1IPMI-SENSORS(8)                 System Commands                IPMI-SENSORS(8)
2
3
4

NAME

6       ipmi-sensors - display IPMI sensor information
7

SYNOPSIS

9       ipmi-sensors [OPTION...]
10

DESCRIPTION

12       Ipmi-sensors  displays  current  readings  of  sensors  and sensor data
13       repository (SDR) information. The default display outputs each sensor's
14       record  id, sensor name, sensor type name, sensor reading (if appropri‐
15       ate), and the current sensor event. More  verbose  information  can  be
16       found using the verbose options specified below.  Ipmi-sensors does not
17       inform the user if a problem exists with a  particular  sensor  because
18       sensor  readings and events are not analyzed by default. Users may wish
19       to use the --output-sensor-state option to output the  analyzed  sensor
20       state.  Some sensors may have a sensor reading or sensor event of "N/A"
21       if the information is unavailable. This is typical of a sensor that  is
22       not  enabled  or not owned by a BMC. Please see --bridge-sensors option
23       below to deal with sensors not owned by a BMC.  Sensors  may  output  a
24       sensor event of "Unknown" if the sensor reading cannot be read. This is
25       typical of a sensor that is busy or a reading  that  cannot  be  calcu‐
26       lated.  If  sensors report "Unrecognized State", it is indicative of an
27       unknown sensor type, typically an OEM sensor. If the sensor OEM  inter‐
28       pretation  is available, the --interpret-oem-data may be able to report
29       the appropriate sensor state. Sensors need not always report  a  sensor
30       event. When a sensor event is not present, "OK" is typically reported.
31
32       Listed  below  are general IPMI options, tool specific options, trouble
33       shooting  information,  workaround  information,  examples,  and  known
34       issues.  For a general introduction to FreeIPMI please see freeipmi(7).
35       To perform IPMI sensor configuration, please  see  ipmi-config(8).   To
36       perform some advanced SDR management, please see bmc-device(8).
37

