freeipmi-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Freeipmi-devel] fiid_obj_get: maximum_privilege_for_cipher_suite_3:


From: Christopher Maestas
Subject: Re: [Freeipmi-devel] fiid_obj_get: maximum_privilege_for_cipher_suite_3: no data set
Date: Thu, 18 Nov 2010 13:01:16 -0700

I did try this on a dl185 (lo100 as wel) and things seem to checkout without that error.  The chipset used on the dl145 may need the workarounds due to its age perhaps.  I have some dl145 nodes in my lab, but need to stand them up to test.
 
Thanks,
-cdm

On Wed, Nov 17, 2010 at 3:46 PM, Al Chu <address@hidden> wrote:
Hey Peter,

I put up a new release that hopefully outputs better/right error
messages.

http://download.gluster.com/pub/freeipmi/qa-release/freeipmi-0.8.12.beta2.tar.gz

Thanks,

Al

On Wed, 2010-11-17 at 14:15 -0800, Al Chu wrote:
> Hey Peter,
>
> On Wed, 2010-11-17 at 14:05 -0800, Peter Selby wrote:
> > That works!
> >
> > Checking out the config, I get:
> >
> > Section Rmcpplus_Conf_Privilege
> >         ## Possible values: Unused/User/Operator/Administrator/OEM_Proprietary
> >         Maximum_Privilege_Cipher_Suite_Id_0           OEM_Proprietary
> >         ## Possible values: Unused/User/Operator/Administrator/OEM_Proprietary
> >         Maximum_Privilege_Cipher_Suite_Id_1           OEM_Proprietary
> >         ## Possible values: Unused/User/Operator/Administrator/OEM_Proprietary
> >         ## Maximum_Privilege_Cipher_Suite_Id_2
> >         ## Possible values: Unused/User/Operator/Administrator/OEM_Proprietary
> >         ## Maximum_Privilege_Cipher_Suite_Id_3
> > EndSection
>
> This is good, exactly what I hoped would happen.
>
> > When committing, any uncommented line gives:
> >
> > ERROR: Failed to commit
> > `Rmcpplus_Conf_Privilege:Maximum_Privilege_Cipher_Suite_Id_0': Field
> > Required
> >
> > ...Regardless of setting.  Is that an error, or is the field just read-only?
>
> Doh!  I need to fix the error message text, but the basic behavior is
> correct.  The other two fields:
>
> Maximum_Privilege_Cipher_Suite_Id_2
> and
> Maximum_Privilege_Cipher_Suite_Id_2
>
> need to be populated with a value (and the line uncommented).  Hopefully
> that will be enough to get around the HP problem (if there's a further
> HP mobo problem, we'll have to deal with it when we find it).
>
> Al
>
> > Thanks again!
> >
> > Peter
> >
> > On Wed, Nov 17, 2010 at 11:26 AM, Al Chu <address@hidden> wrote:
> > > Hi Peter,
> > >
> > > http://download.gluster.com/pub/freeipmi/qa-release/freeipmi-0.8.12.beta1.tar.gz
> > >
> > > I realized the workaround in beta0 fixed the --checkout part for this
> > > issue on your motherboard, but I had a bug in the --commit portion of
> > > the workaround.  Could you check out the above instead?  Thanks.
> > >
> > > Al
> > >
> > > On Tue, 2010-11-16 at 17:23 -0800, Al Chu wrote:
> > >> Hi Peter,
> > >>
> > >> I believe I have something that should workaround your problem, can you
> > >> try out this test tar.gz to see?  Without a motherboard to try this on,
> > >> I don't know if it works for sure, but I'm confident it will.  The
> > >> tar.gz is here;
> > >>
> > >> http://download.gluster.com/pub/freeipmi/qa-release/freeipmi-0.8.12.beta0.tar.gz
> > >>
> > >> It is quite newer than what you were running before, hope that's ok.
> > >>
> > >> Normal ./configure ; make ; make install to install, or you can run
> > >> bmc-config out of the local build bmc-config/src/.
> > >>
> > >> If it doesn't work, please send the --debug output like before.
> > >>
> > >> Thanks,
> > >> Al
> > >>
> > >> On Mon, 2010-11-15 at 21:34 -0800, Peter Selby wrote:
> > >> > Thanks!  Let me know if you need any more info...
> > >> >
> > >> > On Mon, Nov 15, 2010 at 4:10 PM, Al Chu <address@hidden> wrote:
> > >> > > Hi Peter,
> > >> > >
