通过Smart Provisioning安装OpenEuler失败

交流互助区
1

问题描述

当BMC的安全配置中TLS版本配置为TLS版本仅限TLS1.3时,通过Smart Provisioning安装OpenEuler失败

SP日志信息

2026-01-07 12:08:16 Preparing,please wait…
2026-01-07 12:08:16 iBMC version: 6.00.07.04, is V3
2026-01-07 12:08:16 Install ipmi drivers…
2026-01-07 12:08:16 Start sp in task mode.
2026-01-07 12:08:16 Umount /dev/sdc1 successfully.
2026-01-07 12:08:17 Execute fsck for /dev/sdc1 successfully.
2026-01-07 12:08:17 Get bootable usb device!
2026-01-07 12:08:17 Clear last record on result.json successfully.
2026-01-07 12:08:17 Scan task…
2026-01-07 12:08:17 Need to scan redfish task.
2026-01-07 12:08:39 Copy project folder to memory successfully.
2026-01-07 12:08:41 Start run script…
2026-01-07 12:08:41 Get vendor id…
2026-01-07 12:08:41 Mount usb…
2026-01-07 12:08:41 Install ipmi drivers…
2026-01-07 12:08:41 Mount USB…
2026-01-07 12:08:52 Mount USB successfully.
2026-01-07 12:08:52 Backup system logs…
2026-01-07 12:08:52 Run log…
2026-01-07 12:08:52 Copy init log to maintainlog…
2026-01-07 12:08:52 Run background log…
2026-01-07 12:08:52 Install drivers…
2026-01-07 12:08:52 Install PCIe card drivers…
2026-01-07 12:08:53 Unload mlx5_ib driver…
2026-01-07 12:08:53 Unload mlx5_ib driver successfully.
2026-01-07 12:08:53 Unload ib_ipoib driver…
2026-01-07 12:08:53 Unload ib_ipoib driver successfully.
2026-01-07 12:08:53 Unload hiraid driver…
2026-01-07 12:08:53 Unload hiraid driver successfully.
2026-01-07 12:08:53 Unload hiudk3 driver…
2026-01-07 12:08:53 Unload hiudk3 driver successfully.
2026-01-07 12:08:53 Unload hisdk3 driver…
2026-01-07 12:08:53 Unload hisdk3 driver successfully.
2026-01-07 12:08:53 Unload hinic3 driver…
2026-01-07 12:08:53 Unload hinic3 driver successfully.
2026-01-07 12:08:53 Reload mlx5_ib driver…
2026-01-07 12:08:59 Reload mlx5_ib driver successfully.
2026-01-07 12:08:59 Reload ib_ipoib driver…
2026-01-07 12:08:59 Reload ib_ipoib driver successfully.
2026-01-07 12:08:59 Reload hiraid driver…
2026-01-07 12:08:59 Reload hiraid driver successfully.
2026-01-07 12:08:59 Reload hiudk3 driver…
2026-01-07 12:08:59 Reload hiudk3 driver successfully.
2026-01-07 12:08:59 Reload hisdk3 driver…
2026-01-07 12:08:59 Reload hisdk3 driver successfully.
2026-01-07 12:08:59 Reload hinic3 driver…
2026-01-07 12:08:59 Reload hinic3 driver successfully.
2026-01-07 12:08:59 Install smartpqi drivers…
2026-01-07 12:08:59 Install app…
2026-01-07 12:09:17 Install softwares…
2026-01-07 12:09:17 Create soft link for qcscli…
2026-01-07 12:09:17 Install stress-ng…
2026-01-07 12:09:17 Install memdiag…
2026-01-07 12:09:18 Install iBMA2.0…
2026-01-07 12:09:52 Install uDisk…
2026-01-07 12:09:52 Install eSightCfg…
2026-01-07 12:09:53 Install InfoCollect…
2026-01-07 12:09:53 Install python lib…
2026-01-07 12:09:56 Create dynamically linked…
2026-01-07 12:09:56 Extract tools…
2026-01-07 12:09:56 Install storcli64…
2026-01-07 12:09:56 Install sas3ircu…
2026-01-07 12:09:56 Insmod ko file…
