[ClusterLabs] fence-virtd reach remote server serial/VM channel/TCP

Jan Pokorný jpokorny at redhat.com
Thu Aug 6 11:15:54 EDT 2015

On 06/08/15 04:36 +0200, Noel Kuntze wrote:
> I know that increasing the complexity reduces the availability of a
> service, so it is no surprise to me that it is frowned upon running
> services, which should be highgly available, on virtual machines.
> However, services are regularely run on VMs and HA is desired, even
> if the only thing that should be "protected" against is the downtime
> when the kernel needs to get upgraded or a daemon needs to be
> restarted.
> So I think fence-virt has a use case.
> My use case currently is to build a HA cluster of VMs, which
> currently host a simple mirror for software packages. They're stored
> on shared storage, which has a partition formatted with GFS2 on it.
> I use pcs(d), pacemaker, corosync and fence-virt over a serial
> device to fence hosts.
> Obviously, a single serial connection I currently only have one
> hypervisor, but could expand to more.
> I'm doing this, because I want to write a doc about clustering on
> Linux in the year 2015, so clustering on VMs is definitely a use
> case that I will describe.
> I know that multicast should actually work in common use cases, but
> I found that for some reason, the bridge device of the VMs don't
> forward traffic for the default multicast group of fence-virt to the
> other bridge ports, rendering it useless.

ISTR this is problematic in general[1], therefore I spelled
"multicast-friendly" network out.

[1] https://bugzilla.redhat.com/show_bug.cgi?id=880035

> I haven't dug deeper why that happens, but through Googling I found
> that it's a common problem that bridge devices on Linux don't
> forward some types of traffic. Obviously, if multicast works, one
> can just relay multicast networks over several other interfaces to
> relay requests.
> The man page of virt_fence.conf mentions "libvirt-qmf" as backend,
> instead of "libvirt", which should be able to route fencing requests
> to the correct host by using Apache QMF. I figure that's the correct
> backend for such a purpose.

Oh, forgot about this, good that it works for you.
Actually it got discussed in the past [2] -- btw. could you provide
an update to the recipe[3] (ask Andrew for the wiki account, or post
it on-/off-list), please?

[2] https://www.redhat.com/archives/linux-cluster/2013-June/msg00020.html
[3] http://clusterlabs.org/wiki/Guest_Fencing#For_Guests_Running_on_Multiple_Hosts

Jan (Poki)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <https://lists.clusterlabs.org/pipermail/users/attachments/20150806/e95d3626/attachment-0003.sig>

More information about the Users mailing list