BMC Management
NVIDIA BMC is based on the OpenBMC open-software framework which builds a complete Linux image for a board management controller (BMC). It uses the Yocto project as the underlying building and distro generation framework.
The primary software components of BMC are the following:
U-boot bootloader
Linux kernel
OpenBMC distro
There is a software version for each of the BMC software components. You may retrieve this information by running the following for each component:
U-boot version – version command from the u-boot prompt
Linux version – uname -a command from the Linux prompt
OpenBMC version – cat /etc/os-release from the Linux prompt
BMC starts booting through u-boot bootloader once the power supply is powered on.
By default, the BMC automatically boots into Linux. To stop at the u-boot prompt, users must type the password 0penBmc (note the use of the digit zero in 0pen) within 5 seconds. To boot Linux from the u-boot prompt, type boot.
The BMC provides indications of its status during its operation:
Scenario
Message
At the beginning of the boot process of the u-boot
Nvidia Bluefield BMC U-BOOT starting
At the beginning of the OS boot process
Nvidia Bluefield BMC Starting kernel ...
At the login prompt
Nvidia Bluefield BMC OS is up and running
Upon reboot or shutdown
Nvidia Bluefield BMC is shutting down
The default password for the root user, to be typed in once Linux is booted, is 0penBmc.
ImportantThe default global password is set to expire upon first login. A new password must be configured according to the following policy:
Minimum length: 13
Minimum upper-case characters: 1
Minimum lower-case characters: 1
Minimum digits: 1
Note that the root account locks after four consecutive failed attempts and automatically unlocks after 10 minutes.
The BlueField platform BMC uses Flattened Image Tree (FIT) format for its Linux kernel.
The output from u-boot's imls command shows the configurations within the FIT image. By default, u-boot has bootcmd_string=bootm 0x20070000 configured and there is no configuration ID used to boot configuration 1 or 2 of the FIT image. So, by default, the BlueField platform BMC boots using BlueField 1U Reference Platform DTB file.
To boot the BMC using the BlueField 2U Reference Platform DTB, do one of two things from the u-boot command line:
For a one-time boot of the platform, run:
bootm 0x20070000#conf@aspeed-bmc-mlx-bluewhale2u.dtb
For persistent boot of the 2U reference platform, modify the environmental variable bootcmd_string:
setenv bootcmd_string bootm 0x20070000#conf@aspeed-bmc-mlx-bluewhale2u.dtb saveenv boot
The supported user management commands are listed in the following table.
No. |
Function |
Command |
1 |
List the users |
For example:
|
2 |
User creation |
For example:
|
3 |
Set user password |
For example:
Password policy:
|
4 |
Enable user |
For example:
|
5 |
Disable user |
For example:
|
6 |
Set user privilege |
Where "privilege level":
For example:
|
7 |
Enable remote IPMI command functionality for user |
For example:
|
8 |
Lanplus commands to execute IPMI commands remotely for users with admin permissions |
For example:
|
9 |
Lanplus commands to execute IPMI commands remotely for users with other than administrator roles |
For example:
|
10 |
Delete user |
For example:
|
The BMC MAC address is derived from the DPU's base MAC with +2 offset. For example:
Base MAC |
B8:CE:F6:F7:FF:8C |
BMC MAC |
B8:CE:F6:F7:FF:8E |
BMC management network interface can be configured using IPMI. By default, BMC comes up with the DHCP network configuration.
