Error result of start operation for ipmi stonith

This document (000020654) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Linux Enterprise Server for SAP Applications 15
SUSE Linux Enterprise High Availability Extension 15
SUSE Linux Enterprise Server for SAP Applications 12
SUSE Linux Enterprise High Availability Extension 12

Situation

ipmi-stonith resource fails to start.

Issue is caused due to /usr/lib64/stonith/plugins/external/ipmi found to be writable by group/ others, thus NOT executing for security reasons...
node1:~ # l /usr/lib64/stonith/plugins/external/ipmi 
-rwxrwxr-x 1 root root 6602 Apr 29  2020 /usr/lib64/stonith/plugins/external/ipmi*
node1:~ # 

Additionally, below errors are observed in /var/logs/messages...
stonith: external_run_cmd: /usr/lib64/stonith/plugins/external/ipmi found to be writable by group/others, NOT executing for security purposes.
stonith: external_get_confignames: 'ipmi getconfignames' failed with rc -1
stonith-ng[10497]: notice: fence_legacy_monitor_2:162011:stderr [ Invalid config info for external/ipmi device. ]
stonith-ng[10497]: warning: fence_legacy[162011] stderr: [ Invalid config info for external/ipmi device. ]
stonith-ng[10497]: notice: Operation 'monitor' [162011] for device 'rsc_stonith_imm1' returned: -201 (Generic Pacemaker error)
warning: rsc_stonith_imm1:162011 [ Performing: stonith -t external/ipmi -E -S ]
warning: rsc_stonith_imm1:162011 [ failed:  1 ]
lrmd[10499]: notice: finished - rsc:rsc_stonith_imm1 action:start call_id:29  exit-code:1 exec-time:1029ms queue-time:0ms
crmd[10503]: error: Result of start operation for rsc_stonith_imm1 on gacmccdbp102: Error

Resolution

Please follow the below steps to resolve the issue...

1. Set 755 permissions to /usr/lib64/stonith/plugins/external/ipmi
chmod 755 /usr/lib64/stonith/plugins/external/ipmi

2. Cleanup any negative score bind to the resources
crm resource cleanup IPMI_RESOURCE_NAME

Cause

Issue is caused due to /usr/lib64/stonith/plugins/external/ipmi found to be writable by group/ others, thus NOT executing for security reasons...

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:000020654
  • Creation Date: 09-May-2022
  • Modified Date:11-May-2022
    • SUSE Linux Enterprise High Availability Extension
    • SUSE Linux Enterprise Server for SAP Applications

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback@suse.com

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.


SUSE Customer Support Quick Reference Guide SUSE Technical Support Handbook Update Advisories
Support FAQ

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center