GENERAL OPTIONS

39       The following options are general options for configuring IPMI communi‐
40       cation and executing general tool commands.
41
42       -D IPMIDRIVER, --driver-type=IPMIDRIVER
43              Specify the driver type to use instead of doing an  auto  selec‐
44              tion.   The  currently  available  outofband drivers are LAN and
45              LAN_2_0, which perform IPMI 1.5 and IPMI 2.0  respectively.  The
46              currently  available  inband  drivers  are  KCS, SSIF, OPENIPMI,
47              SUNBMC, and INTELDCMI.
48
49       --disable-auto-probe
50              Do not probe in-band IPMI devices for default settings.
51
52       --driver-address=DRIVER-ADDRESS
53              Specify the in-band driver address to be  used  instead  of  the
54              probed  value. DRIVER-ADDRESS should be prefixed with "0x" for a
55              hex value and '0' for an octal value.
56
57       --driver-device=DEVICE
58              Specify the in-band driver device path to be used instead of the
59              probed path.
60
61       --register-spacing=REGISTER-SPACING
62              Specify  the  in-band  driver  register  spacing  instead of the
63              probed value. Argument is in bytes (i.e. 32bit register  spacing
64              = 4)
65
66       --target-channel-number=CHANNEL-NUMBER
67              Specify  the  in-band  driver target channel number to send IPMI
68              requests to.
69
70       --target-slave-address=SLAVE-ADDRESS
71              Specify the in-band driver target  slave  number  to  send  IPMI
72              requests to.
73
74       -h      IPMIHOST1,IPMIHOST2,...,      --hostname=IPMIHOST1[:PORT],IPMI‐
75       HOST2[:PORT],...
76              Specify the remote host(s) to communicate with.  Multiple  host‐
77              names  may  be separated by comma or may be specified in a range
78              format; see HOSTRANGED SUPPORT below. An optional  port  can  be
79              specified with each host, which may be useful in port forwarding
80              or similar situations.  If specifying an IPv6 address and  port,
81              use the format [ADDRESS]:PORT.
82
83       -u USERNAME, --username=USERNAME
84              Specify  the username to use when authenticating with the remote
85              host.  If not specified, a null  (i.e.  anonymous)  username  is
86              assumed. The user must have atleast OPERATOR privileges in order
87              for this tool to operate fully.
88
89       -p PASSWORD, --password=PASSWORD
90              Specify the password to use when authenticationg with the remote
91              host.   If  not  specified,  a null password is assumed. Maximum
92              password length is 16 for IPMI 1.5 and 20 for IPMI 2.0.
93
94       -P, --password-prompt
95              Prompt for password  to  avoid  possibility  of  listing  it  in
96              process lists.
97
98       -k K_G, --k-g=K_G
99              Specify  the  K_g  BMC  key  to use when authenticating with the
100              remote host for IPMI 2.0.  If  not  specified,  a  null  key  is
101              assumed. To input the key in hexadecimal form, prefix the string
102              with '0x'. E.g., the key 'abc' can be entered  with  the  either
103              the string 'abc' or the string '0x616263'
104
105       -K, --k-g-prompt
106              Prompt  for  k-g  to  avoid possibility of listing it in process
107              lists.
108
109       --session-timeout=MILLISECONDS
110              Specify the session timeout in milliseconds. Defaults  to  20000
111              milliseconds (20 seconds) if not specified.
112
113       --retransmission-timeout=MILLISECONDS
114              Specify  the  packet  retransmission  timeout  in  milliseconds.
115              Defaults to 1000 milliseconds (1 second) if not  specified.  The
116              retransmission  timeout  cannot be larger than the session time‐
117              out.
118
119       -a AUTHENTICATION-TYPE, --authentication-type=AUTHENTICATION-TYPE
120              Specify the IPMI 1.5 authentication type to use.  The  currently
121              available  authentication types are NONE, STRAIGHT_PASSWORD_KEY,
122              MD2, and MD5. Defaults to MD5 if not specified.
123
124       -I CIPHER-SUITE-ID, --cipher-suite-id=CIPHER-SUITE-ID
125              Specify the IPMI 2.0 cipher suite ID to use. The Cipher Suite ID
126              identifies a set of authentication, integrity, and confidential‐
127              ity algorithms to use for IPMI 2.0 communication. The  authenti‐
128              cation  algorithm  identifies  the  algorithm to use for session
129              setup, the integrity algorithm identifies the algorithm  to  use
130              for session packet signatures, and the confidentiality algorithm
131              identifies the algorithm to use for payload encryption. Defaults
132              to  cipher  suite  ID  3  if not specified. The following cipher
133              suite ids are currently supported:
134
135              0 - Authentication Algorithm = None; Integrity Algorithm = None;
136              Confidentiality Algorithm = None
137
138              1  - Authentication Algorithm = HMAC-SHA1; Integrity Algorithm =
139              None; Confidentiality Algorithm = None
140
141              2 - Authentication Algorithm = HMAC-SHA1; Integrity Algorithm  =
142              HMAC-SHA1-96; Confidentiality Algorithm = None
143
144              3  - Authentication Algorithm = HMAC-SHA1; Integrity Algorithm =
145              HMAC-SHA1-96; Confidentiality Algorithm = AES-CBC-128
146
147              6 - Authentication Algorithm = HMAC-MD5; Integrity  Algorithm  =
148              None; Confidentiality Algorithm = None
149
150              7  -  Authentication Algorithm = HMAC-MD5; Integrity Algorithm =
151              HMAC-MD5-128; Confidentiality Algorithm = None
152
153              8 - Authentication Algorithm = HMAC-MD5; Integrity  Algorithm  =
154              HMAC-MD5-128; Confidentiality Algorithm = AES-CBC-128
155
156              11  - Authentication Algorithm = HMAC-MD5; Integrity Algorithm =
157              MD5-128; Confidentiality Algorithm = None
158
159              12 - Authentication Algorithm = HMAC-MD5; Integrity Algorithm  =
160              MD5-128; Confidentiality Algorithm = AES-CBC-128
161
162              15 - Authentication Algorithm = HMAC-SHA256; Integrity Algorithm
163              = None; Confidentiality Algorithm = None
164
165              16 - Authentication Algorithm = HMAC-SHA256; Integrity Algorithm
166              = HMAC_SHA256_128; Confidentiality Algorithm = None
167
168              17 - Authentication Algorithm = HMAC-SHA256; Integrity Algorithm
169              = HMAC_SHA256_128; Confidentiality Algorithm = AES-CBC-128
170
171       -l PRIVILEGE-LEVEL, --privilege-level=PRIVILEGE-LEVEL
172              Specify the privilege level to be used. The currently  available
173              privilege  levels  are  USER,  OPERATOR,  and ADMIN. Defaults to
174              OPERATOR if not specified.
175
176       --config-file=FILE
177              Specify an alternate configuration file.
178
179       -W WORKAROUNDS, --workaround-flags=WORKAROUNDS
180              Specify workarounds to vendor compliance issues. Multiple  work‐
181              arounds  can be specified separated by commas. A special command
182              line flag of "none", will indicate no workarounds (may be useful
183              for overriding configured defaults). See WORKAROUNDS below for a
184              list of available workarounds.
185
186       --debug
187              Turn on debugging.
188
189       -?, --help
190              Output a help list and exit.
191
192       --usage
193              Output a usage message and exit.
194
195       -V, --version
196              Output the program version and exit.
197

