Hp proliant dl 165 g7 - 30-maas-01-bmc-config failure

ingfimo · 21 June 2023 16:34

Hi I have an home lab with a hp proliant dl 165 g7. its commissioning fails when running 30-maas-01-bmc-config failure. The error log is the following.

ERROR: No cipher enabled!
INFO: Loading IPMI kernel modules...
INFO: Checking for HP Moonshot...
INFO: Checking for Redfish...
ERROR: Redfish configuration failed. Missing SMBIOS data
INFO: Checking for IPMI...
INFO: IPMI detected!
INFO: Reading current IPMI BMC values...

I would be very grateful if anyone could point me in the right direction for debugging this. Thanks in advance!

alexsander-souza · 21 June 2023 18:47

Hi,

The error message No cipher enabled is interesting. Can you check if ciphers are enabled in the IPMI configuration in the LO100 module (BMC) of this server? MAAS doesn’t support suite 0 (no cipher)

ingfimo · 22 June 2023 12:15

Hi Alexsandre,

can I check through bmc-config --checkout? If that is the case its output follows I could not see anything related to LO100.

#
# Section UserX Comments 
#
# In the following User sections, users should configure usernames, passwords, 
# and access rights for IPMI over LAN communication. Usernames can be set to any 
# string with the exception of User1, which is a fixed to the "anonymous" 
# username in IPMI. 
#
# For IPMI over LAN access for a username, set "Enable_User" to "Yes", 
# "Lan_Enable_IPMI_Msgs" to "Yes", and "Lan_Privilege_Limit" to a privilege 
# level. The privilege level is used to limit various IPMI operations for 
# individual usernames. It is recommended that atleast one username be created 
# with a privilege limit "Administrator", so all system functions are available 
# to atleast one username via IPMI over LAN. For security reasons, we recommend 
# not enabling the "anonymous" User1. For most users, "Lan_Session_Limit" can be 
# set to 0 (or ignored) to support an unlimited number of simultaneous IPMI over 
# LAN sessions. 
#
# If your system supports IPMI 2.0 and Serial-over-LAN (SOL), 
# a"SOL_Payload_Access" field may be listed below. Set the "SOL_Payload_Access" 
# field to "Yes" or "No" to enable or disable this username's ability to access 
# SOL. 
#
# Please do not forget to uncomment those fields, such as "Password", that may 
# be commented out during the checkout. 
#
# Some motherboards may require a "Username" to be configured prior to other 
# fields being read/written. If this is the case, those fields will be set to 
# <username-not-set-yet>. 
#
Section User1
	## Give Username
	## Username                                   NULL
	## Give password or blank to clear. MAX 16 chars (20 chars if IPMI 2.0 supported).
	## Password                                   
	## Possible values: Yes/No or blank to not set
	Enable_User                                   No
	## Possible values: Yes/No
	Lan_Enable_IPMI_Msgs                          Yes
	## Possible values: Yes/No
	Lan_Enable_Link_Auth                          Yes
	## Possible values: Yes/No
	Lan_Enable_Restricted_to_Callback             No
	## Possible values: Callback/User/Operator/Administrator/OEM_Proprietary/No_Access
	Lan_Privilege_Limit                           User
	## Possible values: 0-17, 0 is unlimited; May be reset to 0 if not specified
	## Lan_Session_Limit                          
	## Possible values: Yes/No
	SOL_Payload_Access                            Yes
	## Possible values: Yes/No
	Serial_Enable_IPMI_Msgs                       Yes
	## Possible values: Yes/No
	Serial_Enable_Link_Auth                       Yes
	## Possible values: Yes/No
	Serial_Enable_Restricted_to_Callback          No
	## Possible values: Callback/User/Operator/Administrator/OEM_Proprietary/No_Access
	Serial_Privilege_Limit                        User
	## Possible values: 0-17, 0 is unlimited; May be reset to 0 if not specified
	## Serial_Session_Limit                       
EndSection
Section User2
	## Give Username
	Username                                      Operator
	## Give password or blank to clear. MAX 16 chars (20 chars if IPMI 2.0 supported).
	## Password                                   
	## Possible values: Yes/No or blank to not set
	Enable_User                                   Yes
	## Possible values: Yes/No
	Lan_Enable_IPMI_Msgs                          Yes
	## Possible values: Yes/No
	Lan_Enable_Link_Auth                          Yes
	## Possible values: Yes/No
	Lan_Enable_Restricted_to_Callback             No
	## Possible values: Callback/User/Operator/Administrator/OEM_Proprietary/No_Access
	Lan_Privilege_Limit                           Operator
	## Possible values: 0-17, 0 is unlimited; May be reset to 0 if not specified
	## Lan_Session_Limit                          
	## Possible values: Yes/No
	SOL_Payload_Access                            Yes
	## Possible values: Yes/No
	Serial_Enable_IPMI_Msgs                       Yes
	## Possible values: Yes/No
	Serial_Enable_Link_Auth                       Yes
	## Possible values: Yes/No
	Serial_Enable_Restricted_to_Callback          No
	## Possible values: Callback/User/Operator/Administrator/OEM_Proprietary/No_Access
	Serial_Privilege_Limit                        Operator
	## Possible values: 0-17, 0 is unlimited; May be reset to 0 if not specified
	## Serial_Session_Limit                       
EndSection
Section User3
	## Give Username
	Username                                      admin
	## Give password or blank to clear. MAX 16 chars (20 chars if IPMI 2.0 supported).