2026-01-07 12:09:57 Start service…
2026-01-07 12:09:57 Install services…
2026-01-07 12:09:57 Up network ports…
2026-01-07 12:09:58 Start fcoe devices…
2026-01-07 12:09:58 Restart lldpad and fcoe services…
2026-01-07 12:09:58 Enable rasdaemon events…
2026-01-07 12:09:58 Init SP OSRevision…
2026-01-07 12:09:58 Generate aide database…
2026-01-07 12:09:58 Init SP OSRevision…
2026-01-07 12:09:58 Get the resources of server…
2026-01-07 12:09:58 Get the resources of server(times 1)…
2026-01-07 12:10:20 Failed to get the position of PCIEcards or Drives.
2026-01-07 12:11:21 Get the resources of server(times 2)…
2026-01-07 12:11:38 Failed to get the position of PCIEcards or Drives.
2026-01-07 12:12:38 Get the resources of server(times 3)…
2026-01-07 12:12:56 Failed to get the position of PCIEcards or Drives.
2026-01-07 12:13:56 Save the resources of server(with errors)…
2026-01-07 12:13:56 Save the log of iBMA…
2026-01-07 12:13:56 Set the config privilege
2026-01-07 12:13:56 Start SP…
[2026-01-07 12:13:57.057 INFO ] (sp.Main:start:-1)- Initialize smart provisioning on os.arch(aarch64).
[2026-01-07 12:13:57.057 INFO ] (views.MainController:setVersion:-1)- Start Smart Provisioning 1.9.0
[2026-01-07 12:13:58.058 INFO ] (sp.Main:queryStartType:-1)- get startup type.
[2026-01-07 12:13:58,304 INFO] (ipmi_manage.py:346)- iBMC version: V3
[2026-01-07 12:13:58,304 INFO] (boot_method.py:34)- Judge boot method
[2026-01-07 12:13:58,372 INFO] (ipmi_manage.py:204)- Boot from redfish.
[2026-01-07 12:13:58,440 INFO] (ipmi_manage.py:229)- Set start flag success
[2026-01-07 12:13:58.058 INFO ] (sp.Main:queryStartType:-1)- return code of getting startup type : 0.
[2026-01-07 12:13:58.058 INFO ] (sp.Main:searchTasks:-1)- scan flash.
[2026-01-07 12:13:59,152 INFO] (ipmi_manage.py:346)- iBMC version: V3
[2026-01-07 12:13:59,276 INFO] (firmware_upgrade.py:113)- Create upgrade request successfully. Return:
[2026-01-07 12:13:59,277 WARNING] (scan_file.py:346)- The request data of firmware update does not exist.
[2026-01-07 12:13:59,277 WARNING] (scan_file.py:365)- The request data of RAID configuration does not exist.
[2026-01-07 12:13:59,277 WARNING] (scan_file.py:378)- The request file of drive erase configuration /mnt/usb/spforbmc/operate/spdriveerase does not exist.
[2026-01-07 12:13:59,277 WARNING] (scan_file.py:403)- The request data of NIC configuration does not exist.
[2026-01-07 12:13:59,277 WARNING] (scan_file.py:425)- The request data of OS deployment does not exist.
[2026-01-07 12:14:00,372 ERROR] (redfish_client.py:211)- Failure: failed to establish a new connection to the host, message:HTTPSConnectionPool(host=‘fe80:0000:0000:0000:9e7d:a3ff:fe28:6ffa%veth’, port=40443): Max retries exceeded with url: /redfish/v1/Managers/ (Caused by SSLError(SSLError(1, ‘[SSL: TLSV1_ALERT_PROTOCOL_VERSION] tlsv1 alert protocol version (_ssl.c:1129)’))).
[2026-01-07 12:14:00,373 ERROR] (deploy_task.py:137)- Failed to get slot id of server from redfish.
[2026-01-07 12:14:00,373 ERROR] (deploy_task.py:154)- Failed to establish redfish connection.
[2026-01-07 12:14:00,373 ERROR] (deploy_task.py:230)- Not Found information of deploy task.
[2026-01-07 12:14:00,373 ERROR] (scan_file.py:316)- Failed to get os deploy task.
[2026-01-07 12:14:04,436 ERROR] (redfish_client.py:211)- Failure: failed to establish a new connection to the host, message:HTTPSConnectionPool(host=‘fe80:0000:0000:0000:9e7d:a3ff:fe28:6ffa%veth’, port=40443): Max retries exceeded with url: /redfish/v1/Managers/ (Caused by SSLError(SSLError(1, ‘[SSL: TLSV1_ALERT_PROTOCOL_VERSION] tlsv1 alert protocol version (_ssl.c:1129)’))).
[2026-01-07 12:14:04,438 ERROR] (deploy_task.py:137)- Failed to get slot id of server from redfish.
[2026-01-07 12:14:04,438 ERROR] (deploy_task.py:154)- Failed to establish redfish connection.
[2026-01-07 12:14:04,438 ERROR] (deploy_task.py:230)- Not Found information of deploy task.
[2026-01-07 12:14:04,438 ERROR] (scan_file.py:316)- Failed to get os deploy task.
[2026-01-07 12:14:08,493 ERROR] (redfish_client.py:211)- Failure: failed to establish a new connection to the host, message:HTTPSConnectionPool(host=‘fe80:0000:0000:0000:9e7d:a3ff:fe28:6ffa%veth’, port=40443): Max retries exceeded with url: /redfish/v1/Managers/ (Caused by SSLError(SSLError(1, ‘[SSL: TLSV1_ALERT_PROTOCOL_VERSION] tlsv1 alert protocol version (_ssl.c:1129)’))).
[2026-01-07 12:14:08,493 ERROR] (deploy_task.py:137)- Failed to get slot id of server from redfish.
[2026-01-07 12:14:08,493 ERROR] (deploy_task.py:154)- Failed to establish redfish connection.
[2026-01-07 12:14:08,493 ERROR] (deploy_task.py:230)- Not Found information of deploy task.
[2026-01-07 12:14:08,493 ERROR] (scan_file.py:316)- Failed to get os deploy task.
[2026-01-07 12:14:11,496 WARNING] (scan_file.py:436)- The task of OS deployment form redfish does not exist.
[2026-01-07 12:14:11,497 WARNING] (scan_file.py:441)- The request file of diagnose configuration /mnt/usb/spforbmc/operate/spdiagnose does not exist.
[2026-01-07 12:14:11,497 INFO] (scan_file.py:491)- File scanning is complete.
[2026-01-07 12:14:12.012 INFO ] (sp.Main:countTasks:-1)- check flash.
[2026-01-07 12:14:12.012 INFO ] (sp.Main:countTasks:-1)- no task from flash.
[2026-01-07 12:14:12.012 INFO ] (common.FileOperate:deleteFile:-1)- delete file: /mnt/usb/spforbmc/operate/result.json successfully.
[2026-01-07 12:14:12.012 INFO ] (sp.Main:showBMCOperateView:-1)- load operate view.
[2026-01-07 12:14:12.012 INFO ] (spforbmc.BMCOperateController:start:-1)- execute operating command.
[2026-01-07 12:14:12.012 INFO ] (common.Util:getMultiThreadPool:-1)- Enter multi thread pool.
[2026-01-07 12:14:12.012 INFO ] (spforbmc.BMCOperateController:start:-1)- start executing tasks.future: java.util.concurrent.FutureTask@4e443e13
[2026-01-07 12:14:12.012 INFO ] (common.Util:getMultiThreadPool:-1)- Enter multi thread pool.
