Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Not a Bug
Priority: Minor
Fix Version/s: None
Affects Version/s: rhel-8.2.0
Component/s: ipmitool
Labels:
- MigratedToJIRA
- Triaged

Severity:
Minor

Pool Team:

sst_cs_system_management
Sub-System Group:

ssg_core_services

Blocked:
False
Blocked Reason:

Hide

None

Show
None

Release Note Type:
Known Issue
Release Note Text:

Hide
.`ipmitool` is incompatible with certain server platforms

The `ipmitool` utility serves for monitoring, configuring, and managing devices that support the Intelligent Platform Management Interface (IPMI). The current version of `ipmitool` uses Cipher Suite 17 by default instead of the previous Cipher Suite 3. Consequently, `ipmitool` fails to communicate with certain bare metal nodes that announced support for Cipher Suite 17 during negotiation, but do not actually support this cipher suite. As a result, `ipmitool` aborts with the `no matching cipher suite` error message.

For more details, see the related link:https://access.redhat.com/solutions/5931381[Knowledgebase article].

To solve this problem, update your baseboard management controller (BMC) firmware to use the Cipher Suite 17.

Optionally, if the BMC firmware update is not available, you can work around this problem by forcing `ipmitool` to use a certain cipher suite. When invoking a managing task with `ipmitool`, add the `-C` option to the `ipmitool` command together with the _number_ of the cipher suite you want to use. See the following example:
-----
# ipmitool -I lanplus -H myserver.example.com -P mypass -C 3 chassis power status
-----

Show
.`ipmitool` is incompatible with certain server platforms The `ipmitool` utility serves for monitoring, configuring, and managing devices that support the Intelligent Platform Management Interface (IPMI). The current version of `ipmitool` uses Cipher Suite 17 by default instead of the previous Cipher Suite 3. Consequently, `ipmitool` fails to communicate with certain bare metal nodes that announced support for Cipher Suite 17 during negotiation, but do not actually support this cipher suite. As a result, `ipmitool` aborts with the `no matching cipher suite` error message. For more details, see the related link: https://access.redhat.com/solutions/5931381 [Knowledgebase article]. To solve this problem, update your baseboard management controller (BMC) firmware to use the Cipher Suite 17. Optionally, if the BMC firmware update is not available, you can work around this problem by forcing `ipmitool` to use a certain cipher suite. When invoking a managing task with `ipmitool`, add the `-C` option to the `ipmitool` command together with the _number_ of the cipher suite you want to use. See the following example: ----- # ipmitool -I lanplus -H myserver.example.com -P mypass -C 3 chassis power status -----
Release Note Status:
Done

Architecture:

Unspecified
Bugzilla Bug:
RHBZ: 1873614

SFDC Cases Counter:
SFDC Cases Links:

Description

Description of problem:
When using lanplus and forcing the cipher to be used we found that some nodes do not support Cipher Suite 17 in lanplus mode. It seems like in 16.0/8.1 the ipmitool version defaulted to C 3 but in 16.1/8.2 its defaulting to 17. In the previous examples you can see I was using -l lan and not lanplus.

Version-Release number of selected component (if applicable):
ipmitool-1.8.18-14.el8.x86_64

How reproducible:
Everytime

Steps to Reproduce:
1. Try to inspect a node or run the correct ipmitool command

Actual results:
Fails

Expected results:
Inspection successful

Additional info:

I peeled two from an existing OSP13 cluster to prep wider deployment. The two nodes import perfectly fine in 16.0 running on the same networks, but it fails in 16.1