Enabling the IPMI and adding IPMI user accounts

Edit online

Learn how to enable the Intelligent Platform Management Interface (IPMI) and add IPMI user accounts on your eBMC-based system.

Notes:
  1. Before you can use the IPMI, you must enable the IPMI service and authorize the user account to use IPMI.
  2. Only local eBMC user accounts can be authorized to use the IPMI.
  3. The local user accounts are common between the ASMI GUI, Redfish APIs, and IPMI. The IPMI can see only user accounts that are authorized to use the IPMI.

Enabling the IPMI

You can enable the IPMI on eBMC-based systems by using Redfish APIs or the ASMI GUI.

To enable the IPMI by using Redfish APIs, complete the following steps:
  1. Check if IPMI is enabled by running the following command: 
    $ curl -k -X GET https://service:password@hostname/redfish/v1/Managers/bmc/NetworkProtocol
...
  "IPMI": {
    "Port": null,
    "ProtocolEnabled": false              <== false: disabled; true: enabled
  },
  2. Enable the IPMI by running the following command:
    $ curl -k -X PATCH https://service:password@hostname/redfish/v1/Managers/bmc/NetworkProtocol -d '{"IPMI": {"ProtocolEnabled": true}}'
  3. Verify whether the IPMI is enabled by running the following command:
    $ curl -k -X GET https://service:password@hostname/redfish/v1/Managers/bmc/NetworkProtocol
To enable the IPMI by using the ASMI GUI, complete the following steps:
  1. Log on to the ASMI GUI.
  2. Navigate to Security and Access > Policies.
  3. Click the toggle switch next to Network IPMI (out-of-band IPMI).

Enabling user accounts to use the IPMI

You can enable IPMI user accounts on your system.

To enable IPMI user accounts, complete the following steps:
Note: The following example shows how to create a new ipmiadmin account and authorize the account to use IPMI.
  1. Add the IPMI admin user with Administrator role by running the following command:
    $ curl -k -X POST  https://service:password@hostname/redfish/v1/AccountService/Accounts/ -d '{"UserName": "ipmiadmin", "Password": "password", "Role
Id": "Administrator"}'
{
  "@Message.ExtendedInfo": [
    {
      "@odata.type": "#Message.v1_1_1.Message",
      "Message": "The resource has been created successfully",
      "MessageArgs": [],
      "MessageId": "Base.1.8.1.Created",
      "MessageSeverity": "OK",
      "Resolution": "None"
    }
  ]
}
  2. Verify the ipmiadmin user with Administrator role by running the following command:
    $ curl -k -X GET https://service:password@hostname/redfish/v1/AccountService/Accounts/ipmiadmin
{
  "@odata.id": "/redfish/v1/AccountService/Accounts/ipmiadmin",
  "@odata.type": "#ManagerAccount.v1_7_0.ManagerAccount",
  "AccountTypes": [			<== Note NO IPMI AccountType is listed
    "Redfish",
    "HostConsole",
    "ManagerConsole",
    "WebUI"
  ],
  "Description": "User Account",
  "Enabled": true,
  "Id": "ipmiadmin",
  "Links": {
    "Role": {
      "@odata.id": "/redfish/v1/AccountService/Roles/Administrator"
    }
  },
  "Locked": false,
  "Locked@Redfish.AllowableValues": [
    "false"
  ],
  "Name": "User Account",
  "Password": null,
  "PasswordChangeRequired": false,
  "RoleId": "Administrator",		<== Role
  "StrictAccountTypes": true,
  "UserName": "ipmiadmin"		<== username
}
  3. Add the ipmiadmin user to the IPMI group by running the following command:
    $ curl -k -X PATCH https://service:password@hostname/redfish/v1/AccountService/Accounts/ipmiadmin -d '{"AccountTypes": ["Redfish", "IPMI", "HostConsole", "WebUI", "ManagerConsole"]}'
{
  "@Message.ExtendedInfo": [
    {
      "@odata.type": "#Message.v1_1_1.Message",
      "Message": "Successfully Completed Request",
      "MessageArgs": [],
      "MessageId": "Base.1.8.1.Success",
      "MessageSeverity": "OK",
      "Resolution": "None"
    }
  ]
}
    Note: To get the correct value to PATCH, complete the following steps:
    1. GET the value as shown in step 2.
    2. Add IPMI to the list. Do not change any other values.
    3. PATCH the new value as shown in step 3.
  4. Verify that the ipmiadmin user is added to the IPMI group by running the following command:
    $ curl -k -X GET https://service:password@hostname/redfish/v1/AccountService/Accounts/ipmiadmin
{
  "@odata.id": "/redfish/v1/AccountService/Accounts/ipmiadmin",
  "@odata.type": "#ManagerAccount.v1_7_0.ManagerAccount",
  "AccountTypes": [
    "IPMI",			<== user is in IPMI group
    "Redfish",
    "HostConsole",
    "ManagerConsole",
    "WebUI"
  ],
  5. Change the password of the ipmiadmin user by running the following command:
    $ curl -k -X PATCH  https://service:password@hostname/redfish/v1/AccountService/Accounts/ipmiadmin -d '{"Password": "password"}'
  6. Use the ipmitool to run commands on supported interfaces by running the following commands: 
    $ ipmitool -I lanplus -C 17 -p 623 -U ipmiadmin -P password -H hostname power status
Chassis Power is on
Note: The IPMI remains enabled and user accounts are available after restarts.