Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
BMC-DEVICE(8)			System Commands			 BMC-DEVICE(8)

NAME
       bmc-device - perform advanced BMC commands

SYNOPSIS
       bmc-device [OPTION...]

DESCRIPTION
       bmc-device  supports a variety of IPMI commands to perform advanced BMC
       functions.  This	tool is	primarily used for development debugging,  BMC
       error  recovery,	 retrieving  detailed technical	information, and other
       advanced	purposes. Most IPMI users will not need	to use this tool. Some
       of the bmc-device commands are not supported on all motherboards.

       Listed  below  are general IPMI options,	tool specific options, trouble
       shooting	information, workaround	information, examples, and  known  is-
       sues. For a general introduction	to FreeIPMI please see freeipmi(7).

GENERAL	OPTIONS
       The following options are general options for configuring IPMI communi-
       cation and executing general tool commands.

       -D IPMIDRIVER, --driver-type=IPMIDRIVER
	      Specify the driver type to use instead of	doing an  auto	selec-
	      tion.   The  currently  available	 outofband drivers are LAN and
	      LAN_2_0, which perform IPMI 1.5 and IPMI 2.0  respectively.  The
	      currently	 available  inband  drivers  are  KCS, SSIF, OPENIPMI,
	      SUNBMC, and INTELDCMI.

       --disable-auto-probe
	      Do not probe in-band IPMI	devices	for default settings.

       --driver-address=DRIVER-ADDRESS
	      Specify the in-band driver address to be	used  instead  of  the
	      probed  value. DRIVER-ADDRESS should be prefixed with "0x" for a
	      hex value	and '0'	for an octal value.

       --driver-device=DEVICE
	      Specify the in-band driver device	path to	be used	instead	of the
	      probed path.

       --register-spacing=REGISTER-SPACING
	      Specify  the  in-band  driver  register  spacing	instead	of the
	      probed value. Argument is	in bytes (i.e. 32bit register  spacing
	      =	4)

       --target-channel-number=CHANNEL-NUMBER
	      Specify  the  in-band  driver target channel number to send IPMI
	      requests to.

       --target-slave-address=SLAVE-ADDRESS
	      Specify the in-band driver target	slave number to	send IPMI  re-
	      quests to.

       -h      IPMIHOST1,IPMIHOST2,...,	     --hostname=IPMIHOST1[:PORT],IPMI-
       HOST2[:PORT],...
	      Specify the remote host(s) to communicate	with.  Multiple	 host-
	      names  may  be separated by comma	or may be specified in a range
	      format; see HOSTRANGED SUPPORT below. An optional	 port  can  be
	      specified	with each host,	which may be useful in port forwarding
	      or similar situations.

       -u USERNAME, --username=USERNAME
	      Specify the username to use when authenticating with the	remote
	      host.  If	not specified, a null (i.e. anonymous) username	is as-
	      sumed. The user must have	atleast	USER privileges	in  order  for
	      this tool	to operate fully.

       -p PASSWORD, --password=PASSWORD
	      Specify the password to use when authenticationg with the	remote
	      host.  If	not specified, a null  password	 is  assumed.  Maximum
	      password length is 16 for	IPMI 1.5 and 20	for IPMI 2.0.

       -P, --password-prompt
	      Prompt  for  password  to	 avoid	possibility  of	 listing it in
	      process lists.

       -k K_G, --k-g=K_G
	      Specify the K_g BMC key to use when authenticating with the  re-
	      mote host	for IPMI 2.0. If not specified,	a null key is assumed.
	      To input the key in hexadecimal form,  prefix  the  string  with
	      '0x'.  E.g.,  the	 key  'abc' can	be entered with	the either the
	      string 'abc' or the string '0x616263'

       -K, --k-g-prompt
	      Prompt for k-g to	avoid possibility of  listing  it  in  process
	      lists.

       --session-timeout=MILLISECONDS
	      Specify  the  session timeout in milliseconds. Defaults to 20000
	      milliseconds (20 seconds)	if not specified.

       --retransmission-timeout=MILLISECONDS
	      Specify the packet retransmission	timeout	in  milliseconds.  De-
	      faults to	1000 milliseconds (1 second) if	not specified. The re-
	      transmission timeout cannot be larger than the session timeout.

       -a AUTHENTICATION-TYPE, --authentication-type=AUTHENTICATION-TYPE
	      Specify the IPMI 1.5 authentication type to use.	The  currently
	      available	 authentication	types are NONE,	STRAIGHT_PASSWORD_KEY,
	      MD2, and MD5. Defaults to	MD5 if not specified.

