1ipmipower(8)                    System Commands                   ipmipower(8)
2
3
4

NAME

6       ipmipower - IPMI power control utility
7

SYNOPSIS

9       ipmipower [OPTION...]
10

DESCRIPTION

12       Ipmipower  allows  users  to remotely power on, off, cycle, hard reset,
13       get a power status query, perform a pulse diagnostic interrupt, or ini‐
14       tiate a soft-shutdown of the OS via ACPI through the IPMI over LAN pro‐
15       tocol.
16
17       When a power command (--on, --off, --cycle, --reset,  --stat,  --pulse,
18       or  --soft) is specified on the command line, Ipmipower will attempt to
19       run the power command on all hostnames listed on the command line  then
20       exit.
21
22       If  no power commands are specified on the command line, ipmipower will
23       run in interactive mode. Interactive mode gives the user a command line
24       interface to enter various commands. Details of the interactive command
25       line interface can be found below under INTERACTIVE COMMANDS.
26
27       Listed below are general IPMI options, tool specific  options,  trouble
28       shooting  information,  workaround information, examples, and known is‐
29       sues. For a general introduction to FreeIPMI please see freeipmi(7).
30

GENERAL OPTIONS

32       The following options are general options for configuring IPMI communi‐
33       cation and executing general tool commands.
34
35       -D IPMIDRIVER, --driver-type=IPMIDRIVER
36              Specify  the  driver type to use instead of doing an auto selec‐
37              tion.  The currently available outofband  drivers  are  LAN  and
38              LAN_2_0, which perform IPMI 1.5 and IPMI 2.0 respectively.
39
40       -h      IPMIHOST1,IPMIHOST2,...,      --hostname=IPMIHOST1[:PORT],IPMI‐
41       HOST2[:PORT],...
42              Specify the remote host(s) to communicate with.  Multiple  host‐
43              names  may  be separated by comma or may be specified in a range
44              format; see HOSTRANGED SUPPORT below. An optional  port  can  be
45              specified with each host, which may be useful in port forwarding
46              or similar situations.  If specifying an IPv6 address and  port,
47              use the format [ADDRESS]:PORT.
48
49       -u USERNAME, --username=USERNAME
50              Specify  the username to use when authenticating with the remote
51              host.  If not specified, a null (i.e. anonymous) username is as‐
52              sumed. The user must have atleast OPERATOR privileges to run the
53              --on, --off, --reset, --cycle, --pulse, or --soft power  control
54              commands.  The  user must have atleast USER privileges to deter‐
55              mine the power status of the machine through --stat.
56
57       -p PASSWORD, --password=PASSWORD
58              Specify the password to use when authenticationg with the remote
59              host.   If  not  specified,  a null password is assumed. Maximum
60              password length is 16 for IPMI 1.5 and 20 for IPMI 2.0.
61
62       -P, --password-prompt
63              Prompt for password  to  avoid  possibility  of  listing  it  in
64              process lists.
65
66       -k K_G, --k-g=K_G
67              Specify  the K_g BMC key to use when authenticating with the re‐
68              mote host for IPMI 2.0. If not specified, a null key is assumed.
69              To  input  the  key  in hexadecimal form, prefix the string with
70              '0x'. E.g., the key 'abc' can be entered  with  the  either  the
71              string 'abc' or the string '0x616263'
72
73       -K, --k-g-prompt
74              Prompt  for  k-g  to  avoid possibility of listing it in process
75              lists.
76
77       --session-timeout=MILLISECONDS
78              Specify the session timeout in milliseconds. Defaults  to  20000
79              milliseconds (20 seconds) if not specified.
80
81       --retransmission-timeout=MILLISECONDS
82              Specify  the  packet retransmission timeout in milliseconds. De‐
83              faults to 400 milliseconds (0.4 seconds) if not specified.
84
85       -a AUTHENTICATION-TYPE, --authentication-type=AUTHENTICATION-TYPE
86              Specify the IPMI 1.5 authentication type to use.  The  currently
87              available  authentication types are NONE, STRAIGHT_PASSWORD_KEY,
88              MD2, and MD5. Defaults to MD5 if not specified.
89
90       -I CIPHER-SUITE-ID, --cipher-suite-id=CIPHER-SUITE-ID
91              Specify the IPMI 2.0 cipher suite ID to use. The Cipher Suite ID
92              identifies a set of authentication, integrity, and confidential‐
93              ity algorithms to use for IPMI 2.0 communication. The  authenti‐
94              cation  algorithm  identifies  the  algorithm to use for session
95              setup, the integrity algorithm identifies the algorithm  to  use
96              for session packet signatures, and the confidentiality algorithm
97              identifies the algorithm to use for payload encryption. Defaults
98              to  cipher  suite  ID  3  if not specified. The following cipher
99              suite ids are currently supported:
100
101              0 - Authentication Algorithm = None; Integrity Algorithm = None;
102              Confidentiality Algorithm = None
103
104              1  - Authentication Algorithm = HMAC-SHA1; Integrity Algorithm =
105              None; Confidentiality Algorithm = None
106
107              2 - Authentication Algorithm = HMAC-SHA1; Integrity Algorithm  =
108              HMAC-SHA1-96; Confidentiality Algorithm = None
109
110              3  - Authentication Algorithm = HMAC-SHA1; Integrity Algorithm =
111              HMAC-SHA1-96; Confidentiality Algorithm = AES-CBC-128
112
113              6 - Authentication Algorithm = HMAC-MD5; Integrity  Algorithm  =
114              None; Confidentiality Algorithm = None
115
116              7  -  Authentication Algorithm = HMAC-MD5; Integrity Algorithm =
117              HMAC-MD5-128; Confidentiality Algorithm = None
118
119              8 - Authentication Algorithm = HMAC-MD5; Integrity  Algorithm  =
120              HMAC-MD5-128; Confidentiality Algorithm = AES-CBC-128
121
122              11  - Authentication Algorithm = HMAC-MD5; Integrity Algorithm =
123              MD5-128; Confidentiality Algorithm = None
124
125              12 - Authentication Algorithm = HMAC-MD5; Integrity Algorithm  =
126              MD5-128; Confidentiality Algorithm = AES-CBC-128
127
128              15 - Authentication Algorithm = HMAC-SHA256; Integrity Algorithm
129              = None; Confidentiality Algorithm = None
130
131              16 - Authentication Algorithm = HMAC-SHA256; Integrity Algorithm
132              = HMAC_SHA256_128; Confidentiality Algorithm = None
133
134              17 - Authentication Algorithm = HMAC-SHA256; Integrity Algorithm
135              = HMAC_SHA256_128; Confidentiality Algorithm = AES-CBC-128
136
137       -l PRIVILEGE-LEVEL, --privilege-level=PRIVILEGE-LEVEL
138              Specify the privilege level to be used. The currently  available
139              privilege  levels are USER, OPERATOR, and ADMIN. Defaults to OP‐
140              ERATOR if not specified.
141
142       --config-file=FILE
143              Specify an alternate configuration file.
144
145       -W WORKAROUNDS, --workaround-flags=WORKAROUNDS
146              Specify workarounds to vendor compliance issues. Multiple  work‐
147              arounds  can be specified separated by commas. A special command
148              line flag of "none", will indicate no workarounds (may be useful
149              for overriding configured defaults). See WORKAROUNDS below for a
150              list of available workarounds.
151
152       --debug
153              Turn on debugging.
154
155       -?, --help
156              Output a help list and exit.
157
158       --usage
159              Output a usage message and exit.
160
161       -V, --version
162              Output the program version and exit.
163

