I would not trust this version to fence properly. Using system does not allow the exit status of iptables to be checked for errors. System only reports the status of the ssh command, not the command that is called on the remote host.
Matt
On Thu, 2006-04-27 at 15:43 +0200, Castang Jerome wrote:
Lon Hohberger a écrit : > >It's probably trying to exec: > > /usr/bin/ssh\ root@gfs5 <-- one filename > >vs > /usr/bin/ssh root@gfs5 > >for some reason; wrong quotation on the system / exec call(s) ? > >-- Lon > > > It's ok I found the probleme, I replaced the function "runcommand" by "system" and it works perfectly. Here is the modified perl script: /#!/usr/bin/perl ############################################################################### ############################################################################### ## ## Copyright (C) Sistina Software, Inc. 1997-2003 All rights reserved. ## Copyright (C) 2004 Red Hat, Inc. All rights reserved. ## ## This copyrighted material is made available to anyone wishing to use, ## modify, copy, or redistribute it subject to the terms and conditions ## of the GNU General Public License v.2. ## ############################################################################### ############################################################################### use Getopt::Std; # Get the program name from $0 and strip directory names $_=$0; s/.*\///; my $pname = $_; $opt_o = 'disable'; # Default fence action # WARNING!! Do not add code bewteen "#BEGIN_VERSION_GENERATION" and # "#END_VERSION_GENERATION" It is generated by the Makefile #BEGIN_VERSION_GENERATION $FENCE_RELEASE_NAME=""; $REDHAT_COPYRIGHT=""; $BUILD_DATE=""; #END_VERSION_GENERATION sub usage { print "Usage:\n"; print "\n"; print "$pname [options]\n"; print "\n"; print "Options:\n"; print " -a <ip> ISCSI target address\n"; print " -h usage\n"; # print " -l <name> Login name\n"; print " -n <num> IP of node to disable\n"; print " -o <string> Action: disable (default) or enable\n"; # print " -p <string> Password for login (not used)\n"; print " -q quiet mode\n"; print " -V version\n"; exit 0; } sub fail { ($msg) = @_; print $msg."\n" unless defined $opt_q; $t->close if defined $t; exit 1; } sub fail_usage { ($msg)= _; print STDERR $msg."\n" if $msg; print STDERR "Please use '-h' for usage.\n"; exit 1; } sub version { print "$pname $FENCE_RELEASE_NAME $BUILD_DATE\n"; print "$REDHAT_COPYRIGHT\n" if ( $REDHAT_COPYRIGHT ); exit 0; } if (@ARGV > 0) { #getopts("a:hl:n:o:p:qV") || fail_usage ; getopts("a:hn:o:qV") || fail_usage ; usage if defined $opt_h; version if defined $opt_V; fail_usage "Unknown parameter." if (@ARGV > 0); fail_usage "No '-a' flag specified." unless defined $opt_a; fail_usage "No '-n' flag specified." unless defined $opt_n; fail_usage "Unrecognised action '$opt_o' for '-o' flag" unless $opt_o =~ /^(disable|enable)$/i; } else { get_options_stdin(); fail "failed: no IP address" unless defined $opt_a; fail "failed: no plug number" unless defined $opt_n; #fail "failed: no login name" unless defined $opt_l; #fail "failed: no password" unless defined $opt_p; fail "failed: unrecognised action: $opt_o" unless $opt_o =~ /^(disable|enable)$/i; } # # Set up and log in # my $target_address=$opt_a; #The address of the iSCSI target my $command=$opt_o; #either enable or disable my $node=$opt_n; #the cluster member to lock out #use ssh to log into remote host and send over iptables commands: # iptables -D INPUT -s a.b.c.d -p all -j REJECT # iptables -A INPUT -s a.b.c.d -p all -j REJECT if ($command eq "enable") { #Enable $node on $target_address system("ssh ".' root@'.$target_address." /sbin/iptables -D INPUT -s " . $node . " -p all -j REJECT"); if ($out != 0) { fail "111Could not $command $node on $target_address\n$cmd\n"; } } elsif ($command eq "disable") { #Disable $node on $target_address system("ssh ".' root@'.$target_address." /sbin/iptables -A INPUT -s " . $node . " -p all -j REJECT"); if ($? != 0 ) { fail "Could not $command $node on $target_address\n$cmd\n"; } } else { #This should never happen: fail "Unknown command: $command\n"; } print "success: $command $node\n" unless defined $opt_q; exit 0; sub get_options_stdin { my $opt; my $line = 0; while( defined($in = <>) ) { $_ = $in; chomp; # strip leading and trailing whitespace s/^\s*//; s/\s*$//; # skip comments next if /^#/; $line+=1; $opt=$_; next unless $opt; ($name,$val)=split /\s*=\s*/, $opt; if ( $name eq "" ) { print STDERR "parse error: illegal name in option $line\n"; exit 2; } # DO NOTHING -- this field is used by fenced elsif ($name eq "agent" ) { } # FIXME -- depricated. use "port" instead. elsif ($name eq "fm" ) { (my $dummy,$opt_n) = split /\s+/,$val; print STDERR "Depricated \"fm\" entry detected. refer to man page.\n"; } elsif ($name eq "ipaddr" ) { $opt_a = $val; } elsif ($name eq "login" ) { $opt_l = $val; } # FIXME -- depreicated residue of old fencing system elsif ($name eq "name" ) { } elsif ($name eq "option" ) { $opt_o = $val; } elsif ($name eq "passwd" ) { $opt_p = $val; } elsif ($name eq "port" ) { $opt_n = $val; } # elsif ($name eq "test" ) # { # $opt_T = $val; # } # FIXME should we do more error checking? # Excess name/vals will be eaten for now else { fail "parse error: unknown option \"$opt\""; } } }/ thanks,
-- Linux-cluster@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/linux-cluster