Bug 614433

Summary: cannot configure ipport for fence agents
Product: Red Hat Enterprise Linux 6 Reporter: Fabio Massimo Di Nitto <fdinitto>
Component: luciAssignee: Jan Pokorný [poki] <jpokorny>
Status: CLOSED CURRENTRELEASE QA Contact: Cluster QE <mspqa-list>
Severity: medium Docs Contact:
Priority: low    
Version: 6.0CC: bbrock, cluster-maint, everett.bennett, rmccabe, ssaha
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: luci-0.22.2-11.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-11-10 22:11:49 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Fabio Massimo Di Nitto 2010-07-14 13:43:06 UTC 
Description of problem:

the basic menu to configure ssh options for fence agents is too poor.

It allows only ssh private key and host name, that in most case might be enough, but bits like port to connect to and user to perform the fenceing, should be available by default.

The ssh config is on a per node base, and that generally works fine, it should be also available as device option.

See this config for example:

                <clusternode name="rhel6-node1" nodeid="1" votes="1">
                        <fence>
                                <method name="single">
                                        <device name="virsh_fence" port="rhel6-node1"/>
                                </method>
                        </fence>
                </clusternode>
                <clusternode name="rhel6-node2" nodeid="2" votes="1">
                        <fence>
                                <method name="single">
                                        <device name="virsh_fence" port="rhel6-node2"/>
                                </method>
                        </fence>
                </clusternode>


        <fencedevices>
                <fencedevice agent="fence_virsh" identity_file="/root/.ssh/id_rsa" ipaddr="daikengo.int.fabbione.net" ipport="300" login="root" name="virsh_fence" secure="1"/>
        </fencedevices>


I have only virsh to test, so this might not apply to other agents, but I´d prefer to have it documented.

Version-Release number of selected component (if applicable):

luci-0.22.2-7.el6.x86_64 (built from brew)
luci-0.22.2-3 from rhel6 repos
Comment 5 RHEL Program Management 2010-07-15 14:22:31 UTC 
This issue has been proposed when we are only considering blocker
issues in the current Red Hat Enterprise Linux release. It has
been denied for the current Red Hat Enterprise Linux release.

** If you would still like this issue considered for the current
release, ask your support representative to file as a blocker on
your behalf. Otherwise ask that it be considered for the next
Red Hat Enterprise Linux release. **
Comment 6 Everett Bennett 2010-07-19 19:06:39 UTC 
Are there updated notes on how to configure fence using "fence_virsh" .
Comment 7 Perry Myers 2010-07-20 16:06:58 UTC 
(In reply to comment #6)
> Are there updated notes on how to configure fence using "fence_virsh" .    

fence_virsh is not supported at all in conjunction with RHEL HA/clustering.  fence_virsh was provided only as a standalone fence tool for development (and usage outside of RHEL HA).  Please see the support matrix for fencing in the Red Hat knowledge base at:
https://access.redhat.com/kb/docs/DOC-30003

If you want to build virtual clusters (clusters running inside of guests), the supported fence agent to use is either fence_xvm/fence_xvmd or fence_virt/fence_virtd (depending on whether you are using RHEL5 or RHEL6)

Note that virtualized clusters based on KVM hypervisor are still in TechPreview.  We are looking to fully support this configuration in the near future.
Comment 8 Jan Pokorný [poki] 2010-07-29 19:28:18 UTC 
As far as inability to set "ipport" parameter for respective fence agents is concerned, this should be fixed in b226245494b2542c299a7a544cabc7cc508b35fd (0077bc7ba9137dc741a4039334e724e0a711012c) commit.

I also added ability to set "udpport" parameter to respective fence agents.

The list of fence agents affected with this commit follows:

ipport
------
fence_apc
fence_wti
fence_sanbox2
fence_bladecenter
fence_ilo
fence_rsa
fence_drac5
fence_ilo_mp

udpport
-------
fence_apc_snmp
fence_cisco_mds
fence_ifmib
fence_intelmodular
fence_ibmblade

Note: There could be also "ipport" parameter setting ability for fence_virt/fence_xvm, but this was omitted in that fix because of not being sure about the meaning of "Channel port" (source: man fence_virt) and whether this is the right label that should be displayed in GUI.
Comment 9 Fabio Massimo Di Nitto 2010-07-30 06:20:55 UTC 
(In reply to comment #8)

> fence_ibmblade

Note that fence_ibmblade is only a symlink to fence_bladecenter_snmp. ibmblade is deprecated and replaced by bladecenter_snmp.
Comment 10 Jan Pokorný [poki] 2010-07-30 12:58:19 UTC 
(In reply to comment #9)
> Note that fence_ibmblade is only a symlink to fence_bladecenter_snmp. ibmblade
> is deprecated and replaced by bladecenter_snmp.    

I have already came across this. In the code, there is used only mentioned variant, and IMHO this is used for RHEL5/RHEL6 compatibility reason. So did not feel a need to do anything about this (especially in connection with this bug). If there should be a strict separation of the name for this fence agent regarding RHEL version, maybe filing a new bug could be considered.
Comment 13 releng-rhel@redhat.com 2010-11-10 22:11:49 UTC 
Red Hat Enterprise Linux 6.0 is now available and should resolve
the problem described in this bug report. This report is therefore being closed
with a resolution of CURRENTRELEASE. You may reopen this bug report if the
solution does not work for you.