IPMI capable board and how I can reach it

tessierp · June 19, 2020, 12:09am

Hi everyone,

So I am about to build a FIREWALL project using Nethserver. I’ll be using a IPMI capable board, Nethserver will run under Proxmox. In the case of a power outage, I want to be able to reach the IPMI interface to power the machine up. I’m trying to how to do this. If I have to plug my ISP RJ-45 to my WAN interface for Nethserver and the IPMI interface is connected to the internal network but Nethserver is down, I wont be able to reach it. Which leaves the option of plugging the ISP RJ-45 to a dumb switch and have a cable run to the IPMI and to the WAN interface however, most ISPs only assign 1 IP…

So I’m not 100% sure how to do this. Anyone has experience with that?

Andy_Wismer · June 19, 2020, 1:10am

@tessierp

Why not just set the BIOS to boot as soon as power resumes? Most BIOSes have these power options…

I have this exact situation at a friends home. If he’s on vacation, and there is a (longer) power outage, the HP Microserver Gen8 will boot up as soon as Power’s there (So will the Internet…).

As soon as this stage is reached, I’ll have access in about 5 minutes - without me having to do anything!

The HP Microserver boots.
OPNsense Firewall and NethServer in Proxmox are set to Autostart, as first and second VMs to boot.
Remote Access is possible…

My 2 cents
Andy

tessierp · June 19, 2020, 1:25am

Definitely could be an option to consider but, I would still like to reach the IPMI interface if I can.

Andy_Wismer · June 19, 2020, 1:30am

If you had a seperate firewall box like OPNsense, this would be possible…
This, and your Internet Box (Router/Bridge/Cable Modem/Whatever) both need to start as soon as power’s there.

If no Internet or no Power, you have no IPMI to reach…

So in any case, you need at least one box to autostart, usually at least two…

-> This is the reason IPMI is NOT intended to start a box after a power outage from afar.
It’s great if you need to force a hanging OS to reboot, but not for outages…

It’s then just a matter of Port forwarding, as providers usually only allocate you one IP.

tessierp · June 19, 2020, 1:50am

Somehow I figured you were going to tell me that and it is pretty much the conclusion I was coming to but was trying to see if perhaps there was something I didn’t think about. I could always have it auto power on but if power on fails for any reason after an outage, I’ll have a machine just hanging not doing anything…

Andy_Wismer · June 19, 2020, 1:51am

If a box is broken, it’s broken. No IPMI will help there!
If not, it’ll boot. Proxmox is VERY stable! So is OPNsense!

tessierp · June 19, 2020, 1:54am

No I understand that. What I was saying is, in the case the bios is screwed up, it happens sometimes and asks you to configure it again. At least with IPMI I’m guessing since this is a computer in a computer, if I could reach it, I would for a restart. It is more from the point of view of the hardware hanging not the software.

Andy_Wismer · June 19, 2020, 1:58am

I’ve NEVER had server class Hardware hang on me after a power outage (25+ years!). Not even on the HP Microserver series, the smallest they have. Not even a disk outage (Normal HDs, not SSDs, they’re more suseptable to power outages in full run). Even the BIOS are “Bullet-proof” as the saying goes…

There ARE good reasons there are different types of hardware, just like there are different sorts of cars.

A Ferrari might be a fast & powerful car, but it’s just not suitable if I need to plough my field…

danb35 · June 19, 2020, 10:15am

…but a Lamborghini could be…

Andy_Wismer · June 19, 2020, 10:23am

@danb35

Actually, until 1973, Lamborghini DID produce Tractors for farming, the division was sold/split off to Same Tracttori…

But if you still had a Tractor labeled Lamborghini, it might be too valuable as a Vintage to go on the fields with it!

Ferrari only made fast / racing cars…

My 2 cents
Andy

danb35 · June 19, 2020, 10:28am

Yes, I know, hence my comment.

pike · June 19, 2020, 2:15pm

Don’t make me start talking about italian fast cars, please…
@tessierp do you know/use iLO?

tessierp · June 19, 2020, 3:15pm

I do not know iLO, could you indulge me and explain what that is please?

danb35 · June 19, 2020, 3:41pm

iLO is a particular implementation (HP’s, I believe) of an IPMI-like capability.

tessierp · June 19, 2020, 4:00pm

Are there any PCI-E addin cards for iLO?

danb35 · June 19, 2020, 4:09pm

No doubt. But “very stable” is not the same as flawless or bug-free, both of which you’ll have to admit to being inapplicable to any significant piece of software. One of my PVE hosts lost network connectivity yesterday. ifdown/ifup didn’t fix it, but a reboot did. Common? No, it’s never happened before–but it still happened. With IPMI, I could have rebooted the server remotely (IPMI has its own NIC), without needing to head over to the server’s location and plug in the monitor.

Andy_Wismer · June 19, 2020, 4:20pm

@danb35

And for what would you need to boot up the server externally?
Since Internet would need to be connected to the IMPI directly, NethServer would have NO Internet access, and also not be accessible at all from the outside…

As I’m sure you’ve read above, Patrick here want’s to use his planned NethServer as a firewall, with the Nethserver running virtualized inside the Proxmox.

Now, If the Internet terminates in Nethserver, which is inside Proxmox, you’re simply stuck!

If you hook up your IMPI to the Internet, then why bother starting up your NethServer from outside?
There’s nothing on your NethServer you can access from outside.

You’ld need at least a second, dedicated Internet connection for this to work…

Egg or Hen problem?

I assume in nature the egg was first - not necessarily laid by a hen…

But in this case here: Show me a IPMI which can switch over the Internet in case of something not working.

I’d say my IT “legalese” is pretty sound logic!

Also, only HP has Proliants, Dell isn’t HP…
They’re good, but they’re NOT Proliants!

In 25 years using Proliants, none died before 9 years old, only two issues with new Servers, one had a hairline crack on the SAS disks backplane board (Invisible to the naked eye), the second was supplied with the only RAM which won’t work, all other suppliers would have worked. But these two were new, and HP had to fix that!

My 2 cents
Andy

SpiceDenver · June 19, 2020, 7:55pm

The only way to get to any kind of IPMI (iDRAC or iLO are the popular ones) is through IP. If you are concerned about accessing it WITHOUT using server resources, you’ll need a remote-capable machine that’s on-net. I suggest a Raspberry Pi. You can install any number of tools on the SD card, boot it to your standardized Pi hardware, and remote in from wherever as long as it’s connected to the main power supply. Otherwise, you’d need a laptop with teamviewer or some other similar software.

Be sure to check out MeshCentral as an additional resource in this problem.

Andy_Wismer · June 19, 2020, 8:01pm

@SpiceDenver

Hi

The Issue here is rebooting your Server with your NethServer as firewall inside if there’s any hardware / BIOS hiccups.

If your router / firewall goes down, you NEED a second Internet - if you still want access from outside!

I love and use Raspberries a lot, but without IP connection, they’re no help from outside.

And if you use IPMI like I use ILO (a very lot!), and decide to connect your Internet to your Raspberry or directly to the IPMI Interface, you don’t need to reboot the server, as it won’t have any Internet access!

My 2 cents
Andy

SpiceDenver · June 19, 2020, 8:36pm

Then what it really comes down to is a networking issue. Basic routing, or port forwarding, to the Pi. That’s more of a business cost/continuity concern, too.