Re: [ClusterLabs] using IPMI for fencing - configuring IPMI with ipmitool - HELP

2017-03-01 Thread Lentes, Bernd 


- On Mar 1, 2017, at 5:03 AM, Andrei Borzenkov arvidj...@gmail.com wrote:

> 28.02.2017 20:39, Lentes, Bernd пишет:
>> Hi,
>> 
>> i have a HP server ML 350 G9 with an ILO4 card. The riloe stonith agent does 
>> not
>> work, i read in a book the recommendation to use the ipmi ressource agent
>> instead.
>> I'm trying to configure the respective ILO adapter with ipmitool.
> 
> Why do not you simply go to iLO4 web interface and configure users there?

I have users configured there. But are they visible for IPMI ?


Bernd
 

Helmholtz Zentrum Muenchen
Deutsches Forschungszentrum fuer Gesundheit und Umwelt (GmbH)
Ingolstaedter Landstr. 1
85764 Neuherberg
www.helmholtz-muenchen.de
Aufsichtsratsvorsitzende: MinDir'in Baerbel Brumme-Bothe
Geschaeftsfuehrer: Prof. Dr. Guenther Wess, Heinrich Bassler, Dr. Alfons Enhsen
Registergericht: Amtsgericht Muenchen HRB 6466
USt-IdNr: DE 129521671


___
Users mailing list: Users@clusterlabs.org
http://lists.clusterlabs.org/mailman/listinfo/users

Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org

Re: [ClusterLabs] using IPMI for fencing - configuring IPMI with ipmitool - HELP

2017-02-28 Thread Andrei Borzenkov 
28.02.2017 20:39, Lentes, Bernd пишет:
> Hi,
> 
> i have a HP server ML 350 G9 with an ILO4 card. The riloe stonith agent does 
> not work, i read in a book the recommendation to use the ipmi ressource agent 
> instead.
> I'm trying to configure the respective ILO adapter with ipmitool.

Why do not you simply go to iLO4 web interface and configure users there?

___
Users mailing list: Users@clusterlabs.org
http://lists.clusterlabs.org/mailman/listinfo/users

Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org

Re: [ClusterLabs] using IPMI for fencing - configuring IPMI with ipmitool - HELP

2017-02-28 Thread Digimer 
On 28/02/17 12:39 PM, Lentes, Bernd wrote:
> Hi,
> 
> i have a HP server ML 350 G9 with an ILO4 card. The riloe stonith agent does 
> not work, i read in a book the recommendation to use the ipmi ressource agent 
> instead.
> I'm trying to configure the respective ILO adapter with ipmitool. OMG. 
> Ipmitool drives me crazy.
> It's a SLES 11 SP4 node. I did "/etc/init.d/ipmi start", some modules are 
> loaded:
> 
> ha-idg-1:~ # lsmod|grep -i ipmi
> ipmi_devintf   17560  0
> ipmi_si53422  0
> ipmi_msghandler49979  2 ipmi_devintf,ipmi_si
> 
> I have a device file:
> 
> ha-idg-1:~ # ll /dev/ipm*
> crw-rw 1 root root 246, 0 Feb 28 13:51 /dev/ipmi0
> 
> What i found out/did already:
> 
> For channel 2 i have two users configured:
> 
> ipmitool> user list 2
> 1   Administratortruefalse  true   ADMINISTRATOR
> 2   root truefalse  true   ADMINISTRATOR
> 3   (Empty User) truefalse  false  NO ACCESS
> 4   (Empty User) truefalse  false  NO ACCESS
> 5   (Empty User) truefalse  false  NO ACCESS
> 6   (Empty User) truefalse  false  NO ACCESS
> 7   (Empty User) truefalse  false  NO ACCESS
> 8   (Empty User) truefalse  false  NO ACCESS
> 9   (Empty User) truefalse  false  NO ACCESS
> 10  (Empty User) truefalse  false  NO ACCESS
> 11  (Empty User) truefalse  false  NO ACCESS
> 12  (Empty User) truefalse  false  NO ACCESS
> 
> User root has a passsword which i tested via "user test" and it was ok.
> 
> Channel 2:
> 
> ipmitool> channel info 2
> Channel 0x2 info:
>   Channel Medium Type   : 802.3 LAN
>   Channel Protocol Type : IPMB-1.0
>   Session Support   : multi-session
>   Active Session Count  : 0
>   Protocol Vendor ID: 7154
>   Volatile(active) Settings
> Alerting: enabled
> Per-message Auth: disabled
> User Level Auth : enabled
> Access Mode : always available
>   Non-Volatile Settings
> Alerting: enabled
> Per-message Auth: disabled
> User Level Auth : enabled
> Access Mode : always available
> 
> ipmitool> lan print 2
> Set in Progress : Set Complete
> Auth Type Support   :
> Auth Type Enable: Callback :
> : User :
> : Operator :
> : Admin:
> : OEM  :
> IP Address Source   : DHCP Address
> IP Address  : 146.107.235.15
> Subnet Mask : 255.255.255.0
> MAC Address : 70:10:6f:47:0c:48
> SNMP Community String   :
> BMC ARP Control : ARP Responses Enabled, Gratuitous ARP Disabled
> Default Gateway IP  : 146.107.235.1
> 802.1q VLAN ID  : Disabled
> 802.1q VLAN Priority: 0
> RMCP+ Cipher Suites : 0,1,2,3
> Cipher Suite Priv Max   : XuuaXXX
> : X=Cipher Suite Unused
> : c=CALLBACK
> : u=USER
> : o=OPERATOR
> : a=ADMIN
> : O=OEM
> 
> How can i grant principal access to channel 2 ?
> I tried:
> 
> ipmitool> lan set 2 access on
> Set Channel Access for channel 2 failed: Unknown (0x83)
> ipmitool> lan set 2 access ON
> lan set access 
> ipmitool> lan set 2 access=ON
> lan set access 
> 
> Does not seem to work.
> 
> I did "lan set user 2", do not know if it's helpful.
> 
> Also:
> 
> ipmitool> channel authcap 2 4
> Channel number : 2
> IPMI v1.5  auth types  :
> KG status  : default (all zeroes)
> Per message authentication : disabled
> User level authentication  : enabled
> Non-null user names exist  : yes
> Null user names exist  : no
> Anonymous login enabled: no
> Channel supports IPMI v1.5 : no
> Channel supports IPMI v2.0 : yes
> 
> Don't know if it helps.
> 
> I found 
> https://www.thomas-krenn.com/de/wiki/IPMI_Konfiguration_unter_Linux_mittels_ipmitool
>  (sorry, only in german):
> 
> I did, as proposed:
> 
> ha-idg-1:~ # ipmitool lan set 2 auth ADMIN MD5
> ha-idg-1:~ # ipmitool lan set 2 access on
> Set Channel Access for channel 2 failed: Unknown (0x83)   <= ???
> 
> ha-idg-1:~ # ipmitool lan print 2
> Set in Progress : Set Complete
> Auth Type Support   :
> Auth Type Enable: Callback :
> : User :
> : Operator :
> : Admin:
> : OEM  :
> IP Address Source   : DHCP Address
> IP Address  : 146.107.235.15
> Subnet Mask : 255.255.255.0
> MAC Address : 70:10:6f:47:0c:48
> SNMP Community String   :
> BMC ARP Control : ARP Responses Enabled, Gratuitous ARP Disabled
> Default Gateway IP  :

[ClusterLabs] using IPMI for fencing - configuring IPMI with ipmitool - HELP

2017-02-28 Thread Lentes, Bernd 
Hi,

i have a HP server ML 350 G9 with an ILO4 card. The riloe stonith agent does 
not work, i read in a book the recommendation to use the ipmi ressource agent 
instead.
I'm trying to configure the respective ILO adapter with ipmitool. OMG. Ipmitool 
drives me crazy.
It's a SLES 11 SP4 node. I did "/etc/init.d/ipmi start", some modules are 
loaded:

ha-idg-1:~ # lsmod|grep -i ipmi
ipmi_devintf   17560  0
ipmi_si53422  0
ipmi_msghandler49979  2 ipmi_devintf,ipmi_si

I have a device file:

ha-idg-1:~ # ll /dev/ipm*
crw-rw 1 root root 246, 0 Feb 28 13:51 /dev/ipmi0

What i found out/did already:

For channel 2 i have two users configured:

ipmitool> user list 2
1   Administratortruefalse  true   ADMINISTRATOR
2   root truefalse  true   ADMINISTRATOR
3   (Empty User) truefalse  false  NO ACCESS
4   (Empty User) truefalse  false  NO ACCESS
5   (Empty User) truefalse  false  NO ACCESS
6   (Empty User) truefalse  false  NO ACCESS
7   (Empty User) truefalse  false  NO ACCESS
8   (Empty User) truefalse  false  NO ACCESS
9   (Empty User) truefalse  false  NO ACCESS
10  (Empty User) truefalse  false  NO ACCESS
11  (Empty User) truefalse  false  NO ACCESS
12  (Empty User) truefalse  false  NO ACCESS

User root has a passsword which i tested via "user test" and it was ok.

Channel 2:

ipmitool> channel info 2
Channel 0x2 info:
  Channel Medium Type   : 802.3 LAN
  Channel Protocol Type : IPMB-1.0
  Session Support   : multi-session
  Active Session Count  : 0
  Protocol Vendor ID: 7154
  Volatile(active) Settings
Alerting: enabled
Per-message Auth: disabled
User Level Auth : enabled
Access Mode : always available
  Non-Volatile Settings
Alerting: enabled
Per-message Auth: disabled
User Level Auth : enabled
Access Mode : always available

ipmitool> lan print 2
Set in Progress : Set Complete
Auth Type Support   :
Auth Type Enable: Callback :
: User :
: Operator :
: Admin:
: OEM  :
IP Address Source   : DHCP Address
IP Address  : 146.107.235.15
Subnet Mask : 255.255.255.0
MAC Address : 70:10:6f:47:0c:48
SNMP Community String   :
BMC ARP Control : ARP Responses Enabled, Gratuitous ARP Disabled
Default Gateway IP  : 146.107.235.1
802.1q VLAN ID  : Disabled
802.1q VLAN Priority: 0
RMCP+ Cipher Suites : 0,1,2,3
Cipher Suite Priv Max   : XuuaXXX
: X=Cipher Suite Unused
: c=CALLBACK
: u=USER
: o=OPERATOR
: a=ADMIN
: O=OEM

How can i grant principal access to channel 2 ?
I tried:

ipmitool> lan set 2 access on
Set Channel Access for channel 2 failed: Unknown (0x83)
ipmitool> lan set 2 access ON
lan set access 
ipmitool> lan set 2 access=ON
lan set access 

Does not seem to work.

I did "lan set user 2", do not know if it's helpful.

Also:

ipmitool> channel authcap 2 4
Channel number : 2
IPMI v1.5  auth types  :
KG status  : default (all zeroes)
Per message authentication : disabled
User level authentication  : enabled
Non-null user names exist  : yes
Null user names exist  : no
Anonymous login enabled: no
Channel supports IPMI v1.5 : no
Channel supports IPMI v2.0 : yes

Don't know if it helps.

I found 
https://www.thomas-krenn.com/de/wiki/IPMI_Konfiguration_unter_Linux_mittels_ipmitool
 (sorry, only in german):

I did, as proposed:

ha-idg-1:~ # ipmitool lan set 2 auth ADMIN MD5
ha-idg-1:~ # ipmitool lan set 2 access on
Set Channel Access for channel 2 failed: Unknown (0x83)   <= ???

ha-idg-1:~ # ipmitool lan print 2
Set in Progress : Set Complete
Auth Type Support   :
Auth Type Enable: Callback :
: User :
: Operator :
: Admin:
: OEM  :
IP Address Source   : DHCP Address
IP Address  : 146.107.235.15
Subnet Mask : 255.255.255.0
MAC Address : 70:10:6f:47:0c:48
SNMP Community String   :
BMC ARP Control : ARP Responses Enabled, Gratuitous ARP Disabled
Default Gateway IP  : 146.107.235.1
802.1q VLAN ID  : Disabled
802.1q VLAN Priority: 0
RMCP+ Cipher Suites : 0,1,2,3
Cipher Suite Priv Max   : XuuaXXX
: X=Cipher Suite Unused
: c=CALLBACK
: u=USER
: o=OPERATOR