	## Password                                   
	## Possible values: Yes/No or blank to not set
	Enable_User                                   Yes
	## Possible values: Yes/No
	Lan_Enable_IPMI_Msgs                          Yes
	## Possible values: Yes/No
	Lan_Enable_Link_Auth                          Yes
	## Possible values: Yes/No
	Lan_Enable_Restricted_to_Callback             No
	## Possible values: Callback/User/Operator/Administrator/OEM_Proprietary/No_Access
	Lan_Privilege_Limit                           Administrator
	## Possible values: 0-17, 0 is unlimited; May be reset to 0 if not specified
	## Lan_Session_Limit                          
	## Possible values: Yes/No
	SOL_Payload_Access                            Yes
	## Possible values: Yes/No
	Serial_Enable_IPMI_Msgs                       Yes
	## Possible values: Yes/No
	Serial_Enable_Link_Auth                       Yes
	## Possible values: Yes/No
	Serial_Enable_Restricted_to_Callback          No
	## Possible values: Callback/User/Operator/Administrator/OEM_Proprietary/No_Access
	Serial_Privilege_Limit                        Administrator
	## Possible values: 0-17, 0 is unlimited; May be reset to 0 if not specified
	## Serial_Session_Limit                       
EndSection
Section User4
	## Give Username
	Username                                      OEM
	## Give password or blank to clear. MAX 16 chars (20 chars if IPMI 2.0 supported).
	## Password                                   
	## Possible values: Yes/No or blank to not set
	Enable_User                                   No
	## Possible values: Yes/No
	Lan_Enable_IPMI_Msgs                          Yes
	## Possible values: Yes/No
	Lan_Enable_Link_Auth                          Yes
	## Possible values: Yes/No
	Lan_Enable_Restricted_to_Callback             No
	## Possible values: Callback/User/Operator/Administrator/OEM_Proprietary/No_Access
	Lan_Privilege_Limit                           OEM_Proprietary
	## Possible values: 0-17, 0 is unlimited; May be reset to 0 if not specified
	## Lan_Session_Limit                          
	## Possible values: Yes/No
	SOL_Payload_Access                            Yes
	## Possible values: Yes/No
	Serial_Enable_IPMI_Msgs                       Yes
	## Possible values: Yes/No
	Serial_Enable_Link_Auth                       Yes
	## Possible values: Yes/No
	Serial_Enable_Restricted_to_Callback          No
	## Possible values: Callback/User/Operator/Administrator/OEM_Proprietary/No_Access
	Serial_Privilege_Limit                        OEM_Proprietary
	## Possible values: 0-17, 0 is unlimited; May be reset to 0 if not specified
	## Serial_Session_Limit                       
EndSection
Section User5
	## Give Username
	Username                                      Operator
	## Give password or blank to clear. MAX 16 chars (20 chars if IPMI 2.0 supported).
	## Password                                   
	## Possible values: Yes/No or blank to not set
	Enable_User                                   No
	## Possible values: Yes/No
	Lan_Enable_IPMI_Msgs                          Yes
	## Possible values: Yes/No
	Lan_Enable_Link_Auth                          Yes
	## Possible values: Yes/No
	Lan_Enable_Restricted_to_Callback             No
	## Possible values: Callback/User/Operator/Administrator/OEM_Proprietary/No_Access
	Lan_Privilege_Limit                           Operator
	## Possible values: 0-17, 0 is unlimited; May be reset to 0 if not specified
	## Lan_Session_Limit                          
	## Possible values: Yes/No
	SOL_Payload_Access                            Yes
	## Possible values: Yes/No
	Serial_Enable_IPMI_Msgs                       Yes
	## Possible values: Yes/No
	Serial_Enable_Link_Auth                       Yes
	## Possible values: Yes/No
	Serial_Enable_Restricted_to_Callback          No
	## Possible values: Callback/User/Operator/Administrator/OEM_Proprietary/No_Access
	Serial_Privilege_Limit                        Operator
	## Possible values: 0-17, 0 is unlimited; May be reset to 0 if not specified
	## Serial_Session_Limit                       
EndSection
Section User6
	## Give Username
	Username                                      admin
	## Give password or blank to clear. MAX 16 chars (20 chars if IPMI 2.0 supported).
	## Password                                   
	## Possible values: Yes/No or blank to not set
	Enable_User                                   No
	## Possible values: Yes/No
	Lan_Enable_IPMI_Msgs                          Yes
	## Possible values: Yes/No
	Lan_Enable_Link_Auth                          Yes
	## Possible values: Yes/No
	Lan_Enable_Restricted_to_Callback             No
	## Possible values: Callback/User/Operator/Administrator/OEM_Proprietary/No_Access
	Lan_Privilege_Limit                           Administrator
	## Possible values: 0-17, 0 is unlimited; May be reset to 0 if not specified
	## Lan_Session_Limit                          
	## Possible values: Yes/No
	SOL_Payload_Access                            Yes
	## Possible values: Yes/No
	Serial_Enable_IPMI_Msgs                       Yes
	## Possible values: Yes/No
	Serial_Enable_Link_Auth                       Yes
	## Possible values: Yes/No
	Serial_Enable_Restricted_to_Callback          No
	## Possible values: Callback/User/Operator/Administrator/OEM_Proprietary/No_Access
	Serial_Privilege_Limit                        Administrator
	## Possible values: 0-17, 0 is unlimited; May be reset to 0 if not specified
	## Serial_Session_Limit                       
EndSection
Section User7
	## Give Username
