Help with Power Management network
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --OnEhT75wdmSi56KelkEfSHNlc4EOmbWar Content-Type: multipart/mixed; boundary="QtNjKESroum0Gs4B16RTXPJnq400V1QDU"; protected-headers="v1" From: ~Stack~ <i.am.stack@gmail.com> To: users@ovirt.org Message-ID: <42d5325d-217f-5559-ec5a-11a10fbad2ed@gmail.com> Subject: Help with Power Management network --QtNjKESroum0Gs4B16RTXPJnq400V1QDU Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable Greetings, I hit up the IRC earlier, but only crickets. Guess no one wants to stick around late on a Friday night. :-D I'm an ovirt newb here. I've been going through the docs setting up 4.1 on Scientific Linux 7.4. For the most part everything is going well once I learn how to do it. I'm, however, stuck on power management. I have multiple networks: 192.168.1.x is my BMC/ilo network. The security team wants as few entry points into this as possible and wants as much segregation as possible. 192.168.2.x is my "management" access network. For my other machines on this network this means admin-SSH/rsyslog/SaltStack configuration management/ect. 192.168.3.x is my high speed network where my NFS storage sits and applications that need the bandwidth do their thing. 10.10.86.x is my "public" access All networks are configured on the Host network settings. Mostly confident I got it right...at least each network/IP matches the right interface. ;-) Right now I only have the engine server and one hyper-visor. On either host I can ssh into the command line and run fence_ipmilan -a 192.168.1.x -l USER -p PASS -o status -v -P" it works, all is good. However, when I try to add it in the ovirt interface I get an error. :-/ Edit Host -> Power Management: Address: 192.168.1.14 User Name: root Password: SorryCantTellYou Type: ipmilan Options: <blank> Test Test failed: Failed to run fence status-check on host '192.168.2.14'. No other host was available to serve as proxy for the operation. Yes, same host because I only have one right now. :-) Any help or guidance would be much appreciated. In the meantime I'm going back to the docs to poke at a few other things I need to figure out. :-) Thanks! ~Stack~ --QtNjKESroum0Gs4B16RTXPJnq400V1QDU-- --OnEhT75wdmSi56KelkEfSHNlc4EOmbWar Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJZzqxCAAoJELkej+ysXJPmkn8P/i7sx6DP5aSOejTEvOzq45jc uTYNnoAqniDK/do47z2ojjB0+Oa6czExR7IqyzAzz9+pFEMZlRttxVwQ0XyEj+4t Fw44htR1PhU+YnNQm4fgEo04P7X72qEzdgeMgA/vVVp6chpw0tSG5/bLosrX/yJC NsUF4X0yhnfsCtLZ9Tw78S392OqIQ1iyx12Brmxtip0c97JenMXxXXrxPoUHDFcR T+mqVf7jnC+VxpRj0x5qU+JAOr05oje9coAgbDE6MhWaL6sjClEwhsi5VOU47he9 JcBjKbye4bRHIlzkgpg01Ge0m5fQ4FclJl9wnV4V5vX1Rkuol61wiPQ6SXd/CPy2 PiVsbvX3WloealAupANhaaYG93QPpQsmrw/6Ew/Finlsz6CNfg2VZHbzBGc79QV6 trLMhu+fw7Hsi/lmiU9Rkkmi8OOSgtapMkA283ft1wnBr7gYTyPZwQsp2chO66X5 QZvrRC64nBv9QcVswawWruWSIsETWNNRg7NltEiy8CKBDUsaJ4vJftXzEuHe++ML 2tgOaVRK9nikf6C5OlGPf2TVTVuBRyXGQTVQhGmPVx40499B5sUaen3+dyDHy8QW qLWi6iPiN0YGZkzh/inl/jT4aowQlZEZTfT3KpnH5tyZQ018rcJBQnKFBiTwi5aM /KzRHvKBIvKpjiIREQ7V =kxQZ -----END PGP SIGNATURE----- --OnEhT75wdmSi56KelkEfSHNlc4EOmbWar--
You need more than one host for power management On Sep 29, 2017 4:25 PM, "~Stack~" <i.am.stack@gmail.com> wrote:
Greetings,
I hit up the IRC earlier, but only crickets. Guess no one wants to stick around late on a Friday night. :-D
I'm an ovirt newb here. I've been going through the docs setting up 4.1 on Scientific Linux 7.4. For the most part everything is going well once I learn how to do it. I'm, however, stuck on power management.
I have multiple networks: 192.168.1.x is my BMC/ilo network. The security team wants as few entry points into this as possible and wants as much segregation as possible.
192.168.2.x is my "management" access network. For my other machines on this network this means admin-SSH/rsyslog/SaltStack configuration management/ect.
192.168.3.x is my high speed network where my NFS storage sits and applications that need the bandwidth do their thing.
