Latest RHEL 8.2 ipmitool is incompatible with some server platforms

Solution Verified - Updated -

Environment

  • Red Hat OpenStack Platform 16.1
  • ipmitool-1.8.18-14.el8.x86_64

Issue

  • Ironic is no longer able to manage Cisco UCS servers after upgrade
  • ipmitool-1.8.18-14 switched to different default Cipher Suite

  • ipmitool fails to communicate with baremetal node:

    $ ipmitool -I lanplus -H 192.168.1.1 -P "${IPMI_PASS}" -U "${IPMI_USER}" power status
Set Session Privilege Level to ADMINISTRATOR failed
Error: Unable to establish IPMI v2 / RMCP+ session
Close Session command failed

Resolution

  • To solve this problem, update your baseboard management controller (BMC) firmware to use the Cipher Suite 17.
  • Optionally, if the BMC firmware update is not available, you can work around this problem by forcing ipmitool to use a certain cipher suite. When invoking a managing task with ipmitool, add the -C option to the ipmitool command together with the number of the cipher suite you want to use. See the following example:
# ipmitool -I lanplus -H myserver.example.com -P mypass -C 3 chassis power status

Root Cause

The current version of ipmitool uses Cipher Suite 17 by default instead of the previous Cipher Suite 3. Consequently, ipmitool fails to communicate with certain bare metal nodes that announced support for Cipher Suite 17 during negotiation, but do not actually support this cipher suite. As a result, ipmitool aborts with the no matching cipher suite error message.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments