Linux 에서 IPMI Log 가져오기

결론 요약 커맨드

#로그 확인
ipmitool -I lan -U root -L USER sel list -H 10.178.209.106
#현재 시스템 시간
ipmitool -I lan -U root -L USER sel time get -H 10.178.209.106

네트워크 접근

Softlayer 에서는 IPMI의 사설 주소는 같은 계정 내에서는 모두 접근 할수 있다.
물론 네트워크 정책상 허용 했을 경우 이다. (기본 허용)
VLAN 분리나, 방화벽으로 분리한 경우는 당연히 안된다.

IPMI 계정 접근

포털 UI나 API로 확인 가능하다.
그런데 User ID는 기본으로 root인데 권한은 일반 USER이다. (괜히 헤갈리게 ㅡoㅡ+)
물론 티켓으로 root 유저를 Admin으로 승급 시켜달라고 하면 해주긴한다.
그냥 IPMI 커맨드를 날리면 Privilege Level : ADMINISTRATOR 로 잡기 때문에
Activate Session error: Requested privilege level exceeds limit 오류가 뜬다.
결론은 -L USER 옵션을 주면 그냥 USER 권한으로 실행한다.
지금은 로그 값 읽기만 하면 되므로 그냥 기본 USER 권한을 유지한 채로 사용 할것이다.

디버그 옵션

-vv 옵션을 주면 상세 내용이 나온다.

[root@cmd ~]# ipmitool -H 10.178.209.106 -U root fru
Password:
Activate Session error:    Requested privilege level exceeds limit
Error: Unable to establish LAN session
Error: Unable to establish IPMI v1.5 / RMCP session

이걸 -vv를 주면 Privilege Level : ADMINISTRATOR 를 요청 해서 오류나는것을 확인 할 수 있다.

[root@cmd ~]# ipmitool -vv -H 10.178.209.106 -U root fru
Password:
Sending IPMI/RMCP presence ping packet
Received IPMI/RMCP response packet:
  IPMI Supported
  ASF Version 1.0
  RMCP Version 1.0
  RMCP Sequence 255
  IANA Enterprise 4542

ipmi_lan_send_cmd:opened=[1], open=[-204238448]
Channel 01 Authentication Capabilities:
  Privilege Level : ADMINISTRATOR
  Auth Types      : MD2 MD5 PASSWORD
  Per-msg auth    : enabled
  User level auth : enabled
  Non-null users  : enabled
  Null users      : disabled
  Anonymous login : disabled

Proceeding with AuthType MD5
ipmi_lan_send_cmd:opened=[1], open=[-204238448]
Opening Session
  Session ID      : ff00001a
  Challenge       : 458a142850a040802142840810204080
  Privilege Level : ADMINISTRATOR
  Auth Type       : MD5
ipmi_lan_send_cmd:opened=[1], open=[-204238448]
Activate Session error:    Requested privilege level exceeds limit
Error: Unable to establish LAN session
Error: Unable to establish IPMI v1.5 / RMCP session

FRU (Field Replaceable Unit) 확인

root@cmd ~]# ipmitool -H 10.178.209.106 -U root -L USER fru
Password:
FRU Device Description : Builtin FRU Device (ID 0)
 Chassis Type          : Other
 Chassis Part Number   : CSE-819UTS-ㅇㅇㅇㅇ-ST031
 Chassis Serial        : C8ㅇㅇㅇㅇㅇㅇ13
 Board Mfg Date        : Mon Jan  1 09:00:00 1996
 Board Mfg             : Supermicro
 Board Serial          : OM17ㅇㅇㅇㅇ9
 Board Part Number     : X11DPU
 Product Manufacturer  : Supermicro
 Product Part Number   : SYS-ㅇㅇㅇㅇ-TN4R4T
 Product Serial        : A291ㅇㅇㅇㅇ908570

SEL (System Event Log) 확인

-I lan은 인터페이스 지정으로 위에서 처럼 생략 가능 하다. -L USER로 권한을 일반 유저로 지정한 것을 확인한다.

