Garbage on SOL console (PE1950/lenny)
Alexander Dupuy
alex.dupuy at mac.com
Wed Jul 1 13:30:44 CDT 2009
I wrote:
> The solution is to disable the IPMI-over-serial-port support on the BMC
> (the problem is that the login prompt from Linux - or any other output
> to the serial port - is interpreted as IPMI commands, for which an error
> is generated, which generates more output from Linux, ad infinitum).
David Sparks asked:
> Does anyone know how to do this with plain IPMI (preferably ipmitool)?
>
On a 2950, I see that the ipmitool channel command might be able to do
this, although it's not entirely clear:
# ipmitool channel help
Channel Commands: authcap <channel number> <max privilege>
getaccess <channel number> [user id]
setaccess <channel number> <user id> [callin=on|off]
[ipmi=on|off] [link=on|off] [privilege=level]
info [channel number]
getciphers <ipmi | sol> [channel]
Possible privilege levels are:
1 Callback level
2 User level
3 Operator level
4 Administrator level
5 OEM Proprietary level
15 No access
# ipmitool channel info 2
Channel 0x2 info:
Channel Medium Type : Serial/Modem
Channel Protocol Type : IPMB-1.0
Session Support : single-session
Active Session Count : 0
Protocol Vendor ID : 7154
# ipmitool channel getaccess 2 2
Maximum User IDs : 10
Enabled User IDs : 1
User ID : 2
User Name : root
Fixed Name : No
Access Available : call-in / callback
Link Authentication : enabled
IPMI Messaging : enabled
Privilege Level : ADMINISTRATOR
# ipmitool channel setaccess 2 2 callin=off link=off ipmi=off privilege=15
# ipmitool channel getaccess 2 2
Maximum User IDs : 10
Enabled User IDs : 1
User ID : 2
User Name : root
Fixed Name : No
Access Available : callback
Link Authentication : disabled
IPMI Messaging : disabled
Privilege Level : NO ACCESS
#
I tried ipmitool channel authcap without any luck - no idea whether this
would do anything for you.
Now I am running this on a system where serial access was already turned
off (and yet, the serial channel root user access was still enabled) -
you will have to try it yourself and see if it really prevents the
endless chatter problem. I'm not very confident that this will do what
is needed.
I suspect that you will have more luck using the (better, IMHO) ipmiutil
toolset, specifically the tmconfig (a.k.a ipmiutil serial) command:
# ipmiutil serial -d # or tmconfig -d
This command prints out a lot of information, and although it ultimately
fails, I think that it has actually disabled serial access (or possibly,
it is failing because it is already disabled):
...
Channel Access Mode(2=Ser): 38 04 : Access = Disabled, PEF Alerts Disabled
Users: showing 4 of max 10 users (1 enabled)
Get User Access(1): 0a 81 01 0f: No access ()
Get User Access(2): 0a 41 01 4f: No access (root)
Get User Access(3): 0a 81 01 0f: No access ()
Get User Access(4): 0a 81 01 0f: No access ()
SetUserAccess(1/04), ret = 0
SetChanAcc: completion code=cc
SetChanAcc: completion code=cc
SetChanAcc(ser/disable), ret = -1
GetChanAcc(ser/disable), ret = 0, new value = 38
SetSerEntry(3): completion code=cc
SetSerEntry(3/disable), ret = -1
tmconfig, error -1
If it turns out that ipmiutil / tmconfig doesn't do what you need, I
highly recommend contacting the maintainer, Andy Cress (go to the
SourceForge project for ipmiutil and use the tracker to file an issue).
I was having problems getting the ipmiutil sol / isolconsole program to
successfully connect to our Dell x950 systems, and he was extremely
responsive and helpful (and the latest 2.3.7 version now has no problems
setting up a SOL console session with a Dell, and unlike ipmiutil sol
activate, also runs on Windows, and doesn't segfault when it gets
disconnected or timed out).
> Excellent analysis btw.
>
Thanks
@alex
--
mailto:alex.dupuy at mac.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.us.dell.com/pipermail/linux-poweredge/attachments/20090701/9b5fb43b/attachment.htm
More information about the Linux-PowerEdge
mailing list