On 04/27/2017 05:35 PM, Gianluca Cecchi wrote:
On Thu, Apr 27, 2017 at 4:58 PM, Gianluca Cecchi
<gianluca.cecchi(a)gmail.com <mailto:gianluca.cecchi@gmail.com>> wrote:
On Thu, Apr 27, 2017 at 4:43 PM, Gianluca Cecchi
<gianluca.cecchi(a)gmail.com <mailto:gianluca.cecchi@gmail.com>> wrote:
Hello,
I'm trying to use fence_rhevm in a CentOS 6.8 guest that is part
of a virtual rhcs cluster
My sw version for fence_agents inside guest is
fence-agents-4.0.15-12.el6.x86_64 and I notice that for this
particular agent nothing changes also using the latest available
package fence-agents-4.0.15-13.el6.x86_64.rpm apart
[root@p2vnorasvi1 ~]# diff fence_rhevm /usr/sbin/fence_rhevm
13c13
< BUILD_DATE="(built Wed Mar 22 04:24:11 UTC 2017)"
---
> BUILD_DATE="(built Tue May 10 22:28:47 UTC 2016)"
[root@p2vnorasvi1 ~]#
The VM name in oVirt 4.1.1 is p2vorasvi1
Running this command against the engine I get
[root@p2vnorasvi1 network-scripts]# fence_rhevm -a 10.4.192.43
-l "admin@internal" -p "mypassword" -z --shell-timeout=20
--power-wait=10 -v -o status -n p2vorasvi1
vms/?search=name%3Dp2vorasvi1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /api/vms/ was not found on this server.</p>
</body></html>
Failed: Unable to obtain correct plug status or plug is not
available
Actually I get the same error even if I put a wrong password....
What am I missing...?
Do I have to specify DC/cluster if I have more than one, or
other parameters?
Thanks,
Gianluca
If I change this in fence_rhevm
[root@p2vnorasvi1 sbin]# diff fence_rhevm fence_rhevm.orig
84c84
< url += "//" + opt["--ip"] + ":" +
str(opt["--ipport"]) +
"/ovirt-engine/api/" + command
---
> url += "//" + opt["--ip"] + ":" +
str(opt["--ipport"]) + "/api/" +
command
I now get 401 unauthorized....
[root@p2vnorasvi1 sbin]# fence_rhevm -a 10.4.192.43 -z -l
"admin@internal" -p "mypassword" --shell-timeout=20
--power-wait=10
-v -o status -n p2vorasvi1
vms/?search=name%3Dp2vorasvi1
<html><head><title>Error</title></head><body>Unauthorized</body></html>
Failed: Unable to obtain correct plug status or plug is not available
[root@p2vnorasvi1 sbin]#
and in engine ssl_access.log
127.0.0.1 - - [27/Apr/2017:16:51:55 +0200] "POST
/ovirt-engine/sso/oauth/token HTTP/1.1" 200 153
10.4.168.91 - - [27/Apr/2017:16:51:55 +0200] "GET
/ovirt-engine/api/vms/?search=name%3Dp2vorasvi2 HTTP/1.1" 401 71
Tried also using v3 in url, this way:
[root@p2vnorasvi1 sbin]# diff fence_rhevm fence_rhevm.orig
84c84
< url += "//" + opt["--ip"] + ":" +
str(opt["--ipport"]) +
"/ovirt-engine/api/v3/" + command
---
> url += "//" + opt["--ip"] + ":" +
str(opt["--ipport"]) + "/api/" + command
[root@p2vnorasvi1 sbin]#
[root@p2vnorasvi1 sbin]# fence_rhevm -a 10.4.192.43 -z -l
"admin@internal" -p "mypassword" --shell-timeout=20
--login-timeout=20
--power-wait=10 -v -o status -n p2vorasvi1
vms/?search=name%3Dp2vorasvi1
<html><head><title>Error</title></head><body>Unauthorized</body></html>
Failed: Unable to obtain correct plug status or plug is not available
[root@p2vnorasvi1 sbin]#
That is a known issue:
fence_rhevm can only work as RHEV admin user not a regular user (that
requires "Filter: true http header)
https://bugzilla.redhat.com/1287059
That was fixed in fence-agents-4.0.11-47.el7, but I guess it wasn't
backported to CentOS 6.
I'd suggest that you open a bug for this component in the Red Hat
Enterprise Linux bug tracker, requesting that the fix be back-ported.
Meanwhile, if you are in a hurry, you can take the CentOS 7 fence_rhev
script, which should work.
You will most likely also need to add --ssl-indecure to the command line
of the agent, because you will most likely be using the default self
signed certificate authority used by the engine.
Note that the latest version of this script uses the 'Filter: true'
header to drop privileges. That means that even when using
'admin@internal' you have to make sure that 'admin@internal' has
permissions for the VM that you want to fence, otherwise it will not be
able to find/fence it.