IPMIPOWER OPTIONS

165       The following options are specific to ipmipower.
166
167       -n, --on
168              Power on the target hosts.
169
170       -f, --off
171              Power off the target hosts.
172
173       -c, --cycle
174              Power cycle the target hosts.
175
176       -r, --reset
177              Reset the target hosts.
178
179       -s, --stat
180              Get power status of the target hosts.
181
182       --pulse
183              Send power diagnostic interrupt to target hosts.
184
185       --soft Initiate a soft-shutdown of the OS via ACPI.
186
187       --on-if-off
188              The IPMI specification does not require the power cycle or  hard
189              reset  commands  to  turn on a machine that is currently powered
190              off. This option will force ipmipower to issue a power  on  com‐
191              mand  instead  of a power cycle or hard reset command if the re‐
192              mote machine's power is currently off.
193
194       --wait-until-on
195              The IPMI specification allows power on commands to return  prior
196              to  the  power  on actually taking place. This option will force
197              ipmipower to regularly query the remote BMC and return only  af‐
198              ter the machine has powered on.
199
200       --wait-until-off
201              The IPMI specification allows power off commands to return prior
202              the power off actually taking place. This option will force  ip‐
203              mipower  to regularly query the remote BMC and return only after
204              the machine has powered off.
205
206       --oem-power-type=OEM-POWER-TYPE
207              This option informs ipmipower to initiate power  control  opera‐
208              tions via an IPMI OEM specific power control extension. The cur‐
209              rently available POWERTYPEs are NONE and C410X. Please  see  OEM
210              POWER EXTENSIONS below for additional information.
211

