Contribute  :  Advanced Search  :  Directory  :  Forum  :  FAQ's  :  My Downloads  :  Links  :  Polls  
AFP548 Changing the world one server at a time.

advanced search 

Sections

Home
AFP548 Site News (107/2)
Articles (282/26)
Apple (50/2)
Extended KB (3/1)
Ask AFP548 (16/42)
Reviews (5/1)
Security (16/2)
Tips (130/8)
Third Party Applications (53/6)
Odds and Ends (28/1)
Podcasts (2/0)

User Functions

:

:

Don't have an account yet? Sign up as a New User
Lost your password?

Poll

Do you want push services for the iPhone on Mac OS X Server?
Yes! Expand the existing stuff!
Yes! Apple should add EAS support!
No! I just use another service that already has push.
Results
80 votes | 0 comments
Welcome to AFP548
Thursday, July 29 2010 @ 09:32 am MDT
   

LOM it up!

Sunday, February 11 2007 @ 10:18 am MST
Contributed by: MacTroll
Views: 25,975
ArticlesLights out management on the new Intel Xserves

Now that we have LOM what the heck do you do with it? Read on for how to setup it up and what you can do with it once it's working.

What is this LOM thing...

LOM, or lights out management, allows you to manipulate the server hardware outside of the OS actually running, or not running as the case may be, on the server box itself. At its basic level, LOM will allow you to power on and off the system remotely.

On the Intel Xserve, the only Apple system with support for lights out management at this time, LOM is provided by a BMC, baseboard management controller, chip that uses IPMI protocols for communication. On OS X Server there are a few applications that can use the LOM setup, or there is the ipmitool for access the LOM functions via the CLI.

IPMI runs over UDP port 623, so you'll need to make sure that port is available to any remote management systems.

IMPORTANT: On the Intel Xserve the LOM actually uses a secondary IP on each of the Ethernet interfaces. On other systems that you may have managed there is a dedicated Ethernet port for the LOM functions. Each Ethernet port can have a LOM IP assigned to it, and those IPs need not be on the same subnet. From what I can tell, you can't get the BMC to use VLAN tagging, but it does have a separate MAC address from the standard Ethernet ports on the Xserve, so you could VLAN via MAC address if you have network infrastructure that supports that.

Before going any further...

You MUST repeat MUST use the installers on the DVD that came with your Xserve, don't be silly and embarass yourself like I did and think that the Server Admin Tools installer on the Apple site will work. Use the ones from your DVDs. Without installing the updated tools on your management station you won't be able to do anything remotely.

Turning it on

If you installed your Xserve from scratch the Server Assistant application, what you see when you first boot up a newly installed server, should have given you the option to set an IP address for the LOM interfaces. If you're doing a remote install make sure that you have the latest Server Tools, see above, and then the Server Assistant will also be able to set the IP address and username/password for the LOM configuration. Note that the LOM username and password is separate from any user on the system as this is kept on the BMC chip itself. It would also be rather hard to access system users when the system is turned off.

Once your server is up and running you are able to change the IP address or user assigned to the LOM configuration by using Server Monitor and the "Configure Local Machine" option under the Server menu.

Applications

Server Monitor only uses the LOM interface on the new Xserves. Pointing it towards the normal IP of the system won't return any information. Once connected you are able to use the "Edit Accounts" item in the Server menu to setup LOM accounts. However you won't be able to change the IP address of the LOM interface without using Server Monitor on the local machine.

If you power off the system, Server Monitor will still see the server but will show a half green circle next to it instead of the full green circle. Also you won't be able to get any information on the system other than it's there at that IP. You can, and this is really what you care about when using LOM, power on the system from Server Monitor.

Apple Remote Desktop acts in a slightly different way then Server Monitor does. Once you've installed the Server Admin Tools the next time you launch ARD it will update itself with some BMC components. At which point you'll be able to select an Intel Xserve and in the Info window there will be a second username and password field for a LOM user. Then you can control-click on the column titles in the computer list and you'll have the option to add a "LOM Status" column. Once configured with a LOM user ARD will allow you to power off and power on your servers.

ipmitool

ipmitool is a CLI tool for configuration of the BMC chip. It can be used on the local system or across the network. The tool is from an open source project and is available for a number of systems. So it should be possible to compile ipmitool on another system and manage your Xserves from there, although I haven't actually tried that.

