Latest RHEL 8.2 ipmitool is incompatible with some server platforms
Environment
- Red Hat OpenStack Platform 16.1
- ipmitool-1.8.18-14.el8.x86_64
Issue
- Ironic is no longer able to manage Cisco UCS servers after upgrade
- ipmitool-1.8.18-14 switched to different default Cipher Suite
-
ipmitool fails to communicate with baremetal node:
$ ipmitool -I lanplus -H 192.168.1.1 -P "${IPMI_PASS}" -U "${IPMI_USER}" power status Set Session Privilege Level to ADMINISTRATOR failed Error: Unable to establish IPMI v2 / RMCP+ session Close Session command failed
Resolution
- To solve this problem, update your baseboard management controller (
BMC
) firmware to use theCipher Suite 17
. - Optionally, if the
BMC
firmware update is not available, you can work around this problem by forcingipmitool
to use a certain cipher suite. When invoking a managing task withipmitool
, add the-C
option to theipmitool
command together with the number of the cipher suite you want to use. See the following example:
# ipmitool -I lanplus -H myserver.example.com -P mypass -C 3 chassis power status
- Ironic developers added a workaround (available since
RHOSP 16.1.4
): it is now possible to specifyipmi_cipher_suite
for specific baremetal node. Please take a look at appropriate change to find out more: https://review.opendev.org/c/openstack/ironic/+/752710/1/doc/source/admin/drivers/ipmitool.rst#191
Root Cause
The current version of ipmitool
uses Cipher Suite 17
by default instead of the previous Cipher Suite 3
. Consequently, ipmitool
fails to communicate with certain bare metal nodes that announced support for Cipher Suite 17
during negotiation, but do not actually support this cipher suite. As a result, ipmitool
aborts with the no matching cipher suite
error message.
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments