Re: [Pacemaker] Configuring fencing with encrypted passwords
Thanks i will try this out. Regards Arjun On Tue, Mar 3, 2015 at 2:56 PM, Marek marx Grac mg...@redhat.com wrote: Hi, On 03/02/2015 07:58 AM, Arjun Pandey wrote: Hi Yeah i had missed that. It still doesn't work. [root@rimo ~]# fence_ipmilan -a 10.11.10.22 -l foo -p '$1$Fx5N1lWk$3W/CYfGvBpuiPy9zopKAk0' -o status -v -P -A md5 Getting status of IPMI:10.11.10.22...Spawning: '/usr/bin/ipmitool -I lanplus -H '10.11.10.22' -U 'parallel' -A 'md5' -P '[set]' -v chassis power status'... Chassis power = Unknown Failed I also tried running the ipmitool directly. [root@rimo ~]# /usr/bin/ipmitool -I lanplus -H '10.11.10.22' -U 'parallel' -A 'md5' -P '$1$rPv.Dm77$AG365zoIQKa/JCb3bkiFv/' -v chassis power status -C 1 RAKP 2 HMAC is invalid Error: Unable to establish IPMI v2 / RMCP+ session Unable to get Chassis Power Status if ipmitool is not working for you then fence_ipmilan can't work too as it is based on it. For parameters: -A is used for 'lan' session (IPMI v1.5) -C is used for 'lanplus' session (IPMI v2) in your case it is lanplus so, -A should not have any impact. Also, take a look at ipmitool options -k/-y to enter key in normal/hex format, instead of using -P m, From the ipmitool help -C ciphersuite Cipher suite to be used by lanplus interface authentication -A authtypeForce use of auth type NONE, PASSWORD, MD2, MD5 or OEM What is the significance of -C option ? I don't see this being specified when i give md5 auth type to fence_ipmilan. Can this be a issue as well ? m, ___ Pacemaker mailing list: Pacemaker@oss.clusterlabs.org http://oss.clusterlabs.org/mailman/listinfo/pacemaker Project Home: http://www.clusterlabs.org Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf Bugs: http://bugs.clusterlabs.org ___ Pacemaker mailing list: Pacemaker@oss.clusterlabs.org http://oss.clusterlabs.org/mailman/listinfo/pacemaker Project Home: http://www.clusterlabs.org Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf Bugs: http://bugs.clusterlabs.org
Re: [Pacemaker] Configuring fencing with encrypted passwords
Hi, On 03/02/2015 07:58 AM, Arjun Pandey wrote: Hi Yeah i had missed that. It still doesn't work. [root@rimo ~]# fence_ipmilan -a 10.11.10.22 -l foo -p '$1$Fx5N1lWk$3W/CYfGvBpuiPy9zopKAk0' -o status -v -P -A md5 Getting status of IPMI:10.11.10.22...Spawning: '/usr/bin/ipmitool -I lanplus -H '10.11.10.22' -U 'parallel' -A 'md5' -P '[set]' -v chassis power status'... Chassis power = Unknown Failed I also tried running the ipmitool directly. [root@rimo ~]# /usr/bin/ipmitool -I lanplus -H '10.11.10.22' -U 'parallel' -A 'md5' -P '$1$rPv.Dm77$AG365zoIQKa/JCb3bkiFv/' -v chassis power status -C 1 RAKP 2 HMAC is invalid Error: Unable to establish IPMI v2 / RMCP+ session Unable to get Chassis Power Status if ipmitool is not working for you then fence_ipmilan can't work too as it is based on it. For parameters: -A is used for 'lan' session (IPMI v1.5) -C is used for 'lanplus' session (IPMI v2) in your case it is lanplus so, -A should not have any impact. Also, take a look at ipmitool options -k/-y to enter key in normal/hex format, instead of using -P m, From the ipmitool help -C ciphersuite Cipher suite to be used by lanplus interface authentication -A authtypeForce use of auth type NONE, PASSWORD, MD2, MD5 or OEM What is the significance of -C option ? I don't see this being specified when i give md5 auth type to fence_ipmilan. Can this be a issue as well ? m, ___ Pacemaker mailing list: Pacemaker@oss.clusterlabs.org http://oss.clusterlabs.org/mailman/listinfo/pacemaker Project Home: http://www.clusterlabs.org Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf Bugs: http://bugs.clusterlabs.org
Re: [Pacemaker] Configuring fencing with encrypted passwords
