Note that the ipmitool equivalent should be at least lanplus nowadays. Biggest risk I could see is that some firmware nowadays requires at least cipher suite 17, if ipmi is enabled at all.
https://github.com/xcat2/xcat-core/commit/8d5df5d6cae07219e10d1a00538cafdb8e3bbf13 [https://opengraph.githubassets.com/66d12043810f5539d598ab49b5452fc09d1d90759ae5ae218db3e6c74a55d91b/xcat2/xcat-core/commit/8d5df5d6cae07219e10d1a00538cafdb8e3bbf13]<https://github.com/xcat2/xcat-core/commit/8d5df5d6cae07219e10d1a00538cafdb8e3bbf13> Implement HMAC-SHA256 in xCAT IPMI · xcat2/xcat-core@8d5df5d<https://github.com/xcat2/xcat-core/commit/8d5df5d6cae07219e10d1a00538cafdb8e3bbf13> This will be compatible with some current implementations that do not have SHA-1. HMAC-SHA1 may be still secure, but SHA1 in any context *looks* bad even if it isn't. github.com That change to IPMI.pm might alleviate. Double check if ipmitool with -C 17 will work, and if that will work, you may need IPMI.pm to change to support SHA256 in the hmac. ________________________________ From: Mark Gurevich via xCAT-user <xcat-user@lists.sourceforge.net> Sent: Thursday, February 23, 2023 1:35 PM To: xCAT Users Mailing list <xcat-user@lists.sourceforge.net> Cc: Mark Gurevich <gurev...@us.ibm.com> Subject: [External] Re: [xcat-user] ipmitool -I open vs lanplus vs lan xCAT uses raw ipmi commands to do ipmi communication. You can turn xCAT debug on with "chdef -t site clustersite xcatdebugmode=1" and then issue a command, like "rpower <node> stat" to see all the raw ipmi commands xCAT is sending. Use "chdef -t site clustersite xcatdebugmode=0" to turn debug off. -----Original Message----- From: Michael Green <mishagr...@gmail.com> Sent: Thursday, February 23, 2023 1:08 PM To: xCAT Users Mailing list <xcat-user@lists.sourceforge.net> Subject: [EXTERNAL] [xcat-user] ipmitool -I open vs lanplus vs lan Hello collective wisdom, What IPMI interface does xcat use? Is it lan or lanplus or open? (As in ipmitool -I ) Is it configurable? I have a bunch of new Dell servers in the lab that don't seem to communicate over lan or lanplus interface, only open and I have trouble provisioning them through xcat. I suspect it's because of lanplus not supported/missing from these servers. -- Regards, Michael _______________________________________________ xCAT-user mailing list xCAT-user@lists.sourceforge.net https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fxcat-user&data=05%7C01%7Cjjohnson2%40lenovo.com%7Cb9b6b5f64d5e47f91cf908db15cce89f%7C5c7d0b28bdf8410caa934df372b16203%7C0%7C0%7C638127742055309654%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=%2BHmEMMvgmId52mKnS1F40GTNMtmzDWrZZ9a18N9s1r4%3D&reserved=0 _______________________________________________ xCAT-user mailing list xCAT-user@lists.sourceforge.net https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fxcat-user&data=05%7C01%7Cjjohnson2%40lenovo.com%7Cb9b6b5f64d5e47f91cf908db15cce89f%7C5c7d0b28bdf8410caa934df372b16203%7C0%7C0%7C638127742055309654%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=%2BHmEMMvgmId52mKnS1F40GTNMtmzDWrZZ9a18N9s1r4%3D&reserved=0
_______________________________________________ xCAT-user mailing list xCAT-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/xcat-user
