Hi Martin,

On 1 Jul 2020, at 03:26, Martin Perina <mperina@redhat.com> wrote:



On Wed, Jul 1, 2020 at 1:57 AM Vinícius Ferrão via Users <users@ovirt.org> wrote:
Hello,

After some days scratching my head I found that oVirt is probably missing fenceTypes for IBM’s implementation of OpenBMC in the Power Management section. The host machine is an OpenPOWER AC922 (ppc64le).

The BMC basically is an “ipmilan” device but the ciphers must be defined as 3 or 17 by default:

[root@h01 ~]# ipmitool -I lanplus -H 10.20.10.2 root -P 0penBmc -L operator -C 3 channel getciphers ipmi
ID   IANA    Auth Alg        Integrity Alg   Confidentiality Alg
3    N/A     hmac_sha1       hmac_sha1_96    aes_cbc_128   
17   N/A     hmac_sha256     sha256_128      aes_cbc_128

The default ipmilan connector forces the option cipher=1 which breaks the communication.

Hi,

have you tried to overwrite the default by adding cipher=3 into Options field when adding/updating fence agent configuration for specific host?

Eli, looking at https://www.intel.com/content/dam/www/public/us/en/documents/product-briefs/ipmi-second-gen-interface-spec-v2-rev1-1.pdf I'm not sure our defaults make sense, because by default we enable IPMIv2 (lanplus=1), but we set IPMIv1 cipher support (cipher=1). Or am I missing something?

Yes I’m running this way right now: ipmilan with cipher=17 on options.

But to figure it out I took almost a month. Really. I’ve sent a message on 5 June to the list: Power Management on IBM AC922 Power9 (ppc64le); and I was trying to solve it since them.

This was mainly due to poor documentation. I only figured it out when I done a lot of searches on Github to read the oVirt code. So the cipher=1 thing show up, and I guessed that it may be it. And it was…

I know that no one cares for ppc64le haha. But I think a change on the list of supported fenceTypes will save some people the time I’ve lost with this. If there’s something like “openbmc"  would be great.

Or at least a better explanation on the Power Management configure box. Not even the options are explained correctly guessing lanplus=1 was hard. I tried a lot of combinations like:
I=lanplus
-I lanplus
-I=lanplus

Thanks,


Regards,
Martin

So I was reading the code and found this “fenceType” class, but I wasn't able to found where to define those classes. So I can create another one called something like openbmc to set cipher=17 by default.

Another question is how bad the output is, it only returns a JSON-RPC generic error. But I don’t know how to suggest a fix for this.

Thanks,

_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-leave@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/BP33DZ3AET53DGS7TAD6L765WKQIOW7B/


--
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.