Cube remote management

From Netsoc Wiki
Revision as of 00:00, 15 July 2012 by Stesh (talk | contribs) (Notes)
Jump to: navigation, search

Cube is equipped with a fancier IPMI card than the one in Spoon, which allows us to remotely do a number of things which would otherwise require physical access, including

  • Operating the chassis power switch
  • selecting a kernel
  • dropping into single-user mode

IPMI also tells us such things as the ambient temperature around cube and the speed at which its fans are spinning. It can also determine whether or not the cover is open, and logs power failures and the like. All in all, it's very cool.

Bringing cube up remotely

It is possible to power cube on and bring it up from the comfort of your own home instead of travelling into College. You need SSH access to a machine in College which has ipmitool installed, since cube's IPMI interface isn't exposed to the Internet. Such machines include spoon, and prime in the netsoc room.

First, connect to cube's IPMI interface:

$ ipmitool -I lanplus -U root -H cube-ipmi.netsoc.tcd.ie shell

Enter the IPMI password, and you'll then be presented with an interactive IPMI shell prompt:

ipmitool>

To see whether or not cube is currently powered on:

ipmitool> power status

To operate the power switch:

ipmitool> power on

You should almost never have to operate the power switch in the other direction with power off; doing so has the same effect as physically mashing the button on the front of cube, complete with unclean shutdown of the OS, and all the bad things that can follow.

You can now connect to the serial console via SOL (serial-over-LAN), and watch the machine boot. First you may need to set a baud rate:

ipmitool> sol set volatile-bit-rate 115.2 1 ipmitool> sol set non-volatile-bit-rate 115.2 1

You can then activate the SOL interface:

ipmitool> sol activate

If you see [SOL Session operational. Use ~? for help], then you're sitting at cube's console. Everything you would normally see during boot, including the GRUB menu, will be displayed here. When the machine is up, you'll be presented with a regular old Debian login prompt (notice that you're sitting at ttyS1, a real serial tty), from which you can log in, become root, and get to work setting stuff up:

[SOL Session operational. Use ~? for help]

Debian GNU/Linux 6.0 cuberoot ttyS1

cuberoot login:

Make sure you disable the SOL interface when you're done, in case someone else needs to connect to it:

$ ipmitool -I lanplus -U root -H cube-ipmi.netsoc.tcd.ie sol deactivate

Notes

  • If the IPMI password is to be changed, this should only be done with physical access to cube (otherwise it is sent in plaintext over the network)
  • Access to the IPMI interface and serial console by an unauthorized person would essentially mean that cube is rooted: if you can reboot, you

can get to GRUB, and if you can get to GRUB, you can drop into single-user mode.