Skip to content

IPMI commands failing on Cisco UCS servers after upgrade to 1.8.19 #376

Open
linuxtek-canada opened this issue Nov 4, 2022 · 1 comment
Open

IPMI commands failing on Cisco UCS servers after upgrade to 1.8.19 #376

linuxtek-canada opened this issue Nov 4, 2022 · 1 comment
Assignees
@AlexanderAmelkin

Comments

@linuxtek-canada
Copy link

Describe the bug
After upgrading to 1.8.19, IPMI commands using ipmitool fail against Cisco Unified Computing System (UCS) servers.

IPMITOOL Version
Testing on Mac OS 13.0 (Ventura)

$ ipmitool -V
ipmitool version 1.8.19

To Reproduce

Steps to reproduce the behaviour:

  1. Test the following command on a Cisco UCS server against ipmitool 1.8.18 and observe the response:
$ ipmitool -I lanplus -H <hostname> -U <username> -P <password> chassis power status
Chassis Power is on
  1. Upgrade ipmitool to 1.8.19 and re-test the same command, and observe the error:
$ ipmitool -I lanplus -H <hostname> -U <username> -P <password> chassis power status
Set Session Privilege Level to ADMINISTRATOR failed
Error: Unable to establish IPMI v2 / RMCP+ session
Close Session command failed

Expected behaviour
The command runs successfully.

Additional context

  • From testing against SuperMicro type servers, 1.8.19 does not have this issue. It only appears to affect Cisco UCS servers.

  • Running the same command with verbose logging shows the "best available cipher suite" is 3:

$ ipmitool -v -I lanplus -H <hostname> -U <username>  -P <password> chassis power status
Loading IANA PEN Registry...
Using best available cipher suite 3

Set Session Privilege Level to ADMINISTRATOR failed
Error: Unable to establish IPMI v2 / RMCP+ session
Close Session command failed

This is confusing, because the command does work on 1.8.19 when explicitly setting the cipher suite to 3. From troubleshooting, we were able to work around this issue by setting this. For example:

$ ipmitool -I lanplus -C 3 -H <hostname> -U <username>  -P <password> chassis power status
Chassis Power is on
  • From reviewing changes in 1.8.19, this PR may be related.
@AlexanderAmelkin
Copy link
Contributor

Unfortunately, I don't have any hardware that supports cipher suite 3, so I can't test it. However, I will gladly accept a PR that fixes this. In the meantime, I will try to statically analyze why it works with explicit -C 3 and doesn't work automatically.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@AlexanderAmelkin AlexanderAmelkin

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@AlexanderAmelkin @linuxtek-canada