date:20240109

Re: [xcat-user] [External] Ipmitool support for old BMC cipher suite 3

2024-01-09 Thread Ryan Novosielski via xCAT-user

That’s a good question! We don’t currently have a Confluent system running 
anything newer than RHEL7 managing anything other than DSS-G equipment, but 
we’re planning to upgrade our management system to RHEL9 soon, or alternatively 
could add an additional machine to one of the DSS-G clusters to see.

--
#BlackLivesMatter

|| \\UTGERS, |---*O*---
||_// the State  | Ryan Novosielski - novos...@rutgers.edu
|| \\ University | Sr. Technologist - 973/972.0922 (2x0922) ~*~ RBHS Campus
||  \\of NJ  | Office of Advanced Research Computing - MSB A555B, Newark
 `'

On Jan 9, 2024, at 18:16, Jarrod Johnson  wrote:

Curious, how does confluent ipmi interaction work against those systems?  does 
it manage to successfully downgrade transparently?

From: Ryan Novosielski via xCAT-user 
Sent: Tuesday, January 9, 2024 5:37 PM
To: xCAT Users Mailing list 
Cc: Ryan Novosielski 
Subject: Re: [xcat-user] [External] Ipmitool support for old BMC cipher suite 3

I can confirm that that last part is not true:

root@fw01-hpc-hill:/home/novosirj 11:11 PM# ipmitool -U USERID -I lanplus -H 
master-imm chassis status
Password:
Error in open session response message : no matching cipher suite

Error: Unable to establish IPMI v2 / RMCP+ session

…and suspected as much since I had to learn anything about the cipher suites 
and -C. :-D

Maybe the version provided by RHEL derivatives has defaults or something? We’re 
on RHEL8/9 where we’re seeing it.

—
#BlackLivesMatter

|| \\UTGERS, |---*O*---
||_// the State  | Ryan Novosielski - novos...@rutgers.edu
|| \\ University | Sr. Technologist - 973/972.0922 (2x0922) ~*~ RBHS Campus
||  \\of NJ  | Office of Advanced Research Computing - MSB A555B, Newark
 `'

On Jan 9, 2024, at 16:24, Jarrod Johnson  wrote:

In what context do you find use of  ipmitool with '-C'?  I was checking the 
ipmi console backend and it doesn't seem to have that.

rpower and such should try SHA256, fallback to SHA1 (equivalent to -C 3)

The ipmi backend for conserver, if used, doesn't currently attempt a -C 17 that 
I see.  Newer ipmitool should try 17 and fallback to 3, if that's the issue.


From: David Johnson mailto:david_john...@brown.edu>>
Sent: Tuesday, January 9, 2024 11:53 AM
To: xcat-user@lists.sourceforge.net 
mailto:xcat-user@lists.sourceforge.net>>
Subject: [External] [xcat-user] Ipmitool support for old BMC cipher suite 3

I’d like to know if there is an option somewhere in xcat to choose -C 3 for 
either selected elderly nodes that don’t support suite 17, or use -C 3 by 
default for the whole cluster? Thanks!
  -- ddj
Dave Johnson

___
xCAT-user mailing list
xCAT-user@lists.sourceforge.net
https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fxcat-user=05%7C02%7Cjjohnson2%40lenovo.com%7Cd9dfc4515405458dcfe508dc115658f9%7C5c7d0b28bdf8410caa934df372b16203%7C0%7C0%7C638404309770277001%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=g7uQXqtymGyHV4M4KxJraoePWpw9aslYbAl6Cj0UCZk%3D=0
___
xCAT-user mailing list
xCAT-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xcat-user

___
xCAT-user mailing list
xCAT-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xcat-user

[xcat-user] Support for IBM Remote Supervisor Supervisor II (RSA-II)

2024-01-09 Thread Vinícius Ferrão via xCAT-user


Hello,

This thread may be offtopic on this list but I don’t have any other places to 
go with people may understand the question.

I’ve bought this card thinking that it would provide IPMI for being controlled 
by Confluent (and xCAT maybe...) but I think I misunderstood what the device 
provides.

Anyone knows if this card is supported? Does it provide IPMI over LAN?


Long story:
There’s an old IBM System x3550 (the first one) that I use to test things, and 
I was trying to add it as a compute node of Confluent but although it has an 
OOB Ethernet Interface named as management it didn’t even linked when a network 
cable was plugged.

So after spending countless hours trying to figure it out I’ve discovered that 
I should have an additional IBM RSA-2 Slimline Card on the system for this 
management port work.

I think I incorrectly assumed that this card would provide a classic IPMI over 
LAN interface since the server already has BMC configuration on the BIOS that I 
can even set the LAN settings like the IP address.

So I sourced one card in the used market and after 12h fighting with the card 
due to wrong firmwares, mismatches between the system BIOS and the car and 
broken download links on IBM website and that frustrating Fix Central webpage.

There still an BMC update that I could not do because the update package simply 
does not find the BMC on the server. Probably because the package is for EL5 
and I’m running EL7.

After fighting with this I was able to finally connect to the web interface 
that the RSA-2 provided. I can shutdown and power on the server, see some 
information and that’s it.

However I cannot control the system using ipmitool remotely and when using 
ipmitool in band the LAN settings are different from those on the RSA-II card. 
So I think all this configuration on the BIOS about the BMC, the ipmitool lan 
commands are all bogus on this system.

Basically the card is pretty much useless and I just wasted time and little 
money in this journey.

So is there any chance of making this work? Any workaround? Anyone that feels 
the pain or knows the hardware enough to fill in the gaps what I may be missing?

Thanks all.



___
xCAT-user mailing list
xCAT-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xcat-user

Re: [xcat-user] [External] Ipmitool support for old BMC cipher suite 3

2024-01-09 Thread Jarrod Johnson

Curious, how does confluent ipmi interaction work against those systems?  does 
it manage to successfully downgrade transparently?

From: Ryan Novosielski via xCAT-user 
Sent: Tuesday, January 9, 2024 5:37 PM
To: xCAT Users Mailing list 
Cc: Ryan Novosielski 
Subject: Re: [xcat-user] [External] Ipmitool support for old BMC cipher suite 3

I can confirm that that last part is not true:

root@fw01-hpc-hill:/home/novosirj 11:11 PM# ipmitool -U USERID -I lanplus -H 
master-imm chassis status
Password:
Error in open session response message : no matching cipher suite

Error: Unable to establish IPMI v2 / RMCP+ session

…and suspected as much since I had to learn anything about the cipher suites 
and -C. :-D

Maybe the version provided by RHEL derivatives has defaults or something? We’re 
on RHEL8/9 where we’re seeing it.

—
#BlackLivesMatter

|| \\UTGERS, |---*O*---
||_// the State  | Ryan Novosielski - novos...@rutgers.edu
|| \\ University | Sr. Technologist - 973/972.0922 (2x0922) ~*~ RBHS Campus
||  \\of NJ  | Office of Advanced Research Computing - MSB A555B, Newark
 `'

On Jan 9, 2024, at 16:24, Jarrod Johnson  wrote:

In what context do you find use of  ipmitool with '-C'?  I was checking the 
ipmi console backend and it doesn't seem to have that.

rpower and such should try SHA256, fallback to SHA1 (equivalent to -C 3)

The ipmi backend for conserver, if used, doesn't currently attempt a -C 17 that 
I see.  Newer ipmitool should try 17 and fallback to 3, if that's the issue.

