----- Original Message -----
From: "Daniel Helgenberger" <daniel.helgenberger@m-box.de> To: "Martin Perina" <mperina@redhat.com> Cc: users@ovirt.org, "Eli Mesika" <emesika@redhat.com> Sent: Thursday, May 21, 2015 9:31:50 PM Subject: Re: [ovirt-users] Configuring ilo2 PM; passing ssh options
On 21.05.2015 21:07, Martin Perina wrote:
Hi Daniel,
I'm cc'ing Eli as we are currently facing issue with fence agents regression for passing boolean flags to fence agents. Thanks for getting back to me so quickly.
I looked at man page of fence_ilo2 again and I haven't found --tls1.0 option at all. Strange? FYI I am running CentOS7.1 hosts; installed fence: fence-agents-ilo2-4.0.11-11.el7_1.x86_64
Here, clearly I have this option. The fence agent itself seems to use gnutls successfully:
# fence_ilo2 -a 10.11.0.212 --username=ovirt -p ****** -v -o status --ssl-insecure --tls1.0
Running command: /usr/bin/gnutls-cli --priority "NORMAL:-VERS-TLS1.2:-VERS-TLS1.1:+VERS-TLS1.0:%LATEST_RECORD_VERSION" --insecure --crlf -p 443 10.11.0.212
Ahh, I looked at older version on F20. But I can't find --tls1.0 option even on man page for fence-agents-ilo2-4.0.11-11.el7_1.x86_64 :-( So if you really see this option, please take a look at the end of man page, where you can find STDIN format options names and add it along with ssl_insecure to options in Power Management tab of the hosts (instead of "tls1_0 use what you find in your man page): ssl_insecure=1,tls1_0=1 Thanks Martin Perina
I put the whole command output below [1]
To specify --ssl-insecure please add following
into options in Power Management tab of the host:
ssl_insecure=1 Thanks for pointing out how to actually use these options.
Martin Perina
----- Original Message -----
From: "Daniel Helgenberger" <daniel.helgenberger@m-box.de> To: "Martin Perina" <mperina@redhat.com> Cc: users@ovirt.org Sent: Thursday, May 21, 2015 8:11:40 PM Subject: Re: [ovirt-users] Configuring ilo2 PM; passing ssh options
On 12.05.2015 09:16, Martin Perina wrote:
Hi Daniel, Hello Martin,
sorry for answering that late. And thanks for pointing me to the man page! I always seem to forget that.
options defined in PM tab are used to pass custom settings of specific fence agent. In you case please take a look at man page for fence_ilo2. I looked there briefly and I'm afraid that your parameter is not supported.
Ok, this command runs fine and uses XML: fence_ilo2 -a 10.11.0.212 --username=ovirt -p secret -v -o status --ssl-insecure --tls1.0
However, using options --tls1.0 and --ssl-insecure does not work in the engine. What puzzles me: the fence agent seems to use an SSL connection and XML; while the GUI wants an SSH port form me?
There I get the error: Unknown options ..
now I only get Test succeeded - unknown (witch actually is not successful)
Thanks!
I see that fence_ilo3_ssh and fence_ilo4_ssh should support passing that option for SSH connection, so you could try them if they work with you fence device.
Martin Perina
----- Original Message -----
From: "Daniel Helgenberger" <daniel.helgenberger@m-box.de> To: users@ovirt.org Sent: Monday, May 11, 2015 5:53:10 PM Subject: [ovirt-users] Configuring ilo2 PM; passing ssh options
Hello,
to make this short - i need to pass ssh options to get the connection to ilo2 working (MACs=hmac-sha1) [1].
How can this be done? I think the 'options' field is clearly for something else?
Using this option in .ssh/config works btw.