       -I CIPHER-SUITE-ID, --cipher-suite-id=CIPHER-SUITE-ID
	      Specify the IPMI 2.0 cipher suite	ID to use. The Cipher Suite ID
	      identifies a set of authentication, integrity, and confidential-
	      ity algorithms to	use for	IPMI 2.0 communication.	The  authenti-
	      cation  algorithm	 identifies  the  algorithm to use for session
	      setup, the integrity algorithm identifies	the algorithm  to  use
	      for session packet signatures, and the confidentiality algorithm
	      identifies the algorithm to use for payload encryption. Defaults
	      to  cipher  suite	 ID  3	if not specified. The following	cipher
	      suite ids	are currently supported:

	      0	- Authentication Algorithm = None; Integrity Algorithm = None;
	      Confidentiality Algorithm	= None

	      1	 - Authentication Algorithm = HMAC-SHA1; Integrity Algorithm =
	      None; Confidentiality Algorithm =	None

	      2	- Authentication Algorithm = HMAC-SHA1;	Integrity Algorithm  =
	      HMAC-SHA1-96; Confidentiality Algorithm =	None

	      3	 - Authentication Algorithm = HMAC-SHA1; Integrity Algorithm =
	      HMAC-SHA1-96; Confidentiality Algorithm =	AES-CBC-128

	      6	- Authentication Algorithm = HMAC-MD5; Integrity  Algorithm  =
	      None; Confidentiality Algorithm =	None

	      7	 -  Authentication Algorithm = HMAC-MD5; Integrity Algorithm =
	      HMAC-MD5-128; Confidentiality Algorithm =	None

	      8	- Authentication Algorithm = HMAC-MD5; Integrity  Algorithm  =
	      HMAC-MD5-128; Confidentiality Algorithm =	AES-CBC-128

	      11  - Authentication Algorithm = HMAC-MD5; Integrity Algorithm =
	      MD5-128; Confidentiality Algorithm = None

	      12 - Authentication Algorithm = HMAC-MD5;	Integrity Algorithm  =
	      MD5-128; Confidentiality Algorithm = AES-CBC-128

	      15 - Authentication Algorithm = HMAC-SHA256; Integrity Algorithm
	      =	None; Confidentiality Algorithm	= None

	      16 - Authentication Algorithm = HMAC-SHA256; Integrity Algorithm
	      =	HMAC_SHA256_128; Confidentiality Algorithm = None

	      17 - Authentication Algorithm = HMAC-SHA256; Integrity Algorithm
	      =	HMAC_SHA256_128; Confidentiality Algorithm = AES-CBC-128

       -l PRIVILEGE-LEVEL, --privilege-level=PRIVILEGE-LEVEL
	      Specify the privilege level to be	used. The currently  available
	      privilege	 levels	are USER, OPERATOR, and	ADMIN. Defaults	to AD-
	      MIN if not specified.

       --config-file=FILE
	      Specify an alternate configuration file.

       -W WORKAROUNDS, --workaround-flags=WORKAROUNDS
	      Specify workarounds to vendor compliance issues. Multiple	 work-
	      arounds  can be specified	separated by commas. A special command
	      line flag	of "none", will	indicate no workarounds	(may be	useful
	      for overriding configured	defaults). See WORKAROUNDS below for a
	      list of available	workarounds.

       --debug
	      Turn on debugging.

       -?, --help
	      Output a help list and exit.

       --usage
	      Output a usage message and exit.

       -V, --version
	      Output the program version and exit.

BMC-DEVICE OPTIONS
       The following options are specific to bmc-device.

       --cold-reset
	      Perform a	cold reset.

       --warm-reset
	      Perform a	warm reset.

       --get-self-test-results
	      Output BMC self test results.

       --get-acpi-power-state
	      Get ACPI system and device power state.

       --set-acpi-power-state
	      Set  ACPI	 power	state.	Must   be   specified	to   use   the
	      --set-acpi-system-power-state, and --set-acpi-device-power-state
	      options listed below.

       --set-acpi-system-power-state=SYSTEM_POWER_STATE
	      Set ACPI system power state. Allowed values: S0_G0, S1, S2,  S3,
	      S4,   S5_G2,   S4_S5,   G3,   SLEEPING,  G1_SLEEPING,  OVERRIDE,
	      LEGACY_ON,    LEGACY_OFF,	   UNKNOWN.	 Used	  with	   the
	      --set-acpi-power-state option.