From: David Johnson mailto:david_john...@brown.edu>>
Sent: Tuesday, January 9, 2024 11:53 AM
To: xcat-user@lists.sourceforge.net 
mailto:xcat-user@lists.sourceforge.net>>
Subject: [External] [xcat-user] Ipmitool support for old BMC cipher suite 3

I’d like to know if there is an option somewhere in xcat to choose -C 3 for 
either selected elderly nodes that don’t support suite 17, or use -C 3 by 
default for the whole cluster? Thanks!
  -- ddj
Dave Johnson

___
xCAT-user mailing list
xCAT-user@lists.sourceforge.net
https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fxcat-user=05%7C02%7Cjjohnson2%40lenovo.com%7Cd9dfc4515405458dcfe508dc115658f9%7C5c7d0b28bdf8410caa934df372b16203%7C0%7C0%7C638404309770277001%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=g7uQXqtymGyHV4M4KxJraoePWpw9aslYbAl6Cj0UCZk%3D=0
___
xCAT-user mailing list
xCAT-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xcat-user

___
xCAT-user mailing list
xCAT-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xcat-user

Re: [xcat-user] [External] Ipmitool support for old BMC cipher suite 3

2024-01-09 Thread David Johnson

OK, egg on face -- 
I had neglected to copy the tyan line in tabedit ipmi (same as all the other 
lines for gb and supermicro)

So, rpower now works fine, but rcons still has issues.  The man page for 
ipmitool says -C 3 is default, but
I suspect the code was changed and they forgot to update the man page.

> On Jan 9, 2024, at 6:16 PM, Jarrod Johnson  wrote:
> 
> Interesting, wonder what the handshake on those would look like...
> 
> The xCAT IPMI.pm tries to open the session with C17, and then when the answer 
> should come back with an error code, then it falls back to equivalent to C3. 
>  Might be interested in a pcap of the attempt to see what is up.  It 
> shouldn't possibly reply '0' if it thinks it's all good, but maybe it fails 
> to reply at all, which might trigger a timeout during that phase instead of a 
> fallback...
> 
> I took at glance at ipmitool source and verified that redhat back to 8.x 
> either includes a new enough version or backports the 'auto-detect c17'.
> 
> You could hard set things back to 3 across the board, however some newer 
> firmware will refuse to work with 3 (because any use of SHA-1 is hunted down, 
> regardless of whether the weakness actually applies, which in IPMI land the 
> SHA-1 weakness doesn't matter since it's in an HMAC).
> 
> You could make an 'ipmic3' console backend and possibly make an 'ipmic3' 
> plugin that is a fork of c3 only for old systems that predate cipher suite 17 
> support.  I would like to see and try out auto-degrade on older systems, but 
> I may not be able to cover it.
> From: David Johnson 
> Sent: Tuesday, January 9, 2024 5:41 PM
> To: xCAT Users Mailing list 
> Subject: Re: [xcat-user] [External] Ipmitool support for old BMC cipher suite 
> 3
>  
> We encountered the problem with rpower and gocons when we migrated our 
> cluster this morning from rhel7.9 to rhel9.2.  Most nodes had no issue when I 
> moved the consoles from the old front end to the new one but one batch of 
> tyan gpu nodes timed out on rpower, and couldn’t make a connection with sol.  
> Googling revealed that some BMC firmware would reply that they offer suite 
> 17, but in fact they did not implement it.   Have not looked for updated 
> firmware yet for these ten nodes, looking for an easier fix if possible.  
>   -- ddj
> Dave Johnson
> 
>> On Jan 9, 2024, at 5:31 PM, Jarrod Johnson  wrote:
>> 
>> 
>> In what context do you find use of  ipmitool with '-C'?  I was checking the 
>> ipmi console backend and it doesn't seem to have that.
>> 
>> rpower and such should try SHA256, fallback to SHA1 (equivalent to -C 3)
>> 
>> The ipmi backend for conserver, if used, doesn't currently attempt a -C 17 
>> that I see.  Newer ipmitool should try 17 and fallback to 3, if that's the 
>> issue.
>> From: David Johnson 
>> Sent: Tuesday, January 9, 2024 11:53 AM
>> To: xcat-user@lists.sourceforge.net 
>> Subject: [External] [xcat-user] Ipmitool support for old BMC cipher suite 3
>>  
>> I’d like to know if there is an option somewhere in xcat to choose -C 3 for 
>> either selected elderly nodes that don’t support suite 17, or use -C 3 by 
>> default for the whole cluster? Thanks!
>>   -- ddj
>> Dave Johnson
>> 
>> ___
>> xCAT-user mailing list
>> xCAT-user@lists.sourceforge.net
>> https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fxcat-user=05%7C02%7Cjjohnson2%40lenovo.com%7Cd9dfc4515405458dcfe508dc115658f9%7C5c7d0b28bdf8410caa934df372b16203%7C0%7C0%7C638404309770277001%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=g7uQXqtymGyHV4M4KxJraoePWpw9aslYbAl6Cj0UCZk%3D=0
>>  
>> ___
>> xCAT-user mailing list
>> xCAT-user@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/xcat-user
> ___
> xCAT-user mailing list
> xCAT-user@lists.sourceforge.net 
> https://lists.sourceforge.net/lists/listinfo/xcat-user