Thanks! -- Daniel Helgenberger m box bewegtbild GmbH
P: +49/30/2408781-22 F: +49/30/2408781-10
ACKERSTR. 19 D-10115 BERLIN
www.m-box.de www.monkeymen.tv
Geschäftsführer: Martin Retschitzegger / Michaela Göllner Handeslregister: Amtsgericht Charlottenburg / HRB 112767 _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
-- Daniel Helgenberger m box bewegtbild GmbH
P: +49/30/2408781-22 F: +49/30/2408781-10
ACKERSTR. 19 D-10115 BERLIN
www.m-box.de www.monkeymen.tv
Geschäftsführer: Martin Retschitzegger / Michaela Göllner Handeslregister: Amtsgericht Charlottenburg / HRB 112767
[1]
Sent: <?xml version="1.0"?>
Received: <?xml version="1.0"?>
Processed 0 CA certificate(s). Resolving '10.11.0.212'... Connecting to '10.11.0.212:443'... - Certificate type: X.509 - Got a certificate list of 1 certificates. - Certificate[0] info: - subject `C=US,ST=Texas,L=Houston,O=Hewlett-Packard Company,OU=ISS,CN=hv02', issuer `C=US,ST=Texas,L=Houston,O=Hewlett-Packard Company,OU=ISS,CN=hv02', RSA key 1024 bits, signed using RSA-MD5 (broken!), activated `2002-12-05 20:25:26 UTC', expires `2022-12-05 20:25:26 UTC', SHA-1 fingerprint `4db06bc1a74fe2894068d89ea76c0622b3e76bc1' Public Key ID: 428f85bc360c8778eb550e4b8ef1c65b111d7108 Public key's random art: +--[ RSA 1024]----+ | Eoo+. | | . o . .o. | | . = B + | | . & X . | | o # S | | . + = | | . . | | | | | +-----------------+
- Status: The certificate is NOT trusted. The certificate issuer is unknown. The name in the certificate does not match the expected. *** PKI verification of server certificate failed... - Description: (TLS1.0)-(RSA)-(AES-128-CBC)-(SHA1) - Session ID: AA:C9:08:8C:F5:E7:E6:19:7D:BC:20:D4:A0:C0:DA:E4:0E:C1:C0:2A:BC:93:8E:B3:5F:20:B0:38:67:F2:01:5C - Version: TLS1.0 - Key Exchange: RSA - Cipher: AES-128-CBC - MAC: SHA1 - Compression: NULL - Handshake was completed
- Simple Client Mode:
<?xml version="1.0"?> <RIBCL VERSION="2.22"> <RESPONSE STATUS="0x0000" MESSAGE='No error' /> </RIBCL> Sent: <RIBCL VERSION="2.0">
Sent: <LOGIN USER_LOGIN = "ovirt" PASSWORD = "dJPVmJG64zMVD3d">
Sent: <RIB_INFO MODE="read"><GET_FW_VERSION />
Sent: </RIB_INFO>
Received: <RIBCL VERSION="2.0">
<LOGIN USER_LOGIN = "ovirt" PASSWORD = "dJPVmJG64zMVD3d">
<RIB_INFO MODE="read"><GET_FW_VERSION />
</RIB_INFO>
<?xml version="1.0"?> <RIBCL VERSION="2.22"> <RESPONSE STATUS="0x0000" MESSAGE='No error' /> </RIBCL> <?xml version="1.0"?> <RIBCL VERSION="2.22"> <RESPONSE STATUS="0x0000" MESSAGE='No error' /> </RIBCL> <?xml version="1.0"?> <RIBCL VERSION="2.22"> <RESPONSE STATUS="0x0000" MESSAGE='No error' /> </RIBCL> <?xml version="1.0"?> <RIBCL VERSION="2.22"> <RESPONSE STATUS="0x0000" MESSAGE='No error' /> <GET_FW_VERSION
Received: FIRMWARE_VERSION = "2.25" FIRMWARE_DATE = "Apr 14 2014" MANAGEMENT_PROCESSOR = "iLO2" LICENSE_TYPE = "iLO 2 Advanced" /> Sent: </LOGIN>
Sent: <LOGIN USER_LOGIN = "ovirt" PASSWORD = "dJPVmJG64zMVD3d">
Sent: <SERVER_INFO MODE = "read"><GET_HOST_POWER_STATUS/>
Sent: </SERVER_INFO></LOGIN>
Received: </RIBCL> <?xml version="1.0"?> <RIBCL VERSION="2.22"> <RESPONSE STATUS="0x0000" MESSAGE='No error' /> </RIBCL> <?xml version="1.0"?> <RIBCL VERSION="2.22"> <RESPONSE STATUS="0x0000" MESSAGE='No error' /> </RIBCL> </LOGIN>
<LOGIN USER_LOGIN = "ovirt" PASSWORD = "*********">
<?xml version="1.0"?> <RIBCL VERSION="2.22"> <RESPONSE STATUS="0x0000" MESSAGE='No error' /> </RIBCL> <?xml version="1.0"?> <RIBCL VERSION="2.22"> <RESPONSE STATUS="0x0000" MESSAGE='No error' /> </RIBCL> <SERVER_INFO MODE = "read"><GET_HOST_POWER_STATUS/>
<?xml version="1.0"?> <RIBCL VERSION="2.22"> <RESPONSE STATUS="0x0000" MESSAGE='No error' /> </RIBCL> <?xml version="1.0"?> <RIBCL VERSION="2.22"> <RESPONSE STATUS="0x0000" MESSAGE='No error' /> <GET_HOST_POWER HOST_POWER="ON" Status: ON