Manual Pages for UNIX Darwin command on man ipmitool
ipmitool(1) ipmitool(1)
NAME
ipmitool - utility for controlling IPMI-enabled devices
SYNOPSIS
ipmitool [-cc|-hh|-vv|-VV] -II open
ipmitool [-cc|-hh|-vv|-VV] -II lan -HH
[-pp ]
[-UU ]
[-AA ]
[-LL ]
[-aa|-EE|-PP|-ff ]
[-oo ]
[-OO ]
[-ee ]
ipmitool [-cc|-hh|-vv|-VV] -II lanplus -HH
[-pp ]
[-UU ]
[-LL ]
[-aa|-EE|-PP|-ff ]
[-oo ]
[-OO ]
[-CC ]
[-kk ]
[-ee ]
DESCRIPTION
This program lets you manage Intelligent Platform Management Interface
(IPMI) functions of either the local system, via a kernel device
driver, or a remote system, using IPMI V1.5 and IPMI v2.0. These func-
tions include printing FRU information, LAN configuration, sensor read-
ings, and remote chassis power control.
IPMI management of a local system interface requires a compatible IPMI
kernel driver to be installed and configured. On Linux this driver is
called OpenIPMI and it is included in standard distributions. On
Solaris this driver is called BMC and is inclued in Solaris 10. Man-
agement of a remote station requires the IPMI-over-LAN interface to be
enabled and configured. Depending on the particular requirements of
each system it may be possible to enable the LAN interface using ipmi-
tool over the system interface.
OOPPTTIIOONNSS
-aa Prompt for the remote server password.
-AA
Specify an authentication type to use during IPMIv1.5 lan ses-
sion activation. Supported types are NONE, PASSWORD, MD2, MD5,
or OEM.
-cc Present output in CSV (comma separated variable) format. This
is not available with all commands.
-ee
Use supplied character for SOL session escape character. The
default is to use ~ but this can conflict with ssh sessions.
-kk
Use supplied Kg key for IPMIv2 authentication. The default is
not to use any Kg key.
-CC
The remote server authentication, integrity, and encryption
algorithms to use for IPMIv2 lanplus connections. See table
22-19 in the IPMIv2 specification. The default is 3 which spec-
ifies RAKP-HMAC-SHA1 authentication, HMAC-SHA1-96 integrity, and
AES-CBC-128 encryption algorightms.
-EE The remote server password is specified by the environment vari-
able IPMIPASSWORD.
-ff
Specifies a file containing the remote server password. If this
option is absent, or if passwordfile is empty, the password
will default to NULL.
-hh Get basic usage help from the command line.
-HH
Remote server address, can be IP address or hostname. This
option is required for lan and lanplus interfaces.
-II
Selects IPMI interface to use. Supported interfaces that are
compiled in are visible in the usage help output.
-LL
Force session privilege level. Can be CALLBACK, USER, OPERATOR,
ADMINISTRATOR. Default is ADMINISTRATOR.
-mm
Set the local IPMB address. The default is 0x20 and there
should be no need to change it for normal operation.
-oo
Select OEM type to support. This usually involves minor hacks
in place in the code to work around quirks in various BMCs from
various manufacturers. Use -o list to see a list of current
supported OEM types.
-OO
Open selected file and read OEM SEL event descriptions to be
used during SEL listings. See examples in contrib dir for file
format.
-pp
Remote server UDP port to connect to. Default is 623.
-PP
Remote server password is specified on the command line. If
supported it will be obscured in the process list. NNoottee!! Speci-
fying the password as a command line option is not recommended.
-SS
Use local file for remote SDR cache. Using a local SDR cache
can drastically increase performance for commands that require
knowledge of the entire SDR to perform their function. Local
SDR cache from a remote system can be created with the sdr dump
command.
-tt
Bridge IPMI requests to the remote target address.
-UU
Remote server username, default is NULL user.
-vv Increase verbose output level. This option may be specified
multiple times to increase the level of debug output. If given
three times you will get hexdumps of all incoming and outgoing
packets.
-VV Display version information.
If no password method is specified then ipmitool will prompt the user
for a password. If no password is entered at the prompt, the remote
server password will default to NULL.
SSEECCUURRIITTYY
There are several security issues be be considered before enabling the
IPMI LAN interface. A remote station has the ability to control a sys-
tem's power state as well as being able to gather certain platform
information. To reduce vulnerability it is strongly advised that the
IPMI LAN interface only be enabled in 'trusted' environments where sys-
tem security is not an issue or where there is a dedicated secure 'man-
agement network'.
