On Wed, Jul 1, 2020 at 1:57 AM Vinícius Ferrão via Users <users@ovirt.org> wrote:

Hello,

After some days scratching my head I found that oVirt is probably missing fenceTypes for IBM’s implementation of OpenBMC in the Power Management section. The host machine is an OpenPOWER AC922 (ppc64le).

The BMC basically is an “ipmilan” device but the ciphers must be defined as 3 or 17 by default:

[root@h01 ~]# ipmitool -I lanplus -H 10.20.10.2 root -P 0penBmc -L operator -C 3 channel getciphers ipmi
ID IANA Auth Alg Integrity Alg Confidentiality Alg
3 N/A hmac_sha1 hmac_sha1_96 aes_cbc_128
17 N/A hmac_sha256 sha256_128 aes_cbc_128

The default ipmilan connector forces the option cipher=1 which breaks the communication.

Hi,

have you tried to overwrite the default by adding cipher=3 into Options field when adding/updating fence agent configuration for specific host?

Eli, looking at https://www.intel.com/content/dam/www/public/us/en/documents/product-briefs/ipmi-second-gen-interface-spec-v2-rev1-1.pdf I'm not sure our defaults make sense, because by default we enable IPMIv2 (lanplus=1), but we set IPMIv1 cipher support (cipher=1). Or am I missing something?

Regards,

Martin

So I was reading the code and found this “fenceType” class, but I wasn't able to found where to define those classes. So I can create another one called something like openbmc to set cipher=17 by default.

Another question is how bad the output is, it only returns a JSON-RPC generic error. But I don’t know how to suggest a fix for this.

Thanks,

_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-leave@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/BP33DZ3AET53DGS7TAD6L765WKQIOW7B/

Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.