[2.2] MAAS IPMI autodiscover should enable IPMI-over-LAN if disabled

Bug #1664822 reported by Andres Rodriguez on 2017-02-15
22
This bug affects 2 people
Affects Status Importance Assigned to Milestone
MAAS
Wishlist
Andres Rodriguez
2.2
High
Andres Rodriguez

Bug Description

So during enlistment:

 * we detect the IPMI details and enable network access if necessary
 * we test that we can reach the BMC from a rack controller
 * we add the secure MAAS credentials for the BMC
 * we verify that we can test power
 * then we consider the enlistment a success and record the machine
   (otherwise, we note the failure and give reasons / pointers in the
GUI and log)

Related branches

Andres Rodriguez (andreserl) wrote :

To do this we need to compare the output of:

sudo bmc-config --checkout

In two situations:

1. When IPMI-over-LAN is enabled
2. When IPMI-over-LAN is disabled.

Changed in maas:
milestone: none → 2.2.0
importance: Undecided → Wishlist
status: New → Triaged
Changed in maas:
milestone: 2.2.0 → next
Jim Tilander (p-jim-8) wrote :

Is the output of bmc-config supposed to be run on the actual machine being enlisted, and NOT the rack controller right?

Jim Tilander (p-jim-8) wrote :

Here is the diff from a Dell R630 machine:

# diff -C 10 with_lan_ipmi_enabled with_lan_ipmi_disabled

*** with_lan_ipmi_enabled 2017-02-17 17:01:39.523540446 +0000
--- with_lan_ipmi_disabled 2017-02-17 17:02:47.667937953 +0000
***************
*** 361,391 ****
  # To enable IPMI over LAN, typically "Access_Mode" should be set to
  # "Always_Available". "Channel_Privilege_Limit" should be set to the highest
  # privilege level any username was configured with. Typically, this is set to
  # "Administrator".
  #
  # "User_Level_Auth" and "Per_Message_Auth" are typically set to "Yes" for
  # additional security.
  #
  Section Lan_Channel
   ## Possible values: Disabled/Pre_Boot_Only/Always_Available/Shared
! Volatile_Access_Mode Always_Available
   ## Possible values: Yes/No
   Volatile_Enable_User_Level_Auth No
   ## Possible values: Yes/No
   Volatile_Enable_Per_Message_Auth No
   ## Possible values: Yes/No
   Volatile_Enable_Pef_Alerting No
   ## Possible values: Callback/User/Operator/Administrator/OEM_Proprietary
   Volatile_Channel_Privilege_Limit Administrator
   ## Possible values: Disabled/Pre_Boot_Only/Always_Available/Shared
! Non_Volatile_Access_Mode Always_Available
   ## Possible values: Yes/No
   Non_Volatile_Enable_User_Level_Auth No
   ## Possible values: Yes/No
   Non_Volatile_Enable_Per_Message_Auth No
   ## Possible values: Yes/No
   Non_Volatile_Enable_Pef_Alerting No
   ## Possible values: Callback/User/Operator/Administrator/OEM_Proprietary
   Non_Volatile_Channel_Privilege_Limit Administrator
  EndSection
  #
--- 361,391 ----
  # To enable IPMI over LAN, typically "Access_Mode" should be set to
  # "Always_Available". "Channel_Privilege_Limit" should be set to the highest
  # privilege level any username was configured with. Typically, this is set to
  # "Administrator".
  #
  # "User_Level_Auth" and "Per_Message_Auth" are typically set to "Yes" for
  # additional security.
  #
  Section Lan_Channel
   ## Possible values: Disabled/Pre_Boot_Only/Always_Available/Shared
! Volatile_Access_Mode Disabled
   ## Possible values: Yes/No
   Volatile_Enable_User_Level_Auth No
   ## Possible values: Yes/No
   Volatile_Enable_Per_Message_Auth No
   ## Possible values: Yes/No
   Volatile_Enable_Pef_Alerting No
   ## Possible values: Callback/User/Operator/Administrator/OEM_Proprietary
   Volatile_Channel_Privilege_Limit Administrator
   ## Possible values: Disabled/Pre_Boot_Only/Always_Available/Shared
! Non_Volatile_Access_Mode Disabled
   ## Possible values: Yes/No
   Non_Volatile_Enable_User_Level_Auth No
   ## Possible values: Yes/No
   Non_Volatile_Enable_Per_Message_Auth No
   ## Possible values: Yes/No
   Non_Volatile_Enable_Pef_Alerting No
   ## Possible values: Callback/User/Operator/Administrator/OEM_Proprietary
   Non_Volatile_Channel_Privilege_Limit Administrator
  EndSection
  #

Andres Rodriguez (andreserl) wrote :

Hi Jim,

Thanks for the diff. I'm gonna try to figure out how much configuration would actually be needed to enable IPMI-over-LAN. Once I have the correct config, it should be straightforward to get it done automatically on enlistment/commissioning.

Changed in maas:
milestone: next → 2.2.1
Changed in maas:
milestone: 2.2.1 → 2.2.x
Changed in maas:
milestone: 2.2.x → 2.3.0
assignee: nobody → Andres Rodriguez (andreserl)
Andres Rodriguez (andreserl) wrote :

A proposed solution is available in: https://bugs.launchpad.net/maas/+bug/1703535

Changed in maas:
status: Triaged → In Progress
Marcus Wellnitz (mwellnitz) wrote :

Is it possible to backport it to the Ubuntu LTS (16.04) repository?

Changed in maas:
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in maas (Ubuntu):
status: New → Confirmed
Andres Rodriguez (andreserl) wrote :

This fix will be made available in 2.2.2 which will be backported to Xenial!

no longer affects: maas (Ubuntu)
Changed in maas:
milestone: 2.3.0 → 2.3.0alpha1
Changed in maas:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers