On Thu, Aug 2, 2012 at 12:16 PM, Eldred, Doug <doug.eldred(a)hp.com> wrote:
The recent changes to power handling broke a key feature - the
ability to add arbitrary arguments to the generated fence command. Templates such as
ipmilan document using the power_id field for things like adding "-P -T 4" for
HP iLO3 power manipulation, port info for some fence types, etc.
In Cobbler 2.0, anything in the power_id field was simply inserted as-is into the command
line. This was flexible and worked beautifully in our environment.
That was kind of the point... shell injection with the old method was
pretty trivial.
In Cobbler 2.2.3, however, instead of using command line parameters
everything is mapped to stdin lines passed to the subprocess. Unfortunately that results
in power_id being treated as a single parameter, passed as "\nport=-P -T4",
which is rejected since port isn't a valid input for fence_ipmilan; to be equivalent
it should have passed "\nlanplus\npower_wait=4" instead.
SOME ability to provide arbitrary per-machine settings to be passed to the fence command
needs to be restored. This could be via command line arguments, a la Cobbler 2.0, via
optional stdin lines, a la the translation Cobbler 2.2.3 does, a mixture of both,
whatever.
There is, sorry for not getting it documented sooner.
The power_*.templates in /etc/cobbler/power have been deprecated, but
in their place you can create a fence_whatever.template. The contents
of that file are templated and sent as the input to the fence program.
Just make sure you include the username/password/host lines as well -
they are not assumed.
I will work on adding that to the documentation on the website as soon
as possible, as I know it was a pretty major change.