Mailing List Archive

On Fri, Feb 27, 2015 at 12:31 PM, Arjun Pandey <apandepublic@gmail.com> wrote:
> Hi
>
> I am facing some issues while trying out fence_ipmilan on ILO4 setup when
> using encrypted passwords. Which mailing list can i contact for this ?
> Basically if i test out fence_ipmilan/fence_ilo4 from cmd line with
> plaintext password things work fine. However if i specify encrypted password
> and specify auth-type as md5. It doesn't work.
>
> WORKING
> fence_ilo4 -a 10.11.10.21 -l foo -p bar -o status -v
>
> FAILS
> fence_ilo4 -A md5 -fence_ilo4 -A md5 -a 10.11.10.21 -l foo
> -p $1$MGrg5Egf$QQpDePvU1UXtF/3ixMaRS0 -o status -v

You need to quote shell metacharacters on command line.

>
>
> Any pointers would be helpful.
>
> Regards
> Arjun
>
> _______________________________________________
> Pacemaker mailing list: Pacemaker@oss.clusterlabs.org
> http://oss.clusterlabs.org/mailman/listinfo/pacemaker
>
> Project Home: http://www.clusterlabs.org
> Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> Bugs: http://bugs.clusterlabs.org
>

_______________________________________________
Pacemaker mailing list: Pacemaker@oss.clusterlabs.org
http://oss.clusterlabs.org/mailman/listinfo/pacemaker

Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org

Hi

Yeah i had missed that. It still doesn't work.

[root@rimo ~]# fence_ipmilan -a 10.11.10.22 -l foo -p
'$1$Fx5N1lWk$3W/CYfGvBpuiPy9zopKAk0' -o status -v -P -A md5
Getting status of IPMI:10.11.10.22...Spawning: '/usr/bin/ipmitool -I
lanplus -H '10.11.10.22' -U 'parallel' -A 'md5' -P '[set]' -v chassis power
status'...
Chassis power = Unknown
Failed
I also tried running the ipmitool directly.
[root@rimo ~]# /usr/bin/ipmitool -I lanplus -H '10.11.10.22' -U 'parallel'
-A 'md5' -P '$1$rPv.Dm77$AG365zoIQKa/JCb3bkiFv/' -v chassis power status
-C 1
> RAKP 2 HMAC is invalid
Error: Unable to establish IPMI v2 / RMCP+ session
Unable to get Chassis Power Status

From the ipmitool help
-C ciphersuite Cipher suite to be used by lanplus interface
authentication
-A authtype Force use of auth type NONE, PASSWORD, MD2, MD5 or OEM

What is the significance of -C option ? I don't see this being specified
when i give md5 auth type to fence_ipmilan. Can this be a issue as well ?

Regards
Arjun

On Fri, Feb 27, 2015 at 3:15 PM, Andrei Borzenkov <arvidjaar@gmail.com>
wrote:

> On Fri, Feb 27, 2015 at 12:31 PM, Arjun Pandey <apandepublic@gmail.com>
> wrote:
> > Hi
> >
> > I am facing some issues while trying out fence_ipmilan on ILO4 setup when
> > using encrypted passwords. Which mailing list can i contact for this ?
> > Basically if i test out fence_ipmilan/fence_ilo4 from cmd line with
> > plaintext password things work fine. However if i specify encrypted
> password
> > and specify auth-type as md5. It doesn't work.
> >
> > WORKING
> > fence_ilo4 -a 10.11.10.21 -l foo -p bar -o status -v
> >
> > FAILS
> > fence_ilo4 -A md5 -fence_ilo4 -A md5 -a 10.11.10.21 -l foo
> > -p $1$MGrg5Egf$QQpDePvU1UXtF/3ixMaRS0 -o status -v
>
> You need to quote shell metacharacters on command line.
>
> >
> >
> > Any pointers would be helpful.
> >
> > Regards
> > Arjun
> >
> > _______________________________________________
> > Pacemaker mailing list: Pacemaker@oss.clusterlabs.org
> > http://oss.clusterlabs.org/mailman/listinfo/pacemaker
> >
> > Project Home: http://www.clusterlabs.org
> > Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> > Bugs: http://bugs.clusterlabs.org
> >
>
> _______________________________________________
> Pacemaker mailing list: Pacemaker@oss.clusterlabs.org
> http://oss.clusterlabs.org/mailman/listinfo/pacemaker
>
> Project Home: http://www.clusterlabs.org
> Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> Bugs: http://bugs.clusterlabs.org
>

