ipmitool from openSUSE Leap 15.2 and TW to our openQA workers fails with "no matching cipher suite", works on login.suse.de (SLES15SP1)
ipmitool to administrate our o3/osd workers this commonly fails with errors like
Error in open session response message : no matching cipher suite
Steps to reproduce¶
podman run --rm -it registry.opensuse.org/home/okurz/container/containers/tumbleweed:ipmitool ipmitool -I lanplus -H openqaworker1-ipmi.suse.de -U $user -P $pass power status
This seems to happen for all openSUSE Leap 15.2 and openSUSE Tumbleweed installations, but not openSUSE Leap 15.1 or SLES15SP1 however the version of ipmitool itself seems to be the same.
ipmitool -V returns 1.8.18 for me. But the build differs, e.g.
$ zypper --no-refresh info ipmitool … Version : 1.8.18+git20200204.7ccea28-lp152.1.3 $ ssh login "zypper --no-refresh info ipmitool" … Version : 1.8.18-7.3.1
Use older versions of the ipmitool chain from either other machines or container
- Description updated (diff)
- Due date set to 2020-10-23
- Assignee set to nicksinger
- Priority changed from Normal to High
- Target version set to Ready
nicksinger you already looked into this. Can you please say what's the current status, what do you think is the underlying problem and any ideas about the proper solution? Might this be a bug in Leap+Tumbleweed or rather in our infrastructure?
#2 Updated by nicksinger 3 months ago
- Assignee changed from nicksinger to okurz
I think they're trying to make a point: https://github.com/ipmitool/ipmitool/issues/29#issue-347347023
So according to this and my own experiments adding
-C 3 seems to be the "proper" way to resolve this.
- Subject changed from ipmitool from openSUSE Leap 15.2 to our openQA workers fails with "no matching cipher suite", works on login.suse.de (SLES15SP1) to ipmitool from openSUSE Leap 15.2 and TW to our openQA workers fails with "no matching cipher suite", works on login.suse.de (SLES15SP1)
nicksinger Good to know.
-C 3 also does the trick under TW.
- Due date changed from 2020-10-23 to 2020-10-30
- Status changed from New to Feedback
Updated ipmitool commands in our pillar document: https://gitlab.suse.de/openqa/salt-pillars-openqa/-/merge_requests/268
EDIT: … and IPMI convenience aliases: https://gitlab.suse.de/openqa/salt-pillars-openqa/-/merge_requests/269
- Status changed from Feedback to Resolved
all merged and done. Everyone can call the command in https://gitlab.suse.de/openqa/salt-pillars-openqa/-/blob/master/README.md to have helpful IPMI aliases. I also mentioned that in https://confluence.suse.com/display/openqa/openQA .