[ZBX-6139] IPMI checks not working when using OpenIPMI library from Debian/Ubuntu package. Created: 2013 Jan 16 Updated: 2020 Sep 11 Resolved: 2015 Oct 29 |
|
| Status: | Closed |
| Project: | ZABBIX BUGS AND ISSUES |
| Component/s: | Documentation (D) |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Documentation task | Priority: | Trivial |
| Reporter: | dimir | Assignee: | Unassigned |
| Resolution: | Fixed | Votes: | 1 |
| Labels: | debian, ipmi, openssl, privilege | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
Debian/Ubuntu/Mint |
||
| Issue Links: |
|
||||||||||||
| Description |
|
$ dpkg -l 'openipmi' | grep '^ii' IPMI monitoring not available due to an error in the server log (with DebugLevel=4): EINF: 0 ipmi_lan.c(got_rmcpp_open_session_rsp): Expected privilege 2, got 1 The error message "Expected privilege 2, got 1" means that we were requesting privilege level "user" (2) but got only "callback" (1) available. However with the same user and ipmitool the connection works: ipmitool -I lan -H 192.168.3.133 -U foo -P bar -L user sensor BB +1.8V SM | 1.793 | Volts | ok | na | 1.597 | 1.646 | 1.960 | 2.019 | na |
| Comments |
| Comment by dimir [ 2013 Jan 16 ] |
|
By default OpenIPMI is compiled with OpenSSL enabled which enables working with any privilege level: "callback" (1), "user" (2), "operator" (3), or "admin" (4). Unfortunately Debian (and Ubuntu) OpenIPMI packages are compiled with ssl turned off which leads to only one available privilege level - “callback”. This is the explanation by Debian package maintainer Noèl Köthe: <noel> http://www.openssl.org/support/faq.html#LEGAL2 The solution is recompiling OpenIPMI library with openssl enabled. |
| Comment by dimir [ 2015 Jul 28 ] |
|
Steps to fix on Debian, Ubuntu, Mint:
|
| Comment by Nicola Worthington [ 2015 Jul 31 ] |
|
There is a '--without-openssl' statement a couple of lines later. It needs to be noted that this line must be removed (or changed of course) as well. |
| Comment by Oleksii Zagorskyi [ 2015 Sep 04 ] |
|
We could document it in a similar way as we did it in martins-v Noted in IPMI check documentation for 3.0. Please review before copying to other doc branches. zalex_ua looks good for me. martins-v After discussing with sandis.neilands and richlv we decided to collect such third-party issues into the known issue section and link to them from affected sections (such as IPMI in this case). martins-v Documented in known issues for 2.0, 2.2, 2.4 and 3.0. Linked to from IPMI pages. |
| Comment by Sandis Neilands (Inactive) [ 2015 Oct 14 ] |
|
Just spent the better part of the day debugging the same issue on Mint and coming up with the same solution as dimir just to find this ZBX in Google when trying to find out why Debian broke OpenIPMI. We definitely have to warn our users about this since neither Debian nor downstream projects felt necessary to warn their users about this. |
| Comment by Oleksii Zagorskyi [ 2015 Oct 14 ] |
|
the same was with me when I wrote previous comment ... |