Re: [ovirt-users] Configuring ilo2 PM; passing ssh options
- Original Message - From: Daniel Helgenberger daniel.helgenber...@m-box.de To: Martin Perina mper...@redhat.com Cc: users@ovirt.org, Eli Mesika emes...@redhat.com Sent: Sunday, May 24, 2015 10:02:34 AM Subject: Re: [ovirt-users] Configuring ilo2 PM; passing ssh options On 23.05.2015 15:04, Martin Perina wrote: - Original Message - From: Daniel Helgenberger daniel.helgenber...@m-box.de To: Martin Perina mper...@redhat.com Cc: users@ovirt.org, Eli Mesika emes...@redhat.com Sent: Thursday, May 21, 2015 9:31:50 PM Subject: Re: [ovirt-users] Configuring ilo2 PM; passing ssh options On 21.05.2015 21:07, Martin Perina wrote: Hi Daniel, I'm cc'ing Eli as we are currently facing issue with fence agents regression for passing boolean flags to fence agents. Thanks for getting back to me so quickly. I looked at man page of fence_ilo2 again and I haven't found --tls1.0 option at all. Strange? FYI I am running CentOS7.1 hosts; installed fence: fence-agents-ilo2-4.0.11-11.el7_1.x86_64 Here, clearly I have this option. The fence agent itself seems to use gnutls successfully: # fence_ilo2 -a 10.11.0.212 --username=ovirt -p ** -v -o status --ssl-insecure --tls1.0 Running command: /usr/bin/gnutls-cli --priority NORMAL:-VERS-TLS1.2:-VERS-TLS1.1:+VERS-TLS1.0:%LATEST_RECORD_VERSION --insecure --crlf -p 443 10.11.0.212 Ahh, I looked at older version on F20. But I can't find --tls1.0 option even on man page for fence-agents-ilo2-4.0.11-11.el7_1.x86_64 :-( So if you really see this option, please take a look at the end of man page, where you can find STDIN format options names and add it along with ssl_insecure to options in Power Management tab of the hosts (instead of tls1_0 use what you find in your man page): Many thanks! Using the STDIN options solved this issue. I finally get: Test succeeded: on I am using these options in the options field for the ilo2 fencing module: ssl_insecure=1,tls1.0=1 Also working: ssl_insecure=1,notls=1 ssl_insecure=1,tls1_0=1 True. What still puzzles me is the tls1.0 option. In the my man pages the STDIN option ins called 'tls1.0'. Also, can you check wherever you have a 'notls' option to force SSL3.0? This also works for me. Ahh, sorry for the confusion. By mistake I looked at older fence-agents RPM :-( I looked again and now I also have tls1.0. The notls options is contained also in the older version (like the one I have in my F20). I think all the info you gave here, esp. using the stdin binary options in a way 'option=0|1' is quite essential to get fenceing working. I had a quick look over some man pages and I think all the standard fence agents are used in the same manner. Yes, this is the regression I wrote you about. Latest fence-agents dropped the support for passing boolean options without value (just sending notls was ok in prior versions), but the last version requires to send notls=1 or notls=true, otherwise the option is not used. We are currenlty preparing patches to handle it. Also, a hint might be in order that old ilo boards can't cope with TLS and need it disabled. I think here [1] [2]? [1] http://www.ovirt.org/Automatic_Fencing [2] http://www.ovirt.org/OVirt_Administration_Guide#Host_Power_Management_Settings_Explained Hmm, thanks for the input, I will talk with Eli and Oved how to make the documentation more understandable. Thanks Martin Perina Thanks! Thanks Martin Perina I put the whole command output below [1] To specify --ssl-insecure please add following into options in Power Management tab of the host: ssl_insecure=1 Thanks for pointing out how to actually use these options. Martin Perina - Original Message - From: Daniel Helgenberger daniel.helgenber...@m-box.de To: Martin Perina mper...@redhat.com Cc: users@ovirt.org Sent: Thursday, May 21, 2015 8:11:40 PM Subject: Re: [ovirt-users] Configuring ilo2 PM; passing ssh options On 12.05.2015 09:16, Martin Perina wrote: Hi Daniel, Hello Martin, sorry for answering that late. And thanks for pointing me to the man page! I always seem to forget that. options defined in PM tab are used to pass custom settings of specific fence agent. In you case please take a look at man page for fence_ilo2. I looked there briefly and I'm afraid that your parameter is not supported. Ok, this command runs fine and uses XML: fence_ilo2 -a 10.11.0.212 --username=ovirt -p secret -v -o status --ssl-insecure --tls1.0 However, using options --tls1.0 and --ssl-insecure does not work in the engine. What puzzles me: the fence agent seems to use an SSL connection and XML; while the GUI wants an SSH port form me? There I get the error: Unknown options .. now I only get Test succeeded - unknown (witch actually is not successful) Thanks! I see that fence_ilo3_ssh
Re: [ovirt-users] Configuring ilo2 PM; passing ssh options
- Original Message - From: Martin Perina mper...@redhat.com To: Daniel Helgenberger daniel.helgenber...@m-box.de Cc: users@ovirt.org, Eli Mesika emes...@redhat.com Sent: Monday, May 25, 2015 11:23:29 AM Subject: Re: [ovirt-users] Configuring ilo2 PM; passing ssh options - Original Message - From: Daniel Helgenberger daniel.helgenber...@m-box.de To: Martin Perina mper...@redhat.com Cc: users@ovirt.org, Eli Mesika emes...@redhat.com Sent: Sunday, May 24, 2015 10:02:34 AM Subject: Re: [ovirt-users] Configuring ilo2 PM; passing ssh options On 23.05.2015 15:04, Martin Perina wrote: - Original Message - From: Daniel Helgenberger daniel.helgenber...@m-box.de To: Martin Perina mper...@redhat.com Cc: users@ovirt.org, Eli Mesika emes...@redhat.com Sent: Thursday, May 21, 2015 9:31:50 PM Subject: Re: [ovirt-users] Configuring ilo2 PM; passing ssh options On 21.05.2015 21:07, Martin Perina wrote: Hi Daniel, I'm cc'ing Eli as we are currently facing issue with fence agents regression for passing boolean flags to fence agents. Thanks for getting back to me so quickly. I looked at man page of fence_ilo2 again and I haven't found --tls1.0 option at all. Strange? FYI I am running CentOS7.1 hosts; installed fence: fence-agents-ilo2-4.0.11-11.el7_1.x86_64 Here, clearly I have this option. The fence agent itself seems to use gnutls successfully: # fence_ilo2 -a 10.11.0.212 --username=ovirt -p ** -v -o status --ssl-insecure --tls1.0 Running command: /usr/bin/gnutls-cli --priority NORMAL:-VERS-TLS1.2:-VERS-TLS1.1:+VERS-TLS1.0:%LATEST_RECORD_VERSION --insecure --crlf -p 443 10.11.0.212 Ahh, I looked at older version on F20. But I can't find --tls1.0 option even on man page for fence-agents-ilo2-4.0.11-11.el7_1.x86_64 :-( So if you really see this option, please take a look at the end of man page, where you can find STDIN format options names and add it along with ssl_insecure to options in Power Management tab of the hosts (instead of tls1_0 use what you find in your man page): Many thanks! Using the STDIN options solved this issue. I finally get: Test succeeded: on I am using these options in the options field for the ilo2 fencing module: ssl_insecure=1,tls1.0=1 Also working: ssl_insecure=1,notls=1 ssl_insecure=1,tls1_0=1 True. What still puzzles me is the tls1.0 option. In the my man pages the STDIN option ins called 'tls1.0'. Also, can you check wherever you have a 'notls' option to force SSL3.0? This also works for me. Ahh, sorry for the confusion. By mistake I looked at older fence-agents RPM :-( I looked again and now I also have tls1.0. The notls options is contained also in the older version (like the one I have in my F20). I think all the