How To
Summary
The IBM Power HMC, model 7063-CR2, is an OpenBMC-based management console that requires the user to configure HMC-to-BMC Inband Communications Credentials to allow for periodic monitoring of hardware problem events and other management console functions.
A new task under HMC Settings, called Console Inband Communications Credentials was created to set or maintain the credentials.
Objective
Environment
Steps
Overview
In order for the HMC to self-monitor for problem reporting it must be able to communicate with the BMC to, among other things, poll for platform events. For general information on how to configure the BMC on the 7063-CR2 HMC, see "How to configure the BMC on HMC 7063-CR2".
To communicate with OpenBMC, two things are needed:
- An inband or "pass-through" interface for the OS to reach the BMC (to talk)
- Administrator privilege credentials with which to access OpenBMC (to query and retrieve events)
Inband communication interfaces
The 7063-CR2 HMC uses an usb0-to-usb0 model of communication. There is an usb0 interface on the HMC OS, and an usb0 interface on the BMC. The two use a pre-defined set of IPs. The two interfaces are pre-configured, no user intervention is needed for this step.
- BMC usb0 IP: 169.254.95.120
- HMC usb0 IP: 169.254.95.121
Administrator privilege credentials
The administrator privilege credentials are necessary for the HMC to communicate with the API of the BMC.
The default administrator privilege credentials for the BMC are:
- Username: root
- Password: 0penBmc (zero for the O)
NOTE: The default password auto-expires on the first access by the user, and must be changed. It is recommended that a local user, other than root, is configured with administrator privilege, and be used for console inband communications. See article "How to add a user to the BMC on the 7063-CR2 HMC" for detailed steps.
V9R2 - C10R3 105x
Console Inband Communication Credentials Notifications
Once the HMC has booted, a periodic pop-up event is displayed (after 20 minutes), to remind the user to set the inband credentials, unless the user has previously set them. If any users are accessing a shell (ssh or rshterm), they will also receive a "wall" message. The notifications repeat every 24 hrs while the credentials are not set.
Pop-up message text:
Update HMC to inband BMC credentials
HMC to inband BMC credential has not been set. Please supply administrator level username and password.
Pop-up message image:
NOTE: If the HMC is rebooted, the notifications start again, 20 minutes following the boot and continue their 24-hour cadence from there.
E3551232
In addition to the pop-up and wall messages, a serviceable event (E3551232) is logged. This serviceable event does not repeat if it is still in the open state on the next notification cycle and the credentials are still not set.
How to configure the Console Inband Communication Credentials?
1. Select a local user on the BMC with administrator privilege.
NOTE: Optional but recommended, create a new local user on the BMC (other than root), with administrator privilege. See article "How to add a user to the BMC on the 7063-CR2 HMC" for detailed steps.
2. On the HMC, select Console Settings -> Console Inband Communication Credentials
For HMC v10r2.1030 - v10r2.105x, select HMC Management -> Inband BMC credentials
3. When the task loads, it checks if current credentials exist, and validates them.
The user is informed if the currently set credentials are valid, failed, not set, or expired.
There are two types of credentials-related tasks available, Set Credentials or Change Expired Password.
The default task is Set Credentials, unless the previously provided password is expired, in which case it loads in the Change Expired Password task.
NOTE: The Change Expired Password task, cannot be selected by the user, it is only available when the previously provided password has expired. This scenario can be common on first time setups when the user has yet to configure the BMC and the default credentials of root/0penBMC are still in place.
4. If the current credentials are valid, there is nothing else to do, click Close on the message panel, and then click Close to end the task.
5. If the current credentials are in failed authentication state, or are not set then update the credentials by providing a valid username and password and clicking on the Set Credentials button. Otherwise, continue on step 7.
6. If the credentials are accepted, click Close on the message panel, and then click Close on the main panel to end the task.
7. If the credentials are expired, clicking on Close on the message panel.
8. The main panel switches to the Change Expired Password task.
Provide a new password (twice to confirm), to update the new password for the user, on the BMC. Click Change Expired Password.
9. If the passwords match and conform to the rules, the Password changed message is displayed. Click Close on the message panel.
10. Click Close on the main panel to end the task.
V10R3 1060 and newer
Console Inband Communication Credentials Notifications
Once the HMC has booted, a periodic pop-up event is displayed (after 20 minutes), to remind the user to set the inband credentials, unless the user has previously set them. If any users are accessing a shell (ssh or rshterm), they will also receive a "wall" message. The notifications repeat every 24 hrs while the credentials are not set.
Pop-up message text:
Update HMC to inband BMC credentials
HMC to inband BMC credential has not been set. Please supply administrator level username and password.
Pop-up message image:
NOTE: If the HMC is rebooted, the notifications start again after 20 minutes following the boot and continue their 24-hour cadence from there.
The Notifications section of the user interface is also updated:
E3551232
In addition to the pop-up and wall messages, a serviceable event (E3551232) is logged. This serviceable event does not repeat if it is still in the open state on the next notification cycle and the credentials are still not set.
How to configure the Console Inband Communication Credentials?
1. Select a local user on the BMC with administrator privilege.
NOTE: Optional but recommended, create a new local user on the BMC (other than root), with administrator privilege. See article "How to add a user to the BMC on the 7063-CR2 HMC" for detailed steps.
2. On the HMC, click HMC Management -> BMC Settings and locate the section Inband Credentials
3. The current credentials are verified and the user is informed if they are Valid, Failed, Not set, or Expired as follows:
Example of message displayed when credentials are not set:
Example of message displayed when credentials are valid:
Example of message displayed when credentials failed authentication
Example of message displayed when credentials are expired:
4. If the inband credentials are Not set, or Failed Authentication, provide a username and password for a valid administrator-level user on the HMC's BMC, and click Save
5. If the inband credentials are Expired, then, in addition to the error, a New password, and Confirm password fields are displayed. Provide a new valid password, and click Save
NOTE: The new password should be 8 - 20 characters long, contain at least one digit and one capital letter. It cannot contain spaces, and it cannot be simplistic (that is, simple words or consecutive number sequences).
How to configure the Inband BMC Communications Credentials using the Command Line
The chhmc command can be used to set the inband communication credentials or to update an expired password. Check the chhmc manpage for details.
Example of failed authentication when providing invalid credentials via chhmc
Example of expired inband BMC credentials (expired password)
Example of providing a new password (due to expiration) for the inband BMC credentials. Note the first attempt with empty password parameter, failed. The password must be provided in the command.
Additional Information
Was this topic helpful?
Document Information
Modified date:
27 June 2024
UID
ibm16454865