On Thu, Aug 2, 2012 at 12:16 PM, Eldred, Doug <[email protected]> wrote: > The recent changes to power handling broke a key feature - the ability to add > arbitrary arguments to the generated fence command. Templates such as > ipmilan document using the power_id field for things like adding "-P -T 4" > for HP iLO3 power manipulation, port info for some fence types, etc. > > In Cobbler 2.0, anything in the power_id field was simply inserted as-is into > the command line. This was flexible and worked beautifully in our > environment.
That was kind of the point... shell injection with the old method was pretty trivial. > In Cobbler 2.2.3, however, instead of using command line parameters > everything is mapped to stdin lines passed to the subprocess. Unfortunately > that results in power_id being treated as a single parameter, passed as > "\nport=-P -T4", which is rejected since port isn't a valid input for > fence_ipmilan; to be equivalent it should have passed > "\nlanplus\npower_wait=4" instead. > > SOME ability to provide arbitrary per-machine settings to be passed to the > fence command needs to be restored. This could be via command line > arguments, a la Cobbler 2.0, via optional stdin lines, a la the translation > Cobbler 2.2.3 does, a mixture of both, whatever. There is, sorry for not getting it documented sooner. The power_*.templates in /etc/cobbler/power have been deprecated, but in their place you can create a fence_whatever.template. The contents of that file are templated and sent as the input to the fence program. Just make sure you include the username/password/host lines as well - they are not assumed. I will work on adding that to the documentation on the website as soon as possible, as I know it was a pretty major change. _______________________________________________ cobbler mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/cobbler
