Discussion:
[Pacemaker] Configuring fencing with encrypted passwords
Arjun Pandey
2015-02-27 09:31:13 UTC
Permalink
Hi

I am facing some issues while trying out fence_ipmilan on ILO4 setup when
using encrypted passwords. Which mailing list can i contact for this ?
Basically if i test out fence_ipmilan/fence_ilo4 from cmd line with
plaintext password things work fine. However if i specify encrypted
password and specify auth-type as md5. It doesn't work.

*WORKING*
fence_ilo4 -a 10.11.10.21 -l foo -p bar -o status -v

*FAILS*
fence_ilo4 -A md5 -fence_ilo4 -A md5 -a 10.11.10.21 -l foo
-p $1$MGrg5Egf$QQpDePvU1UXtF/3ixMaRS0 -o status -v


Any pointers would be helpful.

Regards
Arjun
Andrei Borzenkov
2015-02-27 09:45:57 UTC
Permalink
Post by Arjun Pandey
Hi
I am facing some issues while trying out fence_ipmilan on ILO4 setup when
using encrypted passwords. Which mailing list can i contact for this ?
Basically if i test out fence_ipmilan/fence_ilo4 from cmd line with
plaintext password things work fine. However if i specify encrypted password
and specify auth-type as md5. It doesn't work.
WORKING
fence_ilo4 -a 10.11.10.21 -l foo -p bar -o status -v
FAILS
fence_ilo4 -A md5 -fence_ilo4 -A md5 -a 10.11.10.21 -l foo
-p $1$MGrg5Egf$QQpDePvU1UXtF/3ixMaRS0 -o status -v
You need to quote shell metacharacters on command line.
Post by Arjun Pandey
Any pointers would be helpful.
Regards
Arjun
_______________________________________________
http://oss.clusterlabs.org/mailman/listinfo/pacemaker
Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org
_______________________________________________
Pacemaker mailing list: ***@oss.clusterlabs.org
http://oss.clusterlabs.org/mailman/listinfo/pacemaker

Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org
Arjun Pandey
2015-03-02 06:58:16 UTC
Permalink
Hi

Yeah i had missed that. It still doesn't work.

[***@rimo ~]# fence_ipmilan -a 10.11.10.22 -l foo -p
'$1$Fx5N1lWk$3W/CYfGvBpuiPy9zopKAk0' -o status -v -P -A md5
Getting status of IPMI:10.11.10.22...Spawning: '/usr/bin/ipmitool -I
lanplus -H '10.11.10.22' -U 'parallel' -A 'md5' -P '[set]' -v chassis power
status'...
Chassis power = Unknown
Failed
I also tried running the ipmitool directly.
[***@rimo ~]# /usr/bin/ipmitool -I lanplus -H '10.11.10.22' -U 'parallel'
-A 'md5' -P '$1$rPv.Dm77$AG365zoIQKa/JCb3bkiFv/' -v chassis power status
-C 1
RAKP 2 HMAC is invalid
Error: Unable to establish IPMI v2 / RMCP+ session
Unable to get Chassis Power Status

From the ipmitool help
-C ciphersuite Cipher suite to be used by lanplus interface
authentication
-A authtype Force use of auth type NONE, PASSWORD, MD2, MD5 or OEM

What is the significance of -C option ? I don't see this being specified
when i give md5 auth type to fence_ipmilan. Can this be a issue as well ?

