Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-6077

Can not fetch IPMI values if privilege is less than "Admin"

    XMLWordPrintable

Details

    • Incident report
    • Status: Closed
    • Minor
    • Resolution: Won't fix
    • 2.0.3
    • None
    • Server (S)
    • RHEL 6.3 amd64, HP ProLiant 685c G7 with iLO3 remote management interface

    Description

      I have a HP ProLiant 685c G7 with iLO3 that I need to monitor over IPMI.

      If I configure Zabbix to use account with Administrator-level access, it works just fine.
      If I create an iLO3 account with only User-level access and configure Zabbix to use this account instead, it stops working:
      [IP address and hostname edited out]

      26615:20130108:120809.007 In substitute_key_macros() data:'ipmi.proliant.Inlet_Ambient'
      26615:20130108:120809.007 End of substitute_key_macros():SUCCEED data:'ipmi.proliant.Inlet_Ambient'
      26615:20130108:120809.007 In get_value() key:'ipmi.proliant.Inlet_Ambient'
      26615:20130108:120809.007 In get_value_ipmi() key:'myhost:ipmi.proliant.Inlet_Ambient'
      26615:20130108:120809.007 In init_ipmi_host() host:'[x.x.x.x]:623'
      26615:20130108:120809.007 In get_ipmi_host() host:'[x.x.x.x]:623'
      26615:20130108:120809.007 End of get_ipmi_host():(nil)
      26615:20130108:120809.007 In allocate_ipmi_host() host:'[x.x.x.x]:623'
      26615:20130108:120809.007 End of allocate_ipmi_host():0x2059f30
      26615:20130108:120809.012 EINF: 0 ipmi_lan.c(got_rmcpp_open_session_rsp): Expected privilege 2, got 4
      26615:20130108:120809.013 End of init_ipmi_host():0x2059f30
      26615:20130108:120809.013 Item [myhost:ipmi.proliant.Inlet_Ambient] error: cannot connect to IPMI host: [22] Invalid argument
      26615:20130108:120809.013 query [txnlev:1] [update hosts set ipmi_error='cannot connect to IPMI host: [22] Invalid argument',ipmi_disable_until=1357646949 where hostid=10099]

      Same thing happens if I use the account with Admin-level access, but select "user" privilege in Zabbix host configuration.

      Access via Linux utility 'ipmitool' works just fine using the account with User-level access:
      myhost/root)#ipmitool -H myhost -U zabbix -I lanplus -L USER sdr
      Password:
      UID Light | 0 unspecified | ok
      Health LED | 0 unspecified | ok
      VRM 1 | 0 unspecified | cr
      VRM 2 | 0 unspecified | cr
      [...]

      I would prefer Zabbix to work with restricted accounts, following the common "least required privilege" security concept.

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              ticho Andrej Kacian
              Votes:
              1 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: