MAAS setting wrong Cipher Suite ID for recent Lenovo machines
Bug #2023495 reported by
Jeff Lane
This bug affects 2 people
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| MAAS |
Triaged
|
Low
|
Unassigned | ||
Bug Description
When enlisting recent Lenovo machines, I've noticed that MAAS is setting the Cipher Suite ID to 3. This is incorrect and makes ipmi-over-lan fail.
These machines all use Cipher Suite 17 and I have to manually modify them in MAAS to use ID 17, at which point MAAS can successfully control them remotely.
Note, in this most recent case (SR635 V3 with XCC 2) MAAS set the cipher suite id to 3 during enlistment. I had to change it manually to get commissioning to work. After commissioning, MAAS changed it back to ID 3 again, once more making the machine unmanageable. So had to correct this a second time, resetting it once again to 17
| description: | updated |
Revision history for this message
| Thorsten Merten (thorsten-merten) wrote | #2 |
Revision history for this message
| Thorsten Merten (thorsten-merten) wrote | #3 |
| Changed in maas: | |
| status: | New → Triaged |
| importance: | Undecided → Low |
| milestone: | none → 3.5.0 |
Revision history for this message
| Nicholas Fries (nicfries) wrote | #4 |
To post a comment you must log in.
This is low priority, I noticed in the BMC that it warns that the default security setting requires ID 17. You can also change to a lower security setting and ID 3 will then work.
I get the feeling (unconfirmed) that MAAS just asks what is supported and set it to the first thing on the list... perhaps the answer is a simple message saying "We've chosen $ID but if MAAS is unable to control the machine via IPMI, you may need to pick one of the other available IDs or review your server's security policy"
in a popup or something.
Just a thought...
So there IS a workaround, either one of:
A: Change the cipher suite ID to 17 or
B: Change the system security settings to a setting that allows use of ID 3.