Hi,
trying to use iLO1 (only accessible via ssh/password) for stonith.
Modifying the external/ipmi and external/ssh stonith plugins, I tried to
script the password dialogue using expect. It works from the command line,
but not when invoked via crm or heartbeat.
Server is running Ubuntu 10.04, heartbeat 3.0.3, using haresources. I also
checked on a VM-based test cluster with a CRM configuration (login then
goes to the other node, not an iLO card) with the same result: ok from
cmd line, not ok from crm. This time it's not just haresources to blame :-)
Using the haresources configuration, the script does succeed, but only once.
On startup, heartbeat calls it twice in short succession. The first
invocation always succeeeds, but any later invocation will fail. Using CRM,
no invocation ever succeeds.
ssh with pubkey authentication (no need for expect then) does not have this
problem, so I think it must have to do with expect or my very limited expect
knowledge.
One difference I found between successful and failing invocations are
ignored signals. Among other things, the script logs output from
/proc/self/status.
haresources, first call: SigIgn: 0000000000000000
haresources, later calls: SigIgn: 0000000000301002
CRM, all calls: SigIgn: 0000000000003003
Ignoring SIGINT(2) and SIGPIPE(13) seems to be common between the failing
calls from heartbeat and CRM. For testing, I would like to explicitly reset
this SigIgn mask to all zeroes, but I don't know how.
Now my questions:
- is expect (or ssh using prompt) affected by SigIgn at all?
- how can I un-ignore signals that are currently ignored?
- why should signals be ignored in stonith invocations anyway?
More script details below.
Thank you for any help or recommendations.
Best regards
Matthias
========= expect code =============
x=`expect 2>&1 -c "set timeout 30;
log_file -a $l;
spawn -noecho /bin/sh -c \"${SSH_COMMAND} -l ${userid} ${host} '${cmd}'
2>>$t\";
match_max 100000;
expect \"password:\";
send -- ${passwd}\r;
interact;"`
====== cmd line invocation ========
root:~# hostname=cl1 ipaddr=192.168.123.2 userid=root passwd=XXXXXX \
/usr/lib/stonith/plugins/external/ilo1-ssh status; echo $?
0
log entries:
May 21 19:51:38 cl0 ilo1-ssh[22952]: args: status
May 21 19:51:38 cl0 ilo1-ssh[22952]: vars: hostname=cl1
ipaddr=192.168.123.2 userid=root passwd=XXXXXX
May 21 19:51:38 cl0 ilo1-ssh[22952]: ssh log: /tmp/sshout.22952.e22957
May 21 19:51:38 cl0 ilo1-ssh[22952]: output=server power is currently: On
May 21 19:51:38 cl0 ilo1-ssh[22952]: state=On
====== crm shell configuration =====
primitive ilo stonith:external/ilo1-ssh \
params hostname="cl1" ipaddr="192.168.123.2" passwd="XXXXXX"
userid="root" \
meta target-role="Started"
log entries:
May 21 19:37:38 cl0 ilo1-ssh[7345]: vars: hostname=bob ipaddr=192.168.123.2
userid=root passwd=XXXXXX
May 21 19:37:38 cl0 ilo1-ssh[7345]: ssh log: /tmp/sshout.7345.NY7351
May 21 19:37:38 cl0 ilo1-ssh[7345]: output=
May 21 19:37:38 cl0 ilo1-ssh[7345]: state=
======= excerpts from ilo1-ssh script ===========
# modified for login to other node instead of iLO
REBOOT_COMMAND="echo 'sleep 2; /sbin/reboot -nf' | SHELL=/bin/sh at now
>/dev/null 2>&1"
POWERSTATE_COMMAND="echo server power is currently: On"
#...
ssh_cmd() {
local host cmd
local x y t l
t=`mktemp /tmp/sshout.$$.XXXXXX`
l=`mktemp /tmp/expect.$$.XXXXXX`
echo "${_p}: ssh log: $t" >>/var/log/stonith.log
#echo "${_p}: expect log: $t" >>/var/log/stonith.log
host=$1
shift
cmd=${1+"$@"}
# more debug output
(id; cat /proc/self/status; printenv) >$t
# for password authentication, use expect to provide the password at the
prompt
x=`expect 2>&1 -c "set timeout 30;
log_file -a $l;
spawn -noecho /bin/sh -c \"${SSH_COMMAND} -l ${userid} ${host} '${cmd}'
2>>$t\";
match_max 100000;
expect \"password:\";
send -- ${passwd}\r;
interact;"`
# no need for expect when using pubkey authentication
# x=`${SSH_COMMAND} -l ${userid} ${host} "${cmd}" 2>>$t`
echo "$x" >>$t
# throw away password prompt and iLO dialogue
space:]]*$)|(^[[:space:]]*</>hpiLO->[[:space:]]*$)"`
echo $y
# if no other output left, return success
test -z "$y"
}
# .....
case $1 in
#...
reset)
ssh_cmd $ipaddr "${REBOOT_COMMAND}" >/dev/null
exit $?
;;
status)
if [ -z "$ipaddr" ]; then
exit 1
fi
output=`ssh_cmd ${ipaddr} "${POWERSTATE_COMMAND}"`
state=`echo "${output}" |
sed -ne 's/^.*server power is currently: //p'`
echo "${_p}: output=$output" >>/var/log/stonith.log
echo "${_p}: state=$state" >>/var/log/stonith.log
if [ "$state" = "On" ]; then
exit 0
else
exit 1
fi
;;
#....
_______________________________________________
Linux-HA mailing list
[email protected]
http://lists.linux-ha.org/mailman/listinfo/linux-ha
See also: http://linux-ha.org/ReportingProblems