	Username                                      OEM
	## Give password or blank to clear. MAX 16 chars (20 chars if IPMI 2.0 supported).
	## Password                                   
	## Possible values: Yes/No or blank to not set
	Enable_User                                   No
	## Possible values: Yes/No
	Lan_Enable_IPMI_Msgs                          Yes
	## Possible values: Yes/No
	Lan_Enable_Link_Auth                          Yes
	## Possible values: Yes/No
	Lan_Enable_Restricted_to_Callback             No
	## Possible values: Callback/User/Operator/Administrator/OEM_Proprietary/No_Access
	Lan_Privilege_Limit                           OEM_Proprietary
	## Possible values: 0-17, 0 is unlimited; May be reset to 0 if not specified
	## Lan_Session_Limit                          
	## Possible values: Yes/No
	SOL_Payload_Access                            Yes
	## Possible values: Yes/No
	Serial_Enable_IPMI_Msgs                       Yes
	## Possible values: Yes/No
	Serial_Enable_Link_Auth                       Yes
	## Possible values: Yes/No
	Serial_Enable_Restricted_to_Callback          No
	## Possible values: Callback/User/Operator/Administrator/OEM_Proprietary/No_Access
	Serial_Privilege_Limit                        OEM_Proprietary
	## Possible values: 0-17, 0 is unlimited; May be reset to 0 if not specified
	## Serial_Session_Limit                       
EndSection
Section User8
	## Give Username
	Username                                      Operator
	## Give password or blank to clear. MAX 16 chars (20 chars if IPMI 2.0 supported).
	## Password                                   
	## Possible values: Yes/No or blank to not set
	Enable_User                                   No
	## Possible values: Yes/No
	Lan_Enable_IPMI_Msgs                          Yes
	## Possible values: Yes/No
	Lan_Enable_Link_Auth                          Yes
	## Possible values: Yes/No
	Lan_Enable_Restricted_to_Callback             No
	## Possible values: Callback/User/Operator/Administrator/OEM_Proprietary/No_Access
	Lan_Privilege_Limit                           Operator
	## Possible values: 0-17, 0 is unlimited; May be reset to 0 if not specified
	## Lan_Session_Limit                          
	## Possible values: Yes/No
	SOL_Payload_Access                            Yes
	## Possible values: Yes/No
	Serial_Enable_IPMI_Msgs                       Yes
	## Possible values: Yes/No
	Serial_Enable_Link_Auth                       Yes
	## Possible values: Yes/No
	Serial_Enable_Restricted_to_Callback          No
	## Possible values: Callback/User/Operator/Administrator/OEM_Proprietary/No_Access
	Serial_Privilege_Limit                        Operator
	## Possible values: 0-17, 0 is unlimited; May be reset to 0 if not specified
	## Serial_Session_Limit                       
EndSection
Section User9
	## Give Username
	Username                                      admin
	## Give password or blank to clear. MAX 16 chars (20 chars if IPMI 2.0 supported).
	## Password                                   
	## Possible values: Yes/No or blank to not set
	Enable_User                                   No
	## Possible values: Yes/No
	Lan_Enable_IPMI_Msgs                          Yes
	## Possible values: Yes/No
	Lan_Enable_Link_Auth                          Yes
	## Possible values: Yes/No
	Lan_Enable_Restricted_to_Callback             No
	## Possible values: Callback/User/Operator/Administrator/OEM_Proprietary/No_Access
	Lan_Privilege_Limit                           Administrator
	## Possible values: 0-17, 0 is unlimited; May be reset to 0 if not specified
	## Lan_Session_Limit                          
	## Possible values: Yes/No
	SOL_Payload_Access                            Yes
	## Possible values: Yes/No
	Serial_Enable_IPMI_Msgs                       Yes
	## Possible values: Yes/No
	Serial_Enable_Link_Auth                       Yes
	## Possible values: Yes/No
	Serial_Enable_Restricted_to_Callback          No
	## Possible values: Callback/User/Operator/Administrator/OEM_Proprietary/No_Access
	Serial_Privilege_Limit                        Administrator
	## Possible values: 0-17, 0 is unlimited; May be reset to 0 if not specified
	## Serial_Session_Limit                       
EndSection
Section User10
	## Give Username
	Username                                      OEM
	## Give password or blank to clear. MAX 16 chars (20 chars if IPMI 2.0 supported).
	## Password                                   
	## Possible values: Yes/No or blank to not set
	Enable_User                                   No
	## Possible values: Yes/No
	Lan_Enable_IPMI_Msgs                          Yes
	## Possible values: Yes/No
	Lan_Enable_Link_Auth                          Yes
	## Possible values: Yes/No
	Lan_Enable_Restricted_to_Callback             No
	## Possible values: Callback/User/Operator/Administrator/OEM_Proprietary/No_Access
	Lan_Privilege_Limit                           OEM_Proprietary
	## Possible values: 0-17, 0 is unlimited; May be reset to 0 if not specified
	## Lan_Session_Limit                          
	## Possible values: Yes/No
	SOL_Payload_Access                            Yes
	## Possible values: Yes/No
	Serial_Enable_IPMI_Msgs                       Yes
	## Possible values: Yes/No
	Serial_Enable_Link_Auth                       Yes
	## Possible values: Yes/No
	Serial_Enable_Restricted_to_Callback          No
	## Possible values: Callback/User/Operator/Administrator/OEM_Proprietary/No_Access
	Serial_Privilege_Limit                        OEM_Proprietary
