MAAS IPMI k_g validation error

Bug #2055347 reported by Andy Wu
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Status tracked in 3.6
Fix Committed
MAAS Lander
Fix Committed
MAAS Lander
Fix Committed

Bug Description

Configure k_g value of at MAAS->security->IPMI->k_g may results in error ""Ensure this value has at most 20 characters (it has 40)"

This can occur if the input k_g value is 40 bytes long and in hex-encoded format , as it is quite common settings in Dell idrac. The hex value needs to be converted to ascii before compare to the length which is 20 byte maxmium.

See impi implemetaion here :

the code for ipmi_parse_hex is here:

The erorr "Ensure this value has at most 20 characters (it has 40)" is probably caused by MAAS skipping the hex conversion process.

If I configure the k_g under machine -> configuration -> power settings, the same long hex value is taken, but in order to make the power check work, the input value needs to be prefixed with '0x', for example, if k_g value in idrac is 1234, the k_g value in MAAS should be 0x1234

MAAS version 3.4/stable

Related branches

Revision history for this message
Jerzy Husakowski (jhusakowski) wrote :

MAAS explicitly checks if the passed k_g sting is 20 characters here:

Since the ipmitool allows hex-encoded input which will be longer than 20 characters and still resolve to 20 bytes, this validation needs to be fixed (either removed or made equivalent to what the ipmitool does).

Changed in maas:
importance: Undecided → High
milestone: none → 3.5.x
status: New → Triaged
no longer affects: maas/3.3
Revision history for this message
Andrew Lamzed-Short (andyls) wrote :

Is it enough to bump the max_length check to 40 characters, or do we need to introduce the hexadecimal check/parsing now? I think to resolve this bug we could possibly increase the length now and add a feature request/ticket to add in the hex parsing at a later date if it's still required.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.