On 28/02/17 12:39 PM, Lentes, Bernd wrote: > Hi, > > i have a HP server ML 350 G9 with an ILO4 card. The riloe stonith agent does > not work, i read in a book the recommendation to use the ipmi ressource agent > instead. > I'm trying to configure the respective ILO adapter with ipmitool. OMG. > Ipmitool drives me crazy. > It's a SLES 11 SP4 node. I did "/etc/init.d/ipmi start", some modules are > loaded: > > ha-idg-1:~ # lsmod|grep -i ipmi > ipmi_devintf 17560 0 > ipmi_si 53422 0 > ipmi_msghandler 49979 2 ipmi_devintf,ipmi_si > > I have a device file: > > ha-idg-1:~ # ll /dev/ipm* > crw-rw---- 1 root root 246, 0 Feb 28 13:51 /dev/ipmi0 > > What i found out/did already: > > For channel 2 i have two users configured: > > ipmitool> user list 2 > 1 Administrator true false true ADMINISTRATOR > 2 root true false true ADMINISTRATOR > 3 (Empty User) true false false NO ACCESS > 4 (Empty User) true false false NO ACCESS > 5 (Empty User) true false false NO ACCESS > 6 (Empty User) true false false NO ACCESS > 7 (Empty User) true false false NO ACCESS > 8 (Empty User) true false false NO ACCESS > 9 (Empty User) true false false NO ACCESS > 10 (Empty User) true false false NO ACCESS > 11 (Empty User) true false false NO ACCESS > 12 (Empty User) true false false NO ACCESS > > User root has a passsword which i tested via "user test" and it was ok. > > Channel 2: > > ipmitool> channel info 2 > Channel 0x2 info: > Channel Medium Type : 802.3 LAN > Channel Protocol Type : IPMB-1.0 > Session Support : multi-session > Active Session Count : 0 > Protocol Vendor ID : 7154 > Volatile(active) Settings > Alerting : enabled > Per-message Auth : disabled > User Level Auth : enabled > Access Mode : always available > Non-Volatile Settings > Alerting : enabled > Per-message Auth : disabled > User Level Auth : enabled > Access Mode : always available > > ipmitool> lan print 2 > Set in Progress : Set Complete > Auth Type Support : > Auth Type Enable : Callback : > : User : > : Operator : > : Admin : > : OEM : > IP Address Source : DHCP Address > IP Address : 146.107.235.15 > Subnet Mask : 255.255.255.0 > MAC Address : 70:10:6f:47:0c:48 > SNMP Community String : > BMC ARP Control : ARP Responses Enabled, Gratuitous ARP Disabled > Default Gateway IP : 146.107.235.1 > 802.1q VLAN ID : Disabled > 802.1q VLAN Priority : 0 > RMCP+ Cipher Suites : 0,1,2,3 > Cipher Suite Priv Max : XuuaXXXXXXXXXXX > : X=Cipher Suite Unused > : c=CALLBACK > : u=USER > : o=OPERATOR > : a=ADMIN > : O=OEM > > How can i grant principal access to channel 2 ? > I tried: > > ipmitool> lan set 2 access on > Set Channel Access for channel 2 failed: Unknown (0x83) > ipmitool> lan set 2 access ON > lan set access <on|off> > ipmitool> lan set 2 access=ON > lan set access <on|off> > > Does not seem to work. > > I did "lan set user 2", do not know if it's helpful. > > Also: > > ipmitool> channel authcap 2 4 > Channel number : 2 > IPMI v1.5 auth types : > KG status : default (all zeroes) > Per message authentication : disabled > User level authentication : enabled > Non-null user names exist : yes > Null user names exist : no > Anonymous login enabled : no > Channel supports IPMI v1.5 : no > Channel supports IPMI v2.0 : yes > > Don't know if it helps. > > I found > https://www.thomas-krenn.com/de/wiki/IPMI_Konfiguration_unter_Linux_mittels_ipmitool > (sorry, only in german): > > I did, as proposed: > > ha-idg-1:~ # ipmitool lan set 2 auth ADMIN MD5 > ha-idg-1:~ # ipmitool lan set 2 access on > Set Channel Access for channel 2 failed: Unknown (0x83) <===== ??? > > ha-idg-1:~ # ipmitool lan print 2 > Set in Progress : Set Complete > Auth Type Support : > Auth Type Enable : Callback : > : User : > : Operator : > : Admin : > : OEM : > IP Address Source : DHCP Address > IP Address : 146.107.235.15 > Subnet Mask : 255.255.255.0 > MAC Address : 70:10:6f:47:0c:48 > SNMP Community String : > BMC ARP Control : ARP Responses Enabled, Gratuitous ARP Disabled > Default Gateway IP : 146.107.235.1 > 802.1q VLAN ID : Disabled > 802.1q VLAN Priority : 0 > RMCP+ Cipher Suites : 0,1,2,3 > Cipher Suite Priv Max : XuuaXXXXXXXXXXX > : X=Cipher Suite Unused > : c=CALLBACK > : u=USER > : o=OPERATOR > : a=ADMIN > : O=OEM > > Wtf ? Sorry, this is the first time in my carreer that i curse in a mailing > list, but ipmitool really frustrates me. > Why can't i set access to this channel ? I'm running the commands as root. > It's ipmitool 1.8.15. > > Can someone help me in configuring IPMI that i can used it from the other > node to fence this node ? > > Big Thanks in advance. > > > Bernd
Would this help? https://www.alteeve.com/w/AN!Cluster_Tutorial_2#What_is_IPMI It covers configuring the IPMI BMC using ipmitool and then testing fence_ipmilan. The part about configuring in rgmanager won't be of use, but once you have the command line fence_ipmilan call working, you're 95% done. digimer -- Digimer Papers and Projects: https://alteeve.com/w/ "I am, somehow, less interested in the weight and convolutions of Einstein’s brain than in the near certainty that people of equal talent have lived and died in cotton fields and sweatshops." - Stephen Jay Gould _______________________________________________ Users mailing list: Users@clusterlabs.org http://lists.clusterlabs.org/mailman/listinfo/users Project Home: http://www.clusterlabs.org Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf Bugs: http://bugs.clusterlabs.org