10.10.86.x is my "public" access
All networks are configured on the Host network settings. Mostly confident I got it right...at least each network/IP matches the right interface. ;-)
Right now I only have the engine server and one hyper-visor. On either host I can ssh into the command line and run fence_ipmilan -a 192.168.1.x -l USER -p PASS -o status -v -P" it works, all is good. However, when I try to add it in the ovirt interface I get an error. :-/
Edit Host -> Power Management: Address: 192.168.1.14 User Name: root Password: SorryCantTellYou Type: ipmilan Options: <blank>
Test
Test failed: Failed to run fence status-check on host '192.168.2.14'. No other host was available to serve as proxy for the operation.
Yes, same host because I only have one right now. :-)
Any help or guidance would be much appreciated. In the meantime I'm going back to the docs to poke at a few other things I need to figure out. :-)
Thanks! ~Stack~
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --6hbjLnkovF48sGRtH3EeifVsBNInERaiS Content-Type: multipart/mixed; boundary="eX6Fj6GO04UPSRQAk8fnFKke5WIU9RqDP"; protected-headers="v1" From: ~Stack~ <i.am.stack@gmail.com> To: Dan Yasny <dyasny@gmail.com> Cc: users <users@ovirt.org> Message-ID: <17b0343e-77d0-9346-125b-93f0b825720f@gmail.com> Subject: Re: [ovirt-users] Help with Power Management network References: <42d5325d-217f-5559-ec5a-11a10fbad2ed@gmail.com> <CALLXwb75NdSTasW9DAqP7hZf1famjjoRkTHb6t5AOTnYhHa4iA@mail.gmail.com> In-Reply-To: <CALLXwb75NdSTasW9DAqP7hZf1famjjoRkTHb6t5AOTnYhHa4iA@mail.gmail.com> --eX6Fj6GO04UPSRQAk8fnFKke5WIU9RqDP Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 09/29/2017 05:31 PM, Dan Yasny wrote:
You need more than one host for power management =20
Seriously?? I didn't see anything like that in the docs...Maybe I just missed it. Also, why wouldn't it still validate? It should still be able to talk to the interface over the BMC/IPMI network. The fact that I can run the equivalent test on the command line makes it seem like it should at least be able to check via the test. Obviously, it would be silly for it to try to manage itself, but it could at least verify that the configuration is valid, right? I have more hosts that I'm going to add, I was just hoping to do those via the Foreman integration instead of manually building them. Since I'm not quite ready for that, I will just build a second host on Monday and report back. Thanks for the feedback. I would have never guess that as a possibility. = :-) ~Stack~ --eX6Fj6GO04UPSRQAk8fnFKke5WIU9RqDP-- --6hbjLnkovF48sGRtH3EeifVsBNInERaiS Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJZzwvRAAoJELkej+ysXJPmHZwQALBjlsdG0Jl9XPVyTGH5OqNL IlSSQ7ywwrDR7gONO57JLSj0Bi8GNx2IFtdu11OUjSCa+87PxbZKbJNPNAz8f5N1 lQs2NG6dZLAOMUuB0vHnY4lkN9pd2GeuwSGTXlwHMALYsuEisrK32Wps6ULjzkFz NszU7x/PwgTh1kAU8OUSDFD7zX2I4oQ+pJoikTk6dTCEY2WO7SwlTyc6Ap/b/qSP ERmf0WS8YfDz3iEmv5slxr3ddLyf6kZMVkBJQkp/hWM3XJ2l20X6GKjuvTLPXsTp Yuw+Qxei4VqFl0L1FXt5gajFxTLTKgWQA0nn5wtCcI4oVsU70mXzR0ad+gOTYJJC gpevPLOEs0KjaGvemqornXB/9bcstU+K5KhUsR7puxzokkdpcmPJUFh8fksrazkN 5J9dL/uZeoaO/P4H4b7MdZ3615bTbJbb9y7vzbXxJL2nEErr27WqNahKkC9Pj2IP lmaQYhNvS8wflzVjbFqP43sE1X4h5wOTv5rhU8GvSss8JFu/YVu/3fKuN3kY5iiA WxEpZxEHo0KAWZM3XOeqywBiNo2rIQ7ORchWliB3nfa07XdDH+xWvgfo/IINjemv ZDqE0AI7I1qk5NTg0TdDVRFD77sVesEOOu9cVT4ViK8mGrWVuG6NtIniAjJQ5xdA Hzw3HbJGPgvryVzxR1+c =j9OU -----END PGP SIGNATURE----- --6hbjLnkovF48sGRtH3EeifVsBNInERaiS--
The power management command is sent by the engine via a proxy host. That means you need at least one more host to act as proxy. The engine itself doesn't need to access the bmc network directly. Just like the engine needs no access to the atorage network to perform storage manipulations. I think in some recent versions fencing by the engine was introduced, but I don't have a setup in front of me to verify. On Sep 29, 2017 11:13 PM, "~Stack~" <i.am.stack@gmail.com> wrote:
On 09/29/2017 05:31 PM, Dan Yasny wrote:
You need more than one host for power management
Seriously?? I didn't see anything like that in the docs...Maybe I just missed it.
