View previous topic :: View next topic |
Author |
Message |
ryan.odwyer
Joined: 30 Jun 2020 Posts: 4
|
Posted: Sat Apr 08, 2023 8:45 am Post subject: IPMI Tool against XClarity and iDrac |
|
|
Hi,
It seems there is no obvious method to set the interface for the IPMI lookup to use in HM, running 13.80
HP ILO and SuperMicro are ok with IPMI Tool as it stands.
It seems that iDrac and Lenovo XClarity support IPMI but they need an interface defined in the tool.
IPMI Tool works to lookup IPMI but needs this flag set in the command line: "-I lanplus" once that interface to use is added to the IPMItool cmd line then all IPMI commands work ok.
Is there a way to set HM to use that extra command line so it can lookup IPMI against Dell and Lenovo servers?
I could run IPMItool as a manual script, but then there is a lot of parsing that I would need to do from the output and Cygwin emulation along with ipmi tool would need to be on every system.
thanks,
Ryan |
|
Back to top |
|
|
KS-Soft
Joined: 03 Apr 2002 Posts: 12801 Location: USA
|
Posted: Sun Apr 09, 2023 9:01 am Post subject: |
|
|
Do you have some specifications regarding this "lanplus interface"?
I just rechecked IPMI specifications v2.0, there are 600 pages with "interface" keyword but 0 pages with "lanplus" word.
From other sources - Lanplus interface communicates with the BMC over an Ethernet LAN connection using UDP over IPv4 and IPv6. The LANPlus interface uses the RMCP+ protocol.
Sounds like HostMonitor is using lanplus,
Regards
Alex |
|
Back to top |
|
|
ryan.odwyer
Joined: 30 Jun 2020 Posts: 4
|
|
Back to top |
|
|
KS-Soft
Joined: 03 Apr 2002 Posts: 12801 Location: USA
|
Posted: Wed Apr 12, 2023 1:52 pm Post subject: |
|
|
Hard to find correct manuals and specs. Looks like we will spend week(s) trying to find all necessary information and then implement this option in 1-2 days
So we will not be able to do this right now, added task for version 14
Regards
Alex |
|
Back to top |
|
|
KS-Soft
Joined: 03 Apr 2002 Posts: 12801 Location: USA
|
Posted: Tue Jul 04, 2023 3:57 am Post subject: |
|
|
There is no "lanplus" definition in IPMIv2 specifications but looks like lanplus is synonym for IPMIv2 over RCMP+ protocol.
-I lan = IPMIv1.5, RCMP protocol
-I lanplus = IPMIv2, RCMP+ protocol
HostMonitor supports RCMP+/IPMIv2.
May be problem not in "interface" (it should be called "IPMIv2 protocol" instead of confusing "lanplus interface"). May be problem in ciphers?
What exactly integrity and encryption protocols enabled on your servers?
RAKP-HMAC-SHA1?
RAKP-HMAC-SHA256?
RAKP-HMAC-MD5?
RAKP-none?
AES-CBC-128 encryption?
xRC4 encryption?
no encryption?
Regards
Alex |
|
Back to top |
|
|
ryan.odwyer
Joined: 30 Jun 2020 Posts: 4
|
Posted: Tue Jul 04, 2023 6:59 am Post subject: |
|
|
Thanks Alex,
Everything is default on the config for the Dell and Lenovo, there aren't any options to change ciphers that I can see.
I'll do some digging and maybe a config setting can be changed by IPMItool on the command line and not the Dell/Lenovo GUI. |
|
Back to top |
|
|
KS-Soft
Joined: 03 Apr 2002 Posts: 12801 Location: USA
|
Posted: Tue Jul 04, 2023 7:13 am Post subject: |
|
|
"Default" means nothing to me. As I see iDrac supports various integrity, authentication and encryption protocols, question is what exactly combination is used on specific server (this may depends on firmware version as well).
Quote: | If I add the IPMI Health test all I get back is: RMA 301: Host Error (OSR): no matching cipher suite.
Setting the Auth mode to SHA1 doesn't change the error. |
SHA1 authentication should be supported by all IPMI servers.
May be encryption does not match...
Error exactly the same or different?
Can you disable encryption? Integrity check? Keep just authentication.
Regards
Alex |
|
Back to top |
|
|
KS-Soft
Joined: 03 Apr 2002 Posts: 12801 Location: USA
|
|
Back to top |
|
|
KS-Soft
Joined: 03 Apr 2002 Posts: 12801 Location: USA
|
Posted: Wed Jul 12, 2023 7:32 am Post subject: |
|
|
We tested old Dell with iDRAC 6, IPMIv2 (lanplus), HostMonitor works in Auth modes None and SHA1.
Please check
1) you set correct user name and password for target servers using Connection Manager
2) check list of cipher modes enabled on your servers
Regards
Alex |
|
Back to top |
|
|
KS-Soft
Joined: 03 Apr 2002 Posts: 12801 Location: USA
|
Posted: Fri Aug 25, 2023 7:37 am Post subject: |
|
|
We added more ciphers in new version. You may contact support by e-mail and try new version with your servers
Regards
Alex |
|
Back to top |
|
|
|