 [root@cmd ~]# ipmitool -I lan -U root -L USER sel list -H 10.178.209.106
Password:
   1 | 02/12/2019 | 23:43:04 | OS Boot | C: boot completed () | Asserted
   2 | 02/12/2019 | 23:56:40 | OS Critical Stop | Run-time critical stop () | Asserted
   3 | 02/12/2019 | 23:56:40 | OS Critical Stop | OS graceful shutdown () | Asserted
   4 | 02/12/2019 | 23:58:28 | OS Boot | C: boot completed () | Asserted
   5 | 02/12/2019 | 23:59:19 | OS Critical Stop | OS graceful shutdown () | Asserted
   6 | 02/13/2019 | 00:01:27 | OS Boot | C: boot completed () | Asserted
   7 | 02/13/2019 | 00:18:01 | Unknown #0xff |  | Asserted
   8 | 02/13/2019 | 00:19:30 | Physical Security #0xaa | General Chassis intrusion () | Asserted
   9 | 02/13/2019 | 00:20:08 | OS Boot | C: boot completed () | Asserted
   a | 02/13/2019 | 00:47:00 | OS Critical Stop | OS graceful shutdown () | Asserted
   b | 02/13/2019 | 00:49:20 | OS Boot | C: boot completed () | Asserted
   c | 02/14/2019 | 03:42:02 | OS Critical Stop | OS graceful shutdown () | Asserted
   d | 02/14/2019 | 10:18:49 | OS Boot | C: boot completed () | Asserted
   e | 02/14/2019 | 10:22:57 | OS Boot | C: boot completed () | Asserted
   f | 02/14/2019 | 10:35:27 | OS Boot | C: boot completed () | Asserted
  10 | 02/14/2019 | 10:49:15 | OS Critical Stop | Run-time critical stop () | Asserted
  11 | 02/14/2019 | 10:49:15 | OS Critical Stop | OS graceful shutdown () | Asserted
  12 | 02/14/2019 | 10:51:04 | OS Boot | C: boot completed () | Asserted
  13 | 02/14/2019 | 10:51:55 | OS Critical Stop | OS graceful shutdown () | Asserted
  14 | 02/14/2019 | 10:54:03 | OS Boot | C: boot completed () | Asserted
  15 | 02/14/2019 | 11:39:11 | OS Critical Stop | OS graceful shutdown () | Asserted
  16 | 02/14/2019 | 11:41:31 | OS Boot | C: boot completed () | Asserted
  17 | 03/21/2019 | 23:50:01 | OS Critical Stop | OS graceful shutdown () | Asserted
  18 | 03/21/2019 | 23:52:24 | OS Boot | C: boot completed () | Asserted
  19 | 03/21/2019 | 23:53:10 | OS Critical Stop | OS graceful shutdown () | Asserted
  1a | 03/21/2019 | 23:55:23 | OS Boot | C: boot completed () | Asserted
  1b | 04/14/2019 | 21:24:42 | Session Audit #0xff |  | Asserted
  1c | 04/14/2019 | 21:34:01 | Session Audit #0xff |  | Asserted
  1d | 04/14/2019 | 21:40:01 | Session Audit #0xff |  | Asserted
  1e | 04/14/2019 | 21:41:17 | Session Audit #0xff |  | Asserted

IPMI 상의 현재 시스템 시간 확인

 [root@cmd ~]# ipmitool -I lan -U root -L USER sel time get -H 10.178.209.106

활용

AWX에서 서버별 실행해서 Elastic Search로 집어넣으려고 했으나.... 변경 분만 어떻게 넣을 지 고민이다.
그냥 매번 넣고 ES에서 중복제거를 해야 할지..

IPMI 세부 참조는 아래 글 참고

https://docs.oracle.com/cd/E19464-01/820-6850-11/IPMItool.html#50602039_63068
http://fibrevillage.com/sysadmin/71-ipmitool-useful-examples
http://coffeenix.net/board_print.php?bd_code=1765
http://coffeenix.net/board_print.php?bd_code=1766
https://annvix.com/using_swatch_to_monitor_logfiles

'Cloud > Softlayer' 카테고리의 다른 글

IPMI user 권한 상승  (0) 2019.04.29
Windows 2016 Language Pack 설치가 안될 때  (0) 2018.09.10
VRF(Virtual Routing and Forwarding)란 무엇인가요?  (0) 2018.07.24
Global IP setting  (0) 2018.07.08
SuperMicro 보드 Turbo Boost 켜기  (0) 2018.06.28

AWS는 re:Invent 때 항상 깜짝 놀랄만한 서비스를 출시합니다.