IPMI-SENSORS OPTIONS

199       The following options are specific to ipmi-sensors.
200
201       -v, --verbose
202              Output verbose sensor output. This option will output additional
203              information  about  sensors such as thresholds, ranges, numbers,
204              and event/reading type codes.
205
206       -vv    Output very verbose sensor output. This option will output  more
207              additional  information than the verbose option such as informa‐
208              tion about events, other sensor types, and oem sensors.
209
210       -i, --sdr-info
211              Show sensor data repository (SDR) information
212
213       -q, --quiet-readings
214              Do not output sensor reading values by default. This  option  is
215              particularly  useful if you want to use hostranged output across
216              a cluster and want to consolidate the output.
217
218       -r RECORD-IDS-LIST, --record-ids=RECORD-IDS-LIST
219              Specify sensors to show by record id. Multiple record ids can be
220              separated  by  commas or spaces. If both --record-ids and --sen‐
221              sor-types are specified, --record-ids takes precedence.  A  spe‐
222              cial  command  line record id of "all", will indicate all record
223              ids should be shown (may be  useful  for  overriding  configured
224              defaults).
225
226       -R RECORD-IDS-LIST, --exclude-record-ids=RECORD-IDS-LIST
227              Specify  sensors  to  not show by record id. Multiple record ids
228              can be separated by commas or spaces.  A  special  command  line
229              record  id  of  "none",  will  indicate  no record ids should be
230              excluded (may be useful for overriding configured defaults).
231
232       -t SENSOR-TYPE-LIST, --sensor-types=SENSOR-TYPE-LIST
233              Specify sensor types to show outputs for. Multiple types can  be
234              separated  by  commas or spaces. If both --record-ids and --sen‐
235              sor-types are specified, --record-ids takes precedence.  A  spe‐
236              cial  command line type of "all", will indicate all types should
237              be shown (may be useful  for  overriding  configured  defaults).
238              Users  may  specify  sensor  types  by  string  (see --list-sen‐
239              sor-types below) or by number (decimal or hex).
240
241       -T SENSOR-TYPE-LIST, --exclude-sensor-types=SENSOR-TYPE-LIST
242              Specify sensor types to not show outputs for. Multiple types can
243              be  eparated by commas or spaces. A special command line type of
244              "none", will indicate no types should be excluded (may be useful
245              for  overriding  configured  defaults). Users may specify sensor
246              types by string (see --list-sensor-types  below)  or  by  number
247              (decimal or hex).
248
249       -L, --list-sensor-types
250              List sensor types.
251
252       -b, --bridge-sensors
253              By  default,  sensors  readings are not attempted for sensors on
254              non-BMC owners. By setting this option, sensor requests  can  be
255              bridged  to  non-BMC  owners to obtain sensor readings. Bridging
256              may not work on some interfaces/driver types.
257
258       --shared-sensors
259              Some sensors share the same sensor data record  (SDR).  This  is
260              typically  utilized  for  system event log (SEL) entries and not
261              for sensor readings. However, there may be some motherboards  in
262              which  this  format  is utilized for multiple active sensors, or
263              the user simply  has  interest  in  seeing  the  permutation  of
264              entries shared by a SDR entry. By setting this option, each sen‐
265              sor number shared by a record will be iterated over and output.
266
267       --interpret-oem-data
268              Attempt to interpret OEM data, such as event data, sensor  read‐
269              ings,  or  general  extra info, etc. If an OEM interpretation is
270              not available, the default output will be generated. Correctness
271              of  OEM  interpretations  cannot  be guaranteed due to potential
272              changes OEM vendors may make in products, firmware, etc. See OEM
273              INTERPRETATION  below for confirmed supported motherboard inter‐
274              pretations.
275
276       --ignore-not-available-sensors
277              Ignore not-available (i.e. N/A) sensors in output.
278
279       --ignore-unrecognized-events
280              Ignore unrecognized sensor events. This will suppress output  of
281              unrecognized  events,  typically  shown as 'Unrecognized Event =
282              XXXXh' in output.  In  addition,  unrecognized  events  will  be
283              ignored when calculating sensor state with --output-sensor-state
284              below.
285
286       --output-event-bitmask
287              Output event bitmask value instead of the string representation.
288
289       --output-sensor-state
290              Output sensor state in output. This will add an additional  out‐
291              put  reporting if a sensor is in a NOMINAL, WARNING, or CRITICAL
292              state.  The sensor state is an interpreted value  based  on  the
293              current  sensor  event.  The  sensor  state  interpretations are
294              determined        by        the        configuration        file
295              /etc/freeipmi//freeipmi_interpret_sensor.conf.               See
296              freeipmi_interpret_sensor.conf(5) for  more  information.   This
297              option  gives  identical  output  to the sensor state previously
298              output by ipmimonitoring(8).
299
300       --sensor-state-config-file=FILE
301              Specify an alternate sensor  state  configuration  file.  Option
302              ignored if --output-sensor-state not specified.
303
304       --entity-sensor-names
305              Output  sensor  names prefixed with their entity id and instance
306              number when appropriate. This may be necessary on  some  mother‐
307              boards  to help identify what sensors are referencing. For exam‐
308              ple, a motherboard may have multiple sensors named  'TEMP'.  The
309              entity  id  and  instance  number  may help clarify which sensor
310              refers to "Processor 1" vs. "Processor 2".
311
312       --output-sensor-thresholds
313              Output sensor thresholds in output. This will add columns to the
314              default  output for lower non-recoverable, lower critical, lower
315              non-critical, upper non-critical, upper critical, and upper non-
316              recoverable thresholds.
317
318       --no-sensor-type-output
319              Do  not show sensor type output for each entry. On many systems,
320              the sensor type is redundant to the name of the sensor. This can
321              especially  be  true  if --entity-sensor-names is specified.  If
322              the sensor name is sufficient, or if the sensor type  is  of  no
323              interest  to  the user, this option can be specified to condense
324              output.
325
326       --comma-separated-output
327              Output fields in comma separated format.
328
329       --no-header-output
330              Do not output column headers. May be useful in scripting.
331
332       --non-abbreviated-units
333              Output non-abbreviated units (e.g. 'Amps' instead of  'A').  May
334              aid  in  disambiguation  of  units  (e.g.  'C'  for  Celsius  or
335              Coulombs).
336
337       --legacy-output
338              Output in legacy format. Newer options may not be applicable  to
339              legacy output.
340
341       --ipmimonitoring-legacy-output
342              Output  legacy  format  of  legacy  ipmimonitoring  tool.  Newer
343              options may not be applicable to legacy output.
344

