From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 31260 invoked by alias); 2 Jul 2008 15:03:27 -0000 Received: (qmail 31209 invoked by uid 9650); 2 Jul 2008 15:03:21 -0000 Date: Wed, 02 Jul 2008 15:03:00 -0000 Message-ID: <20080702150319.31162.qmail@sourceware.org> From: mgrac@sourceware.org To: cluster-cvs@sources.redhat.com, cluster-devel@redhat.com Subject: Cluster Project branch, master, updated. cluster-2.99.05-39-g9e40fc5 X-Git-Refname: refs/heads/master X-Git-Reftype: branch X-Git-Oldrev: 09ebbf80661e441b3bf9c8e9ac613dd2b136831a X-Git-Newrev: 9e40fc5f3e25a47eb469fd8e89874d28f755cd86 Mailing-List: contact cluster-cvs-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: cluster-cvs-owner@sourceware.org X-SW-Source: 2008-q3/txt/msg00005.txt.bz2 This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "Cluster Project". http://sources.redhat.com/git/gitweb.cgi?p=cluster.git;a=commitdiff;h=9e40fc5f3e25a47eb469fd8e89874d28f755cd86 The branch, master has been updated via 9e40fc5f3e25a47eb469fd8e89874d28f755cd86 (commit) from 09ebbf80661e441b3bf9c8e9ac613dd2b136831a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 9e40fc5f3e25a47eb469fd8e89874d28f755cd86 Author: Marek 'marx' Grac Date: Wed Jul 2 15:55:48 2008 +0200 [FENCE] Bug #448822: fence_ilo doesn't work with iLO New fencing agent for iLO used ssh/telnet to connect, but unfortutely there is a problem with power off. This is why we need to use SSL connection and RIBCL commands. As there is no (?) telnet with ssl connection in RHEL we need one to be able to use same infrastructure as in other agents. This agent was not tested with RIBCL version < 2.0 (these part where just ported from the old perl fencing agent) @todo: we have to put telnet_ssl.py somewhere, I'm not sure where ----------------------------------------------------------------------- Summary of changes: fence/agents/ilo/fence_ilo.py | 99 +++++++++++++++++++++++++--------------- fence/agents/lib/fencing.py.py | 10 ++++- fence/agents/lib/telnet_ssl.py | 66 ++++++++++++++++++++++++++ 3 files changed, 137 insertions(+), 38 deletions(-) mode change 100644 => 100755 fence/agents/ilo/fence_ilo.py create mode 100755 fence/agents/lib/telnet_ssl.py diff --git a/fence/agents/ilo/fence_ilo.py b/fence/agents/ilo/fence_ilo.py old mode 100644 new mode 100755 index 60c4f56..e050ea8 --- a/fence/agents/ilo/fence_ilo.py +++ b/fence/agents/ilo/fence_ilo.py @@ -4,16 +4,17 @@ ## ## The Following Agent Has Been Tested On: ## -## iLO Version +## iLO Version ## +---------------------------------------------+ -## iLO Advanced 1.91 -## -## @note: We can't use conn.sendline because we need to send CR/LF +## iLO / firmware 1.91 / RIBCL 2.22 +## iLO2 / firmware 1.22 / RIBCL 2.22 +## iLO2 / firmware 1.50 / RIBCL 2.22 ##### -import sys, re, pexpect +import sys, re, pexpect, socket sys.path.append("@FENCEAGENTSLIBDIR@") from fencing import * +from OpenSSL import SSL #BEGIN_VERSION_GENERATION RELEASE_VERSION="New ILO Agent - test release on steroids" @@ -22,55 +23,79 @@ BUILD_DATE="March, 2008" #END_VERSION_GENERATION def get_power_status(conn, options): - try: - conn.send("POWER\r\n") - conn.log_expect(options, options["-c"], SHELL_TIMEOUT) - except pexpect.EOF: - fail(EC_CONNECTION_LOST) - except pexpect.TIMEOUT: - fail(EC_TIMED_OUT) - - status = re.compile("server power is currently: (.*)", re.IGNORECASE).search(conn.before).group(1) + conn.send("\r\n") + conn.send("\r\n") + conn.send("\r\n") + conn.log_expect(options, "HOST_POWER=\"(.*?)\"", POWER_TIMEOUT) + + status = conn.match.group(1) return status.lower().strip() def set_power_status(conn, options): - action = { - 'on' : "powerup", - 'off': "powerdown" - }[options["-o"]] + conn.send("\r\n") + conn.send("") - try: - conn.send("power " + options["-o"] + "\r\n") - conn.log_expect(options, options["-c"], POWER_TIMEOUT) - except pexpect.EOF: - fail(EC_CONNECTION_LOST) - except pexpect.TIMEOUT: - fail(EC_TIMED_OUT) + if options.has_key("fw_processor") and options["fw_processor"] == "iLO2": + if options["fw_version"] > 1.29: + conn.send("\r\n") + else: + conn.send("\r\n") + elif options["-r"] < 2.21: + conn.send("\r\n") + else: + if