IPMIPOWER ADVANCED NETWORK OPTIONS

213       The following options are used to change the networking behavior of ip‐
214       mipower.
215
216       --retransmission-wait-timeout=MILLISECONDS
217              Specify the retransmission wait timeout length in  milliseconds.
218              The retransmission wait timeout is similar to the retransmission
219              timeout above, but is used  specifically  for  power  completion
220              verification  with  the --wait-until-on and --wait-until-off op‐
221              tions.  Defaults to 500 milliseconds (0.5 seconds).
222
223       --retransmission-backoff-count=COUNT
224              Specify the retransmission backoff  count  for  retransmissions.
225              After  ever  COUNT  retransmissions,  the retransmission timeout
226              length will be increased by another factor. Defaults to 8.
227
228       --ping-interval=MILLISECONDS
229              Specify the ping interval length in milliseconds.  When  running
230              in  interactive  mode, RMCP (Remote Management Control Protocol)
231              discovery messages will be sent to all configured  remote  hosts
232              every  MILLISECONDS to confirm their support of IPMI. Power com‐
233              mands cannot be sent to a host until it is  discovered  (or  re-
234              discovered if previously lost). Defaults to 5000 milliseconds (5
235              seconds). Ping discovery messages can  be  disabled  by  setting
236              this  valu  to 0. RMCP ping discovery messages are automatically
237              disabled in non-interactive mode.
238
239       --ping-timeout=MILLISECONDS
240              Specify the ping timeout length in milliseconds. When running in
241              interactive mode, RMCP (Remote Management Control Protocol) mes‐
242              sages discovery will be sent to all configured remote  hosts  to
243              confirm  their  support  of  IPMI.  A  remote host is considered
244              undiscovered if the host does not respond in MILLISECONDS  time.
245              Defaults  to  30000  milliseconds (30 seconds). The ping timeout
246              cannot be larger than the ping interval.
247
248       --ping-packet-count=COUNT
249              Specify the ping packet count size.  Defaults  to  10.  See  the
250              --ping-percent-fR  option below for more information on this op‐
251              tion.
252
253       --ping-percent=PERCENT
254              Specify the ping percent value. Defaults to 50.  Since  IPMI  is
255              based  on  UDP, it is difficult for ipmipower to distinguish be‐
256              tween a missing machine and a bad (or  heavily  loaded)  network
257              connection  in  interactive  mode.  when  running in interactive
258              mode. For example, suppose a link consistently drops 80% of  the
259              packets to a particular machine. The power control operation may
260              have difficulty completing, although a recent pong response from
261              RMCP  makes  ipmipower believe the machine is up and functioning
262              properly.  The ping packet count and percent options are used to
263              alleviate  this problem.  Ipmipower will monitor RMCP ping pack‐
264              ets in packet count chunks. If ipmipower does not receive a  re‐
265              sponse  to greater than ping percent of those packets, ipmipower
266              will assume the link to this node is bad and will not send power
267              control  operations  to that node until the connection is deter‐
268              mined to be reliable. This heuristic can be disabled by  setting
269              either  the ping packet count or ping percent to 0. This feature
270              is not used if ping interval is set to 0.
271
272       --ping-consec-count=COUNT
273              Specify the ping consecutive count. This  is  another  heuristic
274              used  to  determine  if  a node should be considered discovered,
275              undiscovered, or with a bad connection. If a valid RMCP pong re‐
276              sponse was received for the last COUNT ping packets, a node will
277              be considered discovered, regardless of other heuristics  listed
278              above.  Defaults to 5. This heuristic can be disabled by setting
279              this value to 0. This feature is not used if other ping features
280              described above are disabled.
281

HOSTRANGED OPTIONS

283       The following options manipulate hostranged output. See HOSTRANGED SUP‐
284       PORT below for additional information on hostranges.
285
286       -B, --buffer-output
287              Buffer hostranged output. For each node, buffer standard  output
288              until the node has completed its IPMI operation. When specifying
289              this option, data may appear to output slower to the user  since
290              the  the entire IPMI operation must complete before any data can
291              be output.  See HOSTRANGED SUPPORT below for additional informa‐
292              tion.
293
294       -C, --consolidate-output
295              Consolidate hostranged output. The complete standard output from
296              every node specified will be consolidated  so  that  nodes  with
297              identical  output are not output twice. A header will list those
298              nodes with the consolidated output. When this option  is  speci‐
299              fied,  no  output  can  be seen until the IPMI operations to all
300              nodes has completed. If the  user  breaks  out  of  the  program
301              early,  all  currently  consolidated  output will be dumped. See
302              HOSTRANGED SUPPORT below for additional information.
303
304       -F NUM, --fanout=NUM
305              Specify multiple host fanout. Indicates the  maximum  number  of
306              power control operations that can be executed in parallel.
307
308       -E, --eliminate
309              Eliminate  hosts  determined  as undetected by ipmidetect.  This
310              attempts to remove the common issue of hostranged execution tim‐
311              ing  out  due  to  several nodes being removed from service in a
312              large cluster. The ipmidetectd daemon must  be  running  on  the
313              node executing the command.
314
315       --always-prefix
316              Always prefix output, even if only one host is specified or com‐
317              municating in-band. This option is primarily useful for  script‐
318              ing  purposes.  Option  will be ignored if specified with the -C
319              option.
320

