Red Hat Bugzilla – Bug 843083
fence_xvm reports success while the operation has failed
Last modified: 2013-01-07 22:37:39 EST
Description of problem:
While using incorrect hashes, the fence_xvm detects the failure correctly but returns bad status, effectively faking successful fencing operation.
Correct hashes in the example below are sha256/sha256.
What's interesting is that sha256/sha512 combination results in successful fence. Is this expected behaviour?
[root@c1-node01:~]$ fence_xvm -C sha512 -c sha256 -k /etc/cluster/fence_xvm.key -H c1-node02
C = a6aec2b23580c27f9060a4f8149c42864db748478efdecec38f5a6002f5d5b26e1157c0fbb63d2a30304aa7de191e044152b02c04dcc34ee681fca2f977ad1e5
H = 599067580117c396b5846d0fe5e38fe9e871ce8566e283a87ce332794d2be5197e8caaf24285f7dd8578a5dc29735b410383f65540478cd5cd4f999ddbfe30d2
R = 0cf2eae9677c206cf0d74404d13949fd6c4ab1773fe68a8ef870976c51f5d0880000000000000000000000000000000000000000000000000000000000000000
Invalid response to challenge
(09:19:59) [root@c1-node01:~]$ echo $?
RHEL6 host fence_virtd.conf:
$ cat /etc/fence_virt.conf
listener = "multicast";
backend = "libvirt";
key_file = "/etc/cluster/fence_xvm.key";
address = "22.214.171.124";
uri = "qemu:///system";
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. use fence_xvm with different parameters from what's in fence_virtd.conf
fencing operation reported as successful while it has actually failed
return code should be > 0 if response-challenge authentication fails.
This request was evaluated by Red Hat Product Management for inclusion
in a Red Hat Enterprise Linux release. Product Management has
requested further review of this request by Red Hat Engineering, for
potential inclusion in a Red Hat Enterprise Linux release for currently
deployed products. This request is not yet committed for inclusion in
Created attachment 600315 [details]
Backported fix from RHEL6
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.