아무도 예상 못해선... 설마했던... 그것을 아마존이 또 출시했네요.. 바로 VM이 아닌 물리서버인 베어메탈 서비스 입니다.

사실 VMware on AWS를 출시할 때 부터 가능성이 점쳐졌던 거긴 한데요...

설마 진짜 베어메탈 서비스를 출시 할지 몰랐네요. 사용자 입장에서의 사용성은 베어메탈도 VM과 동일 합니다.

서버의 순수한 성능을 다 확보 할수 있고, 라이센스 정책에서 좀 더 자유로울 수 있겠네요.

Softlayer(IBM Cloud)가 거의 베어메탈의 표준 처럼 잡고 있는 클라우드였는데요.... 이제 긴장해야겠습니다. 

아직 AWS가 프리뷰이긴하지만 언제 훅 치고 들어올지 모르니까요.


출처: https://aws.amazon.com/ko/blogs/aws/new-amazon-ec2-bare-metal-instances-with-direct-access-to-hardware/

Amazon EC2 Bare Metal Instances with Direct Access to Hardware

When customers come to us with new and unique requirements for AWS, we listen closely, ask lots of questions, and do our best to understand and address their needs. When we do this, we make the resulting service or feature generally available; we do not build one-offs or “snowflakes” for individual customers. That model is messy and hard to scale and is not the way we work.

Instead, every AWS customer has access to whatever it is that we build, and everyone benefits. VMware Cloud on AWS is a good example of this strategy in action. They told us that they wanted to run their virtualization stack directly on the hardware, within the AWS Cloud, giving their customers access to the elasticity, security, and reliability (not to mention the broad array of services) that AWS offers.

We knew that other customers also had interesting use cases for bare metal hardware and didn’t want to take the performance hit of nested virtualization. They wanted access to the physical resources for applications that take advantage of low-level hardware features such as performance counters and Intel® VT that are not always available or fully supported in virtualized environments, and also for applications intended to run directly on the hardware or licensed and supported for use in non-virtualized environments.

Our multi-year effort to move networking, storage, and other EC2 features out of our virtualization platform and into dedicated hardware was already well underway and provided the perfect foundation for a possible solution. This work, as I described in Now Available – Compute-Intensive C5 Instances for Amazon EC2, includes a set of dedicated hardware accelerators.

Now that we have provided VMware with the bare metal access that they requested, we are doing the same for all AWS customers. I’m really looking forward to seeing what you can do with them!

New Bare Metal Instances
Today we are launching a public preview the i3.metal instance, the first in a series of EC2 instances that offer the best of both worlds, allowing the operating system to run directly on the underlying hardware while still providing access to all of the benefits of the cloud. The instance gives you direct access to the processor and other hardware, and has the following specifications:

  • Processing – Two Intel Xeon E5-2686 v4 processors running at 2.3 GHz, with a total of 36 hyperthreaded cores (72 logical processors).
  • Memory – 512 GiB.
  • Storage – 15.2 terabytes of local, SSD-based NVMe storage.
  • Network – 25 Gbps of ENA-based enhanced networking.

Bare Metal instances are full-fledged members of the EC2 family and can take advantage of Elastic Load BalancingAuto ScalingAmazon CloudWatchAuto Recovery, and so forth. They can also access the full suite of AWS databaseIoTmobileanalyticsartificial intelligence, and security services.

Previewing Now
We are launching a public preview of the Bare Metal instances today; please sign up now if you want to try them out.

You can now bring your specialized applications or your own stack of virtualized components to AWS and run them on Bare Metal instances. If you are using or thinking about using containers, these instances make a great host for CoreOS.

An AMI that works on one of the new C5 instances should also work on an I3 Bare Metal Instance. It must have the ENA and NVMe drivers, and must be tagged for ENA.

— Jeff;

 


+ Recent posts