INTERACTIVE COMMANDS

322       Ipmipower provides the following interactive commands at the ipmipower>
323       prompt.  Before any power commands (on, off, cycle, reset, stat, pulse,
324       or soft) can be used, hostnames must be configured into ipmipower,  ei‐
325       ther  through the command prompt or the hostname command below. The pa‐
326       rameters and options to the commands  below  mirror  their  appropriate
327       command line options.
328
329       hostname [IPMIHOST(s)]
330              Specify a new set of hosts. No input to unconfigure all hosts.
331
332       username [USERNAME]
333              Specify a new username. No input for null username.
334
335       password [PASSWORD]
336              Specify a new password. No input for null password.
337
338       k_g [K_G]
339              Specify  a  new  K_g BMC Key. No input for null key. Prefix with
340              '0x' to enter a key in hexadecimal
341
342       ipmi-version IPMIVERSION
343              Specify the ipmi version to use.
344
345       session-timeout MILLISECONDS
346              Specify a new session timeout length.
347
348       retransmission-timeout MILLISECONDS
349              Specify a new retransmiision timeout length.
350
351       authentication-type AUTHENTICATION-TYPE
352              Specify the authentication type to use.
353
354       cipher-suite-id CIPHER-SUITE-ID
355              Specify the cipher suite id to use.
356
357       privilege-level PRIVILEGE-LEVEL
358              Specify the privilege level to use.
359
360       workaround-flags WORKAROUNDS
361              Specify workaround flags.
362
363       debug [on|off]
364              Toggle debug output.
365
366       on [IPMIHOST(s)]
367              Turn on all configured hosts or specified hosts.
368
369       off [IPMIHOST(s)]
370              Turn off all configured hosts or specified hosts.
371
372       cycle [IPMIHOST(s)]
373              Power cycle all configured hosts or specified hosts.
374
375       reset [IPMIHOST(s)]
376              Reset all configured hosts or specified hosts.
377
378       stat [IPMIHOST(s)]
379              Query power status for all configured hosts or specified hosts.
380
381       pulse [IPMIHOST(s)]
382              Pulse diagnostic interrupt all  configured  hosts  or  specified
383              hosts.
384
385       soft [IPMIHOST(s)]
386              Initiate  a  soft-shutdown for all configured hosts or specified
387              hosts.
388
389       identify-on [IPMIHOST(s)]
390              Turn on physical system identification.
391
392       identify-off [IPMIHOST(s)]
393              Turn off physical system identification.
394
395       identify-status [IPMIHOST(s)]
396              Query physical system identification status.
397
398       on-if-off [on|off]
399              Toggle on-if-off functionality.
400
401       wait-until-on [on|off]
402              Toggle wait-until-on functionality.
403
404       wait-until-off [on|off]
405              Toggle wait-until-off functionality.
406
407       retransmission-wait-timeout MILLISECONDS
408              Specify a new retransmission wait timeout length.
409
410       retransmission-backoff-count COUNT
411              Specify a new retransmission backoff count.
412
413       ping-interval MILLISECONDS
414              Specify a new ping interval length.
415
416       ping-timeout MILLISECONDS
417              Specify a new ping timeout length.
418
419       ping-packet-count COUNT
420              Specify a new ping packet count.
421
422       ping-percent PERCENT
423              Specify a new ping percent.
424
425       ping-consec-count COUNT
426              Specify a new ping consec count.
427
428       buffer-output [on|off]
429              Toggle buffer-output functionality.
430
431       consolidate-output [on|off]
432              Toggle consolidate-output functionality.
433
434       fanout COUNT
435              Specify a fanout.
436
437       always-prefix [on|off]
438              Toggle always-prefix functionality.
439
440       help   Output help menu.
441
442       version
443              Output version.
444
445       config Output the current configuration.
446
447       quit   Quit program.
448

