[ovirt-users] Configuring ilo2 PM; passing ssh options

Daniel Helgenberger daniel.helgenberger at m-box.de
Thu May 21 15:31:50 EDT 2015 


On 21.05.2015 21:07, Martin Perina wrote:
> Hi Daniel,
>
> I'm cc'ing Eli as we are currently facing issue with fence agents
> regression for passing boolean flags to fence agents.
Thanks for getting back to me so quickly.
>
> I looked at man page of fence_ilo2 again and I haven't found
> --tls1.0 option at all.
Strange? FYI I am running CentOS7.1 hosts; installed fence:
fence-agents-ilo2-4.0.11-11.el7_1.x86_64

Here, clearly I have this option. The fence agent itself seems to use 
gnutls successfully:

# fence_ilo2 -a 10.11.0.212 --username=ovirt -p ****** -v -o status 
--ssl-insecure --tls1.0

Running command: /usr/bin/gnutls-cli --priority 
"NORMAL:-VERS-TLS1.2:-VERS-TLS1.1:+VERS-TLS1.0:%LATEST_RECORD_VERSION" 
--insecure --crlf -p 443 10.11.0.212

I put the whole command output below [1]


  To specify --ssl-insecure please add following
> into options in Power Management tab of the host:
>
>    ssl_insecure=1
Thanks for pointing out how to actually use these options.
>
>
> Martin Perina
>
> ----- Original Message -----
>> From: "Daniel Helgenberger" <daniel.helgenberger at m-box.de>
>> To: "Martin Perina" <mperina at redhat.com>
>> Cc: users at ovirt.org
>> Sent: Thursday, May 21, 2015 8:11:40 PM
>> Subject: Re: [ovirt-users] Configuring ilo2 PM; passing ssh options
>>
>>
>>
>> On 12.05.2015 09:16, Martin Perina wrote:
>>> Hi Daniel,
>> Hello Martin,
>>
>> sorry for answering that late. And thanks for pointing me to the man
>> page! I always seem to forget that.
>>>
>>> options defined in PM tab are used to pass custom settings
>>> of specific fence agent. In you case please take a look
>>> at man page for fence_ilo2. I looked there briefly and
>>> I'm afraid that your parameter is not supported.
>>
>> Ok, this command runs fine and uses XML:
>> fence_ilo2 -a 10.11.0.212 --username=ovirt -p secret -v -o status
>> --ssl-insecure --tls1.0
>>
>> However, using options --tls1.0 and --ssl-insecure does not work in the
>> engine. What puzzles me: the fence agent seems to use an SSL connection
>> and XML; while the GUI wants an SSH port form me?
>>
>> There I get the error:
>> Unknown options ..
>>
>> now I only get
>> Test succeeded - unknown (witch actually is not successful)
>>
>>
>> Thanks!
>>>
>>> I see that fence_ilo3_ssh and fence_ilo4_ssh should support
>>> passing that option for SSH connection, so you could try them
>>> if they work with you fence device.
>>>
>>> Martin Perina
>>>
>>>
>>> ----- Original Message -----
>>>> From: "Daniel Helgenberger" <daniel.helgenberger at m-box.de>
>>>> To: users at ovirt.org
>>>> Sent: Monday, May 11, 2015 5:53:10 PM
>>>> Subject: [ovirt-users] Configuring ilo2 PM; passing ssh options
>>>>
>>>> Hello,
>>>>
>>>> to make this short - i need to pass ssh options to get the connection to
>>>> ilo2 working (MACs=hmac-sha1) [1].
>>>>
>>>> How can this be done? I think the 'options' field is clearly for
>>>> something else?
>>>>
>>>> Using this option in .ssh/config works btw.
>>>>
>>>> Thanks!
>>>> --
>>>> Daniel Helgenberger
>>>> m box bewegtbild GmbH
>>>>
>>>> P: +49/30/2408781-22
>>>> F: +49/30/2408781-10
>>>>
>>>> ACKERSTR. 19
>>>> D-10115 BERLIN
>>>>
>>>>
>>>> www.m-box.de  www.monkeymen.tv
>>>>
>>>> Geschäftsführer: Martin Retschitzegger / Michaela Göllner
>>>> Handeslregister: Amtsgericht Charlottenburg / HRB 112767
>>>> _______________________________________________
>>>> Users mailing list
>>>> Users at ovirt.org
>>>> http://lists.ovirt.org/mailman/listinfo/users
>>>>
>>>
>>
>> --
>> Daniel Helgenberger
>> m box bewegtbild GmbH
>>
>> P: +49/30/2408781-22
>> F: +49/30/2408781-10
>>
>> ACKERSTR. 19
>> D-10115 BERLIN
>>
>>
>> www.m-box.de  www.monkeymen.tv
>>
>> Geschäftsführer: Martin Retschitzegger / Michaela Göllner
>> Handeslregister: Amtsgericht Charlottenburg / HRB 112767
>>
>

[1]

