Re: ILO3 & ILO4, fence_ipmilan(RH Cluster Suite) behaviour (1890 Views)
Reply
Neighborhood Admin
chuckk281
Posts: 3,110
Registered: ‎01-09-2007
Message 1 of 3 (2,355 Views)

ILO3 & ILO4, fence_ipmilan(RH Cluster Suite) behaviour

Simo had an iLO question when using Red Hat OS.

 

****************

 

Previously only the user with Admin rights has been able to power down or reset the server, but RH added –L option to fence_ipmilan to allow fencing with user session privileges.

Customer installed the latest packages as per https://access.redhat.com/kb/docs/DOC-66997 -L option works now, but the user fenceagent cannot power off the server, even with “virtual power and reset” privileges has been set to it on ILO4. Has anyone else tested this? The following statement clearly explains that with leatest updates you should be able to use user privileges with fence_ipmilan.

 

****************

 

Reply from Jonathan:

 

******************

 

I believe you need to have the “operator” ipmi level, user was insufficient in my testing.

 

</>hpiLO-> show /map1/accounts1/fence 

 

status=0

status_tag=COMMAND COMPLETED

Mon Sep 10 14:41:41 2012

 

/map1/accounts1/fence

  Targets

  Properties

    username=fence

    password=********

    name=fence

    group=oemhp_rc,oemhp_power,oemhp_vm

  Verbs

    cd version exit show create delete set

 

cluster.conf:

<fencedevice agent="fence_ipmilan" ipaddr="mgmt1-ilo" lanplus="1" login="fence" name="mgmt1-ilo" passwd="************" power_wait="4" privlvl="operator"/>

 

***************

 

Any other comments or suggestions?

Please use plain text.
Honored Contributor
Jarkko K._1
Posts: 1,204
Registered: ‎01-29-2007
Message 2 of 3 (1,890 Views)

Re: ILO3 & ILO4, fence_ipmilan(RH Cluster Suite) behaviour

Although redhata claims that user level is enoug, operator seems to be requirement (at least in RHEL5).

Remember to give Kudos to answers! (click the KUDOS star)
Please use plain text.
Occasional Advisor
Vincent Kiely
Posts: 10
Registered: ‎09-14-2003
Message 3 of 3 (1,324 Views)

Re: ILO3 & ILO4, fence_ipmilan(RH Cluster Suite) behaviour

I can also confirm that this is the case with ILO4 and RHEL6 ( RHEL 6.4 with latest patches)

 

You need to give the user Virtual Console, Power Reset and Virtual Media permissions at the  ILO4 level

 

also specify privlvl=operator in the fence string in the cluster.conf

 

 

Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation