On 04/27/2017 05:35 PM, Gianluca Cecchi wrote: > On Thu, Apr 27, 2017 at 4:58 PM, Gianluca Cecchi > <gianluca.cec...@gmail.com <mailto:gianluca.cec...@gmail.com>> wrote: > > On Thu, Apr 27, 2017 at 4:43 PM, Gianluca Cecchi > <gianluca.cec...@gmail.com <mailto:gianluca.cec...@gmail.com>> wrote: > > Hello, > I'm trying to use fence_rhevm in a CentOS 6.8 guest that is part > of a virtual rhcs cluster > > My sw version for fence_agents inside guest is > fence-agents-4.0.15-12.el6.x86_64 and I notice that for this > particular agent nothing changes also using the latest available > package fence-agents-4.0.15-13.el6.x86_64.rpm apart > > [root@p2vnorasvi1 ~]# diff fence_rhevm /usr/sbin/fence_rhevm > 13c13 > < BUILD_DATE="(built Wed Mar 22 04:24:11 UTC 2017)" > --- > > BUILD_DATE="(built Tue May 10 22:28:47 UTC 2016)" > [root@p2vnorasvi1 ~]# > > The VM name in oVirt 4.1.1 is p2vorasvi1 > > Running this command against the engine I get > > [root@p2vnorasvi1 network-scripts]# fence_rhevm -a 10.4.192.43 > -l "admin@internal" -p "mypassword" -z --shell-timeout=20 > --power-wait=10 -v -o status -n p2vorasvi1 > vms/?search=name%3Dp2vorasvi1 > > <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> > <html><head> > <title>404 Not Found</title> > </head><body> > <h1>Not Found</h1> > <p>The requested URL /api/vms/ was not found on this server.</p> > </body></html> > > > Failed: Unable to obtain correct plug status or plug is not > available > > Actually I get the same error even if I put a wrong password.... > > What am I missing...? > Do I have to specify DC/cluster if I have more than one, or > other parameters? > > Thanks, > Gianluca > > > > If I change this in fence_rhevm > > [root@p2vnorasvi1 sbin]# diff fence_rhevm fence_rhevm.orig > 84c84 > < url += "//" + opt["--ip"] + ":" + str(opt["--ipport"]) + > "/ovirt-engine/api/" + command > --- > > url += "//" + opt["--ip"] + ":" + str(opt["--ipport"]) + "/api/" + > command > > I now get 401 unauthorized.... > > [root@p2vnorasvi1 sbin]# fence_rhevm -a 10.4.192.43 -z -l > "admin@internal" -p "mypassword" --shell-timeout=20 --power-wait=10 > -v -o status -n p2vorasvi1 > vms/?search=name%3Dp2vorasvi1 > > <html><head><title>Error</title></head><body>Unauthorized</body></html> > > Failed: Unable to obtain correct plug status or plug is not available > > > [root@p2vnorasvi1 sbin]# > > and in engine ssl_access.log > > 127.0.0.1 - - [27/Apr/2017:16:51:55 +0200] "POST > /ovirt-engine/sso/oauth/token HTTP/1.1" 200 153 > 10.4.168.91 - - [27/Apr/2017:16:51:55 +0200] "GET > /ovirt-engine/api/vms/?search=name%3Dp2vorasvi2 HTTP/1.1" 401 71 > > > > Tried also using v3 in url, this way: > > [root@p2vnorasvi1 sbin]# diff fence_rhevm fence_rhevm.orig > 84c84 > < url += "//" + opt["--ip"] + ":" + str(opt["--ipport"]) + > "/ovirt-engine/api/v3/" + command > --- >> url += "//" + opt["--ip"] + ":" + str(opt["--ipport"]) + "/api/" + command > [root@p2vnorasvi1 sbin]# > > [root@p2vnorasvi1 sbin]# fence_rhevm -a 10.4.192.43 -z -l > "admin@internal" -p "mypassword" --shell-timeout=20 --login-timeout=20 > --power-wait=10 -v -o status -n p2vorasvi1 > vms/?search=name%3Dp2vorasvi1 > > <html><head><title>Error</title></head><body>Unauthorized</body></html> > > Failed: Unable to obtain correct plug status or plug is not available > > > [root@p2vnorasvi1 sbin]# >
That is a known issue: fence_rhevm can only work as RHEV admin user not a regular user (that requires "Filter: true http header) https://bugzilla.redhat.com/1287059 That was fixed in fence-agents-4.0.11-47.el7, but I guess it wasn't backported to CentOS 6. I'd suggest that you open a bug for this component in the Red Hat Enterprise Linux bug tracker, requesting that the fix be back-ported. Meanwhile, if you are in a hurry, you can take the CentOS 7 fence_rhev script, which should work. You will most likely also need to add --ssl-indecure to the command line of the agent, because you will most likely be using the default self signed certificate authority used by the engine. Note that the latest version of this script uses the 'Filter: true' header to drop privileges. That means that even when using 'admin@internal' you have to make sure that 'admin@internal' has permissions for the VM that you want to fence, otherwise it will not be able to find/fence it. _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