	## Possible values: 0-17, 0 is unlimited; May be reset to 0 if not specified
	## Serial_Session_Limit                       
EndSection
Section User11
	## Give Username
	Username                                      Operator
	## Give password or blank to clear. MAX 16 chars (20 chars if IPMI 2.0 supported).
	## Password                                   
	## Possible values: Yes/No or blank to not set
	Enable_User                                   No
	## Possible values: Yes/No
	Lan_Enable_IPMI_Msgs                          Yes
	## Possible values: Yes/No
	Lan_Enable_Link_Auth                          Yes
	## Possible values: Yes/No
	Lan_Enable_Restricted_to_Callback             No
	## Possible values: Callback/User/Operator/Administrator/OEM_Proprietary/No_Access
	Lan_Privilege_Limit                           Operator
	## Possible values: 0-17, 0 is unlimited; May be reset to 0 if not specified
	## Lan_Session_Limit                          
	## Possible values: Yes/No
	SOL_Payload_Access                            Yes
	## Possible values: Yes/No
	Serial_Enable_IPMI_Msgs                       Yes
	## Possible values: Yes/No
	Serial_Enable_Link_Auth                       Yes
	## Possible values: Yes/No
	Serial_Enable_Restricted_to_Callback          No
	## Possible values: Callback/User/Operator/Administrator/OEM_Proprietary/No_Access
	Serial_Privilege_Limit                        Operator
	## Possible values: 0-17, 0 is unlimited; May be reset to 0 if not specified
	## Serial_Session_Limit                       
EndSection
Section User12
	## Give Username
	Username                                      admin
	## Give password or blank to clear. MAX 16 chars (20 chars if IPMI 2.0 supported).
	## Password                                   
	## Possible values: Yes/No or blank to not set
	Enable_User                                   No
	## Possible values: Yes/No
	Lan_Enable_IPMI_Msgs                          Yes
	## Possible values: Yes/No
	Lan_Enable_Link_Auth                          Yes
	## Possible values: Yes/No
	Lan_Enable_Restricted_to_Callback             No
	## Possible values: Callback/User/Operator/Administrator/OEM_Proprietary/No_Access
	Lan_Privilege_Limit                           Administrator
	## Possible values: 0-17, 0 is unlimited; May be reset to 0 if not specified
	## Lan_Session_Limit                          
	## Possible values: Yes/No
	SOL_Payload_Access                            Yes
	## Possible values: Yes/No
	Serial_Enable_IPMI_Msgs                       Yes
	## Possible values: Yes/No
	Serial_Enable_Link_Auth                       Yes
	## Possible values: Yes/No
	Serial_Enable_Restricted_to_Callback          No
	## Possible values: Callback/User/Operator/Administrator/OEM_Proprietary/No_Access
	Serial_Privilege_Limit                        Administrator
	## Possible values: 0-17, 0 is unlimited; May be reset to 0 if not specified
	## Serial_Session_Limit                       
EndSection
Section User13
	## Give Username
	Username                                      OEM
	## Give password or blank to clear. MAX 16 chars (20 chars if IPMI 2.0 supported).
	## Password                                   
	## Possible values: Yes/No or blank to not set
	Enable_User                                   No
	## Possible values: Yes/No
	Lan_Enable_IPMI_Msgs                          Yes
	## Possible values: Yes/No
	Lan_Enable_Link_Auth                          Yes
	## Possible values: Yes/No
	Lan_Enable_Restricted_to_Callback             No
	## Possible values: Callback/User/Operator/Administrator/OEM_Proprietary/No_Access
	Lan_Privilege_Limit                           OEM_Proprietary
	## Possible values: 0-17, 0 is unlimited; May be reset to 0 if not specified
	## Lan_Session_Limit                          
	## Possible values: Yes/No
	SOL_Payload_Access                            Yes
	## Possible values: Yes/No
	Serial_Enable_IPMI_Msgs                       Yes
	## Possible values: Yes/No
	Serial_Enable_Link_Auth                       Yes
	## Possible values: Yes/No
	Serial_Enable_Restricted_to_Callback          No
	## Possible values: Callback/User/Operator/Administrator/OEM_Proprietary/No_Access
	Serial_Privilege_Limit                        OEM_Proprietary
	## Possible values: 0-17, 0 is unlimited; May be reset to 0 if not specified
	## Serial_Session_Limit                       
EndSection
Section User14
	## Give Username
	Username                                      Operator
	## Give password or blank to clear. MAX 16 chars (20 chars if IPMI 2.0 supported).
	## Password                                   
	## Possible values: Yes/No or blank to not set
	Enable_User                                   No
	## Possible values: Yes/No
	Lan_Enable_IPMI_Msgs                          Yes
	## Possible values: Yes/No
	Lan_Enable_Link_Auth                          Yes
	## Possible values: Yes/No
	Lan_Enable_Restricted_to_Callback             No
	## Possible values: Callback/User/Operator/Administrator/OEM_Proprietary/No_Access
	Lan_Privilege_Limit                           Operator
	## Possible values: 0-17, 0 is unlimited; May be reset to 0 if not specified
	## Lan_Session_Limit                          
	## Possible values: Yes/No
	SOL_Payload_Access                            Yes
	## Possible values: Yes/No
	Serial_Enable_IPMI_Msgs                       Yes
	## Possible values: Yes/No
	Serial_Enable_Link_Auth                       Yes
	## Possible values: Yes/No
	Serial_Enable_Restricted_to_Callback          No
