Fence_aws: Proxy configurations not picked when used with STONITH
Opened this issue · 11 comments
Hi,
fence_aws agent able to fence the EC2 instances when ran with “fence_aws -o off ” but when STONITH tries to fence instance the proxies set in environment variables are not picked and end in timeout.
The agent doesnt currently support proxies.
Thanks for the information, will that be enabled anytime soon? Or is there any other workaround?
@samsat22 can you explain how did you set the proxy configuration?
Set as Environment variable HTTP_PROXY, HTTPS_PROXY and also under /etc/profile.d/proxy.sh
@samsat22 I recommend you to set the env vars inside /etc/sysconfig/pacemaker, which is the right place to set it for the any pacemaker resource agent. After adding the entries you will need to restart your cluster.
For AWS, you will also include the EC2 instance metadata (169.254.169.254) in the no_proxy env var.
@samsat22 updates?
@gguifelixamz Not sure what is the variable value to be set in pacemaker config file like pcmk_host. I was able to resolve this timeout error by creating VPC endpoint.
The EC2 instance uses IAM role and the ~/.aws/credentials is created with below content, but still I get the error “Failed: Incorrect Access Key or Secret Key”
[default]
region=us-east-1
Fencing status is success if the below command:
“fence_aws -o status -n <instance_id> -v
Example - the /etc/sysconfig/pacemaker file will look like this:
http_proxy=http://<proxy>:<proxy_port>
https_proxy=http://<proxy>:<proxy_port>
no_proxy="localhost,169.254.169.254"
Do you have an IAM Role attached to your EC2 instance? You either need an IAM role or IAM Access Keys configured in your fencing agent for it to work.
Thanks! I will try the proxy modification.
Yes, I’ve the IAM role attached to EC2.
This is successful -
fence_aws -o status -n <instance_id> -v
but stonith auto fencing fails with invalid access key and secret key.
What RHEL version are you using?
RHEL8 @gguifelixamz