IPMI over LAN can NOT work in my OpenBMC firmware.
whitehu81 opened this issue · 2 comments
i am very new for the openBMC stack, but i have some experience with the legacy BMC solution in the past.
I just pulled the latest code of openBMC and build the palmetto image then run it with QEMU to test it.
I try to control the openBMC in the host that executed the QEMU via ipmitool as below, but it always failed with the authentication error, does it cause by the Lan cipher setting of the openBMC? Do you know how to fix it?
xxxxxx:~/Desktop$ ipmitool -vv -I lanplus -H 127.0.0.1 -p 2623 -P 0penBmc raw 6 1
Sending IPMI command payload
netfn : 0x06
command : 0x38
data : 0x8e 0x04
SENDING AN OPEN SESSION REQUEST
<<OPEN SESSION RESPONSE
<< Message tag : 0x00
<< RMCP+ status : invalid authentication algorithm
<< Maximum privilege level : Unknown (0x00)
<< Console Session ID : 0xa0a2a3a4
Error in open session response message : invalid authentication algorithm
Error: Unable to establish IPMI v2 / RMCP+ session
Precondition of my test as below:
-
run the palmetto image with the QEMU, and use the hostfwd=udp:127.0.0.1:2623-:623 to forward the data to the QEMU UDP port 623 for IPMI over lan traffic.
-
the openBMC stack seems already listen in the UDP port 623()
root@palmetto:~# netstat -lutn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:5355 0.0.0.0:* LISTEN
tcp 0 0 :::22 :::* LISTEN
tcp 0 0 :::2200 :::* LISTEN
tcp 0 0 :::443 :::* LISTEN
tcp 0 0 :::5355 :::* LISTEN
udp 0 0 0.0.0.0:5353 0.0.0.0:*
udp 0 0 0.0.0.0:5355 0.0.0.0:*
udp 0 0 0.0.0.0:37907 0.0.0.0:*
udp 0 0 127.0.0.53:53 0.0.0.0:*
udp 0 0 10.0.2.15:68 0.0.0.0:*
udp 0 0 :::623 :::*
udp 0 0 :::427 :::*
udp 0 0 :::5353 :::*
udp 0 0 :::5355 :::*
udp 0 0 :::53014 :::* -
the service ipmi-net status in my openBMC as below.
root@palmetto:~# systemctl status phosphor-ipmi-net@eth0.service
- phosphor-ipmi-net@eth0.service - Network IPMI daemon
Loaded: loaded (/lib/systemd/system/phosphor-ipmi-net@.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2020-07-08 07:38:05 UTC; 24min ago
TriggeredBy: * phosphor-ipmi-net@eth0.socket
Main PID: 268 (netipmid)
CGroup: /system.slice/system-phosphor\x2dipmi\x2dnet.slice/phosphor-ipmi-net@eth0.service
`-268 /usr/bin/netipmid -c eth0
Jul 08 07:38:05 palmetto systemd[1]: Started Network IPMI daemon.
Jul 08 07:38:07 palmetto netipmid[268]: Failed to get bus name
Jul 08 07:38:07 palmetto netipmid[268]: Bind to interfae
I looked the debug pages of openbmc as below link, https://github.com/openbmc/openbmc/wiki/Debugging-OpenBMC
It seems that the openBMC require "cipher suit=17" to secure the IPMI over LAN traffic.
Finally i use the -C 17 to successfully control my openBMC in QEMU by the ipmi command from host now as below example.
Notes:
We need to use the latest ipmitool(revision is 1.8.18-7) to run the -C 17 option, for example my ipmitool revision is 1.8.16 with ubuntu 16.04 release, but this old ipmitool does NOT support -C 17 algorithm.
huw8@whitehu-virtual-machine:~/openbmc/test$ ipmitool -C 17 -I lanplus -H 127.0.0
Set in Progress : Set Complete
Auth Type Support :
Auth Type Enable : Callback :
: User :
: Operator :
: Admin :
: OEM :
IP Address Source : DHCP Address
IP Address : 10.0.2.15
Subnet Mask : 255.255.255.0
MAC Address : 52:54:00:12:34:56
Default Gateway IP : 10.0.2.2
Default Gateway MAC : 00:00:00:00:00:00
802.1q VLAN ID : Disabled
RMCP+ Cipher Suites : 17
Cipher Suite Priv Max : aaaaaaaaaaaaaaa
: X=Cipher Suite Unused
: c=CALLBACK
: u=USER
: o=OPERATOR
: a=ADMIN
: O=OEM
.................
We can close this ticket right now, thanks!