[ClusterLabs] fence_vbox Unable to connect/login to fencing device

Marek Grac mgrac at redhat.com
Fri Jul 7 08:07:08 UTC 2017 

Hi,

On Fri, Jul 7, 2017 at 8:02 AM, ArekW <arkaduis at gmail.com> wrote:

> Hi,
> I did a small research on the scripts
>
> /usr/sbin/fence_vbox
> def main():
> ...
> conn = fence_login(options)
>
> The fence_loging is scripted in the fencing.py and it should invoke
> function: _login_ssh_with_identity_file
>
> /usr/share/fence/fencing.py
> def _login_ssh_with_identity_file:
> ...
> command = '%s %s %s@%s -i %s -p %s' % \
>                 (options["--ssh-path"], force_ipvx, options["--username"],
> options["--ip"], \
>                 options["--identity-file"], options["--ipport"])
>
> There are username and ip parameter used here (not login and ipaddr as in
> fence description) so I used:
>

You have noticed this right, this is due to backward compatibility. And we
are working towards ability to use command-line options everywhere (it is
already in upstream but it is not yet supported in pcs).

So 'login=FOO' is same as '--username FOO/-l FOO'. Misleading at least. The
mapping between those systems was available on our wiki pages, it is
available in documentation and in (somewhat less readable way) in manual
page.



>
> pcs stonith create vbox-fencing fence_vbox ip=10.0.2.2 username=AW23321
> identity_file=/root/.ssh/id_rsa host_os=windows
> vboxmanage_path="/cygdrive/c/Program\ Files/Oracle/VirtualBox/VBoxManage"
> pcmk_host_map="nfsnode1:centos1;nfsnode2:centos2" ssh=true
> inet4_only=true op monitor interval=5 -force
>

* Why are you using -force?

* ssh=true is not a valid option (=> it is ignored and warning should be in
the logs) and fence_vbox can use ssh only. [secure=true will do what you
want]



>
> I still got the same warning in messages:
> Jul  7 07:52:24 nfsnode1 stonith-ng[6244]: warning: fence_vbox[21564]
> stderr: [ Unable to connect/login to fencing device ]
> Jul  7 07:52:24 nfsnode1 stonith-ng[6244]: warning: fence_vbox[21564]
> stderr: [  ]
> Jul  7 07:52:24 nfsnode1 stonith-ng[6244]: warning: fence_vbox[21564]
> stderr: [  ]
>
> "Standalone" test is working with the same parameters:
> [root at nfsnode1 nfsinfo]# fence_vbox --ip 10.0.2.2 --username=AW23321
> --identity-file=/root/.ssh/id_rsa --plug=centos2 --host-os=windows
> --action=status --vboxmanage-path="/cygdrive/c/Program\
> Files/Oracle/VirtualBox/VBoxManage" -4 -x
> Status: ON
>

This looks like SELinux for me. From the command line, you are in
unconfined domain so no checks are performed. Try to look at SELinux
boolean "fenced_can_ssh"


> I could use more debug in the scripts.
>
You can use verbose=true (-v) and it will display all input/output
operations. In case of the fence_vbox you will see what we attempt to run
and what is the output of these commands. If there is need for more detail
output, please let me know and I will try to add it.

m,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.clusterlabs.org/pipermail/users/attachments/20170707/7d694fd5/attachment-0002.html>

More information about the Users mailing list