In this article, we will install a remote server via a serial port by enabling the BIOS Console Redirection option. This will allow us to see the BIOS boot in ASCII via the serial port, so we can perform remote installations without KVM as long as we have a second device with access to the serial ports of the other servers.
The server in question is a very old IBM system:
IBM System x3250
Type: 4364
Model: 42G
The specifications are as follows:
CPU:
hw.model: Intel(R) Xeon(R) CPU 3040 @ 1.86GHz
hw.machine: amd64
hw.ncpu: 2
RAM:
4Gb DDR2
DISK:
ATA Hitachi HDS72161 ABCA 150Gb
This model supports IPMI-1.5, which allows us to perform certain tasks remotely. It also supports the installation of a management card: Remote Supervisor Adapter II SlimLine, which provides us with KVM and SOL access, but in my case, I don’t have that hardware.
If we physically see the server, we will notice that it has an RJ45 connector called MGMT, which would be the connector used by the Remote Supervisor Adapter II SlimLine where we would have KVM and SOL.
An advantage of KVM is that we can stream installation ISOs, while with IPMI-1.5 and access to the serial port, we cannot. But we can leave a USB permanently connected to the server, install the OS, dump another image on the USB, and repeat the process.
To access the server via the serial port, we must configure the Remote Console to the serial port from the BIOS:
Devices and I/O ports -> Remote Console Redirection -> Remote Console Serial Port: Serial Port 1
Remote Console Serial Port: Serial Port 1
Baud Rate: 9600
Console Type: VT100 8bit
Flow Control: None
Console Connection: Direct
Continue C.R. after: On
We save and restart, now on the computer with access to the server’s serial port, we can see the boot:
*** NOTE: *** Be careful not to leave several screen sessions open against the serial port, as this will cause garbage/random output.
We can access the BIOS parameters:
If we access the serial port redirection configuration, we can see the RSA II option, this option would enable SOL if the Remote Supervisor Adapter II SlimLine module is available.
To enable SOL, we should switch from Serial Port 1 to Serial Port 2 (RSA II):
We enable IPMI, which will work through the server’s first network card, meaning that this interface will also serve as a regular network card as well as IPMI.
It is recommended to have a VLAN for administrative traffic, therefore we have two options:
- Use the interface only for IPMI, where we must configure the switch port in access mode and the management VLAN as native.
- Use the interface for both IPMI and regular use, where we must configure the switch port in hybrid mode, the management VLAN as native, and in the OS tag all traffic with the data VLAN.
We proceed with the IPMI configuration:
Advanced Setup -> IPMI -> LAN Settings
If we need to change any parameter of the disk controller, we just need to press Ctrl+c:
The default FreeBSD installer is available both through the VGA output and the serial port output, but it is only the start menu. If we press ENTER, the installation will continue only through the VGA output. To perform the installation through the serial port, we must indicate some parameters:
Press 3: Escape to loader prompt
We indicate the parameters:
set boot_multicons=YES
set boot_serial=YES
set comconsole_speed=9600
set console=comconsole
boot
We will see the FreeBSD installer:
When we finish installing, we must prepare the OS to serve the output through the serial port:
echo ‘boot_serial="YES"’ » /boot/loader.conf
echo ‘comconsole_port="0x3f8"’ » /boot/loader.conf
echo ‘comconsole_speed="9600"’ » /boot/loader.conf
echo ‘console="comconsole"’ » /boot/loader.conf
If we restart, we will see the boot from the serial port:
We can check with Nmap that IPMI is listening:
Starting Nmap 7.92 ( https://nmap.org ) at 2021-09-29 17:43 CEST
mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using --system-dns or specify valid servers with --dns-servers
Nmap scan report for 10.69.69.69
Host is up (0.0044s latency).
