Jarrod B Johnson wrote:
> Oh well, for reference, the most common offender is that the vendor
> neglected to implement server to client authentication, which makes IPMI
> vulnerable to man-in-the-middle. IBM is at least one vendor that gets
> this right ;) I'm reluctant to change our code to allow
> man-in-the-middle exploits, which currently ipmitool is exposed to.
Yes I agree - We have a couple Idataplex's and they're great to work with ;-)
>
> Inactive hide details for Rich Sudlow ---05/11/2011 11:40:33 AM---Jarrod
> B Johnson wrote: > Unfortunately, the strace is only sRich Sudlow
> ---05/11/2011 11:40:33 AM---Jarrod B Johnson wrote: > Unfortunately, the
> strace is only showing client activity. You can try
>
> From: Rich Sudlow <rich@...>
> To: xCAT Users Mailing list <xcat-user@...>
> Date: 05/11/2011 11:40 AM
> Subject: Re: [xcat-user] rpower problems after update
>
> ------------------------------------------------------------------------
>
>
>
> Jarrod B Johnson wrote:
> > Unfortunately, the strace is only showing client activity. You can try
> > this IPMI.pm file in/opt/xcat/lib/perl/xCAT/ and service xcatd restart.
> > If my best guess is right, it will give you BUG output. If it doesn't,
> > tshark or tcpdump to get a pcap (with a filter on udp port 623 and
> > ddcopt037-bmc).
> >
> > /(See attached file: IPMI.pm)/
> >
> > If you really don't care at all about IPMI 2.0, you can alternatively
> > change:
> >
> > my $ipmi2support = eval {
> > require Digest::SHA1;
> > Digest::SHA1->import(qw/sha1/);
> > require Digest::HMAC_SHA1;
> > Digest::HMAC_SHA1->import(qw/hmac_sha1/);
> > 1;
> > };
> >
> > to:
> > my $ipmi2support = 0;
> >
> > In your IPMI.pm to disable the IPMI 2.0 encryption/auth stuff.
>
>
> Thanks Jarrod - Turning off the IPMI 2.0 stuff worked!! Will do what I
> can to get rid of those machines ASAP!
>
> Thanks - this is one of the reasons xcat is so great!!
>
> Rich
>
> >
> > Inactive hide details for Rich Sudlow ---05/11/2011 11:10:17 AM---Jarrod
> > B Johnson wrote: > ipmitool -I lanplus to the systems Rich Sudlow
> > ---05/11/2011 11:10:17 AM---Jarrod B Johnson wrote: > ipmitool -I
> > lanplus to the systems give any weird issues?
> >
> > From: Rich Sudlow <rich@...>
> > To: xCAT Users Mailing list <xcat-user@...>
> > Date: 05/11/2011 11:10 AM
> > Subject: Re: [xcat-user] rpower problems after update
> >
> >
> >
> >
> > Jarrod B Johnson wrote:
> > > ipmitool -I lanplus to the systems give any weird issues?
> >
> >
> > [root@... tmp]# ipmitool -I lanplus -U root -P changeme -H
> > ddcopt037-bmc
> > chassis power status
> > Chassis Power is on
> > [root@... tmp]# rpower ddcopt037 stat
> > ddcopt037: Error: timeout
> >
> > I'm also attaching a strace of rpower ddcopt037 stat
> >
> > Rich
> >
> > >
> > > Inactive hide details for Rich Sudlow ---05/11/2011 10:09:29
> AM---After
> > > updating to Xcat 2.5.1 I noticed that rpower for some o Rich Sudlow
> > > ---05/11/2011 10:09:29 AM---After updating to Xcat 2.5.1 I noticed
> that
> > > rpower for some of our older Sun X2200 and X4100 machine
> > >
> > > From: Rich Sudlow <rich@...>
> > > To: xCAT Users Mailing list <xcat-user@...>
> > > Date: 05/11/2011 10:09 AM
> > > Subject: [xcat-user] rpower problems after update
> > >
> > >
> > >
> > >
> > > After updating to Xcat 2.5.1 I noticed that rpower for some of
> > > our older Sun X2200 and X4100 machines ceased working giving
> > > a timeout all the time - is this a known problem? any
> > > quick workarounds?
