[ovirt-users] Configuring ilo2 PM; passing ssh options
Martin Perina
mperina at redhat.com
Sat May 23 09:04:35 EDT 2015
----- Original Message -----
> From: "Daniel Helgenberger" <daniel.helgenberger at m-box.de>
> To: "Martin Perina" <mperina at redhat.com>
> Cc: users at ovirt.org, "Eli Mesika" <emesika at redhat.com>
> Sent: Thursday, May 21, 2015 9:31:50 PM
> Subject: Re: [ovirt-users] Configuring ilo2 PM; passing ssh options
>
>
>
> On 21.05.2015 21:07, Martin Perina wrote:
> > Hi Daniel,
> >
> > I'm cc'ing Eli as we are currently facing issue with fence agents
> > regression for passing boolean flags to fence agents.
> Thanks for getting back to me so quickly.
> >
> > I looked at man page of fence_ilo2 again and I haven't found
> > --tls1.0 option at all.
> Strange? FYI I am running CentOS7.1 hosts; installed fence:
> fence-agents-ilo2-4.0.11-11.el7_1.x86_64
>
> Here, clearly I have this option. The fence agent itself seems to use
> gnutls successfully:
>
> # fence_ilo2 -a 10.11.0.212 --username=ovirt -p ****** -v -o status
> --ssl-insecure --tls1.0
>
> Running command: /usr/bin/gnutls-cli --priority
> "NORMAL:-VERS-TLS1.2:-VERS-TLS1.1:+VERS-TLS1.0:%LATEST_RECORD_VERSION"
> --insecure --crlf -p 443 10.11.0.212
>
Ahh, I looked at older version on F20. But I can't find --tls1.0 option
even on man page for fence-agents-ilo2-4.0.11-11.el7_1.x86_64 :-(
So if you really see this option, please take a look at the end of man
page, where you can find STDIN format options names and add it along
with ssl_insecure to options in Power Management tab of the hosts (instead
of "tls1_0 use what you find in your man page):
ssl_insecure=1,tls1_0=1
Thanks
Martin Perina
> I put the whole command output below [1]
>
>
> To specify --ssl-insecure please add following
> > into options in Power Management tab of the host:
> >
> > ssl_insecure=1
> Thanks for pointing out how to actually use these options.
> >
> >
> > Martin Perina
> >
> > ----- Original Message -----
> >> From: "Daniel Helgenberger" <daniel.helgenberger at m-box.de>
> >> To: "Martin Perina" <mperina at redhat.com>
> >> Cc: users at ovirt.org
> >> Sent: Thursday, May 21, 2015 8:11:40 PM
> >> Subject: Re: [ovirt-users] Configuring ilo2 PM; passing ssh options
> >>
> >>
> >>
> >> On 12.05.2015 09:16, Martin Perina wrote:
> >>> Hi Daniel,
> >> Hello Martin,
> >>
> >> sorry for answering that late. And thanks for pointing me to the man
> >> page! I always seem to forget that.
> >>>
> >>> options defined in PM tab are used to pass custom settings
> >>> of specific fence agent. In you case please take a look
> >>> at man page for fence_ilo2. I looked there briefly and
> >>> I'm afraid that your parameter is not supported.
> >>
> >> Ok, this command runs fine and uses XML:
> >> fence_ilo2 -a 10.11.0.212 --username=ovirt -p secret -v -o status
> >> --ssl-insecure --tls1.0
> >>
> >> However, using options --tls1.0 and --ssl-insecure does not work in the
> >> engine. What puzzles me: the fence agent seems to use an SSL connection
> >> and XML; while the GUI wants an SSH port form me?
> >>
> >> There I get the error:
> >> Unknown options ..
> >>
> >> now I only get
> >> Test succeeded - unknown (witch actually is not successful)
> >>
> >>
> >> Thanks!
> >>>
> >>> I see that fence_ilo3_ssh and fence_ilo4_ssh should support
> >>> passing that option for SSH connection, so you could try them
> >>> if they work with you fence device.
> >>>
> >>> Martin Perina
> >>>
> >>>
> >>> ----- Original Message -----
> >>>> From: "Daniel Helgenberger" <daniel.helgenberger at m-box.de>
> >>>> To: users at ovirt.org
> >>>> Sent: Monday, May 11, 2015 5:53:10 PM
> >>>> Subject: [ovirt-users] Configuring ilo2 PM; passing ssh options
> >>>>
> >>>> Hello,
> >>>>
> >>>> to make this short - i need to pass ssh options to get the connection to
> >>>> ilo2 working (MACs=hmac-sha1) [1].
> >>>>
> >>>> How can this be done? I think the 'options' field is clearly for
> >>>> something else?
> >>>>
> >>>> Using this option in .ssh/config works btw.
> >>>>
> >>>> Thanks!
> >>>> --
> >>>> Daniel Helgenberger
> >>>> m box bewegtbild GmbH
> >>>>
> >>>> P: +49/30/2408781-22
> >>>> F: +49/30/2408781-10
> >>>>
> >>>> ACKERSTR. 19
> >>>> D-10115 BERLIN
> >>>>
> >>>>
> >>>> www.m-box.de www.monkeymen.tv
> >>>>
> >>>> Geschäftsführer: Martin Retschitzegger / Michaela Göllner
> >>>> Handeslregister: Amtsgericht Charlottenburg / HRB 112767
> >>>> _______________________________________________
> >>>> Users mailing list
> >>>> Users at ovirt.org
> >>>> http://lists.ovirt.org/mailman/listinfo/users
> >>>>
> >>>
> >>
> >> --
> >> Daniel Helgenberger
> >> m box bewegtbild GmbH
> >>
> >> P: +49/30/2408781-22
> >> F: +49/30/2408781-10
> >>
> >> ACKERSTR. 19
> >> D-10115 BERLIN
> >>
> >>
> >> www.m-box.de www.monkeymen.tv
> >>
> >> Geschäftsführer: Martin Retschitzegger / Michaela Göllner
> >> Handeslregister: Amtsgericht Charlottenburg / HRB 112767
> >>
> >
>
> [1]
>
> Sent: <?xml version="1.0"?>
>
> Received: <?xml version="1.0"?>
>
> Processed 0 CA certificate(s).
> Resolving '10.11.0.212'...
> Connecting to '10.11.0.212:443'...
> - Certificate type: X.509
> - Got a certificate list of 1 certificates.
> - Certificate[0] info:
> - subject `C=US,ST=Texas,L=Houston,O=Hewlett-Packard
> Company,OU=ISS,CN=hv02', issuer
> `C=US,ST=Texas,L=Houston,O=Hewlett-Packard Company,OU=ISS,CN=hv02', RSA
> key 1024 bits, signed using RSA-MD5 (broken!), activated `2002-12-05
> 20:25:26 UTC', expires `2022-12-05 20:25:26 UTC', SHA-1 fingerprint
> `4db06bc1a74fe2894068d89ea76c0622b3e76bc1'
> Public Key ID:
> 428f85bc360c8778eb550e4b8ef1c65b111d7108
> Public key's random art:
> +--[ RSA 1024]----+
> | Eoo+. |
> | . o . .o. |
> | . = B + |
> | . & X . |
> | o # S |
> | . + = |
> | . . |
> | |
> | |
> +-----------------+
>
> - Status: The certificate is NOT trusted. The certificate issuer is
> unknown. The name in the certificate does not match the expected.
> *** PKI verification of server certificate failed...