OEM POWER EXTENSIONS

450       Some motherboards include IPMI OEM extensions for alternate power  con‐
451       trol  mechanisms. For example, these power control mechanisms may allow
452       you to power control a sub-device within the system rather than the en‐
453       tire system itself.
454
455       By  specifying  an  OEM  power type via --oem-power-type on the command
456       line or freeipmi.conf(5), you can instruct ipmipower to execute  alter‐
457       nate power control implementations over the standard ones. Depending on
458       the OEM extension, some power control commands may no longer be  avail‐
459       able.  For  example,  an OEM extension may allow on but not cycle. Spe‐
460       cific ipmipower options may not longer function either.
461
462       Some OEM extensions may require additional arguments  for  their  power
463       control  action,  such as a sub-device identifier. Additional arguments
464       can be provided by appending a plus sign ('+') and the  extra  informa‐
465       tion  to  the end of the hostname. This can be done on the command line
466       or in interactive mode. For example, the hostname mynode+18 would indi‐
467       cate the power control operation should be sent to the host mynode, and
468       18 is the identifier of a possible sub-device to be  power  controlled.
469       The  --consolidate-output option is commonly disabled when using an OEM
470       power control that requires extra arguments.
471
472       Because OEM power control may involve subtypes, it is possible  a  user
473       may  wish  to  power control multiple sub-devices on the same host. For
474       example, you might specify the hosts mynode+1,mynode+2,  indicating  to
475       power  control  subdevice  1 and 2 on mynode.  Because many BMCs cannot
476       handle multiple IPMI sessions, power control  operations  to  the  same
477       host will be serialized internally by ipmipower.
478
479       The following are the current OEM power types available, along with in‐
480       formation on the systems they work with and the  power  control  opera‐
481       tions available.
482
483       C410X  This  OEM power type supports the power control of PCIe slots on
484              Dell Poweredge C410x systems. It supports on, off, and stat. The
485              PCIe  slot  number ranges from 1-16 and must always be specified
486              when attempting to power control with this extension. For  exam‐
487              ple,  the hostname mynode+2 would inform ipmipower to operate on
488              slot number 2 on mynode.  The C410x appears to  have  difficulty
489              handling  new  slot power control requests until prior ones have
490              completed.  Users  may  wish  to  strongly  consider  using  the
491              --wait-until-on  and  --wait-until-off options if multiple slots
492              will be power controlled in short succession.
493
494       NONE   This informs ipmipower that no OEM power type extension is to be
495              used  and  standard  IPMI power control is used. This is the de‐
496              fault.
497

HOSTRANGED SUPPORT

499       Multiple hosts can be input either as an explicit comma separated lists
500       of  hosts  or  a  range of hostnames in the general form: prefix[n-m,l-
501       k,...], where n < m and l < k, etc. The later form should not  be  con‐
502       fused  with  regular expression character classes (also denoted by []).
503       For example, foo[19] does not represent foo1 or foo9, but rather repre‐
504       sents a degenerate range: foo19.
505
506       This  range  syntax  is  meant only as a convenience on clusters with a
507       prefixNN naming convention and specification of ranges  should  not  be
508       considered  necessary -- the list foo1,foo9 could be specified as such,
509       or by the range foo[1,9].
510
511       Some examples of range usage follow:
512           foo[01-05] instead of foo01,foo02,foo03,foo04,foo05
513           foo[7,9-10] instead of foo7,foo9,foo10
514           foo[0-3] instead of foo0,foo1,foo2,foo3
515
516       As a reminder to the reader, some shells will interpret brackets ([ and
517       ])  for  pattern matching. Depending on your shell, it may be necessary
518       to enclose ranged lists within quotes.
519
520       When multiple hosts are specified by the user, a socket will be created
521       for  each host and polled on, effectively allowing communication to all
522       hosts in parallel. This will allow communication to  large  numbers  of
523       nodes  far more quickly than if done in serial.  The -F option can con‐
524       figure the number of nodes that can be communicated with in parallel at
525       the same time.
526
527       By  default,  standard  output  from each node specified will be output
528       with the hostname prepended to each line. Although this output is read‐
529       able  in  many  situations, it may be difficult to read in other situa‐
530       tions. For example, output from multiple nodes may be  mixed  together.
531       The -B and -C options can be used to change this default.
532

EXAMPLES

534       Determine the power status of foo[0-2] with null username and password
535               ipmipower -h foo[0-2] --stat
536
537       Determine the power status of foo[0-2] with non-null username and pass‐
538       word
539               ipmipower -h foo[0-2] -u foo -p bar --stat
540
541       Hard reset nodes foo[0-2] with non-null username and password
542               ipmipower -h foo[0-2] -u foo -p bar --reset
543

