12:16 p.m.
The recent changes to power handling broke a key feature - the ability to add arbitrary
arguments to the generated fence command. Templates such as ipmilan document using the
power_id field for things like adding "-P -T 4" for HP iLO3 power manipulation,
port info for some fence types, etc.
In Cobbler 2.0, anything in the power_id field was simply inserted as-is into the command
line. This was flexible and worked beautifully in our environment.
In Cobbler 2.2.3, however, instead of using command line parameters everything is mapped
to stdin lines passed to the subprocess. Unfortunately that results in power_id being
treated as a single parameter, passed as "\nport=-P -T4", which is rejected
since port isn't a valid input for fence_ipmilan; to be equivalent it should have
passed "\nlanplus\npower_wait=4" instead.
SOME ability to provide arbitrary per-machine settings to be passed to the fence command
needs to be restored. This could be via command line arguments, a la Cobbler 2.0, via
optional stdin lines, a la the translation Cobbler 2.2.3 does, a mixture of both,
whatever.
Regards,
Doug
----
MC Linux Infrastructure, 970-898-4860, Fort Collins 3UR8 (MS 57)
"The best way to cope with change is to help create it."
4:47 p.m.
On Thu, Aug 2, 2012 at 12:16 PM, Eldred, Doug <doug.eldred(a)hp.com> wrote:
The recent changes to power handling broke a key feature - the
ability to add arbitrary arguments to the generated fence command. Templates such as
ipmilan document using the power_id field for things like adding "-P -T 4" for
HP iLO3 power manipulation, port info for some fence types, etc.
In Cobbler 2.0, anything in the power_id field was simply inserted as-is into the command
line. This was flexible and worked beautifully in our environment.
That was kind of the point... shell injection with the old method was
pretty trivial.
In Cobbler 2.2.3, however, instead of using command line parameters
everything is mapped to stdin lines passed to the subprocess. Unfortunately that results
in power_id being treated as a single parameter, passed as "\nport=-P -T4",
which is rejected since port isn't a valid input for fence_ipmilan; to be equivalent
it should have passed "\nlanplus\npower_wait=4" instead.
SOME ability to provide arbitrary per-machine settings to be passed to the fence command
needs to be restored. This could be via command line arguments, a la Cobbler 2.0, via
optional stdin lines, a la the translation Cobbler 2.2.3 does, a mixture of both,
whatever.
There is, sorry for not getting it documented sooner.
The power_*.templates in /etc/cobbler/power have been deprecated, but
in their place you can create a fence_whatever.template. The contents
of that file are templated and sent as the input to the fence program.
Just make sure you include the username/password/host lines as well -
they are not assumed.
I will work on adding that to the documentation on the website as soon
as possible, as I know it was a pretty major change.
5:05 p.m.
Actually, the issue seems to be that the code (utils.py) is looking for files by the name
fence_*.template
powertemplate = "/etc/cobbler/power/fence_%s.template" % powertype
whereas the actual file names under /etc/cobbler/power are power_*.template.
If the power_*.template files are deprecated, why are they installed as part of 2.2.3?
Also, are you saying that even though power_*.template is deprecated, just renaming them
to fence_*.template, the exact same files are OK to use?
Thanks
Balaji
-----Original Message-----
From: cobbler-bounces(a)lists.fedorahosted.org [mailto:cobbler-
bounces(a)lists.fedorahosted.org] On Behalf Of James Cammarata
Sent: Thursday, August 02, 2012 2:48 PM
To: cobbler mailing list
Subject: Re: [cobbler] Problem in power handling introduced in 2.2.3
On Thu, Aug 2, 2012 at 12:16 PM, Eldred, Doug <doug.eldred(a)hp.com> wrote:
> The recent changes to power handling broke a key feature - the ability to add
arbitrary arguments to the generated fence command. Templates such as
ipmilan document using the power_id field for things like adding "-P -T 4" for
HP
iLO3 power manipulation, port info for some fence types, etc.
>
> In Cobbler 2.0, anything in the power_id field was simply inserted as-is into the
command line. This was flexible and worked beautifully in our environment.
That was kind of the point... shell injection with the old method was pretty trivial.
> In Cobbler 2.2.3, however, instead of using command line parameters
everything is mapped to stdin lines passed to the subprocess. Unfortunately that
results in power_id being treated as a single parameter, passed as "\nport=-P -
T4", which is rejected since port isn't a valid input for fence_ipmilan; to be
equivalent it should have passed "\nlanplus\npower_wait=4" instead.
>
> SOME ability to provide arbitrary per-machine settings to be passed to the
fence command needs to be restored. This could be via command line
arguments, a la Cobbler 2.0, via optional stdin lines, a la the translation Cobbler
2.2.3 does, a mixture of both, whatever.
There is, sorry for not getting it documented sooner.
The power_*.templates in /etc/cobbler/power have been deprecated, but in their
place you can create a fence_whatever.template. The contents of that file are
templated and sent as the input to the fence program.
Just make sure you include the username/password/host lines as well - they are
not assumed.
I will work on adding that to the documentation on the website as soon as
possible, as I know it was a pretty major change.
_______________________________________________
cobbler mailing list
cobbler(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/cobbler
8:39 p.m.
On Thu, Aug 2, 2012 at 5:05 PM, Parthasarathy, Balaji (BCS, Cupertino,
USA) <balaji.parthasarathy(a)hp.com> wrote:
Actually, the issue seems to be that the code (utils.py) is looking
for files by the name fence_*.template
powertemplate = "/etc/cobbler/power/fence_%s.template" % powertype
whereas the actual file names under /etc/cobbler/power are power_*.template.
If the power_*.template files are deprecated, why are they installed as part of 2.2.3?
Also, are you saying that even though power_*.template is deprecated, just renaming them
to fence_*.template, the exact same files are OK to use?
No, the files are not compatible. The old templates produced the
entire command that was run, whereas the new ones just create the data
that is sent to STDIN for the fence_whatever command.
There is no reason they were not stripped from 2.2.3, it was an
oversight frankly. They will be removed at some point in the future.
12:31 a.m.
Updated the Advanced Power topic on the manual:
http://cobbler.github.com/manuals/2.2.3/5/6_-_Power_Management.html
Let me know if that looks ok, or if you find any mistakes.
4305
days inactive
4306
days old
cobbler@lists.fedorahosted.org
4 comments
3 participants
participants (3)
-
Eldred, Doug -
James Cammarata -
Parthasarathy, Balaji (BCS, Cupertino, USA)