Network configuration functions:
Setting DHCP/Static network mode configuration
Adding/setting IPv4/IPv6 configuration including IP address, gateway, netmask
Adding DNS servers
Adding NTP server
Setting BMC time with NTP server or system RTC
The following table lists the available network IPMI commands:
No. |
Function |
Command |
Description |
1 |
Change mode to Static |
For example:
|
Sets LAN channel 1 IP config mode to static which corresponds to network interface "eth0" |
2 |
Change mode to DHCP |
For example:
|
Sets LAN channel 1 IP config mode to DHCP which corresponds to the network interface "eth0" |
3 |
Add IPv4 address |
|
Adds IPv4 address, default gateway, and netmask to the network interface "eth0" |
4 |
Get IPv4 config |
|
Gets IPv4 network config for channel 1 which corresponds to the network interface "eth0" |
5 |
Set IPv6 address |
|
Adds IPv6 address to the network interface "eth0" |
6 |
Get IPv6 config |
|
Gets IPv6 network config for channel 1 which corresponds to the network interface "eth0" |
7 |
Get DNS server |
Output:
Corresponds to: 10.15.12.67 |
Gets the DNS server |
8 |
Add DNS server |
Output:
Corresponds to: 10.15.12.67 |
Adds the DNS server |
9 |
Get NTP server |
Output:
Where:
|
Gets NTP server |
10 |
Add NTP server |
Where:
|
Adds NTP server |
11 |
Enable time sync to NTP server |
Where:
|
Enables NTP time sync |
12 |
Enable time sync to system RTC |
Where:
|
Disables NTP time sync |
DPU reset and checking reset status can be performed from a remote server using the openbmctool.
No. |
Function |
Command |
Description |
1 |
Trigger soft reset to the DPU |
Where:
|
Triggers soft reset to the DPU |
2 |
Track DPU reset status |
Where:
|
Track the BMC-DPU reset status |
Run the following IPMI command to factory reset the BMC configuration.
ipmitool raw 0x32 0x66
After issuing the ipmitool raw command for factory reset, you must log into the BMC and reboot it for the factory reset to take effect.
If you have lost your BMC login credentials and cannot login, you may issue the following command from the BlueField Arm:
ipmitool mc reset cold
Factory reset also sets the global password for the root user back to its default (0penBmc). Upon first boot following factory reset, make sure to reconfigure the default global password to prevent potential malicious attackers from hacking your system.
Be sure to follow this password policy:
Minimum length: 13
Minimum upper case characters: 1
Minimum lower case characters: 1
Minimum digits: 1
Note that the root account locks after four consecutive failed attempts and automatically unlocks after 10 minutes.
Firmware upgrade of BMC and CEC components using BMC can be performed from a remote server using the Redfish interface. The following table presents commands available for performing the upgrade:
No. |
Function |
Command |
Required for BMC/CEC Update |
Description |
1 |
Establish Redfish connection session |
Where:
|
BMC CEC |
Establish Redfish connection session |
2 |
Trigger a secure firmware update |
Where:
|
BMC CEC |
Triggers the secure update and starts tracking the secure update progress |
3 |
Track secure firmware update progress |
Find the current task ID in the response and use it for checking the progress:
Where:
|
BMC CEC |
Tracks the firmware update progress |
4 |
Reset/reboot a BMC |
Where:
|
BMC |
Resets/reboots the BMC |
5 |
Fetch running BMC firmware version |
For BlueField-3:
Where:
|
BMC |
Fetches the running firmware version from BMC |
For BlueField-2:
Fetch the current firmware ID and then perform:
Where:
|
||||
6 |
Fetch running CEC firmware version |
Where:
|
CEC |
Fetches the running firmware version from CEC |
BMC Update
After initiating the BMC secure update with the command #2 to from the previous table, a response similar to the following is received:
curl -k -H "X-Auth-Token: <token>" -H "Content-Type: application/octet-stream" -X POST -T <package_path> https://<bmc_ip>/redfish/v1/UpdateService
{
"@odata.id": "/redfish/v1/TaskService/Tasks/0",
"@odata.type": "#Task.v1_4_3.Task",
"Id": "0",
"TaskState": "Running"