options["-o"] == "off": + conn.send("\r\n") + else: + conn.send("\r\n") + conn.send("\r\n") + + return def main(): device_opt = [ "help", "version", "agent", "quiet", "verbose", "debug", "action", "ipaddr", "login", "passwd", "passwd_script", - "secure", "ribcl" ] + "ssl", "ribcl" ] options = check_input(device_opt, process_input(device_opt)) - ## - ## Fence agent specific defaults - ##### - if 0 == options.has_key("-c"): - options["-c"] = "hpiLO->" + options["-z"] = 1 + LOGIN_TIMEOUT = 10 ## - ## Operate the fencing device + ## Login and get version number #### conn = fence_login(options) - fence_action(conn, options, set_power_status, get_power_status) + try: + conn.send("\r\n") + conn.log_expect(options, [ "", "" ], LOGIN_TIMEOUT) + version = re.compile("= 2: + conn.send("\r\n") + else: + conn.send("\r\n") + + conn.send("\r\n") + if options["-r"] >= 2: + conn.send("\r\n") + conn.send("\r\n") + conn.log_expect(options, "", SHELL_TIMEOUT) + options["fw_version"] = float(re.compile("FIRMWARE_VERSION\s*=\s*\"(.*?)\"", re.IGNORECASE).search(conn.before).group(1)) + options["fw_processor"] = re.compile("MANAGEMENT_PROCESSOR\s*=\s*\"(.*?)\"", re.IGNORECASE).search(conn.before).group(1) + conn.send("\r\n") + except pexpect.TIMEOUT: + fail(EC_LOGIN_DENIED) ## - ## Logout from system - ###### - conn.send("quit\r\n") - conn.close() + ## Fence operations + #### + fence_action(conn, options, set_power_status, get_power_status) if __name__ == "__main__": main() diff --git a/fence/agents/lib/fencing.py.py b/fence/agents/lib/fencing.py.py index 581134b..0b4918c 100644 --- a/fence/agents/lib/fencing.py.py +++ b/fence/agents/lib/fencing.py.py @@ -27,6 +27,7 @@ EC_WAITING_OFF = 7 TELNET_PATH = "/usr/bin/telnet" SSH_PATH = "/usr/bin/ssh" +SSL_PATH = "/sbin/telnet_ssl.py" all_opt = { "help" : { @@ -101,6 +102,10 @@ all_opt = { "getopt" : "x", "help" : "-x Use ssh connection", "order" : 1 }, + "ssl" : { + "getopt" : "z", + "help" : "-z Use ssl connection", + "order" : 1 }, "port" : { "getopt" : "n:", "help" : "-n Physical plug number on device", @@ -350,7 +355,10 @@ def fence_login(options): re_login = re.compile("(login: )|(Login Name: )|(username: )|(User Name :)", re.IGNORECASE) re_pass = re.compile("password", re.IGNORECASE) - if options.has_key("-x") and 0 == options.has_key("-k"): + if options.has_key("-z"): + command = '%s %s %s' % (SSL_PATH, options["-a"], "443") + conn = fspawn(command) + elif options.has_key("-x") and 0 == options.has_key("-k"): command = '%s %s@%s' % (SSH_PATH, options["-l"], options["-a"]) if options.has_key("ssh_options"): command += ' ' + options["ssh_options"] diff --git a/fence/agents/lib/telnet_ssl.py b/fence/agents/lib/telnet_ssl.py new file mode 100755 index 0000000..8c0c008 --- /dev/null +++ b/fence/agents/lib/telnet_ssl.py @@ -0,0 +1,66 @@ +#!/usr/bin/python + +##### +## simple telnet client with SSL support +## +## ./telnet_ssl.py host port +##### + +import sys, socket, string, fcntl, os , time +from OpenSSL import SSL + +def main(): + hostname = None + port = None + + if (len(sys.argv) != 3): + print "Error: You have to enter hostname and port number\n" + sys.exit(-1) + + hostname = sys.argv[1] + port = int(sys.argv[2]) + + try: + s = socket.socket (socket.AF_INET, socket.SOCK_STREAM) + s.connect((hostname,port)) + ctx = SSL.Context(SSL.SSLv23_METHOD) + conn = SSL.Connection(ctx, s) + conn.set_connect_state() + except socket.error, e: + print "Error: Unable to connect to %s:%s %s" % (hostname, port, str(e)) + sys.exit(-1) + + fcntl.fcntl(sys.stdin, fcntl.F_SETFL, os.O_NONBLOCK) + s.settimeout(0) + + while 1: + try: + write_buff = sys.stdin.readline() + if (len(write_buff) > 0): + write_buff = string.rstrip(write_buff) + i = 10 + while i > 0: + i = i-1 + try: + conn.send(write_buff + "\r\n") + i = -1 + except SSL.WantReadError: + ## We have to wait for connect, mostly just for first time + time.sleep(1) + if i == 0: + sys.exit(-2) + except IOError: + 1 + + try: + read_buff = conn.recv(4096) + print read_buff + sys.stdout.flush() + except SSL.WantReadError: + 1 + except SSL.ZeroReturnError: + break + + +if __name__ == "__main__": + main() hooks/post-receive -- Cluster Project