	## Possible values: Callback/User/Operator/Administrator/OEM_Proprietary/No_Access
	Serial_Privilege_Limit                        Operator
	## Possible values: 0-17, 0 is unlimited; May be reset to 0 if not specified
	## Serial_Session_Limit                       
EndSection
Section User15
	## Give Username
	Username                                      admin
	## Give password or blank to clear. MAX 16 chars (20 chars if IPMI 2.0 supported).
	## Password                                   
	## Possible values: Yes/No or blank to not set
	Enable_User                                   No
	## Possible values: Yes/No
	Lan_Enable_IPMI_Msgs                          Yes
	## Possible values: Yes/No
	Lan_Enable_Link_Auth                          Yes
	## Possible values: Yes/No
	Lan_Enable_Restricted_to_Callback             No
	## Possible values: Callback/User/Operator/Administrator/OEM_Proprietary/No_Access
	Lan_Privilege_Limit                           Administrator
	## Possible values: 0-17, 0 is unlimited; May be reset to 0 if not specified
	## Lan_Session_Limit                          
	## Possible values: Yes/No
	SOL_Payload_Access                            Yes
	## Possible values: Yes/No
	Serial_Enable_IPMI_Msgs                       Yes
	## Possible values: Yes/No
	Serial_Enable_Link_Auth                       Yes
	## Possible values: Yes/No
	Serial_Enable_Restricted_to_Callback          No
	## Possible values: Callback/User/Operator/Administrator/OEM_Proprietary/No_Access
	Serial_Privilege_Limit                        Administrator
	## Possible values: 0-17, 0 is unlimited; May be reset to 0 if not specified
	## Serial_Session_Limit                       
EndSection
Section User16
	## Give Username
	Username                                      OEM
	## Give password or blank to clear. MAX 16 chars (20 chars if IPMI 2.0 supported).
	## Password                                   
	## Possible values: Yes/No or blank to not set
	Enable_User                                   No
	## Possible values: Yes/No
	Lan_Enable_IPMI_Msgs                          Yes
	## Possible values: Yes/No
	Lan_Enable_Link_Auth                          Yes
	## Possible values: Yes/No
	Lan_Enable_Restricted_to_Callback             No
	## Possible values: Callback/User/Operator/Administrator/OEM_Proprietary/No_Access
	Lan_Privilege_Limit                           OEM_Proprietary
	## Possible values: 0-17, 0 is unlimited; May be reset to 0 if not specified
	## Lan_Session_Limit                          
	## Possible values: Yes/No
	SOL_Payload_Access                            Yes
	## Possible values: Yes/No
	Serial_Enable_IPMI_Msgs                       Yes
	## Possible values: Yes/No
	Serial_Enable_Link_Auth                       Yes
	## Possible values: Yes/No
	Serial_Enable_Restricted_to_Callback          No
	## Possible values: Callback/User/Operator/Administrator/OEM_Proprietary/No_Access
	Serial_Privilege_Limit                        OEM_Proprietary
	## Possible values: 0-17, 0 is unlimited; May be reset to 0 if not specified
	## Serial_Session_Limit                       
EndSection
#
# Section Lan_Channel Comments 
#
# In the Lan_Channel section, general IPMI over LAN can be enabled for disabled. 
# In the below, "Volatile" configurations are immediately configured onto the 
# BMC and will have immediate effect on the system. "Non_Volatile" 
# configurations are only available after the next system reset. Generally, both 
# the "Volatile" and "Non_Volatile" equivalent fields should be configured 
# identically. 
#
# To enable IPMI over LAN, typically "Access_Mode" should be set to 
# "Always_Available". "Channel_Privilege_Limit" should be set to the highest 
# privilege level any username was configured with. Typically, this is set to 
# "Administrator". 
#
# "User_Level_Auth" and "Per_Message_Auth" are typically set to "Yes" for 
# additional security. 
#
Section Lan_Channel
	## Possible values: Disabled/Pre_Boot_Only/Always_Available/Shared
	Volatile_Access_Mode                          Always_Available
	## Possible values: Yes/No
	Volatile_Enable_User_Level_Auth               Yes
	## Possible values: Yes/No
	Volatile_Enable_Per_Message_Auth              Yes
	## Possible values: Yes/No
	Volatile_Enable_Pef_Alerting                  Yes
	## Possible values: Callback/User/Operator/Administrator/OEM_Proprietary
	Volatile_Channel_Privilege_Limit              OEM_Proprietary
	## Possible values: Disabled/Pre_Boot_Only/Always_Available/Shared
	Non_Volatile_Access_Mode                      Always_Available
	## Possible values: Yes/No
	Non_Volatile_Enable_User_Level_Auth           Yes
	## Possible values: Yes/No
	Non_Volatile_Enable_Per_Message_Auth          Yes
	## Possible values: Yes/No
	Non_Volatile_Enable_Pef_Alerting              Yes
	## Possible values: Callback/User/Operator/Administrator/OEM_Proprietary
	Non_Volatile_Channel_Privilege_Limit          OEM_Proprietary
EndSection
#
# Section Lan_Conf Comments 
#
# In the Lan_Conf section, typical networking configuration is setup. Most users 
# will choose to set "Static" for the "IP_Address_Source" and set the 
# appropriate "IP_Address", "MAC_Address", "Subnet_Mask", etc. for the machine. 
#
Section Lan_Conf
	## Possible values: Unspecified/Static/Use_DHCP/Use_BIOS/Use_Others
	IP_Address_Source                             Use_DHCP
	## Give valid IP address
	IP_Address                                    192.168.1.116
	## Give valid MAC address
	MAC_Address                                   98:4B:E1:5F:12:4C