> > >
> > > Thanks,
> > >
> > > Rich
> > > --
> > > Rich Sudlow
> > > University of Notre Dame
> > > Center for Research Computing - Union Station
> > > 310 West South St
> > > South Bend, In 46601
> > >
> > > (574) 807-1046 (cell)
> > >
> > >
> >
> ------------------------------------------------------------------------------
> > > Achieve unprecedented app performance and reliability
> > > What every C/C++ and Fortran developer should know.
> > > Learn how Intel has extended the reach of its next-generation tools
> > > to help boost performance applications - inlcuding clusters.
> > > http://p.sf.net/sfu/intel-dev2devmay
> > > _______________________________________________
> > > xCAT-user mailing list
> > > xCAT-user@...
> > > https://lists.sourceforge.net/lists/listinfo/xcat-user
> > >
> > >
> > >
> > >
> ------------------------------------------------------------------------
> > >
> > >
> >
> ------------------------------------------------------------------------------
> > > Achieve unprecedented app performance and reliability
> > > What every C/C++ and Fortran developer should know.
> > > Learn how Intel has extended the reach of its next-generation tools
> > > to help boost performance applications - inlcuding clusters.
> > > http://p.sf.net/sfu/intel-dev2devmay
> > >
> > >
> > >
> ------------------------------------------------------------------------
> > >
> > > _______________________________________________
> > > xCAT-user mailing list
> > > xCAT-user@...
> > > https://lists.sourceforge.net/lists/listinfo/xcat-user
> >
> >
> > --
> > Rich Sudlow
> > University of Notre Dame
> > Center for Research Computing - Union Station
> > 310 West South St
> > South Bend, In 46601
> >
> > (574) 807-1046 (cell)
> > [attachment "typescript" deleted by Jarrod B Johnson/Raleigh/IBM]
> >
> ------------------------------------------------------------------------------
> > Achieve unprecedented app performance and reliability
> > What every C/C++ and Fortran developer should know.
> > Learn how Intel has extended the reach of its next-generation tools
> > to help boost performance applications - inlcuding clusters.
> >
> http://p.sf.net/sfu/intel-dev2devmay_______________________________________________
> > xCAT-user mailing list
> > xCAT-user@...
> > https://lists.sourceforge.net/lists/listinfo/xcat-user
> >
> >
> > ------------------------------------------------------------------------
> >
> >
> ------------------------------------------------------------------------------
> > Achieve unprecedented app performance and reliability
> > What every C/C++ and Fortran developer should know.
> > Learn how Intel has extended the reach of its next-generation tools
> > to help boost performance applications - inlcuding clusters.
> > http://p.sf.net/sfu/intel-dev2devmay
> >
> >
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > xCAT-user mailing list
> > xCAT-user@...
> > https://lists.sourceforge.net/lists/listinfo/xcat-user
>
>
> --
> Rich Sudlow
> University of Notre Dame
> Center for Research Computing - Union Station
> 310 West South St
> South Bend, In 46601
>
> (574) 807-1046 (cell)
>
> ------------------------------------------------------------------------------
> Achieve unprecedented app performance and reliability
> What every C/C++ and Fortran developer should know.
> Learn how Intel has extended the reach of its next-generation tools
> to help boost performance applications - inlcuding clusters.
> http://p.sf.net/sfu/intel-dev2devmay
> _______________________________________________
> xCAT-user mailing list
> xCAT-user@...
> https://lists.sourceforge.net/lists/listinfo/xcat-user
>
>
> ------------------------------------------------------------------------
>
> ------------------------------------------------------------------------------
> Achieve unprecedented app performance and reliability
> What every C/C++ and Fortran developer should know.
> Learn how Intel has extended the reach of its next-generation tools
> to help boost performance applications - inlcuding clusters.
> http://p.sf.net/sfu/intel-dev2devmay
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> xCAT-user mailing list
> xCAT-user@...
> https://lists.sourceforge.net/lists/listinfo/xcat-user
--
Rich Sudlow
University of Notre Dame
Center for Research Computing - Union Station
310 West South St
South Bend, In 46601
(574) 807-1046 (cell)
|