}
Command #3 from the previous table can be used to track secure firmware update progress. For instance:
curl -k -H "X-Auth-Token: <token>" -X GET https://<bmc_ip>/redfish/v1/TaskService/Tasks/0 | jq -r ' .PercentComplete'
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed
100 2123 100 2123 0 0 38600 0 --:--:-- --:--:-- --:--:-- 37910
20
Command #3 is used to verify the task has completed because during the update procedure the reboot option is disabled. When "PercentComplete" reaches 100, command #4 is used to reboot the BMC. For example:
curl -k -H "X-Auth-Token: <token>" -X GET https://<bmc_ip>/redfish/v1/TaskService/Tasks/0 | jq -r ' .PercentComplete'
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed
100 3822 100 3822 0 0 81319 0 --:--:-- --:--:-- --:--:-- 81319
100
curl -k -H "X-Auth-Token: <token>" -H "Content-Type: application/octet-stream" -X POST -d '{"ResetType": "GracefulRestart"}' https://<bmc_ip>/redfish/v1/Managers/Bluefield_BMC/Actions/Manager.Reset
{
"@Message.ExtendedInfo": [
{
"@odata.type": "#Message.v1_1_1.Message",
"Message": "The request completed successfully.",
"MessageArgs": [],
"MessageId": "Base.1.13.0.Success",
"MessageSeverity": "OK",
"Resolution": "None"
}
]
}
Command #5 can be used to verify the current BMC firmware version after reboot:
For BlueField-3:
curl -k -H "X-Auth-Token: <token>" -X GET https://<bmc_ip>/redfish/v1/UpdateService/FirmwareInventory/BMC_Firmware | jq -r ' .Version' % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 513 100 513 0 0 9679 0 --:--:-- --:--:-- --:--:-- 9679
For BlueField-2:
Fetch the firmware ID from FirmwareInventory:
curl -k -H "X-Auth-Token: <token>" -X GET https:/<bmc_ip>/redfish/v1/UpdateService/FirmwareInventory/ { "@odata.id": "/redfish/v1/UpdateService/FirmwareInventory", "@odata.type": "#SoftwareInventoryCollection.SoftwareInventoryCollection", "Members": [ { "@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/8c8549f3_BMC_Firmware" …
Use command #5 with the fetched firmware ID in the previous step:
curl -k -H "X-Auth-Token: <token>" -X GET https:/<bmc_ip>/redfish/v1/UpdateService/FirmwareInventory/8c8549f3_BMC_Firmware | jq -r ' .Version' % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 471 100 471 0 0 622 0 --:--:-- --:--:-- --:--:-- 621 bmc-23.04
CEC Update
After initiating the BMC secure update with the command #2 to from the previous table, a response similar to the following is received:
curl -k -H "X-Auth-Token: <token>" -H "Content-Type: application/octet-stream" -X POST -T <package_path> https://<bmc_ip>/redfish/v1/UpdateService
{
"@odata.id": "/redfish/v1/TaskService/Tasks/0",
"@odata.type": "#Task.v1_4_3.Task",
"Id": "0",
"TaskState": "Running"
}
Command #3 can be used to track the progress of the CEC firmware update. For example:
curl -k -H "X-Auth-Token: <token>" -X GET https://<bmc_ip>/redfish/v1/TaskService/Tasks/0 | jq -r ' .PercentComplete'
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed
100 2123 100 2123 0 0 38600 0 --:--:-- --:--:-- --:--:-- 37910
100
After the CEC secure update operation is complete, a power cycle or cold reset of the BlueField-3 DPU must be manually triggered to apply the changes once the update is finished.
Command #6 can be used to verify the current CEC firmware version after reboot:
curl -k -H "X-Auth-Token: <token>" -X GET https://<bmc_ip>/redfish/v1/UpdateService/FirmwareInventory/Bluefield_FW_ERoT | jq -r ' .Version'
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 421 100 421 0 0 1172 0 --:--:-- --:--:-- --:--:-- 1172
19-4
Redfish triggers allow the user to get a journal message when a certain metric crosses a defined threshold for a defined time:
The trigger threshold can only be a numeric threshold
The trigger thresholds are unrelated to the sensor thresholds
The maximum number of triggers allowed in the system is 10
For more details, refer to Redfish Resource and Schema Guide.
No. |
Function |
Command |
Description |
1 |
Add a numeric trigger |
|
Adds a numeric trigger to the BMC |
2 |
Delete a trigger |
|
Deletes a trigger |