Before diving into ipmitool you should probably read over the manpage for it as it doesn't seem that the Server Admin Tools install one for you. The syntax for the tool is pretty simple, just keep in mind that if you have the username or password wrong you won't get an error. That put me off for a while when I was using a bad password and thought the tool was busted. It's also important to keep in mind that there are a number of features that are available to you through ipmitool that the BMC on the Xserves does not currently support.

So here's some examples of using this tool remotely:


	ipmitool -H IP address -U user -P password command
Is the basic syntax to the commands. If you don't include the password you'll be prompted for it. 

	ipmitool -H 10.0.1.20 -U admin -P secretpassword chassis status
Will return a basic overview of your system. 

	ipmitool -H 10.0.1.20 -U admin -P secretpassword chassis power off
Will turn off your server. Note that this is a hard power off, essentially just like pulling the plug on the system. At this time there is no way to perform a graceful power down with LOM. 

	ipmitool -H 10.0.1.20 -U admin -P secretpassword lan print 1
Will return the IP address information for the LOM configuration on the first Ethernet port. Swap the 1 with a 2 and you'll get the secondary port. Use lan set instead of lan print and you'll be able to remotely configure the IP configuration for the LOM port. Ideally you'd configure the secondary port while connecting via the primary port and vice versa. 

	ipmitool -H 10.0.1.20 -U admin -P secretpassword chassis identify 120
Will pulse the system identifier lights on the front and the back of the Xserve. Handy for identifying a powered down system in a rack.


	ipmitool -H 10.0.1.20 -U admin -P secretpassword sdr list compact
Returns a full, but compact, listing of all the sensors in the server and what their current status is. Essentially this is all of the diagnostic information that Server Monitor reports to you. Using this to find out the names of the sensors you can get info on each sensor specifically with the sensor command. 

	ipmitool -H 10.0.1.20 -U admin -P secretpassword sensor get "CPU Fan 2 Inlet"
Will return the specific info on the CPU Fan 2 Inlet temperatures, as exciting as you may find that.

Other Notes

At times when first setting up the LOM configuration you may need to reset the controller. I noticed that the first time I changed the username and password it didn't seem to take. To reset the controller you need to remove the system from any power for 30 seconds. So pull the plug out of the back and kick back on a natural for a bit. When everything gets powered on you should be good.

Also, while the password is passed as an MD5 hash, the communication itself is not encrypted. Probably not a big deal, but it would behoove you to keep your LOM traffic on a separate LAN. It looks like with ipmitool you can also only allow specific hosts to be able to access the LOM settings, but I haven't had a chance to look at that too closely.
 

What's Related

Story Options

Advertising

LOM it up! | 19 comments | Create New Account
The following comments are owned by whomever posted them. This site is not responsible for what they say.
LOM it up!
Authored by: Dave Hagan on Sunday, February 11 2007 @ 11:03 am MST
A few important things to note from my experience with LOM on the new Xserve and conversations with Apple: — The version of Server Monitor on the Xserve DVD is the one that you need to use. Not the one from the link above. Server Monitor has to be version 1.5ƒ. — Also, you have to have a DNS record (FQDN) for the LOM IP address for Server Monitor to work right with LOM. — It's better if your LOM user name is 8 characters or longer (not just the password).

---
Dave Hagan
Apple Certified Technical Coordinator

LOM it up!
Authored by: OsX4me on Sunday, February 11 2007 @ 07:39 pm MST
Thanks for this, Joel. IIRC, a password character-limit is enforced (6 characters ? 8 ?) vs. the length of the username.
LOM it up! - I must be dense or something...
Authored by: ibgarrett on Monday, February 12 2007 @ 10:01 am MST
I've got two Intel Xserves that I blew by the LOM when I did the install figuring I'd come back to it when I had more information on it (such as this very helpful tutorial - far better than Apple's). So far here's where my problems are at. When I check for my open ports - port 623 is not open - even if I check it on the local system it shows it's not open. The firewall isn't running, so how do I turn it on? Secondly - when I do a man ipmitool in a command line I get "No manual entry for ipmitool" even when I go to the /usr/bin/ directory where the ipmitool is kept. What am I missing? I can see the server using Server Monitor on the local server using the localhost (127.0.0.1) address. The install was done using the discs that came with the server. : Any ideas would be appreciated. Thanks, Brian