___
xCAT-user mailing list
xCAT-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xcat-user

Re: [xcat-user] [External] Ipmitool support for old BMC cipher suite 3

2024-01-09 Thread David Johnson

Just using ipmitool, "-I lanplus" fails; "-I lan" works, and "-C 3 -I lanplus" 
works.

I tried a tcpdump while doing "rpower gpu2001 status", and no packets were 
logged
I'm probably doing something wrong.  I got 16 packets returned attempting 
ipmitool chassis power status,
but it didn't log any sent packets...

Of course SOL will not work without lanplus.

Error messages same as quoted by Ryan.

> On Jan 9, 2024, at 6:16 PM, Jarrod Johnson  wrote:
> 
> Interesting, wonder what the handshake on those would look like...
> 
> The xCAT IPMI.pm tries to open the session with C17, and then when the answer 
> should come back with an error code, then it falls back to equivalent to C3. 
>  Might be interested in a pcap of the attempt to see what is up.  It 
> shouldn't possibly reply '0' if it thinks it's all good, but maybe it fails 
> to reply at all, which might trigger a timeout during that phase instead of a 
> fallback...
> 
> I took at glance at ipmitool source and verified that redhat back to 8.x 
> either includes a new enough version or backports the 'auto-detect c17'.
> 
> You could hard set things back to 3 across the board, however some newer 
> firmware will refuse to work with 3 (because any use of SHA-1 is hunted down, 
> regardless of whether the weakness actually applies, which in IPMI land the 
> SHA-1 weakness doesn't matter since it's in an HMAC).
> 
> You could make an 'ipmic3' console backend and possibly make an 'ipmic3' 
> plugin that is a fork of c3 only for old systems that predate cipher suite 17 
> support.  I would like to see and try out auto-degrade on older systems, but 
> I may not be able to cover it.
> From: David Johnson 
> Sent: Tuesday, January 9, 2024 5:41 PM
> To: xCAT Users Mailing list 
> Subject: Re: [xcat-user] [External] Ipmitool support for old BMC cipher suite 
> 3
>  
> We encountered the problem with rpower and gocons when we migrated our 
> cluster this morning from rhel7.9 to rhel9.2.  Most nodes had no issue when I 
> moved the consoles from the old front end to the new one but one batch of 
> tyan gpu nodes timed out on rpower, and couldn’t make a connection with sol.  
> Googling revealed that some BMC firmware would reply that they offer suite 
> 17, but in fact they did not implement it.   Have not looked for updated 
> firmware yet for these ten nodes, looking for an easier fix if possible.  
>   -- ddj
> Dave Johnson
> 
>> On Jan 9, 2024, at 5:31 PM, Jarrod Johnson  wrote:
>> 
>> 
>> In what context do you find use of  ipmitool with '-C'?  I was checking the 
>> ipmi console backend and it doesn't seem to have that.
>> 
>> rpower and such should try SHA256, fallback to SHA1 (equivalent to -C 3)
>> 
>> The ipmi backend for conserver, if used, doesn't currently attempt a -C 17 
>> that I see.  Newer ipmitool should try 17 and fallback to 3, if that's the 
>> issue.
>> From: David Johnson 
>> Sent: Tuesday, January 9, 2024 11:53 AM
>> To: xcat-user@lists.sourceforge.net 
>> Subject: [External] [xcat-user] Ipmitool support for old BMC cipher suite 3
>>  
>> I’d like to know if there is an option somewhere in xcat to choose -C 3 for 
>> either selected elderly nodes that don’t support suite 17, or use -C 3 by 
>> default for the whole cluster? Thanks!
>>   -- ddj
>> Dave Johnson
>> 
>> ___
>> xCAT-user mailing list
>> xCAT-user@lists.sourceforge.net
>> https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fxcat-user=05%7C02%7Cjjohnson2%40lenovo.com%7Cd9dfc4515405458dcfe508dc115658f9%7C5c7d0b28bdf8410caa934df372b16203%7C0%7C0%7C638404309770277001%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=g7uQXqtymGyHV4M4KxJraoePWpw9aslYbAl6Cj0UCZk%3D=0
>>  
>> ___
>> xCAT-user mailing list
>> xCAT-user@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/xcat-user
> ___
> xCAT-user mailing list
> xCAT-user@lists.sourceforge.net 
> https://lists.sourceforge.net/lists/listinfo/xcat-user

