Re: Intel AMT serial-over-LAN with OpenBSD
On Tuesday 08 September 2015 07:24:56, Joe Gidi wrote: > > It is worth pointing out that amtterm is only useable with AMT > > versions <= 8 > > as AMT version 9 removed the SOAP interface that amtterm uses. If > > anyone knows of anything that can talk the ws-man protocol > > variant AMT version 9 uses I'd like to hear about it. > > This box has AMT 9, actually. > > amtterm-cli, the SOL client, still works with it. However, as you > said, the other components of the amtterm package don't work due to > the SOAP interface being deprecated. > > There apparently is some open-source code for wsman, but I don't see > any sign that it's been ported to OpenBSD: > > https://openwsman.github.io/ > http://en.community.dell.com/techcenter/b/techcenter/archive/2012/08 > /03/wsmancli-package-for-ubuntu AIUI, the difference between legacy SOL redirection mode and what newer AMT versions do is that with the former, the SOL port is open by default while with newer version, one needs to enable it with wsman first. So, if the ME-BIOS does not offer "Legacy redirection mode", one needs to do these magical incantations: wsman put http://intel.com/wbem/wscim/1/amt-schema/1/AMT_RedirectionService \ -h $HOST -P 16992 -u admin -p $AMT_PASSWORD \ -k RFBPassword=$AMT_PASSWORD wsman put http://intel.com/wbem/wscim/1/amt-schema/1/AMT_RedirectionService \ -h $HOST -P 16992 -u admin -p $AMT_PASSWORD \ -k ListenerEnabled=true After that, amtterm works until the next power down of the device. At least that worked with a Fujitsu Q775 (Broadwell). I am not sure about the AMT version, but I think it was 10. For wsman, I used the Ubuntu packages. Also, one needs either amtterm 1.4 or the appropriate patches backported to 1.3, otherwise amtterm will disconnect at every reboot of the machine. A friend of mine also did some script using curl that does powerup/reset/powerdown via the port 16992 AMT web interface and works without wsman. If there is interest, I could probably post it here. Cheers, Stefan
Re: Intel AMT serial-over-LAN with OpenBSD
On Tue, September 8, 2015 1:40 am, Jonathan Gray wrote: > On Sun, Sep 06, 2015 at 09:50:10PM -0400, Joe Gidi wrote: >> I recently bought a Lenovo ThinkServer TS140 to replace my aging HP >> Microserver. Rather than using a standard serial console to admin the >> machine, I've been playing around with the Intel AMT serial-over-LAN >> capabilities. The following notes might help others who'd like to use >> this >> feature with OpenBSD; hopefully they'll save you some hair-tearing. >> >> The Intel AMT technology can piggyback on the onboard NIC, sharing the >> same IP and MAC as the operating system. I'm not a fan of that idea, so >> I >> opted to leave the onboard NIC as a dedicated management interface and >> add >> another NIC for the OS. So, in my system, em0 (onboard) is used only for >> serial-over-LAN administration, and em1 (PCI-E card) is used by OpenBSD. >> >> Lenovo published a pretty decent PDF on configuring AMT, available here: >> >> http://www.lenovo.com/images/products/server/pdfs/tech_resources/thinkserver_config_amt_ts140_ts440_tr.pdf >> >> To get serial-over-LAN working, you can largely follow that PDF, but for >> steps 18 and 19, you can leave IDER and KVM disabled. For step 20, >> Legacy >> Redirection Mode needs to be enabled. >> >> The serial-over-LAN device is presented as a puc(4) card with com4 >> attaching to it: >> >> puc0 at pci0 dev 22 function 3 "Intel 8 Series KT" rev 0x04: ports: 1 >> com >> com4 at puc0 port 0 apic 8 int 19: ns16550a, 16 byte fifo >> >> To get a working console, I edited /etc/ttys like so: >> tty04 "/usr/libexec/getty std.9600" vt220 on secure >> >> Then, to get the console working at boot, I configured /etc/boot.conf as >> follows: >> machine comaddr 0xf0e0/0x0008 >> set tty com4 >> >> The "machine commaddr 0xf0e0/0x0008" line was worked out by running >> 'pcidump -v' and finding the BAR io addr for this device: >> >> 0:22:3: Intel 8 Series KT >> 0x: Vendor ID: 8086 Product ID: 8c3d >> 0x0004: Command: 0007 Status: 00b0 >> 0x0008: Class: 07 Subclass: 00 Interface: 02 Revision: 04 >> 0x000c: BIST: 00 Header Type: 00 Latency Timer: 00 Cache Line >> Size: 00 >> 0x0010: BAR io addr: 0xf0e0/0x0008 >> 0x0014: BAR mem 32bit addr: 0xf7d3e000/0x1000 >> 0x0018: BAR empty () >> 0x001c: BAR empty () >> 0x0020: BAR empty () >> 0x0024: BAR empty () >> 0x0028: Cardbus CIS: >> 0x002c: Subsystem Vendor ID: 17aa Product ID: 30a5 >> 0x0030: Expansion ROM Base Address: >> 0x0038: >> 0x003c: Interrupt Pin: 02 Line: 0a Min Gnt: 00 Max Lat: 00 >> 0x00c8: Capability 0x01: Power Management >> 0x00d0: Capability 0x05: Message Signaled Interrupts (MSI) >> >> That completed the setup on the ThinkServer side. To connect to it from >> my >> workstation, I installed the amtterm-cli package and ran 'amtterm >> 192.168.1.19' (the IP address I'd assigned to the AMT interface during >> setup). > > It is worth pointing out that amtterm is only useable with AMT versions <= > 8 > as AMT version 9 removed the SOAP interface that amtterm uses. If anyone > knows of anything that can talk the ws-man protocol variant AMT version 9 > uses I'd like to hear about it. This box has AMT 9, actually. amtterm-cli, the SOL client, still works with it. However, as you said, the other components of the amtterm package don't work due to the SOAP interface being deprecated. There apparently is some open-source code for wsman, but I don't see any sign that it's been ported to OpenBSD: https://openwsman.github.io/ http://en.community.dell.com/techcenter/b/techcenter/archive/2012/08/03/wsmancli-package-for-ubuntu Thanks, -- Joe Gidi j...@entropicblur.com "You cannot buy skill." -- Ross Seyfried
Re: Intel AMT serial-over-LAN with OpenBSD
On Sun, Sep 06, 2015 at 09:50:10PM -0400, Joe Gidi wrote: > I recently bought a Lenovo ThinkServer TS140 to replace my aging HP > Microserver. Rather than using a standard serial console to admin the > machine, I've been playing around with the Intel AMT serial-over-LAN > capabilities. The following notes might help others who'd like to use this > feature with OpenBSD; hopefully they'll save you some hair-tearing. > > The Intel AMT technology can piggyback on the onboard NIC, sharing the > same IP and MAC as the operating system. I'm not a fan of that idea, so I > opted to leave the onboard NIC as a dedicated management interface and add > another NIC for the OS. So, in my system, em0 (onboard) is used only for > serial-over-LAN administration, and em1 (PCI-E card) is used by OpenBSD. > > Lenovo published a pretty decent PDF on configuring AMT, available here: > > http://www.lenovo.com/images/products/server/pdfs/tech_resources/thinkserver_config_amt_ts140_ts440_tr.pdf > > To get serial-over-LAN working, you can largely follow that PDF, but for > steps 18 and 19, you can leave IDER and KVM disabled. For step 20, Legacy > Redirection Mode needs to be enabled. > > The serial-over-LAN device is presented as a puc(4) card with com4 > attaching to it: > > puc0 at pci0 dev 22 function 3 "Intel 8 Series KT" rev 0x04: ports: 1 com > com4 at puc0 port 0 apic 8 int 19: ns16550a, 16 byte fifo > > To get a working console, I edited /etc/ttys like so: > tty04 "/usr/libexec/getty std.9600" vt220 on secure > > Then, to get the console working at boot, I configured /etc/boot.conf as > follows: > machine comaddr 0xf0e0/0x0008 > set tty com4 > > The "machine commaddr 0xf0e0/0x0008" line was worked out by running > 'pcidump -v' and finding the BAR io addr for this device: > > 0:22:3: Intel 8 Series KT > 0x: Vendor ID: 8086 Product ID: 8c3d > 0x0004: Command: 0007 Status: 00b0 > 0x0008: Class: 07 Subclass: 00 Interface: 02 Revision: 04 > 0x000c: BIST: 00 Header Type: 00 Latency Timer: 00 Cache Line > Size: 00 > 0x0010: BAR io addr: 0xf0e0/0x0008 > 0x0014: BAR mem 32bit addr: 0xf7d3e000/0x1000 > 0x0018: BAR empty () > 0x001c: BAR empty () > 0x0020: BAR empty () > 0x0024: BAR empty () > 0x0028: Cardbus CIS: > 0x002c: Subsystem Vendor ID: 17aa Product ID: 30a5 > 0x0030: Expansion ROM Base Address: > 0x0038: > 0x003c: Interrupt Pin: 02 Line: 0a Min Gnt: 00 Max Lat: 00 > 0x00c8: Capability 0x01: Power Management > 0x00d0: Capability 0x05: Message Signaled Interrupts (MSI) > > That completed the setup on the ThinkServer side. To connect to it from my > workstation, I installed the amtterm-cli package and ran 'amtterm > 192.168.1.19' (the IP address I'd assigned to the AMT interface during > setup). It is worth pointing out that amtterm is only useable with AMT versions <= 8 as AMT version 9 removed the SOAP interface that amtterm uses. If anyone knows of anything that can talk the ws-man protocol variant AMT version 9 uses I'd like to hear about it.
