[Pacemaker] Fencing libvirt/KVM nodes running on different hosts?

Andreas Ntaflos daff at pseudoterminal.org
Mon Nov 28 14:55:21 EST 2011


Scenario: two physical virtualisation hosts run various KVM-based
virtual machines, managed by Libvirt. Two VMs, one on each host, form a
Pacemaker cluster, say for a simple database server, using DRBD and a
virtual/cluster IP address. Using Ubuntu 10.04 and Pacemaker 1.1.6, with
Corosync 1.4.2 on the hosts and guests.

How do I implement node-level fencing in this scenario?

Can the rather new "external/libvirt" STONITH plugin be used here? It
seems to me it only supports a single hypervisor URI to connect to and
expects all VMs/nodes that can be fenced to be running on the same

Looking at http://www.clusterlabs.org/wiki/Guest_Fencing it says that
fencing guests running on multiple hosts is not supported in

What are my options here? How do other people manage node-level
fencing/STONITH when the nodes are VMs and running on different physical
hosts (which seems like the sensible thing to do, considering a single
host is a SPOF)?

Sorta related question: are Pacemaker clusters based on virtual machines
(and Libvirt) really so uncommon that there isn't a quasi-definitive
answer to this? Like "If you use Libvirt, implement fencing by using
this or that STONITH plugin."

Thanks in advance,


More information about the Pacemaker mailing list