___
xCAT-user mailing list
xCAT-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xcat-user

Re: [xcat-user] [External] Ipmitool support for old BMC cipher suite 3

2024-01-09 Thread Jarrod Johnson

Interesting, wonder what the handshake on those would look like...

The xCAT IPMI.pm tries to open the session with C17, and then when the answer 
should come back with an error code, then it falls back to equivalent to C3.  
Might be interested in a pcap of the attempt to see what is up.  It shouldn't 
possibly reply '0' if it thinks it's all good, but maybe it fails to reply at 
all, which might trigger a timeout during that phase instead of a fallback...

I took at glance at ipmitool source and verified that redhat back to 8.x either 
includes a new enough version or backports the 'auto-detect c17'.

You could hard set things back to 3 across the board, however some newer 
firmware will refuse to work with 3 (because any use of SHA-1 is hunted down, 
regardless of whether the weakness actually applies, which in IPMI land the 
SHA-1 weakness doesn't matter since it's in an HMAC).

You could make an 'ipmic3' console backend and possibly make an 'ipmic3' plugin 
that is a fork of c3 only for old systems that predate cipher suite 17 support. 
 I would like to see and try out auto-degrade on older systems, but I may not 
be able to cover it.

From: David Johnson 
Sent: Tuesday, January 9, 2024 5:41 PM
To: xCAT Users Mailing list 
Subject: Re: [xcat-user] [External] Ipmitool support for old BMC cipher suite 3

We encountered the problem with rpower and gocons when we migrated our cluster 
this morning from rhel7.9 to rhel9.2.  Most nodes had no issue when I moved the 
consoles from the old front end to the new one but one batch of tyan gpu nodes 
timed out on rpower, and couldn’t make a connection with sol.  Googling 
revealed that some BMC firmware would reply that they offer suite 17, but in 
fact they did not implement it.   Have not looked for updated firmware yet for 
these ten nodes, looking for an easier fix if possible.
  -- ddj
Dave Johnson

On Jan 9, 2024, at 5:31 PM, Jarrod Johnson  wrote:


In what context do you find use of  ipmitool with '-C'?  I was checking the 
ipmi console backend and it doesn't seem to have that.

rpower and such should try SHA256, fallback to SHA1 (equivalent to -C 3)

The ipmi backend for conserver, if used, doesn't currently attempt a -C 17 that 
I see.  Newer ipmitool should try 17 and fallback to 3, if that's the issue.

