Bug 1876620 - [OSP16][RHEL8.2][RFE] specifying cipher suite because some nodes do not support Cipher Suite 17 in lanplus mode
Summary: [OSP16][RHEL8.2][RFE] specifying cipher suite because some nodes do not suppo...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-ironic
Version: 16.1 (Train)
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: z4
: 16.1 (Train on RHEL 8.2)
Assignee: Steve Baker
QA Contact: Paras Babbar
URL:
Whiteboard:
Depends On:
Blocks: 1920043
TreeView+ depends on / blocked
 
Reported: 2020-09-07 17:50 UTC by camorris@redhat.co
Modified: 2024-03-25 16:26 UTC (History)
23 users (show)

Fixed In Version: openstack-ironic-13.0.7-1.20201114020439.el8ost
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1873614
Environment:
Last Closed: 2021-03-17 15:31:57 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
OpenStack gerrit 752710 0 None MERGED Allow configuring IPMI cipher suite 2021-02-08 17:28:09 UTC
Red Hat Issue Tracker OSP-1834 0 None None None 2021-12-28 05:57:27 UTC
Red Hat Knowledge Base (Solution) 5931381 0 None None None 2021-04-06 08:31:28 UTC
Red Hat Product Errata RHBA-2021:0817 0 None None None 2021-03-17 15:32:27 UTC

Description camorris@redhat.co 2020-09-07 17:50:54 UTC 
+++ This bug was initially created as a clone of Bug #1873614 +++

Description of problem:
When using lanplus and forcing the cipher to be used we found that some nodes do not support Cipher Suite 17 in lanplus mode. It seems like in 16.0/8.1 the ipmitool version defaulted to C 3 but in 16.1/8.2 its defaulting to 17.  In the previous examples you can see I was using -l lan and not lanplus. 


Version-Release number of selected component (if applicable):
ipmitool-1.8.18-14.el8.x86_64

How reproducible:
Everytime

Steps to Reproduce:
1. Try to inspect a node or run the correct ipmitool command

Actual results:
Fails

Expected results:
Inspection successful 

Additional info:

I peeled two from an existing OSP13 cluster to prep wider deployment. The two nodes import perfectly fine in 16.0 running on the same networks, but it fails in 16.1

RFE opened at the demand of  Dmitry Tantsur, see private comment #2 for more information
Comment 3 Dmitry Tantsur 2020-09-08 08:27:57 UTC 
A small correction: it seems like cypher suites negotiation may fail for some hardware, so we need to be able to provide an exact suite to ironic.
Comment 14 spower 2020-10-29 11:48:38 UTC 
Exception process was not followed for 16.1.3, the TRAC team recieved no proposal by email for this to be inlcuded in 16.1.3. The deadline was Oct 23rd. I'm removing the exception flag.
Comment 34 errata-xmlrpc 2021-03-17 15:31:57 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Red Hat OpenStack Platform 16.1.4 director bug fix advisory), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:0817
Note You need to log in before you can comment on or make changes to this bug.