Hi Yeah i had missed that. It still doesn't work. [root@rimo ~]# fence_ipmilan -a 10.11.10.22 -l foo -p '$1$Fx5N1lWk$3W/CYfGvBpuiPy9zopKAk0' -o status -v -P -A md5 Getting status of IPMI:10.11.10.22...Spawning: '/usr/bin/ipmitool -I lanplus -H '10.11.10.22' -U 'parallel' -A 'md5' -P '[set]' -v chassis power status'... Chassis power = Unknown Failed I also tried running the ipmitool directly. [root@rimo ~]# /usr/bin/ipmitool -I lanplus -H '10.11.10.22' -U 'parallel' -A 'md5' -P '$1$rPv.Dm77$AG365zoIQKa/JCb3bkiFv/' -v chassis power status -C 1 RAKP 2 HMAC is invalid Error: Unable to establish IPMI v2 / RMCP+ session Unable to get Chassis Power Status From the ipmitool help -C ciphersuite Cipher suite to be used by lanplus interface authentication -A authtypeForce use of auth type NONE, PASSWORD, MD2, MD5 or OEM What is the significance of -C option ? I don't see this being specified when i give md5 auth type to fence_ipmilan. Can this be a issue as well ? Regards Arjun On Fri, Feb 27, 2015 at 3:15 PM, Andrei Borzenkov arvidj...@gmail.com wrote: On Fri, Feb 27, 2015 at 12:31 PM, Arjun Pandey apandepub...@gmail.com wrote: Hi I am facing some issues while trying out fence_ipmilan on ILO4 setup when using encrypted passwords. Which mailing list can i contact for this ? Basically if i test out fence_ipmilan/fence_ilo4 from cmd line with plaintext password things work fine. However if i specify encrypted password and specify auth-type as md5. It doesn't work. WORKING fence_ilo4 -a 10.11.10.21 -l foo -p bar -o status -v FAILS fence_ilo4 -A md5 -fence_ilo4 -A md5 -a 10.11.10.21 -l foo -p $1$MGrg5Egf$QQpDePvU1UXtF/3ixMaRS0 -o status -v You need to quote shell metacharacters on command line. Any pointers would be helpful. Regards Arjun ___ Pacemaker mailing list: Pacemaker@oss.clusterlabs.org http://oss.clusterlabs.org/mailman/listinfo/pacemaker Project Home: http://www.clusterlabs.org Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf Bugs: http://bugs.clusterlabs.org ___ Pacemaker mailing list: Pacemaker@oss.clusterlabs.org http://oss.clusterlabs.org/mailman/listinfo/pacemaker Project Home: http://www.clusterlabs.org Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf Bugs: http://bugs.clusterlabs.org ___ Pacemaker mailing list: Pacemaker@oss.clusterlabs.org http://oss.clusterlabs.org/mailman/listinfo/pacemaker Project Home: http://www.clusterlabs.org Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf Bugs: http://bugs.clusterlabs.org
Re: [Pacemaker] Configuring fencing with encrypted passwords
On Fri, Feb 27, 2015 at 12:31 PM, Arjun Pandey apandepub...@gmail.com wrote: Hi I am facing some issues while trying out fence_ipmilan on ILO4 setup when using encrypted passwords. Which mailing list can i contact for this ? Basically if i test out fence_ipmilan/fence_ilo4 from cmd line with plaintext password things work fine. However if i specify encrypted password and specify auth-type as md5. It doesn't work. WORKING fence_ilo4 -a 10.11.10.21 -l foo -p bar -o status -v FAILS fence_ilo4 -A md5 -fence_ilo4 -A md5 -a 10.11.10.21 -l foo -p $1$MGrg5Egf$QQpDePvU1UXtF/3ixMaRS0 -o status -v You need to quote shell metacharacters on command line. Any pointers would be helpful. Regards Arjun ___ Pacemaker mailing list: Pacemaker@oss.clusterlabs.org http://oss.clusterlabs.org/mailman/listinfo/pacemaker Project Home: http://www.clusterlabs.org Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf Bugs: http://bugs.clusterlabs.org ___ Pacemaker mailing list: Pacemaker@oss.clusterlabs.org http://oss.clusterlabs.org/mailman/listinfo/pacemaker Project Home: http://www.clusterlabs.org Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf Bugs: http://bugs.clusterlabs.org
