 00 00 00 00 00 00 00 00 00 10 81 1c 63 20 00 38 00 01 86 0e 03 00 00 00 00 10 << IPMI Response Session Header << Authtype : NONE << Payload type : IPMI (0) << Session ID : 0x00000000 << Sequence : 0x00000000 << IPMI Msg/Payload Length : 16 << IPMI Response Message Header << Rq Addr : 81 << NetFn : 07 << Rq LUN : 0 << Rs Addr : 20 << Rq Seq : 00 << Rs Lun : 0 << Command : 38 << Compl Code : 0x00 IPMI Request Match found removed list entry seq=3D0x00 cmd=3D0x38 >> SENDING AN OPEN SESSION REQUEST =20 >> sending packet (48 bytes) 06 00 ff 07 06 10 00 00 00 00 00 00 00 00 20 00 00 00 00 00 a4 a3 a2 a0 00 00 00 08 01 00 00 00 01 00 00 08 01 00 00 00 02 00 00 08 01 00 00 00 << Received data (24 bytes) 06 00 ff 07 06 11 00 00 00 00 00 00 00 00 08 00 00 01 00 00 a4 a3 a2 a0 <<OPEN SESSION RESPONSE << Message tag : 0x00 << RMCP+ status : insufficient resources for session << Maximum privilege level : Unknown (0x00) << Console Session ID : 0xa0a2a3a4 Error in open session response message : insufficient resources for session =20 Error: Unable to establish IPMI v2 / RMCP+ session Get Device ID command failed [root@localhost root]# =09 =09 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D Here is my output when connecting with a regular IOL connection: =20 [root@localhost usr]# ipmitool -I lan -H 192.168.100.218 -U admin -P 1234 bmc info Device ID : 32 Device Revision : 1 Firmware Revision : 0.43 IPMI Version : 2.0 Manufacturer ID : 343 Product ID : 35 (0x0023) Device Available : yes Provides Device SDRs : no Additional Device Support : Sensor Device SDR Repository Device SEL Device FRU Inventory Device IPMB Event Receiver Chassis Device Aux Firmware Rev Info : 0x00 0x10 0x00 0x3d [root@localhost usr]# =09 |