search

openbmc / phosphor-net-ipmid

Network IPMI server
Apache License 2.0
9 stars 11 forks source link

IPMI over LAN can NOT work in my OpenBMC firmware. #13

Open whitehu81 opened 4 years ago

whitehu81 commented 4 years ago

i am very new for the openBMC stack, but i have some experience with the legacy BMC solution in the past. I just pulled the latest code of openBMC and build the palmetto image then run it with QEMU to test it.

I try to control the openBMC in the host that executed the QEMU via ipmitool as below, but it always failed with the authentication error, does it cause by the Lan cipher setting of the openBMC? Do you know how to fix it?

xxxxxx:~/Desktop$ ipmitool -vv -I lanplus -H 127.0.0.1 -p 2623 -P 0penBmc raw 6 1

Sending IPMI command payload netfn : 0x06 command : 0x38 data : 0x8e 0x04

SENDING AN OPEN SESSION REQUEST

<<OPEN SESSION RESPONSE << Message tag : 0x00 << RMCP+ status : invalid authentication algorithm << Maximum privilege level : Unknown (0x00) << Console Session ID : 0xa0a2a3a4 Error in open session response message : invalid authentication algorithm

Error: Unable to establish IPMI v2 / RMCP+ session

Precondition of my test as below:

  1. run the palmetto image with the QEMU, and use the hostfwd=udp:127.0.0.1:2623-:623 to forward the data to the QEMU UDP port 623 for IPMI over lan traffic.

  2. the openBMC stack seems already listen in the UDP port 623() root@palmetto:~# netstat -lutn Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 127.0.0.53:53 0.0.0.0: LISTEN tcp 0 0 0.0.0.0:5355 0.0.0.0: LISTEN tcp 0 0 :::22 ::: LISTEN tcp 0 0 :::2200 ::: LISTEN tcp 0 0 :::443 ::: LISTEN tcp 0 0 :::5355 ::: LISTEN udp 0 0 0.0.0.0:5353 0.0.0.0: udp 0 0 0.0.0.0:5355 0.0.0.0: udp 0 0 0.0.0.0:37907 0.0.0.0: udp 0 0 127.0.0.53:53 0.0.0.0: udp 0 0 10.0.2.15:68 0.0.0.0: udp 0 0 :::623 ::: udp 0 0 :::427 ::: udp 0 0 :::5353 ::: udp 0 0 :::5355 ::: udp 0 0 :::53014 :::

  3. the service ipmi-net status in my openBMC as below. root@palmetto:~# systemctl status phosphor-ipmi-net@eth0.service

    • phosphor-ipmi-net@eth0.service - Network IPMI daemon Loaded: loaded (/lib/systemd/system/phosphor-ipmi-net@.service; enabled; vendor preset: disabled) Active: active (running) since Wed 2020-07-08 07:38:05 UTC; 24min ago TriggeredBy: * phosphor-ipmi-net@eth0.socket Main PID: 268 (netipmid) CGroup: /system.slice/system-phosphor\x2dipmi\x2dnet.slice/phosphor-ipmi-net@eth0.service `-268 /usr/bin/netipmid -c eth0

Jul 08 07:38:05 palmetto systemd[1]: Started Network IPMI daemon. **Jul 08 07:38:07 palmetto netipmid[268]: Failed to get bus name Jul 08 07:38:07 palmetto netipmid[268]: Bind to interfae**

whitehu81 commented 4 years ago

I looked the debug pages of openbmc as below link, https://github.com/openbmc/openbmc/wiki/Debugging-OpenBMC It seems that the openBMC require "cipher suit=17" to secure the IPMI over LAN traffic.

Finally i use the -C 17 to successfully control my openBMC in QEMU by the ipmi command from host now as below example.

Notes: We need to use the latest ipmitool(revision is 1.8.18-7) to run the -C 17 option, for example my ipmitool revision is 1.8.16 with ubuntu 16.04 release, but this old ipmitool does NOT support -C 17 algorithm.

huw8@whitehu-virtual-machine:~/openbmc/test$ ipmitool -C 17 -I lanplus -H 127.0.0 Set in Progress : Set Complete Auth Type Support : Auth Type Enable : Callback : : User : : Operator : : Admin : : OEM : IP Address Source : DHCP Address IP Address : 10.0.2.15 Subnet Mask : 255.255.255.0 MAC Address : 52:54:00:12:34:56 Default Gateway IP : 10.0.2.2 Default Gateway MAC : 00:00:00:00:00:00 802.1q VLAN ID : Disabled RMCP+ Cipher Suites : 17 Cipher Suite Priv Max : aaaaaaaaaaaaaaa : X=Cipher Suite Unused : c=CALLBACK : u=USER : o=OPERATOR : a=ADMIN : O=OEM .................

whitehu81 commented 4 years ago

We can close this ticket right now, thanks!