SDR CACHE OPTIONS

346       This tool requires access to the sensor data repository (SDR) cache for
347       general  operation.  By default, SDR data will be downloaded and cached
348       on the local machine. The following options apply to the SDR cache.
349
350       --flush-cache
351              Flush a cached version  of  the  sensor  data  repository  (SDR)
352              cache. The SDR is typically cached for faster subsequent access.
353              However, it may need to be flushed and re-generated if  the  SDR
354              has been updated on a system.
355
356       --quiet-cache
357              Do  not output information about cache creation/deletion. May be
358              useful in scripting.
359
360       --sdr-cache-recreate
361              If the SDR cache is out of date or invalid, automatically recre‐
362              ate  the  sensor data repository (SDR) cache. This option may be
363              useful for scripting purposes.
364
365       --sdr-cache-file=FILE
366              Specify a specific sensor data repository (SDR) cache file to be
367              stored  or read from. If this option is used when multiple hosts
368              are specified, the same SDR cache file  will  be  used  for  all
369              hosts.
370
371       --sdr-cache-directory=DIRECTORY
372              Specify  an alternate directory for sensor data repository (SDR)
373              caches to be stored or read from. Defaults to the home directory
374              if not specified.
375

TIME OPTIONS

377       By  IPMI definition, all IPMI times and timestamps are stored in local‐
378       time. However, in many situations, the timestamps will not be stored in
379       localtime.  Whether  or  not  a  system  truly stored the timestamps in
380       localtime varies on many factors, such as the vendor, BIOS, and operat‐
381       ing  system.   The  following options will allow the user to adjust the
382       interpretation of the stored timestamps and how they should be output.
383
384       --utc-to-localtime
385              Assume all times are reported in UTC time and convert  the  time
386              to localtime before being output.
387
388       --localtime-to-utc
389              Convert all localtime timestamps to UTC before being output.
390
391       --utc-offset=SECONDS
392              Specify  a  specific  UTC offset in seconds to be added to time‐
393              stamps.  Value can range from -86400 to 86400 seconds.  Defaults
394              to 0.
395

HOSTRANGED OPTIONS

397       The following options manipulate hostranged output. See HOSTRANGED SUP‐
398       PORT below for additional information on hostranges.
399
400       -B, --buffer-output
401              Buffer hostranged output. For each node, buffer standard  output
402              until the node has completed its IPMI operation. When specifying
403              this option, data may appear to output slower to the user  since
404              the  the entire IPMI operation must complete before any data can
405              be output.  See HOSTRANGED SUPPORT below for additional informa‐
406              tion.
407
408       -C, --consolidate-output
409              Consolidate hostranged output. The complete standard output from
410              every node specified will be consolidated  so  that  nodes  with
411              identical  output are not output twice. A header will list those
412              nodes with the consolidated output. When this option  is  speci‐
413              fied,  no  output  can  be seen until the IPMI operations to all
414              nodes has completed. If the  user  breaks  out  of  the  program
415              early,  all  currently  consolidated  output will be dumped. See
416              HOSTRANGED SUPPORT below for additional information.
417
418       -F NUM, --fanout=NUM
419              Specify multiple host fanout. A  "sliding  window"  (or  fanout)
420              algorithm is used for parallel IPMI communication so that slower
421              nodes or timed out nodes will not impede parallel communication.
422              The maximum number of threads available at the same time is lim‐
423              ited by the fanout. The default is 64.
424
425       -E, --eliminate
426              Eliminate hosts determined as undetected  by  ipmidetect.   This
427              attempts to remove the common issue of hostranged execution tim‐
428              ing out due to several nodes being removed  from  service  in  a
429              large  cluster.  The  ipmidetectd  daemon must be running on the
430              node executing the command.
431
432       --always-prefix
433              Always prefix output, even if only one host is specified or com‐
434              municating  in-band. This option is primarily useful for script‐
435              ing purposes. Option will be ignored if specified  with  the  -C
436              option.
437

HOSTRANGED SUPPORT

439       Multiple hosts can be input either as an explicit comma separated lists
440       of hosts or a range of hostnames in  the  general  form:  prefix[n-m,l-
441       k,...],  where  n < m and l < k, etc. The later form should not be con‐
442       fused with regular expression character classes (also denoted  by  []).
443       For example, foo[19] does not represent foo1 or foo9, but rather repre‐
444       sents a degenerate range: foo19.
445
446       This range syntax is meant only as a convenience  on  clusters  with  a
447       prefixNN  naming  convention  and specification of ranges should not be
448       considered necessary -- the list foo1,foo9 could be specified as  such,
449       or by the range foo[1,9].
450
451       Some examples of range usage follow:
452           foo[01-05] instead of foo01,foo02,foo03,foo04,foo05
453           foo[7,9-10] instead of foo7,foo9,foo10
454           foo[0-3] instead of foo0,foo1,foo2,foo3
455
456       As a reminder to the reader, some shells will interpret brackets ([ and
457       ]) for pattern matching. Depending on your shell, it may  be  necessary
458       to enclose ranged lists within quotes.
459
460       When  multiple  hosts  are specified by the user, a thread will be exe‐
461       cuted for each host in parallel up to the configured fanout (which  can
462       be  adjusted via the -F option). This will allow communication to large
463       numbers of nodes far more quickly than if done in serial.
464
465       By default, standard output from each node  specified  will  be  output
466       with the hostname prepended to each line. Although this output is read‐
467       able in many situations, it may be difficult to read  in  other  situa‐
468       tions.  For  example, output from multiple nodes may be mixed together.
469       The -B and -C options can be used to change this default.
470
471       In-band IPMI Communication will be used when the  host  "localhost"  is
472       specified.  This  allows  the  user  to add the localhost into the hos‐
473       tranged output.
474