GENERAL TROUBLESHOOTING

545       Most often, IPMI problems are due to configuration problems.
546
547       IPMI over LAN problems involve a misconfiguration  of  the  remote  ma‐
548       chine's  BMC.   Double  check to make sure the following are configured
549       properly in the remote machine's BMC: IP address, MAC  address,  subnet
550       mask,  username,  user enablement, user privilege, password, LAN privi‐
551       lege, LAN enablement, and allowed authentication type(s). For IPMI  2.0
552       connections,  double  check  to make sure the cipher suite privilege(s)
553       and K_g key are configured properly. The  ipmi-config(8)  tool  can  be
554       used to check and/or change these configuration settings.
555
556       In  addition  to the troubleshooting tips below, please see WORKAROUNDS
557       below to also if there are any vendor specific bugs that have been dis‐
558       covered and worked around.
559
560       Listed below are many of the common issues for error messages.  For ad‐
561       ditional support, please e-mail  the  <freeipmi-users@gnu.org>  mailing
562       list.
563
564       "username  invalid"  - The username entered (or a NULL username if none
565       was entered) is not available on the remote machine.  It  may  also  be
566       possible the remote BMC's username configuration is incorrect.
567
568       "password  invalid"  - The password entered (or a NULL password if none
569       was entered) is not correct. It may also be possible the  password  for
570       the user is not correctly configured on the remote BMC.
571
572       "password  verification timeout" - Password verification has timed out.
573       A "password invalid" error (described  above)  or  a  generic  "session
574       timeout" (described below) occurred.  During this point in the protocol
575       it cannot be differentiated which occurred.
576
577       "k_g invalid" - The K_g key entered (or a NULL K_g key if none was  en‐
578       tered)  is not correct. It may also be possible the K_g key is not cor‐
579       rectly configured on the remote BMC.
580
581       "privilege level insufficient" - An IPMI command requires a higher user
582       privilege  than  the one authenticated with. Please try to authenticate
583       with a higher privilege. This may require authenticating to a different
584       user which has a higher maximum privilege.
585
586       "privilege  level  cannot  be  obtained  for this user" - The privilege
587       level you are attempting to authenticate with is higher than the  maxi‐
588       mum  allowed for this user. Please try again with a lower privilege. It
589       may also be possible the maximum privilege level allowed for a user  is
590       not configured properly on the remote BMC.
591
592       "authentication  type  unavailable for attempted privilege level" - The
593       authentication type you wish to authenticate with is not available  for
594       this privilege level. Please try again with an alternate authentication
595       type or alternate privilege level. It may also be possible  the  avail‐
596       able  authentication  types you can authenticate with are not correctly
597       configured on the remote BMC.
598
599       "cipher suite id unavailable" - The cipher suite id you wish to authen‐
600       ticate  with  is not available on the remote BMC. Please try again with
601       an alternate cipher suite id. It may also be possible the available ci‐
602       pher suite ids are not correctly configured on the remote BMC.
603
604       "ipmi  2.0 unavailable" - IPMI 2.0 was not discovered on the remote ma‐
605       chine. Please try to use IPMI 1.5 instead.
606
607       "connection timeout" - Initial IPMI communication failed. A  number  of
608       potential errors are possible, including an invalid hostname specified,
609       an IPMI IP address cannot be resolved, IPMI is not enabled on  the  re‐
610       mote server, the network connection is bad, etc. Please verify configu‐
611       ration and connectivity.
612
613       "session timeout" - The IPMI session has timed out.  Please  reconnect.
614       If this error occurs often, you may wish to increase the retransmission
615       timeout. Some remote BMCs are considerably slower than others.
616
617       "internal IPMI error" - An IPMI error has occurred that  FreeIPMI  does
618       not  know  how to handle. Please e-mail <freeipmi-users@gnu.org> to re‐
619       port the issue.
620

IPMIPOWER TROUBLESHOOTING

622       When powering on a powered off machine, the client must have a means by
623       which to resolve the MAC address of the remote machine's ethernet card.
624       While most modern IPMI solutions support the ability to ARP and resolve
625       addresses  when the machine is powered off, some older machines do not.
626       This is typically solved in one of two ways:
627
628       1) Enable gratuitous ARPs on the remote  machine.  The  remote  machine
629       will  send  out  a gratuitous ARP, which advertises the ethernet IP and
630       MAC address so that other machines  on  the  network  this  information
631       their  local  ARP  cache. For large clusters, this method is not recom‐
632       mended since gratuitous ARPs can flood  the  network  with  unnecessary
633       traffic.
634
635       2)  Permanently store the remote machine's MAC address in the local ARP
636       cache. This is the more common approach on large clusters.
637
638       Other methods are listed in the IPMI specification.
639

