So, most companies are not using anything but cipher suite 17, and having a default of 3 is very insecure.
Below is the simple change I need to make to default to 17 so the Lenovo servers I am working on have IPMI enabled. I think this should be a setting in the IPMI settings so we can pick the cipher suite we want to use.
How can I pass the correct cipher or update the default to 17? I will assume this is in the database stored in base64. I’ll take a look at it later tomorrow.
parser.add_argument(
"--ipmi-cipher-suite-id",
choices=("3", "8", "12", "17"),
default="3",
help="The IPMI cipher suite ID to use when connecting via ipmitool",
)
The default value comes from src/provisioningserver/drivers/power/ipmi.py
make_setting_field(
"cipher_suite_id",
"Cipher Suite ID",
field_type="choice",
choices=IPMI_CIPHER_SUITE_ID_CHOICES,
# freeipmi-tools defaults to 3, not all IPMI BMCs support 17.
default="3",
),
If you want to update some existing values and for some reason don’t want to use API for this, you should check for power_parameters under public.maasserver_bmc table in maas database.
So this works for machine bsex3q. I need this to work for all discovered machines on the very first boot up. Doing this more than 100 times after they are discovered is a pain. We just want IPMI to work from the first discovery.