Explaing which cipher suites must be used and how to pre-configure the BMC. Also explain the privilege levels. Change-Id: I93845ac9dd068b0ddb52693afe4993804857e5ea
3.9 KiB
Configuring IPMI support
Installing ipmitool command
To enable one of the drivers that use IPMI
protocol for power and management actions (for example,
ipmi
), the ipmitool
command must be present on
the service node(s) where ironic-conductor
is running. On
most distros, it is provided as part of the ipmitool
package. Source code is available at http://ipmitool.sourceforge.net/.
Warning
Certain distros, notably Mac OS X and SLES, install
openipmi
instead of ipmitool
by default. This
driver is not compatible with openipmi
as it relies on
error handling options not provided by this tool.
Please refer to the /admin/drivers/ipmitool
for information on how to
configure and use IPMItool-based drivers.
Configuring hardware
IPMI is a relatively old protocol and may require additional set up on the hardware side that the Bare Metal service cannot do automatically:
Make sure IPMI is enabled and the account you use have the permissions to change power and boot devices. By default the adminstrator rights are expected, you can change it: see
ipmi-priv-level
.Make sure the cipher suites are configured for maximum security. Suite 17 is recommended, 3 can be used if it's not available. Cipher suite 0 must be disabled as it provides unauthenticated access to the BMC.
ipmi-cipher-suites
Make sure the boot mode correspond to the expected boot mode on the node (see
boot_mode_support
). Some hardware is able to change the boot mode to the requested by Ironic, some does not.
Validation and troubleshooting
Check that you can connect to, and authenticate with, the IPMI
controller in your bare metal server by running
ipmitool
:
ipmitool -I lanplus -H <ip-address> -U <username> -P <password> chassis power status
where <ip-address>
is the IP of the IPMI
controller you want to access. This is not the bare metal node's main
IP. The IPMI controller should have its own unique IP.
If the above command doesn't return the power status of the bare metal server, check that
ipmitool
is installed and is available via the$PATH
environment variable.- The IPMI controller on your bare metal server is turned on.
- The IPMI controller credentials and IP address passed in the command are correct.
- The conductor node has a route to the IPMI controller. This can be checked by just pinging the IPMI controller IP from the conductor node.
IPMI configuration
If there are slow or unresponsive BMCs in the environment, the
min_command_interval
configuration option in the
[ipmi]
section may need to be raised. The default is fairly
conservative, as setting this timeout too low can cause older BMCs to
crash and require a hard-reset.
Collecting sensor data
Bare Metal service supports sending IPMI sensor data to Telemetry
with certain hardware types, such as ipmi
, ilo
and irmc
. By default, support for sending IPMI sensor data
to Telemetry is disabled. If you want to enable it, you should make the
following two changes in ironic.conf
:
[conductor]
send_sensor_data = true
[oslo_messaging_notifications]
driver = messagingv2
If you want to customize the sensor types which will be sent to
Telemetry, change the send_sensor_data_types
option. For
example, the below settings will send information about temperature,
fan, voltage from sensors to the Telemetry service:
send_sensor_data_types=Temperature,Fan,Voltage
Supported sensor types are defined by the Telemetry service,
currently these are Temperature
, Fan
,
Voltage
, Current
. Special value
All
(the default) designates all supported sensor
types.