Further it is strongly advised that you should not enable IPMI for
remote access without setting a password, and that that password should
not be the same as any other password on that system.
When an IPMI password is changed on a remote machine with the IPMIv1.5
lan interface the new password is sent across the network as clear
text. This could be observed and then used to attack the remote sys-
tem. It is thus recommended that IPMI password management only be done
over IPMIv2.0 lanplus interface or the system interface on the local
station.
For IPMI v1.5, the maximum password length is 16 characters. Passwords
longer than 16 characters will be truncated.
For IPMI v2.0, the maximum password length is 20 characters; longer
passwords are truncated.
CCOOMMMMAANNDDSS
help This can be used to get command-line help on ipmitool com-
mands. It may also be placed at the end of commands to get
option usage help.
ipmitool help
Commands:
raw Send a RAW IPMI request and print response
lan Configure LAN Channels
chassis Get chassis status and set power state
event Send events to MC
mc Management Controller status and global
enables
sdr Print Sensor Data Repository entries and
readings
sensor Print detailed sensor information
fru Print built-in FRU and scan for FRU loca-
tors
sel Print System Event Log (SEL)
pef Configure Platform Event Filtering (PEF)
sol Configure and connect IPMIv2.0
Serial-over-LAN
tsol Configure and connect Tyan IPMIv1.5
Serial-over-LAN
isol Configure Intel IPMIv1.5 Serial-over-LAN
user Configure Management Controller users
channel Configure Management Controller channels
session Print session information
sunoem Manage Sun OEM Extensions
exec Run list of commands from file
set Set runtime variable for shell and exec
chassis power Commands: status, on, off, cycle, reset, diag,
soft
bmc|mc
reset
Instructs the BMC to perform a warm or cold reset.
guid Display the Management Controller Globally Unique IDen-
tifier.
info
Displays information about the BMC hardware, including
device revision, firmware revision, IPMI version sup-
ported, manufacturer ID, and information on additional
device support.
getenables
Displays a list of the currently enabled options for the
BMC.
setenables =[oonn|ooffff]
Enables or disables the given option. This command is
only supported over the system interface according to the
IPMI specification. Currently supported values for
option include:
recvmsgintr
Receive Message Queue Interrupt
eventmsgintr
Event Message Buffer Full Interrupt
eventmsg
Event Message Buffer
systemeventlog
System Event Logging
oem0
OEM-Defined option #0
oem1
OEM-Defined option #1
oem2
OEM-Defined option #2
channel
authcap
Displays information about the authentication capabili-
ties of the selected channel at the specified privilege
level.
Possible privilege levels are:
1 Callback level
2 User level
3 Operator level
4 Administrator level
5 OEM Proprietary level
info [cchhaannnneell nnuummbbeerr]
Displays information about the selected channel. If
no channel is given it will display information about the
currently used channel:
> ipmitool channel info
Channel 0xf info:
Channel Medium Type : System Interface
Channel Protocol Type : KCS
Session Support : session-less
Active Session Count : 0
Protocol Vendor ID : 7154
getaccess []
Configure the given userid as the default on the given
channel number. When the given channel is subsequently
used, the user is identified implicitly by the given
userid.
setaccess []
[] [] []
Configure user access information on the given channel
for the given userid.
getciphers []
Displays the list of cipher suites supported for the
given application (ipmi or sol) on the given channel.
chassis
status
Displays information regarding the high-level status of
the system chassis and main power subsystem.
poh
This command will return the Power-On Hours counter.
identify
Control the front panel identify light. Default is 15.
Use 0 to turn off.
restartcause
Query the chassis for the cause of the last system
restart.
policy
Set the chassis power policy in the event power fail-
ure.
list
Return supported policies.
always-on
Turn on when power is restored.
previous
Returned to previous state when power is
restored.
always-off
Stay off after power is restored.
power
Performs a chassis control command to view and change
the power state.
status
Show current chassis power status.
on
Power up chassis.
off
Power down chassis into soft off (S4/S5 state).
WWAARRNNIINNGG: This command does not initiate a clean
shutdown of the operating system prior to powering
down the system.
cycle
Provides a power off interval of at least 1 sec-
ond. No action should occur if chassis power is
in S4/S5 state, but it is recommended to check
power state first and only issue a power cycle
command if the system power is on or in lower
sleep state than S4/S5.
reset
This command will perform a hard reset.
diag
Pulse a diagnostic interrupt (NMI) directly to the
processor(s).
soft
Initiate a soft-shutdown of OS via ACPI. This can
be done in a number of ways, commonly by simulat-
ing an overtemperture or by simulating a power
button press. It is necessary for there to be
Operating System support for ACPI and some sort of
daemon watching for events for this soft power to
work.
bootdev []
Request the system to boot from an alternate boot device
on next reboot. The clear-cmos option, if supplied, will
instruct the BIOS to clear its CMOS on the next reboot.
Currently supported values for are:
none
Do not change boot device
pxe
Force PXE boot
disk
Force boot from BIOS default boot device
safe
Force boot from BIOS default boot device, request
Safe Mode
diag
Force boot from diagnostic partition
cdrom
Force boot from CD/DVD
bios
Force boot into BIOS setup
event
Send a pre-defined event to the System Event Log. The
following events are included as a means to test the
functionality of the System Event Log component of the
BMC (an entry will be added each time the event n command
is executed).
Currently supported values for n are:
1 Temperature: Upper Critical: Going High
2 Voltage Threshold: Lower Critical: Going Low
3 Memory: Correctable ECC Error Detected
NNOOTTEE: These pre-defined events will likely not produce
"accurate" SEL records for a particular system because
they will not be correctly tied to a valid sensor number,
but they are sufficient to verify correct operation of
the SEL.
file
Event log records specified in filename will be added to
the System Event Log.
The format of each line in the file is as follows:
<{EvM Revision} {Sensor Type} {Sensor Num} {Event
Dir/Type} {Event Data 0} {Event Data 1} {Event Data 2}>[#
COMMENT]
Note: The Event Dir/Type field is encoded with the event
direction as the high bit (bit 7) and the event type as
the low 7 bits.
e.g.:
Generate a custom event based on existing sensor informa-
tion. The optional event direction can be either assert
or deassert and defaults to assert. To get a list of
possible states for a sensor supply a state of lliisstt on
the command line. Each sensor may be different but some
states will have pre-defined shortcuts. For example:
> ipmitool -I open event p0.tcore
Finding sensor p0.tcore... ok
Sensor States:
lnr : Lower Non-Recoverable
lcr : Lower Critical
lnc : Lower Non-Critical
unc : Upper Non-Critical
ucr : Upper Critical
unr : Upper Non-Recoverable
> ipmitool -I open event ps0.prsnt
Finding sensor ps0.prsnt... ok
Sensor States:
Device Absent
Device Present
State State Shortcuts:
present absent
assert deassert
limit nolimit
fail nofail
yes no
on off
up down
exec
Execute ipmitool commands from filename. Each line is a com-
plete command. The syntax of the commands are defined by the
COMMANDS section in this manpage. Each line may have an
optional comment at the end of the line, delimited with a `#'
symbol.
e.g., a command file with two lines:
sdr list # get a list of sdr records
sel list # get a list of sel records
fru
print
This command will read all Field Replaceable Unit (FRU)
inventory data and extract such information as serial
number, part number, asset tags, and short strings
describing the chassis, board, or product.
i2c []
This will allow you to execute raw I2C commands with the Master
Write-Read IPMI command.
isol
setup
Setup baud rate for Intel IPMI v1.5 Serial-over-LAN.
lan
These commands will allow you to configure IPMI LAN channels
with network information so they can be used with the ipmitool
lan and lanplus interfaces. NOTE: To determine on which channel
the LAN interface is located, issue the `channel info number'
command until you come across a valid 802.3 LAN channel. For
example:
> ipmitool -I open channel info 1
Channel 0x1 info:
Channel Medium Type : 802.3 LAN
Channel Protocol Type : IPMB-1.0
Session Support : session-based
Active Session Count : 8
Protocol Vendor ID : 7154
print
Print the current configuration for the given chan-
nel.
set
Set the given parameter on the given channel. Valid
parameters are:
ipaddr
Set the IP address for this channel.
netmask
Set the netmask for this channel.
macaddr
Set the MAC address for this channel.
defgw ipaddr
Set the default gateway IP address.
defgw macaddr
Set the default gateway MAC address.
bakgw ipaddr
Set the backup gateway IP address.
bakgw macaddr
Set the backup gateway MAC address.
password
Set the null user password.
snmp
Set the SNMP community string.
user
Enable user access mode for userid 1 (issue the
`user' command to display information about
userids for a given channel).
access
Set LAN channel access mode.
ipsrc
Set the IP address source:
none unspecified
static manually configured static IP address
dhcp address obtained by BMC running DHCP
bios address loaded by BIOS or system software
arp respond
Set BMC generated ARP responses.
arp generate
Set BMC generated gratuitous ARPs.
arp interval
Set BMC generated gratuitous ARP interval.
vlan id
Disable VLAN operation or enable VLAN and set the
ID.
