BMC Management

NVIDIA BMC is based on the OpenBMC open-software framework which builds a complete Linux image for a board management controller (BMC). It uses the Yocto project as the underlying building and distro generation framework.

The primary software components of BMC are the following:

  • U-boot bootloader

  • Linux kernel

  • OpenBMC distro

There is a software version for each of the BMC software components. You may retrieve this information by running the following for each component:

  • U-boot version – version command from the u-boot prompt

  • Linux version – uname -a command from the Linux prompt

  • OpenBMC version – cat /etc/os-release from the Linux prompt

  1. BMC starts booting through u-boot bootloader once the power supply is powered on.

  2. By default, the BMC automatically boots into Linux. To stop at the u-boot prompt, users must type the password 0penBmc (note the use of the digit zero in 0pen) within 5 seconds. To boot Linux from the u-boot prompt, type boot.

  3. The BMC provides indications of its status during its operation:

    Scenario

    Message

    At the beginning of the boot process of the u-boot

    Copy
    Copied!
                

    Nvidia Bluefield BMC U-BOOT starting

    At the beginning of the OS boot process

    Copy
    Copied!
                

    Nvidia Bluefield BMC Starting kernel ...

    At the login prompt

    Copy
    Copied!
                

    Nvidia Bluefield BMC OS is up and running

    Upon reboot or shutdown

    Copy
    Copied!
                

    Nvidia Bluefield BMC is shutting down

  4. The default password for the root user, to be typed in once Linux is booted, is 0penBmc.

    Important

    The default global password is set to expire upon first login. A new password must be configured according to the following policy:

    • Minimum length: 13

    • Minimum upper-case characters: 1

    • Minimum lower-case characters: 1

    • Minimum digits: 1

    Note that the root account locks after four consecutive failed attempts and automatically unlocks after 10 minutes.

The BlueField platform BMC uses Flattened Image Tree (FIT) format for its Linux kernel.

The output from u-boot's imls command shows the configurations within the FIT image. By default, u-boot has bootcmd_string=bootm 0x20070000 configured and there is no configuration ID used to boot configuration 1 or 2 of the FIT image. So, by default, the BlueField platform BMC boots using BlueField 1U Reference Platform DTB file.

To boot the BMC using the BlueField 2U Reference Platform DTB, do one of two things from the u-boot command line:

  • For a one-time boot of the platform, run:

    Copy
    Copied!
                

    bootm 0x20070000#conf@aspeed-bmc-mlx-bluewhale2u.dtb

  • For persistent boot of the 2U reference platform, modify the environmental variable bootcmd_string:

    Copy
    Copied!
                

    setenv bootcmd_string bootm 0x20070000#conf@aspeed-bmc-mlx-bluewhale2u.dtb saveenv boot

The supported user management commands are listed in the following table.

No.

Function

Command

1

List the users

Copy
Copied!
            

ipmitool user list [<channel number>]

For example:

Copy
Copied!
            

ipmitool user list 1

2

User creation

Copy
Copied!
            

ipmitool user set name <user id> <user name>

For example:

Copy
Copied!
            

ipmitool user set name 2 ADMIN

3

Set user password

Copy
Copied!
            

ipmitool user set password <user id> <password>

For example:

Copy
Copied!
            

ipmitool user set password 2 ADMIN123

Password policy:

  • Minimum length: 13

  • Minimum upper case characters: 1

  • Minimum lower case characters: 1

  • Minimum digits: 1

4

Enable user

Copy
Copied!
            

ipmitool user enable <user id>

For example:

Copy
Copied!
            

ipmitool user enable 2

5

Disable user

Copy
Copied!
            

ipmitool user disable <user id>

For example:

Copy
Copied!
            

ipmitool user disable 2

6

Set user privilege

Copy
Copied!
            

ipmitool user priv <user id> <privilege level(1-4)> [<channel number>]

Where "privilege level":

  • 1 – callback level

  • 2 – user level

  • 3 – operator level

  • 4 – administrator level

For example:

Copy
Copied!
            

ipmitool user priv 2 0x3 1

7

Enable remote IPMI command functionality for user

Copy
Copied!
            