GENERAL TROUBLESHOOTING

476       Most often, IPMI problems are due to configuration problems.
477
478       IPMI over  LAN  problems  involve  a  misconfiguration  of  the  remote
479       machine's  BMC.  Double check to make sure the following are configured
480       properly in the remote machine's BMC: IP address, MAC  address,  subnet
481       mask,  username,  user enablement, user privilege, password, LAN privi‐
482       lege, LAN enablement, and allowed authentication type(s). For IPMI  2.0
483       connections,  double  check  to make sure the cipher suite privilege(s)
484       and K_g key are configured properly. The  ipmi-config(8)  tool  can  be
485       used to check and/or change these configuration settings.
486
487       Inband  IPMI  problems  are  typically  caused by improperly configured
488       drivers or non-standard BMCs.
489
490       In addition to the troubleshooting tips below, please  see  WORKAROUNDS
491       below to also if there are any vendor specific bugs that have been dis‐
492       covered and worked around.
493
494       Listed below are many of the common issues  for  error  messages.   For
495       additional  support, please e-mail the <freeipmi-users@gnu.org> mailing
496       list.
497
498       "username invalid" - The username entered (or a NULL username  if  none
499       was  entered)  is  not  available on the remote machine. It may also be
500       possible the remote BMC's username configuration is incorrect.
501
502       "password invalid" - The password entered (or a NULL password  if  none
503       was  entered)  is not correct. It may also be possible the password for
504       the user is not correctly configured on the remote BMC.
505
506       "password verification timeout" - Password verification has timed  out.
507       A  "password  invalid"  error  (described  above) or a generic "session
508       timeout" (described below) occurred.  During this point in the protocol
509       it cannot be differentiated which occurred.
510
511       "k_g  invalid"  -  The  K_g  key entered (or a NULL K_g key if none was
512       entered) is not correct. It may also be possible the  K_g  key  is  not
513       correctly configured on the remote BMC.
514
515       "privilege level insufficient" - An IPMI command requires a higher user
516       privilege than the one authenticated with. Please try  to  authenticate
517       with a higher privilege. This may require authenticating to a different
518       user which has a higher maximum privilege.
519
520       "privilege level cannot be obtained for  this  user"  -  The  privilege
521       level  you are attempting to authenticate with is higher than the maxi‐
522       mum allowed for this user. Please try again with a lower privilege.  It
523       may  also be possible the maximum privilege level allowed for a user is
524       not configured properly on the remote BMC.
525
526       "authentication type unavailable for attempted privilege level"  -  The
527       authentication  type you wish to authenticate with is not available for
528       this privilege level. Please try again with an alternate authentication
529       type  or  alternate privilege level. It may also be possible the avail‐
530       able authentication types you can authenticate with are  not  correctly
531       configured on the remote BMC.
532
533       "cipher suite id unavailable" - The cipher suite id you wish to authen‐
534       ticate with is not available on the remote BMC. Please try  again  with
535       an  alternate  cipher  suite  id. It may also be possible the available
536       cipher suite ids are not correctly configured on the remote BMC.
537
538       "ipmi 2.0 unavailable" - IPMI 2.0 was  not  discovered  on  the  remote
539       machine. Please try to use IPMI 1.5 instead.
540
541       "connection  timeout"  - Initial IPMI communication failed. A number of
542       potential errors are possible, including an invalid hostname specified,
543       an  IPMI  IP  address  cannot  be  resolved, IPMI is not enabled on the
544       remote server, the network connection is bad, etc. Please  verify  con‐
545       figuration and connectivity.
546
547       "session  timeout"  - The IPMI session has timed out. Please reconnect.
548       If this error occurs often, you may wish to increase the retransmission
549       timeout. Some remote BMCs are considerably slower than others.
550
551       "device  not  found"  - The specified device could not be found. Please
552       check configuration or inputs and try again.
553
554       "driver timeout" - Communication with the driver or  device  has  timed
555       out. Please try again.
556
557       "message  timeout"  - Communication with the driver or device has timed
558       out. Please try again.
559
560       "BMC busy" - The BMC is currently busy. It may be  processing  informa‐
561       tion  or have too many simultaneous sessions to manage. Please wait and
562       try again.
563
564       "could not find inband device" - An inband device could not  be  found.
565       Please  check configuration or specify specific device or driver on the
566       command line.
567
568       "driver timeout" - The inband driver has timed out communicating to the
569       local  BMC  or  service  processor. The BMC or service processor may be
570       busy or (worst case) possibly non-functioning.
571
572       "internal IPMI error" - An IPMI error has occurred that  FreeIPMI  does
573       not  know  how  to  handle.  Please  e-mail <freeipmi-users@gnu.org> to
574       report the issue.
575
576       "sensor config file parse error" - A parse error was found in the  sen‐
577       sor  interpretation  configuration  file.  Please  see  freeipmi_inter‐
578       pret_sensor.conf(5).
579