info you gave here, esp. using the stdin binary options in a way 'option=0|1' is quite essential to get fenceing working. I had a quick look over some man pages and I think all the standard fence agents are used in the same manner. Yes, this is the regression I wrote you about. Latest fence-agents dropped the support for passing boolean options without value (just sending notls was ok in prior versions), but the last version requires to send notls=1 or notls=true, otherwise the option is not used. We are currenlty preparing patches to handle it. This is planned to be fixed for 3.6 by an upgrade script (not including encrypted options) BTW, according to Marek G who is the fence-agents maintainer sending boolean flags by their own was enabled for all agents but was actually working only for the ipmilan agent ... Also, a hint might be in order that old ilo boards can't cope with TLS and need it disabled. I think here [1] [2]? [1] http://www.ovirt.org/Automatic_Fencing [2] http://www.ovirt.org/OVirt_Administration_Guide#Host_Power_Management_Settings_Explained Hmm, thanks for the input, I will talk with Eli and Oved how to make the documentation more understandable. I had added a comment to the troubleshooting section of [1] regarding that ... Thanks Martin Perina Thanks! Thanks Martin Perina I put the whole command output below [1] To specify --ssl-insecure please add following into options in Power Management tab of the host: ssl_insecure=1 Thanks for pointing out how to actually use these options. Martin Perina - Original Message - From: Daniel Helgenberger daniel.helgenber...@m-box.de To: Martin Perina mper...@redhat.com Cc: users@ovirt.org Sent: Thursday, May 21, 2015 8:11:40 PM Subject: Re: [ovirt-users] Configuring ilo2 PM; passing ssh options On 12.05.2015 09:16, Martin Perina wrote: Hi Daniel, Hello Martin, sorry for answering that late. And thanks for pointing me to the man page
Re: [ovirt-users] Configuring ilo2 PM; passing ssh options
On 23.05.2015 15:04, Martin Perina wrote: - Original Message - From: Daniel Helgenberger daniel.helgenber...@m-box.de To: Martin Perina mper...@redhat.com Cc: users@ovirt.org, Eli Mesika emes...@redhat.com Sent: Thursday, May 21, 2015 9:31:50 PM Subject: Re: [ovirt-users] Configuring ilo2 PM; passing ssh options On 21.05.2015 21:07, Martin Perina wrote: Hi Daniel, I'm cc'ing Eli as we are currently facing issue with fence agents regression for passing boolean flags to fence agents. Thanks for getting back to me so quickly. I looked at man page of fence_ilo2 again and I haven't found --tls1.0 option at all. Strange? FYI I am running CentOS7.1 hosts; installed fence: fence-agents-ilo2-4.0.11-11.el7_1.x86_64 Here, clearly I have this option. The fence agent itself seems to use gnutls successfully: # fence_ilo2 -a 10.11.0.212 --username=ovirt -p ** -v -o status --ssl-insecure --tls1.0 Running command: /usr/bin/gnutls-cli --priority NORMAL:-VERS-TLS1.2:-VERS-TLS1.1:+VERS-TLS1.0:%LATEST_RECORD_VERSION --insecure --crlf -p 443 10.11.0.212 Ahh, I looked at older version on F20. But I can't find --tls1.0 option even on man page for fence-agents-ilo2-4.0.11-11.el7_1.x86_64 :-( So if you really see this option, please take a look at the end of man page, where you can find STDIN format options names and add it along with ssl_insecure to options in Power Management tab of the hosts (instead of tls1_0 use what you find in your man page): Many thanks! Using the STDIN options solved this issue. I finally get: Test succeeded: on I am using these options in the options field for the ilo2 fencing module: ssl_insecure=1,tls1.0=1 Also working: ssl_insecure=1,notls=1 ssl_insecure=1,tls1_0=1 True. What still puzzles me is the tls1.0 option. In the my man pages