> > >> > > It's as I suspected:
> > >> > >
> > >> > >> =====================================================
> > >> > >> Get LAN Configuration Parameters Response
> > >> > >> =====================================================
> > >> > >> [               2h] = cmd[ 8b]
> > >> > >> [               0h] = comp_code[ 8b]
> > >> > >> [               1h] = present_revision[ 4b]
> > >> > >> [               1h] = oldest_revision_parameter[ 4b]
> > >> > >> [               4h] = cipher_suite_entry_count[ 4b]
> > >> > >> [               0h] = reserved[ 4b]
> > >> > >
> > >> > > This says there are 4 cipher suites to read.
> > >> > >
> > >> > >> =====================================================
> > >> > >> Get LAN Configuration Parameters Response
> > >> > >> =====================================================
> > >> > >> [               2h] = cmd[ 8b]
> > >> > >> [               0h] = comp_code[ 8b]
> > >> > >> [               1h] = present_revision[ 4b]
> > >> > >> [               1h] = oldest_revision_parameter[ 4b]
> > >> > >> [               0h] = reserved[ 8b]
> > >> > >> [               0h] = cipher_suite_id_entry_A[ 8b]
> > >> > >> [               1h] = cipher_suite_id_entry_B[ 8b]
> > >> > >> [               2h] = cipher_suite_id_entry_C[ 8b]
> > >> > >> [               3h] = cipher_suite_id_entry_D[ 8b]
> > >> > >
> > >> > > This shows which ones are supported, and it properly shows 4 of them.
> > >> > >
> > >> > >> =====================================================
> > >> > >> Get LAN Configuration Parameters Response
> > >> > >> =====================================================
> > >> > >> [               2h] = cmd[ 8b]
> > >> > >> [               0h] = comp_code[ 8b]
> > >> > >> [               1h] = present_revision[ 4b]
> > >> > >> [               1h] = oldest_revision_parameter[ 4b]
> > >> > >> [              55h] = reserved[ 8b]
> > >> > >> [               5h] = maximum_privilege_for_cipher_suite_1[ 4b]
> > >> > >> [               5h] = maximum_privilege_for_cipher_suite_2[ 4b]
> > >> > >> fiid_obj_get: maximum_privilege_for_cipher_suite_3: no data set
> > >> > >
> > >> > > This is supposed to tell us what the maximum privilege level for those 4
> > >> > > cipher suites are, but the command only returns 2.  Uh oh ...
> > >> > >
> > >> > > I'll need to think about how to work around this.  Maybe if this
> > >> > > happens, I could have bmc-config output "Unknown" or something, and it's
> > >> > > up to the user to force the configuration of something.  Let me think
> > >> > > about this and get back to you with a patch ...
> > >> > >
> > >> > > Al
> > >> > >
> > >> > > On Mon, 2010-11-15 at 16:00 -0800, Peter Selby wrote:
> > >> > >> Thanks for the quick response!
> > >> > >>
> > >> > >> ipmiping doesn't work, either from the host or from a neighbour.  I'm
> > >> > >> pretty sure it's not a network issue, but I'll double-check, and try a
> > >> > >> hard-reset.
> > >> > >>
> > >> > >> Here's the output of debug:
> > >> > >>
> > >> > >> bmc-config --checkout --section=Rmcpplus_Conf_Privilege --debug
> > >> > >> =====================================================
> > >> > >> Get Device ID Request
> > >> > >> =====================================================
> > >> > >> [               1h] = cmd[ 8b]
> > >> > >> =====================================================
> > >> > >> Get Device ID Response
> > >> > >> =====================================================
> > >> > >> [               1h] = cmd[ 8b]
> > >> > >> [               0h] = comp_code[ 8b]
> > >> > >> [               0h] = device_id[ 8b]
> > >> > >> [               3h] = device_revision.revision[ 4b]
> > >> > >> [               0h] = device_revision.reserved1[ 3b]
> > >> > >> [               0h] = device_revision.sdr_support[ 1b]