From: David Johnson 
Sent: Tuesday, January 9, 2024 11:53 AM
To: xcat-user@lists.sourceforge.net 
Subject: [External] [xcat-user] Ipmitool support for old BMC cipher suite 3

I’d like to know if there is an option somewhere in xcat to choose -C 3 for 
either selected elderly nodes that don’t support suite 17, or use -C 3 by 
default for the whole cluster? Thanks!
  -- ddj
Dave Johnson

___
xCAT-user mailing list
xCAT-user@lists.sourceforge.net
https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fxcat-user=05%7C02%7Cjjohnson2%40lenovo.com%7Cd9dfc4515405458dcfe508dc115658f9%7C5c7d0b28bdf8410caa934df372b16203%7C0%7C0%7C638404309770277001%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=g7uQXqtymGyHV4M4KxJraoePWpw9aslYbAl6Cj0UCZk%3D=0
___
xCAT-user mailing list
xCAT-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xcat-user
___
xCAT-user mailing list
xCAT-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xcat-user

Re: [xcat-user] [External] Ipmitool support for old BMC cipher suite 3

2024-01-09 Thread Ryan Novosielski via xCAT-user

I can confirm that that last part is not true:

root@fw01-hpc-hill:/home/novosirj 11:11 PM# ipmitool -U USERID -I lanplus -H 
master-imm chassis status
Password:
Error in open session response message : no matching cipher suite

Error: Unable to establish IPMI v2 / RMCP+ session

…and suspected as much since I had to learn anything about the cipher suites 
and -C. :-D

Maybe the version provided by RHEL derivatives has defaults or something? We’re 
on RHEL8/9 where we’re seeing it.

—
#BlackLivesMatter

|| \\UTGERS, |---*O*---
||_// the State  | Ryan Novosielski - novos...@rutgers.edu
|| \\ University | Sr. Technologist - 973/972.0922 (2x0922) ~*~ RBHS Campus
||  \\of NJ  | Office of Advanced Research Computing - MSB A555B, Newark
 `'

On Jan 9, 2024, at 16:24, Jarrod Johnson  wrote:

In what context do you find use of  ipmitool with '-C'?  I was checking the 
ipmi console backend and it doesn't seem to have that.

rpower and such should try SHA256, fallback to SHA1 (equivalent to -C 3)

The ipmi backend for conserver, if used, doesn't currently attempt a -C 17 that 
I see.  Newer ipmitool should try 17 and fallback to 3, if that's the issue.

From: David Johnson mailto:david_john...@brown.edu>>
Sent: Tuesday, January 9, 2024 11:53 AM
To: xcat-user@lists.sourceforge.net 
mailto:xcat-user@lists.sourceforge.net>>
Subject: [External] [xcat-user] Ipmitool support for old BMC cipher suite 3

I’d like to know if there is an option somewhere in xcat to choose -C 3 for 
either selected elderly nodes that don’t support suite 17, or use -C 3 by 
default for the whole cluster? Thanks!
  -- ddj
Dave Johnson

___
xCAT-user mailing list
xCAT-user@lists.sourceforge.net
https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fxcat-user=05%7C02%7Cjjohnson2%40lenovo.com%7Cd9dfc4515405458dcfe508dc115658f9%7C5c7d0b28bdf8410caa934df372b16203%7C0%7C0%7C638404309770277001%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=g7uQXqtymGyHV4M4KxJraoePWpw9aslYbAl6Cj0UCZk%3D=0
___
xCAT-user mailing list
xCAT-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xcat-user

___
xCAT-user mailing list
xCAT-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xcat-user

Re: [xcat-user] [External] Ipmitool support for old BMC cipher suite 3

2024-01-09 Thread David Johnson

We encountered the problem with rpower and gocons when we migrated our cluster this morning from rhel7.9 to rhel9.2.  Most nodes had no issue when I moved the consoles from the old front end to the new one but one batch of tyan gpu nodes timed out on rpower, and couldn’t make a connection with sol.  Googling revealed that some BMC firmware would reply that they offer suite 17, but in fact they did not implement it.   Have not looked for updated firmware yet for these ten nodes, looking for an easier fix if possible.    -- ddjDave JohnsonOn Jan 9, 2024, at 5:31 PM, Jarrod Johnson  wrote:






In what context do you find use of  ipmitool with '-C'?  I was checking the ipmi console backend and it doesn't seem to have that.




rpower and such should try SHA256, fallback to SHA1 (equivalent to -C 3)




The ipmi backend for conserver, if used, doesn't currently attempt a -C 17 that I see.  Newer ipmitool should try 17 and fallback to 3, if that's the issue.


