IPMI power control lost after recommissioning w/ 2.9.3-beta1 "Error:Access denied while performing power action: cipher suite unavailable. Check BMC configuration and try again."
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| MAAS |
Fix Released
|
Medium
|
Christian Grabowski | ||
| 2.9 |
Won't Fix
|
High
|
Unassigned | ||
Bug Description
We have an Nvidia DGX2 that was previously commissioned w/ MAAS 2.9.2. We recommissioned the server after upgrading to 2.9.3-beta1, which failed, apparently because MAAS can no longer manage power on the system.
The Power Configuration section reports the following:
"Error:Access denied while performing power action: cipher suite unavailable. Check BMC configuration and try again."
The "Cipher Suite ID" box shows:
17 - HMAC-SHA256:
Here's the output of the 30-maas-
INFO: Loading IPMI kernel modules...
INFO: Checking for HP Moonshot...
INFO: Checking for IPMI...
INFO: IPMI detected!
INFO: Reading current IPMI BMC values...
INFO: Configuring IPMI Lan_Channel...
INFO: Configuring IPMI Lan_Channel_Auth...
INFO: Lan_Channel_Auth settings unavailable!
INFO: Configuring IPMI cipher suite ids...
INFO: Gathering supported cipher suites and current configuration...
INFO: BMC supports the following ciphers - [0, 1, 2, 3, 6, 7, 8, 11, 12, 15, 16, 17]
INFO: Current cipher suite configuration - XXXaXXXXaXXXXXX
INFO: New cipher suite configuration - XXXaXXXXaXXXXXX
INFO: MAAS will use IPMI cipher suite id "17" for BMC communication
WARNING: No K_g BMC key found or configured, communication with BMC will not use a session key!
INFO: Configuring IPMI Serial_Channel...
INFO: Serial_Channel settings unavailable!
INFO: Configuring IPMI SOL_Conf...
INFO: Found existing IPMI user "maas"!
INFO: Configuring IPMI BMC user "maas"...
INFO: IPMI user number - User3
INFO: IPMI user privilege level - Administrator
INFO: IPMI Version - LAN_2_0
INFO: IPMI boot type - efi
Related branches
- MAAS Lander: Approve
- Alberto Donato (community): Approve
-
Diff: 523 lines (+70/-315)7 files modifiedsrc/maasserver/forms/parameters.py (+1/-0)
src/maasserver/forms/settings.py (+24/-1)
src/maasserver/models/config.py (+1/-0)
src/maasserver/models/tests/test_config.py (+4/-0)
src/metadataserver/builtin_scripts/commissioning_scripts/bmc_config.py (+8/-131)
src/metadataserver/builtin_scripts/commissioning_scripts/tests/test_bmc_config.py (+30/-183)
src/provisioningserver/drivers/power/ipmi.py (+2/-0)
| dann frazier (dannf) wrote | #1 |
| Changed in maas: | |
| status: | New → Triaged |
| milestone: | none → 3.0.1 |
| importance: | Undecided → Medium |
| dann frazier (dannf) wrote | #2 |
| Changed in maas: | |
| milestone: | 3.0.1 → next |
| assignee: | nobody → Christian Grabowski (cgrabowski) |
| status: | Triaged → Fix Committed |
| Changed in maas: | |
| milestone: | next → 3.2.0-beta1 |
| Changed in maas: | |
| status: | Fix Committed → Fix Released |
| Heitor (heitorpbittencourt) wrote | #3 |
| Alan Baghumian (alanbach) wrote | #4 |
This commit looks relevant:
commit 7e80a7c988ebdb6
Author: Lee Trager <email address hidden>
Date: Tue Mar 30 04:04:49 2021 +0000
Improve IPMI cipher detection.
Previously IPMI cipher detection tried both bmc-config and ipmitool. This
code would sometimes fail to detect cipher 17. There isn't an advantage to
using both methods as ipmitool will detect 17 and can be used to configure
all ciphers. The ipmitool detection and configuration code has been
refactored and simplified.
Backport of 3961116