	## Give valid Subnet Mask
	Subnet_Mask                                   255.255.255.0
	## Give valid IP address
	Default_Gateway_IP_Address                    192.168.1.1
	## Give valid unsigned number
	Vlan_id                                       0
	## Possible values: Yes/No
	Vlan_Id_Enable                                No
	## Give valid unsigned number
	Vlan_Priority                                 0
	## Give valid hex number
	## IPv4_Header_Time_To_Live                   0x40
	## Give valid hex number
	## IPv4_Header_Flags                          0x2
	## Give valid hex number
	## IPv4_Header_Type_Of_Service                0x8
	## Give valid hex number
	## IPv4_Header_Precedence                     0x0
EndSection
#
# Section Lan6_Conf Comments 
#
# In the Lan6_Conf section, typical networking configuration is setup. Most 
# users will choose to set an address in "IPv6_Static_Address" and set the 
# appropriate routing for the machine. Note that multiple IPv6 addresses can be 
# configured, enable verbose output to view them. 
#
Section Lan6_Conf
	## READ-ONLY
	## Supports_IPv6_Only                         No
	## READ-ONLY
	## Supports_IPv6_And_IPv4_Simultaneously      No
	## READ-ONLY
	## Supports_IPv6_Destination_Address_For_Lan_Alert No
EndSection
#
# Section Lan_Conf_Auth Comments 
#
# In the Lan_Conf_Auth section, allowable authentication mechanisms for IPMI 1.5 
# is configured. Most users will want to set all "MD5" authentication to "Yes" 
# and the rest to "No". If you have configured a NULL username and a NULL 
# password, you will also want to configure some of the "None" fields to "Yes" 
# to allow "None" authentication to work. Some motherboards do not allow you to 
# enable OEM authentication, so you may wish to set all OEM related fields to 
# "No". 
#
Section Lan_Conf_Auth
	## Possible values: Yes/No
	Callback_Enable_Auth_Type_None                Yes
	## Possible values: Yes/No
	Callback_Enable_Auth_Type_MD5                 Yes
	## Possible values: Yes/No
	Callback_Enable_Auth_Type_Straight_Password   Yes
	## Possible values: Yes/No
	User_Enable_Auth_Type_None                    Yes
	## Possible values: Yes/No
	User_Enable_Auth_Type_MD5                     Yes
	## Possible values: Yes/No
	User_Enable_Auth_Type_Straight_Password       Yes
	## Possible values: Yes/No
	Operator_Enable_Auth_Type_None                Yes
	## Possible values: Yes/No
	Operator_Enable_Auth_Type_MD5                 Yes
	## Possible values: Yes/No
	Operator_Enable_Auth_Type_Straight_Password   Yes
	## Possible values: Yes/No
	Admin_Enable_Auth_Type_None                   Yes
	## Possible values: Yes/No
	Admin_Enable_Auth_Type_MD5                    Yes
	## Possible values: Yes/No
	Admin_Enable_Auth_Type_Straight_Password      Yes
	## Possible values: Yes/No
	OEM_Enable_Auth_Type_None                     Yes
	## Possible values: Yes/No
	OEM_Enable_Auth_Type_MD5                      Yes
	## Possible values: Yes/No
	OEM_Enable_Auth_Type_Straight_Password        Yes
EndSection
#
# Section Lan_Conf_Security_Keys Comments 
#
# If your system supports IPMI 2.0 and Serial-over-LAN (SOL), a K_g BMC key may 
# be configurable. The K_g key is an optional key that can be set for two key 
# authentication in IPMI 2.0. It is optionally configured. Most users will want 
# to set this to zero (or blank). 
#
Section Lan_Conf_Security_Keys
	## Give string or blank to clear. Max 20 bytes, prefix with 0x to enter hex
	K_G                                           0x0000000000000000000000000000000000000000
EndSection
#
# Section Lan_Conf_User_Security Comments 
#
# The following user security configuration options are optionally implemented 
# by the vendor. They may not be available your system and may not be visible 
# below. 
#
# The following configuration supports the ability for the BMC to disable a user 
# if a number of bad passwords are entered sequentially. 
# "Bad_Password_Threshold" determines the number of bad passwords that must be 
# entered sequentially. "Attempt_Count_Reset_Interval" determines the range of 
# time the bad passwords must occur in. "User_Lockout_Interval" determines the 
# time a user will be locked off if the bad password threshold is reached. If 
# set to "Yes", "Enable_Event_Message_When_User_Disabled" will inform the BMC to 
# log an event message when a user is disabled. 
#
Section Lan_Conf_User_Security
EndSection
#
# Section Lan_Conf_Misc Comments 
#
# The following miscellaneous configuration options are optionally implemented 
# by the vendor. They may not be available your system and may not be visible 
# below. 
#
# If set to "Yes", "Enable_Gratuitous_ARPs" will inform the BMC to regularly 
# send out Gratuitous ARPs to allow other machines on a network resolve the 
# BMC's MAC Address. Many users will want to set this to "Yes" because it offers 
# the easiest way to support BMC IP Address resolution. However, it will 
# increase traffic on your network. The "Gratuitous_ARP_Interval" can be used to 
# set the period a Gratuitous ARP is always sent. 
#
# If set to "Yes", "Enable_ARP_Response" will inform the BMC torespond to ARP 
# requests from other machines. 
#
Section Lan_Conf_Misc
EndSection