[2026-01-07 12:14:12.012 INFO ] (spforbmc.BMCOperateController:start:-1)- start executing progress.future: java.util.concurrent.FutureTask@55d28ddc
[2026-01-07 12:14:12.012 INFO ] (spforbmc.ProgressTask:call:-1)- start to obtain operation progress.
[2026-01-07 12:14:12.012 INFO ] (spforbmc.ProgressTask:call:-1)- all tasks are executed finished.
[2026-01-07 12:14:12,344 INFO] (ipmi_manage.py:346)- iBMC version: V3
[2026-01-07 12:14:13,435 ERROR] (redfish_client.py:211)- Failure: failed to establish a new connection to the host, message:HTTPSConnectionPool(host=‘fe80:0000:0000:0000:9e7d:a3ff:fe28:6ffa%veth’, port=40443): Max retries exceeded with url: /redfish/v1/Managers/ (Caused by SSLError(SSLError(1, ‘[SSL: TLSV1_ALERT_PROTOCOL_VERSION] tlsv1 alert protocol version (_ssl.c:1129)’))).
[2026-01-07 12:14:13,436 ERROR] (deploy.py:212)- Failed to get slotid information.
[2026-01-07 12:14:13,436 ERROR] (deploy.py:501)- Failed to establish redfish connection.
[2026-01-07 12:14:13.013 INFO ] (spforbmc.BMCOperateController:call:-1)- execute flash tasks is finished.
[2026-01-07 12:14:13.013 INFO ] (spforbmc.BMCOperateController:lambda$init$0:-1)- clear operate files.
[2026-01-07 12:14:13.013 INFO ] (common.FileOperate:deleteFile:-1)- delete file: /mnt/usb/spforbmc/operate/sptask.json successfully.
[2026-01-07 12:14:13.013 INFO ] (spforbmc.BMCOperateController:lambda$init$0:-1)- operate is finished, start to reboot system.
[2026-01-07 12:14:13.013 ERROR] (spforbmc.BMCOperateController:setRestartMode:-1)- obtain active mode information from file failed.
[2026-01-07 12:14:14.014 ERROR] (spforbmc.BMCOperateController:setRestartMode:-1)- obtain active mode information from file failed.
[2026-01-07 12:14:15.015 ERROR] (spforbmc.BMCOperateController:setRestartMode:-1)- obtain active mode information from file failed.
[2026-01-07 12:14:16.016 ERROR] (spforbmc.BMCOperateController:setRestartMode:-1)- obtain active mode information from file failed.
[2026-01-07 12:14:17.017 ERROR] (spforbmc.BMCOperateController:setRestartMode:-1)- obtain active mode information from file failed.
[2026-01-07 12:14:18.018 ERROR] (spforbmc.BMCOperateController:setRestartMode:-1)- obtain active mode information from file failed.
[2026-01-07 12:14:19.019 ERROR] (spforbmc.BMCOperateController:setRestartMode:-1)- obtain active mode information from file failed.
[2026-01-07 12:14:20.020 ERROR] (spforbmc.BMCOperateController:setRestartMode:-1)- obtain active mode information from file failed.
[2026-01-07 12:14:21.021 ERROR] (spforbmc.BMCOperateController:setRestartMode:-1)- obtain active mode information from file failed.
[2026-01-07 12:14:22.022 ERROR] (spforbmc.BMCOperateController:setRestartMode:-1)- obtain active mode information from file failed.
[2026-01-07 12:14:24.024 INFO ] (common.Util:getMultiThreadPool:-1)- Enter multi thread pool.
[2026-01-07 12:14:55.055 INFO ] (common.RestartOperate:restartOperate:-1)- Reboot the server.
2026-01-07 12:14:55 Save system log…

环境信息

  • 操作系统:无

  • 软件版本:SP版本为1.9.0

  • 硬件配置:KunLun 2280 V2

重现步骤

  1. [第一步] 设置BMC的安全配置-TLS版本为仅限TLS1.3

  2. [第二步]通过下发SP 的OS部署任务进行OpenEuler的安装

  3. [第三步]任务失败

期望结果

  1. BMC的安全配置-TLS版本为仅限TLS1.3时,通过下发SP 的OS部署任务进行OpenEuler的安装能够成功

实际结果

1.BMC的安全配置-TLS版本为仅限TLS1.3时,通过下发SP 的OS部署任务进行OpenEuler的安装失败

尝试过的解决方案

1.将BMC的安全配置-TLS版本为TLS1.2及更高版本时,通过下发SP 的OS部署任务进行OpenEuler的安装成功了

BIOS上报的版本信息为空
【SP】在BIOS启动SP之后,但是BMC web界面显示未启动
2

答案内容由AI生成,仅供参考:

BMC 安全配置中 TLS 版本限制为仅 TLS 1.3 时,通过 Smart Provisioning 安装 OpenEuler 失败的问题分析与解决方案

根据您提供的详细日志和环境信息,当 BMC 的安全配置中 TLS 版本被设置为“仅限 TLS 1.3”时,Smart Provisioning (SP) 无法成功安装 OpenEuler,核心原因是 SP 客户端不支持与 BMC 的 Redfish 服务建立基于 TLS 1.3 的连接

:magnifying_glass_tilted_left: 问题核心诊断

:cross_mark: 错误日志分析

从您的 SP 日志中可以找到关键错误信息:

[2026-01-07 12:14:13,435 ERROR] (redfish_client.py:211)- Failure: failed to establish a new connection to the host, message:HTTPSConnectionPool(host='fe80:0000:0000:0000:9e7d:a3ff:fe28:6ffa%veth', port=40443): Max retries exceeded with url: /redfish/v1/Managers/ (Caused by SSLError(SSLError(1, ‘[SSL: TLSV1_ALERT_PROTOCOL_VERSION] tlsv1 alert protocol version (_ssl.c:1129)’))).

该错误明确指出了问题的本质:

  • SSLError(1, '[SSL: TLSV1_ALERT_PROTOCOL_VERSION]'):表明客户端(SP)尝试连接时,BMC 因协议版本不匹配而拒绝了连接。
  • tlsv1 alert protocol version:这是 TLS 协议层返回的致命警报,意味着客户端提供的协议版本(如 TLS 1.2 或更低)未被服务器(BMC)接受,而此时 BMC 已配置为只允许 TLS 1.3

:white_check_mark: 结论:Smart Provisioning 工具在当前版本(1.9.0)下使用的 Redfish 客户端库或其依赖的 OpenSSL 版本,不支持 TLS 1.3 协议,导致无法与强制启用 TLS 1.3 的 BMC 建立安全连接。

:books: 背景信息支持

1. TLS 配置在 BMC 中的作用

BMC 支持通过 Web 界面或 API 配置所允许的 TLS 协议版本,通常包括:

  • TLS 1.0 (已废弃)
  • TLS 1.1
  • TLS 1.2
  • TLS 1.3 (最新、最安全)

当配置为 “仅限 TLS 1.3” 时,所有通过 HTTPS 进行的通信(包括 Redfish API、Web UI、Smart Provisioning 等)必须使用 TLS 1.3 协议,否则连接将被中断。

2. Redfish 接口是 SP 实现自动化部署的关键

Smart Provisioning 依赖 Redfish 接口获取服务器资源信息、设置启动模式、部署操作系统等。相关路径如:

  • /redfish/v1/Managers/
  • /redfish/v1/Systems/

一旦无法建立 Redfish 连接,SP 即无法完成初始化和任务执行,表现为:

Failed to get slot id of server from redfish
Failed to establish redfish connection

这正是日志中反复出现的情况。

:white_check_mark: 已验证的解决方案

方案一:【临时解决】放宽 TLS 版本限制(推荐用于生产环境快速恢复)

您已经验证过此方案有效:

将 BMC 安全配置中的 TLS 版本从“仅限 TLS 1.3”改为“TLS 1.2 及更高版本”后,SP 安装 OpenEuler 成功。

:white_check_mark: 操作建议:

BMC Web 界面路径:
用户与安全 → 安全配置 → 安全增强 → TLS版本 → 选择 “TLS 1.2 及更高版本”

此设置允许 TLS 1.2 和 TLS 1.3 共存,兼容现有 SP 客户端,同时保持较高安全性。

方案二:【长期解决】升级 Smart Provisioning 或 Redfish 客户端支持 TLS 1.3

当前限制:

  • SP 使用的 Redfish 客户端(如 Python 的 redfish_client.py)可能基于较旧版本的 urllib3requests 库。
  • 若底层 OpenSSL 版本低于 1.1.1,则无法支持 TLS 1.3。