> - Description: (TLS1.0)-(RSA)-(AES-128-CBC)-(SHA1)
> - Session ID:
> AA:C9:08:8C:F5:E7:E6:19:7D:BC:20:D4:A0:C0:DA:E4:0E:C1:C0:2A:BC:93:8E:B3:5F:20:B0:38:67:F2:01:5C
> - Version: TLS1.0
> - Key Exchange: RSA
> - Cipher: AES-128-CBC
> - MAC: SHA1
> - Compression: NULL
> - Handshake was completed
>
> - Simple Client Mode:
>
> <?xml version="1.0"?>
> <RIBCL VERSION="2.22">
> <RESPONSE
> STATUS="0x0000"
> MESSAGE='No error'
> />
> </RIBCL>
> Sent: <RIBCL VERSION="2.0">
>
> Sent: <LOGIN USER_LOGIN = "ovirt" PASSWORD = "dJPVmJG64zMVD3d">
>
> Sent: <RIB_INFO MODE="read"><GET_FW_VERSION />
>
> Sent: </RIB_INFO>
>
> Received:
> <RIBCL VERSION="2.0">
>
> <LOGIN USER_LOGIN = "ovirt" PASSWORD = "dJPVmJG64zMVD3d">
>
> <RIB_INFO MODE="read"><GET_FW_VERSION />
>
> </RIB_INFO>
>
> <?xml version="1.0"?>
> <RIBCL VERSION="2.22">
> <RESPONSE
> STATUS="0x0000"
> MESSAGE='No error'
> />
> </RIBCL>
> <?xml version="1.0"?>
> <RIBCL VERSION="2.22">
> <RESPONSE
> STATUS="0x0000"
> MESSAGE='No error'
> />
> </RIBCL>
> <?xml version="1.0"?>
> <RIBCL VERSION="2.22">
> <RESPONSE
> STATUS="0x0000"
> MESSAGE='No error'
> />
> </RIBCL>
> <?xml version="1.0"?>
> <RIBCL VERSION="2.22">
> <RESPONSE
> STATUS="0x0000"
> MESSAGE='No error'
> />
> <GET_FW_VERSION
>
> Received: FIRMWARE_VERSION = "2.25"
> FIRMWARE_DATE = "Apr 14 2014"
> MANAGEMENT_PROCESSOR = "iLO2"
> LICENSE_TYPE = "iLO 2 Advanced"
> />
> Sent: </LOGIN>
>
> Sent: <LOGIN USER_LOGIN = "ovirt" PASSWORD = "dJPVmJG64zMVD3d">
>
> Sent: <SERVER_INFO MODE = "read"><GET_HOST_POWER_STATUS/>
>
> Sent: </SERVER_INFO></LOGIN>
>
> Received:
> </RIBCL>
> <?xml version="1.0"?>
> <RIBCL VERSION="2.22">
> <RESPONSE
> STATUS="0x0000"
> MESSAGE='No error'
> />
> </RIBCL>
> <?xml version="1.0"?>
> <RIBCL VERSION="2.22">
> <RESPONSE
> STATUS="0x0000"
> MESSAGE='No error'
> />
> </RIBCL>
> </LOGIN>
>
> <LOGIN USER_LOGIN = "ovirt" PASSWORD = "*********">
>
> <?xml version="1.0"?>
> <RIBCL VERSION="2.22">
> <RESPONSE
> STATUS="0x0000"
> MESSAGE='No error'
> />
> </RIBCL>
> <?xml version="1.0"?>
> <RIBCL VERSION="2.22">
> <RESPONSE
> STATUS="0x0000"
> MESSAGE='No error'
> />
> </RIBCL>
> <SERVER_INFO MODE = "read"><GET_HOST_POWER_STATUS/>
>
> <?xml version="1.0"?>
> <RIBCL VERSION="2.22">
> <RESPONSE
> STATUS="0x0000"
> MESSAGE='No error'
> />
> </RIBCL>
> <?xml version="1.0"?>
> <RIBCL VERSION="2.22">
> <RESPONSE
> STATUS="0x0000"
> MESSAGE='No error'
> />
> <GET_HOST_POWER
> HOST_POWER="ON"
> Status: ON
>
More information about the Users
mailing list