> > >> > >> [               1h] = firmware_revision1.major_revision[ 7b]
> > >> > >> [               0h] = firmware_revision1.device_available[ 1b]
> > >> > >> [              22h] = firmware_revision2.minor_revision[ 8b]
> > >> > >> [               2h] = ipmi_version_major[ 4b]
> > >> > >> [               0h] = ipmi_version_minor[ 4b]
> > >> > >> [               1h] = additional_device_support.sensor_device[ 1b]
> > >> > >> [               1h] = additional_device_support.sdr_repository_device[ 1b]
> > >> > >> [               1h] = additional_device_support.sel_device[ 1b]
> > >> > >> [               1h] = additional_device_support.fru_inventory_device[ 1b]
> > >> > >> [               1h] = additional_device_support.ipmb_event_receiver[ 1b]
> > >> > >> [               0h] = additional_device_support.ipmb_event_generator[ 1b]
> > >> > >> [               1h] = additional_device_support.bridge[ 1b]
> > >> > >> [               1h] = additional_device_support.chassis_device[ 1b]
> > >> > >> [             F85h] = manufacturer_id.id[20b]
> > >> > >> [               0h] = manufacturer_id.reserved1[ 4b]
> > >> > >> [               0h] = product_id[16b]
> > >> > >> =====================================================
> > >> > >> Get Channel Info Command Request
> > >> > >> =====================================================
> > >> > >> [              42h] = cmd[ 8b]
> > >> > >> [               0h] = channel_number[ 4b]
> > >> > >> [               0h] = reserved[ 4b]
> > >> > >> =====================================================
> > >> > >> Get Channel Info Command Response
> > >> > >> =====================================================
> > >> > >> [              42h] = cmd[ 8b]
> > >> > >> [               0h] = comp_code[ 8b]
> > >> > >> [               0h] = actual_channel_number[ 4b]
> > >> > >> [               0h] = actual_channel_number.reserved[ 4b]
> > >> > >> [               1h] = channel_medium_type[ 7b]
> > >> > >> [               0h] = channel_medium_type.reserved[ 1b]
> > >> > >> [               1h] = channel_protocol_type[ 5b]
> > >> > >> [               0h] = channel_protocol_type.reserved[ 3b]
> > >> > >> [               0h] = active_session_count[ 6b]
> > >> > >> [               0h] = session_support[ 2b]
> > >> > >> [            1BF2h] = vendor_id[24b]
> > >> > >> [            FFFFh] = auxiliary_channel_info[16b]
> > >> > >> =====================================================
> > >> > >> Get Channel Info Command Request
> > >> > >> =====================================================
> > >> > >> [              42h] = cmd[ 8b]
> > >> > >> [               1h] = channel_number[ 4b]
> > >> > >> [               0h] = reserved[ 4b]
> > >> > >> =====================================================
> > >> > >> Get Channel Info Command Response
> > >> > >> =====================================================
> > >> > >> [              42h] = cmd[ 8b]
> > >> > >> [              CCh] = comp_code[ 8b]
> > >> > >> [               0h] = actual_channel_number[ 4b]
> > >> > >> [               0h] = actual_channel_number.reserved[ 4b]
> > >> > >> [               1h] = channel_medium_type[ 7b]
> > >> > >> [               0h] = channel_medium_type.reserved[ 1b]
> > >> > >> [               1h] = channel_protocol_type[ 5b]
> > >> > >> [               0h] = channel_protocol_type.reserved[ 3b]
> > >> > >> [               0h] = active_session_count[ 6b]
> > >> > >> [               0h] = session_support[ 2b]
> > >> > >> [            1BF2h] = vendor_id[24b]
> > >> > >> [            FFFFh] = auxiliary_channel_info[16b]
> > >> > >> =====================================================
> > >> > >> Get Channel Info Command Request
> > >> > >> =====================================================
> > >> > >> [              42h] = cmd[ 8b]
> > >> > >> [               2h] = channel_number[ 4b]