       --set-acpi-device-power-state=DEVICE_POWER_STATE
	      Set ACPI device power state. Allowed values: D0, D1, D2, D3, UN-
	      KNOWN.  Used with	the --set-acpi-power-state option.

       --get-lan-statistics
	      Get IP, UDP, and RMCP statistics.

       --clear-lan-statistics
	      Clear IP,	UDP, and RMCP statistics.

       --rearm-sensor="_record_id_   [_assertion_bitmask_    _deassertion_bit-
       mask_]"
	      Re-arm  a	sensor.	Re-arming a sensor informs the internal	device
	      to reset and re-evaluate a sensor	reading	and events. Most  sen-
	      sors  are	 automatically re-armed, however a rare	few do require
	      manual re-arming.	This option may	also be	useful to reset	a sen-
	      sor  reading or event that may be	stuck due to an	internal hard-
	      ware or firmware error. If the  assertion_bitmask	 and  deasser-
	      tion_bitmask are specified, only the specific events will	be re-
	      armed. If	not specified, all possible events will	 be  re-armed.
	      This command requires the	loading	of the SDR.

       --get-sdr-repository-time
	      Get SDR repository time.

       --set-sdr-repository-time=TIME
	      Set SDR repository time. Input format = "MM/DD/YYYY - HH:MM:SS".
	      Note that	hours are input	in 24 hour  form.  Alternatively,  the
	      local system time	can be specified with "now".

       --get-sel-time
	      Get SEL time.

       --set-sel-time=TIME
	      Set  SEL time. Input format = "MM/DD/YYYY	- HH:MM:SS". Note that
	      hours are	input in 24 hour form. Alternatively, the local	system
	      time can be specified with "now".

       --get-sel-time-utc-offset
	      Get SEL time UTC offset.

       --set-sel-time-utc-offset=MINUTES
	      Set SEL time UTC offset. Input is	in minutes difference from UTC
	      time, ranging from -1440 to 1440 minutes.	A special  case	 value
	      of "none"	can be specified so no UTC offset is specified.

       --platform-event="[generator_id]	 _event_message_format_version_	 _sen-
       sor_type_ _sensor_number_ _event_type_ _event_direction_	 _event_data1_
       _event_data2_ _event_data3_"
	      Instruct the BMC to process the specified	event data. Typically,
	      this data	will be	logged to the System Event Log (SEL), but  de-
	      pending  on  implementation it may be processed by other subsys-
	      tems such	as Platform Event Filtering (PEF). The keywords	asser-
	      tion  or deassertion may be used for event_direction, or the nu-
	      merical values  may  be  used  instead.  The  event_message_for-
	      mat_version is 0x03 for IPMI 1.0 and 0x04	for IPMI 1.5. The gen-
	      erator_id	above is optional, however it is required if  generat-
	      ing the event via	a system interface (i.e. inband).  If generat-
	      ing the event via	a  system  interface,  the  system  management
	      software generator id range is 0x41 to 6Fh.

       --set-sensor-reading-and-event-status="_sensor_number_ _sensor_reading_
       _sensor_reading_operation_ _assertion_bitmask_ _assertion_bitmask_oper-
       ation_	    _deassertion_bitmask_      _deassertion_bitmask_operation_
       _event_data1_ _event_data2_ _event_data3_ _event_data_operation_"
	      Instruct the BMC to set a	sensor reading	and/or	event  status.
	      How the various fields are written depends on a set of operation
	      instructions specified. The sensor_reading can be	written	or not
	      changed  with  the  respective operation write and nochange. For
	      the assertion_bitmask and	deassertion_bitmask, the 0 bits	of the
	      bitmask can clear	the bits of the	status,	the 1 bits of the bit-
	      mask can set the bits of the status, the entire bitmask  can  be
	      written  as  the	status,	 or  the  status cannot	be changed re-
	      specitvely with the respective operations	clear0bits,  set1bits,
	      write,  and nochange. The	event_data1 byte can be	written	fully,
	      written without the event	offset (bits 3:0), or not  be  changed
	      via the write, nooffsetwrite, or nochange	operations.

       --get-mca-auxiliary-log-status
	      Get machine check	architecture (MCA) auxiliary log status	infor-
	      mation.

       --get-ssif-interface-capabilities
	      Get SSIF interface capabilities.

       --get-kcs-interface-capabilities
	      Get KCS interface	capabilities.

       --get-bt-interface-capabilities
	      Get BT interface capabilities.

       --get-bmc-global-enables
	      Get BMC Global Enables.