the STDIN option ins called 'tls1.0'. Also, can you check wherever you have a 'notls' option to force SSL3.0? This also works for me. I think all the info you gave here, esp. using the stdin binary options in a way 'option=0|1' is quite essential to get fenceing working. I had a quick look over some man pages and I think all the standard fence agents are used in the same manner. Also, a hint might be in order that old ilo boards can't cope with TLS and need it disabled. I think here [1] [2]? [1] http://www.ovirt.org/Automatic_Fencing [2] http://www.ovirt.org/OVirt_Administration_Guide#Host_Power_Management_Settings_Explained Thanks! Thanks Martin Perina I put the whole command output below [1] To specify --ssl-insecure please add following into options in Power Management tab of the host: ssl_insecure=1 Thanks for pointing out how to actually use these options. Martin Perina - Original Message - From: Daniel Helgenberger daniel.helgenber...@m-box.de To: Martin Perina mper...@redhat.com Cc: users@ovirt.org Sent: Thursday, May 21, 2015 8:11:40 PM Subject: Re: [ovirt-users] Configuring ilo2 PM; passing ssh options On 12.05.2015 09:16, Martin Perina wrote: Hi Daniel, Hello Martin, sorry for answering that late. And thanks for pointing me to the man page! I always seem to forget that. options defined in PM tab are used to pass custom settings of specific fence agent. In you case please take a look at man page for fence_ilo2. I looked there briefly and I'm afraid that your parameter is not supported. Ok, this command runs fine and uses XML: fence_ilo2 -a 10.11.0.212 --username=ovirt -p secret -v -o status --ssl-insecure --tls1.0 However, using options --tls1.0 and --ssl-insecure does not work in the engine. What puzzles me: the fence agent seems to use an SSL connection and XML; while the GUI wants an SSH port form me? There I get the error: Unknown options .. now I only get Test succeeded - unknown (witch actually is not successful) Thanks! I see that fence_ilo3_ssh and fence_ilo4_ssh should support passing that option for SSH connection, so you could try them if they work with you fence device. Martin Perina - Original Message - From: Daniel Helgenberger daniel.helgenber...@m-box.de To: users@ovirt.org Sent: Monday, May 11, 2015 5:53:10 PM Subject: [ovirt-users] Configuring ilo2 PM; passing ssh options Hello, to make this short - i need to pass ssh options to get the connection to ilo2 working (MACs=hmac-sha1) [1]. How can this be done? I think the 'options' field is clearly for something else? Using this option in .ssh/config works btw. Thanks! -- Daniel Helgenberger m box bewegtbild GmbH P: +49/30/2408781-22 F: +49/30/2408781-10 ACKERSTR. 19 D-10115 BERLIN www.m-box.de www.monkeymen.tv Geschäftsführer: Martin Retschitzegger / Michaela Göllner Handeslregister: Amtsgericht Charlottenburg / HRB 112767 ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users -- Daniel Helgenberger m box bewegtbild GmbH P
Re: [ovirt-users] Configuring ilo2 PM; passing ssh options
- Original Message - From: Daniel Helgenberger daniel.helgenber...@m-box.de To: Martin Perina mper...@redhat.com Cc: users@ovirt.org, Eli Mesika emes...@redhat.com Sent: Thursday, May 21, 2015 9:31:50 PM Subject: Re: [ovirt-users] Configuring ilo2 PM; passing ssh options On 21.05.2015 21:07, Martin Perina wrote: Hi Daniel, I'm cc'ing Eli as we are currently facing issue with fence agents regression for passing boolean flags to fence agents. Thanks for getting back to me so quickly. I looked at man page of fence_ilo2 again and I haven't found --tls1.0 option at all. Strange? FYI I am running CentOS7.1 hosts; installed fence: fence-agents-ilo2-4.0.11-11.el7_1.x86_64 Here, clearly I have this option. The fence agent itself seems