ipmitool channel setaccess [<channel number>] <user id> ipmi = on| off

For example:

Copy
Copied!
            

ipmitool channel setaccess 1 2 ipmi=on

8

Lanplus commands to execute IPMI commands remotely for users with admin permissions

Copy
Copied!
            

ipmitool -C 17 -I lanplus -U <user> -P <password> -H <bmc_ip_address> <ipmi command>

For example:

Copy
Copied!
            

ipmitool -C 17 -I lanplus -U ADMIN -P ADMIN123 -H 10.10.10.10 user list 1

9

Lanplus commands to execute IPMI commands remotely for users with other than administrator roles

Copy
Copied!
            

ipmitool -C 17 -I lanplus -U <user> -P <password> -H <bmc_ip_address> -L <privilege (operator|user)> <ipmi command>

For example:

Copy
Copied!
            

ipmitool -C 17 -I lanplus -U operator1 -P operator123 -H 10.10.10.10 -L operator user list 1 ipmitool -C 17 -I lanplus -U user1 -P user123 -H 10.10.10.10 -L user chassis status

10

Delete user

Copy
Copied!
            

ipmitool user set name <user id> ""

For example:

Copy
Copied!
            

ipmitool user set name 2 ""

Warning

The BMC MAC address is derived from the DPU's base MAC with +2 offset. For example:

Base MAC

B8:CE:F6:F7:FF:8C

BMC MAC

B8:CE:F6:F7:FF:8E

BMC management network interface can be configured using IPMI. By default, BMC comes up with the DHCP network configuration.

Network configuration functions:

  • Setting DHCP/Static network mode configuration

  • Adding/setting IPv4/IPv6 configuration including IP address, gateway, netmask

  • Adding DNS servers

  • Adding NTP server

  • Setting BMC time with NTP server or system RTC

The following table lists the available network IPMI commands:

No.

Function

Command

Description

1

Change mode to Static

Copy
Copied!
            

ipmitool lan set 1 ipsrc <mode>

For example:

Copy
Copied!
            

ipmitool lan set 1 ipsrc static

Sets LAN channel 1 IP config mode to static which corresponds to network interface "eth0"

2

Change mode to DHCP

Copy
Copied!
            

ipmitool lan set 1 ipsrc <mode>

For example:

Copy
Copied!
            

ipmitool lan set 1 ipsrc dhcp

Sets LAN channel 1 IP config mode to DHCP which corresponds to the network interface "eth0"

3

Add IPv4 address

Copy
Copied!
            

ipmitool lan set 1 ipaddr <IP Address>

Copy
Copied!
            

ipmitool lan set 1 defgw ipaddr <IP Address>

Copy
Copied!
            

ipmitool lan set 1 netmask <Netmask>

Adds IPv4 address, default gateway, and netmask to the network interface "eth0"

4

Get IPv4 config

Copy
Copied!
            

ipmitool lan print 1

Gets IPv4 network config for channel 1 which corresponds to the network interface "eth0"

5

Set IPv6 address

Copy
Copied!
            

ipmitool lan6 set 1 nolock static_addr 0 enable <IPv6 address> 64

Adds IPv6 address to the network interface "eth0"

6

Get IPv6 config

Copy
Copied!
            

ipmitool lan6 print 1

Gets IPv6 network config for channel 1 which corresponds to the network interface "eth0"

7

Get DNS server

Copy
Copied!
            

ipmitool raw 0x32 0x6B

Output:

Copy
Copied!
            

0b 31 30 2e 31 35 2e 31 32 2e 36 37

Corresponds to: 10.15.12.67

Gets the DNS server

8

Add DNS server

Copy
Copied!
            

ipmitool raw 0x32 0x6C 0x0b 0x31 0x30 0x2e 0x31 0x35 0x2e 0x31 0x32 0x2e 0x36 0x37

Output:

Copy
Copied!
            

0x0b 0x31 0x30 0x2e 0x31 0x35 0x2e 0x31 0x32 0x2e 0x36 0x37

Corresponds to: 10.15.12.67

Adds the DNS server

9

Get NTP server

Copy
Copied!
            

ipmitool raw 0x32 0xA7

Output:

Copy
Copied!
            