       --set-system-firmware-version=STRING
	      Set System Firmware Version.

       --set-system-name=STRING
	      Set System Name.

       --set-primary-operating-system-name=STRING
	      Set Primary Operating System Name.

       --set-operating-system-name=STRING
	      Set Operating System Name.

       --set-present-os-version-number=STRING
	      Set Present OS Version Number.

       --set-bmc-url=STRING
	      Set BMC URL.

       --set-base-os-hypervisor-url=STRING
	      Set Base OS/Hypervisor URL.

       --read-fru=FILENAME
	      Read the contents	of a FRU device	ID and store it	in the	speci-
	      fied file. Requires setting of a device ID via --device-id.

       --write-fru=FILENAME
	      Write  the  contents of the specified file into a	FRU device id.
	      Requires setting of a device ID via --device-id. If --verbose is
	      specified, progress percent will also be output.

       --device-id=IDNUM
	      Specify  a  specific  FRU	device ID. For use with	--read-fru and
	      --write-fru.

       --verbose
	      Increase verbosity in output.

SDR CACHE OPTIONS
       This tool requires access to the	sensor data repository (SDR) cache for
       general	operation.  By default,	SDR data will be downloaded and	cached
       on the local machine. The following options apply to the	SDR cache.

       -f, --flush-cache
	      Flush a cached version  of  the  sensor  data  repository	 (SDR)
	      cache. The SDR is	typically cached for faster subsequent access.
	      However, it may need to be flushed and re-generated if  the  SDR
	      has been updated on a system.

       -Q, --quiet-cache
	      Do  not output information about cache creation/deletion.	May be
	      useful in	scripting.

       --sdr-cache-recreate
	      If the SDR cache is out of date or invalid, automatically	recre-
	      ate  the	sensor data repository (SDR) cache. This option	may be
	      useful for scripting purposes.

       --sdr-cache-file=FILE
	      Specify a	specific sensor	data repository	(SDR) cache file to be
	      stored  or read from. If this option is used when	multiple hosts
	      are specified, the same SDR cache	file  will  be	used  for  all
	      hosts.

       --sdr-cache-directory=DIRECTORY
	      Specify  an alternate directory for sensor data repository (SDR)
	      caches to	be stored or read from.	Defaults to the	home directory
	      if not specified.

TIME OPTIONS
       By  IPMI	definition, all	IPMI times and timestamps are stored in	local-
       time. However, in many situations, the timestamps will not be stored in
       localtime.  Whether  or not a system truly stored the timestamps	in lo-
       caltime varies on many factors, such as the vendor, BIOS, and operating
       system.

       The  following options will allow the user to adjust the	interpretation
       of the stored timestamps	and how	they should be output.

       --utc-to-localtime
	      Assume all times are reported in UTC time	and convert  the  time
	      to localtime before being	output.

       --localtime-to-utc
	      Convert all localtime timestamps to UTC before being output.

       --utc-offset=SECONDS
	      Specify  a  specific  UTC	offset in seconds to be	added to time-
	      stamps.  Value can range from -86400 to 86400 seconds.  Defaults
	      to 0.

HOSTRANGED OPTIONS
       The following options manipulate	hostranged output. See HOSTRANGED SUP-
       PORT below for additional information on	hostranges.

       -B, --buffer-output
	      Buffer hostranged	output.	For each node, buffer standard	output
	      until the	node has completed its IPMI operation. When specifying
	      this option, data	may appear to output slower to the user	 since
	      the  the entire IPMI operation must complete before any data can
	      be output.  See HOSTRANGED SUPPORT below for additional informa-
	      tion.

       -C, --consolidate-output
	      Consolidate hostranged output. The complete standard output from
	      every node specified will	be consolidated	 so  that  nodes  with
	      identical	 output	are not	output twice. A	header will list those
	      nodes with the consolidated output. When this option  is	speci-
	      fied,  no	 output	 can  be seen until the	IPMI operations	to all
	      nodes has	completed. If the  user	 breaks	 out  of  the  program
	      early,  all  currently  consolidated  output will	be dumped. See
	      HOSTRANGED SUPPORT below for additional information.

       -F NUM, --fanout=NUM
	      Specify multiple host fanout. A "sliding window" (or fanout) al-
	      gorithm  is  used	for parallel IPMI communication	so that	slower
	      nodes or timed out nodes will not	impede parallel	communication.
	      The maximum number of threads available at the same time is lim-
	      ited by the fanout. The default is 64.