to use gnutls successfully: # fence_ilo2 -a 10.11.0.212 --username=ovirt -p ** -v -o status --ssl-insecure --tls1.0 Running command: /usr/bin/gnutls-cli --priority NORMAL:-VERS-TLS1.2:-VERS-TLS1.1:+VERS-TLS1.0:%LATEST_RECORD_VERSION --insecure --crlf -p 443 10.11.0.212 Ahh, I looked at older version on F20. But I can't find --tls1.0 option even on man page for fence-agents-ilo2-4.0.11-11.el7_1.x86_64 :-( So if you really see this option, please take a look at the end of man page, where you can find STDIN format options names and add it along with ssl_insecure to options in Power Management tab of the hosts (instead of tls1_0 use what you find in your man page): ssl_insecure=1,tls1_0=1 Thanks Martin Perina I put the whole command output below [1] To specify --ssl-insecure please add following into options in Power Management tab of the host: ssl_insecure=1 Thanks for pointing out how to actually use these options. Martin Perina - Original Message - From: Daniel Helgenberger daniel.helgenber...@m-box.de To: Martin Perina mper...@redhat.com Cc: users@ovirt.org Sent: Thursday, May 21, 2015 8:11:40 PM Subject: Re: [ovirt-users] Configuring ilo2 PM; passing ssh options On 12.05.2015 09:16, Martin Perina wrote: Hi Daniel, Hello Martin, sorry for answering that late. And thanks for pointing me to the man page! I always seem to forget that. options defined in PM tab are used to pass custom settings of specific fence agent. In you case please take a look at man page for fence_ilo2. I looked there briefly and I'm afraid that your parameter is not supported. Ok, this command runs fine and uses XML: fence_ilo2 -a 10.11.0.212 --username=ovirt -p secret -v -o status --ssl-insecure --tls1.0 However, using options --tls1.0 and --ssl-insecure does not work in the engine. What puzzles me: the fence agent seems to use an SSL connection and XML; while the GUI wants an SSH port form me? There I get the error: Unknown options .. now I only get Test succeeded - unknown (witch actually is not successful) Thanks! I see that fence_ilo3_ssh and fence_ilo4_ssh should support passing that option for SSH connection, so you could try them if they work with you fence device. Martin Perina - Original Message - From: Daniel Helgenberger daniel.helgenber...@m-box.de To: users@ovirt.org Sent: Monday, May 11, 2015 5:53:10 PM Subject: [ovirt-users] Configuring ilo2 PM; passing ssh options Hello, to make this short - i need to pass ssh options to get the connection to ilo2 working (MACs=hmac-sha1) [1]. How can this be done? I think the 'options' field is clearly for something else? Using this option in .ssh/config works btw. Thanks! -- Daniel Helgenberger m box bewegtbild GmbH P: +49/30/2408781-22 F: +49/30/2408781-10 ACKERSTR. 19 D-10115 BERLIN www.m-box.de www.monkeymen.tv Geschäftsführer: Martin Retschitzegger / Michaela Göllner Handeslregister: Amtsgericht Charlottenburg / HRB 112767 ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users -- Daniel Helgenberger m box bewegtbild GmbH P: +49/30/2408781-22 F: +49/30/2408781-10 ACKERSTR. 19 D-10115 BERLIN www.m-box.de www.monkeymen.tv Geschäftsführer: Martin Retschitzegger / Michaela Göllner Handeslregister: Amtsgericht Charlottenburg / HRB 112767 [1] Sent: ?xml version=1.0? Received: ?xml version=1.0? Processed 0 CA certificate(s). Resolving '10.11.0.212'... Connecting to '10.11.0.212:443'... - Certificate type: X.509 - Got a certificate list of 1 certificates. - Certificate[0] info: - subject `C=US,ST=Texas,L=Houston,O=Hewlett-Packard Company,OU=ISS,CN=hv02', issuer `C=US,ST=Texas,L=Houston,O=Hewlett-Packard Company,OU=ISS,CN=hv02', RSA key 1024 bits, signed using RSA-MD5 (broken!), activated `2002-12-05 20:25:26 UTC', expires `2022-12-05 20:25:26 UTC', SHA-1 fingerprint `4db06bc1a74fe2894068d89ea76c0622b3e76bc1' Public Key ID