Also, why wouldn't it still validate? It should still be able to talk to the interface over the BMC/IPMI network. The fact that I can run the equivalent test on the command line makes it seem like it should at least be able to check via the test. Obviously, it would be silly for it to try to manage itself, but it could at least verify that the configuration is valid, right?
I have more hosts that I'm going to add, I was just hoping to do those via the Foreman integration instead of manually building them. Since I'm not quite ready for that, I will just build a second host on Monday and report back.
Thanks for the feedback. I would have never guess that as a possibility. :-)
~Stack~
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --5F9ChD6eW5sNE8QdCA89ShG98lejPRKAt Content-Type: multipart/mixed; boundary="mFk3eTxhFLFOoF5tb5OUg1twklnBh8BuU"; protected-headers="v1" From: ~Stack~ <i.am.stack@gmail.com> To: Dan Yasny <dyasny@gmail.com> Cc: users <users@ovirt.org> Message-ID: <5e6ab297-cddc-1a63-50ea-7e8dd790e6d8@gmail.com> Subject: Re: [ovirt-users] Help with Power Management network References: <42d5325d-217f-5559-ec5a-11a10fbad2ed@gmail.com> <CALLXwb75NdSTasW9DAqP7hZf1famjjoRkTHb6t5AOTnYhHa4iA@mail.gmail.com> <17b0343e-77d0-9346-125b-93f0b825720f@gmail.com> <CALLXwb6PcOqvXqSrJTGdoMLHK8VJgGsLtR5xHo_fYT4nDg471g@mail.gmail.com> In-Reply-To: <CALLXwb6PcOqvXqSrJTGdoMLHK8VJgGsLtR5xHo_fYT4nDg471g@mail.gmail.com> --mFk3eTxhFLFOoF5tb5OUg1twklnBh8BuU Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 09/30/2017 06:51 AM, Dan Yasny wrote:
The power management command is sent by the engine via a proxy host. That means you need at least one more host to act as proxy. The engine itself doesn't need to access the bmc network directly. Just like the engine needs no access to the atorage network to perform storage manipulations.=C2=A0 =20 I think in some recent versions fencing by the engine was introduced, but I don't have a setup in front of me to verify.
Ah, good to know. Thank you for clarifying! ~Stack~ --mFk3eTxhFLFOoF5tb5OUg1twklnBh8BuU-- --5F9ChD6eW5sNE8QdCA89ShG98lejPRKAt Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJZz/X6AAoJELkej+ysXJPmZFMQALFG0he9GdEujmchRy0OlQiJ f3No6fAEkkaeX36ROrNj6nouE+BpnJir8XpBaQiUNpVKn7FszshQi+4ZliiqLvEA iG661/GuXm6DcxT6iBRpdSDsB56FkLip6SQmKH9ujrSI+IqhOgNh9/7lcSKA7mxJ sDGsUtV/trnny4xJHdoln6z0/gbTkxC3vPxkCPjW/DmjsVTvFDVyNf/IEhg6ZqRd gTOBqM1mfhDpGGB1uHWLzqtS5RfEmXElPsHpmTLI29d3el2RVk38k7eYBImcVudh u1FcldqpSrvWtMOyRtWuYyENNBBeRFKKF4gDa3gxQsDUXAi/pnhwsoyhIr1+s9hT rqCNCerDIz5hvM+WGFEKYE17I9KekIjTdkk8eY1Wie/93+h7B2E8K1+YI06qW1vM X+m0eAZVBUmGcv3gNa76Fr7RMXoftorkxnWiuPon1PceaW+n312X/MBd0Ap0DGv0 Xs2OBHIjZY+Yf9pzvlzwt/ljZoZhp0rqSwfqtBvyzTEuMQXxaShX8Lk++vCfz9o0 LjxkGBMuHCjyPuPIEGT9pp9uyIhz2NE48BPo1yfDp652km/qi2on0nnbFkI/Zyj+ 0kWwUKRxwzkc6wAy0sVItaeCv+Ruo2GuyUCu2lSfFivPX+OgAJcsy+/hXPq/lpnv 1XcWrlXCcBuLipGbaDLc =kBm1 -----END PGP SIGNATURE----- --5F9ChD6eW5sNE8QdCA89ShG98lejPRKAt--
On Sat, Sep 30, 2017 at 2:51 PM, Dan Yasny <dyasny@gmail.com> wrote:
The power management command is sent by the engine via a proxy host. That means you need at least one more host to act as proxy. The engine itself doesn't need to access the bmc network directly. Just like the engine needs no access to the atorage network to perform storage manipulations.