> > >> > >> [               0h] = reserved[ 4b]
> > >> > >> =====================================================
> > >> > >> Get Channel Info Command Response
> > >> > >> =====================================================
> > >> > >> [              42h] = cmd[ 8b]
> > >> > >> [               0h] = comp_code[ 8b]
> > >> > >> [               2h] = actual_channel_number[ 4b]
> > >> > >> [               0h] = actual_channel_number.reserved[ 4b]
> > >> > >> [               4h] = channel_medium_type[ 7b]
> > >> > >> [               0h] = channel_medium_type.reserved[ 1b]
> > >> > >> [               1h] = channel_protocol_type[ 5b]
> > >> > >> [               0h] = channel_protocol_type.reserved[ 3b]
> > >> > >> [               0h] = active_session_count[ 6b]
> > >> > >> [               2h] = session_support[ 2b]
> > >> > >> [            1BF2h] = vendor_id[24b]
> > >> > >> [            FFFFh] = auxiliary_channel_info[16b]
> > >> > >> =====================================================
> > >> > >> Get User Access Command Request
> > >> > >> =====================================================
> > >> > >> [              44h] = cmd[ 8b]
> > >> > >> [               2h] = channel_number[ 4b]
> > >> > >> [               0h] = reserved1[ 4b]
> > >> > >> [               1h] = user_id[ 6b]
> > >> > >> [               0h] = reserved2[ 2b]
> > >> > >> =====================================================
> > >> > >> Get User Access Command Response
> > >> > >> =====================================================
> > >> > >> [              44h] = cmd[ 8b]
> > >> > >> [               0h] = comp_code[ 8b]
> > >> > >> [               3h] = max_channel_user_ids[ 6b]
> > >> > >> [               0h] = reserved1[ 2b]
> > >> > >> [               2h] = current_channel_user_ids[ 6b]
> > >> > >> [               0h] = user_id_enable_status[ 2b]
> > >> > >> [               1h] = current_channel_fixed_names[ 6b]
> > >> > >> [               0h] = reserved2[ 2b]
> > >> > >> [               2h] = user_privilege_level_limit[ 4b]
> > >> > >> [               1h] = user_ipmi_messaging[ 1b]
> > >> > >> [               1h] = user_link_authentication[ 1b]
> > >> > >> [               0h] = user_restricted_to_callback[ 1b]
> > >> > >> [               0h] = reserved3[ 1b]
> > >> > >> #
> > >> > >> # Section Rmcpplus_Conf_Privilege Comments
> > >> > >> #
> > >> > >> # If your system supports IPMI 2.0 and Serial-over-LAN (SOL),cipher suite IDs
> > >> > >> # may be configurable below. In the Rmcpplus_Conf_Privilege section, maximum
> > >> > >> # user privilege levels allowed for authentication under IPMI 2.0 (including
> > >> > >> # Serial-over-LAN) are set for each supported cipher suite ID. Each
> > >> > >> cipher suite
> > >> > >> # ID supports different sets of authentication, integrity, and encryption
> > >> > >> # algorithms for IPMI 2.0. Typically, the highest privilege level any username
> > >> > >> # configured should set for support under a cipher suite ID. This is typically
> > >> > >> # "Administrator".
> > >> > >> #
> > >> > >> Section Rmcpplus_Conf_Privilege
> > >> > >> =====================================================
> > >> > >> Get LAN Configuration Parameters Request
> > >> > >> =====================================================
> > >> > >> [               2h] = cmd[ 8b]
> > >> > >> [               2h] = channel_number[ 4b]
> > >> > >> [               0h] = reserved1[ 3b]
> > >> > >> [               0h] = get_parameter[ 1b]
> > >> > >> [              16h] = parameter_selector[ 8b]
> > >> > >> [               0h] = set_selector[ 8b]
> > >> > >> [               0h] = block_selector[ 8b]
> > >> > >> =====================================================
> > >> > >> Get LAN Configuration Parameters Response
> > >> > >> =====================================================
