This section explains how to configure out-of-band management ports (IPMI or iLO) for your hardware platform.
Out-of-band management allows you to monitor, manage, and troubleshoot servers remotely, independent of the operating system. Depending on your hardware platform, you may use IPMI (Intelligent Platform Management Interface) or iLO (Integrated Lights Out).
Overview
Out-of-band management enables you to:
- Power on, power off, and reboot servers remotely
- Access the server console via KVM
- Mount virtual media for OS installation
- Monitor hardware health and sensors
- Update firmware
Access to the out-of-band management port on a public LAN can have serious security implications because it can grant anyone with credentials direct access to your serverβs hardware and console. Follow security best practices when implementing out-of-band management access.
Wiring the Out-of-Band Management Network
Connect all out-of-band management ports to a dedicated management switch, separate from your data network. This ensures management access even if the data network experiences issues.
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Out-of-Band Management Switch β
βββββββββ¬ββββββββββββ¬ββββββββββββ¬ββββββββββββ¬ββββββββββββββββββ
β β β β
βββββ΄ββββ βββββ΄ββββ βββββ΄ββββ βββββ΄ββββ
β MGMT β β MGMT β β MGMT β β MGMT β
β Node1 β β Node2 β β Node3 β β Node4 β
βββββββββ βββββββββ βββββββββ βββββββββ
The management port is located on the rear of each server. For the exact location on your specific hardware, see the documentation from your hardware vendor.
IPMI Configuration
IPMI (Intelligent Platform Management Interface) is common on Supermicro and other server platforms.
Prerequisites
You must have root user access through SSH on the client-facing network. For example:
sudo -s
To access the IPMI CLI while physically connected to the node, press Ctrl+Alt+F1.
How IPMI Works
IPMI support on your nodeβs motherboard allows for out-of-band maintenance access even when the node is powered off (as long as it is connected to power).
- By default, nodes are configured to receive DHCP address assignments.
- The IPMI access network can be completely separate from your client-facing network.
- For the default IPMI username and password, see the documentation from your hardware vendor.
The IPMI username and password are independent of your Qumulo administrative credentials.
You must enter the following configuration commands on each node that will be a member of your IPMI maintenance network.
Verifying IPMI LAN Configuration
To view the current IPMI LAN configuration, run the following command.
ipmitool lan print 1
Configuring IPMI with Static IP Addresses
To configure the IPMI interface with a static IP address, run the following commands.
# Set IPMI ethernet interface to static IP
ipmitool lan set 1 ipsrc static
# Set the IP address of the interface
ipmitool lan set 1 ipaddr <IP_ADDRESS>
# Set the subnet mask for the interface
ipmitool lan set 1 netmask <SUBNET_MASK>
# Set the IP address of the default gateway
ipmitool lan set 1 defgw ipaddr <GATEWAY_IP_ADDRESS>
# (Optional) Enable BMC ARP responses
ipmitool lan set 1 arp respond on
Replace <IP_ADDRESS>, <SUBNET_MASK>, and <GATEWAY_IP_ADDRESS> with values appropriate for your network.
Managing IPMI Users
Listing Current Users
To list current IPMI users, run the following command.
ipmitool user list 1
The output shows user IDs, names, and privilege levels. For example:
ID Name Callin Link Auth IPMI Msg Channel Priv Limit
1 false false true ADMINISTRATOR
2 root false true true ADMINISTRATOR
Changing a User Password
To change the password for an existing user, run the following command. Replace <USER_ID> with the userβs ID number.
ipmitool user set password <USER_ID>
The system prompts you to enter and confirm the new password.
Creating a New User
To create a new administrative user, run the following commands. This example creates a user named netadmin in user slot 4.
# Set the username
ipmitool user set name 4 netadmin
# Set the password (you will be prompted)
ipmitool user set password 4
Setting User Access
To configure access permissions for a user, run the following commands. Replace <USER_ID> with the userβs ID number.
# Set access on channel 1
ipmitool channel setaccess 1 <USER_ID> link=on ipmi=on callin=on privilege=4
# Set access on channel 2
ipmitool channel setaccess 2 <USER_ID> link=on ipmi=on callin=on privilege=4
# Enable the user
ipmitool user enable <USER_ID>
Verifying User Access
To verify user access settings, run the following command. Replace <USER_ID> with the userβs ID number.
ipmitool channel getaccess 1 <USER_ID>
iLO Configuration
iLO (Integrated Lights Out) is used on HPE server platforms.
Prerequisites
To configure the iLO port, you must have root access to the client-facing network through SSH. For example, you can run the sudo -s command.
How the iLO Port Works
Your node provides iLO support for out-of-band maintenance access even when the node is plugged in but powered off.
Your nodes receive DHCP address assignments by default. When you configure a nodeβs iLO port, you can access the node by using the IP address (that the DHCP server assigns to the node) and a browser that supports HTML5, Java, or .NET.
We strongly recommend separating your iLO access network from your client-facing network.
To access iLO configuration from the BIOS System Utilities menu, press F9.
The iLO username and password are unrelated to your Qumulo administrative credentials.
iLO Configuration
To configure the iLO port, you must use ipmitool. For more information, see the following HPE resources:
Connecting to Nodes
After you configure out-of-band management, you can access nodes through a web browser using the IP addresses assigned by you or your DHCP server. Use a modern web browser such as Firefox or Chrome for best results.
Troubleshooting Connectivity
If you cannot connect to the out-of-band management console and you are certain that your network configuration is correct, reset the BMC through an SSH or KVM Console session to the node by running the following command.
ipmitool bmc reset cold