[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Linux-cluster] iSCSI fence agent



I have not used this tool in a while, but it did work on my system.

I would not trust this version to fence properly.  Using system does not allow the exit status of iptables to be checked for errors.  System only reports the status of the ssh command, not the command that is called on the remote host.

Matt

On Thu, 2006-04-27 at 15:43 +0200, Castang Jerome wrote:
Lon Hohberger a écrit :

>
>It's probably trying to exec:
>
>    /usr/bin/ssh\ root gfs5  <-- one filename
>
>vs
>    /usr/bin/ssh root gfs5
>
>for some reason; wrong quotation on the system / exec call(s) ?
>
>-- Lon
>
>  
>


It's ok I found the probleme,
I replaced the function "runcommand" by "system" and it works perfectly.
Here is the modified perl script:

/#!/usr/bin/perl

###############################################################################
###############################################################################
##
##  Copyright (C) Sistina Software, Inc.  1997-2003  All rights reserved.
##  Copyright (C) 2004 Red Hat, Inc.  All rights reserved.
##
##  This copyrighted material is made available to anyone wishing to use,
##  modify, copy, or redistribute it subject to the terms and conditions
##  of the GNU General Public License v.2.
##
###############################################################################
###############################################################################

use Getopt::Std;

# Get the program name from $0 and strip directory names
$_=$0;
s/.*\///;
my $pname = $_;

$opt_o = 'disable';        # Default fence action

# WARNING!! Do not add code bewteen "#BEGIN_VERSION_GENERATION" and
# "#END_VERSION_GENERATION"  It is generated by the Makefile

#BEGIN_VERSION_GENERATION
$FENCE_RELEASE_NAME="";
$REDHAT_COPYRIGHT="";
$BUILD_DATE="";
#END_VERSION_GENERATION

sub usage
{
    print "Usage:\n";
    print "\n";
    print "$pname [options]\n";
    print "\n";
    print "Options:\n";
    print "  -a <ip>          ISCSI target address\n";
    print "  -h               usage\n";
#    print "  -l <name>        Login name\n";
    print "  -n <num>         IP of node to disable\n";
    print "  -o <string>      Action:  disable (default) or enable\n";
#    print "  -p <string>      Password for login (not used)\n";
    print "  -q               quiet mode\n";
    print "  -V               version\n";

    exit 0;
}

sub fail
{
  ($msg) = @_;
  print $msg."\n" unless defined $opt_q;
  $t->close if defined $t;
  exit 1;
}

sub fail_usage
{
  ($msg)= _;
  print STDERR $msg."\n" if $msg;
  print STDERR "Please use '-h' for usage.\n";
  exit 1;
}

sub version
{
  print "$pname $FENCE_RELEASE_NAME $BUILD_DATE\n";
  print "$REDHAT_COPYRIGHT\n" if ( $REDHAT_COPYRIGHT );

  exit 0;
}

if (@ARGV > 0)
{
   #getopts("a:hl:n:o:p:qV") || fail_usage ;
   getopts("a:hn:o:qV") || fail_usage ;

   usage if defined $opt_h;
   version if defined $opt_V;

   fail_usage "Unknown parameter." if (@ARGV > 0);

   fail_usage "No '-a' flag specified." unless defined $opt_a;
   fail_usage "No '-n' flag specified." unless defined $opt_n;
   fail_usage "Unrecognised action '$opt_o' for '-o' flag"
      unless $opt_o =~ /^(disable|enable)$/i;

}
else
{
   get_options_stdin();

   fail "failed: no IP address" unless defined $opt_a;
   fail "failed: no plug number" unless defined $opt_n;
   #fail "failed: no login name" unless defined $opt_l;
   #fail "failed: no password" unless defined $opt_p;
   fail "failed: unrecognised action: $opt_o"
      unless $opt_o =~ /^(disable|enable)$/i;
}

#
# Set up and log in
#

my $target_address=$opt_a; #The address of the iSCSI target
my $command=$opt_o;     #either enable or disable
my $node=$opt_n;        #the cluster member to lock out

#use ssh to log into remote host and send over iptables commands:

# iptables -D INPUT -s a.b.c.d -p all -j REJECT
# iptables -A INPUT -s a.b.c.d -p all -j REJECT

if ($command eq "enable")
{       #Enable $node on $target_address

        system("ssh ".' root@'.$target_address." /sbin/iptables -D INPUT 
-s " . $node . " -p all -j REJECT");

        if ($out != 0)
        {
                fail "111Could not $command $node on 
$target_address\n$cmd\n";
        }
}
elsif ($command eq "disable")
{       #Disable $node on $target_address

        system("ssh ".' root@'.$target_address." /sbin/iptables -A INPUT 
-s " . $node . " -p all -j REJECT");

        if ($? != 0 )
        {
                fail "Could not $command $node on $target_address\n$cmd\n";
        }
}
else
{       #This should never happen:
        fail "Unknown command: $command\n";
}

print "success: $command $node\n" unless defined $opt_q;
exit 0;

sub get_options_stdin
{
    my $opt;
    my $line = 0;
    while( defined($in = <>) )
    {
        $_ = $in;
        chomp;

        # strip leading and trailing whitespace
        s/^\s*//;
        s/\s*$//;

        # skip comments
        next if /^#/;

        $line+=1;
        $opt=$_;
        next unless $opt;

        ($name,$val)=split /\s*=\s*/, $opt;

        if ( $name eq "" )
        {
           print STDERR "parse error: illegal name in option $line\n";
           exit 2;
        }

        # DO NOTHING -- this field is used by fenced
        elsif ($name eq "agent" ) { }

        # FIXME -- depricated.  use "port" instead.
        elsif ($name eq "fm" )
        {
            (my $dummy,$opt_n) = split /\s+/,$val;
            print STDERR "Depricated \"fm\" entry detected.  refer to 
man page.\n";
        }

        elsif ($name eq "ipaddr" )
        {
            $opt_a = $val;
        }
        elsif ($name eq "login" )
        {
            $opt_l = $val;
        }

        # FIXME -- depreicated residue of old fencing system
        elsif ($name eq "name" ) { }

        elsif ($name eq "option" )
        {
            $opt_o = $val;
        }
        elsif ($name eq "passwd" )
        {
            $opt_p = $val;
        }
        elsif ($name eq "port" )
        {
            $opt_n = $val;
        }
        # elsif ($name eq "test" )
        # {
        #    $opt_T = $val;
        # }

        # FIXME should we do more error checking?
        # Excess name/vals will be eaten for now
        else
        {
           fail "parse error: unknown option \"$opt\"";
        }
    }
}/


thanks,


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]