> > >> > >> [               2h] = cmd[ 8b]
> > >> > >> [               0h] = comp_code[ 8b]
> > >> > >> [               1h] = present_revision[ 4b]
> > >> > >> [               1h] = oldest_revision_parameter[ 4b]
> > >> > >> [               4h] = cipher_suite_entry_count[ 4b]
> > >> > >> [               0h] = reserved[ 4b]
> > >> > >> =====================================================
> > >> > >> Get LAN Configuration Parameters Request
> > >> > >> =====================================================
> > >> > >> [               2h] = cmd[ 8b]
> > >> > >> [               2h] = channel_number[ 4b]
> > >> > >> [               0h] = reserved1[ 3b]
> > >> > >> [               0h] = get_parameter[ 1b]
> > >> > >> [              17h] = parameter_selector[ 8b]
> > >> > >> [               0h] = set_selector[ 8b]
> > >> > >> [               0h] = block_selector[ 8b]
> > >> > >> =====================================================
> > >> > >> Get LAN Configuration Parameters Response
> > >> > >> =====================================================
> > >> > >> [               2h] = cmd[ 8b]
> > >> > >> [               0h] = comp_code[ 8b]
> > >> > >> [               1h] = present_revision[ 4b]
> > >> > >> [               1h] = oldest_revision_parameter[ 4b]
> > >> > >> [               0h] = reserved[ 8b]
> > >> > >> [               0h] = cipher_suite_id_entry_A[ 8b]
> > >> > >> [               1h] = cipher_suite_id_entry_B[ 8b]
> > >> > >> [               2h] = cipher_suite_id_entry_C[ 8b]
> > >> > >> [               3h] = cipher_suite_id_entry_D[ 8b]
> > >> > >> =====================================================
> > >> > >> Get LAN Configuration Parameters Request
> > >> > >> =====================================================
> > >> > >> [               2h] = cmd[ 8b]
> > >> > >> [               2h] = channel_number[ 4b]
> > >> > >> [               0h] = reserved1[ 3b]
> > >> > >> [               0h] = get_parameter[ 1b]
> > >> > >> [              18h] = parameter_selector[ 8b]
> > >> > >> [               0h] = set_selector[ 8b]
> > >> > >> [               0h] = block_selector[ 8b]
> > >> > >> =====================================================
> > >> > >> Get LAN Configuration Parameters Response
> > >> > >> =====================================================
> > >> > >> [               2h] = cmd[ 8b]
> > >> > >> [               0h] = comp_code[ 8b]
> > >> > >> [               1h] = present_revision[ 4b]
> > >> > >> [               1h] = oldest_revision_parameter[ 4b]
> > >> > >> [              55h] = reserved[ 8b]
> > >> > >> [               5h] = maximum_privilege_for_cipher_suite_1[ 4b]
> > >> > >> [               5h] = maximum_privilege_for_cipher_suite_2[ 4b]
> > >> > >> fiid_obj_get: maximum_privilege_for_cipher_suite_3: no data set
> > >> > >>
> > >> > >> On Mon, Nov 15, 2010 at 3:55 PM, Al Chu <address@hidden> wrote:
> > >> > >> > Hi Peter,
> > >> > >> >
> > >> > >> > Assuming you're using a recent version of FreeIPMI, there's probably
> > >> > >> > some IPMI non-compliance going on on your motherboard.  The short guess
> > >> > >> > is that the motherboard isn't properly reporting things to bmc-config
> > >> > >> > correctly, and bmc-config gets confused and gives up.  There's been a
> > >> > >> > few IPMI issues for the HP DL145 already reported to me. Lets see if we
> > >> > >> > can figure out what's going on.  Can you send me the --debug output.
> > >> > >> > Since the problem appears just in that section, how about running this
> > >> > >> > to shorten the output
> > >> > >> >
> > >> > >> > bmc-config --checkout --section=Rmcpplus_Conf_Privilege --debug
> > >> > >> >
> > >> > >> >> Any idea what could be wrong, or how to fix it?  And could this be the
> > >> > >> >> reason the network won't come up?