Regards
Arjun
Post by Arjun Pandey
Hi
I am facing some issues while trying out fence_ipmilan on ILO4 setup when
using encrypted passwords. Which mailing list can i contact for this ?
Basically if i test out fence_ipmilan/fence_ilo4 from cmd line with
plaintext password things work fine. However if i specify encrypted
password
Post by Arjun Pandey
and specify auth-type as md5. It doesn't work.
WORKING
fence_ilo4 -a 10.11.10.21 -l foo -p bar -o status -v
FAILS
fence_ilo4 -A md5 -fence_ilo4 -A md5 -a 10.11.10.21 -l foo
-p $1$MGrg5Egf$QQpDePvU1UXtF/3ixMaRS0 -o status -v
You need to quote shell metacharacters on command line.
Post by Arjun Pandey
Any pointers would be helpful.
Regards
Arjun
_______________________________________________
http://oss.clusterlabs.org/mailman/listinfo/pacemaker
Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org
_______________________________________________
http://oss.clusterlabs.org/mailman/listinfo/pacemaker
Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org
Marek "marx" Grac
2015-03-03 09:26:16 UTC
Permalink
Hi,
Post by Arjun Pandey
Hi
Yeah i had missed that. It still doesn't work.
'$1$Fx5N1lWk$3W/CYfGvBpuiPy9zopKAk0' -o status -v -P -A md5
Getting status of IPMI:10.11.10.22...Spawning: '/usr/bin/ipmitool -I
lanplus -H '10.11.10.22' -U 'parallel' -A 'md5' -P '[set]' -v chassis
power status'...
Chassis power = Unknown
Failed
I also tried running the ipmitool directly.
'parallel' -A 'md5' -P '$1$rPv.Dm77$AG365zoIQKa/JCb3bkiFv/' -v
chassis power status -C 1
RAKP 2 HMAC is invalid
Error: Unable to establish IPMI v2 / RMCP+ session
Unable to get Chassis Power Status
if ipmitool is not working for you then fence_ipmilan can't work too as
it is based on it.

For parameters:
-A is used for 'lan' session (IPMI v1.5)
-C is used for 'lanplus' session (IPMI v2)
in your case it is lanplus so, -A should not have any impact.

Also, take a look at ipmitool options -k/-y to enter key in normal/hex
format, instead of using -P

m,
Post by Arjun Pandey
From the ipmitool help
-C ciphersuite Cipher suite to be used by lanplus interface
authentication
-A authtype Force use of auth type NONE, PASSWORD, MD2, MD5 or OEM
What is the significance of -C option ? I don't see this being
specified when i give md5 auth type to fence_ipmilan. Can this be a
issue as well ?
m,

_______________________________________________
Pacemaker mailing list: ***@oss.clusterlabs.org
http://oss.clusterlabs.org/mailman/listinfo/pacemaker

Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org
Arjun Pandey
2015-03-03 10:47:54 UTC
Permalink
Thanks i will try this out.


Regards
Arjun
Post by Arjun Pandey
Hi,
Post by Arjun Pandey
Hi
Yeah i had missed that. It still doesn't work.
-o status -v -P -A md5
Getting status of IPMI:10.11.10.22...Spawning: '/usr/bin/ipmitool -I
lanplus -H '10.11.10.22' -U 'parallel' -A 'md5' -P '[set]' -v chassis power
status'...
Chassis power = Unknown
Failed
I also tried running the ipmitool directly.
Post by Arjun Pandey
'parallel' -A 'md5' -P '$1$rPv.Dm77$AG365zoIQKa/JCb3bkiFv/' -v chassis
power status -C 1
RAKP 2 HMAC is invalid
Error: Unable to establish IPMI v2 / RMCP+ session
Unable to get Chassis Power Status
if ipmitool is not working for you then fence_ipmilan can't work too as it
is based on it.
-A is used for 'lan' session (IPMI v1.5)
-C is used for 'lanplus' session (IPMI v2)
in your case it is lanplus so, -A should not have any impact.
Also, take a look at ipmitool options -k/-y to enter key in normal/hex
format, instead of using -P
m,
Post by Arjun Pandey
From the ipmitool help
-C ciphersuite Cipher suite to be used by lanplus interface
authentication
-A authtype Force use of auth type NONE, PASSWORD, MD2, MD5 or OEM
What is the significance of -C option ? I don't see this being specified
when i give md5 auth type to fence_ipmilan. Can this be a issue as well ?
m,
_______________________________________________
http://oss.clusterlabs.org/mailman/listinfo/pacemaker
Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org
Loading...