On Wed, Jul 1, 2020 at 1:57 AM Vinícius Ferrão via Users <users@ovirt.org> wrote:
Hello,

After some days scratching my head I found that oVirt is probably missing fenceTypes for IBM’s implementation of OpenBMC in the Power Management section. The host machine is an OpenPOWER AC922 (ppc64le).

The BMC basically is an “ipmilan” device but the ciphers must be defined as 3 or 17 by default:

[root@h01 ~]# ipmitool -I lanplus -H 10.20.10.2 root -P 0penBmc -L operator -C 3 channel getciphers ipmi
ID   IANA    Auth Alg        Integrity Alg   Confidentiality Alg
3    N/A     hmac_sha1       hmac_sha1_96    aes_cbc_128   
17   N/A     hmac_sha256     sha256_128      aes_cbc_128

The default ipmilan connector forces the option cipher=1 which breaks the communication.

Hi,

have you tried to overwrite the default by adding cipher=3 into Options field when adding/updating fence agent configuration for specific host?

Eli, looking at https://www.intel.com/content/dam/www/public/us/en/documents/product-briefs/ipmi-second-gen-interface-spec-v2-rev1-1.pdf I'm not sure our defaults make sense, because by default we enable IPMIv2 (lanplus=1), but we set IPMIv1 cipher support (cipher=1). Or am I missing something?

Regards,
Martin

So I was reading the code and found this “fenceType” class, but I wasn't able to found where to define those classes. So I can create another one called something like openbmc to set cipher=17 by default.

Another question is how bad the output is, it only returns a JSON-RPC generic error. But I don’t know how to suggest a fix for this.

Thanks,

_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-leave@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/BP33DZ3AET53DGS7TAD6L765WKQIOW7B/


--
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.