On 07/07/17 10:07 +0200, Marek Grac wrote:
Hi,
On Fri, Jul 7, 2017 at 8:02 AM, ArekW <arkad...@gmail.com> wrote:
Hi,
I did a small research on the scripts
/usr/sbin/fence_vbox
def main():
...
conn = fence_login(options)
The fence_loging is scripted in the fencing.py and it should invoke
function: _login_ssh_with_identity_file
/usr/share/fence/fencing.py
def _login_ssh_with_identity_file:
...
command = '%s %s %s@%s -i %s -p %s' % \
(options["--ssh-path"], force_ipvx, options["--username"],
options["--ip"], \
options["--identity-file"], options["--ipport"])
There are username and ip parameter used here (not login and ipaddr as in
fence description) so I used:
You have noticed this right, this is due to backward compatibility. And we
are working towards ability to use command-line options everywhere (it is
already in upstream but it is not yet supported in pcs).
So 'login=FOO' is same as '--username FOO/-l FOO'. Misleading at least. The
mapping between those systems was available on our wiki pages, it is
available in documentation and in (somewhat less readable way) in manual
page.
You can run "fence_vbox -o metadata" to see what the different
parameters are named.
pcs stonith create vbox-fencing fence_vbox ip=10.0.2.2 username=AW23321
identity_file=/root/.ssh/id_rsa host_os=windows
vboxmanage_path="/cygdrive/c/Program\ Files/Oracle/VirtualBox/VBoxManage"
pcmk_host_map="nfsnode1:centos1;nfsnode2:centos2" ssh=true
inet4_only=true op monitor interval=5 -force
* Why are you using -force?
* ssh=true is not a valid option (=> it is ignored and warning should be in
the logs) and fence_vbox can use ssh only. [secure=true will do what you
want]
I still got the same warning in messages:
Jul 7 07:52:24 nfsnode1 stonith-ng[6244]: warning: fence_vbox[21564]
stderr: [ Unable to connect/login to fencing device ]
Jul 7 07:52:24 nfsnode1 stonith-ng[6244]: warning: fence_vbox[21564]
stderr: [ ]
Jul 7 07:52:24 nfsnode1 stonith-ng[6244]: warning: fence_vbox[21564]
stderr: [ ]
"Standalone" test is working with the same parameters:
[root@nfsnode1 nfsinfo]# fence_vbox --ip 10.0.2.2 --username=AW23321
--identity-file=/root/.ssh/id_rsa --plug=centos2 --host-os=windows
--action=status --vboxmanage-path="/cygdrive/c/Program\
Files/Oracle/VirtualBox/VBoxManage" -4 -x
Status: ON
This looks like SELinux for me. From the command line, you are in
unconfined domain so no checks are performed. Try to look at SELinux
boolean "fenced_can_ssh"
I could use more debug in the scripts.
You can use verbose=true (-v) and it will display all input/output
operations. In case of the fence_vbox you will see what we attempt to run
and what is the output of these commands. If there is need for more detail
output, please let me know and I will try to add it.
m,
_______________________________________________
Users mailing list: Users@clusterlabs.org
http://lists.clusterlabs.org/mailman/listinfo/users
Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org
_______________________________________________
Users mailing list: Users@clusterlabs.org
http://lists.clusterlabs.org/mailman/listinfo/users
Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org
