Bug 1149235
| Summary: | [Admin Portal][ppc64][Power mgmt] ipmi doesn't work - Authentication type NONE not supported/Unable to obtain correct plug status or plug is not available | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Virtualization Manager | Reporter: | Jiri Belka <jbelka> | ||||||
| Component: | ovirt-engine-webadmin-portal | Assignee: | Eli Mesika <emesika> | ||||||
| Status: | CLOSED ERRATA | QA Contact: | Jiri Belka <jbelka> | ||||||
| Severity: | urgent | Docs Contact: | |||||||
| Priority: | unspecified | ||||||||
| Version: | 3.4.0 | CC: | bazulay, danken, ecohen, emesika, gklein, hannsj_uhl, iheim, jbelka, juwu, lsurette, mgrac, michal.skrivanek, oourfali, rbalakri, Rhev-m-bugs, sherold, yeylon | ||||||
| Target Milestone: | --- | Keywords: | ZStream | ||||||
| Target Release: | 3.5.0 | ||||||||
| Hardware: | ppc64 | ||||||||
| OS: | Linux | ||||||||
| Whiteboard: | infra | ||||||||
| Fixed In Version: | org.ovirt.engine-root-3.5.0-19 | Doc Type: | Bug Fix | ||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | |||||||||
| : | 1158090 (view as bug list) | Environment: | |||||||
| Last Closed: | 2015-02-11 18:09:34 UTC | Type: | Bug | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | Infra | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Bug Depends On: | |||||||||
| Bug Blocks: | 1122979, 1158090 | ||||||||
| Attachments: |
|
||||||||
|
Description
Jiri Belka
2014-10-03 14:54:25 UTC
FYI /usr/share/vdsm/API.py file in vdsm-4.14.17-1.mrkev.ppc64 is same as on vdsm-4.14.17-1.el6ev.x86_64 Well I doubt it makes sense to allow to close the dialog if [test] didn't work. What is the benefit of that? Events: 2014-Oct-03, 18:21 Failed to verify Host bandelier.lab.bos.redhat.com power management. 2014-Oct-03, 18:20 Host ibm-p8-rhevm-hv-01.lab.bos.redhat.com from cluster ppc64 was chosen as a proxy to execute Status command on Host bandelier.lab.bos.redhat.com. 2014-Oct-03, 18:20 State was set to Up for host bandelier.lab.bos.redhat.com. 2014-Oct-03, 18:20 Failed to restart Host bandelier.lab.bos.redhat.com, (User: admin). 2014-Oct-03, 18:20 Failed to stop Host bandelier.lab.bos.redhat.com, (User: admin). 2014-Oct-03, 18:20 Failed to power fence host bandelier.lab.bos.redhat.com. Please check the host status and it's power management settings, and then manually reboot it and click "Confirm Host Has Been Rebooted" 2014-Oct-03, 18:20 Failed to verify Host bandelier.lab.bos.redhat.com Restart status, Please Restart Host bandelier.lab.bos.redhat.com manually. 2014-Oct-03, 18:20 Host ibm-p8-rhevm-hv-01.lab.bos.redhat.com from cluster ppc64 was chosen as a proxy to execute Status command on Host bandelier.lab.bos.redhat.com. 2014-Oct-03, 18:20 Host ibm-p8-rhevm-hv-01.lab.bos.redhat.com from cluster ppc64 was chosen as a proxy to execute Stop command on Host bandelier.lab.bos.redhat.com. 2014-Oct-03, 18:20 Host ibm-p8-rhevm-hv-01.lab.bos.redhat.com from cluster ppc64 was chosen as a proxy to execute Status command on Host bandelier.lab.bos.redhat.com. Looking at your vdsm log I see that the options field is empty. Your ipmitool command used the -I option which mean using the lanplus interface Please retry after adding 'lanplus' to your options field in the Host Edit dialog PM TAB If this works and all PPC hosts with ipmi PM need lanplus to be used, we can consider handling this implicitly for 3.6 So this IBM POWER8 IPMI interface doesn't respond to query with 'lan' as my Dell R210 does. It does respond - as stated above - to a query with 'lanplus' defined as interface. I don't know what is valid syntax for option in PM dialog. Just 'lanplus', 'interface=lanplus' wasn't successful. Anyway, we know that problem is 'lan' vs 'lanplus' for interface. Created attachment 944161 [details]
vdsm.log
Marek This seems to be a bug in fence-agents-ipmilan for PPC. I had succeeded to run the same command using fence-agents-3.1.5-48.el6.x86_64 on a non-ppc RHEL 6.6 machine Please advice Jiri Please try again with 'lunplus,cipher=1' in the options field. Thread-659::DEBUG::2014-10-06 10:04:58,081::API::1159::vds::(fenceNode) rc 1 in agent=fence_ipmilan
ipaddr=ibm-p8-rhevm-hv-01-fsp.lab.bos.redhat.com
login=root
action=status
passwd=XXXX
cipher=1
lanplus out err ('', 'Authentication type NONE not supported\nError: Unable to establish LAN session\n')
Failed: Unable to obtain correct plug status or plug is not available
# ipmitool -C 1 -I lanplus -H ibm-p8-rhevm-hv-01-fsp.lab.bos.redhat.com -U root user list
Password:
ID Name Callin Link Auth IPMI Msg Channel Priv Limit
1 true false true ADMINISTRATOR
2 root true false true ADMINISTRATOR
Eli, how is it a Vdsm issue? Engine does not provide any port or the options cipher=1, privlvl=administrator
Thread-201::DEBUG::2014-10-05 10:00:31,976::API::1133::vds::(fenceNode) fenceNode(addr=ibm-p8-rhevm-hv-01-fsp.lab.bos.redhat.com,port=,agent=ipmilan,user=root,passwd=XXXX,action=status,secure=,options=lanplus)
so the fence agent complains about their missing.