#
# Section Rmcpplus_Conf_Privilege Comments 
#
# If your system supports IPMI 2.0 and Serial-over-LAN (SOL),cipher suite IDs 
# may be configurable below. In the Rmcpplus_Conf_Privilege section, maximum 
# user privilege levels allowed for authentication under IPMI 2.0 (including 
# Serial-over-LAN) are set for each supported cipher suite ID. Each cipher suite 
# ID supports different sets of authentication, integrity, and encryption 
# algorithms for IPMI 2.0. Typically, the highest privilege level any username 
# configured should set for support under a cipher suite ID. This is typically 
# "Administrator". 
#
Section Rmcpplus_Conf_Privilege
	## Possible values: Unused/User/Operator/Administrator/OEM_Proprietary
	Maximum_Privilege_Cipher_Suite_Id_0           OEM_Proprietary
	## Possible values: Unused/User/Operator/Administrator/OEM_Proprietary
	Maximum_Privilege_Cipher_Suite_Id_1           OEM_Proprietary
	## Possible values: Unused/User/Operator/Administrator/OEM_Proprietary
	Maximum_Privilege_Cipher_Suite_Id_2           OEM_Proprietary
	## Possible values: Unused/User/Operator/Administrator/OEM_Proprietary
	Maximum_Privilege_Cipher_Suite_Id_3           OEM_Proprietary
EndSection
#
# Section Serial_Channel Comments 
#
# In the Serial_Channel section, IPMI over Serial communication can be enabled 
# or disabled. In the below, "Volatile" configurations are immediately 
# configured onto the BMC and will have immediate effect on the system. 
# "Non_Volatile" configurations are only available after the next system reset. 
# Generally, both the "Volatile" and "Non_Volatile" equivalent fields should be 
# configured identically. 
#
# Most users will only be interested in IPMI over LAN, therefore serial 
# communication can be disabled. This can be done by setting "Access_Mode" to 
# "Disabled". 
#
Section Serial_Channel
	## Possible values: Disabled/Pre_Boot_Only/Always_Available/Shared
	Volatile_Access_Mode                          Always_Available
	## Possible values: Yes/No
	Volatile_Enable_User_Level_Auth               Yes
	## Possible values: Yes/No
	Volatile_Enable_Per_Message_Auth              No
	## Possible values: Yes/No
	Volatile_Enable_Pef_Alerting                  No
	## Possible values: Callback/User/Operator/Administrator/OEM_Proprietary
	Volatile_Channel_Privilege_Limit              OEM_Proprietary
	## Possible values: Disabled/Pre_Boot_Only/Always_Available/Shared
	Non_Volatile_Access_Mode                      Always_Available
	## Possible values: Yes/No
	Non_Volatile_Enable_User_Level_Auth           Yes
	## Possible values: Yes/No
	Non_Volatile_Enable_Per_Message_Auth          No
	## Possible values: Yes/No
	Non_Volatile_Enable_Pef_Alerting              No
	## Possible values: Callback/User/Operator/Administrator/OEM_Proprietary
	Non_Volatile_Channel_Privilege_Limit          OEM_Proprietary
EndSection
#
# Section Serial_Conf Comments 
#
# In the Serial_Conf section, typical serial communication configuration is 
# setup. Most users will only be interested in IPMI over LAN, therefore this 
# section can generally be ignored. 
#
Section Serial_Conf
	## Possible values: Yes/No
	Enable_Basic_Mode                             No
	## Possible values: Yes/No
	Enable_PPP_Mode                               No
	## Possible values: Yes/No
	Enable_Terminal_Mode                          No
	## Possible values: Modem_Connect/Direct_Connect
	Connect_Mode                                  Direct_Connect
	## Give a valid number
	Page_Blackout_Interval                        0
	## Give a valid number
	Call_Retry_Interval                           1
	## Possible values: Yes/No
	Enable_DTR_Hangup                             No
	## Possible values: No_Flow_Control/RTS_CTS/XON_XOFF
	Flow_Control                                  No_Flow_Control
	## Possible values: 9600/19200/38400/57600/115200
	Bit_Rate                                      9600
EndSection
#
# Section SOL_Conf Comments 
#
# If your system supports IPMI 2.0 and Serial-over-LAN (SOL), the following 
# configuration options will allow SOL configuration. 
#
# For most users that want to enable SOL, minimally "Enable_SOL" should be set 
# to "Yes" and "SOL_Privilege_Level" should be set to the highest privilege 
# level any username configured can authenticate with (typically 
# "Administrator"). For security purposes, "Force_SOL_Payload_Authentication" 
# and "Force_SOL_Payload_Encryption" should be set to "Yes", however forced 
# authentication and/or encryption depends on the cipher suite IDs supported. 
# The "Non_Volatile_Bit_Rate" and "Volatile_Bit_Rate" should both be set to the 
# appropriate baud rate for your system. This is typically the same baud rate 
# configured in the BIOS and/or operating system. 
#
Section SOL_Conf
	## Possible values: Yes/No
	Enable_SOL                                    Yes
	## Possible values: Callback/User/Operator/Administrator/OEM_Proprietary
	SOL_Privilege_Level                           Administrator
	## Possible values: Yes/No
	Force_SOL_Payload_Authentication              No
	## Possible values: Yes/No
	Force_SOL_Payload_Encryption                  No
	## Give a non-zero valid integer. Each unit is 5ms
	Character_Accumulate_Interval                 20
	## Give a valid number
	Character_Send_Threshold                      80
	## Give a valid integer
	SOL_Retry_Count                               7
	## Give a valid integer. Interval unit is 10ms
	SOL_Retry_Interval                            250
	## Possible values: Serial/9600/19200/38400/57600/115200
	Non_Volatile_Bit_Rate                         Serial
	## Possible values: Serial/9600/19200/38400/57600/115200
	Volatile_Bit_Rate                             Serial
	## Give a valid port number
	## SOL_Payload_Port_Number                    623
EndSection

