Hi, On Fri, Jul 7, 2017 at 8:02 AM, ArekW <arkad...@gmail.com> wrote:
> Hi, > I did a small research on the scripts > > /usr/sbin/fence_vbox > def main(): > ... > conn = fence_login(options) > > The fence_loging is scripted in the fencing.py and it should invoke > function: _login_ssh_with_identity_file > > /usr/share/fence/fencing.py > def _login_ssh_with_identity_file: > ... > command = '%s %s %s@%s -i %s -p %s' % \ > (options["--ssh-path"], force_ipvx, options["--username"], > options["--ip"], \ > options["--identity-file"], options["--ipport"]) > > There are username and ip parameter used here (not login and ipaddr as in > fence description) so I used: > You have noticed this right, this is due to backward compatibility. And we are working towards ability to use command-line options everywhere (it is already in upstream but it is not yet supported in pcs). So 'login=FOO' is same as '--username FOO/-l FOO'. Misleading at least. The mapping between those systems was available on our wiki pages, it is available in documentation and in (somewhat less readable way) in manual page. > > pcs stonith create vbox-fencing fence_vbox ip=10.0.2.2 username=AW23321 > identity_file=/root/.ssh/id_rsa host_os=windows > vboxmanage_path="/cygdrive/c/Program\ Files/Oracle/VirtualBox/VBoxManage" > pcmk_host_map="nfsnode1:centos1;nfsnode2:centos2" ssh=true > inet4_only=true op monitor interval=5 -force > * Why are you using -force? * ssh=true is not a valid option (=> it is ignored and warning should be in the logs) and fence_vbox can use ssh only. [secure=true will do what you want] > > I still got the same warning in messages: > Jul 7 07:52:24 nfsnode1 stonith-ng[6244]: warning: fence_vbox[21564] > stderr: [ Unable to connect/login to fencing device ] > Jul 7 07:52:24 nfsnode1 stonith-ng[6244]: warning: fence_vbox[21564] > stderr: [ ] > Jul 7 07:52:24 nfsnode1 stonith-ng[6244]: warning: fence_vbox[21564] > stderr: [ ] > > "Standalone" test is working with the same parameters: > [root@nfsnode1 nfsinfo]# fence_vbox --ip 10.0.2.2 --username=AW23321 > --identity-file=/root/.ssh/id_rsa --plug=centos2 --host-os=windows > --action=status --vboxmanage-path="/cygdrive/c/Program\ > Files/Oracle/VirtualBox/VBoxManage" -4 -x > Status: ON > This looks like SELinux for me. From the command line, you are in unconfined domain so no checks are performed. Try to look at SELinux boolean "fenced_can_ssh" > I could use more debug in the scripts. > You can use verbose=true (-v) and it will display all input/output operations. In case of the fence_vbox you will see what we attempt to run and what is the output of these commands. If there is need for more detail output, please let me know and I will try to add it. m,
_______________________________________________ Users mailing list: Users@clusterlabs.org http://lists.clusterlabs.org/mailman/listinfo/users Project Home: http://www.clusterlabs.org Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf Bugs: http://bugs.clusterlabs.org