IPMI Bridge¶
About¶
The Vapor IPMI bridge allows users of OpenDCRE to utilize both bus-bar-based power line communications, and LAN-based IPMI communications for equipment monitoring and management. The IPMI bridge is included with OpenDCRE v1.1.0 and later, and supports power control and status via IPMI using the OpenDCRE REST API.
Requirements¶
OpenMistOS must be connected to a wired LAN network that can reach all BMCs configured to be managed over OpenDCRE.
Knowledge of BMC IP addresses, authentication, integrity and encryption types as well as usernames and passwords (where applicable) required.
- IPMI 2.0 Authentication types supported:
NO_AUTHENTICATION_ALGORITHM
: No authentication used to establish IPMI session.RAKP_HMAC_SHA1
: RAKP HMAC SHA1-128 authentication used to establish IPMI session.
- IPMI 2.0 Integrity types supported:
NO_INTEGRITY_ALGORITHM
: No integrity algorithm used in IPMI session.HMAC_SHA1_96
: HMAC SHA1-96 used to verify packet integrity.
- IPMI 2.0 Encryption types supported:
NO_ENCRYPTION_ALGORITHM
: No encryption used to ensure confidentiality of IPMI packets in session.AES_CBC_128
: AES 128-bit CBC encryption used to ensure confidentiality of IPMI packets.
Configuration¶
The Vapor IPMI bridge is configured via the bmc_config.json
file, which must be placed in the top level of the OpenDCRE distribution. An example file, bmc_config_sample.json
is included with OpenDCRE (located in the opendcre_southbound
directory), and may be modified to one’s environment.
All IPMI BMCs successfully configured will show up on a scan
command result as devices under board_id
40000000.
{
"bmcs": [
{
"bmc_ip": "192.168.1.118",
"username": "ADMIN",
"password": "ADMIN",
"auth_type": "RAKP_HMAC_SHA1",
"integrity_type": "HMAC_SHA1_96",
"encryption_type": "AES_CBC_128"
},
{
"bmc_ip": "192.168.1.119",
"username": "root",
"password": "vapor",
"auth_type": "RAKP_HMAC_SHA1",
"integrity_type": "HMAC_SHA1_96",
"encryption_type": "AES_CBC_128"
}
]
}
For each BMC supported, an entry is added to the bmcs
list above. Each entry must include:
bmc_ip
- the IP address (as a string) corresponding to the BMC to be managed. IP address must be reachable by OpenMistOS.username
- the username to use in connecting to the BMC - may be an empty string if no username is used.password
- the password to use in connecting to the BMC - may be an empty string if no username is used.auth_type
- the type of authentication to use in connecting to the BMC, supported values:NO_AUTHENTICATION_ALGORITHM
RAKP_HMAC_SHA1
integrity_type
- the type of integrity validation to use in communicating with the BMC, supported values:NO_INTEGRITY_ALGORITHM
HMAC_SHA1_96
encryption_type
- the type of encryption to use in communicating with the BMC, supported values:NO_ENCRYPTION_ALGORITHM
AES_CBC_128
If a field is missing, or the bmc_config.json
file is improperly formatted, OpenDCRE IPMI capabilities will not be available.
Once the configuration file has been successfully edited, rebuild the OpenDCRE Docker container, and verify the configured BMC devices are returned via a scan
command.
Each BMC device will show up as a board, with board_id
in the range of 40000001
... 40FFFFFF
.
OpenDCRE commands may be issued against IPMI and PLC devices without change in command format.
Tested BMCs¶
OpenDCRE v1.2 has been tested and verified to be compatible with IPMI 2.0 connections and commands for the following BMCs:
- ASpeed AST2400 (via HPE CL7100)
- Nuvoton WPCM450RA0BK (via SuperMicro X7SPA-HF)
- ASpeed AST2050 (via Tyan S8812)
- ASpeed AST1250 (via Freedom)
The OpenDCRE community welcomes testing and bug reports against other BMCs and system types.