WORKAROUNDS

641       With so many different vendors implementing their own  IPMI  solutions,
642       different  vendors  may implement their IPMI protocols incorrectly. The
643       following describes a number of workarounds currently available to han‐
644       dle  discovered compliance issues. When possible, workarounds have been
645       implemented so they will be transparent to the user. However, some will
646       require the user to specify a workaround be used via the -W option.
647
648       The hardware listed below may only indicate the hardware that a problem
649       was discovered on. Newer versions of hardware may fix the problems  in‐
650       dicated below. Similar machines from vendors may or may not exhibit the
651       same problems. Different vendors may license their  firmware  from  the
652       same  IPMI  firmware  developer,  so  it may be worthwhile to try work‐
653       arounds listed below even if your motherboard is not listed.
654
655       If you believe your hardware has an additional  compliance  issue  that
656       needs a workaround to be implemented, please contact the FreeIPMI main‐
657       tainers on <freeipmi-users@gnu.org> or <freeipmi-devel@gnu.org>.
658
659       authcap - This workaround flag will skip early checks for username  ca‐
660       pabilities, authentication capabilities, and K_g support and allow IPMI
661       authentication to succeed. It works around multiple issues in which the
662       remote system does not properly report username capabilities, authenti‐
663       cation capabilities, or K_g status. Those hitting this  issue  may  see
664       "username  invalid",  "authentication  type  unavailable  for attempted
665       privilege level", or "k_g invalid"  errors.   Issue  observed  on  Asus
666       P5M2/P5MT-R/RS162-E4/RX4,    Intel   SR1520ML/X38ML,   and   Sun   Fire
667       2200/4150/4450 with ELOM.
668
669       nochecksumcheck - This workaround flag will tell FreeIPMI to not  check
670       the  checksums  returned  from  IPMI command responses. It works around
671       systems that return invalid checksums due to implementation errors, but
672       the  packet  is otherwise valid. Users are cautioned on the use of this
673       option, as it removes validation of packet integrity  in  a  number  of
674       circumstances.  However,  it  is unlikely to be an issue in most situa‐
675       tions. Those hitting this issue may see "connection timeout",  "session
676       timeout",  or  "password verification timeout" errors. On IPMI 1.5 con‐
677       nections, the "noauthcodecheck" workaround may also needed  too.  Issue
678       observed  on  Supermicro  X9SCM-iiF, Supermicro X9DRi-F, and Supermicro
679       X9DRFR.
680
681       idzero - This workaround flag will allow empty session IDs  to  be  ac‐
682       cepted  by  the client. It works around IPMI sessions that report empty
683       session IDs to the client. Those hitting this issue  may  see  "session
684       timeout" errors. Issue observed on Tyan S2882 with M3289 BMC.
685
686       unexpectedauth  -  This  workaround flag will allow unexpected non-null
687       authcodes to be checked as though they were expected. It  works  around
688       an  issue  when  packets contain non-null authentication data when they
689       should be null due to disabled per-message authentication.  Those  hit‐
690       ting  this  issue  may  see "session timeout" errors. Issue observed on
691       Dell PowerEdge 2850,SC1425. Confirmed fixed on newer firmware.
692
693       forcepermsg - This workaround flag will force  per-message  authentica‐
694       tion  to  be used no matter what is advertised by the remote system. It
695       works around an issue when per-message authentication is advertised  as
696       disabled on the remote system, but it is actually required for the pro‐
697       tocol. Those hitting this issue may see "session timeout" errors.   Is‐
698       sue observed on IBM eServer 325.
699
700       endianseq  -  This  workaround flag will flip the endian of the session
701       sequence numbers to allow the session to continue  properly.  It  works
702       around  IPMI  1.5  session  sequence numbers that are the wrong endian.
703       Those hitting this issue may see "session timeout"  errors.  Issue  ob‐
704       served on some Sun ILOM 1.0/2.0 (depends on service processor endian).
705
706       noauthcodecheck  - This workaround flag will tell FreeIPMI to not check
707       the authentication codes returned from IPMI 1.5 command  responses.  It
708       works  around  systems  that return invalid authentication codes due to
709       hashing or implementation errors. Users are cautioned  on  the  use  of
710       this option, as it removes an authentication check verifying the valid‐
711       ity of a packet. However, in most organizations, this is unlikely to be
712       a  security  issue.  Those hitting this issue may see "connection time‐
713       out", "session timeout", or  "password  verification  timeout"  errors.
714       Issue  observed  on  Xyratex FB-H8-SRAY, Intel Windmill, Quanta Winter‐
715       fell, and Wiwynn Windmill.
716
717       intel20 - This workaround flag will work around several Intel IPMI  2.0
718       authentication issues. The issues covered include padding of usernames,
719       and password  truncation  if  the  authentication  algorithm  is  HMAC-
720       MD5-128. Those hitting this issue may see "username invalid", "password
721       invalid", or "k_g invalid" errors. Issue observed  on  Intel  SE7520AF2
722       with Intel Server Management Module (Professional Edition).
723
724       supermicro20 - This workaround flag will work around several Supermicro
725       IPMI 2.0  authentication  issues  on  motherboards  w/  Peppercon  IPMI
726       firmware.  The issues covered include handling invalid length authenti‐
727       cation codes. Those hitting this issue may see "password  invalid"  er‐
728       rors.   Issue  observed  on  Supermicro H8QME with SIMSO daughter card.
729       Confirmed fixed on newerver firmware.
730
731       sun20 - This workaround flag will work work around several Sun IPMI 2.0
732       authentication issues. The issues covered include invalid lengthed hash
733       keys, improperly hashed keys, and invalid cipher suite  records.  Those
734       hitting  this  issue  may see "password invalid" or "bmc error" errors.
735       Issue observed on Sun Fire 4100/4200/4500 with ILOM.   This  workaround
736       automatically includes the "opensesspriv" workaround.
737
738       opensesspriv - This workaround flag will slightly alter FreeIPMI's IPMI
739       2.0 connection protocol to workaround an invalid hashing algorithm used
740       by  the remote system. The privilege level sent during the Open Session
741       stage of an IPMI 2.0 connection is used for hashing keys instead of the
742       privilege  level  sent during the RAKP1 connection stage. Those hitting
743       this issue may see "password invalid", "k_g invalid", or "bad  rmcpplus
744       status  code"  errors.   Issue observed on Sun Fire 4100/4200/4500 with
745       ILOM, Inventec 5441/Dell Xanadu II, Supermicro X8DTH, Supermicro X8DTG,
746       Intel  S5500WBV/Penguin  Relion  700,  Intel S2600JF/Appro 512X, Quanta
747       QSSC-S4R/Appro GB812X-CN, and Dell C5220. This workaround is  automati‐
748       cally triggered with the "sun20" workaround.
749
750       integritycheckvalue  - This workaround flag will work around an invalid
751       integrity check value during an IPMI 2.0 session establishment when us‐
752       ing  Cipher  Suite  ID 0. The integrity check value should be 0 length,
753       however the remote motherboard responds with a non-empty  field.  Those
754       hitting  this issue may see "k_g invalid" errors. Issue observed on Su‐
755       permicro X8DTG, Supermicro X8DTU,  and  Intel  S5500WBV/Penguin  Relion
756       700, and Intel S2600JF/Appro 512X.
757
758       ipmiping  -  This  workaround  option will inform ipmipower to use IPMI
759       based ping packets instead of RMCP ping packets. Some motherboards have
760       been observed to not implement RMCP ping/pong support despite being re‐
761       quired by the IPMI specification. Issue  observed  on  Intel  Windmill,
762       Quanta Winterfell, and Wiwynn Windmill.
763
764       No IPMI 1.5 Support - Some motherboards that support IPMI 2.0 have been
765       found to not support IPMI 1.5. Those hitting this issue may  see  "ipmi
766       2.0  unavailable"  or  "connection  timeout"  errors. This issue can be
767       worked around by using IPMI 2.0  instead  of  IPMI  1.5  by  specifying
768       --driver-type=LAN_2_0.  Issue observed on a number of HP and Supermicro
769       motherboards.
770

