[Pacemaker] Fencing configuration with pcmk_host_map argument

Thibaut Pouzet thibaut.pouzet at lyra-network.com
Thu Feb 7 12:04:54 EST 2013 

Le 07/02/2013 07:12, Andrew Beekhof a écrit :
> On Wed, Feb 6, 2013 at 4:42 AM, Thibaut Pouzet
> <thibaut.pouzet at lyra-network.com> wrote:
>> Le 05/02/2013 16:57, Marek Grac a écrit :
>>> Hi,
>>>
>>> On 02/05/2013 03:24 AM, Andrew Beekhof wrote:
>>>> I cleared the IPMI configuration and kept only the two WTI fencing
>>>> Primitives in my configuration to make it as simple as possible :
>>>>
>>>> primitive wti_fence01 stonith:fence_wti \
>>>>           params ipaddr="192.168.0.7" action="reboot" verbose="true"
>>>> pcmk_host_check="static-list" pcmk_host_list="fence01.domain"
>>>> pcmk_host_map="fence01.domain:1,5" login_timeout="20" shell_timeout="20"
>>>> \
>>>>           op monitor interval="30s"
>>>> primitive wti_fence02 stonith:fence_wti \
>>>>           params ipaddr="192.168.0.7" action="reboot" verbose="true"
>>>> pcmk_host_check="static-list" pcmk_host_list="fence02.domain"
>>>> pcmk_host_map="fence02.domain:2,6"
>>>> It is possible that fence_wti doesn't support multiple port values, or
>>>> supports them differently.
>>>> Marek (CC'd) should be able to comment definitively.
>>>>
>>> This is right, fence agents (all of them) can be used only with one port
>>> value.
>>>
>>> m,
>>>
>>> _______________________________________________
>>> Pacemaker mailing list: Pacemaker at oss.clusterlabs.org
>>> http://oss.clusterlabs.org/mailman/listinfo/pacemaker
>>>
>>> Project Home: http://www.clusterlabs.org
>>> Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
>>> Bugs: http://bugs.clusterlabs.org
>>>
>> Hi Marek, thank you very much for the quick reply.
>>
>> When I read you (Marek & Andrew), I feel like there is something odd here. I
>> have a cluster with two nodes, a redundant ring, two fencing methods
>> installed (IPMI, WTI), and each node of this cluster has a dual power
>> supply. This configuration should prevent me from a single failure anywhere
>> in my system (at least, I hope so).
>>
>> You are telling me that I cannot use the WTI fence agent to fence one of my
>> node because it can only shut one port at a time ?
>>
>> Maybe I can understant that the fence_agent is only able to shut one port at
>> a time. But, what about stonithd's argument "pcmk_host_map" ? I thought that
>> it could be the glue I needed here;
> No, it requires that the agents support multiple ports.  Clearly this
> is not the case for the RHT ones.
>
> What you can do though, is use fencing levels.
> Its still not documented unfortunately, but basically you define four
> devices (one for each node+port) and then add something like f-p2.1
> below for each node.
> "devices" refers to your fencing resources.
>
> Not sure how it will work for "reboot" though.
>
> <cib crm_feature_set="3.0.6" validate-with="pacemaker-1.2"
> admin_epoch="1" epoch="0" num_updates="0">
>    <configuration>
>      <crm_config/>
>      <nodes/>
>      <resources/>
>      <constraints/>
>      <fencing-topology>
>        <!-- try poison-pill and fail back to power -->
>        <fencing-level id="f-p1.1" target="pcmk-1" index="1"
> devices="poison-pill"/>
>        <fencing-level id="f-p1.2" target="pcmk-1" index="2" devices="power"/>
>
>        <!-- try disk and network, and fail back to power -->
>        <fencing-level id="f-p2.1" target="pcmk-2" index="1"
> devices="disk,network"/>
>        <fencing-level id="f-p2.2" target="pcmk-2" index="2" devices="power"/>
>      </fencing-topology>
>    </configuration>
>    <status/>
> </cib>
>
>
>> Let's say I have this :
>> pcmk_host_map="fence02.domain:2,6", and this node needs to be fenced. I
>> thought that stonithd would do the following (somehow) :
>>
>> * Shut down (off) port 2 (and make sure the port is actually OFF)
>> * Shut down (off) port 6 (and make sure the port is actually OFF)
>> * Power up (on) port 2 (..)
>> * Power up (on) port 6 (..)
>>
>> This would be done with four calls to fence_wti. If one "off" action fails,
>> stonithd would believe that it could not fence properly the node and try
>> another fencing method (i.e. IPMI in my case).
>>
>> If this is not the purpose of "pcmk_host_map", then I guess I will have to
>> rewrite fence_wti to handle my situation properly.
>>
>>
>> Thibaut.
>>
>> _______________________________________________
>> Pacemaker mailing list: Pacemaker at oss.clusterlabs.org
>> http://oss.clusterlabs.org/mailman/listinfo/pacemaker
>>
>> Project Home: http://www.clusterlabs.org
>> Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
>> Bugs: http://bugs.clusterlabs.org
> _______________________________________________
> Pacemaker mailing list: Pacemaker at oss.clusterlabs.org
> http://oss.clusterlabs.org/mailman/listinfo/pacemaker
>
> Project Home: http://www.clusterlabs.org
> Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> Bugs: http://bugs.clusterlabs.org
>

Ok, this is really great, I have a clear idea now of why my 
configuration doesn't work, and what I should do to make it work. I will 
keep an eye on the release of RHEL 6.4, and try these fencing levels then.

Thank both of you Andrew and Marek for your answers !

Thibaut

More information about the Pacemaker mailing list