WORKAROUNDS

581       With so many different vendors implementing their own  IPMI  solutions,
582       different  vendors  may implement their IPMI protocols incorrectly. The
583       following describes a number of workarounds currently available to han‐
584       dle  discovered compliance issues. When possible, workarounds have been
585       implemented so they will be transparent to the user. However, some will
586       require the user to specify a workaround be used via the -W option.
587
588       The hardware listed below may only indicate the hardware that a problem
589       was discovered on. Newer versions of  hardware  may  fix  the  problems
590       indicated  below.  Similar machines from vendors may or may not exhibit
591       the same problems. Different vendors may license  their  firmware  from
592       the  same IPMI firmware developer, so it may be worthwhile to try work‐
593       arounds listed below even if your motherboard is not listed.
594
595       If you believe your hardware has an additional  compliance  issue  that
596       needs a workaround to be implemented, please contact the FreeIPMI main‐
597       tainers on <freeipmi-users@gnu.org> or <freeipmi-devel@gnu.org>.
598
599       assumeio - This workaround flag will assume inband interfaces  communi‐
600       cate  with  system  I/O rather than being memory-mapped. This will work
601       around systems that report invalid base addresses. Those  hitting  this
602       issue  may see "device not supported" or "could not find inband device"
603       errors.  Issue observed on HP ProLiant DL145 G1.
604
605       spinpoll - This workaround flag will inform some inband  drivers  (most
606       notably  the  KCS driver) to spin while polling rather than putting the
607       process to sleep. This may significantly improve the wall clock running
608       time  of  tools because an operating system scheduler's granularity may
609       be much larger than the time it takes to perform a single IPMI  message
610       transaction.  However,  by spinning, your system may be performing less
611       useful work by not contexting out the tool for a more useful task.
612
613       authcap - This workaround flag will  skip  early  checks  for  username
614       capabilities,  authentication  capabilities,  and K_g support and allow
615       IPMI authentication to succeed. It  works  around  multiple  issues  in
616       which the remote system does not properly report username capabilities,
617       authentication capabilities, or K_g status. Those  hitting  this  issue
618       may  see  "username  invalid",  "authentication  type  unavailable  for
619       attempted privilege level", or "k_g invalid" errors.  Issue observed on
620       Asus  P5M2/P5MT-R/RS162-E4/RX4,  Intel  SR1520ML/X38ML,  and  Sun  Fire
621       2200/4150/4450 with ELOM.
622
623       nochecksumcheck - This workaround flag will tell FreeIPMI to not  check
624       the  checksums  returned  from  IPMI command responses. It works around
625       systems that return invalid checksums due to implementation errors, but
626       the  packet  is otherwise valid. Users are cautioned on the use of this
627       option, as it removes validation of packet integrity  in  a  number  of
628       circumstances.  However,  it  is unlikely to be an issue in most situa‐
629       tions. Those hitting this issue may see "connection timeout",  "session
630       timeout",  or  "password verification timeout" errors. On IPMI 1.5 con‐
631       nections, the "noauthcodecheck" workaround may also needed  too.  Issue
632       observed  on  Supermicro  X9SCM-iiF, Supermicro X9DRi-F, and Supermicro
633       X9DRFR.
634
635       idzero - This workaround flag  will  allow  empty  session  IDs  to  be
636       accepted by the client. It works around IPMI sessions that report empty
637       session IDs to the client. Those hitting this issue  may  see  "session
638       timeout" errors. Issue observed on Tyan S2882 with M3289 BMC.
639
640       unexpectedauth  -  This  workaround flag will allow unexpected non-null
641       authcodes to be checked as though they were expected. It  works  around
642       an  issue  when  packets contain non-null authentication data when they
643       should be null due to disabled per-message authentication.  Those  hit‐
644       ting  this  issue  may  see "session timeout" errors. Issue observed on
645       Dell PowerEdge 2850,SC1425. Confirmed fixed on newer firmware.
646
647       forcepermsg - This workaround flag will force  per-message  authentica‐
648       tion  to  be used no matter what is advertised by the remote system. It
649       works around an issue when per-message authentication is advertised  as
650       disabled on the remote system, but it is actually required for the pro‐
651       tocol. Those hitting this  issue  may  see  "session  timeout"  errors.
652       Issue observed on IBM eServer 325.
653
654       endianseq  -  This  workaround flag will flip the endian of the session
655       sequence numbers to allow the session to continue  properly.  It  works
656       around  IPMI  1.5  session  sequence numbers that are the wrong endian.
657       Those hitting this  issue  may  see  "session  timeout"  errors.  Issue
658       observed  on  some  Sun  ILOM  1.0/2.0  (depends  on  service processor
659       endian).
660
661       noauthcodecheck - This workaround flag will tell FreeIPMI to not  check
662       the  authentication  codes returned from IPMI 1.5 command responses. It
663       works around systems that return invalid authentication  codes  due  to
664       hashing  or  implementation  errors.  Users are cautioned on the use of
665       this option, as it removes an authentication check verifying the valid‐
666       ity of a packet. However, in most organizations, this is unlikely to be
667       a security issue. Those hitting this issue may  see  "connection  time‐
668       out",  "session  timeout",  or  "password verification timeout" errors.
669       Issue observed on Xyratex FB-H8-SRAY, Intel  Windmill,  Quanta  Winter‐
670       fell, and Wiwynn Windmill.
671
672       intel20  - This workaround flag will work around several Intel IPMI 2.0
673       authentication issues. The issues covered include padding of usernames,
674       and  password  truncation  if  the  authentication  algorithm  is HMAC-