Re: [ovirt-users] Configuring ilo2 PM; passing ssh options
On 12.05.2015 09:16, Martin Perina wrote: Hi Daniel, Hello Martin, sorry for answering that late. And thanks for pointing me to the man page! I always seem to forget that. options defined in PM tab are used to pass custom settings of specific fence agent. In you case please take a look at man page for fence_ilo2. I looked there briefly and I'm afraid that your parameter is not supported. Ok, this command runs fine and uses XML: fence_ilo2 -a 10.11.0.212 --username=ovirt -p secret -v -o status --ssl-insecure --tls1.0 However, using options --tls1.0 and --ssl-insecure does not work in the engine. What puzzles me: the fence agent seems to use an SSL connection and XML; while the GUI wants an SSH port form me? There I get the error: Unknown options .. now I only get Test succeeded - unknown (witch actually is not successful) Thanks! I see that fence_ilo3_ssh and fence_ilo4_ssh should support passing that option for SSH connection, so you could try them if they work with you fence device. Martin Perina - Original Message - From: Daniel Helgenberger daniel.helgenber...@m-box.de To: users@ovirt.org Sent: Monday, May 11, 2015 5:53:10 PM Subject: [ovirt-users] Configuring ilo2 PM; passing ssh options Hello, to make this short - i need to pass ssh options to get the connection to ilo2 working (MACs=hmac-sha1) [1]. How can this be done? I think the 'options' field is clearly for something else? Using this option in .ssh/config works btw. Thanks! -- Daniel Helgenberger m box bewegtbild GmbH P: +49/30/2408781-22 F: +49/30/2408781-10 ACKERSTR. 19 D-10115 BERLIN www.m-box.de www.monkeymen.tv Geschäftsführer: Martin Retschitzegger / Michaela Göllner Handeslregister: Amtsgericht Charlottenburg / HRB 112767 ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users -- Daniel Helgenberger m box bewegtbild GmbH P: +49/30/2408781-22 F: +49/30/2408781-10 ACKERSTR. 19 D-10115 BERLIN www.m-box.de www.monkeymen.tv Geschäftsführer: Martin Retschitzegger / Michaela Göllner Handeslregister: Amtsgericht Charlottenburg / HRB 112767 ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Configuring ilo2 PM; passing ssh options
On 21.05.2015 21:07, Martin Perina wrote: Hi Daniel, I'm cc'ing Eli as we are currently facing issue with fence agents regression for passing boolean flags to fence agents. Thanks for getting back to me so quickly. I looked at man page of fence_ilo2 again and I haven't found --tls1.0 option at all. Strange? FYI I am running CentOS7.1 hosts; installed fence: fence-agents-ilo2-4.0.11-11.el7_1.x86_64 Here, clearly I have this option. The fence agent itself seems to use gnutls successfully: # fence_ilo2 -a 10.11.0.212 --username=ovirt -p ** -v -o status --ssl-insecure --tls1.0 Running command: /usr/bin/gnutls-cli --priority NORMAL:-VERS-TLS1.2:-VERS-TLS1.1:+VERS-TLS1.0:%LATEST_RECORD_VERSION --insecure --crlf -p 443 10.11.0.212 I put the whole command output below [1] To specify --ssl-insecure please add following into options in Power Management tab of the host: ssl_insecure=1 Thanks for pointing out how to actually use these options. Martin Perina - Original Message - From: Daniel Helgenberger daniel.helgenber...@m-box.de To: Martin Perina mper...