conserver
infrastructure.
+----------------------------------------------------------------------+ | +-------+ +--------------------+ | | | NIC 3 | | Expansion slot | | | +-------+ +--------------------+ | | +-------+ | | | USB | | | +-------+ +-----+ +------------+ +-------+ +-------+ | | | USB | | VGA | | Q-Code LED | | NIC 1 | | NIC 2 | | | +-------+ +-----+ +------------+ +-------+ +-------+ | | | | +---------------------------++---------------------------+ | | | || | | | | PSU 1 || PSU 2 | | | | || | | | +---------------------------++---------------------------+ | | | +----------------------------------------------------------------------+ REAR PANEL OF AN ASUS ECS4000 G3S SERVERNICs 1 and 2 are available for use by the machine itself; NIC 3 is a dedicated port for the BMC (which device, as usual, has its own MAC address.) However, the BMC also presents itself - using a different MAC address, on NIC 1. The idea of that is that the BMC can piggy-back on one of the existing network connections in use by the machine itself - which, for example, would save on the total number of network ports in use. However, since the piggy-back setup does not allow for the use of tagged VLANs, it's of no use to us: we insist that all BMCs are located on a private unrouted subnet carried on its own VLAN. The BMC will, by default, issue DHCP requests on both the piggy-back port NIC 1, and its dedicated port NIC 3 and, as mentioned, each of these requests will be associated with a distinct MAC address. Since we do not want to use the BMC on the piggy-back port NIC 1, any DHCP requests from the BMC on that port will show up as noise and DHCP errors in our various logs, and so we need to disable them. Our desired configuration is therefore:
admin
, admin
). To prevent misuse, it is therefore important that the BMC is correctly configured; it must not be left in its default state.
Del
when appropriate to access the BIOS setup screen.
Select the Server Mgmt
tab.
Select BMC network configuration
Set the following parameters:
DM_LAN1
:
Current config address source |
DHCP Mode |
Shared_LAN
:
Current config address source |
Static |
IP Address in BMC |
0.0.0.0 |
Take a note of the value of Station MAC address
in DM_LAN1
.
Press ESC
Select BMC IPv6 Network Configuration
Set the following parameters:
IPV6 BMC Shared LAN
:
Address Source in BMC |
Static |
IP Address in BMC |
0:0:0:0:0:0:0:0 |
Press ESC
, ESC
to return to the main screen.
Select the Advanced
tab.
Select Serial Port Console Redirection
Set the following parameters:
COM1
:
Console Redirection |
Enabled |
COM2
:
Console Redirection |
Disabled |
For COM1
, select Console Redirection Settings
Set the following parameters (all of which - apart from Terminal Type
, should be the default settings):
Terminal Type |
VT100+ |
Bits per second |
57600 |
Data Bits |
8 |
Parity |
None |
Stop Bits |
1 |
Flow Control |
Hardware RTS/CTS |
VT-UTF8 Combo Key Support |
Enabled |
Recorder Mode |
Disabled |
Legacy OS Redirection Resolution |
80x24 |
Putty KeyPad |
VT100 |
Redirection After BIOS POST |
Always Enable |
Press ESC
For Legacy Console Redirection
, select Legacy Console Redirection Settings
Set the following parameters:
Legacy Serial Redirection Port |
COM1 |
Press ESC
, ESC
to return to the main screen; then F10
to Save Changes & Reset
.
Allocate an IP address for the BMC on the appropriate server management subnet, and add that address to the DNS with the corresponding hostname set to <machinename>.bmc.inf.ed.ac.uk
. The subnets are as follows:
Server room | Server management subnet |
---|---|
Informatics Forum | 192.168.68/23 |
AT | 192.168.93/24 |
KB | 192.168.94/24 |
Ensure that the port to which NIC 3 of the host machine is connected carries the corresponding VLAN untagged. The VLAN names are as follows:
Server room | Server management VLAN name![]() |
Corresponding VLAN tag |
---|---|---|
AT | ATSOL |
493 |
KB | KBSOL |
494 |
Informatics Forum | SOL |
468 |
port n myserver.bmc - SOL
Add the resources bmchostname
and bmcmac
to the LCFG profile of the machine: bmchostname
should be the fully-qualified domain name chosen in step 1 above; bmcmac
should be the Station MAC address
identified in Section 2.1.1 above.
Example:
...[snip]... /* BMC */ dhclient.bmchostname myserver.bmc.inf.ed.ac.uk dhclient.bmcmac 00:1d:09:6a:c9:bb !dhclient.cluster mADD(dhcp/forum/consoles) ...[snip]...
Allow time for the profile to recompile, and for the DNS and DHCP changes to propagate. Once they have propagated, restart the machine and check that the BMC has correctly acquired its configuration by:
ssh'
ing to the console server appropriate for the site - either consoles
, atconsoles
or kbconsoles
.
ping <machinename>.bmc.inf.ed.ac.uk
. You should get a response; if you don't, sort out the problem before you proceed any further.
Background
On delivery, the BMC on ASUS ECS4000 G3S servers come configured with a single active IPMI account, namely:
root , and with ID 2 , exists; and that that account has the same common 20-byte password in use throughout the rest of the systems managed by our conserver IPMI framework. In addition, i order that this account can be be used to initiate SOL sessions, it requires 'administrator' privileges.
The easiest way to achieve this is to rename the existing admin account. Some BMCs (e.g. those on Supermicro machines) do not allow existing accounts to be renamed - but, fortunately, the BMC on the ASUS servers does allow such renaming.
|
ssh
to to the console server appropriate for the site - either consoles
, atconsoles
or kbconsoles
.
Change the name of BMC user ID 2
on the target machine:
ipmitool -I lanplus -H <machinename>.bmc -U admin -P admin user set name 2 root
Confirm that the name change has been effected:
ipmitool -I lanplus -H <machinename>bmc -U root -P admin user list
Set the password of BMC user ID 2
to our standard 20-byte password:
nsu
to root
/usr/sbin/conserver-ipmisetpass <machinename>.bmc
This command changes the password of the BMC's root
account to our standard one. When it runs, you will prompted for the current default password of the root
account: it is admin
.
Comment: It ought to be equally possible to effect the above account name change from the running OS on the machine to which the BMC belongs, via the open channel. However, attempts to do this currently don't work. E.g.
It seems as if such attempts fail owing to current bugs in ipmitool - see e.g. https://github.com/uebayasi/openbsd-ipmi/issues/10. In any event, at the time of writing, the BMC users must be configured over the network via the lanplus channel, as described above.
|
#define LCFG_OPTS_SERIALCONSOLE_BAUD 57600 #include <dice/options/serialconsole.h>Note that this configuration - unlike that for a Dell server using an IPMI SOL console - uses
ttyS0
(i.e. COM1
).
conserver
configuration live/console_server.h
header, and add the target machine's hostname (not the hostname of its BMC) to the next available free IPMI SOL 'slot' for the relevant site.
Example:
/******************** * Forum Consoles * ********************/ ...[snip]... /* Consoles managed via IPMI SOL */ ...[snip]... conserver.consolename_srsol00s42 myserver ...[snip]...Allow time for this live header change to propagate, then test the new console by
ssh
'ing to any console server and running console <machinename>
.