[ClusterLabs] fence_vbox Unable to connect/login to fencing device

Marek Grac mgrac at redhat.com
Fri Jul 7 04:07:08 EDT 2017


On Fri, Jul 7, 2017 at 8:02 AM, ArekW <arkaduis at gmail.com> wrote:

> Hi,
> I did a small research on the scripts
> /usr/sbin/fence_vbox
> def main():
> ...
> conn = fence_login(options)
> The fence_loging is scripted in the fencing.py and it should invoke
> function: _login_ssh_with_identity_file
> /usr/share/fence/fencing.py
> def _login_ssh_with_identity_file:
> ...
> command = '%s %s %s@%s -i %s -p %s' % \
>                 (options["--ssh-path"], force_ipvx, options["--username"],
> options["--ip"], \
>                 options["--identity-file"], options["--ipport"])
> There are username and ip parameter used here (not login and ipaddr as in
> fence description) so I used:

You have noticed this right, this is due to backward compatibility. And we
are working towards ability to use command-line options everywhere (it is
already in upstream but it is not yet supported in pcs).

So 'login=FOO' is same as '--username FOO/-l FOO'. Misleading at least. The
mapping between those systems was available on our wiki pages, it is
available in documentation and in (somewhat less readable way) in manual

> pcs stonith create vbox-fencing fence_vbox ip= username=AW23321
> identity_file=/root/.ssh/id_rsa host_os=windows
> vboxmanage_path="/cygdrive/c/Program\ Files/Oracle/VirtualBox/VBoxManage"
> pcmk_host_map="nfsnode1:centos1;nfsnode2:centos2" ssh=true
> inet4_only=true op monitor interval=5 -force

* Why are you using -force?

* ssh=true is not a valid option (=> it is ignored and warning should be in
the logs) and fence_vbox can use ssh only. [secure=true will do what you

> I still got the same warning in messages:
> Jul  7 07:52:24 nfsnode1 stonith-ng[6244]: warning: fence_vbox[21564]
> stderr: [ Unable to connect/login to fencing device ]
> Jul  7 07:52:24 nfsnode1 stonith-ng[6244]: warning: fence_vbox[21564]
> stderr: [  ]
> Jul  7 07:52:24 nfsnode1 stonith-ng[6244]: warning: fence_vbox[21564]
> stderr: [  ]
> "Standalone" test is working with the same parameters:
> [root at nfsnode1 nfsinfo]# fence_vbox --ip --username=AW23321
> --identity-file=/root/.ssh/id_rsa --plug=centos2 --host-os=windows
> --action=status --vboxmanage-path="/cygdrive/c/Program\
> Files/Oracle/VirtualBox/VBoxManage" -4 -x
> Status: ON

This looks like SELinux for me. From the command line, you are in
unconfined domain so no checks are performed. Try to look at SELinux
boolean "fenced_can_ssh"

> I could use more debug in the scripts.
You can use verbose=true (-v) and it will display all input/output
operations. In case of the fence_vbox you will see what we attempt to run
and what is the output of these commands. If there is need for more detail
output, please let me know and I will try to add it.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clusterlabs.org/pipermail/users/attachments/20170707/7d694fd5/attachment-0003.html>

More information about the Users mailing list