[Linux-cluster] Re: [Cluster-devel] Prototype Fencing Agent for Raritan eRIC G4
gordan at bobich.net
Wed Jun 10 19:24:45 UTC 2009
Subhendu Ghosh wrote:
> Would it be possible to look at migrating this agent to SSH (more secure)
I started with the idea of doing it over ssh, but Net::SSH module seemed
to be a lot less forgiving about the terminal quirkyness. I can have
another go. There's also the issue of manual intervention being required
to save the signatures (and where do the known hosts go?).
> or to SNMP (less screen scraping)?
Hmm, maybe. I haven't looked into the SNMP capability on the device, but
it looks like it'll work, and probably be easier to do than SSH.
> Look at fence_cisco as an example of snmp usage.
Assuming they speak a compatible dialect, which may not be the case.
I'll have a look.
> Long term maintainability of screen scraping is an issue with firmware changes.
Tell me about it. I submitted a patch for fence_drac a while back to
address an issue that seems to have arisen from a firmware update
inducted pattern match failure.
Not only that, but I've discovered a bug on the latest eRIC G4 firmware
- 04.02.00-7153 seems to have broken USB keyboard support (you'd think
this was important on a remote console device!) and potentially some
power button press dodgyness. The previous firmware, however -
04.02.00-6505, works OK.
> Also it seems that card has IPMI support. If so, can use test with fence_ipmi?
> Would remove the need for yet-another-agent ;)
Sadly, my servers with these cards in them don't have IPMI support. The
card only proxies it. The card supports direct power/reset button
control in addition to IPMI, so this is what I'm using. But as you can
see from the code, it operates only on the power on/off even for a
reboot because the said servers also don't have a reset connector. I
wrote this agent because I _needed_ it. :)
But I'll look into the SNMP way of doing it, it sounds like it might be
neater. I'll add it as an option since the telnet way is already
written. What parameter should/can be used to specify such things, that
is available from a cluster.conf reference?
More information about the Linux-cluster