You can subscribe to this list here.
2002 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(227) |
Sep
(185) |
Oct
(259) |
Nov
(168) |
Dec
(163) |
---|---|---|---|---|---|---|---|---|---|---|---|---|
2003 |
Jan
(94) |
Feb
(92) |
Mar
(121) |
Apr
(83) |
May
(158) |
Jun
(72) |
Jul
(150) |
Aug
(64) |
Sep
(81) |
Oct
(98) |
Nov
(79) |
Dec
(27) |
2004 |
Jan
(93) |
Feb
(81) |
Mar
(85) |
Apr
(43) |
May
(71) |
Jun
(28) |
Jul
(89) |
Aug
(156) |
Sep
(51) |
Oct
(50) |
Nov
(48) |
Dec
(56) |
2005 |
Jan
(59) |
Feb
(180) |
Mar
(68) |
Apr
(58) |
May
(44) |
Jun
(59) |
Jul
(50) |
Aug
(103) |
Sep
(100) |
Oct
(66) |
Nov
(41) |
Dec
(33) |
2006 |
Jan
(41) |
Feb
(51) |
Mar
(133) |
Apr
(66) |
May
(40) |
Jun
(34) |
Jul
(86) |
Aug
(28) |
Sep
(62) |
Oct
(54) |
Nov
(24) |
Dec
(23) |
2007 |
Jan
(72) |
Feb
(81) |
Mar
(33) |
Apr
(64) |
May
(23) |
Jun
(67) |
Jul
(33) |
Aug
(54) |
Sep
(38) |
Oct
(40) |
Nov
(108) |
Dec
(84) |
2008 |
Jan
(49) |
Feb
(44) |
Mar
(65) |
Apr
(43) |
May
(75) |
Jun
(171) |
Jul
(121) |
Aug
(86) |
Sep
(189) |
Oct
(326) |
Nov
(172) |
Dec
(178) |
2009 |
Jan
(86) |
Feb
(154) |
Mar
(159) |
Apr
(112) |
May
(113) |
Jun
(64) |
Jul
(147) |
Aug
(170) |
Sep
(157) |
Oct
(153) |
Nov
(149) |
Dec
(184) |
2010 |
Jan
(196) |
Feb
(234) |
Mar
(191) |
Apr
(233) |
May
(95) |
Jun
(200) |
Jul
(134) |
Aug
(189) |
Sep
(158) |
Oct
(135) |
Nov
(104) |
Dec
(135) |
2011 |
Jan
(101) |
Feb
(142) |
Mar
(157) |
Apr
(142) |
May
(145) |
Jun
(195) |
Jul
(306) |
Aug
(268) |
Sep
(128) |
Oct
(80) |
Nov
(125) |
Dec
(112) |
2012 |
Jan
(93) |
Feb
(125) |
Mar
(94) |
Apr
(102) |
May
(134) |
Jun
(85) |
Jul
(80) |
Aug
(130) |
Sep
(104) |
Oct
(104) |
Nov
(133) |
Dec
(107) |
2013 |
Jan
(136) |
Feb
(127) |
Mar
(172) |
Apr
(183) |
May
(158) |
Jun
(84) |
Jul
(132) |
Aug
(143) |
Sep
(46) |
Oct
(94) |
Nov
(42) |
Dec
(61) |
2014 |
Jan
(248) |
Feb
(89) |
Mar
(93) |
Apr
(102) |
May
(59) |
Jun
(44) |
Jul
(131) |
Aug
(69) |
Sep
(199) |
Oct
(88) |
Nov
(38) |
Dec
(59) |
2015 |
Jan
(54) |
Feb
(57) |
Mar
(70) |
Apr
(71) |
May
(63) |
Jun
(79) |
Jul
(85) |
Aug
(106) |
Sep
(69) |
Oct
(72) |
Nov
(48) |
Dec
(28) |
2016 |
Jan
(42) |
Feb
(70) |
Mar
(89) |
Apr
(87) |
May
(114) |
Jun
(57) |
Jul
(47) |
Aug
(60) |
Sep
(38) |
Oct
(36) |
Nov
(12) |
Dec
(28) |
2017 |
Jan
(32) |
Feb
(44) |
Mar
(135) |
Apr
(101) |
May
(98) |
Jun
(42) |
Jul
(54) |
Aug
(21) |
Sep
(23) |
Oct
(83) |
Nov
(89) |
Dec
(15) |
2018 |
Jan
(18) |
Feb
(2) |
Mar
(35) |
Apr
(12) |
May
(52) |
Jun
(103) |
Jul
(65) |
Aug
(35) |
Sep
(47) |
Oct
(81) |
Nov
(86) |
Dec
(44) |
2019 |
Jan
(34) |
Feb
(63) |
Mar
(58) |
Apr
(21) |
May
(39) |
Jun
(30) |
Jul
(43) |
Aug
(22) |
Sep
(26) |
Oct
(62) |
Nov
(39) |
Dec
(47) |
2020 |
Jan
(40) |
Feb
(27) |
Mar
(30) |
Apr
(20) |
May
(42) |
Jun
(24) |
Jul
(60) |
Aug
(26) |
Sep
(60) |
Oct
(29) |
Nov
(15) |
Dec
(7) |
2021 |
Jan
(34) |
Feb
(31) |
Mar
(54) |
Apr
(8) |
May
(40) |
Jun
(49) |
Jul
(14) |
Aug
(26) |
Sep
(25) |
Oct
(13) |
Nov
(46) |
Dec
(19) |
2022 |
Jan
(45) |
Feb
(8) |
Mar
(20) |
Apr
(25) |
May
(8) |
Jun
(12) |
Jul
(10) |
Aug
(11) |
Sep
(4) |
Oct
(11) |
Nov
(3) |
Dec
(3) |
2023 |
Jan
|
Feb
(25) |
Mar
(7) |
Apr
(16) |
May
(7) |
Jun
(8) |
Jul
(31) |
Aug
(11) |
Sep
(32) |
Oct
(18) |
Nov
(25) |
Dec
(6) |
2024 |
Jan
(48) |
Feb
(31) |
Mar
(5) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
From: Jarrod J. <jjo...@le...> - 2024-01-25 12:52:51
|
Anything in /var/log/confluent/stderr or /var/log/confluent/trace? Also would be tempted to see if 'confluent_selfcheck' has any suggestions. You can also ssh into the node during that phase to confirm what it is doing while it is seemingly hung, e.g. looking at ps axf ________________________________ From: David Magda <dma...@ee...> Sent: Wednesday, January 24, 2024 9:37 PM To: xCA...@li... <xCA...@li...> Subject: [External] [xcat-user] Ansible and Confluent Hello, I'm trying to get Ansible working with Confluent 3.8.0. (Using an older version due to legacy OS reasons.) In /var/lib/confluent/public/os/ I created a new profile called ubuntu-22.04.3-x86_64-test1/, and this seems to work just fine: I took the provided "autoinstall/user-data" file, added some partition stanzas, some packages, etc. Once I sorted out a 'basic' automated Ubuntu install I tried creating a "ansible/post.d/01-packages.yaml" file with-in the profile directory with the following contents: """ - name: install chrony apt: pkg: - chrony """ The Ubuntu (subiquity) installer seems to 'hang' at: """ start: subiquity/Late/run/command_1: /custom-installation/post.sh """ which probably corresponds to this part of the "user-data" file: """ late-commands: - chroot /target apt-get -y -q purge snapd modemmanager - /custom-installation/post.sh """ When the 'hang' occurs the following starts filling up the "/var/log/httpd/ssl_access_log" file of the Confluent/xcat server: """ fe80::[EUI-64] - - [24/Jan/2024:11:15:08 -0500] "GET /confluent-api/self/remoteconfig/status HTTP/1.1" 200 - fe80::[EUI-64] - - [24/Jan/2024:11:15:08 -0500] "GET /confluent-api/self/remoteconfig/status HTTP/1.1" 200 - fe80::[EUI-64] - - [24/Jan/2024:11:15:08 -0500] "GET /confluent-api/self/remoteconfig/status HTTP/1.1" 200 - fe80::[EUI-64] - - [24/Jan/2024:11:15:08 -0500] "GET /confluent-api/self/remoteconfig/status HTTP/1.1" 200 - fe80::[EUI-64] - - [24/Jan/2024:11:15:08 -0500] "GET /confluent-api/self/remoteconfig/status HTTP/1.1" 200 - fe80::[EUI-64] - - [24/Jan/2024:11:15:08 -0500] "GET /confluent-api/self/remoteconfig/status HTTP/1.1" 200 - """ When I force a restart of the system/VM, it can boot off the disk, and goes through the regular start-up process, including a bunch of cloud-init stuff. Though after it runs "/etc/confluent/firstboot.sh", the "ssl_access_log" file once again starts filling with the "remoteconfig/status" stuff per above. Renaming "ansible/" to "ansible_off/" seems to make the problem go away. Similar behaviour with Ubuntu 20.04. I'm wondering what's going with the 'hang' when "post.sh" is executed, and the flooding after "firstboot.sh". Regards, David _______________________________________________ xCAT-user mailing list xCA...@li... https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fxcat-user&data=05%7C02%7Cjjohnson2%40lenovo.com%7C1a071e27a40c447e020208dc1d50acd8%7C5c7d0b28bdf8410caa934df372b16203%7C0%7C0%7C638417479688016346%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C60000%7C%7C%7C&sdata=rjezz0DVeivcDm%2FQyUPGNj1CPft3hI381qfEn%2BKPHkA%3D&reserved=0<https://lists.sourceforge.net/lists/listinfo/xcat-user> |
From: David M. <dma...@ee...> - 2024-01-25 02:57:25
|
Hello, The Confluent documentation for OS deployment: https://hpc.lenovo.com/users/documentation/confluentosdeploy.html lists only five commands that need to be run to create a new profile: # cd /var/lib/confluent/public/os/ # cp -a rhel-8.2-x86_64-default rhel-8.2-x86_64-custom # cd /var/lib/confluent/private/os/ # cp -a rhel-8.2-x86_64-default rhel-8.2-x86_64-custom # osdeploy updateboot rhel-8.2-x86_64-custom However I found I had to edit a number of files to take the initial ubuntu-22.04.3-x86_64-default/ profile and create my own ubuntu-22.04.3-x86_64-test1/, per the following diffs: """ --- ./boot/efi/boot/grub.cfg_dist 2024-01-19 14:56:22.737237565 -0500 +++ ./boot/efi/boot/grub.cfg 2024-01-19 15:17:25.890594011 -0500 @@ -1,5 +1,5 @@ set timeout=5 -menuentry 'Ubuntu 22.04.3 x86_64 (Default Profile)' { - linuxefi /kernel quiet osprofile=ubuntu-22.04.3-x86_64-default +menuentry 'Ubuntu 22.04.3 x86_64 (Test1 Profile)' { + linuxefi /kernel quiet osprofile=ubuntu-22.04.3-x86_64-test1 """ """ --- ./boot.ipxe_dist 2023-10-31 14:37:15.907232034 -0400 +++ ./boot.ipxe 2024-01-19 15:17:25.891594034 -0500 @@ -1,5 +1,5 @@ #!ipxe -imgfetch boot/kernel quiet osprofile=ubuntu-22.04.3-x86_64-default initrd=addons.cpio initrd=site.cpio initrd=distribution +imgfetch boot/kernel quiet osprofile=ubuntu-22.04.3-x86_64-test1 initrd=addons.cpio initrd=site.cpio initrd=distribution """ """ --- ./profile.yaml_dist 2023-10-31 14:37:15.669226704 -0400 +++ ./profile.yaml 2024-01-19 14:57:05.614204808 -0500 @@ -1,3 +1,3 @@ -label: Ubuntu 22.04.3 x86_64 (Default Profile) -kernelargs: quiet osprofile=ubuntu-22.04.3-x86_64-default +label: Ubuntu 22.04.3 x86_64 (Test1 Profile) +kernelargs: quiet osprofile=ubuntu-22.04.3-x86_64-test1 """ IIRC, I run the "osdeploy updateboot …" command (with my profile name). Did I miss something? Should the above files been automatically changed in some fashion? Thanks for any info. (This is Confluent 3.8.0.) Regards, David |
From: David M. <dma...@ee...> - 2024-01-25 02:51:16
|
Hello, I'm trying to get Ansible working with Confluent 3.8.0. (Using an older version due to legacy OS reasons.) In /var/lib/confluent/public/os/ I created a new profile called ubuntu-22.04.3-x86_64-test1/, and this seems to work just fine: I took the provided "autoinstall/user-data" file, added some partition stanzas, some packages, etc. Once I sorted out a 'basic' automated Ubuntu install I tried creating a "ansible/post.d/01-packages.yaml" file with-in the profile directory with the following contents: """ - name: install chrony apt: pkg: - chrony """ The Ubuntu (subiquity) installer seems to 'hang' at: """ start: subiquity/Late/run/command_1: /custom-installation/post.sh """ which probably corresponds to this part of the "user-data" file: """ late-commands: - chroot /target apt-get -y -q purge snapd modemmanager - /custom-installation/post.sh """ When the 'hang' occurs the following starts filling up the "/var/log/httpd/ssl_access_log" file of the Confluent/xcat server: """ fe80::[EUI-64] - - [24/Jan/2024:11:15:08 -0500] "GET /confluent-api/self/remoteconfig/status HTTP/1.1" 200 - fe80::[EUI-64] - - [24/Jan/2024:11:15:08 -0500] "GET /confluent-api/self/remoteconfig/status HTTP/1.1" 200 - fe80::[EUI-64] - - [24/Jan/2024:11:15:08 -0500] "GET /confluent-api/self/remoteconfig/status HTTP/1.1" 200 - fe80::[EUI-64] - - [24/Jan/2024:11:15:08 -0500] "GET /confluent-api/self/remoteconfig/status HTTP/1.1" 200 - fe80::[EUI-64] - - [24/Jan/2024:11:15:08 -0500] "GET /confluent-api/self/remoteconfig/status HTTP/1.1" 200 - fe80::[EUI-64] - - [24/Jan/2024:11:15:08 -0500] "GET /confluent-api/self/remoteconfig/status HTTP/1.1" 200 - """ When I force a restart of the system/VM, it can boot off the disk, and goes through the regular start-up process, including a bunch of cloud-init stuff. Though after it runs "/etc/confluent/firstboot.sh", the "ssl_access_log" file once again starts filling with the "remoteconfig/status" stuff per above. Renaming "ansible/" to "ansible_off/" seems to make the problem go away. Similar behaviour with Ubuntu 20.04. I'm wondering what's going with the 'hang' when "post.sh" is executed, and the flooding after "firstboot.sh". Regards, David |
From: VICTOR HU <vh...@us...> - 2024-01-24 16:44:16
|
[celebrate] VICTOR HU reacted to your message: ________________________________ From: Nathan A Besaw via xCAT-user <xca...@li...> Sent: Wednesday, January 24, 2024 2:00:16 PM To: xCAT Users Mailing list <xca...@li...> Cc: Nathan A Besaw <be...@us...> Subject: [EXTERNAL] [xcat-user] Announcement: new addition to the project maintainer team All, I would like to officially welcome Markus Hilger (github id: Obihörnchen) to the xCAT team of maintainers. Markus is a long time xCAT user and contributor with many years of experience using xCAT in HPC environments. Markus is also a member ZjQcmQRYFpfptBannerStart This Message Is From an External Sender This message came from outside your organization. <https://us-phishalarm-ewt.proofpoint.com/EWT/v1/PjiDSg!1e-ubl7zRvm6FYv7eKBFzrvUhYBSiT2MOe1y8Qfsihh2OQfV7fri7ZIw-mAOh1Qkub-jEeXRMmq_KiYuSrMnnBTCGpYhRLKRX4hPlEzIVMFEyXcBFmQitJ3vx99aWZD_N2zrvQ8$> Report Suspicious ZjQcmQRYFpfptBannerEnd All, I would like to officially welcome Markus Hilger (github id: Obihörnchen) to the xCAT team of maintainers. Markus is a long time xCAT user and contributor with many years of experience using xCAT in HPC environments. Markus is also a member of the xCAT consortium(Redline Performance Solutions/MEGWARE/OCF) from MEGWARE. In his new role as a project maintainer, he is currently working on installing new test infrastructure and will be contributing to the planning for the next release. Please join me in welcoming Markus to the xCAT maintainer team! |
From: Nathan A B. <be...@us...> - 2024-01-24 14:37:05
|
All, I would like to officially welcome Markus Hilger (github id: Obihörnchen) to the xCAT team of maintainers. Markus is a long time xCAT user and contributor with many years of experience using xCAT in HPC environments. Markus is also a member of the xCAT consortium(Redline Performance Solutions/MEGWARE/OCF) from MEGWARE. In his new role as a project maintainer, he is currently working on installing new test infrastructure and will be contributing to the planning for the next release. Please join me in welcoming Markus to the xCAT maintainer team! |
From: Vinícius F. <fe...@ve...> - 2024-01-11 20:23:15
|
I think I will throw in the towel. My understanding was exactly what you’ve said Jarrod. IPMI over LAN should work. From the docs it states that it has an IPMI 2.0 interface, but it does not work. I’ve managed to upgrade the BMC Firmware to the latest one (1.44) using a DOS disk image that I’ve uploaded to the RSA-II and controlled remotely from an old Windows XP VM with IE6 and Java 1.6. It was a blast. But it didn’t worked either. I’ve found the specsheet and it confirms that it should have and should work: <https://www.salland.eu/pdf/Server/IBM_x3550.pdf> [preview.png] IBM_x3550<https://www.salland.eu/pdf/Server/IBM_x3550.pdf> PDF Document · 750 KB<https://www.salland.eu/pdf/Server/IBM_x3550.pdf> I may be missing something that I don’t know/don’t understand. Not sure if a FOD (Feature on Demand) is also required or not. I can use ipmitool inband, but not outband, the IP address does not answer. Tried to change the address, configure both cards on the switch to see if at least the MAC Address of the BMC shows up, but nothing. Nothing shows up. I’ve came across some information about things like OSA SMBridge but it didn’t make sense because I have to run those on the runnning OS, which defeats the purpose of an BMC interface for Out of Band management and also those software are only for RHEL 2/3/4/5. Also there is something about: "IPMI driver and IBM mapping layer installation”, that I could not figure out. If there’s anything still in your hard drive on your head please let me know. I don’t think the machine is broken or defective because I have three of them, and all of them are with the same issues. Some outputs from the frustration: [root@x3550-1 ~]# dmesg | grep BMC [ 9.414441] ipmi_si ipmi_si.0: Found new BMC (man_id: 0x000002, prod_id: 0x0012, dev_id: 0x20) [ 9.680918] ipmi_si ipmi_si.0: Found BMC with sensor interface v3.10 2006-06-29 on interface 0 -x-x-x- [root@x3550-1 ~]# ipmitool lan print Set in Progress : Set Complete Auth Type Support : NONE MD2 MD5 PASSWORD Auth Type Enable : Callback : : User : MD2 MD5 PASSWORD : Operator : MD2 MD5 PASSWORD : Admin : MD2 MD5 PASSWORD : OEM : IP Address Source : BIOS Assigned Address IP Address : 172.25.0.99 Subnet Mask : 255.255.255.0 MAC Address : 00:21:5e:0c:01:7d SNMP Community String : public IP Header : TTL=0x40 Flags=0x40 Precedence=0x00 TOS=0x10 BMC ARP Control : ARP Responses Enabled, Gratuitous ARP Disabled Gratituous ARP Intrvl : 2.0 seconds Default Gateway IP : 172.25.0.254 Default Gateway MAC : 00:00:00:00:00:00 Backup Gateway IP : 0.0.0.0 Backup Gateway MAC : 00:00:00:00:00:00 802.1q VLAN ID : 1 802.1q VLAN Priority : 0 RMCP+ Cipher Suites : 0,1,2,3 Cipher Suite Priv Max : uaaaXXXXXXXXXXX : X=Cipher Suite Unused : c=CALLBACK : u=USER : o=OPERATOR : a=ADMIN : O=OEM Bad Password Threshold : Not Available -x-x-x- [root@x3550-1 ~]# /opt/ibm/toolscenter/asu/asu64 rebootbmc IBM Advanced Settings Utility version 9.30.79N Licensed Materials - Property of IBM (C) Copyright IBM Corp. 2007-2012 All Rights Reserved Error communicating with BMC. If the system contains a BMC then check your IPMI driver and IBM mapping layer installation. If the system does not contain a BMC then remove the BMC patch from ASU by issuing the ASU patchremove command with the correct patch #. Error communicating with RSA. If the system contains an RSA then check your RSA Daemon installation. If the system does not contain a RSA then remove the RSA patch from ASU by issuing the ASU patchremove command with the correct patch #. Could not find IPMI driver. Please check your IPMI driver and IBM mapping layer installation. -x-x-x- [root@x3550-1 ~]# dmesg | grep RSA [ 2.459038] usb 4-1: Product: IBM RSA2 [ 2.471591] input: IBM IBM RSA2 as /devices/pci0000:00/0000:00:1d.2/usb4/4-1/4-1:1.0/input/input2 [ 2.522290] hid-generic 0003:04B3:4001.0002: input,hidraw1: USB HID v1.10 Keyboard [IBM IBM RSA2] on usb-0000:00:1d.2-1/input0 [ 2.529608] input: IBM IBM RSA2 as /devices/pci0000:00/0000:00:1d.2/usb4/4-1/4-1:1.1/input/input3 [ 2.529779] hid-generic 0003:04B3:4001.0003: input,hidraw2: USB HID v1.10 Mouse [IBM IBM RSA2] on usb-0000:00:1d.2-1/input1 -x-x-x- [root@cloyster ~]# ipmitool -I lanplus -H 172.25.0.99 -U USERID -P PASSW0RD lan print Error: Unable to establish IPMI v2 / RMCP+ session [root@cloyster ~]# ipmitool -I lan -H 172.25.0.99 -U USERID -P PASSW0RD lan print Error: Unable to establish LAN session Error: Unable to establish IPMI v1.5 / RMCP session Thanks all. On 10 Jan 2024, at 12:35, Jarrod Johnson <jjo...@le...> wrote: So the mini-RSA card added remote video, ssh and web (and some things for IBM director at the time). The original x3550 should have provided IPMI and SOL out of the box (although the vintage is such that I think you need IPMI 1.5, which I haven't tested in a long time). Very vague in my memory, but I was arrund for those days. Fun fact, that architecture is why to this day we have an oddity in our firmware, that IPMI connects to ttyS0 and SSH connects to ttyS1, it was for backwards compatiblity to this time when the mini-RSA brought it's own serial uart and thus IPMI only worked to the builtin uart and ssh only worked to the mini-RSA's uart. ________________________________ From: Vinícius Ferrão via xCAT-user <xca...@li...> Sent: Tuesday, January 9, 2024 6:41 PM To: xca...@li... <xca...@li...> Cc: Vinícius Ferrão <fe...@ve...> Subject: [External] [xcat-user] Support for IBM Remote Supervisor Supervisor II (RSA-II) Hello, This thread may be offtopic on this list but I don’t have any other places to go with people may understand the question. I’ve bought this card thinking that it would provide IPMI for being controlled by Confluent (and xCAT maybe...) but I think I misunderstood what the device provides. Anyone knows if this card is supported? Does it provide IPMI over LAN? Long story: There’s an old IBM System x3550 (the first one) that I use to test things, and I was trying to add it as a compute node of Confluent but although it has an OOB Ethernet Interface named as management it didn’t even linked when a network cable was plugged. So after spending countless hours trying to figure it out I’ve discovered that I should have an additional IBM RSA-2 Slimline Card on the system for this management port work. I think I incorrectly assumed that this card would provide a classic IPMI over LAN interface since the server already has BMC configuration on the BIOS that I can even set the LAN settings like the IP address. So I sourced one card in the used market and after 12h fighting with the card due to wrong firmwares, mismatches between the system BIOS and the car and broken download links on IBM website and that frustrating Fix Central webpage. There still an BMC update that I could not do because the update package simply does not find the BMC on the server. Probably because the package is for EL5 and I’m running EL7. After fighting with this I was able to finally connect to the web interface that the RSA-2 provided. I can shutdown and power on the server, see some information and that’s it. However I cannot control the system using ipmitool remotely and when using ipmitool in band the LAN settings are different from those on the RSA-II card. So I think all this configuration on the BIOS about the BMC, the ipmitool lan commands are all bogus on this system. Basically the card is pretty much useless and I just wasted time and little money in this journey. So is there any chance of making this work? Any workaround? Anyone that feels the pain or knows the hardware enough to fill in the gaps what I may be missing? Thanks all. _______________________________________________ xCAT-user mailing list xCA...@li...<mailto:xCA...@li...> https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fxcat-user&data=05%7C02%7Cjjohnson2%40lenovo.com%7C1cc27dfaf4964501405d08dc119d520d%7C5c7d0b28bdf8410caa934df372b16203%7C0%7C0%7C638404614610576954%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=gSZk487MMWMoEFcsebSMJMimxFCFdiq3UEnBflYS4wQ%3D&reserved=0<https://lists.sourceforge.net/lists/listinfo/xcat-user> |
From: Ryan N. <nov...@ru...> - 2024-01-11 19:32:42
|
I just meant more than anything, certainly support for a new OS is not going to be added if it’s not already there, if the last release was announced (unless it just worked with a minor tweak). On Jan 11, 2024, at 13:15, Gilad Berman <gb...@le...> wrote: Rhel9 should be supported already though afaik Gilad Berman HPC Architect, Lenovo EMEA gb...@le...<mailto:gb...@le...> +972-522554262 <image001.png> From: Ryan Novosielski via xCAT-user <xca...@li...> Sent: Thursday, 11 January 2024 18:41 To: xCAT Users Mailing list <xca...@li...> Cc: Ryan Novosielski <nov...@ru...> Subject: [External] Re: [xcat-user] RHEL9 support in xcat I don’t know what-all happened at SC or whether a group has come together to continue it, but just remember that there’s a thread on this mailing list about the fact that xCAT is not going to be maintained going forward. -- #BlackLivesMatter ____ || \\UTGERS<file://utgers/>, |---------------------------*O*--------------------------- ||_// the State | Ryan Novosielski - nov...@ru...<mailto:nov...@ru...> || \\ University | Sr. Technologist - 973/972.0922 (2x0922) ~*~ RBHS Campus || \\ of NJ | Office of Advanced Research Computing - MSB A555B, Newark `' On Jan 10, 2024, at 11:54, Imam Toufique <tec...@gm...<mailto:tec...@gm...>> wrote: Hello, Are there any plans to add RHEL9 support for xcat? If so, will it be available for community use? Thanks Regards, Imam Toufique 213-700-5485 _______________________________________________ xCAT-user mailing list xCA...@li...<mailto:xCA...@li...> https://lists.sourceforge.net/lists/listinfo/xcat-user |
From: Imam T. <tec...@gm...> - 2024-01-11 19:14:48
|
agreed! thanks! On Thu, Jan 11, 2024 at 11:13 AM Noah, Stuart via xCAT-user < xca...@li...> wrote: > Not only is there a thread on this list but there are numerous sites on > the web stating that support and development has been sunsetted. > > So, occasionally posting info > > rmation on the transition process (whatever that may be) would certainly > help to boost user confidence in > > XCAT as a viable Solution. > > > > *From:* Gilad Berman <gb...@le...> > *Sent:* Thursday, January 11, 2024 10:16 AM > *To:* xCAT Users Mailing list <xca...@li...> > *Subject:* Re: [xcat-user] [External] Re: RHEL9 support in xcat > > > > Rhel9 should be supported already though afaik Gilad Berman HPC Architect, > Lenovo EMEA gberman@ lenovo. com +972-522554262 From: Ryan Novosielski > via xCAT-user <xcat-user@ lists. sourceforge. net> Sent: Thursday, 11 > January 2024 18: 41 To: > > ZjQcmQRYFpfptBannerStart > > *CAUTION: External Sender * > > Do not click on links or open attachments unless you know the content is > safe. Protect your username and password. > > ZjQcmQRYFpfptBannerEnd > > Rhel9 should be supported already though afaik > > > > *Gilad Berman > * > > HPC Architect, Lenovo EMEA > > gb...@le... +972-522554262 > > > > > > *From:* Ryan Novosielski via xCAT-user <xca...@li...> > *Sent:* Thursday, 11 January 2024 18:41 > *To:* xCAT Users Mailing list <xca...@li...> > *Cc:* Ryan Novosielski <nov...@ru...> > *Subject:* [External] Re: [xcat-user] RHEL9 support in xcat > > > > I don’t know what-all happened at SC or whether a group has come together > to continue it, but just remember that there’s a thread on this mailing > list about the fact that xCAT is not going to be maintained going forward. > > > > -- > #BlackLivesMatter > > ____ > || \\UTGERS, > |---------------------------*O*--------------------------- > ||_// the State | Ryan Novosielski - nov...@ru... > || \\ University | Sr. Technologist - 973/972.0922 (2x0922) ~*~ RBHS Campus > || \\ of NJ | Office of Advanced Research Computing - MSB > A555B, Newark > `' > > > > On Jan 10, 2024, at 11:54, Imam Toufique <tec...@gm...> wrote: > > > > Hello, > > > > Are there any plans to add RHEL9 support for xcat? If so, will it be > available for community use? > > > > Thanks > > Regards, > > *Imam Toufique* > > *213-700-5485* > > _______________________________________________ > xCAT-user mailing list > xCA...@li... > https://lists.sourceforge.net/lists/listinfo/xcat-user > <https://urldefense.com/v3/__https:/lists.sourceforge.net/lists/listinfo/xcat-user__;!!KOmnBZxC8_2BBQ!x_E5oEn1OPUNdyYH7JsZDoqEFV26wFyjlUOuL27uggzKBmk-ClqhLqIWPIgt34iV2nn2yxLoIf1Q0mGXMg$> > > > > > IMPORTANT WARNING: This message is intended for the use of the person or > entity to which it is addressed and may contain information that is > privileged and confidential, the disclosure of which is governed by > applicable law. If the reader of this message is not the intended > recipient, or the employee or agent responsible for delivering it to the > intended recipient, you are hereby notified that any dissemination, > distribution or copying of this information is strictly prohibited. Thank > you for your cooperation. > _______________________________________________ > xCAT-user mailing list > xCA...@li... > https://lists.sourceforge.net/lists/listinfo/xcat-user > -- Regards, *Imam Toufique* *213-700-5485* |
From: Noah, S. <Stu...@cs...> - 2024-01-11 19:12:49
|
Not only is there a thread on this list but there are numerous sites on the web stating that support and development has been sunsetted. So, occasionally posting info rmation on the transition process (whatever that may be) would certainly help to boost user confidence in XCAT as a viable Solution. From: Gilad Berman <gb...@le...> Sent: Thursday, January 11, 2024 10:16 AM To: xCAT Users Mailing list <xca...@li...> Subject: Re: [xcat-user] [External] Re: RHEL9 support in xcat Rhel9 should be supported already though afaik Gilad Berman HPC Architect, Lenovo EMEA gberman@ lenovo. com +972-522554262 From: Ryan Novosielski via xCAT-user <xcat-user@ lists. sourceforge. net> Sent: Thursday, 11 January 2024 18: 41 To: ZjQcmQRYFpfptBannerStart CAUTION: External Sender Do not click on links or open attachments unless you know the content is safe. Protect your username and password. ZjQcmQRYFpfptBannerEnd Rhel9 should be supported already though afaik Gilad Berman HPC Architect, Lenovo EMEA gb...@le...<mailto:gb...@le...> +972-522554262 [cid:image001.png@01DA4478.E1C1CDF0] From: Ryan Novosielski via xCAT-user <xca...@li...<mailto:xca...@li...>> Sent: Thursday, 11 January 2024 18:41 To: xCAT Users Mailing list <xca...@li...<mailto:xca...@li...>> Cc: Ryan Novosielski <nov...@ru...<mailto:nov...@ru...>> Subject: [External] Re: [xcat-user] RHEL9 support in xcat I don’t know what-all happened at SC or whether a group has come together to continue it, but just remember that there’s a thread on this mailing list about the fact that xCAT is not going to be maintained going forward. -- #BlackLivesMatter ____ || \\UTGERS<file://UTGERS>, |---------------------------*O*--------------------------- ||_// the State | Ryan Novosielski - nov...@ru...<mailto:nov...@ru...> || \\ University | Sr. Technologist - 973/972.0922 (2x0922) ~*~ RBHS Campus || \\ of NJ | Office of Advanced Research Computing - MSB A555B, Newark `' On Jan 10, 2024, at 11:54, Imam Toufique <tec...@gm...<mailto:tec...@gm...>> wrote: Hello, Are there any plans to add RHEL9 support for xcat? If so, will it be available for community use? Thanks Regards, Imam Toufique 213-700-5485 _______________________________________________ xCAT-user mailing list xCA...@li...<mailto:xCA...@li...> https://lists.sourceforge.net/lists/listinfo/xcat-user<https://urldefense.com/v3/__https:/lists.sourceforge.net/lists/listinfo/xcat-user__;!!KOmnBZxC8_2BBQ!x_E5oEn1OPUNdyYH7JsZDoqEFV26wFyjlUOuL27uggzKBmk-ClqhLqIWPIgt34iV2nn2yxLoIf1Q0mGXMg$> IMPORTANT WARNING: This message is intended for the use of the person or entity to which it is addressed and may contain information that is privileged and confidential, the disclosure of which is governed by applicable law. If the reader of this message is not the intended recipient, or the employee or agent responsible for delivering it to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this information is strictly prohibited. Thank you for your cooperation. |
From: Don A. <da...@re...> - 2024-01-11 19:08:49
|
Hi Blake, You are correct! A consortium been formed and we are working with IBM regularly while simultaneously working through the operational, organization and legal aspects needed for 3 independent companies to take on this project. We could certainly do a better job of communicating more frequently. However, we are just coming out of the holiday season. A quick update on what we’ve been doing, our focus recently has been to understand how IBM manages testing. We are in the process of setting up the test infrastructure and will be working on that for the next few weeks. We should have a more formal update soon. Best Regards, Don Avart CTO RedLine Performance Solutions, LLC (703) 634-5686 da...@re... > On Jan 11, 2024, at 1:20 PM, Blayne Puklich <bl...@pu...> wrote: > > Has that been truly decided? There was a group working on taking over going forward. The original xCAT team at IBM was moving on, that part was happening. But there were some folks that stepped up to work towards continuing. Right? > > We just haven’t heard from them for a while. > > Blayne Puklich Minneapolis, MN PGP Key ID: 0xC52CA6C1 > > mailto:blayne at puklich.com > I'd explain it to you, but your brain would explode. > On 11 Jan 2024, at 10:40, Ryan Novosielski via xCAT-user wrote: > > I don’t know what-all happened at SC or whether a group has come together to continue it, but just remember that there’s a thread on this mailing list about the fact that xCAT is not going to be maintained going forward. > > -- > #BlackLivesMatter > ____ > || \\UTGERS, |---------------------------*O*--------------------------- > ||_// the State | Ryan Novosielski - nov...@ru... > || \\ University | Sr. Technologist - 973/972.0922 (2x0922) ~*~ RBHS Campus > || \\ of NJ | Office of Advanced Research Computing - MSB A555B, Newark > `' > >> On Jan 10, 2024, at 11:54, Imam Toufique <tec...@gm...> wrote: >> >> Hello, >> >> Are there any plans to add RHEL9 support for xcat? If so, will it be available for community use? >> >> Thanks >> >> Regards, >> Imam Toufique >> 213-700-5485 >> _______________________________________________ >> xCAT-user mailing list >> xCA...@li... >> https://lists.sourceforge.net/lists/listinfo/xcat-user > > _______________________________________________ > xCAT-user mailing list > xCA...@li... > > https://lists.sourceforge.net/lists/listinfo/xcat-user > > _______________________________________________ > xCAT-user mailing list > xCA...@li... > https://lists.sourceforge.net/lists/listinfo/xcat-user |
From: Blayne P. <bl...@pu...> - 2024-01-11 18:58:32
|
Has that been truly decided? There was a group working on taking over going forward. The original xCAT team at IBM was moving on, that part was happening. But there were some folks that stepped up to work towards continuing. Right? We just haven’t heard from them for a while. --- Blayne Puklich Minneapolis, MN PGP Key ID: 0xC52CA6C1 * mailto:blayne at puklich.com I'd explain it to you, but your brain would explode. On 11 Jan 2024, at 10:40, Ryan Novosielski via xCAT-user wrote: > I don’t know what-all happened at SC or whether a group has come > together to continue it, but just remember that there’s a thread on > this mailing list about the fact that xCAT is not going to be > maintained going forward. > > -- > #BlackLivesMatter > ____ > || \\UTGERS, > |---------------------------*O*--------------------------- > ||_// the State | Ryan Novosielski - nov...@ru... > || \\ University | Sr. Technologist - 973/972.0922 (2x0922) ~*~ RBHS > Campus > || \\ of NJ | Office of Advanced Research Computing - MSB A555B, > Newark > `' > > On Jan 10, 2024, at 11:54, Imam Toufique <tec...@gm...> wrote: > > Hello, > > Are there any plans to add RHEL9 support for xcat? If so, will it be > available for community use? > > Thanks > > Regards, > Imam Toufique > 213-700-5485 > _______________________________________________ > xCAT-user mailing list > xCA...@li... > https://lists.sourceforge.net/lists/listinfo/xcat-user > _______________________________________________ > xCAT-user mailing list > xCA...@li... > https://lists.sourceforge.net/lists/listinfo/xcat-user |
From: Imam T. <tec...@gm...> - 2024-01-11 18:45:52
|
Hi all, thank you so much for your prompt responses. I wanted to try out rocky9 , that's why I was wondering. Markus, thanks for your valuable advice. Yeah, I wanted to get an idea about how 'ifcfg' would behave, you explained the issue exactly. --IT On Thu, Jan 11, 2024 at 10:37 AM Markus Hilger <mar...@me...> wrote: > Hi, > > yes, EL9 distros are working mostly fine. > Officially EL9 is in alpha state right now. See: > https://github.com/xcat2/xcat-core/wiki/XCAT_2.16.5_Release_Notes > The next release will most probably move this to the next level, but it > will take some more time. Please bear with us. > > Some special configs like nics.nicextraparms etc. do not work (because > ifcfg is deprecated and nicextraparams is not using nmcli yet). > But otherwise, management node installation and stateless/stateful node > deployment is working fine. > > Some example default osimage definitions with alma9: > > # <xCAT data object stanza file> > > alma9-x86_64-install-compute: > objtype=osimage > imagetype=linux > osarch=x86_64 > osdistroname=rhels9-x86_64 > osname=linux > osvers=rhels9 > otherpkgdir=/install/post/otherpkgs/alma9/x86_64 > > pkgdir=/install/repos/almalinux/9/BaseOS/x86_64/os,/install/repos/almalinux/9/AppStream/x86_64/os,/install/repos/almalinux/9/CRB/x86_64/os,/install/repos/epel/9/Everything/x86_64 > pkglist=/opt/xcat/share/xcat/netboot/rh/compute.rhels9.x86_64.pkglist > profile=compute > provmethod=install > synclists=/install/custom/install/alma/compute.alma9.synclist > template=/opt/xcat/share/xcat/install/rh/compute.rhels9.tmpl > > > # <xCAT data object stanza file> > > alma9-x86_64-netboot-compute: > objtype=osimage > exlist=/opt/xcat/share/xcat/netboot/rh/compute.rhels9.x86_64.exlist > imagetype=linux > osarch=x86_64 > osdistroname=rhels9-x86_64 > osname=linux > osvers=rhels9 > otherpkgdir=/install/post/otherpkgs/alma9/x86_64 > permission=755 > > pkgdir=/install/repos/almalinux/9/BaseOS/x86_64/os,/install/repos/almalinux/9/AppStream/x86_64/os,/install/repos/almalinux/9/CRB/x86_64/os,/install/repos/epel/9/Everything/x86_64 > pkglist=/opt/xcat/share/xcat/netboot/rh/compute.rhels9.x86_64.pkglist > > postinstall=/opt/xcat/share/xcat/netboot/rh/compute.rhels9.x86_64.postinstall > profile=compute > provmethod=netboot > rootimgdir=/install/netboot/alma9/x86_64/compute > synclists=/install/custom/netboot/alma/compute.alma9.synclist > > > Mit freundlichen Grüßen / Kind regards > > *Markus Hilger* > > > > HPC Engineer > > > > MEGWARE Computer Vertrieb und Service GmbH > > Tel: +49 3722 528-47 > > > > Nordstraße 19 > mar...@me... > > > > 09247 Chemnitz-Röhrsdorf, Germany > > www.megware.com > > > > Geschäftsführer: André Singer, Axel Auweter > > > > > > Amtsgericht: Chemnitz HRB 584 > > ------------------------------ > *Von:* Ryan Novosielski via xCAT-user <xca...@li...> > *Gesendet:* Donnerstag, 11. Januar 2024 17:40 > *An:* xCAT Users Mailing list <xca...@li...> > *Cc:* Ryan Novosielski <nov...@ru...> > *Betreff:* Re: [xcat-user] RHEL9 support in xcat > > I don’t know what-all happened at SC or whether a group has come together > to continue it, but just remember that there’s a thread on this mailing > list about the fact that xCAT is not going to be maintained going forward. > > -- > #BlackLivesMatter > ____ > || \\UTGERS, |---------------------------*O*--------------------------- > ||_// the State | Ryan Novosielski - nov...@ru... > || \\ University | Sr. Technologist - 973/972.0922 (2x0922) ~*~ RBHS Campus > || \\ of NJ | Office of Advanced Research Computing - MSB > A555B, Newark > `' > > On Jan 10, 2024, at 11:54, Imam Toufique <tec...@gm...> wrote: > > Hello, > > Are there any plans to add RHEL9 support for xcat? If so, will it be > available for community use? > > Thanks > > Regards, > *Imam Toufique* > *213-700-5485* > _______________________________________________ > xCAT-user mailing list > xCA...@li... > https://lists.sourceforge.net/lists/listinfo/xcat-user > > > _______________________________________________ > xCAT-user mailing list > xCA...@li... > https://lists.sourceforge.net/lists/listinfo/xcat-user > -- Regards, *Imam Toufique* *213-700-5485* |
From: Markus H. <mar...@me...> - 2024-01-11 18:36:22
|
Hi, yes, EL9 distros are working mostly fine. Officially EL9 is in alpha state right now. See: https://github.com/xcat2/xcat-core/wiki/XCAT_2.16.5_Release_Notes The next release will most probably move this to the next level, but it will take some more time. Please bear with us. Some special configs like nics.nicextraparms etc. do not work (because ifcfg is deprecated and nicextraparams is not using nmcli yet). But otherwise, management node installation and stateless/stateful node deployment is working fine. Some example default osimage definitions with alma9: # <xCAT data object stanza file> alma9-x86_64-install-compute: objtype=osimage imagetype=linux osarch=x86_64 osdistroname=rhels9-x86_64 osname=linux osvers=rhels9 otherpkgdir=/install/post/otherpkgs/alma9/x86_64 pkgdir=/install/repos/almalinux/9/BaseOS/x86_64/os,/install/repos/almalinux/9/AppStream/x86_64/os,/install/repos/almalinux/9/CRB/x86_64/os,/install/repos/epel/9/Everything/x86_64 pkglist=/opt/xcat/share/xcat/netboot/rh/compute.rhels9.x86_64.pkglist profile=compute provmethod=install synclists=/install/custom/install/alma/compute.alma9.synclist template=/opt/xcat/share/xcat/install/rh/compute.rhels9.tmpl # <xCAT data object stanza file> alma9-x86_64-netboot-compute: objtype=osimage exlist=/opt/xcat/share/xcat/netboot/rh/compute.rhels9.x86_64.exlist imagetype=linux osarch=x86_64 osdistroname=rhels9-x86_64 osname=linux osvers=rhels9 otherpkgdir=/install/post/otherpkgs/alma9/x86_64 permission=755 pkgdir=/install/repos/almalinux/9/BaseOS/x86_64/os,/install/repos/almalinux/9/AppStream/x86_64/os,/install/repos/almalinux/9/CRB/x86_64/os,/install/repos/epel/9/Everything/x86_64 pkglist=/opt/xcat/share/xcat/netboot/rh/compute.rhels9.x86_64.pkglist postinstall=/opt/xcat/share/xcat/netboot/rh/compute.rhels9.x86_64.postinstall profile=compute provmethod=netboot rootimgdir=/install/netboot/alma9/x86_64/compute synclists=/install/custom/netboot/alma/compute.alma9.synclist Mit freundlichen Grüßen / Kind regards Markus Hilger HPC Engineer MEGWARE Computer Vertrieb und Service GmbH Tel: +49 3722 528-47 Nordstraße 19 mar...@me...<mailto:mar...@me...> 09247 Chemnitz-Röhrsdorf, Germany www.megware.com<http://www.megware.com/> Geschäftsführer: André Singer, Axel Auweter Amtsgericht: Chemnitz HRB 584 ________________________________ Von: Ryan Novosielski via xCAT-user <xca...@li...> Gesendet: Donnerstag, 11. Januar 2024 17:40 An: xCAT Users Mailing list <xca...@li...> Cc: Ryan Novosielski <nov...@ru...> Betreff: Re: [xcat-user] RHEL9 support in xcat I don’t know what-all happened at SC or whether a group has come together to continue it, but just remember that there’s a thread on this mailing list about the fact that xCAT is not going to be maintained going forward. -- #BlackLivesMatter ____ || \\UTGERS, |---------------------------*O*--------------------------- ||_// the State | Ryan Novosielski - nov...@ru... || \\ University | Sr. Technologist - 973/972.0922 (2x0922) ~*~ RBHS Campus || \\ of NJ | Office of Advanced Research Computing - MSB A555B, Newark `' On Jan 10, 2024, at 11:54, Imam Toufique <tec...@gm...> wrote: Hello, Are there any plans to add RHEL9 support for xcat? If so, will it be available for community use? Thanks Regards, Imam Toufique 213-700-5485 _______________________________________________ xCAT-user mailing list xCA...@li... https://lists.sourceforge.net/lists/listinfo/xcat-user |
From: Gilad B. <gb...@le...> - 2024-01-11 18:16:11
|
Rhel9 should be supported already though afaik Gilad Berman HPC Architect, Lenovo EMEA gb...@le...<mailto:gb...@le...> +972-522554262 [cid:image001.png@01DA44CA.F7CE35A0] From: Ryan Novosielski via xCAT-user <xca...@li...> Sent: Thursday, 11 January 2024 18:41 To: xCAT Users Mailing list <xca...@li...> Cc: Ryan Novosielski <nov...@ru...> Subject: [External] Re: [xcat-user] RHEL9 support in xcat I don’t know what-all happened at SC or whether a group has come together to continue it, but just remember that there’s a thread on this mailing list about the fact that xCAT is not going to be maintained going forward. -- #BlackLivesMatter ____ || \\UTGERS<file://UTGERS>, |---------------------------*O*--------------------------- ||_// the State | Ryan Novosielski - nov...@ru...<mailto:nov...@ru...> || \\ University | Sr. Technologist - 973/972.0922 (2x0922) ~*~ RBHS Campus || \\ of NJ | Office of Advanced Research Computing - MSB A555B, Newark `' On Jan 10, 2024, at 11:54, Imam Toufique <tec...@gm...<mailto:tec...@gm...>> wrote: Hello, Are there any plans to add RHEL9 support for xcat? If so, will it be available for community use? Thanks Regards, Imam Toufique 213-700-5485 _______________________________________________ xCAT-user mailing list xCA...@li...<mailto:xCA...@li...> https://lists.sourceforge.net/lists/listinfo/xcat-user |
From: Ryan N. <nov...@ru...> - 2024-01-11 18:12:47
|
I don’t know what-all happened at SC or whether a group has come together to continue it, but just remember that there’s a thread on this mailing list about the fact that xCAT is not going to be maintained going forward. -- #BlackLivesMatter ____ || \\UTGERS, |---------------------------*O*--------------------------- ||_// the State | Ryan Novosielski - nov...@ru... || \\ University | Sr. Technologist - 973/972.0922 (2x0922) ~*~ RBHS Campus || \\ of NJ | Office of Advanced Research Computing - MSB A555B, Newark `' On Jan 10, 2024, at 11:54, Imam Toufique <tec...@gm...> wrote: Hello, Are there any plans to add RHEL9 support for xcat? If so, will it be available for community use? Thanks Regards, Imam Toufique 213-700-5485 _______________________________________________ xCAT-user mailing list xCA...@li... https://lists.sourceforge.net/lists/listinfo/xcat-user |
From: Christian C. <cca...@le...> - 2024-01-11 13:15:39
|
Don, Confluent was originally designed to run alongside xCAT, and that process is pretty easy: https://hpc.lenovo.com/users/documentation/configconfluent_xcat.html Regards, Christian Caruthers Lenovo Professional Services Mobile: 757-289-9872 From: Don Avart <da...@re...> Sent: Wednesday, January 10, 2024 11:24 AM To: xCAT Users Mailing list <xca...@li...> Subject: Re: [xcat-user] [External] Ipmitool support for old BMC cipher suite 3 Jarrod, Would/could goconserver from Confluent be brought into xCAT relatively easily? ---- Don Avart CTO RedLine Performance Solutions, LLC (703) 634-5686 da...@re...<mailto:da...@re...> On Jan 10, 2024, at 11:09 AM, Jarrod Johnson <jjo...@le...<mailto:jjo...@le...>> wrote: gocons is 'goconserver'. confluent has a baked in console handler for ipmi that is written in python. One could imagine a modification to the ipmitool invocation to try default and add -C 3 if it fails (exits within a second or so) ________________________________ From: David Johnson <dav...@br...<mailto:dav...@br...>> Sent: Wednesday, January 10, 2024 11:02 AM To: xCAT Users Mailing list <xca...@li...<mailto:xca...@li...>> Subject: Re: [xcat-user] [External] Ipmitool support for old BMC cipher suite 3 For console I’m still broken with both goconserver and ipmitool (w/o -C 3). I thought gocons came from confluent — is there a better way to do console now from confluent? -- ddj Dave Johnson On Jan 10, 2024, at 10:44 AM, Jarrod Johnson <jjo...@le...<mailto:jjo...@le...>> wrote: Well, I suspect it works when the amended result was posted that the xCAT fallback did function fine. So it's a matter of ipmitool's fallback being perhaps too picky or is outright broken. In xCAT/confluent we try 17 and if failed, just start over at 3. ipmitool tries to more carefully decide what it's initial attempt will be based on advertised support (I think from a cursory glance). So I could imagine how a strange response to supported ciphers could steer ipmitool wrong when xcat/confluent can fare better. Unfortunately on our side we deprecated use of ipmitool for console, so I'm a bit rusty in evaluation. ________________________________ From: Ryan Novosielski <nov...@ru...<mailto:nov...@ru...>> Sent: Tuesday, January 9, 2024 10:23 PM To: Jarrod Johnson <jjo...@le...<mailto:jjo...@le...>> Cc: xCAT Users Mailing list <xca...@li...<mailto:xca...@li...>> Subject: Re: [xcat-user] [External] Ipmitool support for old BMC cipher suite 3 That’s a good question! We don’t currently have a Confluent system running anything newer than RHEL7 managing anything other than DSS-G equipment, but we’re planning to upgrade our management system to RHEL9 soon, or alternatively could add an additional machine to one of the DSS-G clusters to see. -- #BlackLivesMatter ____ || \\UTGERS<file://UTGERS>, |---------------------------*O*--------------------------- ||_// the State | Ryan Novosielski - nov...@ru...<mailto:nov...@ru...> || \\ University | Sr. Technologist - 973/972.0922 (2x0922) ~*~ RBHS Campus || \\ of NJ | Office of Advanced Research Computing - MSB A555B, Newark `' On Jan 9, 2024, at 18:16, Jarrod Johnson <jjo...@le...<mailto:jjo...@le...>> wrote: Curious, how does confluent ipmi interaction work against those systems? does it manage to successfully downgrade transparently? ________________________________ From: Ryan Novosielski via xCAT-user <xca...@li...<mailto:xca...@li...>> Sent: Tuesday, January 9, 2024 5:37 PM To: xCAT Users Mailing list <xca...@li...<mailto:xca...@li...>> Cc: Ryan Novosielski <nov...@ru...<mailto:nov...@ru...>> Subject: Re: [xcat-user] [External] Ipmitool support for old BMC cipher suite 3 I can confirm that that last part is not true: root@fw01-hpc-hill:/home/novosirj 11:11 PM# ipmitool -U USERID -I lanplus -H master-imm chassis status Password: Error in open session response message : no matching cipher suite Error: Unable to establish IPMI v2 / RMCP+ session …and suspected as much since I had to learn anything about the cipher suites and -C. :-D Maybe the version provided by RHEL derivatives has defaults or something? We’re on RHEL8/9 where we’re seeing it. — #BlackLivesMatter ____ || \\UTGERS<file://UTGERS>, |---------------------------*O*--------------------------- ||_// the State | Ryan Novosielski - nov...@ru...<mailto:nov...@ru...> || \\ University | Sr. Technologist - 973/972.0922 (2x0922) ~*~ RBHS Campus || \\ of NJ | Office of Advanced Research Computing - MSB A555B, Newark `' On Jan 9, 2024, at 16:24, Jarrod Johnson <jjo...@le...<mailto:jjo...@le...>> wrote: In what context do you find use of ipmitool with '-C'? I was checking the ipmi console backend and it doesn't seem to have that. rpower and such should try SHA256, fallback to SHA1 (equivalent to -C 3) The ipmi backend for conserver, if used, doesn't currently attempt a -C 17 that I see. Newer ipmitool should try 17 and fallback to 3, if that's the issue. ________________________________ From: David Johnson <dav...@br...<mailto:dav...@br...>> Sent: Tuesday, January 9, 2024 11:53 AM To: xca...@li...<mailto:xca...@li...> <xca...@li...<mailto:xca...@li...>> Subject: [External] [xcat-user] Ipmitool support for old BMC cipher suite 3 I’d like to know if there is an option somewhere in xcat to choose -C 3 for either selected elderly nodes that don’t support suite 17, or use -C 3 by default for the whole cluster? Thanks! -- ddj Dave Johnson _______________________________________________ xCAT-user mailing list xCA...@li...<mailto:xCA...@li...> https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fxcat-user&data=05%7C02%7Cjjohnson2%40lenovo.com%7Cd9dfc4515405458dcfe508dc115658f9%7C5c7d0b28bdf8410caa934df372b16203%7C0%7C0%7C638404309770277001%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=g7uQXqtymGyHV4M4KxJraoePWpw9aslYbAl6Cj0UCZk%3D&reserved=0<https://lists.sourceforge.net/lists/listinfo/xcat-user> _______________________________________________ xCAT-user mailing list xCA...@li...<mailto:xCA...@li...> https://lists.sourceforge.net/lists/listinfo/xcat-user _______________________________________________ xCAT-user mailing list xCA...@li...<mailto:xCA...@li...> https://lists.sourceforge.net/lists/listinfo/xcat-user _______________________________________________ xCAT-user mailing list xCA...@li...<mailto:xCA...@li...> https://lists.sourceforge.net/lists/listinfo/xcat-user |