From: David Johnson 
Sent: Tuesday, January 9, 2024 11:53 AM
To: xcat-user@lists.sourceforge.net 
Subject: [External] [xcat-user] Ipmitool support for old BMC cipher suite 3
 


I’d like to know if there is an option somewhere in xcat to choose -C 3 for either selected elderly nodes that don’t support suite 17, or use -C 3 by default for the whole cluster? Thanks!
  -- ddj
Dave Johnson

___
xCAT-user mailing list
xCAT-user@lists.sourceforge.net
https://apc01.safelinks.protection.outlook.com/?url="">




___xCAT-user mailing listxCAT-user@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/xcat-user___
xCAT-user mailing list
xCAT-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xcat-user

Re: [xcat-user] [External] Ipmitool support for old BMC cipher suite 3

2024-01-09 Thread Jarrod Johnson

In what context do you find use of  ipmitool with '-C'?  I was checking the 
ipmi console backend and it doesn't seem to have that.

rpower and such should try SHA256, fallback to SHA1 (equivalent to -C 3)

The ipmi backend for conserver, if used, doesn't currently attempt a -C 17 that 
I see.  Newer ipmitool should try 17 and fallback to 3, if that's the issue.

From: David Johnson 
Sent: Tuesday, January 9, 2024 11:53 AM
To: xcat-user@lists.sourceforge.net 
Subject: [External] [xcat-user] Ipmitool support for old BMC cipher suite 3

I’d like to know if there is an option somewhere in xcat to choose -C 3 for 
either selected elderly nodes that don’t support suite 17, or use -C 3 by 
default for the whole cluster? Thanks!
  -- ddj
Dave Johnson

___
xCAT-user mailing list
xCAT-user@lists.sourceforge.net
https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fxcat-user=05%7C02%7Cjjohnson2%40lenovo.com%7Cd9dfc4515405458dcfe508dc115658f9%7C5c7d0b28bdf8410caa934df372b16203%7C0%7C0%7C638404309770277001%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=g7uQXqtymGyHV4M4KxJraoePWpw9aslYbAl6Cj0UCZk%3D=0
___
xCAT-user mailing list
xCAT-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xcat-user

[xcat-user] Ipmitool support for old BMC cipher suite 3

2024-01-09 Thread David Johnson

I’d like to know if there is an option somewhere in xcat to choose -C 3 for 
either selected elderly nodes that don’t support suite 17, or use -C 3 by 
default for the whole cluster? Thanks!
  -- ddj
Dave Johnson

___
xCAT-user mailing list
xCAT-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xcat-user

Re: [xcat-user] [External] Ipmitool support for old BMC cipher suite 3

[xcat-user] Support for IBM Remote Supervisor Supervisor II (RSA-II)

Re: [xcat-user] [External] Ipmitool support for old BMC cipher suite 3

Re: [xcat-user] [External] Ipmitool support for old BMC cipher suite 3

Re: [xcat-user] [External] Ipmitool support for old BMC cipher suite 3

Re: [xcat-user] [External] Ipmitool support for old BMC cipher suite 3

Re: [xcat-user] [External] Ipmitool support for old BMC cipher suite 3

Re: [xcat-user] [External] Ipmitool support for old BMC cipher suite 3

Re: [xcat-user] [External] Ipmitool support for old BMC cipher suite 3

[xcat-user] Ipmitool support for old BMC cipher suite 3

10 matches

Site Navigation

Mail list logo

Footer information