[ClusterLabs] fence_vbox Unable to connect/login to fencing device

Oyvind Albrigtsen oalbrigt at redhat.com
Fri Jul 7 08:25:05 UTC 2017


On 07/07/17 10:07 +0200, Marek Grac wrote:
>Hi,
>
>On Fri, Jul 7, 2017 at 8:02 AM, ArekW <arkaduis at gmail.com> wrote:
>
>> Hi,
>> I did a small research on the scripts
>>
>> /usr/sbin/fence_vbox
>> def main():
>> ...
>> conn = fence_login(options)
>>
>> The fence_loging is scripted in the fencing.py and it should invoke
>> function: _login_ssh_with_identity_file
>>
>> /usr/share/fence/fencing.py
>> def _login_ssh_with_identity_file:
>> ...
>> command = '%s %s %s@%s -i %s -p %s' % \
>>                 (options["--ssh-path"], force_ipvx, options["--username"],
>> options["--ip"], \
>>                 options["--identity-file"], options["--ipport"])
>>
>> There are username and ip parameter used here (not login and ipaddr as in
>> fence description) so I used:
>>
>
>You have noticed this right, this is due to backward compatibility. And we
>are working towards ability to use command-line options everywhere (it is
>already in upstream but it is not yet supported in pcs).
>
>So 'login=FOO' is same as '--username FOO/-l FOO'. Misleading at least. The
>mapping between those systems was available on our wiki pages, it is
>available in documentation and in (somewhat less readable way) in manual
>page.
You can run "fence_vbox -o metadata" to see what the different
parameters are named.
>
>
>
>>
>> pcs stonith create vbox-fencing fence_vbox ip=10.0.2.2 username=AW23321
>> identity_file=/root/.ssh/id_rsa host_os=windows
>> vboxmanage_path="/cygdrive/c/Program\ Files/Oracle/VirtualBox/VBoxManage"
>> pcmk_host_map="nfsnode1:centos1;nfsnode2:centos2" ssh=true
>> inet4_only=true op monitor interval=5 -force
>>
>
>* Why are you using -force?
>
>* ssh=true is not a valid option (=> it is ignored and warning should be in
>the logs) and fence_vbox can use ssh only. [secure=true will do what you
>want]
>
>
>
>>
>> I still got the same warning in messages:
>> Jul  7 07:52:24 nfsnode1 stonith-ng[6244]: warning: fence_vbox[21564]
>> stderr: [ Unable to connect/login to fencing device ]
>> Jul  7 07:52:24 nfsnode1 stonith-ng[6244]: warning: fence_vbox[21564]
>> stderr: [  ]
>> Jul  7 07:52:24 nfsnode1 stonith-ng[6244]: warning: fence_vbox[21564]
>> stderr: [  ]
>>
>> "Standalone" test is working with the same parameters:
>> [root at nfsnode1 nfsinfo]# fence_vbox --ip 10.0.2.2 --username=AW23321
>> --identity-file=/root/.ssh/id_rsa --plug=centos2 --host-os=windows
>> --action=status --vboxmanage-path="/cygdrive/c/Program\
>> Files/Oracle/VirtualBox/VBoxManage" -4 -x
>> Status: ON
>>
>
>This looks like SELinux for me. From the command line, you are in
>unconfined domain so no checks are performed. Try to look at SELinux
>boolean "fenced_can_ssh"
>
>
>> I could use more debug in the scripts.
>>
>You can use verbose=true (-v) and it will display all input/output
>operations. In case of the fence_vbox you will see what we attempt to run
>and what is the output of these commands. If there is need for more detail
>output, please let me know and I will try to add it.
>
>m,

>_______________________________________________
>Users mailing list: Users at clusterlabs.org
>http://lists.clusterlabs.org/mailman/listinfo/users
>
>Project Home: http://www.clusterlabs.org
>Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
>Bugs: http://bugs.clusterlabs.org





More information about the Users mailing list