Loading...

XML

Word

Printable

Type: Bug
Resolution: Not a Bug
Priority: Minor
Fix Version/s: None
Affects Version/s: rhel-8.2.0
Component/s: ipmitool
Labels:
- MigratedToJIRA
- Triaged

Regression:
None
Severity:
Low

Pool Team:

rhel-sst-cs-system-management
Sub-System Group:

ssg_core_services

Story Points:
None
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
None
Sprint:
None

Preliminary Testing:
None
Test Coverage:
None

Release Note Type:
Known Issue
Release Note Text:

Hide
.`ipmitool` is incompatible with certain server platforms

The `ipmitool` utility serves for monitoring, configuring, and managing devices that support the Intelligent Platform Management Interface (IPMI). The current version of `ipmitool` uses Cipher Suite 17 by default instead of the previous Cipher Suite 3. Consequently, `ipmitool` fails to communicate with certain bare metal nodes that announced support for Cipher Suite 17 during negotiation, but do not actually support this cipher suite. As a result, `ipmitool` aborts with the `no matching cipher suite` error message.

For more details, see the related link:https://access.redhat.com/solutions/5931381[Knowledgebase article].

To solve this problem, update your baseboard management controller (BMC) firmware to use the Cipher Suite 17.

Optionally, if the BMC firmware update is not available, you can work around this problem by forcing `ipmitool` to use a certain cipher suite. When invoking a managing task with `ipmitool`, add the `-C` option to the `ipmitool` command together with the _number_ of the cipher suite you want to use. See the following example:
-----
# ipmitool -I lanplus -H myserver.example.com -P mypass -C 3 chassis power status
-----

Show
.`ipmitool` is incompatible with certain server platforms The `ipmitool` utility serves for monitoring, configuring, and managing devices that support the Intelligent Platform Management Interface (IPMI). The current version of `ipmitool` uses Cipher Suite 17 by default instead of the previous Cipher Suite 3. Consequently, `ipmitool` fails to communicate with certain bare metal nodes that announced support for Cipher Suite 17 during negotiation, but do not actually support this cipher suite. As a result, `ipmitool` aborts with the `no matching cipher suite` error message. For more details, see the related link: https://access.redhat.com/solutions/5931381 [Knowledgebase article]. To solve this problem, update your baseboard management controller (BMC) firmware to use the Cipher Suite 17. Optionally, if the BMC firmware update is not available, you can work around this problem by forcing `ipmitool` to use a certain cipher suite. When invoking a managing task with `ipmitool`, add the `-C` option to the `ipmitool` command together with the _number_ of the cipher suite you want to use. See the following example: ----- # ipmitool -I lanplus -H myserver.example.com -P mypass -C 3 chassis power status -----
Release Note Status:
Done

Experience:
Architecture:

Unspecified
Bugzilla Bug:
RHBZ: 1873614

PX Impact Score:
PX Technical Impact:
PX Priority Data:
PX Review Complete:
SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

Description of problem:
When using lanplus and forcing the cipher to be used we found that some nodes do not support Cipher Suite 17 in lanplus mode. It seems like in 16.0/8.1 the ipmitool version defaulted to C 3 but in 16.1/8.2 its defaulting to 17. In the previous examples you can see I was using -l lan and not lanplus.

Version-Release number of selected component (if applicable):
ipmitool-1.8.18-14.el8.x86_64

How reproducible:
Everytime

Steps to Reproduce:
1. Try to inspect a node or run the correct ipmitool command

Actual results:
Fails

Expected results:
Inspection successful

Additional info:

I peeled two from an existing OSP13 cluster to prep wider deployment. The two nodes import perfectly fine in 16.0 running on the same networks, but it fails in 16.1

external trackers

PnT-DevOps Jira RHELPLAN-52450

Red Hat Customer Portal 02721823

Red Hat Customer Portal 02755612

Red Hat Customer Portal 02771764

Red Hat Issue Tracker RHELPLAN-52450

Red Hat Knowledge Base (Solution) 5931381

(1 external trackers)