675       MD5-128. Those hitting this issue may see "username invalid", "password
676       invalid",  or  "k_g  invalid" errors. Issue observed on Intel SE7520AF2
677       with Intel Server Management Module (Professional Edition).
678
679       supermicro20 - This workaround flag will work around several Supermicro
680       IPMI  2.0  authentication  issues  on  motherboards  w/  Peppercon IPMI
681       firmware. The issues covered include handling invalid length  authenti‐
682       cation  codes.  Those  hitting  this  issue  may see "password invalid"
683       errors.  Issue observed on Supermicro H8QME with SIMSO  daughter  card.
684       Confirmed fixed on newerver firmware.
685
686       sun20 - This workaround flag will work work around several Sun IPMI 2.0
687       authentication issues. The issues covered include invalid lengthed hash
688       keys,  improperly  hashed keys, and invalid cipher suite records. Those
689       hitting this issue may see "password invalid" or  "bmc  error"  errors.
690       Issue  observed  on Sun Fire 4100/4200/4500 with ILOM.  This workaround
691       automatically includes the "opensesspriv" workaround.
692
693       opensesspriv - This workaround flag will slightly alter FreeIPMI's IPMI
694       2.0 connection protocol to workaround an invalid hashing algorithm used
695       by the remote system. The privilege level sent during the Open  Session
696       stage of an IPMI 2.0 connection is used for hashing keys instead of the
697       privilege level sent during the RAKP1 connection stage.  Those  hitting
698       this  issue may see "password invalid", "k_g invalid", or "bad rmcpplus
699       status code" errors.  Issue observed on Sun  Fire  4100/4200/4500  with
700       ILOM, Inventec 5441/Dell Xanadu II, Supermicro X8DTH, Supermicro X8DTG,
701       Intel S5500WBV/Penguin Relion 700, Intel S2600JF/Appro 512X, and Quanta
702       QSSC-S4R/Appro  GB812X-CN.  This  workaround is automatically triggered
703       with the "sun20" workaround.
704
705       integritycheckvalue - This workaround flag will work around an  invalid
706       integrity  check  value  during  an IPMI 2.0 session establishment when
707       using Cipher Suite ID 0. The integrity check value should be 0  length,
708       however  the  remote motherboard responds with a non-empty field. Those
709       hitting this issue may see "k_g  invalid"  errors.  Issue  observed  on
710       Supermicro  X8DTG,  Supermicro X8DTU, and Intel S5500WBV/Penguin Relion
711       700, and Intel S2600JF/Appro 512X.
712
713       assumemaxsdrrecordcount - This workaround will inform  SDR  reading  to
714       stop reading after a known maximum numer of SDR records have been read.
715       This will work around systems that  have  mis-implemented  SDR  reading
716       functions  that.  Those  hitting  this  issue may see "SDR record count
717       invalid" errors. Issue observed on unspecified Inspur motherboard.
718
719       discretereading - This workaround option will allow analog sensor read‐
720       ings  (i.e.  rpm,  degrees,  etc.) to be read even if the event/reading
721       type code for the sensor is for a  discrete  sensor  (i.e.  assert  vs.
722       deassert).  This option works around poorly defined (and arguably ille‐
723       gal) SDR records that expect analog sensor readings to be  read  along‐
724       side  discrete  sensors. This option is confirmed to work around issues
725       on HP Proliant DL380 G7 and HP ProLiant ML310 G5 motherboards.
726
727       ignorescanningdisabled - This workaround option will allow sensor read‐
728       ings  to  be read even if the sensor scanning bit indicates a sensor is
729       disabled. This option works around motherboards that incorrectly  indi‐
730       cate  sensors  as  disabled. This may problem may exist on your mother‐
731       board if sensors are listed as "N/A" even if they should be  available.
732       This  option is confirmed to work around issues on Dell Poweredge 2900,
733       Dell Poweredge 2950, Dell Poweredge R410, Dell Poweredge R610,  and  HP
734       Integrity rx3600 motherboards.
735
736       assumebmcowner  -  This workaround option will allow sensor readings to
737       be read if the sensor owner is the BMC, but the reported  sensor  owner
738       is not the BMC. Typically, sensors owned by a non-BMC sensor owner must
739       be bridged (e.g. with the --bridge-sensors option), however if the non-
740       BMC  sensor  owner is invalid, bridging fails. This option works around
741       motherboards that incorrectly report an non-BMC sensor owner by  always
742       assuming  the  sensor  owner is the BMC. This problem may exist on your
743       motherboard if sensors are listed as  "N/A"  even  if  they  should  be
744       available.  This  option  is confirmed to work around issues on Fujitsu
745       RX300 and Fujitsu RX300S2 motherboards.
746
747       ignoreauthcode - This workaround option will allow sensor  readings  to
748       be  read  if the remote machine is invalidly calculating authentication
749       codes (i.e. authentication hashes) when communicating  over  LAN.  This
750       problem  may exist on your system if the error "session timeout" errors
751       or there is an appearance of a hang.  Users are cautioned on the use of
752       this option, as it removes an authentication check verifying the valid‐
753       ity of a packet. However, in most organizations, this is unlikely to be
754       a  security  issue. The ignoring of authentication packets is only lim‐
755       ited to the period in which sensor readings are done, and not  for  any
756       portion  of the session authentication or session teardown. This option
757       is confirmed to work on  Inventec  5441/Dell  Xanadu  II  and  Inventec
758       5442/Dell Xanadu III.  (Note: On the above systems, this issue has only
759       been observed when the --bridge-sensors is used.)
760
761       No IPMI 1.5 Support - Some motherboards that support IPMI 2.0 have been
762       found  to  not support IPMI 1.5. Those hitting this issue may see "ipmi
763       2.0 unavailable" or "connection timeout"  errors.  This  issue  can  be
764       worked  around  by  using  IPMI  2.0  instead of IPMI 1.5 by specifying
765       --driver-type=LAN_2_0. Issue observed on HP Proliant DL 145.
766