       -E, --eliminate
	      Eliminate	hosts determined as undetected	by  ipmidetect.	  This
	      attempts to remove the common issue of hostranged	execution tim-
	      ing out due to several nodes being removed  from	service	 in  a
	      large  cluster.  The  ipmidetectd	 daemon	must be	running	on the
	      node executing the command.

       --always-prefix
	      Always prefix output, even if only one host is specified or com-
	      municating  in-band. This	option is primarily useful for script-
	      ing purposes. Option will	be ignored if specified	 with  the  -C
	      option.

HOSTRANGED SUPPORT
       Multiple	hosts can be input either as an	explicit comma separated lists
       of hosts	or a range of hostnames	in  the	 general  form:	 prefix[n-m,l-
       k,...],	where  n < m and l < k,	etc. The later form should not be con-
       fused with regular expression character classes (also denoted  by  []).
       For example, foo[19] does not represent foo1 or foo9, but rather	repre-
       sents a degenerate range: foo19.

       This range syntax is meant only as a convenience	 on  clusters  with  a
       prefixNN	 naming	 convention  and specification of ranges should	not be
       considered necessary -- the list	foo1,foo9 could	be specified as	 such,
       or by the range foo[1,9].

       Some examples of	range usage follow:
	   foo[01-05] instead of foo01,foo02,foo03,foo04,foo05
	   foo[7,9-10] instead of foo7,foo9,foo10
	   foo[0-3] instead of foo0,foo1,foo2,foo3

       As a reminder to	the reader, some shells	will interpret brackets	([ and
       ]) for pattern matching.	Depending on your shell, it may	 be  necessary
       to enclose ranged lists within quotes.

       When  multiple  hosts  are specified by the user, a thread will be exe-
       cuted for each host in parallel up to the configured fanout (which  can
       be  adjusted via	the -F option).	This will allow	communication to large
       numbers of nodes	far more quickly than if done in serial.

       By default, standard output from	each node  specified  will  be	output
       with the	hostname prepended to each line. Although this output is read-
       able in many situations,	it may be difficult to read  in	 other	situa-
       tions.  For  example, output from multiple nodes	may be mixed together.
       The -B and -C options can be used to change this	default.

       In-band IPMI Communication will be used when the	 host  "localhost"  is
       specified.  This	 allows	 the  user  to add the localhost into the hos-
       tranged output.

GENERAL	TROUBLESHOOTING
       Most often, IPMI	problems are due to configuration problems.

       IPMI over LAN problems involve a	misconfiguration  of  the  remote  ma-
       chine's	BMC.   Double  check to	make sure the following	are configured
       properly	in the remote machine's	BMC: IP	address, MAC  address,	subnet
       mask,  username,	 user enablement, user privilege, password, LAN	privi-
       lege, LAN enablement, and allowed authentication	type(s). For IPMI  2.0
       connections,  double  check  to make sure the cipher suite privilege(s)
       and K_g key are configured properly. The	 ipmi-config(8)	 tool  can  be
       used to check and/or change these configuration settings.

       Inband  IPMI  problems  are  typically  caused by improperly configured
       drivers or non-standard BMCs.

       In addition to the troubleshooting tips below, please  see  WORKAROUNDS
       below to	also if	there are any vendor specific bugs that	have been dis-
       covered and worked around.

       Listed below are	many of	the common issues for error messages.  For ad-
       ditional	 support,  please  e-mail the <freeipmi-users@gnu.org> mailing
       list.

       "username invalid" - The	username entered (or a NULL username  if  none
       was  entered)  is  not  available on the	remote machine.	It may also be
       possible	the remote BMC's username configuration	is incorrect.

       "password invalid" - The	password entered (or a NULL password  if  none
       was  entered)  is not correct. It may also be possible the password for
       the user	is not correctly configured on the remote BMC.

       "password verification timeout" - Password verification has timed  out.
       A  "password  invalid"  error  (described  above) or a generic "session
       timeout"	(described below) occurred.  During this point in the protocol
       it cannot be differentiated which occurred.

       "k_g  invalid" -	The K_g	key entered (or	a NULL K_g key if none was en-
       tered) is not correct. It may also be possible the K_g key is not  cor-
       rectly configured on the	remote BMC.

       "privilege level	insufficient" -	An IPMI	command	requires a higher user
       privilege than the one authenticated with. Please try  to  authenticate
       with a higher privilege.	This may require authenticating	to a different
       user which has a	higher maximum privilege.

