----- Original Message ----- > From: "Daniel Helgenberger" <daniel.helgenber...@m-box.de> > To: "Martin Perina" <mper...@redhat.com> > Cc: users@ovirt.org, "Eli Mesika" <emes...@redhat.com> > Sent: Thursday, May 21, 2015 9:31:50 PM > Subject: Re: [ovirt-users] Configuring ilo2 PM; passing ssh options > > > > On 21.05.2015 21:07, Martin Perina wrote: > > Hi Daniel, > > > > I'm cc'ing Eli as we are currently facing issue with fence agents > > regression for passing boolean flags to fence agents. > Thanks for getting back to me so quickly. > > > > I looked at man page of fence_ilo2 again and I haven't found > > --tls1.0 option at all. > Strange? FYI I am running CentOS7.1 hosts; installed fence: > fence-agents-ilo2-4.0.11-11.el7_1.x86_64 > > Here, clearly I have this option. The fence agent itself seems to use > gnutls successfully: > > # fence_ilo2 -a 10.11.0.212 --username=ovirt -p ****** -v -o status > --ssl-insecure --tls1.0 > > Running command: /usr/bin/gnutls-cli --priority > "NORMAL:-VERS-TLS1.2:-VERS-TLS1.1:+VERS-TLS1.0:%LATEST_RECORD_VERSION" > --insecure --crlf -p 443 10.11.0.212 >
Ahh, I looked at older version on F20. But I can't find --tls1.0 option even on man page for fence-agents-ilo2-4.0.11-11.el7_1.x86_64 :-( So if you really see this option, please take a look at the end of man page, where you can find STDIN format options names and add it along with ssl_insecure to options in Power Management tab of the hosts (instead of "tls1_0 use what you find in your man page): ssl_insecure=1,tls1_0=1 Thanks Martin Perina > I put the whole command output below [1] > > > To specify --ssl-insecure please add following > > into options in Power Management tab of the host: > > > > ssl_insecure=1 > Thanks for pointing out how to actually use these options. > > > > > > Martin Perina > > > > ----- Original Message ----- > >> From: "Daniel Helgenberger" <daniel.helgenber...@m-box.de> > >> To: "Martin Perina" <mper...@redhat.com> > >> Cc: users@ovirt.org > >> Sent: Thursday, May 21, 2015 8:11:40 PM > >> Subject: Re: [ovirt-users] Configuring ilo2 PM; passing ssh options > >> > >> > >> > >> On 12.05.2015 09:16, Martin Perina wrote: > >>> Hi Daniel, > >> Hello Martin, > >> > >> sorry for answering that late. And thanks for pointing me to the man > >> page! I always seem to forget that. > >>> > >>> options defined in PM tab are used to pass custom settings > >>> of specific fence agent. In you case please take a look > >>> at man page for fence_ilo2. I looked there briefly and > >>> I'm afraid that your parameter is not supported. > >> > >> Ok, this command runs fine and uses XML: > >> fence_ilo2 -a 10.11.0.212 --username=ovirt -p secret -v -o status > >> --ssl-insecure --tls1.0 > >> > >> However, using options --tls1.0 and --ssl-insecure does not work in the > >> engine. What puzzles me: the fence agent seems to use an SSL connection > >> and XML; while the GUI wants an SSH port form me? > >> > >> There I get the error: > >> Unknown options .. > >> > >> now I only get > >> Test succeeded - unknown (witch actually is not successful) > >> > >> > >> Thanks! > >>> > >>> I see that fence_ilo3_ssh and fence_ilo4_ssh should support > >>> passing that option for SSH connection, so you could try them > >>> if they work with you fence device. > >>> > >>> Martin Perina > >>> > >>> > >>> ----- Original Message ----- > >>>> From: "Daniel Helgenberger" <daniel.helgenber...@m-box.de> > >>>> To: users@ovirt.org > >>>> Sent: Monday, May 11, 2015 5:53:10 PM > >>>> Subject: [ovirt-users] Configuring ilo2 PM; passing ssh options > >>>> > >>>> Hello, > >>>> > >>>> to make this short - i need to pass ssh options to get the connection to > >>>> ilo2 working (MACs=hmac-sha1) [1]. > >>>> > >>>> How can this be done? I think the 'options' field is clearly for > >>>> something else? > >>>> > >>>> Using this option in .ssh/config works btw. > >>>> > >>>> Thanks! > >>>> -- > >>>> Daniel Helgenberger > >>>> m box bewegtbild GmbH > >>>> > >>>> P: +49/30/2408781-22 > >>>> F: +49/30/2408781-10 > >>>> > >>>> ACKERSTR. 