01 11 31 2e 69 6e 2e 70 6f 6f 6c 2e 6e 74 70 2e 6f 72 67

Where:

  • 01 – NTP status enable/disable

  • 11 – NTP server length

  • 31 2e 69 6e 2e 70 6f 6f 6c 2e 6e 74 70 2e 6f 72 67 – NTP server address byte stream corresponds to 1.in.pool.ntp.org

Gets NTP server

10

Add NTP server

Copy
Copied!
            

ipmitool raw 0x32 0xA8 0x01 0x31 0x2e 0x69 0x6e 0x2e 0x70 0x6f 0x6f 0x6c 0x2e 0x6e 0x74 0x70 0x2e 0x6f 0x72 0x67

Where:

  • 31 2e 69 6e 2e 70 6f 6f 6c 2e 6e 74 70 2e 6f 72 67 – NTP server address byte stream corresponds to 1.in.pool.ntp.org

Adds NTP server

11

Enable time sync to NTP server

Copy
Copied!
            

ipmitool raw 0x32 0xA8 0x02 0x01

Where:

  • 0x01 – enable NTP

Enables NTP time sync

12

Enable time sync to system RTC

Copy
Copied!
            

ipmitool raw 0x32 0xA8 0x02 0x00

Where:

  • 0x00 – disable NTP

Disables NTP time sync

DPU reset and checking reset status can be performed from a remote server using the openbmctool.

No.

Function

Command

Description

1

Trigger soft reset to the DPU

Copy
Copied!
            

python3 openbmctool.py -H <ip_address> \ -U <username> \ -P <password> dpu_reset soft \ -t

Where:

  • -H – BMC IP

  • -U – username

  • -P – password

  • -t – wait till finish the reset with timeout

Triggers soft reset to the DPU

2

Track DPU reset status

Copy
Copied!
            

python3 openbmctool.py -H <ip_address> \ -U <username> \ -P <password> dpu_reset status

Where:

  • -H – BMC IP

  • -U – username

  • -P – password

Track the BMC-DPU reset status

Run the following IPMI command to factory reset the BMC configuration.

Copy
Copied!
            

ipmitool raw 0x32 0x66

After issuing the ipmitool raw command for factory reset, you must log into the BMC and reboot it for the factory reset to take effect.

Warning

If you have lost your BMC login credentials and cannot login, you may issue the following command from the BlueField Arm:

Copy
Copied!
            

ipmitool mc reset cold

Important

Factory reset also sets the global password for the root user back to its default (0penBmc). Upon first boot following factory reset, make sure to reconfigure the default global password to prevent potential malicious attackers from hacking your system.

Be sure to follow this password policy:

  • Minimum length: 13

  • Minimum upper case characters: 1

  • Minimum lower case characters: 1

  • Minimum digits: 1

Note that the root account locks after four consecutive failed attempts and automatically unlocks after 10 minutes.

Firmware upgrade of BMC and CEC components using BMC can be performed from a remote server using the Redfish interface. The following table presents commands available for performing the upgrade:

No.

Function

Command

Required for BMC/CEC Update

Description

1

Establish Redfish connection session

Copy
Copied!
            

export token=`curl -k -H "Content-Type: application/json" -X POST https://<bmc_ip>/login -d '{"username" : "root", "password" : "<password>"}' | grep token | awk '{print $2;}' | tr -d '"'`

Where:

  • bmc_ip – BMC IP address

  • password – Password of root account

BMC

CEC

Establish Redfish connection session

2

Trigger a secure firmware update

Copy
Copied!
            

curl -k -H "X-Auth-Token: <token>" -H "Content-Type: application/octet-stream" -X POST -T <package_path> https://<bmc_ip>/redfish/v1/UpdateService

Where:

  • bmc_ip – BMC IP address

  • token – session token received when establishing connection

  • package_path – firmware update package path

BMC

CEC

Triggers the secure update and starts tracking the secure update progress

3

Track secure firmware update progress

Copy
Copied!
            

curl -k -H "X-Auth-Token: <token>" -X GET https://<bmc_ip>/redfish/v1/TaskService/Tasks