From: Gilad B. <gb...@le...> - 2024-01-11 12:15:04
|
Not the one to state about official support, but xcat should work with rhel9. We have it working in several places and I know the xcat team added this support few months ago. Are you facing any issues? Gilad Berman HPC Architect, Lenovo EMEA gb...@le...<mailto:gb...@le...> +972-522554262 [cid:image001.png@01DA4498.848509C0] From: Imam Toufique <tec...@gm...> Sent: Wednesday, 10 January 2024 18:55 To: xCAT Users Mailing list <xca...@li...> Subject: [External] [xcat-user] RHEL9 support in xcat Hello, Are there any plans to add RHEL9 support for xcat? If so, will it be available for community use? Thanks Regards, Imam Toufique 213-700-5485 |
From: Markus H. <mar...@me...> - 2024-01-11 12:06:21
|
I want to add some additional information regarding ipmitool and xCAT. ipmitool from latest ipmitool man page: -C <ciphersuite> The remote server authentication, integrity, and encryption algorithms to use for IPMIv2.0 lanplus con‐ nections. See table 22-20 in the IPMI v2.0 specification. The default is 17 which specifies RAKP-HMAC-SHA256 authentication, HMAC-SHA256-128 integrity, and AES-CBC-128 encryption algorithms. NOTE: In ipmitool 1.8.18 and earlier the default was 3, which was insecure and was not supported by some more recent BMC implementations. EL8/9 distros are still using ipmitool 1.8.18. Despite the man page saying cipher 3 is default in ipmitool 1.8.18, ipmitool will always try to use the best cipher suite available as Jarrod mentioned. You can check this with verbosity: -v ipmitool shows something like: "Using best available cipher suite 17" xCAT Current xCAT IPMI cmds (rpower/rvitals/rinv/rsetboot etc.) do not try cipher suite 17. Right now, cipher suite 3 is hardcoded. For xCAT to default to cipher suite 17 and fallback to cipher suite 3 you need to merge this PR: https://github.com/xcat2/xcat-core/pull/6391 Note: Lenovo's xCAT version is different. It has been using cipher suite 17 by default for quite some time. You can easily check if your xCAT version supports cipher suite 17 with: # C17 supported, with fallback to C3 [root@xcat ~]# grep sha256 /opt/xcat/lib/perl/xCAT/IPMI.pm Digest::SHA->import(qw/sha1 hmac_sha256/); Digest::SHA->import(qw/sha1 hmac_sha256/); $self->{hshfn} = \&hmac_sha256; 0, 0, 0, 8, 3, 0, 0, 0, #table 13-17, request sha256 1, 0, 0, 8, 4, 0, 0, 0); #sha256 integrity # C17 unsupported, using C3 [root@xcat ~]# grep sha256 /opt/xcat/lib/perl/xCAT/IPMI.pm [root@xcat ~]# The next xCAT release will most likely come with cipher suite 17 support. Mit freundlichen Grüßen / Kind regards Markus Hilger HPC Engineer MEGWARE Computer Vertrieb und Service GmbH Tel: +49 3722 528-47 Nordstraße 19 mar...@me...<mailto:mar...@me...> 09247 Chemnitz-Röhrsdorf, Germany www.megware.com<http://www.megware.com/> Geschäftsführer: André Singer, Axel Auweter Amtsgericht: Chemnitz HRB 584 ________________________________ Von: Don Avart <da...@re...> Gesendet: Mittwoch, 10. Januar 2024 17:24 An: xCAT Users Mailing list <xca...@li...> Betreff: Re: [xcat-user] [External] Ipmitool support for old BMC cipher suite 3 Jarrod, Would/could goconserver from Confluent be brought into xCAT relatively easily? ---- Don Avart CTO RedLine Performance Solutions, LLC (703) 634-5686 da...@re... On Jan 10, 2024, at 11:09 AM, Jarrod Johnson <jjo...@le...> wrote: gocons is 'goconserver'. confluent has a baked in console handler for ipmi that is written in python. One could imagine a modification to the ipmitool invocation to try default and add -C 3 if it fails (exits within a second or so) ________________________________ From: David Johnson <dav...@br...> Sent: Wednesday, January 10, 2024 11:02 AM To: xCAT Users Mailing list <xca...@li...> Subject: Re: [xcat-user] [External] Ipmitool support for old BMC cipher suite 3 For console I’m still broken with both goconserver and ipmitool (w/o -C 3). I thought gocons came from confluent — is there a better way to do console now from confluent? -- ddj Dave Johnson On Jan 10, 2024, at 10:44 AM, Jarrod Johnson <jjo...@le...> wrote: Well, I suspect it works when the amended result was posted that the xCAT fallback did function fine. So it's a matter of ipmitool's fallback being perhaps too picky or is outright broken. In xCAT/confluent we try 17 and if failed, just start over at 3. ipmitool tries to more carefully decide what it's initial attempt will be based on advertised support (I think from a cursory glance). So I could imagine how a strange response to supported ciphers could steer ipmitool wrong when xcat/confluent can fare better. Unfortunately on our side we deprecated use of ipmitool for console, so I'm a bit rusty in evaluation. ________________________________ From: Ryan Novosielski <nov...@ru...> Sent: Tuesday, January 9, 2024 10:23 PM To: Jarrod Johnson <jjo...@le...> Cc: xCAT Users Mailing list <xca...@li...> Subject: Re: [xcat-user] [External] Ipmitool support for old BMC cipher suite 3 That’s a good question! We don’t currently have a Confluent system running anything newer than RHEL7 managing anything other than DSS-G equipment, but we’re planning to upgrade our management system to RHEL9 soon, or alternatively could add an additional machine to one of the DSS-G clusters to see. -- #BlackLivesMatter ____ || \\UTGERS, |---------------------------*O*--------------------------- ||_// the State | Ryan Novosielski - nov...@ru... || \\ University | Sr. Technologist - 973/972.0922 (2x0922) ~*~ RBHS Campus || \\ of NJ | Office of Advanced Research Computing - MSB A555B, Newark `' On Jan 9, 2024, at 18:16, Jarrod Johnson <jjo...@le...> wrote: Curious, how does confluent ipmi interaction work against those systems? does it manage to successfully downgrade transparently? ________________________________ From: Ryan Novosielski via xCAT-user <xca...@li...> Sent: Tuesday, January 9, 2024 5:37 PM To: xCAT Users Mailing list <xca...@li...> Cc: Ryan Novosielski <nov...@ru...> Subject: Re: [xcat-user] [External] Ipmitool support for old BMC cipher suite 3 I can confirm that that last part is not true: root@fw01-hpc-hill:/home/novosirj 11:11 PM# ipmitool -U USERID -I lanplus -H master-imm chassis status Password: Error in open session response message : no matching cipher suite Error: Unable to establish IPMI v2 / RMCP+ session …and suspected as much since I had to learn anything about the cipher suites and -C. :-D Maybe the version provided by RHEL derivatives has defaults or something? We’re on RHEL8/9 where we’re seeing it. — #BlackLivesMatter ____ || \\UTGERS, |---------------------------*O*--------------------------- ||_// the State | Ryan Novosielski - nov...@ru... || \\ University | Sr. Technologist - 973/972.0922 (2x0922) ~*~ RBHS Campus || \\ of NJ | Office of Advanced Research Computing - MSB A555B, Newark `' On Jan 9, 2024, at 16:24, Jarrod Johnson <jjo...@le...> wrote: In what context do you find use of ipmitool with '-C'? I was checking the ipmi console backend and it doesn't seem to have that. rpower and such should try SHA256, fallback to SHA1 (equivalent to -C 3) The ipmi backend for conserver, if used, doesn't currently attempt a -C 17 that I see. Newer ipmitool should try 17 and fallback to 3, if that's the issue. ________________________________ From: David Johnson <dav...@br...<mailto:dav...@br...>> Sent: Tuesday, January 9, 2024 11:53 AM To: xca...@li...<mailto:xca...@li...> <xca...@li...<mailto:xca...@li...>> Subject: [External] [xcat-user] Ipmitool support for old BMC cipher suite 3 I’d like to know if there is an option somewhere in xcat to choose -C 3 for either selected elderly nodes that don’t support suite 17, or use -C 3 by default for the whole cluster? Thanks! -- ddj Dave Johnson _______________________________________________ xCAT-user mailing list xCA...@li...<mailto:xCA...@li...> https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fxcat-user&data=05%7C02%7Cjjohnson2%40lenovo.com%7Cd9dfc4515405458dcfe508dc115658f9%7C5c7d0b28bdf8410caa934df372b16203%7C0%7C0%7C638404309770277001%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=g7uQXqtymGyHV4M4KxJraoePWpw9aslYbAl6Cj0UCZk%3D&reserved=0<https://lists.sourceforge.net/lists/listinfo/xcat-user> _______________________________________________ xCAT-user mailing list xCA...@li...<mailto:xCA...@li...> https://lists.sourceforge.net/lists/listinfo/xcat-user _______________________________________________ xCAT-user mailing list xCA...@li... https://lists.sourceforge.net/lists/listinfo/xcat-user _______________________________________________ xCAT-user mailing list xCA...@li... https://lists.sourceforge.net/lists/listinfo/xcat-user |
From: Imam T. <tec...@gm...> - 2024-01-10 16:54:59
|
Hello, Are there any plans to add RHEL9 support for xcat? If so, will it be available for community use? Thanks Regards, *Imam Toufique* *213-700-5485* |
From: Don A. <da...@re...> - 2024-01-10 16:48:36
|