Dummy-199::DEBUG::2014-10-05 10:00:35,362::storage_mailbox::731::Storage.Misc.excCmd::(_checkForMail) SUCCESS: <err> = '1+0 records in\n1+0 records out\n1024000 bytes (1.0 MB) copied, 0.0149388 s, 68.5 MB/s\n'; <rc> = 0
Thread-201::DEBUG::2014-10-05 10:00:36,049::API::1159::vds::(fenceNode) rc 1 in agent=fence_ipmilan
ipaddr=ibm-p8-rhevm-hv-01-fsp.lab.bos.redhat.com
login=root
action=status
passwd=XXXX
lanplus out err ('', 'Authentication type NONE not supported\nError: Unable to establish LAN session\n')
Failed: Unable to obtain correct plug status or plug is not available
Jiri, please retry while setting the special options of
lanplus=1
cipher=1
privlvl=administrator
just like suggested by Marek.
this code works over ppc and returns the right value:
import subprocess
script='/usr/sbin/fence_ipmilan'
p = subprocess.Popen([script], stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE, close_fds=True)
parm = 'agent=fence_ipmilan\nipaddr=ibm-p8-rhevm-hv-01-fsp.lab.bos.redhat.com\nlogin=root\naction=status\npasswd=redhat\nlanplus=1\ncipher=1\nprivlvl=administrator'
print parm
p.stdin.write(parm)
p.stdin.close()
print p.stdout.read()
print p.stderr.read()
so its not the fence_ipmilan script.
now i just need to figure what's different in vdsm, because this script does it the same as vdsm does with popen.
Dan, running vdsClient -s 0 fenceNode ibm-p8-rhevm-hv-01-fsp.lab.bos.redhat.com "" ipmilan root redhat status false "lanplus=1\ncipher=1\nprivlvl=administrator" fails. we do add the options , same as in x86 maybe the log you look at has something different that wrong, but passing the options as we do here ^ , returns that failure. Yaniv, the shell would not translate your \n; they are passed verbatim to the fence script. The following works just fine # vdsClient -s 0 fenceNode ibm-p8-rhevm-hv-01-fsp.lab.bos.redhat.com "" ipmilan root redhat status false "lanplus=1 cipher=1 privlvl=administrator" But that's besides the point. cipher and privlvl were never passed from Engine (I suspect they were never defined on the host fencing parmeters). I ask Jiri to place them properly and try again. ipmilan options in PM part of Edit Host dialog: lanplus=1,cipher=1 makes the test _pass successfully_. Please change severity according to you, I don't know if you would document this option anywhere or you would make it default. Works even with "old" powerkvm fence agents (restored from backup - 4.0.6-1.pkvm2_1.2). So the issue is either documentation problem or to tune defaults. I can confirm that with 'lanplus=1,cipher=1' option it works even from ibm-p8-rhevm-hv-01.lab.bos.redhat.com which had 4.0.6 fence clients. I think we should have this as a release note, as different options might fit different environments, so it shouldn't be the default. Scott? (In reply to Oved Ourfali from comment #36) > I think we should have this as a release note, as different options might > fit different environments, so it shouldn't be the default. > > Scott? It seems the default doesn't work at all. I also assume it's not a light lift based on current timelines to have a special default for Power Hosts. If we can get a default set for Power Hosts that works OOTB, let's try to do so, otherwise, we can flag for a release note and target a z-stream long-term fix. (In reply to Scott Herold from comment #37) > (In reply to Oved Ourfali from comment #36) > > I think we should have this as a release note, as different options might > > fit different environments, so it shouldn't be the default. > > > > Scott? > > It seems the default doesn't work at all. I also assume it's not a light > lift based on current timelines to have a special default for Power Hosts. > > If we can get a default set for Power Hosts that works OOTB, let's try to do > so, otherwise, we can flag for a release note and target a z-stream > long-term fix. I don't see it happening in this time frame. In addition, I'm not sure as for the implications of putting that is the default. Perhaps in other configuration, even for PPC, it wouldn't work. I think we should flag for a release note, and target a z-stream long-term fix, once we understand the implications and get to the right fix. ok, vt9 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-0158.html |