Menu
▾
▴
Re: [xcat-user] 2.16.5 and rcons
|
From: Markus H. <mar...@me...> - 2024-05-17 16:42:14
|
With the following command you can enable (a) / disable (X) certain ciphers: ipmitool -I lanplus -U XXX -P XXX -H <node> lan set <channel> cipher_privs aaaaaaaaaaaaaaa This might be useful for some of you. Mit freundlichen Grüßen / Kind regards Markus Hilger HPC Engineer MEGWARE Computer Vertrieb und Service GmbH Tel: +49 3722 528-47 Nordstraße 19 mar...@me...<mailto:mar...@me...> 09247 Chemnitz-Röhrsdorf, Germany www.megware.com<http://www.megware.com/> Geschäftsführer: André Singer, Dr. Axel Auweter Amtsgericht: Chemnitz HRB 584 ________________________________ Von: Ryan Novosielski via xCAT-user <xca...@li...> Gesendet: Dienstag, 14. Mai 2024 17:06 An: xCAT Users Mailing list <xca...@li...> Cc: Ryan Novosielski <nov...@ru...> Betreff: Re: [xcat-user] 2.16.5 and rcons What has changed in later releases for RHEL-based OS is the behavior of ipmitool. I don’t know enough about the origins of the ipmitool that xCAT uses or how much it relies on the OS, but we have many systems that require -C 3 in order to connect on I believe both RHEL8 and RHEL9. -- #BlackLivesMatter ____ || \\UTGERS, |---------------------------*O*--------------------------- ||_// the State | Ryan Novosielski - nov...@ru... || \\ University | Sr. Technologist - 973/972.0922 (2x0922) ~*~ RBHS Campus || \\ of NJ | Office of Advanced Research Computing - MSB A555B, Newark `' On May 14, 2024, at 07:51, Markus Hilger <mar...@me...> wrote: Hi, this is really strange because the goconserver should be the very same for quite some time. goconserver-0.3.3-snap202011021058.x86_64.rpm With site.consoleondemand set to yes the following happens: goconserver reads /var/lib/goconserver/nodes.json and spawns the following command: /opt/xcat/share/xcat/cons/ipmi <node> This will spawn: /opt/xcat/bin/ipmitool-xcat -I lanplus -U XXXXXX -P XXXXXX -H <node>.ipmi sol activate Can you please try to use the sol activate command manually and compare ipmitool-xcat vs. ipmitool? We might want to use ipmitool directly instead of ipmitool-xcat in /opt/xcat/share/xcat/cons/ipmi. Please also try with explicit cipher settings -C 3 -C 17 etc. Mit freundlichen Grüßen / Kind regards Markus Hilger HPC Engineer MEGWARE Computer Vertrieb und Service GmbH Tel: +49 3722 528-47 Nordstraße 19 mar...@me...<mailto:mar...@me...> 09247 Chemnitz-Röhrsdorf, Germany www.megware.com<http://www.megware.com/> Geschäftsführer: André Singer, Dr. Axel Auweter Amtsgericht: Chemnitz HRB 584 ________________________________ Von: Calvin Sawyer <c.s...@qm...<mailto:c.s...@qm...>> Gesendet: Montag, 13. Mai 2024 10:01 An: xca...@li...<mailto:xca...@li...> <xca...@li...<mailto:xca...@li...>> Betreff: [xcat-user] 2.16.5 and rcons Hi We've just migrated to a fresh 2.16.5 in a Rocky9.3 VM using imports from the previous 2.16.3, which has been mostly successful. We can rinstall and perform most r-commands Our test cluster which this xcat manages is comprised of older hardware and is meant to serve as a dress rehearsal for upgrading similarly in our production cluster with newer-gen hardware For the most part, 2.16.5 has been working fine with the notable exception of rcons. Both system types in the test cluster work fine with rcons under 2.16.3 user CentOS7, but under 2.16.5: Flex System x240 and NeXtScale nx360 M5 respond on C3 only, C17 is inoperative (and verified using ipmitool) with error: Error: Unable to establish IPMI v2 / RMCP+ session Error in open session response message : no matching cipher suite Testing on other hardware is complicated by many accepting both C3 and C17 (dell iDrac is one). More contemporary IMM2 allows both cipher suites as well This leads me to think that rcons is still somewhere hardwired to C3. We downloaded and patched IPMI.pm with the one from https://github.com/xcat2/xcat-core but the issue persists. However, I also don't understand exactly which system or xcat-specific components are involved in operation of goconserver or establishing an rcons connection to track down where the cipher suite is set Cal Sawyer ITS Research Platforms Manager Queen Mary University of London _______________________________________________ xCAT-user mailing list xCA...@li...<mailto:xCA...@li...> https://lists.sourceforge.net/lists/listinfo/xcat-user |