DIAGNOSTICS

772       Upon successful execution, exit status is 0. On error, exit  status  is
773       1.
774
775       If multiple hosts are specified for communication, the exit status is 0
776       if and only if all targets successfully  execute.  Otherwise  the  exit
777       status is 1.
778
779       When operating in interactive mode, the exit value will be based on the
780       last power operation executed.
781

KNOWN ISSUES

783       On older operating systems, if you input your username,  password,  and
784       other  potentially  security  relevant information on the command line,
785       this information may be discovered by other users when using tools like
786       the  ps(1) command or looking in the /proc file system. It is generally
787       more secure to input password information with options like the  -P  or
788       -K  options.  Configuring security relevant information in the FreeIPMI
789       configuration file would also be an appropriate way to hide this infor‐
790       mation.
791
792       In  order  to  prevent  brute force attacks, some BMCs will temporarily
793       "lock up" after a number of remote authentication errors. You may  need
794       to  wait awhile in order to this temporary "lock up" to pass before you
795       may authenticate again.
796
797       IPMI specifications do not require BMCs to perform a power control  op‐
798       eration  before  returning a completion code to the caller.  Therefore,
799       it is possible for ipmipower to return power status queries opposite of
800       what  you  are  expecting.   For example, if a "power off" operation is
801       performed, a BMC may return a successful completion code  to  ipmipower
802       before  the  "power  off"  operation  is actually performed. Subsequent
803       power status queries may return "on" for several seconds, until the BMC
804       actually performs the "power off" operation.
805

REPORTING BUGS

807       Report bugs to <freeipmi-users@gnu.org> or <freeipmi-devel@gnu.org>.
808
810       Copyright (C) 2007-2015 Lawrence Livermore National Security, LLC.
811       Copyright (C) 2003-2007 The Regents of the University of California.
812
813       This program is free software; you can redistribute it and/or modify it
814       under the terms of the GNU General Public License as published  by  the
815       Free  Software Foundation; either version 3 of the License, or (at your
816       option) any later version.
817

SEE ALSO

819       freeipmi.conf(5), freeipmi(7), ipmi-config(8), ipmi-oem(8)
820
821       http://www.gnu.org/software/freeipmi/
822
823
824
825ipmipower 1.6.10                  2022-08-31                      ipmipower(8)
Impressum