---
Brian Garrett
brian@garrett.net

LOM it up!
Authored by: Anonymous on Monday, February 12 2007 @ 03:00 pm MST
Thanks for the info, however I'm having issues with ARD 3.1.
I've installed the Server Admin Tools from the intel OS X Server DVD onto my Remote Desktop System and it clearly flashes BMC info as it installs.
I've entered the Lights Out Login & Lights Out Password correctly, however the LOM Status still says "Not Configured"
Any ideas?
Thanks
LJS
LOM it up!
Authored by: jeg98 on Thursday, February 15 2007 @ 11:39 am MST
So, I'm gathering that despite having an Ethernet port dedicated for LAN/WAN access, one can use the same Ethernet port, configured to a different IP, for LOM?

I would assume, however, that even if there weren't a specific DNS entry for that IP, it should be a static IP on a reachable subnet that won't be assigned by a DHCP or domain server to anything else?
LOM it up!
Authored by: jwilson on Tuesday, February 20 2007 @ 07:12 pm MST
We've been working on integrating IPMI support for Intel Xserves into Lithium. Thus far, it's been an infuriating task.

Getting the bulk of the sensor information is easy, it's all in 'sdr'.

But............................. where's the drive status? Where's the SMART status? Where's the RAM info?

There's a lot of information showing up in Server Monitor that does not seem to be 'readily' accessible by IPMItool.

Looking at the raw packets between Server Monitor and the Xserve is no use -- contrary to the article, they are infact encrypted. If you download the opensource version of ipmitool and compile it (v1.8.8, versus apple's v2.0.0) you can not get it to talk to the Xserve unless you specify the use of DES encryption, the LAN Plus plugin and the 'OPERATOR' access level. E.g. ./ipmitool -I lanplus -C des -H 10.1.1.78 -L OPERATOR -U user -P pass sdr

Wireshark also confirms the payload of the IPMI/RMCP packets are encrypted.

So.... has anyone worked out where all this inventory and drive information is to be found via IPMI?
  • LOM it up! - Authored by: Anonymous on Tuesday, March 27 2007 @ 04:49 am MDT
LOM it up!
Authored by: agerson on Thursday, May 13 2010 @ 09:02 pm MDT
Thank you, thank you, thank you!!! Server Monitor GUI could not restart my hung server but ipmitool could! Something very wrong with apple's implementation of lights out in Server Monitor I think. This was under 10.6.3.
LOM it up!
Authored by: DrKdev on Tuesday, July 13 2010 @ 08:30 am MDT
Useful article,.. thank-you!.

Our early2008 Xserve now behaves perfectly. ServerMonitor to localhost connects great. And ServerMonitor from a remote machine on the network works great.

Our early2009 Xserve is still pouting, however. ServerMonitor to localhost connects great. BUT ServerMonitor from a remote machine on the network results in the infamous CANNOT_LOAD_BUNDLE_ERR. :-( Do you have any suggestions?

thanx.
/shawn

p.s.

0. We're running 10.6.4.

1. FQDN
As seen from my client macs, nslookup *does* show the FQDN for both the Xserve that's accepting remote ServerMonitor connections and for the Xserve that is giving the BUNDLE_ERR.

2. Using installers from DVD and nuthin'else.
How can I be sure'n'certain that I'm using the correct server admin tools?
Is it enough that the version number is 1.8(5) from the About Server Monitor menu?
  • SOLVED - Authored by: Anonymous on Thursday, July 15 2010 @ 03:13 am MDT

 Copyright © 2010 AFP548
 All trademarks and copyrights on this page are owned by their respective owners.		 Powered By Geeklog 
Created this page in 0.20 seconds