© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
I'll add one very ironic detail of this bug:
The maas bmc script has 2 ways to manage the cipher suites, either with freeipmi-tools, or with ipmitool. The interface to freeipmi-tools hides the implementation detail (described in detail in the last comment), while ipmitool does not.
In the maas bmc script, it almost always uses the freeipmi-tools program to set the cipher suite privileges. That causes this bug since freeipmi-tools takes the spec interpretation that I explained above.
However, the ipmitool program gives the user direct control over setting the privileges mask, so the spec interpretation is left up to the user. In the case of the maas bmc script, it takes the *opposite* interpretation of the spec, and if the maas bmc script avoided using the freeipmi-tools program, these boxes (that break due to this bug) would actually have their cipher suite privs set *correctly*! However, other boxes would break, that interpret the spec differently.
My current understanding is that @ltrager disagrees with me and believes the maas bmc script is doing the right thing.
In any case, my suggestion is to remove all the cipher suite privilege modification code, but this is the maas team's call on exactly how to handle things.