@redhat.com Cc: users@ovirt.org Sent: Thursday, May 21, 2015 8:11:40 PM Subject: Re: [ovirt-users] Configuring ilo2 PM; passing ssh options On 12.05.2015 09:16, Martin Perina wrote: Hi Daniel, Hello Martin, sorry for answering that late. And thanks for pointing me to the man page! I always seem to forget that. options defined in PM tab are used to pass custom settings of specific fence agent. In you case please take a look at man page for fence_ilo2. I looked there briefly and I'm afraid that your parameter is not supported. Ok, this command runs fine and uses XML: fence_ilo2 -a 10.11.0.212 --username=ovirt -p secret -v -o status --ssl-insecure --tls1.0 However, using options --tls1.0 and --ssl-insecure does not work in the engine. What puzzles me: the fence agent seems to use an SSL connection and XML; while the GUI wants an SSH port form me? There I get the error: Unknown options .. now I only get Test succeeded - unknown (witch actually is not successful) Thanks! I see that fence_ilo3_ssh and fence_ilo4_ssh should support passing that option for SSH connection, so you could try them if they work with you fence device. Martin Perina - Original Message - From: Daniel Helgenberger daniel.helgenber...@m-box.de To: users@ovirt.org Sent: Monday, May 11, 2015 5:53:10 PM Subject: [ovirt-users] Configuring ilo2 PM; passing ssh options Hello, to make this short - i need to pass ssh options to get the connection to ilo2 working (MACs=hmac-sha1) [1]. How can this be done? I think the 'options' field is clearly for something else? Using this option in .ssh/config works btw. Thanks! -- Daniel Helgenberger m box bewegtbild GmbH P: +49/30/2408781-22 F: +49/30/2408781-10 ACKERSTR. 19 D-10115 BERLIN www.m-box.de www.monkeymen.tv Geschäftsführer: Martin Retschitzegger / Michaela Göllner Handeslregister: Amtsgericht Charlottenburg / HRB 112767 ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users -- Daniel Helgenberger m box bewegtbild GmbH P: +49/30/2408781-22 F: +49/30/2408781-10 ACKERSTR. 19 D-10115 BERLIN www.m-box.de www.monkeymen.tv Geschäftsführer: Martin Retschitzegger / Michaela Göllner Handeslregister: Amtsgericht Charlottenburg / HRB 112767 [1] Sent: ?xml version=1.0? Received: ?xml version=1.0? Processed 0 CA certificate(s). Resolving '10.11.0.212'... Connecting to '10.11.0.212:443'... - Certificate type: X.509 - Got a certificate list of 1 certificates. - Certificate[0] info: - subject `C=US,ST=Texas,L=Houston,O=Hewlett-Packard Company,OU=ISS,CN=hv02', issuer `C=US,ST=Texas,L=Houston,O=Hewlett-Packard Company,OU=ISS,CN=hv02', RSA key 1024 bits, signed using RSA-MD5 (broken!), activated `2002-12-05 20:25:26 UTC', expires `2022-12-05 20:25:26 UTC', SHA-1 fingerprint `4db06bc1a74fe2894068d89ea76c0622b3e76bc1' Public Key ID: 428f85bc360c8778eb550e4b8ef1c65b111d7108 Public key's random art: +--[ RSA 1024]+ |Eoo+.| | . o . .o. | | . = B +| | . X . | |o # S| | . + = | |. . | | | | | +-+ - Status: The certificate is NOT trusted. The certificate issuer is unknown. The name in the certificate does not match the expected. *** PKI verification of server certificate failed... - Description: (TLS1.0)-(RSA)-(AES-128-CBC)-(SHA1) - Session ID: AA:C9:08:8C:F5:E7:E6:19:7D:BC:20:D4:A0:C0:DA:E4:0E:C1:C0:2A:BC:93:8E:B3:5F:20:B0:38:67:F2:01:5C - Version: TLS1.0 - Key Exchange: RSA - Cipher: AES-128-CBC - MAC: SHA1 - Compression
Re: [ovirt-users] Configuring ilo2 PM; passing ssh options
Hi Daniel, I'm cc'ing Eli as we are currently facing issue with fence agents regression for passing boolean flags to fence agents. I looked at man page of fence_ilo2 again and I haven't found --tls1.0 option at all. To specify --ssl-insecure please add following into options in Power Management tab of the host: ssl_insecure=1 Martin Perina - Original Message - From: Daniel Helgenberger daniel.helgenber...@m-box.de To: Martin Perina mper...