OEM INTERPRETATION

768       The following motherboards are confirmed to have atleast  some  support
769       by  the --interpret-oem-data option. While highly probable the OEM data
770       interpretations would work across other motherboards by the same  manu‐
771       facturer,  there  are no guarantees. Some of the motherboards below may
772       be rebranded by vendors/distributors.
773
774       Dell Poweredge R210, Dell Poweredge R610,  Dell  Poweredge  R710,  Dell
775       Poweredge  R720, Fujitsu iRMC S1 and iRMC S2 systems, HP Proliant DL160
776       G8, Intel S5500WB/Penguin Computing  Relion  700,  Intel  S2600JF/Appro
777       512X,  Intel  S5000PAL,  Intel  Windmill, Quanta Winterfell, Supermicro
778       X7DBR-3, Supermicro  X7DB8,  Supermicro  X8DTN,  Supermicro  X7SBI-LN4,
779       Supermicro   X8DTH,  Supermicro  X8DTG,  Supermicro  X8DTU,  Supermicro
780       X8DT3-LN4F, Supermicro X8DTU-6+, Supermicro X8DTL, Supermicro X8DTL-3F,
781       Supermicro  X8SIL-F,  Supermicro  X9SCL,  Supermicro  X9SCM, Supermicro
782       X8DTN+-F, Supermicro X8SIE, Supermicro X9SCA-F-O,  Supermicro  H8DGU-F,
783       Supermicro   X9DRi-F,  Supermicro  X9DRI-LN4F+,  Supermicro  X9SPU-F-O,
784       Supermicro X9SCM-iiF, Wiwynn Windmill, Wistron/Dell Poweredge C6220.
785

EXAMPLES

787       # ipmi-sensors
788
789       Show all sensors and readings on the local machine.
790
791       # ipmi-sensors --verbose
792
793       Show verbose sensors and readings on the local machine.
794
795       # ipmi-sensors --record-ids="7,11,102"
796
797       Show sensor record ids 7, 11, and 102 on the local machine.
798
799       # ipmi-sensors --sensor-types=fan
800
801       Show all sensors of type fan on the local machine.
802
803       # ipmi-sensors -h ahost -u myusername -p mypassword
804
805       Show all sensors on a remote machine using IPMI over LAN.
806
807       # ipmi-sensors -h mycluster[0-127] -u myusername -p mypassword
808
809       Show all sensors across a cluster using IPMI over LAN.
810

DIAGNOSTICS

812       Upon successful execution, exit status is 0. On error, exit  status  is
813       1.
814
815       If multiple hosts are specified for communication, the exit status is 0
816       if and only if all targets successfully  execute.  Otherwise  the  exit
817       status is 1.
818

KNOWN ISSUES

820       On  older  operating systems, if you input your username, password, and
821       other potentially security relevant information on  the  command  line,
822       this information may be discovered by other users when using tools like
823       the ps(1) command or looking in the /proc file system. It is  generally
824       more  secure  to input password information with options like the -P or
825       -K options. Configuring security relevant information in  the  FreeIPMI
826       configuration file would also be an appropriate way to hide this infor‐
827       mation.
828
829       In order to prevent brute force attacks,  some  BMCs  will  temporarily
830       "lock  up" after a number of remote authentication errors. You may need
831       to wait awhile in order to this temporary "lock up" to pass before  you
832       may authenticate again.
833
834       Some  sensors  may  be  output  as not available (i.e. N/A) because the
835       owner of the sensor is not the BMC. To attempt to  bridge  sensors  and
836       access  sensors  not  on  the  BMC,  users  may  wish  to try the -b or
837       --bridge-sensors options.
838

REPORTING BUGS

840       Report bugs to <freeipmi-users@gnu.org> or <freeipmi-devel@gnu.org>.
841
843       Copyright © 2003-2015 FreeIPMI Core Team.
844
845       This program is free software; you can redistribute it and/or modify it
846       under  the  terms of the GNU General Public License as published by the
847       Free Software Foundation; either version 3 of the License, or (at  your
848       option) any later version.
849

SEE ALSO

851       freeipmi(7),   bmc-device(8),  ipmi-config(8),  freeipmi_interpret_sen‐
852       sor.conf(5)
853
854       http://www.gnu.org/software/freeipmi/
855
856
857
858IPMI Sensors version 1.6.1        2018-02-02                   IPMI-SENSORS(8)
Impressum