PORT STATE SERVICE
623/udp open asf-rmcp
MAC Address: 00:1A:64:6D:E6:F9 (IBM
IPMI provides some interesting commands, for which we must access using a username and password, by default: USERID/PASSW0RD
Fan 1 Tach | 7800,000 | RPM | ok | na | 4950,000 | na | na | na | na
Fan 2 Tach | 8400,000 | RPM | ok | na | 4950,000 | na | na | na | na
Fan 3 Tach | 7950,000 | RPM | ok | na | 4950,000 | na | na | na | na
Fan 4 Tach | 7500,000 | RPM | ok | na | 4950,000 | na | na | na | na
Fan 5 Tach | 7650,000 | RPM | ok | na | 4950,000 | na | na | na | na
Sys Pwr Monitor | 0x0 | discrete | 0x0080| na | na | na | na | na | na
Watchdog | 0x0 | discrete | 0x0080| na | na | na | na | na | na
Planar 1.5V | 1,540 | Volts | ok | na | 1,350 | na | na | 1,810 | na
Planar 1.8V | 1,860 | Volts | ok | na | 1,630 | na | na | 2,140 | na
Planar 12V | 12,070 | Volts | ok | na | 10,579 | na | na | 13,348 | na
Planar 5V | 5,190 | Volts | ok | na | 4,380 | na | na | 5,580 | na
CPU Status | 0x0 | discrete | 0x0080| na | na | na | na | na | na
VRD Status | 0x0 | discrete | 0x0080| na | na | na | na | na | na
CPU Vtt | 1,240 | Volts | ok | na | 1,080 | na | na | 1,320 | na
NMI State | 0x0 | discrete | 0x0080| na | na | na | na | na | na
SEL Fullness | 4,000 | % messages | ok | na | na | na | 75,000 | 90,000 | 99,000
Planar 3.3V | 3,460 | Volts | ok | na | 2,960 | na | na | 3,620 | na
Login violation | 0x0 | discrete | 0x0080| na | na | na | na | na | na
Memory PFA | na | discrete | na | na | na | na | na | na | na
PEF Action | na | discrete | na | na | na | na | na | na | na
PCI Bus Fault | na | discrete | na | na | na | na | na | na | na
POST Firmware | na | discrete | na | na | na | na | na | na | na
Drive 0 Status | na | discrete | na | na | na | na | na | na | na
Drive 1 Status | na | discrete | na | na | na | na | na | na | na
Drive 2 Status | na | discrete | na | na | na | na | na | na | na
Drive 3 Status | na | discrete | na | na | na | na | na | na | na
RSA II Detect | 0x0 | discrete | 0x0080| na | na | na | na | na | na
Ambient Temp | 32,000 | degrees C | ok | na | na | na | 55,000 | na | 65,000
CPU Temp | 25,000 | degrees C | ok | na | na | na | 85,000 | na | 95,000
CPU VCore | 1,158 | Volts | ok | na | 0,702 | na | na | 1,603 | na
CPU OverTemp | na | discrete | na | na | na | na | na | na | na
We can also restart the server:
IPMI supports many commands, we can see the list and its description in the man.
As we see, it seems that IPMI-1.5 supports SOL:
isol Configure and connect Intel IPMIv1.5 Serial-over-LAN
But I suppose that only if we have the Remote Supervisor Adapter II SlimLine board installed, in my case the command throws the following error:
IPMI v1.5 Serial Over Lan (ISOL) not supported!
From the server itself, we can also access IPMI, we load the kernel module:
We make sure that in future OS startups it does so autonomously:
kld_list="ipmi"
As an example, we can check the available users:
ID Name Callin Link Auth IPMI Msg Channel Priv Limit
1 true false true USER
2 USERID true false true ADMINISTRATOR
3 false false false NO ACCESS
4 false false false NO ACCESS
IPMI is not a very reliable system, it tends to hang without any reason after a while, so before performing any dangerous task on the server, we must make sure we have access to it, the best way is to restart it:
Sent cold reset command to MC
I would even venture to recommend a daily restart from Cron.
As a final summary, we have obtained a way to restart the server remotely and see the BIOS/SO output through the serial port, the combination of IPMI/serial port does not reach the level of a KVM but can be useful in certain environments.