> > >> > >> >
> > >> > >> > Although it's always possible, it's unlikely this is the cause of IPMI
> > >> > >> > over LAN not working.  Can you get an ipmiping (/usr/sbin/ipmiping) to
> > >> > >> > work?  If yes that would point to it being an authentication problem
> > >> > >> > (e.g. username/password/privilege, etc.), if no, possibly a more basic
> > >> > >> > networking issue (subnetting, routing, etc.).
> > >> > >> >
> > >> > >> > I haven't played with this motherboard specifically, but a few recent
> > >> > >> > ones I've encountered require you to hard-reset (e.g. power button push)
> > >> > >> > the motherboard for configuration changes to "stick".  It certainly
> > >> > >> > can't hurt to try.
> > >> > >> >
> > >> > >> > Al
> > >> > >> >
> > >> > >> > On Mon, 2010-11-15 at 15:29 -0800, Peter Selby wrote:
> > >> > >> >> Hi guys,
> > >> > >> >>
> > >> > >> >> I'm trying to configure the BMC on an HP ProLiant DL145 G2 using
> > >> > >> >> bmc-config.  IPMI over LAN is not working; it should have a fixed IP,
> > >> > >> >> but it won't respond to anything.
> > >> > >> >>
> > >> > >> >> When I try to dump the BMC config, I get:
> > >> > >> >>
> > >> > >> >> $ bmc-config --checkout
> > >> > >> >> ...
> > >> > >> >> Section Rmcpplus_Conf_Privilege
> > >> > >> >> fiid_obj_get: maximum_privilege_for_cipher_suite_3: no data set
> > >> > >> >> $
> > >> > >> >>
> > >> > >> >> Everything prior to that dumps okay.  Adding the section (and
> > >> > >> >> subsequent SOL_Conf section) manually, I get two possible results:
> > >> > >> >>
> > >> > >> >>  * Empty Rmcpplus_Conf_Privilege:  Config commits successfully, but a
> > >> > >> >> checkout results in the same problem
> > >> > >> >>  * Rmcpplus_Conf_Privilege filled in based on the bmc-config.conf
> > >> > >> >> manpage (with Maximum_Privilege_Cipher_Suite_Id_0-through-4 or 12):  I
> > >> > >> >> get the same error, fiid_obj_get:
> > >> > >> >> maximum_privilege_for_cipher_suite_3: no data set
> > >> > >> >>
> > >> > >> >> Any idea what could be wrong, or how to fix it?  And could this be the
> > >> > >> >> reason the network won't come up?
> > >> > >> >>
> > >> > >> >> Thanks,
> > >> > >> >>
> > >> > >> >> Peter
> > >> > >> >>
> > >> > >> >> _______________________________________________
> > >> > >> >> Freeipmi-devel mailing list
> > >> > >> >> address@hidden
> > >> > >> >> http://BLOCKEDBLOCKEDBLOCKEDBLOCKEDBLOCKEDlists.gnu.org/mailman/listinfo/freeipmi-devel
> > >> > >> >>
> > >> > >> > --
> > >> > >> > Albert Chu
> > >> > >> > address@hidden
> > >> > >> > Computer Scientist
> > >> > >> > High Performance Systems Division
> > >> > >> > Lawrence Livermore National Laboratory
> > >> > >> >
> > >> > >> >
> > >> > >>
> > >> > > --
> > >> > > Albert Chu
> > >> > > address@hidden
> > >> > > Computer Scientist
> > >> > > High Performance Systems Division
> > >> > > Lawrence Livermore National Laboratory
> > >> > >
> > >> > >
> > >> --
> > >> Albert Chu
> > >> address@hidden
> > >> Computer Scientist
> > >> High Performance Systems Division
> > >> Lawrence Livermore National Laboratory
> > >>
> > >>
> > >> _______________________________________________
> > >> Freeipmi-devel mailing list
> > >> address@hidden
> > >> http://BLOCKEDBLOCKEDlists.gnu.org/mailman/listinfo/freeipmi-devel
> > >>
> > > --
> > > Albert Chu
> > > address@hidden
> > > Computer Scientist
> > > High Performance Systems Division
> > > Lawrence Livermore National Laboratory
> > >
> > >
> >
--
Albert Chu
address@hidden
Computer Scientist
High Performance Systems Division
Lawrence Livermore National Laboratory


_______________________________________________
Freeipmi-devel mailing list
address@hidden
http://lists.gnu.org/mailman/listinfo/freeipmi-devel


reply via email to

[Prev in Thread] Current Thread [Next in Thread]