Description of problem: We are using some Cisco UCS systems for RHCS and RHEV and I'd like to request a UCS-specific fencing agent. We can use ipmilan to do UCS fencing today, but there is currently no way to tie the BMC IP address to a UCS Service Profile. Therefore, there is not way to permanently gaurantee that we know the IMPI address of a UCS blade for fencing. I'd love to see a fencing agent written that uses the Cisco UCS XML API for this. I have tested such functionality, but I'm no python programmer. I am however willing to help Version-Release number of selected component (if applicable): Cisco UCS All How reproducible: Anytime you move a physical Cisco blade into a different slot, it may get a new BMC IP address Steps to Reproduce: 1. Create a UCS Service Profile in UCS Manager 2. Assign to server 3. Verify the BMC address by doing a "ssh to BMC for SoL" in UCS Manager 4. Move blade to a new slot 5. Verify that BMC address has changed by repeating step 3 Actual results: BMC address moves, therefore UCS fencing may not work in production. Expected results: Repeatable method for UCS fencing. Additional info:
Opened SR 2014406 to track this request.
*** Bug 591238 has been marked as a duplicate of this bug. ***
Hi Scott, I've had a heck of a time trying to find someone within Cisco that can help assist test/verify this. Would you happen to know who I can start with to find the right person?
I can help tee you up with someone who can work with the XML API on this. This is definitely something that would benefit us mutually. Please e-mail me, we can coordinate a resource, and then add them to the BZ for further updates.
Andrius / Stuart: I would be the resource that can help test / verify this. /Eric
(In reply to comment #9) > Andrius / Stuart: > > I would be the resource that can help test / verify this. Eric, we need a simulator of some sort to develop this. Lon H said he talked to you about getting one. Right now we're blocked on this, and with the code freeze date imminent for RHEL5.6 this may need to get pushed to 5.7
Perry: I can get one to you today. Would you like me to put it out on my Dropbox account and send you a public link? Or would you like me to upload it to a ftp server you have? Let me know either way. I can help you out with this no problem. Thanks, Eric
(In reply to comment #11) > Perry: > > I can get one to you today. Would you like me to put it out on my Dropbox > account and send you a public link? Or would you like me to upload it to a ftp > server you have? Dropbox would work. The developer who'd be working on this is out for a week or so anyhow, so we're sort of stuck for the short term anyhow. But if he can hit the ground running with the simulator from your Dropbox link when he gets back, that would be good. Thanks!
OK. I'll upload it later today. I'll post the link here when it is done. Thanks, Eric
Here is the download information for the UCS Platform Emulator. http://dl.dropbox.com/u/5820028/Cisco_UCS_Platform_Emulator_v1.3.55965.355989.zip
@Eric: Thanks for emulator. Is there a possibility to send several commands through one open connection? e.g. login, get status of machine, power off, ..., logout
Created attachment 441246 [details] Proposed fence agent You will need this fence agent + fence library (attached as next file) and curl. Agent was tested against emulator where user/pass identification is not working, so I was unable to test it. It works for operations status/on/off/reboot. Missing features: * timeout options * print debug to file * it is questionable if we should use curl or implement it by ourselves.
Created attachment 441247 [details] Fencing library
SSL version is not working correctly for me - no response for login how to use it: ./fence_ucs.py -a 192.168.192.128 -l config -p config -o status -n aqua_ri-us
(In reply to comment #15) > @Eric: > > Thanks for emulator. > > Is there a possibility to send several commands through one open connection? > e.g. login, get status of machine, power off, ..., logout Yes you can send several commands through one open connection. Once you do the login command, you can query for power status, power machines on / off, query again for power status, etc. and then logoff. Best practices do say to reuse a session as much as possible, but do logout when finished so that session is deleted. If you have questions, please feel free to call me if you want to talk in real time. Thanks, Eric
(In reply to comment #18) > SSL version is not working correctly for me - no response for login > > how to use it: > > ./fence_ucs.py -a 192.168.192.128 -l config -p config -o status -n aqua_ri-us We will need to test SSL version on a real system. HTTPS XMLAPI communication is not supported in our emulator just yet. Looking to do that in the next rev of our emulator.
Eric, Can you please test the entire fence_agent on a real system as soon as we have it available for you and let us know the results? Thanks Sayan
(In reply to comment #21) > Eric, > > Can you please test the entire fence_agent on a real system as soon as we have > it available for you and let us know the results? > > Thanks > Sayan Sayan: yes I can do that no problem. I'm out in San Francisco at VMworld until Thursday night. Earliest I can do a full blown test is on Friday. Just send me the test plan you would like done, and I can test it against my systems in the lab. Eric
Created attachment 442435 [details] Proposed fence agent New version of fence agent. It do not use curl but pycurl. Each command is issued in new connection (cookie is reused) as it will be more portable for other fence agents if needed. This version was tested against real machine (list, status, reboot, on, off) and it works as expected. Timeouts, better error handling still have to be added. There will be some rewriting after fence agent for RHEV will be ready as they surely will have common code.
Created attachment 442436 [details] Fence library #2
Fixed in: http://git.fedorahosted.org/git/?p=cluster.git;a=commit;h=f2f0db60469f811f26123eec87cfc09d9002f35d
How about from RHEL6 ?
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2011-0036.html