alexsander-souza · 22 June 2023 14:10

in section Rmcpplus_Conf_Privilege, all ciphers are set to OEM_Proprietary which nobody but HP know what it means. Please set Maximum_Privilege_Cipher_Suite_Id_3 to Administrator

ingfimo · 22 June 2023 15:02

Hi, now the same script fails with

ERROR: Unable to add BMC user!
INFO: Loading IPMI kernel modules...
INFO: Checking for HP Moonshot...
INFO: Checking for Redfish...
ERROR: Redfish configuration failed. Missing SMBIOS data
INFO: Checking for IPMI...
INFO: IPMI detected!
INFO: Reading current IPMI BMC values...
INFO: Configuring IPMI Lan_Channel...
INFO: Configuring IPMI Lan_Channel_Auth...
INFO: Lan_Channel_Auth settings unavailable!
WARNING: No K_g BMC key found or configured, communication with BMC will not use a session key!
INFO: Configuring IPMI Serial_Channel...
INFO: Configuring IPMI SOL_Conf...
INFO: Configuring IPMI BMC user "maas"...
INFO: IPMI user number - None
INFO: IPMI user privilege level - Administrator

billwear · 24 July 2023 19:40

@ingfimo, did you mean that you get this new script failure after setting Maximum_Privilege_Cipher_Suite_Id_3 to Administrator ?

ingfimo · 3 September 2023 13:56

Apologies for the late reply. Yes that’s correct. I solved by creating the mass user myself and skipping the bmc-configure script. With that the machine was correctly commissioned

maasuser1 · 21 December 2023 14:43

Hi ingfimo,
I have encountered the same problem on HP ProLiant DL140 G3. Could you please let me know what’s the password you set for the user maas on the IPMI of the HP machine? Thanks.

By checking this docs, it only said,

The MAAS-generated IPMI username is set to “maas” by default. This username is used for IPMI authentication.

but did not mention about the password.

ingfimo · 21 December 2023 15:50

Hi created a new user from scratch for IPMI, with arbitrary username, and password. Then I added manually the machine setting the created user for IPMI, and I did not run the bmc-configure script.

r00ta · 21 December 2023 15:56

If you let MAAS configure the BMC, then it will create a “maas” user with a randomly generated password

maasuser1 · 21 December 2023 16:23

Thanks to @ingfimo and @r00ta!

r00ta · 21 December 2023 20:16