Hi,

On 03/02/2015 07:58 AM, Arjun Pandey wrote:
> Hi
>
> Yeah i had missed that. It still doesn't work.
>
> [root@rimo ~]# fence_ipmilan -a 10.11.10.22 -l foo -p
> '$1$Fx5N1lWk$3W/CYfGvBpuiPy9zopKAk0' -o status -v -P -A md5
> Getting status of IPMI:10.11.10.22...Spawning: '/usr/bin/ipmitool -I
> lanplus -H '10.11.10.22' -U 'parallel' -A 'md5' -P '[set]' -v chassis
> power status'...
> Chassis power = Unknown
> Failed

> I also tried running the ipmitool directly.
> [root@rimo ~]# /usr/bin/ipmitool -I lanplus -H '10.11.10.22' -U
> 'parallel' -A 'md5' -P '$1$rPv.Dm77$AG365zoIQKa/JCb3bkiFv/' -v
> chassis power status -C 1
> > RAKP 2 HMAC is invalid
> Error: Unable to establish IPMI v2 / RMCP+ session
> Unable to get Chassis Power Status

if ipmitool is not working for you then fence_ipmilan can't work too as
it is based on it.

For parameters:
-A is used for 'lan' session (IPMI v1.5)
-C is used for 'lanplus' session (IPMI v2)
in your case it is lanplus so, -A should not have any impact.

Also, take a look at ipmitool options -k/-y to enter key in normal/hex
format, instead of using -P

m,





>
> From the ipmitool help
> -C ciphersuite Cipher suite to be used by lanplus interface
> authentication
> -A authtype Force use of auth type NONE, PASSWORD, MD2, MD5
> or OEM
>
> What is the significance of -C option ? I don't see this being
> specified when i give md5 auth type to fence_ipmilan. Can this be a
> issue as well ?
>


m,

_______________________________________________
Pacemaker mailing list: Pacemaker@oss.clusterlabs.org
http://oss.clusterlabs.org/mailman/listinfo/pacemaker

Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org

Thanks i will try this out.


Regards
Arjun

On Tue, Mar 3, 2015 at 2:56 PM, Marek "marx" Grac <mgrac@redhat.com> wrote:

> Hi,
>
> On 03/02/2015 07:58 AM, Arjun Pandey wrote:
>
>> Hi
>>
>> Yeah i had missed that. It still doesn't work.
>>
>> [root@rimo ~]# fence_ipmilan -a 10.11.10.22 -l foo -p '$1$Fx5N1lWk$3W/CYfGvBpuiPy9zopKAk0'
>> -o status -v -P -A md5
>> Getting status of IPMI:10.11.10.22...Spawning: '/usr/bin/ipmitool -I
>> lanplus -H '10.11.10.22' -U 'parallel' -A 'md5' -P '[set]' -v chassis power
>> status'...
>> Chassis power = Unknown
>> Failed
>>
>
> I also tried running the ipmitool directly.
>> [root@rimo ~]# /usr/bin/ipmitool -I lanplus -H '10.11.10.22' -U
>> 'parallel' -A 'md5' -P '$1$rPv.Dm77$AG365zoIQKa/JCb3bkiFv/' -v chassis
>> power status -C 1
>> > RAKP 2 HMAC is invalid
>> Error: Unable to establish IPMI v2 / RMCP+ session
>> Unable to get Chassis Power Status
>>
>
> if ipmitool is not working for you then fence_ipmilan can't work too as it
> is based on it.
>
> For parameters:
> -A is used for 'lan' session (IPMI v1.5)
> -C is used for 'lanplus' session (IPMI v2)
> in your case it is lanplus so, -A should not have any impact.
>
> Also, take a look at ipmitool options -k/-y to enter key in normal/hex
> format, instead of using -P
>
> m,
>
>
>
>
>
>
>> From the ipmitool help
>> -C ciphersuite Cipher suite to be used by lanplus interface
>> authentication
>> -A authtype Force use of auth type NONE, PASSWORD, MD2, MD5 or
>> OEM
>>
>> What is the significance of -C option ? I don't see this being specified
>> when i give md5 auth type to fence_ipmilan. Can this be a issue as well ?
>>
>>
>
> m,
>
>
> _______________________________________________
> Pacemaker mailing list: Pacemaker@oss.clusterlabs.org
> http://oss.clusterlabs.org/mailman/listinfo/pacemaker
>
> Project Home: http://www.clusterlabs.org
> Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> Bugs: http://bugs.clusterlabs.org
>