[Linux-cluster] Re: [Cluster-devel] Prototype Fencing Agent for Raritan eRIC G4

Gordan Bobic gordan at bobich.net
Wed Jun 10 19:24:45 UTC 2009 

Subhendu Ghosh wrote:

> Would it be possible to look at migrating this agent to SSH (more secure)

I started with the idea of doing it over ssh, but Net::SSH module seemed 
to be a lot less forgiving about the terminal quirkyness. I can have 
another go. There's also the issue of manual intervention being required 
to save the signatures (and where do the known hosts go?).

> or to SNMP (less screen scraping)?

Hmm, maybe. I haven't looked into the SNMP capability on the device, but 
it looks like it'll work, and probably be easier to do than SSH.

> Look at fence_cisco as an example of snmp usage.

Assuming they speak a compatible dialect, which may not be the case. 
I'll have a look.

> Long term maintainability of screen scraping is an issue with firmware changes.

Tell me about it. I submitted a patch for fence_drac a while back to 
address an issue that seems to have arisen from a firmware update 
inducted pattern match failure.

Not only that, but I've discovered a bug on the latest eRIC G4 firmware 
- 04.02.00-7153 seems to have broken USB keyboard support (you'd think 
this was important on a remote console device!) and potentially some 
power button press dodgyness. The previous firmware, however - 
04.02.00-6505, works OK.

> Also it seems that card has IPMI support. If so, can use test with fence_ipmi?
> Would remove the need for yet-another-agent ;)

Sadly, my servers with these cards in them don't have IPMI support. The 
card only proxies it. The card supports direct power/reset button 
control in addition to IPMI, so this is what I'm using. But as you can 
see from the code, it operates only on the power on/off even for a 
reboot because the said servers also don't have a reset connector. I 
wrote this agent because I _needed_ it. :)

But I'll look into the SNMP way of doing it, it sounds like it might be 
neater. I'll add it as an option since the telnet way is already 
written. What parameter should/can be used to specify such things, that 
is available from a cluster.conf reference?

Thanks.

Gordan

More information about the Linux-cluster mailing list