Project

General

Profile

Actions
Copy link

action #73483

closed

ipmitool from openSUSE Leap 15.2 and TW to our openQA workers fails with "no matching cipher suite", works on login.suse.de (SLES15SP1)

Added by okurz over 3 years ago. Updated over 3 years ago.

Status:
Resolved
Priority:
High
Assignee:
okurz
Category:
-
Target version:
openQA Project - Ready
Start date:
2020-10-18
Due date:
2020-10-30
% Done:

0%

Estimated time:

Description

Observation

When calling ipmitool to administrate our o3/osd workers this commonly fails with errors like

Error in open session response message : no matching cipher suite

Steps to reproduce

podman run --rm -it registry.opensuse.org/home/okurz/container/containers/tumbleweed:ipmitool ipmitool -I lanplus -H openqaworker1-ipmi.suse.de -U $user -P $pass power status

Problem

This seems to happen for all openSUSE Leap 15.2 and openSUSE Tumbleweed installations, but not openSUSE Leap 15.1 or SLES15SP1 however the version of ipmitool itself seems to be the same. ipmitool -V returns 1.8.18 for me. But the build differs, e.g.

$ zypper --no-refresh info ipmitool
…
Version        : 1.8.18+git20200204.7ccea28-lp152.1.3

$ ssh login "zypper --no-refresh info ipmitool"
…
Version        : 1.8.18-7.3.1

Workaround

Use older versions of the ipmitool chain from either other machines or container

Related issues 1 (0 open1 closed)

Related to openQA Infrastructure - action #73234: ipmi management interface of openqaworker7 is inaccessible ("no matching cipher suite") and not pingableResolvedokurz2020-10-12

Actions
Actions
Copy link
 #1

Updated by okurz over 3 years ago

  • Description updated (diff)
  • Due date set to 2020-10-23
  • Assignee set to nicksinger
  • Priority changed from Normal to High
  • Target version set to Ready

@nicksinger you already looked into this. Can you please say what's the current status, what do you think is the underlying problem and any ideas about the proper solution? Might this be a bug in Leap+Tumbleweed or rather in our infrastructure?

Actions
Copy link
 #2

Updated by nicksinger over 3 years ago

  • Assignee changed from nicksinger to okurz

I think they're trying to make a point: https://github.com/ipmitool/ipmitool/issues/29#issue-347347023
So according to this and my own experiments adding -C 3 seems to be the "proper" way to resolve this.

Actions
Copy link
 #3

Updated by mkittler over 3 years ago

  • Subject changed from ipmitool from openSUSE Leap 15.2 to our openQA workers fails with "no matching cipher suite", works on login.suse.de (SLES15SP1) to ipmitool from openSUSE Leap 15.2 and TW to our openQA workers fails with "no matching cipher suite", works on login.suse.de (SLES15SP1)

@nicksinger Good to know. -C 3 also does the trick under TW.

Actions
Copy link
 #4

Updated by okurz over 3 years ago

  • Due date changed from 2020-10-23 to 2020-10-30
  • Status changed from New to Feedback
Actions
Copy link
 #5

Updated by okurz over 3 years ago

  • Status changed from Feedback to Resolved

all merged and done. Everyone can call the command in https://gitlab.suse.de/openqa/salt-pillars-openqa/-/blob/master/README.md to have helpful IPMI aliases. I also mentioned that in https://confluence.suse.com/display/openqa/openQA .

Actions
Copy link
 #6

Updated by okurz over 3 years ago

  • Related to action #73234: ipmi management interface of openqaworker7 is inaccessible ("no matching cipher suite") and not pingable added
Actions
Copy link

Also available in: Atom PDF