diff --git a/ironic/drivers/modules/ipmitool.py b/ironic/drivers/modules/ipmitool.py index 76059f900e..a867f1813e 100644 --- a/ironic/drivers/modules/ipmitool.py +++ b/ironic/drivers/modules/ipmitool.py @@ -584,9 +584,11 @@ def check_cipher_suite_errors(cmd_stderr): :returns: True if the cmd_stderr contains a cipher suite error, False otherwise. """ - cs_errors = ["Unsupported cipher suite ID", - "Error in open session response message :" - " no matching cipher suite"] + cs_errors = [ + "Unsupported cipher suite ID", + "Error in open session response message : no matching cipher suite", + "Error in open session response message : invalid role", + ] for cs_err in cs_errors: if cmd_stderr is not None and cs_err in cmd_stderr: return True diff --git a/ironic/tests/unit/drivers/modules/test_ipmitool.py b/ironic/tests/unit/drivers/modules/test_ipmitool.py index 9ed9f5db8e..0e226f6d74 100644 --- a/ironic/tests/unit/drivers/modules/test_ipmitool.py +++ b/ironic/tests/unit/drivers/modules/test_ipmitool.py @@ -1721,12 +1721,19 @@ class IPMIToolPrivateMethodTestCase( 'Problem\n\nError: Unable to establish IPMI v2 / RMCP+ session\n', 'UnsupportedciphersuiteID:17\n\n' ] + invalid_role_error = 'Error in open session response message : ' \ + 'invalid role\n\nError: ' \ + 'Unable to establish IPMI v2 / RMCP+ session\n' no_matching_error = 'Error in open session response message : ' \ 'no matching cipher suite\n\nError: ' \ 'Unable to establish IPMI v2 / RMCP+ session\n' unsupported_error = 'Unsupported cipher suite ID : 17\n\n' \ 'Error: Unable to establish IPMI v2 / RMCP+ session\n' - valid_errors_stderr = [no_matching_error, unsupported_error] + valid_errors_stderr = [ + invalid_role_error, + no_matching_error, + unsupported_error, + ] for invalid_err in invalid_errors_stderr: self.assertFalse(ipmi.check_cipher_suite_errors(invalid_err)) for valid_err in valid_errors_stderr: diff --git a/releasenotes/notes/bug-2085137-expand-detection-ipmitools-cipher-fail-1503b4e319e77ed8.yaml b/releasenotes/notes/bug-2085137-expand-detection-ipmitools-cipher-fail-1503b4e319e77ed8.yaml new file mode 100644 index 0000000000..79eab121ab --- /dev/null +++ b/releasenotes/notes/bug-2085137-expand-detection-ipmitools-cipher-fail-1503b4e319e77ed8.yaml @@ -0,0 +1,11 @@ +--- +fixes: + - | + The set of strings used to detect cipher suite version related errors + in the ``ipmitool`` command was expanded. + If the string ``Error in open session response message : invalid role`` + is contained in the output of a failed ``ipmitool`` command execution, + such error will be now considered as related to inappropriate ciphers too, + and will be retried with another cipher suite version + if Ironic is configured to do so. + See `bug 2085137 `_ for more details.