[ClusterLabs] pacemaker and fence_sanlock

Da Shi Cao dscao999 at hotmail.com
Thu May 12 20:44:10 EDT 2016

Hello Ken,
Yes, I installed the fence_sanlock and fence_sanlockd in the same directory with corosync and pacemaker.
There is no monitor action as listed from stonith_admin --meta --agent=fence_sanlock, and no monitor action from "crm_resource --show-metadata=stonith:fence_sanlock", either.
So I guess I will have to fake a monitor action using "fence_sanlock -p path -i id -o status"

Thank you very much!
Dashi Cao

From: Ken Gaillot <kgaillot at redhat.com>
Sent: Thursday, May 12, 2016 10:32:33 PM
To: users at clusterlabs.org
Subject: Re: [ClusterLabs] pacemaker and fence_sanlock

On 05/11/2016 09:14 PM, Da Shi Cao wrote:
> Dear all,
> I'm just beginning to use pacemaker+corosync as our HA solution on
> Linux, but I got stuck at the stage of configuring fencing.
> Pacemaker 1.1.15,  Corosync Cluster Engine, version '', and
> sanlock 3.3.0 (built May 10 2016 05:13:12)
> I have the following questions:
> 1. stonith_admin --list-installed will only list two agents: fence_pcmk,
> fence_legacy before sanlock is compiled and installed under /usr/local.
> But after "make install" of sanlock, stonith_admin --list-installed will
> list:
>  fence_sanlockd
>  fence_sanlock
>  fence_pcmk
>  fence_legacy
>  It is weird and I wonder what makes stonith_admin know about fence_sanlock?

I'm guessing you also installed pacemaker under /usr/local;
stonith_admin will simply list $installdir/sbin/fence_*

> 2. How to configure the fencing by fence_sanlock into pacemaker? I've
> tried to create a new resource to do the unfencing for each node, but
> the resource start will fail since there is no monitor operation of
> fence_sanlock agent, because resource manager will fire monitor once
> after the start to make sure it has been started OK.

I'm not familiar with fence_sanlock, but it should be fine to do what
you describe. There's probably an issue with your configuration. What
command did you use to configure the resource?

> 3. How to create a fencing resource to do the fencing by sanlock. This
> I've not tried yet. But I wonder which node/nodes of the majority will
> initiate the fence operations to the nodes without quorum.

Once you've defined the resource in the pacemaker configuration, the
cluster will intelligently decide when and how to call it.

When you check the cluster status, you'll see that the fence device is
"running" on one node. In fact, any node can use the fence device
(assuming the configuration doesn't specifically ban it); the listed
node is the one running the recurring monitor on the resource. The
cluster considers that node to have "verified" access to the device, so
it will prefer that node when fencing using the device -- but it may
decide to choose another node when appropriate.

You may be interested to know that pacemaker has recently gained native
support for watchdog-based fencing via the "sbd" software package. See:


Some discussion of common configuration issues can be seen at:


If you have a Red Hat subscription, Red Hat has a simple walk-through
for configuring sbd with pacemaker on RHEL 6.8+/7.1+ (using watchdog
only, no "poison pill" shared storage):


> Thank you very much.
> Dashi Cao

Users mailing list: Users at clusterlabs.org

Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org

More information about the Users mailing list