Find the current task ID in the response and use it for checking the progress:

Copy
Copied!
            

curl -k -H "X-Auth-Token: <token>" -X GET https://<bmc_ip>/redfish/v1/TaskService/Tasks/<task_id> | jq -r ' .PercentComplete'

Where:

  • bmc_ip – BMC IP address

  • token – session token received when establishing connection

  • task_id – Task ID

BMC

CEC

Tracks the firmware update progress

4

Reset/reboot a BMC

Copy
Copied!
            

curl -k -H "X-Auth-Token: <token>" -H "Content-Type: application/json" -X POST -d '{"ResetType": "GracefulRestart"}' https://<bmc_ip>/redfish/v1/Managers/Bluefield_BMC/Actions/Manager.Reset

Where:

  • bmc_ip – BMC IP address

  • token – session token received when establishing connection

BMC

Resets/reboots the BMC

5

Fetch running BMC firmware version

For BlueField-3:

Copy
Copied!
            

curl -k -H "X-Auth-Token: <token>" -X GET https://<bmc_ip>/redfish/v1/UpdateService/FirmwareInventory/BMC_Firmware | jq -r ' .Version'

Where:

  • bmc_ip – BMC IP address

  • token – session token received when establishing connection

BMC

Fetches the running firmware version from BMC

For BlueField-2:

Copy
Copied!
            

curl -k -H "X-Auth-Token: <token>" -X GET https://<bmc_ip>/redfish/v1/UpdateService/FirmwareInventory

Fetch the current firmware ID and then perform:

Copy
Copied!
            

curl -k -H "X-Auth-Token: <token>" -X GET https://<bmc_ip>/redfish/v1/UpdateService/FirmwareInventory/<firmware_id>_BMC_Firmware | jq -r ' .Version'

Where:

  • bmc_ip – BMC IP address

  • token – session token received when establishing connection

6

Fetch running CEC firmware version

Copy
Copied!
            

curl -k -H "X-Auth-Token: <token>" -X GET https://<bmc_ip>/redfish/v1/UpdateService/FirmwareInventory/Bluefield_FW_ERoT | jq -r ' .Version'

Where:

  • bmc_ip – BMC IP address

  • token – session token received when establishing connection

CEC

Fetches the running firmware version from CEC

BMC Update

After initiating the BMC secure update with the command #2 to from the previous table, a response similar to the following is received:

Copy
Copied!
            

curl -k -H "X-Auth-Token: <token>" -H "Content-Type: application/octet-stream" -X POST -T <package_path> https://<bmc_ip>/redfish/v1/UpdateService   { "@odata.id": "/redfish/v1/TaskService/Tasks/0", "@odata.type": "#Task.v1_4_3.Task", "Id": "0", "TaskState": "Running" }

Command #3 from the previous table can be used to track secure firmware update progress. For instance:

Copy
Copied!
            

curl -k -H "X-Auth-Token: <token>" -X GET https://<bmc_ip>/redfish/v1/TaskService/Tasks/0 | jq -r ' .PercentComplete'   % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 2123 100 2123 0 0 38600 0 --:--:-- --:--:-- --:--:-- 37910 20

Command #3 is used to verify the task has completed because during the update procedure the reboot option is disabled. When "PercentComplete" reaches 100, command #4 is used to reboot the BMC. For example:

Copy
Copied!
            

curl -k -H "X-Auth-Token: <token>" -X GET https://<bmc_ip>/redfish/v1/TaskService/Tasks/0 | jq -r ' .PercentComplete' % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 3822 100 3822 0 0 81319 0 --:--:-- --:--:-- --:--:-- 81319 100   curl -k -H "X-Auth-Token: <token>" -H "Content-Type: application/octet-stream" -X POST -d '{"ResetType": "GracefulRestart"}' https://<bmc_ip>/redfish/v1/Managers/Bluefield_BMC/Actions/Manager.Reset { "@Message.ExtendedInfo": [ { "@odata.type": "#Message.v1_1_1.Message", "Message": "The request completed successfully.", "MessageArgs": [], "MessageId": "Base.1.13.0.Success", "MessageSeverity": "OK", "Resolution": "None" } ] }