@redhat.com Cc: users@ovirt.org Sent: Thursday, May 21, 2015 8:11:40 PM Subject: Re: [ovirt-users] Configuring ilo2 PM; passing ssh options On 12.05.2015 09:16, Martin Perina wrote: Hi Daniel, Hello Martin, sorry for answering that late. And thanks for pointing me to the man page! I always seem to forget that. options defined in PM tab are used to pass custom settings of specific fence agent. In you case please take a look at man page for fence_ilo2. I looked there briefly and I'm afraid that your parameter is not supported. Ok, this command runs fine and uses XML: fence_ilo2 -a 10.11.0.212 --username=ovirt -p secret -v -o status --ssl-insecure --tls1.0 However, using options --tls1.0 and --ssl-insecure does not work in the engine. What puzzles me: the fence agent seems to use an SSL connection and XML; while the GUI wants an SSH port form me? There I get the error: Unknown options .. now I only get Test succeeded - unknown (witch actually is not successful) Thanks! I see that fence_ilo3_ssh and fence_ilo4_ssh should support passing that option for SSH connection, so you could try them if they work with you fence device. Martin Perina - Original Message - From: Daniel Helgenberger daniel.helgenber...@m-box.de To: users@ovirt.org Sent: Monday, May 11, 2015 5:53:10 PM Subject: [ovirt-users] Configuring ilo2 PM; passing ssh options Hello, to make this short - i need to pass ssh options to get the connection to ilo2 working (MACs=hmac-sha1) [1]. How can this be done? I think the 'options' field is clearly for something else? Using this option in .ssh/config works btw. Thanks! -- Daniel Helgenberger m box bewegtbild GmbH P: +49/30/2408781-22 F: +49/30/2408781-10 ACKERSTR. 19 D-10115 BERLIN www.m-box.de www.monkeymen.tv Geschäftsführer: Martin Retschitzegger / Michaela Göllner Handeslregister: Amtsgericht Charlottenburg / HRB 112767 ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users -- Daniel Helgenberger m box bewegtbild GmbH P: +49/30/2408781-22 F: +49/30/2408781-10 ACKERSTR. 19 D-10115 BERLIN www.m-box.de www.monkeymen.tv Geschäftsführer: Martin Retschitzegger / Michaela Göllner Handeslregister: Amtsgericht Charlottenburg / HRB 112767 ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Configuring ilo2 PM; passing ssh options
Hi Daniel, options defined in PM tab are used to pass custom settings of specific fence agent. In you case please take a look at man page for fence_ilo2. I looked there briefly and I'm afraid that your parameter is not supported. I see that fence_ilo3_ssh and fence_ilo4_ssh should support passing that option for SSH connection, so you could try them if they work with you fence device. Martin Perina - Original Message - From: Daniel Helgenberger daniel.helgenber...@m-box.de To: users@ovirt.org Sent: Monday, May 11, 2015 5:53:10 PM Subject: [ovirt-users] Configuring ilo2 PM; passing ssh options Hello, to make this short - i need to pass ssh options to get the connection to ilo2 working (MACs=hmac-sha1) [1]. How can this be done? I think the 'options' field is clearly for something else? Using this option in .ssh/config works btw. Thanks! -- Daniel Helgenberger m box bewegtbild GmbH P: +49/30/2408781-22 F: +49/30/2408781-10 ACKERSTR. 19 D-10115 BERLIN www.m-box.de www.monkeymen.tv Geschäftsführer: Martin Retschitzegger / Michaela Göllner Handeslregister: Amtsgericht Charlottenburg / HRB 112767 ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] Configuring ilo2 PM; passing ssh options
Hello, to make this short - i need to pass ssh options to get the connection to ilo2 working (MACs=hmac-sha1) [1]. How can this be done? I think the 'options' field is clearly for something else? Using this option in .ssh/config works btw. Thanks! -- Daniel Helgenberger m box bewegtbild GmbH P: +49/30/2408781-22 F: +49/30/2408781-10 ACKERSTR. 19 D-10115 BERLIN www.m-box.de www.monkeymen.tv Geschäftsführer: Martin Retschitzegger / Michaela Göllner Handeslregister: Amtsgericht Charlottenburg / HRB 112767 ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users