19 > >>>> D-10115 BERLIN > >>>> > >>>> > >>>> www.m-box.de www.monkeymen.tv > >>>> > >>>> Geschäftsführer: Martin Retschitzegger / Michaela Göllner > >>>> Handeslregister: Amtsgericht Charlottenburg / HRB 112767 > >>>> _______________________________________________ > >>>> Users mailing list > >>>> Users@ovirt.org > >>>> http://lists.ovirt.org/mailman/listinfo/users > >>>> > >>> > >> > >> -- > >> Daniel Helgenberger > >> m box bewegtbild GmbH > >> > >> P: +49/30/2408781-22 > >> F: +49/30/2408781-10 > >> > >> ACKERSTR. 19 > >> D-10115 BERLIN > >> > >> > >> www.m-box.de www.monkeymen.tv > >> > >> Geschäftsführer: Martin Retschitzegger / Michaela Göllner > >> Handeslregister: Amtsgericht Charlottenburg / HRB 112767 > >> > > > > [1] > > Sent: <?xml version="1.0"?> > > Received: <?xml version="1.0"?> > > Processed 0 CA certificate(s). > Resolving '10.11.0.212'... > Connecting to '10.11.0.212:443'... > - Certificate type: X.509 > - Got a certificate list of 1 certificates. > - Certificate[0] info: > - subject `C=US,ST=Texas,L=Houston,O=Hewlett-Packard > Company,OU=ISS,CN=hv02', issuer > `C=US,ST=Texas,L=Houston,O=Hewlett-Packard Company,OU=ISS,CN=hv02', RSA > key 1024 bits, signed using RSA-MD5 (broken!), activated `2002-12-05 > 20:25:26 UTC', expires `2022-12-05 20:25:26 UTC', SHA-1 fingerprint > `4db06bc1a74fe2894068d89ea76c0622b3e76bc1' > Public Key ID: > 428f85bc360c8778eb550e4b8ef1c65b111d7108 > Public key's random art: > +--[ RSA 1024]----+ > | Eoo+. | > | . o . .o. | > | . = B + | > | . & X . | > | o # S | > | . + = | > | . . | > | | > | | > +-----------------+ > > - Status: The certificate is NOT trusted. The certificate issuer is > unknown. The name in the certificate does not match the expected. > *** PKI verification of server certificate failed... > - Description: (TLS1.0)-(RSA)-(AES-128-CBC)-(SHA1) > - Session ID: > AA:C9:08:8C:F5:E7:E6:19:7D:BC:20:D4:A0:C0:DA:E4:0E:C1:C0:2A:BC:93:8E:B3:5F:20:B0:38:67:F2:01:5C > - Version: TLS1.0 > - Key Exchange: RSA > - Cipher: AES-128-CBC > - MAC: SHA1 > - Compression: NULL > - Handshake was completed > > - Simple Client Mode: > > <?xml version="1.0"?> > <RIBCL VERSION="2.22"> > <RESPONSE > STATUS="0x0000" > MESSAGE='No error' > /> > </RIBCL> > Sent: <RIBCL VERSION="2.0"> > > Sent: <LOGIN USER_LOGIN = "ovirt" PASSWORD = "dJPVmJG64zMVD3d"> > > Sent: <RIB_INFO MODE="read"><GET_FW_VERSION /> > > Sent: </RIB_INFO> > > Received: > <RIBCL VERSION="2.0"> > > <LOGIN USER_LOGIN = "ovirt" PASSWORD = "dJPVmJG64zMVD3d"> > > <RIB_INFO MODE="read"><GET_FW_VERSION /> > > </RIB_INFO> > > <?xml version="1.0"?> > <RIBCL VERSION="2.22"> > <RESPONSE > STATUS="0x0000" > MESSAGE='No error' > /> > </RIBCL> > <?xml version="1.0"?> > <RIBCL VERSION="2.22"> > <RESPONSE > STATUS="0x0000" > MESSAGE='No error' > /> > </RIBCL> > <?xml version="1.0"?> > <RIBCL VERSION="2.22"> > <RESPONSE > STATUS="0x0000" > MESSAGE='No error' > /> > </RIBCL> > <?xml version="1.0"?> > <RIBCL VERSION="2.22"> > <RESPONSE > STATUS="0x0000" > MESSAGE='No error' > /> > <GET_FW_VERSION > > Received: FIRMWARE_VERSION = "2.25" > FIRMWARE_DATE = "Apr 14 2014" > MANAGEMENT_PROCESSOR = "iLO2" > LICENSE_TYPE = "iLO 2 Advanced" > /> > Sent: </LOGIN> > > Sent: <LOGIN USER_LOGIN = "ovirt" PASSWORD = "dJPVmJG64zMVD3d"> > > Sent: <SERVER_INFO MODE = "read"><GET_HOST_POWER_STATUS/> > > Sent: </SERVER_INFO></LOGIN> > > Received: > </RIBCL> > <?xml version="1.0"?> > <RIBCL VERSION="2.22"> > <RESPONSE > STATUS="0x0000" > MESSAGE='No error' > /> > </RIBCL> > <?xml version="1.0"?> > <RIBCL VERSION="2.22"> > <RESPONSE > STATUS="0x0000" > MESSAGE='No error' > /> > </RIBCL> > </LOGIN> > > <LOGIN USER_LOGIN = "ovirt" PASSWORD = "*********"> > > <?xml version="1.0"?> > <RIBCL VERSION="2.22"> > <RESPONSE > STATUS="0x0000" > MESSAGE='No error' > /> > </RIBCL> > <?xml version="1.0"?> > <RIBCL VERSION="2.22"> > <RESPONSE > STATUS="0x0000" > MESSAGE='No error' > /> > </RIBCL> > <SERVER_INFO MODE = "read"><GET_HOST_POWER_STATUS/> > > <?xml version="1.0"?> > <RIBCL VERSION="2.22"> > <RESPONSE > STATUS="0x0000" > MESSAGE='No error' > /> > </RIBCL> > <?xml version="1.0"?> > <RIBCL VERSION="2.22"> > <RESPONSE > STATUS="0x0000" > MESSAGE='No error' > /> > <GET_HOST_POWER > HOST_POWER="ON" > Status: ON > _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
