[ClusterLabs] How to set up fencing/stonith

Ken Gaillot kgaillot at redhat.com
Fri May 18 17:47:35 UTC 2018


On Fri, 2018-05-18 at 10:22 -0600, Casey & Gina wrote:
> > Here is a command to adapt that work to fence a VM connecting to an
> > esxi server:
> > 
> >  pcs stonith create <fence_id>
> > fence_vmware_soap                       \
> >    pcmk_host_check="static-list"
> > pcmk_host_list="<nodeid>"             \
> >    port="<vm_name>" ipaddr="<esxi IP address>"
> > login="<granted_login>" \
> >    passwd="<>password" ssl="1"
> > ssl_insecure="1"                        \
> >    login_timeout=60
> > power_wait=3                                       \
> >    op monitor interval=60s
> > 
> > The customer that played with it told me it was working against its
> > vcenter as
> > well, but with more latency, so they prefer to connect to the esxi
> > servers.
> 
> Thank you for the suggestion, however I don't think I understand the
> parameters correctly:
> 
> pcmk_host_check="static-list" should just be input like that?

Yes, though it's the default in this case, so unnecessary

> pcmk_host_list="<nodeid>" - not sure about this one - I'm guessing
> this would actually be the same input as the list I was inputting to
> the HOSTLIST parameter with the external/vcenter approach?
> 
> port="<vm_name>" - not sure about this one - with this approach would
> I need to issue the above command once for each node in the cluster
> with the respective hostnames?

The above command presumes one fence device per node. I'm guessing the
VM names are different from their cluster node names. You could do the
same thing with a single device using the pcmk_host_map parameter:

pcmk_host_map="node1:vm1;node2:vm2;etc."

> ipaddr, login, and passwd seem self-explanatory.
> 
> I set up a new cluster with the Ubuntu package install of pacemaker
> and pcs and attempted the following:
> 
> pcs stonith create vfencing1 fence_vmware_soap
> pcmk_host_check="static-list" pcmk_host_list="d-gp2-dbpg0-1=d-gp2-
> dbpg0-1;d-gp2-dbpg0-2=d-gp2-dbpg0-2;d-gp2-dbpg0-3=d-gp2-dbpg0-3"
> port="d-gp2-dbpg0-1" ipaddr="10.124.137.100" login="myuser"
> passwd="mypassword" ssl="1" ssl_insecure="1" login_timeout=60
> power_wait=3 op monitor interval=60s
> 
> This results in the following error:
> 
> Error: Unable to create resource 'stonith:fence_vmware_soap', it is
> not installed on this system (use --force to override)
> 
> In the output of `pcs stonith list`, I see:
> 
> Error: no metadata for /usr/sbin/fence_vmware_soap
> 
> Do you know why this would occur, and what might resolve it?
> 
> Thanks,

Is the relevant package installed on all nodes? If so, I'm not sure why
it wouldn't return meta-data, maybe check selinux.
-- 
Ken Gaillot <kgaillot at redhat.com>


More information about the Users mailing list