Description of problem:
ipmitool used to default to a cipher suit of 3.
This worked well with older hardware as it expected it.
After ipmitool-1.8.18-11 this is no longer the default.
This can be set via a flag (ie -C 3) when using the cli
But when the inronic-conductor uses it in an OCP BM IPI install there is no way to Set that flag (ie no way to set cipher suite) because the base image for the container is RHEL 8.2 with ipmitool-1.8.18-18
This breaks the ability to use BM IPI with hardware that expects cipher suite 3 (as i think the default is now 17).
Version-Release number of selected component (if applicable):
OCP 4.6, OCP 4.5 which use ipmitool-1.8.18-18 from RHEL 8.2 in the ironic-conductor container
Deploy BM IPI with hardware that expects cipher suite 3
Steps to Reproduce:
1. Standard BM IPI
Deployment fails with ironic errors.
Ability to deploy to older hardware successfully by being able to provide the desired ipmi cipher suite to the openshift installer.
Looks like it's know wrt OSP: https://bugzilla.redhat.com/show_bug.cgi?id=1873614
Our plan is to update Ironic with a new configuration option that will allow the downgrade of the cipher suite automatically.
@August Simonelli can you please provide me some logs that shows the exception that occurs?
Code was reviewed by QA and bug moved to verify so it will not block the code for the release.
If issue still exist please open new BZ and contact us
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (Moderate: OpenShift Container Platform 4.8.2 bug fix and security update), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.