Attached to this bugzilla is a patch: * it modifies apcmaster so that it is possible to control an outlet with a non administrative user; * it modifies apcmaster to allow "ALL Accessible Outlets" as a port switch name; * it modifies cluconfig to allow spaces within port switch names; * it modifies power_stonith to use portSwitchName and not node name during a reset. With this patchset, it is possible to configure an APC MasterSwitch to reset a redundant power supply in the following mode: 1) create two Outlet User on APC Master Switch (User_1 and User_2) 2) Give to User_1 the acces just the outlets connected to Node_1 (say Outlet 1 and Outlet 2) 3) Give to User_2 the acces just the outlets connected to Node_2 (say Outlet 5 and Outlet 6) 4) Rename Outlet 1 and 2 to the name of Node_1 5) Rename Outlet 5 and 6 to the name of Node_2 (this steps are required since clupowerd still uses node name to check if the power switch can reset a node). 6) Add to file /etc/hosts two aliases for the IP address of the APC MasterSwitch (Switch_1 and Switch_2). This is neede since cluconfig doesn't accept two definition for a power swithc with the same IP but different user. 7) In cluconfig specify Switch_1, User_1 and ALL Accessible Outlets as IP address of the power switch, login name for the power switch and name of the outlet that power cycles member Node_1 8) In cluconfig specify Switch_2, User_2 and ALL Accessible Outlets as IP address of the power switch, login name for the power switch and name of the outlet that power cycles member Node_2 (this step may give an error in cluconfig, you may need to edit /etc/cluster.conf and rerun cluconfig). After this, cluster manager should be able to reset the other node (I tested it by killing cluquorumd). All the credit for this patch should go to Marco Lusini <m.lusini>.
Created attachment 86704 [details] patch
whoops. wrong component. sorry.
Patch looks clean.
The setup requirements of this patch are kind of strange: use of this patch requires multiple host name aliases for the power switch. I'm going to evaluate the possibility of cleanly having multiple user accounts supported (ie, what user controls what port) as a feature enhancement, but not right away. For now, I'm going to leave this on the enhancement list.
Please note that my patches mostly fixes a couple of bugs in Cluster manager. A side effect of this is the ability to use the admittedly strange configuration proposed. With an APC master it should be possible to use any user to control the PS, but your version only works with administrative users (and it is not documented): my patch allows any user to control his outlets. The ability to use "ALL Accessible Outlets" as a port switch name is a side effect of a bug fix in NametoOutlet which assumes that socketname is at least 23 chars, blank padded, while it is not necessary (this looks like a cut'n'paste from WTI NPS code). The changes in cluconfig also allows for a blank space in port names, which is not explicitly prohibited. If you think that my fixes are correct, you could just include them and don't say anything on the double alias trick until you manage to properly support multiple users.
There is currently a pending erratum addressing more critical issues; I'll try to get it into the next one. I'll test it to ensure that the change to power_stonith.c doesn't break other power controller drivers (it shouldn't). For the next major release, I believe the current intent is to fix the STONITH module(s)/config. utility so that no extra trickery with /etc/hosts is required for proper operation... IE, multiple port names on a single controller can be associated with multiple host names.
Patch applied to pool. Waiting for next erratum.
*** Bug 102447 has been marked as a duplicate of this bug. ***
Adding to U3 blocker bug list.