Jarrod, Would/could goconserver from Confluent be brought into xCAT relatively easily? ---- Don Avart CTO RedLine Performance Solutions, LLC (703) 634-5686 da...@re... > On Jan 10, 2024, at 11:09 AM, Jarrod Johnson <jjo...@le...> wrote: > > gocons is 'goconserver'. confluent has a baked in console handler for ipmi that is written in python. > > One could imagine a modification to the ipmitool invocation to try default and add -C 3 if it fails (exits within a second or so) > From: David Johnson <dav...@br...> > Sent: Wednesday, January 10, 2024 11:02 AM > To: xCAT Users Mailing list <xca...@li...> > Subject: Re: [xcat-user] [External] Ipmitool support for old BMC cipher suite 3 > > For console I’m still broken with both goconserver and ipmitool (w/o > -C 3). I thought gocons came from confluent — is there a better way to do console now from confluent? > -- ddj > Dave Johnson > >> On Jan 10, 2024, at 10:44 AM, Jarrod Johnson <jjo...@le...> wrote: >> >> >> Well, I suspect it works when the amended result was posted that the xCAT fallback did function fine. >> >> So it's a matter of ipmitool's fallback being perhaps too picky or is outright broken. >> >> In xCAT/confluent we try 17 and if failed, just start over at 3. >> >> ipmitool tries to more carefully decide what it's initial attempt will be based on advertised support (I think from a cursory glance). So I could imagine how a strange response to supported ciphers could steer ipmitool wrong when xcat/confluent can fare better. >> >> Unfortunately on our side we deprecated use of ipmitool for console, so I'm a bit rusty in evaluation. >> From: Ryan Novosielski <nov...@ru...> >> Sent: Tuesday, January 9, 2024 10:23 PM >> To: Jarrod Johnson <jjo...@le...> >> Cc: xCAT Users Mailing list <xca...@li...> >> Subject: Re: [xcat-user] [External] Ipmitool support for old BMC cipher suite 3 >> >> That’s a good question! We don’t currently have a Confluent system running anything newer than RHEL7 managing anything other than DSS-G equipment, but we’re planning to upgrade our management system to RHEL9 soon, or alternatively could add an additional machine to one of the DSS-G clusters to see. >> >> -- >> #BlackLivesMatter >> ____ >> || \\UTGERS, |---------------------------*O*--------------------------- >> ||_// the State | Ryan Novosielski - nov...@ru... >> || \\ University | Sr. Technologist - 973/972.0922 (2x0922) ~*~ RBHS Campus >> || \\ of NJ | Office of Advanced Research Computing - MSB A555B, Newark >> `' >> >>> On Jan 9, 2024, at 18:16, Jarrod Johnson <jjo...@le...> wrote: >>> >>> Curious, how does confluent ipmi interaction work against those systems? does it manage to successfully downgrade transparently? >>> From: Ryan Novosielski via xCAT-user <xca...@li...> >>> Sent: Tuesday, January 9, 2024 5:37 PM >>> To: xCAT Users Mailing list <xca...@li...> >>> Cc: Ryan Novosielski <nov...@ru...> >>> Subject: Re: [xcat-user] [External] Ipmitool support for old BMC cipher suite 3 >>> >>> I can confirm that that last part is not true: >>> >>> root@fw01-hpc-hill:/home/novosirj 11:11 PM# ipmitool -U USERID -I lanplus -H master-imm chassis status >>> Password: >>> Error in open session response message : no matching cipher suite >>> >>> Error: Unable to establish IPMI v2 / RMCP+ session >>> >>> …and suspected as much since I had to learn anything about the cipher suites and -C. :-D >>> >>> Maybe the version provided by RHEL derivatives has defaults or something? We’re on RHEL8/9 where we’re seeing it. >>> >>> — >>> #BlackLivesMatter >>> ____ >>> || \\UTGERS, |---------------------------*O*--------------------------- >>> ||_// the State | Ryan Novosielski - nov...@ru... >>> || \\ University | Sr. Technologist - 973/972.0922 (2x0922) ~*~ RBHS Campus >>> || \\ of NJ | Office of Advanced Research Computing - MSB A555B, Newark >>> `' >>> >>>> On Jan 9, 2024, at 16:24, Jarrod Johnson <jjo...@le...> wrote: >>>> >>>> In what context do you find use of ipmitool with '-C'? I was checking the ipmi console backend and it doesn't seem to have that. >>>> >>>> rpower and such should try SHA256, fallback to SHA1 (equivalent to -C 3) >>>> >>>> The ipmi backend for conserver, if used, doesn't currently attempt a -C 17 that I see. Newer ipmitool should try 17 and fallback to 3, if that's the issue. >>>> >>>> From: David Johnson <dav...@br... <mailto:dav...@br...>> >>>> Sent: Tuesday, January 9, 2024 11:53 AM >>>> To: xca...@li... <mailto:xca...@li...> <xca...@li... <mailto:xca...@li...>> >>>> Subject: [External] [xcat-user] Ipmitool support for old BMC cipher suite 3 >>>> >>>> I’d like to know if there is an option somewhere in xcat to choose -C 3 for either selected elderly nodes that don’t support suite 17, or use -C 3 by default for the whole cluster? Thanks! >>>> -- ddj >>>> Dave Johnson >>>> >>>> _______________________________________________ >>>> xCAT-user mailing list >>>> xCA...@li... <mailto:xCA...@li...> >>>> https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fxcat-user&data=05%7C02%7Cjjohnson2%40lenovo.com%7Cd9dfc4515405458dcfe508dc115658f9%7C5c7d0b28bdf8410caa934df372b16203%7C0%7C0%7C638404309770277001%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=g7uQXqtymGyHV4M4KxJraoePWpw9aslYbAl6Cj0UCZk%3D&reserved=0 <https://lists.sourceforge.net/lists/listinfo/xcat-user> >>>> _______________________________________________ >>>> xCAT-user mailing list >>>> xCA...@li... <mailto:xCA...@li...> >>>> https://lists.sourceforge.net/lists/listinfo/xcat-user >> >> _______________________________________________ >> xCAT-user mailing list >> xCA...@li... >> https://lists.sourceforge.net/lists/listinfo/xcat-user > _______________________________________________ > xCAT-user mailing list > xCA...@li... > https://lists.sourceforge.net/lists/listinfo/xcat-user |
From: Jarrod J. <jjo...@le...> - 2024-01-10 16:09:48
|
gocons is 'goconserver'. confluent has a baked in console handler for ipmi that is written in python. One could imagine a modification to the ipmitool invocation to try default and add -C 3 if it fails (exits within a second or so) ________________________________ From: David Johnson <dav...@br...> Sent: Wednesday, January 10, 2024 11:02 AM To: xCAT Users Mailing list <xca...@li...> Subject: Re: [xcat-user] [External] Ipmitool support for old BMC cipher suite 3 For console I’m still broken with both goconserver and ipmitool (w/o -C 3). I thought gocons came from confluent — is there a better way to do console now from confluent? -- ddj Dave Johnson On Jan 10, 2024, at 10:44 AM, Jarrod Johnson <jjo...@le...> wrote: Well, I suspect it works when the amended result was posted that the xCAT fallback did function fine. So it's a matter of ipmitool's fallback being perhaps too picky or is outright broken. In xCAT/confluent we try 17 and if failed, just start over at 3. ipmitool tries to more carefully decide what it's initial attempt will be based on advertised support (I think from a cursory glance). So I could imagine how a strange response to supported ciphers could steer ipmitool wrong when xcat/confluent can fare better. Unfortunately on our side we deprecated use of ipmitool for console, so I'm a bit rusty in evaluation. ________________________________ From: Ryan Novosielski <nov...@ru...> Sent: Tuesday, January 9, 2024 10:23 PM To: Jarrod Johnson <jjo...@le...> Cc: xCAT Users Mailing list <xca...@li...> Subject: Re: [xcat-user] [External] Ipmitool support for old BMC cipher suite 3 That’s a good question! We don’t currently have a Confluent system running anything newer than RHEL7 managing anything other than DSS-G equipment, but we’re planning to upgrade our management system to RHEL9 soon, or alternatively could add an additional machine to one of the DSS-G clusters to see. -- #BlackLivesMatter ____ || \\UTGERS, |---------------------------*O*--------------------------- ||_// the State | Ryan Novosielski - nov...@ru... || \\ University | Sr. Technologist - 973/972.0922 (2x0922) ~*~ RBHS Campus || \\ of NJ | Office of Advanced Research Computing - MSB A555B, Newark `' On Jan 9, 2024, at 18:16, Jarrod Johnson <jjo...@le...> wrote: Curious, how does confluent ipmi interaction work against those systems? does it manage to successfully downgrade transparently? ________________________________ From: Ryan Novosielski via xCAT-user <xca...@li...> Sent: Tuesday, January 9, 2024 5:37 PM To: xCAT Users Mailing list <xca...@li...> Cc: Ryan Novosielski <nov...@ru...> Subject: Re: [xcat-user] [External] Ipmitool support for old BMC cipher suite 3 I can confirm that that last part is not true: root@fw01-hpc-hill:/home/novosirj 11:11 PM# ipmitool -U USERID -I lanplus -H master-imm chassis status Password: Error in open session response message : no matching cipher suite Error: Unable to establish IPMI v2 / RMCP+ session …and suspected as much since I had to learn anything about the cipher suites and -C. :-D Maybe the version provided by RHEL derivatives has defaults or something? We’re on RHEL8/9 where we’re seeing it. — #BlackLivesMatter ____ || \\UTGERS, |---------------------------*O*--------------------------- ||_// the State | Ryan Novosielski - nov...@ru... || \\ University | Sr. Technologist - 973/972.0922 (2x0922) ~*~ RBHS Campus || \\ of NJ | Office of Advanced Research Computing - MSB A555B, Newark `' On Jan 9, 2024, at 16:24, Jarrod Johnson <jjo...@le...> wrote: In what context do you find use of ipmitool with '-C'? I was checking the ipmi console backend and it doesn't seem to have that. rpower and such should try SHA256, fallback to SHA1 (equivalent to -C 3) The ipmi backend for conserver, if used, doesn't currently attempt a -C 17 that I see. Newer ipmitool should try 17 and fallback to 3, if that's the issue. ________________________________ From: David Johnson <dav...@br...<mailto:dav...@br...>> Sent: Tuesday, January 9, 2024 11:53 AM To: xca...@li...<mailto:xca...@li...> <xca...@li...<mailto:xca...@li...>> Subject: [External] [xcat-user] Ipmitool support for old BMC cipher suite 3 I’d like to know if there is an option somewhere in xcat to choose -C 3 for either selected elderly nodes that don’t support suite 17, or use -C 3 by default for the whole cluster? Thanks! -- ddj Dave Johnson _______________________________________________ xCAT-user mailing list xCA...@li...<mailto:xCA...@li...> https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fxcat-user&data=05%7C02%7Cjjohnson2%40lenovo.com%7Cd9dfc4515405458dcfe508dc115658f9%7C5c7d0b28bdf8410caa934df372b16203%7C0%7C0%7C638404309770277001%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=g7uQXqtymGyHV4M4KxJraoePWpw9aslYbAl6Cj0UCZk%3D&reserved=0<https://lists.sourceforge.net/lists/listinfo/xcat-user> _______________________________________________ xCAT-user mailing list xCA...@li...<mailto:xCA...@li...> https://lists.sourceforge.net/lists/listinfo/xcat-user _______________________________________________ xCAT-user mailing list xCA...@li... https://lists.sourceforge.net/lists/listinfo/xcat-user |
From: David J. <dav...@br...> - 2024-01-10 16:02:32
|
<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto">For console I’m still broken with both goconserver and ipmitool (w/o<div>-C 3). I thought gocons came from confluent — is there a better way to do console now from confluent?<br id="lineBreakAtBeginningOfSignature"><div dir="ltr"> -- ddj<div>Dave Johnson</div></div><div dir="ltr"><br><blockquote type="cite">On Jan 10, 2024, at 10:44 AM, Jarrod Johnson <jjo...@le...> wrote:<br><br></blockquote></div><blockquote type="cite"><div dir="ltr"> <meta http-equiv="Content-Type" content="text/html; charset=Windows-1252"> <div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);"> Well, I suspect it works when the amended result was posted that the xCAT fallback did function fine.</div> <div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);"> <br> </div> <div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);"> So it's a matter of ipmitool's fallback being perhaps too picky or is outright broken.</div> <div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);"> <br> </div> <div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);"> In xCAT/confluent we try 17 and if failed, just start over at 3.</div> <div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);"> <br> </div> <div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);"> ipmitool tries to more carefully decide what it's initial attempt will be based on advertised support (I think from a cursory glance). So I could imagine how a strange response to supported ciphers could steer ipmitool wrong when xcat/confluent can fare better.</div> <div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);"> <br> </div> <div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);"> Unfortunately on our side we deprecated use of ipmitool for console, so I'm a bit rusty in evaluation.</div> <div id="appendonsend"></div> <hr style="display:inline-block;width:98%" tabindex="-1"> <div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> Ryan Novosielski <nov...@ru...><br> <b>Sent:</b> Tuesday, January 9, 2024 10:23 PM<br> <b>To:</b> Jarrod Johnson <jjo...@le...><br> <b>Cc:</b> xCAT Users Mailing list <xca...@li...