[ClusterLabs] pacemaker and fence_sanlock

Ken Gaillot kgaillot at redhat.com
Thu May 12 10:32:33 EDT 2016


On 05/11/2016 09:14 PM, Da Shi Cao wrote:
> Dear all,
> 
> I'm just beginning to use pacemaker+corosync as our HA solution on
> Linux, but I got stuck at the stage of configuring fencing.
> 
> Pacemaker 1.1.15,  Corosync Cluster Engine, version '2.3.5.46-d245', and
> sanlock 3.3.0 (built May 10 2016 05:13:12)
> 
> I have the following questions:
> 
> 1. stonith_admin --list-installed will only list two agents: fence_pcmk,
> fence_legacy before sanlock is compiled and installed under /usr/local.
> But after "make install" of sanlock, stonith_admin --list-installed will
> list: 
> 
>  fence_sanlockd
>  fence_sanlock
>  fence_pcmk
>  fence_legacy
>  It is weird and I wonder what makes stonith_admin know about fence_sanlock?

I'm guessing you also installed pacemaker under /usr/local;
stonith_admin will simply list $installdir/sbin/fence_*

> 2. How to configure the fencing by fence_sanlock into pacemaker? I've
> tried to create a new resource to do the unfencing for each node, but
> the resource start will fail since there is no monitor operation of
> fence_sanlock agent, because resource manager will fire monitor once
> after the start to make sure it has been started OK.

I'm not familiar with fence_sanlock, but it should be fine to do what
you describe. There's probably an issue with your configuration. What
command did you use to configure the resource?

> 3. How to create a fencing resource to do the fencing by sanlock. This
> I've not tried yet. But I wonder which node/nodes of the majority will
> initiate the fence operations to the nodes without quorum.

Once you've defined the resource in the pacemaker configuration, the
cluster will intelligently decide when and how to call it.

When you check the cluster status, you'll see that the fence device is
"running" on one node. In fact, any node can use the fence device
(assuming the configuration doesn't specifically ban it); the listed
node is the one running the recurring monitor on the resource. The
cluster considers that node to have "verified" access to the device, so
it will prefer that node when fencing using the device -- but it may
decide to choose another node when appropriate.

You may be interested to know that pacemaker has recently gained native
support for watchdog-based fencing via the "sbd" software package. See:

  http://blog.clusterlabs.org/blog/2015/sbd-fun-and-profit/
  http://clusterlabs.org/wiki/Using_SBD_with_Pacemaker

Some discussion of common configuration issues can be seen at:

  https://bugzilla.redhat.com/show_bug.cgi?id=1221680

If you have a Red Hat subscription, Red Hat has a simple walk-through
for configuring sbd with pacemaker on RHEL 6.8+/7.1+ (using watchdog
only, no "poison pill" shared storage):

  https://access.redhat.com/articles/2212861

> Thank you very much.
> Dashi Cao




More information about the Users mailing list