Cisco Intersight Managed Mode Configuration Guide: uses the IPMI policy with a local user with a local user role and Service Profile IP to achieve the(power management) fencing option-fence fence_ipmilan. Is this correct in saying this would be the right route to take on the B200M5's considering that the old option of "fence_cisco_ucs" no longer works ?

flamegri11ed · ‎04-08-2024

OLVM requires fence agent setup for power management

All listing of Service Profiles in the Cisco 6296 environment with B200M3's were testing fine.

Listing Service Profiles : fence_cisco_ucs --ip='10.16.16.80' --username='fence-kvm-user' --password='fence password' --ssl-insecure -o list

fence_cisco_ucs --ip='10.16.16.80' --username='fence-kvm-user' --password='fence password' --plug="iscsi_kvm11" --subor
g="/org-B200M3clusteboot/" --ssl-insecure -o status -v

In the B200M5 (5108 and UCSx) environment with Cisco 6454, I have created a local fencing agent username and password and this has been attached to the Service Profiles. The attempts for a listing of service profiles in the domain using the above older UCS listing (-o list) does not work as I get error unable to login/connect to fencing device.

I am assuming Cisco Intersight(4.2(3e)) and UCS Manager(4.12b) connections/login are different and a different approach is needed.

Any advice would be help

Thank you.

--ip: The UCS Manager IP address
--username: The login name for the fencing user in UCS
- This user should have "Admin" and "Server-equipment" roles assigned.
- If a user is created under a domain, then it should be specified as domain\username in the configuration, or as 'domain\username' on the command line to prevent the shell from processing the / character specially.
- A local user may need to be specified as ucs-local\<username>.
--password: The password for the fencing user in UCS
--plug (--port in older releases): The UCS service profile name, as found in the service profile listing
--suborg [optional]: The sub-organization for the UCS service profile"

Brian Morrissey · ‎04-08-2024

Can you use the ipmi or redfish fencing options instead and point towards the CIMC IP of each node? You are correct about the cause as the fence_cisco_ucs uses the UCSM XML API and the creators of that script would need to modify it to use Intersight APIs.

flamegri11ed · ‎04-10-2024

Thank you Brian . I will add the fence_redfish agent and test it and report the outcome.

The default switches for username and password and - status does not reveal anything atm.

Thank you for the information.

flamegri11ed · ‎04-13-2024

My Redfish attempt from the Oracle KVM server :

[root@kvm ~]# fence_redfish --ip='10.16.16.80' --username='Oracle' --password='password' --systems-uri=/redfish/v1/Systems/FCH221122CS --ssl-insecure -o status
ERROR: Unable to get PowerState: https://10.16.16.80:443/redfish/v1/Systems/FCH221122CS

Its the first time that I get a response and related to power. The Ovirt/OLVM power management requires it. Not sure if the uri"uri=/redfish/v1/Systems/XXXXXX" is correct for B220M5 blade power status.

Any advice to conquer Redfish would help.

Thank you.

flamegri11ed · ‎04-15-2024

Cisco Intersight Managed Mode Configuration Guide: uses the IPMI policy with a local user with a local user role and Service Profile IP to achieve the(power management) fencing option-fence fence_ipmilan. Is this correct in saying this would be the right route to take on the B200M5's considering that the old option of "fence_cisco_ucs" no longer works ?

Brian Morrissey · ‎04-15-2024

Correct, either fence_redfish or fence_ipmilan using the credentials defined in the local user policy.

For fence_redfish the URI that returns powerstate is /redfish/v1/Systems/<Serial#>, you can try curl from that machine to make sure its receiving a proper response back

curl -u username:password -k https://cimc_ip/redfish/v1/Systems/Serial#

flamegri11ed · ‎04-15-2024

Thank you Brian.

I could achieve that response by enabling Redfish on our C220M4 by doing curl -u username:password -k https://cimc_ip/redfish/v1/Systems/Serial#

I got the access denied message however on the B200M5 blade on the new Intersight environment.Not sure why using the Service Profile IP and local user with "admin" equivalent(which i assume must be user role only)

Brian Morrissey · ‎04-15-2024

The access denied might be firmware related as redfish wasn't exposed to users initially in IMM mode, I'll see if I can track down when exactly redfish support was added in IMM but it should work on 5.1(0.230073) and higher. On older versions like 4.2(3e) I get the same access denied.

If 4.2(3) is a requirement then the fence_ipimlan would be the solution

flamegri11ed · ‎04-21-2024

fence_ipmilan --ip='172.16.16.80' --username='Oracle' --password='password' --lanplus -o list: Test status = ON (powered on)

Task : Create new IMPI policy (user role only) with previous attached local user policy (already attached to service profile for previous attempt at fence_ucs testing-no longer valid with ucs intersight)

UCS : Power Management : fence agent :Intersight