I think in some recent versions fencing by the engine was introduced, but I don't have a setup in front of me to verify.
No, this is an open RFE which we didn't apply yet and as far as I know there is no plan for that in the near future. So, currently there is a need for an additional host that will serve as a proxy to the fencing operation. The main reason for the existence of the proxy host is when a host that has power management configure becomes non-responsive In that case we might restart the host via its power management card But, since this host may have some HA VMs that will be migrated to another host before the problematic host is rebooted, we have to implement a shutdown->wait for OFF status from PM card->migrate HA VMs->start->wait for ON status from PM card This is done in order to prevent running a VM on two hosts which will cause corruption (brain split)
On Sep 29, 2017 11:13 PM, "~Stack~" <i.am.stack@gmail.com> wrote:
On 09/29/2017 05:31 PM, Dan Yasny wrote:
You need more than one host for power management
Seriously?? I didn't see anything like that in the docs...Maybe I just missed it.
Also, why wouldn't it still validate? It should still be able to talk to the interface over the BMC/IPMI network. The fact that I can run the equivalent test on the command line makes it seem like it should at least be able to check via the test. Obviously, it would be silly for it to try to manage itself, but it could at least verify that the configuration is valid, right?
I have more hosts that I'm going to add, I was just hoping to do those via the Foreman integration instead of manually building them. Since I'm not quite ready for that, I will just build a second host on Monday and report back.
Thanks for the feedback. I would have never guess that as a possibility. :-)
~Stack~
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --pCc3CVCuKTgVAlSjq2u5OO09t8RdofcjD Content-Type: multipart/mixed; boundary="XoTXuT3A0xxddwhAiSFkEvhQ43jXIDLcg"; protected-headers="v1" From: ~Stack~ <i.am.stack@gmail.com> To: Dan Yasny <dyasny@gmail.com> Cc: users <users@ovirt.org> Message-ID: <a062c696-a1ce-518e-1af5-c1e42ef53539@gmail.com> Subject: Re: [ovirt-users] Help with Power Management network References: <42d5325d-217f-5559-ec5a-11a10fbad2ed@gmail.com> <CALLXwb75NdSTasW9DAqP7hZf1famjjoRkTHb6t5AOTnYhHa4iA@mail.gmail.com> In-Reply-To: <CALLXwb75NdSTasW9DAqP7hZf1famjjoRkTHb6t5AOTnYhHa4iA@mail.gmail.com> --XoTXuT3A0xxddwhAiSFkEvhQ43jXIDLcg Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 09/29/2017 05:31 PM, Dan Yasny wrote:
You need more than one host for power management
Thanks for the help on this. Added a second host and had IMPI working in minutes. ~Stack~ --XoTXuT3A0xxddwhAiSFkEvhQ43jXIDLcg-- --pCc3CVCuKTgVAlSjq2u5OO09t8RdofcjD Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJZ0rMrAAoJELkej+ysXJPmUU4P/AwSm8l7Lffx0VIBgysAmePh OYTbdodkJnwNM3T4EXH45UCYeBvik8Q6NiDYqijheT2VpCQPqG8W28PC/wC1AAdK elYFGRc4qtIYuhK9PC7MCJlonodi5kl0i11TBuodbEMpWxV9+SOZ9QjRJVsIx9xS HO8+woyoN5P/+3Pl30Vbf07vIsRsSXdbjZF9f0qKdhL9UBTjls92X5rE+E1mScS7 Rl1CLDxZhaJy7xJgy9SkTLRC5wybCCE7TK6u4qNTrbXxGrmq8ntbcB8JayTEaI5R fkV+zJ3ZRvpi5zWcyTFIyrJm53Mib42mTrJeI5uRxGeNawcA0q4Yk/FYsdD9s9pH gm28lXcCY7vuWyOKXBMK+6j1/boyhkIwLJTUUCLXlrxwc/wi2TT3RvyX953ZSzgy XM+/8bIELBrlO8ttE+JQXjjDpdt1sJrHzadZ56SImNaYxOlYpWbBozY678wBBrTw pchcqsTrvl5zUnVQL4P9au7bu+Y7SEZNDlTbzxDh5OZ32aczhfHLoxEHEWz/PZBO CNUw7Z9BMxoiPTPmVTMUkoOBkmZp/xxGNW8bpp+AocCJ2fi5u9A0TfLcycc3ncWy 9+aAH80H6hY6GPNU2BnDeu8NHJjUKxUzAlFN9aZuqamh5unoXgMxciggluhmLvTe 598rQF7cOlMIbNWYNoyt =SbQe -----END PGP SIGNATURE----- --pCc3CVCuKTgVAlSjq2u5OO09t8RdofcjD--
participants (3)
-
Dan Yasny -
Eli Mesika -
~Stack~