Sent: <?xml version="1.0"?>

Received: <?xml version="1.0"?>

Processed 0 CA certificate(s).
Resolving '10.11.0.212'...
Connecting to '10.11.0.212:443'...
- Certificate type: X.509
- Got a certificate list of 1 certificates.
- Certificate[0] info:
  - subject `C=US,ST=Texas,L=Houston,O=Hewlett-Packard 
Company,OU=ISS,CN=hv02', issuer 
`C=US,ST=Texas,L=Houston,O=Hewlett-Packard Company,OU=ISS,CN=hv02', RSA 
key 1024 bits, signed using RSA-MD5 (broken!), activated `2002-12-05 
20:25:26 UTC', expires `2022-12-05 20:25:26 UTC', SHA-1 fingerprint 
`4db06bc1a74fe2894068d89ea76c0622b3e76bc1'
	Public Key ID:
		428f85bc360c8778eb550e4b8ef1c65b111d7108
	Public key's random art:
		+--[ RSA 1024]----+
		|        Eoo+.    |
		|   . o . .o.     |
		|  . = B +        |
		|   . & X .       |
		|    o # S        |
		|   . + =         |
		|    . .          |
		|                 |
		|                 |
		+-----------------+

- Status: The certificate is NOT trusted. The certificate issuer is 
unknown. The name in the certificate does not match the expected.
*** PKI verification of server certificate failed...
- Description: (TLS1.0)-(RSA)-(AES-128-CBC)-(SHA1)
- Session ID: 
AA:C9:08:8C:F5:E7:E6:19:7D:BC:20:D4:A0:C0:DA:E4:0E:C1:C0:2A:BC:93:8E:B3:5F:20:B0:38:67:F2:01:5C
- Version: TLS1.0
- Key Exchange: RSA
- Cipher: AES-128-CBC
- MAC: SHA1
- Compression: NULL
- Handshake was completed

- Simple Client Mode:

<?xml version="1.0"?>
<RIBCL VERSION="2.22">
<RESPONSE
     STATUS="0x0000"
     MESSAGE='No error'
      />
</RIBCL>
Sent: <RIBCL VERSION="2.0">

Sent: <LOGIN USER_LOGIN = "ovirt" PASSWORD = "dJPVmJG64zMVD3d">

Sent: <RIB_INFO MODE="read"><GET_FW_VERSION />

Sent: </RIB_INFO>

Received:
<RIBCL VERSION="2.0">

<LOGIN USER_LOGIN = "ovirt" PASSWORD = "dJPVmJG64zMVD3d">

<RIB_INFO MODE="read"><GET_FW_VERSION />

</RIB_INFO>

<?xml version="1.0"?>
<RIBCL VERSION="2.22">
<RESPONSE
     STATUS="0x0000"
     MESSAGE='No error'
      />
</RIBCL>
<?xml version="1.0"?>
<RIBCL VERSION="2.22">
<RESPONSE
     STATUS="0x0000"
     MESSAGE='No error'
      />
</RIBCL>
<?xml version="1.0"?>
<RIBCL VERSION="2.22">
<RESPONSE
     STATUS="0x0000"
     MESSAGE='No error'
      />
</RIBCL>
<?xml version="1.0"?>
<RIBCL VERSION="2.22">
<RESPONSE
     STATUS="0x0000"
     MESSAGE='No error'
      />
<GET_FW_VERSION

Received:    FIRMWARE_VERSION = "2.25"
    FIRMWARE_DATE = "Apr 14 2014"
    MANAGEMENT_PROCESSOR = "iLO2"
    LICENSE_TYPE = "iLO 2 Advanced"
     />
Sent: </LOGIN>

Sent: <LOGIN USER_LOGIN = "ovirt" PASSWORD = "dJPVmJG64zMVD3d">

Sent: <SERVER_INFO MODE = "read"><GET_HOST_POWER_STATUS/>

Sent: </SERVER_INFO></LOGIN>

Received:
</RIBCL>
<?xml version="1.0"?>
<RIBCL VERSION="2.22">
<RESPONSE
     STATUS="0x0000"
     MESSAGE='No error'
      />
</RIBCL>
<?xml version="1.0"?>
<RIBCL VERSION="2.22">
<RESPONSE
     STATUS="0x0000"
     MESSAGE='No error'
      />
</RIBCL>
</LOGIN>

<LOGIN USER_LOGIN = "ovirt" PASSWORD = "*********">

<?xml version="1.0"?>
<RIBCL VERSION="2.22">
<RESPONSE
     STATUS="0x0000"
     MESSAGE='No error'
      />
</RIBCL>
<?xml version="1.0"?>
<RIBCL VERSION="2.22">
<RESPONSE
     STATUS="0x0000"
     MESSAGE='No error'
      />
</RIBCL>
<SERVER_INFO MODE = "read"><GET_HOST_POWER_STATUS/>

<?xml version="1.0"?>
<RIBCL VERSION="2.22">
<RESPONSE
     STATUS="0x0000"
     MESSAGE='No error'
      />
</RIBCL>
<?xml version="1.0"?>
<RIBCL VERSION="2.22">
<RESPONSE
     STATUS="0x0000"
     MESSAGE='No error'
      />
<GET_HOST_POWER
     HOST_POWER="ON"
Status: ON

More information about the Users mailing list