HPE Community
Operating System - Linux
1827835 Members
2108 Online
109969 Solutions
New Discussion

fence_ilo

 
speccenini
Occasional Advisor

‎03-16-2011 06:59 AM

‎03-16-2011 06:59 AM

fence_ilo

Hi,

i have a redhat cluster that use fence_ilo as fencing device.

But if i execute:
fence_ilo -a hostname-ilo -l username -p password -o status
it have the following
Unable to connect/login to fencing device

when i execute:
ssh hostname-ilo
i get the ILO console.

any ideas?

thx in advance,
Stefano Peccenini
0 Kudos
Reply
12 REPLIES 12
Matti_Kurkela
Honored Contributor

‎03-16-2011 07:30 AM

‎03-16-2011 07:30 AM

Re: fence_ilo

fence_ilo does not use SSH. "man fence_ilo" says it opens a SSL connection to port 443 of the iLO console, and then communicates with iLO using an XML datastream.

Test with:
telnet hostname-ilo 443

or:
lynx -dump -head https://hostname-ilo/
(if you have a version of lynx that supports https)

MK
MK
0 Kudos
Reply
speccenini
Occasional Advisor

‎03-16-2011 07:47 AM

‎03-16-2011 07:47 AM

Re: fence_ilo

Hi,

i tried to login via telnet on 443 port.

[root@spisap02 SSHKEY]# telnet hostname-ilo 443
Trying xx.xx.xx.xx...
Connected to spisap02-ilo.sisal.it (xx.xx.xx.xx).
Escape character is '^]'.

So ILO support the login, i don't know why fence_ilo fail the login.
0 Kudos
Reply
Matti_Kurkela
Honored Contributor

‎03-16-2011 10:14 PM - last edited on ‎08-04-2011 10:51 AM by

‎03-16-2011 10:14 PM - last edited on ‎08-04-2011 10:51 AM by

Re: fence_ilo

The network connection works, but logging in using https is still not proven (or you haven't said so).

Try connecting with a web browser to https://hostname-ilo and log in using the username and password used with fence_ilo. Does it work?

What's your hardware model, iLO firmware version and RedHat version?
If you have one of the latest server models and an old version of RHEL, the fence_ilo version might be too old to support your hardware.

In this thread, Reiner Rottmann offers a link to an alternate iLO fencing agent:
http://h30499.www3.hp.com/t5/System-Administration/fence-ilo-repace/m-p/4756390#M43700

 

Might be worth a try.

MK

MK
0 Kudos
Reply
speccenini
Occasional Advisor

‎03-17-2011 12:01 AM

‎03-17-2011 12:01 AM

Re: fence_ilo

Hi, thanx for reply.

os version:
Linux 2.6.18-164.el5 #1 SMP Tue Aug 18 15:51:48 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux
Red Hat Enterprise Linux Server release 5.4 (Tikanga)

ILO version:
iLO 3 Firmware Jul 26 2010 1.10

I also tried to log in through web browser in https mode, and it worked fine.

thanx a lot,
Stefano Peccenini
0 Kudos
Reply
speccenini
Occasional Advisor

‎03-17-2011 12:02 AM

‎03-17-2011 12:02 AM

Re: fence_ilo

i forgot the cman version:
cman-2.0.115-34.el5_5.4
0 Kudos
Reply
Alzhy
Honored Contributor

‎03-17-2011 05:21 AM

‎03-17-2011 05:21 AM

Re: fence_ilo

What Proliant model?

I have DL380 G6's and running RHEL 5.5 with the same version of RHCS bits you have and fence_ilo works beautifully.
Hakuna Matata.
0 Kudos
Reply
robert1984
New Member

‎03-17-2011 09:45 AM

‎03-17-2011 09:45 AM

Re: fence_ilo

Please, run fence_ilo with '-v' and '-D /tmp/outfile.txt'. Maybe it will show something interesting. Or even use tcpdump to analyze IP traffic.
0 Kudos
Reply
Alzhy
Honored Contributor

‎03-17-2011 09:49 AM

‎03-17-2011 09:49 AM

Re: fence_ilo

were you able to fence your iLo device from your node(s)?

do you have IPTABLES set up?

As a quick test, do "service iptables stop"
Then try fence_ilo once more.

It it works -- then it is likely you need to rework your IPTABLES...

cheers.
Hakuna Matata.
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎03-17-2011 12:40 PM

‎03-17-2011 12:40 PM

Re: fence_ilo

Shalom,

Advice:
1) Configure the ilo card so it uses ssh and has a valid userid/password combination.
2) Update the firmware on the ilo console to reach a supported version that HP support says it will work.
3) As noted elsewhere in the case, make sure the firewall is not hammering it. Confirm network connectivity.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Alzhy
Honored Contributor

‎03-17-2011 12:50 PM

‎03-17-2011 12:50 PM

Re: fence_ilo

Huh?
Hakuna Matata.
0 Kudos
Reply
speccenini
Occasional Advisor

‎03-18-2011 04:09 AM

‎03-18-2011 04:09 AM

Re: fence_ilo

hi all,
iptables is turned off, but fence_ilo still does not work, this afternoon i will upgrade the formware of the ILO.
ssh connection, https connection are enabled and works fine, via web browser or via ssh shell connection.
The model is ProLiant BL465c G7

I will tell you if it works after upgrade

thanx a lot,
Stefano Peccenini
0 Kudos
Reply
speccenini
Occasional Advisor

‎03-18-2011 10:06 AM

‎03-18-2011 10:06 AM

Re: fence_ilo

I found the solution.

hp writes in this document:
http://h10025.www1.hp.com/ewfrf/wc/document?cc=uk&lc=en&dlc=en&docname=c02509477

and RedHat writes in this other documents:
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.6_Technical_Notes/cman.html

So, command fence_ilo is not supported by ILO3, you have to use fence_ipmilan. As RedHat specified in that document:
https://bugzilla.redhat.com/show_bug.cgi?id=642700
the version of cman must be greater than: cman-2.0.115-34.el5_5.4.

Moreover, in that other document redhat, linked in the HP document to work you must select a lanplus at 1:
https://access.redhat.com/kb/docs/DOC-39336

then from the command line:
# fence_ipmilan -a hostname-ilo -l myuser -p mypass -o status -P 1
Getting status of IPMI: hostname-ilo ... power = On Chassis

finally it works;

this is an acceptable solution?

Stefano Peccenini
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.