       "privilege level	cannot be obtained for	this  user"  -	The  privilege
       level  you are attempting to authenticate with is higher	than the maxi-
       mum allowed for this user. Please try again with	a lower	privilege.  It
       may  also be possible the maximum privilege level allowed for a user is
       not configured properly on the remote BMC.

       "authentication type unavailable	for attempted privilege	level"	-  The
       authentication  type you	wish to	authenticate with is not available for
       this privilege level. Please try	again with an alternate	authentication
       type  or	 alternate privilege level. It may also	be possible the	avail-
       able authentication types you can authenticate with are	not  correctly
       configured on the remote	BMC.

       "cipher suite id	unavailable" - The cipher suite	id you wish to authen-
       ticate with is not available on the remote BMC. Please try  again  with
       an alternate cipher suite id. It	may also be possible the available ci-
       pher suite ids are not correctly	configured on the remote BMC.

       "ipmi 2.0 unavailable" -	IPMI 2.0 was not discovered on the remote  ma-
       chine. Please try to use	IPMI 1.5 instead.

       "connection  timeout"  -	Initial	IPMI communication failed. A number of
       potential errors	are possible, including	an invalid hostname specified,
       an  IPMI	 IP address cannot be resolved,	IPMI is	not enabled on the re-
       mote server, the	network	connection is bad, etc.	Please verify configu-
       ration and connectivity.

       "session	 timeout"  - The IPMI session has timed	out. Please reconnect.
       If this error occurs often, you may wish	to increase the	retransmission
       timeout.	Some remote BMCs are considerably slower than others.

       "device	not  found"  - The specified device could not be found.	Please
       check configuration or inputs and try again.

       "driver timeout"	- Communication	with the driver	or  device  has	 timed
       out. Please try again.

       "message	 timeout"  - Communication with	the driver or device has timed
       out. Please try again.

       "BMC busy" - The	BMC is currently busy. It may be  processing  informa-
       tion  or	have too many simultaneous sessions to manage. Please wait and
       try again.

       "could not find inband device" -	An inband device could not  be	found.
       Please  check configuration or specify specific device or driver	on the
       command line.

       "driver timeout"	- The inband driver has	timed out communicating	to the
       local  BMC  or  service	processor. The BMC or service processor	may be
       busy or (worst case) possibly non-functioning.

WORKAROUNDS
       With so many different vendors implementing their own  IPMI  solutions,
       different  vendors  may implement their IPMI protocols incorrectly. The
       following describes a number of workarounds currently available to han-
       dle  discovered compliance issues. When possible, workarounds have been
       implemented so they will	be transparent to the user. However, some will
       require the user	to specify a workaround	be used	via the	-W option.

       The hardware listed below may only indicate the hardware	that a problem
       was discovered on. Newer	versions of hardware may fix the problems  in-
       dicated below. Similar machines from vendors may	or may not exhibit the
       same problems. Different	vendors	may license their  firmware  from  the
       same  IPMI  firmware  developer,	 so  it	may be worthwhile to try work-
       arounds listed below even if your motherboard is	not listed.

       If you believe your hardware has	an additional  compliance  issue  that
       needs a workaround to be	implemented, please contact the	FreeIPMI main-
       tainers on <freeipmi-users@gnu.org> or <freeipmi-devel@gnu.org>.

       assumeio	- This workaround flag will assume inband interfaces  communi-
       cate  with  system  I/O rather than being memory-mapped.	This will work
       around systems that report invalid base addresses. Those	 hitting  this
       issue  may see "device not supported" or	"could not find	inband device"
       errors.	Issue observed on HP ProLiant DL145 G1.

       spinpoll	- This workaround flag will inform some	inband	drivers	 (most
       notably	the  KCS driver) to spin while polling rather than putting the
       process to sleep. This may significantly	improve	the wall clock running
       time  of	 tools because an operating system scheduler's granularity may
       be much larger than the time it takes to	perform	a single IPMI  message
       transaction.  However,  by spinning, your system	may be performing less
       useful work by not contexting out the tool for a	more useful task.

       authcap - This workaround flag will skip	early checks for username  ca-
       pabilities, authentication capabilities,	and K_g	support	and allow IPMI
       authentication to succeed. It works around multiple issues in which the
       remote system does not properly report username capabilities, authenti-
       cation capabilities, or K_g status. Those hitting this  issue  may  see
       "username  invalid",  "authentication  type  unavailable	 for attempted
       privilege level", or "k_g invalid"  errors.   Issue  observed  on  Asus
       P5M2/P5MT-R/RS162-E4/RX4,    Intel   SR1520ML/X38ML,   and   Sun	  Fire
       2200/4150/4450 with ELOM.