><br> <b>Subject:</b> Re: [xcat-user] [External] Ipmitool support for old BMC cipher suite 3</font> <div> </div> </div> <div style="line-break:after-white-space">That’s a good question! We don’t currently have a Confluent system running anything newer than RHEL7 managing anything other than DSS-G equipment, but we’re planning to upgrade our management system to RHEL9 soon, or alternatively could add an additional machine to one of the DSS-G clusters to see. <div><br id="x_lineBreakAtBeginningOfMessage"> <div> <div dir="auto" style="color:rgb(0,0,0); letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none; line-break:after-white-space"> <div dir="auto" style="color:rgb(0,0,0); letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none; line-break:after-white-space"> <div dir="auto" style="color:rgb(0,0,0); letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none; line-break:after-white-space"> <div dir="auto" style="color:rgb(0,0,0); letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none; line-break:after-white-space"> <div style="color:rgb(0,0,0); letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; line-break:after-white-space"> --<br> #BlackLivesMatter</div> <div style="color:rgb(0,0,0); letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; line-break:after-white-space"> ____<br> || \\UTGERS, |---------------------------*O*---------------------------<br> ||_// the State<span class="x_Apple-tab-span" style="white-space:pre"> </span> | Ryan Novosielski - nov...@ru...<br> || \\ University | Sr. Technologist - 973/972.0922 (2x0922) ~*~ RBHS Campus<br> || \\ of NJ<span class="x_Apple-tab-span" style="white-space:pre"> </span> | Office of Advanced Research Computing - MSB A555B, Newark<br> `'</div> </div> </div> </div> </div> </div> <div><br> <blockquote type="cite"> <div>On Jan 9, 2024, at 18:16, Jarrod Johnson <jjo...@le...> wrote:</div> <br class="x_Apple-interchange-newline"> <div> <div class="x_elementToProof" style="font-style:normal; font-variant-caps:normal; font-weight:400; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none; font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif; font-size:12pt"> Curious, how does confluent ipmi interaction work against those systems? does it manage to successfully downgrade transparently?</div> <div id="x_appendonsend" style="font-family:Menlo-Regular; font-size:11px; font-style:normal; font-variant-caps:normal; font-weight:400; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none"> </div> <hr tabindex="-1" style="font-family:Menlo-Regular; font-size:11px; font-style:normal; font-variant-caps:normal; font-weight:400; letter-spacing:normal; orphans:auto; text-align:start; text-indent:0px; text-transform:none; white-space:normal; widows:auto; word-spacing:0px; text-decoration:none; display:inline-block; width:746.75px"> <span style="font-family:Menlo-Regular; font-size:11px; font-style:normal; font-variant-caps:normal; font-weight:400; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none; float:none; display:inline!important"></span> <div id="x_divRplyFwdMsg" dir="ltr" style="font-family:Menlo-Regular; font-size:11px; font-style:normal; font-variant-caps:normal; font-weight:400; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none"> <font face="Calibri, sans-serif" style="font-size:11pt"><b>From:</b><span class="x_Apple-converted-space"> </span>Ryan Novosielski via xCAT-user <xca...@li...><br> <b>Sent:</b><span class="x_Apple-converted-space"> </span>Tuesday, January 9, 2024 5:37 PM<br> <b>To:</b><span class="x_Apple-converted-space"> </span>xCAT Users Mailing list <xca...@li...><br> <b>Cc:</b><span class="x_Apple-converted-space"> </span>Ryan Novosielski <nov...@ru...><br> <b>Subject:</b><span class="x_Apple-converted-space"> </span>Re: [xcat-user] [External] Ipmitool support for old BMC cipher suite 3</font> <div> </div> </div> <div style="font-family:Menlo-Regular; font-size:11px; font-style:normal; font-variant-caps:normal; font-weight:400; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none; line-break:after-white-space"> <div>I can confirm that that last part is not true:</div> <div><br> </div> <div> <div>root@fw01-hpc-hill:/home/novosirj 11:11 PM# ipmitool -U USERID -I lanplus -H master-imm chassis status</div> <div>Password: </div> <div>Error in open session response message : no matching cipher suite</div> <div><br> </div> <div>Error: Unable to establish IPMI v2 / RMCP+ session</div> <div><br> </div> <div>…and suspected as much since I had to learn anything about the cipher suites and -C. :-D </div> <div><br> </div> <div>Maybe the version provided by RHEL derivatives has defaults or something? We’re on RHEL8/9 where we’re seeing it.</div> <div><br> </div> <div> <div dir="auto" style="letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none; line-break:after-white-space"> <div dir="auto" style="letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none; line-break:after-white-space"> <div dir="auto" style="letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none; line-break:after-white-space"> <div dir="auto" style="letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none; line-break:after-white-space"> <div style="letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; line-break:after-white-space"> —<br> #BlackLivesMatter</div> <div style="letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; line-break:after-white-space"> ____<br> || \\UTGERS, |---------------------------*O*---------------------------<br> ||_// the State<span class="x_x_Apple-tab-span" style="white-space:pre"> </span> | Ryan Novosielski - nov...@ru...<br> || \\ University | Sr. Technologist - 973/972.0922 (2x0922) ~*~ RBHS Campus<br> || \\ of NJ<span class="x_x_Apple-tab-span" style="white-space:pre"> </span> | Office of Advanced Research Computing - MSB A555B, Newark<br> `'</div> </div> </div> </div> </div> </div> <div><br> <blockquote type="cite"> <div>On Jan 9, 2024, at 16:24, Jarrod Johnson <jjo...@le...> wrote:</div> <br class="x_x_Apple-interchange-newline"> <div> <div class="x_x_elementToProof" style="font-style:normal; font-variant-caps:normal; font-weight:400; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none; font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif; font-size:12pt"> In what context do you find use of ipmitool with '-C'? I was checking the ipmi console backend and it doesn't seem to have that.</div> <div class="x_x_elementToProof" style="font-style:normal; font-variant-caps:normal; font-weight:400; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none; font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif; font-size:12pt"> <br> </div> <div class="x_x_elementToProof" style="font-style:normal; font-variant-caps:normal; font-weight:400; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none; font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif; font-size:12pt"> rpower and such should try SHA256, fallback to SHA1 (equivalent to -C 3)</div> <div class="x_x_elementToProof" style="font-style:normal; font-variant-caps:normal; font-weight:400; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none; font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif; font-size:12pt"> <br> </div> <div class="x_x_elementToProof" style="font-style:normal; font-variant-caps:normal; font-weight:400; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none; font-family:Aptos,Aptos_EmbeddedFont,Aptos_MSFontService,Calibri,Helvetica,sans-serif; font-size:12pt"> The ipmi backend for conserver, if used, doesn't currently attempt a -C 17 that I see. Newer ipmitool should try 17 and fallback to 3, if that's the issue.</div> <div id="x_x_appendonsend" style="font-family:Menlo-Regular; font-size:11px; font-style:normal; font-variant-caps:normal; font-weight:400; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none"> </div> <hr tabindex="-1" style="font-family:Menlo-Regular; font-size:11px; font-style:normal; font-variant-caps:normal; font-weight:400; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none; display:inline-block; width:824.171875px"> <span class="x_Apple-converted-space"> </span><span style="font-family:Menlo-Regular; font-size:11px; font-style:normal; font-variant-caps:normal; font-weight:400; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none; float:none; display:inline!important"></span> <div id="x_x_divRplyFwdMsg" dir="ltr" style="font-family:Menlo-Regular; font-size:11px; font-style:normal; font-variant-caps:normal; font-weight:400; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none"> <font face="Calibri, sans-serif" style="font-size:11pt"><b>From:</b><span class="x_x_Apple-converted-space"> </span>David Johnson <<a href="mailto:dav...@br...">dav...@br...</a>><br> <b>Sent:</b><span class="x_x_Apple-converted-space"> </span>Tuesday, January 9, 2024 11:53 AM<br> <b>To:</b><span class="x_x_Apple-converted-space"> </span><a href="mailto:xca...@li...">xca...@li...</a><span class="x_x_Apple-converted-space"> </span><<a href="mailto:xca...@li...">xca...@li...</a>><br> <b>Subject:</b><span class="x_x_Apple-converted-space"> </span>[External] [xcat-user] Ipmitool support for old BMC cipher suite 3</font> <div> </div> </div> <div class="x_x_BodyFragment" style="font-family:Menlo-Regular; font-size:11px; font-style:normal; font-variant-caps:normal; font-weight:400; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none"> <font size="2"><span style="font-size:11pt"> <div class="x_x_PlainText">I’d like to know if there is an option somewhere in xcat to choose -C 3 for either selected elderly nodes that don’t support suite 17, or use -C 3 by default for the whole cluster? Thanks!<br> -- ddj<br> Dave Johnson<br> <br> _______________________________________________<br> xCAT-user mailing list<br> <a href="mailto:xCA...@li...">xCA...@li...</a><br> <a href="https://lists.sourceforge.net/lists/listinfo/xcat-user" originalsrc="https://lists.sourceforge.net/lists/listinfo/xcat-user" shash="VeEYfU+gya/jYEjGLf5luICeNOP8ioyi4b/K6VDEmG8gGKMT0OBqLEg3eKZE3CVHoV9OeTK9KSm0XzQKs4vol9ptHMBP0mhrrj0RKI9s399IBGLMZxVJ9fciBgIHo2x2ek/Rw2caU7i03Ui89wLWCnIM1rQZYbZ7AnUYNyLmh7M=">https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fxcat-user&data=05%7C02%7Cjjohnson2%40lenovo.com%7Cd9dfc4515405458dcfe508dc115658f9%7C5c7d0b28bdf8410caa934df372b16203%7C0%7C0%7C638404309770277001%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=g7uQXqtymGyHV4M4KxJraoePWpw9aslYbAl6Cj0UCZk%3D&reserved=0</a><br> </div> </span></font></div> <span style="font-family:Menlo-Regular; font-size:11px; font-style:normal; font-variant-caps:normal; font-weight:400; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none; float:none; display:inline!important">_______________________________________________</span><br style="font-family:Menlo-Regular; font-size:11px; font-style:normal; font-variant-caps:normal; font-weight:400; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none"> <span style="font-family:Menlo-Regular; font-size:11px; font-style:normal; font-variant-caps:normal; font-weight:400; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none; float:none; display:inline!important">xCAT-user mailing list</span><br style="font-family:Menlo-Regular; font-size:11px; font-style:normal; font-variant-caps:normal; font-weight:400; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none"> <a href="mailto:xCA...@li..." style="font-family:Menlo-Regular; font-size:11px; font-style:normal; font-variant-caps:normal; font-weight:400; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px">xCA...@li...</a><br style="font-family:Menlo-Regular; font-size:11px; font-style:normal; font-variant-caps:normal; font-weight:400; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px; text-decoration:none"> <a href="https://lists.sourceforge.net/lists/listinfo/xcat-user" originalsrc="https://lists.sourceforge.net/lists/listinfo/xcat-user" shash="T6uKlikAoqiHaqQK/LPlZ4TEG8yRlVOHLPguZuk/MaubXjcCjkrKrALTVMb0noVX3mPvBKzrtQKnpbrc3WJerdTOstTDdn23CmehW/mRM6D4VstT3+uep3GfirKdkQoODFSs0s267TiVi2FeSRvuoRbuGzx58WuW1iR75YA0xYg=" style="font-family:Menlo-Regular; font-size:11px; font-style:normal; font-variant-caps:normal; font-weight:400; letter-spacing:normal; text-align:start; text-indent:0px; text-transform:none; white-space:normal; word-spacing:0px">https://lists.sourceforge.net/lists/listinfo/xcat-user</a></div> </blockquote> </div> </div> </div> </div> </blockquote> </div> <br> </div> </div> <span>_______________________________________________</span><br><span>xCAT-user mailing list</span><br><span>xCA...@li...</span><br><span>https://lists.sourceforge.net/lists/listinfo/xcat-user</span><br></div></blockquote></div></body></html> |
