7021395: IPMI stonith resource authentication fails

This document (7021395) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Linux Enterprise High Availability Extension 11 Service Pack 4

SUSE Linux Enterprise High Availability Extension 12

Situation

When configuring an IPMI interface as a STONITH resource, the correct IPMI credentials do not authenticate.

The following error is reported in /var/log/messages on the affected node:

ERROR: error executing ipmitool: Authentication type NONE not supported Error: Unable to establish LAN session

Resolution

Manually modify the cib to use “lanplus” rather than “lan” for the STONITH resource’s “interface” parameter.

hostname:~ # crm configure edit



primitive <resource name> stonith:external/ipmi

params hostname=<hostname> ipaddr=<IP Addr> userid=root passwd=<IPMI root pass> interface=lanplus

meta target-role=Started is-managed=true

operations $id=<my-id>

op monitor interval=3600 start-delay=15 timeout=20

Cause

The “lan” interface option for ipmitool submits IPMI credentials over clear text. Certain IPMI interfaces do not support these unencrypted authentication attempts. The “lanplus” interface type uses the RMCP+ protocol introduced with IPMI v2.0 which integrates with the openssl library to encrypt the IPMI authentication attempt.

Additional Information

On HAE for SLES12, the lanplus IPMI interface option can be configured for an IPMI stonith resource through HAWK, allowing you to choose between reconfiguring the resource using the web interface or manually changing this setting with crm configure edit.

Information regarding this stonith resource including necessary parameters can be seen via command line.

# crm ra info stonith:external/ipmi

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented “AS IS” WITHOUT WARRANTY OF ANY KIND.

Related:

Leave a Reply