       nochecksumcheck - This workaround flag will tell	FreeIPMI to not	 check
       the  checksums  returned	 from  IPMI command responses. It works	around
       systems that return invalid checksums due to implementation errors, but
       the  packet  is otherwise valid.	Users are cautioned on the use of this
       option, as it removes validation	of packet integrity  in	 a  number  of
       circumstances.  However,	 it  is	unlikely to be an issue	in most	situa-
       tions. Those hitting this issue may see "connection timeout",  "session
       timeout",  or  "password	verification timeout" errors. On IPMI 1.5 con-
       nections, the "noauthcodecheck" workaround may also needed  too.	 Issue
       observed	 on  Supermicro	 X9SCM-iiF, Supermicro X9DRi-F,	and Supermicro
       X9DRFR.

       idzero -	This workaround	flag will allow	empty session IDs  to  be  ac-
       cepted  by  the client. It works	around IPMI sessions that report empty
       session IDs to the client. Those	hitting	this issue  may	 see  "session
       timeout"	errors.	Issue observed on Tyan S2882 with M3289	BMC.

       unexpectedauth  -  This	workaround flag	will allow unexpected non-null
       authcodes to be checked as though they were expected. It	 works	around
       an  issue  when	packets	contain	non-null authentication	data when they
       should be null due to disabled per-message authentication.  Those  hit-
       ting  this  issue  may  see "session timeout" errors. Issue observed on
       Dell PowerEdge 2850,SC1425. Confirmed fixed on newer firmware.

       forcepermsg - This workaround flag will force  per-message  authentica-
       tion  to	 be used no matter what	is advertised by the remote system. It
       works around an issue when per-message authentication is	advertised  as
       disabled	on the remote system, but it is	actually required for the pro-
       tocol. Those hitting this issue may see "session	timeout" errors.   Is-
       sue observed on IBM eServer 325.

       endianseq  -  This  workaround flag will	flip the endian	of the session
       sequence	numbers	to allow the session to	continue  properly.  It	 works
       around  IPMI  1.5  session  sequence numbers that are the wrong endian.
       Those hitting this issue	may see	"session timeout"  errors.  Issue  ob-
       served on some Sun ILOM 1.0/2.0 (depends	on service processor endian).

       noauthcodecheck	- This workaround flag will tell FreeIPMI to not check
       the authentication codes	returned from IPMI 1.5 command	responses.  It
       works  around  systems  that return invalid authentication codes	due to
       hashing or implementation errors. Users are cautioned  on  the  use  of
       this option, as it removes an authentication check verifying the	valid-
       ity of a	packet.	However, in most organizations,	this is	unlikely to be
       a  security  issue.  Those hitting this issue may see "connection time-
       out", "session timeout",	or  "password  verification  timeout"  errors.
       Issue  observed	on  Xyratex FB-H8-SRAY,	Intel Windmill,	Quanta Winter-
       fell, and Wiwynn	Windmill.

       intel20 - This workaround flag will work	around several Intel IPMI  2.0
       authentication issues. The issues covered include padding of usernames,
       and password  truncation	 if  the  authentication  algorithm  is	 HMAC-
       MD5-128.	Those hitting this issue may see "username invalid", "password
       invalid", or "k_g invalid" errors. Issue	observed  on  Intel  SE7520AF2
       with Intel Server Management Module (Professional Edition).

       supermicro20 - This workaround flag will	work around several Supermicro
       IPMI 2.0	 authentication	 issues	 on  motherboards  w/  Peppercon  IPMI
       firmware.  The issues covered include handling invalid length authenti-
       cation codes. Those hitting this	issue may see "password	 invalid"  er-
       rors.   Issue  observed	on  Supermicro H8QME with SIMSO	daughter card.
       Confirmed fixed on newerver firmware.

       sun20 - This workaround flag will work work around several Sun IPMI 2.0
       authentication issues. The issues covered include invalid lengthed hash
       keys, improperly	hashed keys, and invalid cipher	suite  records.	 Those
       hitting	this  issue  may see "password invalid"	or "bmc	error" errors.
       Issue observed on Sun Fire 4100/4200/4500 with ILOM.   This  workaround
       automatically includes the "opensesspriv" workaround.