解决方向:

项目 建议
SP 工具版本 升级至支持 TLS 1.3 的新版本(如 SP 2.0+),确认其 Redfish 客户端是否使用 OpenSSL 1.1.1+ 或同等能力的 TLS 库
BMC Redfish 服务兼容性 确认 iBMC 版本(您使用的是 6.00.07.04 V3)是否提供向下兼容策略或可配置的协议白名单
开发/测试环境验证 使用 openssl s_client 测试连接能力: 
openssl s_client -connect [BMC_IP]:443 -tls1_3

若返回 tlsv1 alert protocol version,说明客户端不支持;若能完成握手,则说明服务端配置允许。

:hammer_and_wrench: 根本原因总结

因素 状态
BMC 配置 强制仅使用 TLS 1.3,符合安全最佳实践
SP 客户端能力 不支持 TLS 1.3 协议(可能是 Python 环境、库版本或 OpenSSL 支持缺失)
Redfish 通信 失败于 TLS 握手阶段,协议版本不匹配
结果 SP 无法获取服务器资源、无法部署 OS,任务失败

:warning: 这不是 BMC 的故障,而是客户端与服务端之间的 TLS 协议兼容性问题

:white_check_mark: 推荐处理流程

graph TD
    A[SP 安装失败] --> B{检查 TLS 配置}
    B -->|仅限 TLS 1.3| C[尝试 SP 连接]
    C --> D[SSL 协议版本错误]
    D --> E[确认 SP 是否支持 TLS 1.3]
    E -->|不支持| F[临时调整为 TLS 1.2 及更高版本]
    E -->|支持| G[排查证书或网络问题]
    F --> H[SP 安装成功]
    H --> I[提交需求给 SP 开发方升级支持 TLS 1.3]

:megaphone: 建议与后续行动

  1. 向 Smart Provisioning 工具开发团队提交需求,要求:

    • 明确声明对 TLS 1.3 的支持情况。
    • 升级底层依赖库以支持现代 TLS 协议。
    • 提供在高安全模式下(仅 TLS 1.3)的兼容性测试报告。

  2. 文档化此限制
    在部署文档中添加说明:

    “当前 SP 版本(1.9.0)不支持 TLS 1.3,若 BMC 启用‘仅限 TLS 1.3’模式,将导致 Redfish 连接失败,请暂时配置为‘TLS 1.2 及更高版本’。”

  3. 监控未来版本兼容性

    • 关注 SP 新版本发布说明。
    • 关注 BMC 固件(iBMC)是否提供更灵活的 TLS 策略(如按客户端类型区分)。

:white_check_mark: 总结

项目 内容
问题原因 Smart Provisioning 客户端不支持 TLS 1.3,无法与仅启用 TLS 1.3 的 BMC 建立 Redfish 连接
错误表现 SSLError: [SSL: TLSV1_ALERT_PROTOCOL_VERSION]
根本原因 客户端与服务端 TLS 协议版本不兼容
临时方案 将 BMC TLS 版本设为“TLS 1.2 及更高版本”
长期方案 升级 SP 工具以支持 TLS 1.3
验证结果 已确认降级 TLS 配置后可成功安装 OpenEuler

:white_check_mark: 建议立即采用“TLS 1.2 及更高版本”配置以保障业务连续性,并推动 SP 工具升级以满足未来高安全环境的需求。

相关链接:

  1. 仿真环境启动后无法访问
  2. 【iTestSmart】检查BMC版本,给出告警后,未执行测试步骤。
  3. /redfish/v1/UpdateService/FirmwareInventory 多个属性缺失
  4. V3 Web界面安全配置TLS版本功能无效
  5. openUBMC
3

你好,SP的老版本未支持TLS1.3的版本,因此通过redfish向BMC请求OS部署任务的时候会发送失败,导致未能成功进行OS安装

但在SP1.13.0及以上版本已支持TLS1.3,若想设置TLS仅限1.3版本,可以将SP版本升级到1.13.0及以上的版本再进行OS部署