This section explains how to configure the baseboard management controller (BMC) on your node using the IPMI protocol.
This guide provides generic out-of-band management configuration examples. For platform-specific details and exact channel numbers, see the documentation from your hardware vendor.
Out-of-band management allows you to monitor, manage, and troubleshoot servers remotely, independent of the operating system. The dedicated management port on each node is connected to a baseboard management controller (BMC) β the management chip on the motherboard. The Intelligent Platform Management Interface (IPMI) is the standard protocol used to talk to a BMC over the network, and the ipmitool commands in this guide work against any BMC that supports IPMI.
Different vendors brand their BMC differently β for example, HPE iLO, Dell iDRAC, and Lenovo XCC are all BMC implementations that support IPMI. The vendorβs web console (such as the HPE iLO web UI) offers additional features beyond the standard IPMI commands; see your hardware vendorβs documentation for those.
Overview
Out-of-band management enables you to:
- Power on, power off, and reboot servers remotely
- Access the server console via KVM
- Mount virtual media for OS installation
- Monitor hardware health and sensors
- Update firmware
Access to the out-of-band management port on a public LAN can have serious security implications because it can grant anyone with credentials direct access to your serverβs hardware and console. Follow security best practices when implementing out-of-band management access.
Wiring the Out-of-Band Management Network
Connect all out-of-band management ports to a dedicated management switch, separate from your data network. This ensures management access even if the data network experiences issues.
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Out-of-Band Management Switch β
βββββββββ¬ββββββββββββ¬ββββββββββββ¬ββββββββββββ¬ββββββββββββββββββ
β β β β
βββββ΄ββββ βββββ΄ββββ βββββ΄ββββ βββββ΄ββββ
β MGMT β β MGMT β β MGMT β β MGMT β
β Node1 β β Node2 β β Node3 β β Node4 β
βββββββββ βββββββββ βββββββββ βββββββββ
The management port is located on the rear of each server. For the exact location on your specific hardware, see the documentation from your hardware vendor.
IPMI Configuration
The commands below use ipmitool and apply to any BMC that supports the IPMI protocol.
Prerequisites
You must have root user access through SSH on the client-facing network. For example:
sudo -s
You must enter the configuration commands on each node that will be a member of your IPMI maintenance network.
In the examples below, replace <CHANNEL> with the IPMI channel for your platform (commonly 1 or 3). For the correct channel, see the documentation from your hardware vendor.
How IPMI Works
IPMI support on your nodeβs motherboard allows for out-of-band maintenance access even when the node is powered off (as long as it is connected to power).
- By default, nodes are configured to receive DHCP address assignments.
- The IPMI access network can be completely separate from your client-facing network.
- For the default IPMI username and password, see the documentation from your hardware vendor.
The IPMI username and password are independent of your Qumulo administrative credentials.
Verifying IPMI LAN Configuration
To view the current IPMI LAN configuration, run the following command.
ipmitool lan print <CHANNEL>
Configuring IPMI with Static IP Addresses
To configure the IPMI interface with a static IP address, run the following commands. Replace <IP_ADDRESS>, <SUBNET_MASK>, and <GATEWAY_IP_ADDRESS> with values appropriate for your network.
# Set IPMI interface to static IP
ipmitool lan set <CHANNEL> ipsrc static
# Set the IP address of the interface
ipmitool lan set <CHANNEL> ipaddr <IP_ADDRESS>
# Set the subnet mask
ipmitool lan set <CHANNEL> netmask <SUBNET_MASK>
# Set the default gateway
ipmitool lan set <CHANNEL> defgw ipaddr <GATEWAY_IP_ADDRESS>
# (Optional) Enable BMC ARP responses
ipmitool lan set <CHANNEL> arp respond on
Managing IPMI Users
Listing Current Users
To list current IPMI users, run the following command.
ipmitool user list <CHANNEL>
The output shows user IDs, names, and privilege levels. For example:
ID Name Callin Link Auth IPMI Msg Channel Priv Limit
1 false false true ADMINISTRATOR
2 root false true true ADMINISTRATOR
Changing a User Password
To change the password for an existing user, run the following command. Replace <USER_ID> with the userβs ID number.
ipmitool user set password <USER_ID>
The system prompts you to enter and confirm the new password.
Creating a New User
To create a new administrative user, run the following commands. This example creates a user named netadmin in user slot 4.
# Set the username
ipmitool user set name 4 netadmin
# Set the password (you will be prompted)
ipmitool user set password 4
Setting User Access
To configure access permissions for a user, run the following commands. Replace <USER_ID> with the userβs ID number.
# Grant LAN access, IPMI messaging, callin, and administrator privilege
ipmitool channel setaccess <CHANNEL> <USER_ID> link=on ipmi=on callin=on privilege=4
# Enable the user
ipmitool user enable <USER_ID>
Verifying User Access
To verify access settings for a channel, run the following command.
ipmitool channel getaccess <CHANNEL>
Connecting to Nodes
After you configure the BMC, you can access the node by using a web browser and the IP address that you or your DHCP server assigned.
Troubleshooting Connectivity
If you canβt connect to the BMC, make sure that LAN access is turned on for the channel.
ipmitool lan set <CHANNEL> access on
If you still canβt connect and your network configuration is correct, reset the BMC through an SSH or KVM Console session to the node.
ipmitool bmc reset cold