ID: value of the virtual lan identifier between 1
and 4094 inclusive.
vlan priority
Set the priority associated with VLAN frames.
ID: priority of the virtual lan frames between 0
and 7 inclusive.
auth
Set the valid authtypes for a given auth
level.
Levels: callback, user, operator, admin
Types: none, md2, md5, password, oem
cipherprivs
Correlates cipher suite numbers with the maximum
privilege level that is allowed to use it. In
this way, cipher suites can restricted to users
with a given privilege level, so that, for exam-
ple, administrators are required to use a stronger
cipher suite than normal users.
The format of privlist is as follows. Each char-
acter represents a privilege level and the charac-
ter position identifies the cipher suite number.
For example, the first character represents cipher
suite 1 (cipher suite 0 is reserved), the second
represents cipher suite 2, and so on. privlist
must be 15 characters in length.
Characters used in privlist and their associated
privilege levels are:
X Cipher Suite Unused
c CALLBACK
u USER
o OPERATOR
a ADMIN
O OEM
So, to set the maximum privilege for cipher suite
1 to USER and suite 2 to ADMIN, issue the follow-
ing command:
> ipmitool -I interface lan set channel
cipherprivs uaXXXXXXXXXXXXX
pef
info
This command will query the BMC and print information
about the PEF supported features.
status
This command prints the current PEF status (the last SEL
entry processed by the BMC, etc).
policy
This command lists the PEF policy table entries. Each
policy entry describes an alert destination. A policy
set is a collection of table entries. PEF alert actions
reference policy sets.
list
This command lists the PEF table entries. Each PEF entry
relates a sensor event to an action. When PEF is active,
each platform event causes the BMC to scan this table for
entries matching the event, and possible actions to be
taken. Actions are performed in priority order (higher
criticality first).
raw []
This will allow you to execute raw IPMI commands. For example
to query the POH counter with a raw command:
> ipmitool -v raw 0x0 0xf
RAW REQ (netfn=0x0 cmd=0xf datalen=0)
RAW RSP (5 bytes)
3c 72 0c 00 00
sdr
get ... []
Prints information for sensor data records specified by
sensor id.
info
This command will query the BMC for SDR information.
type
This command will display all records from the SDR of a
specific type. Run with type list to see the list of
available types. For example to query for all Tempera-
ture sensors:
> ipmitool sdr type Temperature
Baseboard Temp | 30h | ok | 7.1 | 28 degrees C
FntPnl Amb Temp | 32h | ok | 12.1 | 24 degrees C
Processor1 Temp | 98h | ok | 3.1 | 57 degrees C
Processor2 Temp | 99h | ok | 3.2 | 53 degrees C
list | elist []
This command will read the Sensor Data Records (SDR) and
extract sensor information of a given type, then query
each sensor and print its name, reading, and status. If
invoked as elist then it will also print sensor number,
entity id and instance, and asserted discrete states.
The default output will only display full and compact
sensor types, to see all sensors use the all type with
this command.
Valid types are:
all
All SDR records (Sensor and Locator)
full
Full Sensor Record
compact
Compact Sensor Record
event
Event-Only Sensor Record
mcloc
Management Controller Locator Record
fru
FRU Locator Record
generic
Generic SDR records
entity [.]
Displays all sensors associated with an entity. Get a
list of valid entity ids on the target system by issuing
the sdr elist command. A list of all entity ids can be
found in the IPMI specifications.
dump
Dumps raw SDR data to a file. This data file can then be
used as a local SDR cache of the remote managed system
with the -S option on the ipmitool command line.
This can greatly improve performance over system inter-
face or remote LAN.
sel
NOTE: SEL entry-times are displayed as `Pre-Init Time-stamp' if
the SEL clock needs to be set. Ensure that the SEL clock is
accurate by invoking the sel time get and sel time set