Bug 1075691

Summary: Fence-agent (ssh) fails on login if identity file was used
Product: Red Hat Enterprise Linux 5 Reporter: Marek Grac <mgrac>
Component: cmanAssignee: Marek Grac <mgrac>
Status: CLOSED ERRATA QA Contact: Cluster QE <mspqa-list>
Severity: high Docs Contact:
Priority: high    
Version: 5.11CC: cluster-maint, jherrman, lmiksik, mjuricek, mnovacek, omular
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: cman-2.0.115-123.el5 Doc Type: Bug Fix
Doc Text:
Prior to this update, fence agents that connected using the SSH protocol failed on login if an identity file was used as the method of authentication. The bug has been fixed and these fence agents now successfully authenticate through an identity file.
 Story Points: ---
Clone Of: 1073947 Environment:
Last Closed: 2014-09-16 00:28:07 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1073947    
Bug Blocks: 1075683    
Attachments:
Description Flags
Proposed patch none

Comment 2 Marek Grac 2014-03-14 16:33:05 UTC 
Created attachment 874516 [details]
Proposed patch
Comment 3 Marek Grac 2014-03-19 14:01:43 UTC 
Unit test:

before applying patch:
[root@virt-135 ~]# fence_apc -a node -l username -k /etc/passwd -o status -x -n 1
Traceback (most recent call last):
  File "/sbin/fence_apc", line 289, in ?
    main()
  File "/sbin/fence_apc", line 259, in main
    conn = fence_login(options)
  File "/usr/lib/fence/fencing.py", line 925, in fence_login
    result = conn.log_expect(options, [ options["-c"], "Are you sure you want to continue connecting (yes/no)?", "Enter passphrase for key '"+options["-k"]+"':" ], int(options["-y"]))
  File "/usr/lib/fence/fencing.py", line 406, in log_expect
    result = self.expect(pattern, timeout)
  File "/usr/lib/python2.4/site-packages/pexpect.py", line 1310, in expect
    compiled_pattern_list = self.compile_pattern_list(pattern)
  File "/usr/lib/python2.4/site-packages/pexpect.py", line 1229, in compile_pattern_list
    raise TypeError ('Argument must be one of StringTypes, EOF, TIMEOUT, SRE_Pattern, or a list of those type. %s' % str(type(p)))
TypeError: Argument must be one of StringTypes, EOF, TIMEOUT, SRE_Pattern, or a list of those type. <type 'list'>

after applying patch:
fence_apc -a node -l username -k /etc/passwd -o status -x -n 1
Unable to connect/login to fencing device
Comment 5 michal novacek 2014-04-15 12:07:11 UTC 
I have verified that the identity file can be used with fence agent in cman-2.0.115-124.el5 using the steps decribed in comment #3.

# rpm -q cman
cman-2.0.115-124.el5
# fence_apc -a node -l username -k /etc/passwd -o status -x -n 1
Unable to connect/login to fencing device
Comment 7 errata-xmlrpc 2014-09-16 00:28:07 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-1211.html