       opensesspriv - This workaround flag will	slightly alter FreeIPMI's IPMI
       2.0 connection protocol to workaround an	invalid	hashing	algorithm used
       by  the remote system. The privilege level sent during the Open Session
       stage of	an IPMI	2.0 connection is used for hashing keys	instead	of the
       privilege  level	 sent during the RAKP1 connection stage. Those hitting
       this issue may see "password invalid", "k_g invalid", or	"bad  rmcpplus
       status  code"  errors.	Issue observed on Sun Fire 4100/4200/4500 with
       ILOM, Inventec 5441/Dell	Xanadu II, Supermicro X8DTH, Supermicro	X8DTG,
       Intel S5500WBV/Penguin Relion 700, Intel	S2600JF/Appro 512X, and	Quanta
       QSSC-S4R/Appro GB812X-CN. This workaround  is  automatically  triggered
       with the	"sun20"	workaround.

       integritycheckvalue  - This workaround flag will	work around an invalid
       integrity check value during an IPMI 2.0	session	establishment when us-
       ing  Cipher  Suite  ID 0. The integrity check value should be 0 length,
       however the remote motherboard responds with a non-empty	 field.	 Those
       hitting	this issue may see "k_g	invalid" errors. Issue observed	on Su-
       permicro	X8DTG, Supermicro X8DTU,  and  Intel  S5500WBV/Penguin	Relion
       700, and	Intel S2600JF/Appro 512X.

       assumemaxsdrrecordcount	-  This	 workaround will inform	SDR reading to
       stop reading after a known maximum numer	of SDR records have been read.
       This  will  work	 around	 systems that have mis-implemented SDR reading
       functions that. Those hitting this issue	may see	"SDR record count  in-
       valid" errors. Issue observed on	unspecified Inspur motherboard.

       No IPMI 1.5 Support - Some motherboards that support IPMI 2.0 have been
       found to	not support IPMI 1.5. Those hitting this issue may  see	 "ipmi
       2.0  unavailable"  or  "connection  timeout"  errors. This issue	can be
       worked around by	using IPMI 2.0	instead	 of  IPMI  1.5	by  specifying
       --driver-type=LAN_2_0. Issue observed on	HP Proliant DL 145.

EXAMPLES
       # bmc-device --cold-reset

       Perform a cold reset.

       # bmc-device -h ahost -u	myusername -p mypassword --cold-reset

       Perform a cold reset of a remote	machine	using IPMI over	LAN.

       # bmc-device -h mycluster[0-127]	-u myusername -p mypassword --cold-re-
       set

       Perform a cold reset across a cluster using IPMI	over LAN.

DIAGNOSTICS
       Upon successful execution, exit status is 0. On error, exit  status  is
       1.

       If multiple hosts are specified for communication, the exit status is 0
       if and only if all targets successfully	execute.  Otherwise  the  exit
       status is 1.

KNOWN ISSUES
       On  older  operating systems, if	you input your username, password, and
       other potentially security relevant information on  the	command	 line,
       this information	may be discovered by other users when using tools like
       the ps(1) command or looking in the /proc file system. It is  generally
       more  secure  to	input password information with	options	like the -P or
       -K options. Configuring security	relevant information in	 the  FreeIPMI
       configuration file would	also be	an appropriate way to hide this	infor-
       mation.

       In order	to prevent brute force attacks,	 some  BMCs  will  temporarily
       "lock  up" after	a number of remote authentication errors. You may need
       to wait awhile in order to this temporary "lock up" to pass before  you
       may authenticate	again.

REPORTING BUGS
       Report bugs to <freeipmi-users@gnu.org> or <freeipmi-devel@gnu.org>.

COPYRIGHT
       Copyright (C) 2008-2015 FreeIPMI	Core Team.

       This program is free software; you can redistribute it and/or modify it
       under the terms of the GNU General Public License as published  by  the
       Free  Software Foundation; either version 3 of the License, or (at your
       option) any later version.

SEE ALSO
       freeipmi.conf(5), freeipmi(7)

       http://www.gnu.org/software/freeipmi/

bmc-device 1.5.5		  2017-07-08			 BMC-DEVICE(8)

NAME | SYNOPSIS | DESCRIPTION | GENERAL OPTIONS | BMC-DEVICE OPTIONS | SDR CACHE OPTIONS | TIME OPTIONS | HOSTRANGED OPTIONS | HOSTRANGED SUPPORT | GENERAL TROUBLESHOOTING | WORKAROUNDS | EXAMPLES | DIAGNOSTICS | KNOWN ISSUES | REPORTING BUGS | COPYRIGHT | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=bmc-device&sektion=8&manpath=FreeBSD+12.0-RELEASE+and+Ports>

home | help