Command #5 can be used to verify the current BMC firmware version after reboot:

  • For BlueField-3:

    Copy
    Copied!
                

    curl -k -H "X-Auth-Token: <token>" -X GET https://<bmc_ip>/redfish/v1/UpdateService/FirmwareInventory/BMC_Firmware | jq -r ' .Version'   % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 513 100 513 0 0 9679 0 --:--:-- --:--:-- --:--:-- 9679

  • For BlueField-2:

    1. Fetch the firmware ID from FirmwareInventory:

      Copy
      Copied!
                  

      curl -k -H "X-Auth-Token: <token>" -X GET https:/<bmc_ip>/redfish/v1/UpdateService/FirmwareInventory/ { "@odata.id": "/redfish/v1/UpdateService/FirmwareInventory", "@odata.type": "#SoftwareInventoryCollection.SoftwareInventoryCollection", "Members": [ { "@odata.id": "/redfish/v1/UpdateService/FirmwareInventory/8c8549f3_BMC_Firmware" …

    2. Use command #5 with the fetched firmware ID in the previous step:

      Copy
      Copied!
                  

      curl -k -H "X-Auth-Token: <token>" -X GET https:/<bmc_ip>/redfish/v1/UpdateService/FirmwareInventory/8c8549f3_BMC_Firmware | jq -r ' .Version'   % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 471 100 471 0 0 622 0 --:--:-- --:--:-- --:--:-- 621 bmc-23.04

CEC Update

After initiating the BMC secure update with the command #2 to from the previous table, a response similar to the following is received:

Copy
Copied!
            

curl -k -H "X-Auth-Token: <token>" -H "Content-Type: application/octet-stream" -X POST -T <package_path> https://<bmc_ip>/redfish/v1/UpdateService { "@odata.id": "/redfish/v1/TaskService/Tasks/0", "@odata.type": "#Task.v1_4_3.Task", "Id": "0", "TaskState": "Running" }

Command #3 can be used to track the progress of the CEC firmware update. For example:

Copy
Copied!
            

curl -k -H "X-Auth-Token: <token>" -X GET https://<bmc_ip>/redfish/v1/TaskService/Tasks/0 | jq -r ' .PercentComplete' % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 2123 100 2123 0 0 38600 0 --:--:-- --:--:-- --:--:-- 37910 100

After the CEC secure update operation is complete, a power cycle or cold reset of the BlueField-3 DPU must be manually triggered to apply the changes once the update is finished.

Command #6 can be used to verify the current CEC firmware version after reboot:

Copy
Copied!
            

curl -k -H "X-Auth-Token: <token>" -X GET https://<bmc_ip>/redfish/v1/UpdateService/FirmwareInventory/Bluefield_FW_ERoT | jq -r ' .Version'   % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 421 100 421 0 0 1172 0 --:--:-- --:--:-- --:--:-- 1172 19-4

Redfish triggers allow the user to get a journal message when a certain metric crosses a defined threshold for a defined time:

  • The trigger threshold can only be a numeric threshold

  • The trigger thresholds are unrelated to the sensor thresholds

  • The maximum number of triggers allowed in the system is 10

For more details, refer to Redfish Resource and Schema Guide.

No.

Function

Command

Description

1

Add a numeric trigger

Copy
Copied!
            

curl -k -H "X-Auth-Token: $token" -H "Content-Type: application/json" -X POST https://${bmc}/redfish/v1/TelemetryService/Triggers/ -d '{"Id":"< >","Name":"<>","MetricType":"<>","TriggerActions":["<>"],"NumericThresholds":{"<>":{"Activation":"<>","DwellTime":"<>","Reading":<>}},"MetricProperties":["<>"]}'

Adds a numeric trigger to the BMC

2

Delete a trigger

Copy
Copied!
            

curl -k -H "X-Auth-Token: $token" -H "Content-Type: application/json" -X DELETE https://${bmc}/redfish/v1/TelemetryService/Triggers/<Trigger name>

Deletes a trigger

© Copyright 2023, NVIDIA. Last updated on Jan 2, 2024.