From: Jarrod J. <jjo...@le...> - 2024-01-10 15:43:38
|
Well, I suspect it works when the amended result was posted that the xCAT fallback did function fine. So it's a matter of ipmitool's fallback being perhaps too picky or is outright broken. In xCAT/confluent we try 17 and if failed, just start over at 3. ipmitool tries to more carefully decide what it's initial attempt will be based on advertised support (I think from a cursory glance). So I could imagine how a strange response to supported ciphers could steer ipmitool wrong when xcat/confluent can fare better. Unfortunately on our side we deprecated use of ipmitool for console, so I'm a bit rusty in evaluation. ________________________________ From: Ryan Novosielski <nov...@ru...> Sent: Tuesday, January 9, 2024 10:23 PM To: Jarrod Johnson <jjo...@le...> Cc: xCAT Users Mailing list <xca...@li...> Subject: Re: [xcat-user] [External] Ipmitool support for old BMC cipher suite 3 That’s a good question! We don’t currently have a Confluent system running anything newer than RHEL7 managing anything other than DSS-G equipment, but we’re planning to upgrade our management system to RHEL9 soon, or alternatively could add an additional machine to one of the DSS-G clusters to see. -- #BlackLivesMatter ____ || \\UTGERS, |---------------------------*O*--------------------------- ||_// the State | Ryan Novosielski - nov...@ru... || \\ University | Sr. Technologist - 973/972.0922 (2x0922) ~*~ RBHS Campus || \\ of NJ | Office of Advanced Research Computing - MSB A555B, Newark `' On Jan 9, 2024, at 18:16, Jarrod Johnson <jjo...@le...> wrote: Curious, how does confluent ipmi interaction work against those systems? does it manage to successfully downgrade transparently? ________________________________ From: Ryan Novosielski via xCAT-user <xca...@li...> Sent: Tuesday, January 9, 2024 5:37 PM To: xCAT Users Mailing list <xca...@li...> Cc: Ryan Novosielski <nov...@ru...> Subject: Re: [xcat-user] [External] Ipmitool support for old BMC cipher suite 3 I can confirm that that last part is not true: root@fw01-hpc-hill:/home/novosirj 11:11 PM# ipmitool -U USERID -I lanplus -H master-imm chassis status Password: Error in open session response message : no matching cipher suite Error: Unable to establish IPMI v2 / RMCP+ session …and suspected as much since I had to learn anything about the cipher suites and -C. :-D Maybe the version provided by RHEL derivatives has defaults or something? We’re on RHEL8/9 where we’re seeing it. — #BlackLivesMatter ____ || \\UTGERS, |---------------------------*O*--------------------------- ||_// the State | Ryan Novosielski - nov...@ru... || \\ University | Sr. Technologist - 973/972.0922 (2x0922) ~*~ RBHS Campus || \\ of NJ | Office of Advanced Research Computing - MSB A555B, Newark `' On Jan 9, 2024, at 16:24, Jarrod Johnson <jjo...@le...> wrote: In what context do you find use of ipmitool with '-C'? I was checking the ipmi console backend and it doesn't seem to have that. rpower and such should try SHA256, fallback to SHA1 (equivalent to -C 3) The ipmi backend for conserver, if used, doesn't currently attempt a -C 17 that I see. Newer ipmitool should try 17 and fallback to 3, if that's the issue. ________________________________ From: David Johnson <dav...@br...<mailto:dav...@br...>> Sent: Tuesday, January 9, 2024 11:53 AM To: xca...@li...<mailto:xca...@li...> <xca...@li...<mailto:xca...@li...>> Subject: [External] [xcat-user] Ipmitool support for old BMC cipher suite 3 I’d like to know if there is an option somewhere in xcat to choose -C 3 for either selected elderly nodes that don’t support suite 17, or use -C 3 by default for the whole cluster? Thanks! -- ddj Dave Johnson _______________________________________________ xCAT-user mailing list xCA...@li...<mailto:xCA...@li...> https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fxcat-user&data=05%7C02%7Cjjohnson2%40lenovo.com%7Cd9dfc4515405458dcfe508dc115658f9%7C5c7d0b28bdf8410caa934df372b16203%7C0%7C0%7C638404309770277001%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=g7uQXqtymGyHV4M4KxJraoePWpw9aslYbAl6Cj0UCZk%3D&reserved=0<https://lists.sourceforge.net/lists/listinfo/xcat-user> _______________________________________________ xCAT-user mailing list xCA...@li...<mailto:xCA...@li...> https://lists.sourceforge.net/lists/listinfo/xcat-user |
From: Jarrod J. <jjo...@le...> - 2024-01-10 15:36:13
|
So the mini-RSA card added remote video, ssh and web (and some things for IBM director at the time). The original x3550 should have provided IPMI and SOL out of the box (although the vintage is such that I think you need IPMI 1.5, which I haven't tested in a long time). Very vague in my memory, but I was arrund for those days. Fun fact, that architecture is why to this day we have an oddity in our firmware, that IPMI connects to ttyS0 and SSH connects to ttyS1, it was for backwards compatiblity to this time when the mini-RSA brought it's own serial uart and thus IPMI only worked to the builtin uart and ssh only worked to the mini-RSA's uart. ________________________________ From: Vinícius Ferrão via xCAT-user <xca...@li...> Sent: Tuesday, January 9, 2024 6:41 PM To: xca...@li... <xca...@li...> Cc: Vinícius Ferrão <fe...@ve...> Subject: [External] [xcat-user] Support for IBM Remote Supervisor Supervisor II (RSA-II) Hello, This thread may be offtopic on this list but I don’t have any other places to go with people may understand the question. I’ve bought this card thinking that it would provide IPMI for being controlled by Confluent (and xCAT maybe...) but I think I misunderstood what the device provides. Anyone knows if this card is supported? Does it provide IPMI over LAN? Long story: There’s an old IBM System x3550 (the first one) that I use to test things, and I was trying to add it as a compute node of Confluent but although it has an OOB Ethernet Interface named as management it didn’t even linked when a network cable was plugged. So after spending countless hours trying to figure it out I’ve discovered that I should have an additional IBM RSA-2 Slimline Card on the system for this management port work. I think I incorrectly assumed that this card would provide a classic IPMI over LAN interface since the server already has BMC configuration on the BIOS that I can even set the LAN settings like the IP address. So I sourced one card in the used market and after 12h fighting with the card due to wrong firmwares, mismatches between the system BIOS and the car and broken download links on IBM website and that frustrating Fix Central webpage. There still an BMC update that I could not do because the update package simply does not find the BMC on the server. Probably because the package is for EL5 and I’m running EL7. After fighting with this I was able to finally connect to the web interface that the RSA-2 provided. I can shutdown and power on the server, see some information and that’s it. However I cannot control the system using ipmitool remotely and when using ipmitool in band the LAN settings are different from those on the RSA-II card. So I think all this configuration on the BIOS about the BMC, the ipmitool lan commands are all bogus on this system. Basically the card is pretty much useless and I just wasted time and little money in this journey. So is there any chance of making this work? Any workaround? Anyone that feels the pain or knows the hardware enough to fill in the gaps what I may be missing? Thanks all. _______________________________________________ xCAT-user mailing list xCA...@li... https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fxcat-user&data=05%7C02%7Cjjohnson2%40lenovo.com%7C1cc27dfaf4964501405d08dc119d520d%7C5c7d0b28bdf8410caa934df372b16203%7C0%7C0%7C638404614610576954%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=gSZk487MMWMoEFcsebSMJMimxFCFdiq3UEnBflYS4wQ%3D&reserved=0<https://lists.sourceforge.net/lists/listinfo/xcat-user> |
From: Ryan N. <nov...@ru...> - 2024-01-10 07:00:03
|
That’s a good question! We don’t currently have a Confluent system running anything newer than RHEL7 managing anything other than DSS-G equipment, but we’re planning to upgrade our management system to RHEL9 soon, or alternatively could add an additional machine to one of the DSS-G clusters to see. -- #BlackLivesMatter ____ || \\UTGERS, |---------------------------*O*--------------------------- ||_// the State | Ryan Novosielski - nov...@ru... || \\ University | Sr. Technologist - 973/972.0922 (2x0922) ~*~ RBHS Campus || \\ of NJ | Office of Advanced Research Computing - MSB A555B, Newark `' On Jan 9, 2024, at 18:16, Jarrod Johnson <jjo...@le...> wrote: Curious, how does confluent ipmi interaction work against those systems? does it manage to successfully downgrade transparently? ________________________________ From: Ryan Novosielski via xCAT-user <xca...@li...> Sent: Tuesday, January 9, 2024 5:37 PM To: xCAT Users Mailing list <xca...@li...> Cc: Ryan Novosielski <nov...@ru...> Subject: Re: [xcat-user] [External] Ipmitool support for old BMC cipher suite 3 I can confirm that that last part is not true: root@fw01-hpc-hill:/home/novosirj 11:11 PM# ipmitool -U USERID -I lanplus -H master-imm chassis status Password: Error in open session response message : no matching cipher suite Error: Unable to establish IPMI v2 / RMCP+ session …and suspected as much since I had to learn anything about the cipher suites and -C. :-D Maybe the version provided by RHEL derivatives has defaults or something? We’re on RHEL8/9 where we’re seeing it. — #BlackLivesMatter ____ || \\UTGERS, |---------------------------*O*--------------------------- ||_// the State | Ryan Novosielski - nov...@ru... || \\ University | Sr. Technologist - 973/972.0922 (2x0922) ~*~ RBHS Campus || \\ of NJ | Office of Advanced Research Computing - MSB A555B, Newark `' On Jan 9, 2024, at 16:24, Jarrod Johnson <jjo...@le...> wrote: In what context do you find use of ipmitool with '-C'? I was checking the ipmi console backend and it doesn't seem to have that. rpower and such should try SHA256, fallback to SHA1 (equivalent to -C 3) The ipmi backend for conserver, if used, doesn't currently attempt a -C 17 that I see. Newer ipmitool should try 17 and fallback to 3, if that's the issue. ________________________________ From: David Johnson <dav...@br...<mailto:dav...@br...>> Sent: Tuesday, January 9, 2024 11:53 AM To: xca...@li...<mailto:xca...@li...> <xca...@li...<mailto:xca...@li...>> Subject: [External] [xcat-user] Ipmitool support for old BMC cipher suite 3 I’d like to know if there is an option somewhere in xcat to choose -C 3 for either selected elderly nodes that don’t support suite 17, or use -C 3 by default for the whole cluster? Thanks! -- ddj Dave Johnson _______________________________________________ xCAT-user mailing list xCA...@li...<mailto:xCA...@li...> https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fxcat-user&data=05%7C02%7Cjjohnson2%40lenovo.com%7Cd9dfc4515405458dcfe508dc115658f9%7C5c7d0b28bdf8410caa934df372b16203%7C0%7C0%7C638404309770277001%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=g7uQXqtymGyHV4M4KxJraoePWpw9aslYbAl6Cj0UCZk%3D&reserved=0<https://lists.sourceforge.net/lists/listinfo/xcat-user> _______________________________________________ xCAT-user mailing list xCA...@li...<mailto:xCA...@li...> https://lists.sourceforge.net/lists/listinfo/xcat-user |