[ClusterLabs] How to set up fencing/stonith

Tomas Jelinek tojeline at redhat.com
Wed May 23 04:13:50 EDT 2018

Dne 22.5.2018 v 23:24 Casey & Gina napsal(a):
>> On May 18, 2018, at 1:29 PM, Ken Gaillot <kgaillot at redhat.com> wrote:
>>> Perhaps there is a bug in the packaging?
>> It sounds like it, or perhaps a portability issue in the agent itself.
> There were missing dependencies.  I've resolved that, so now am coming back to trying this...
>>>>> pcmk_host_list="<nodeid>" - not sure about this one - I'm
>>>>> guessing
>>>>> this would actually be the same input as the list I was inputting
>>>>> to
>>>>> the HOSTLIST parameter with the external/vcenter approach?
>>>>> port="<vm_name>" - not sure about this one - with this approach
>>>>> would
>>>>> I need to issue the above command once for each node in the
>>>>> cluster
>>>>> with the respective hostnames?
>>>> The above command presumes one fence device per node. I'm guessing
>>>> the
>>>> VM names are different from their cluster node names. You could do
>>>> the
>>>> same thing with a single device using the pcmk_host_map parameter:
>>>> pcmk_host_map="node1:vm1;node2:vm2;etc."
>>> Ahh, so it's either port= or pcmk_host_map=?  So this should look
>>> like pcmk_host_map="d-gp2-dbpg0-1:d-gp2-dbpg0-1;..." in my case?  How
>>> then is this different from pcmk_host_list?  Or is pcmk_host_list
>>> supposed to be something else entirely than what I've guessed?
>>> My cluster node names and vm names are identical in all cases.
>> When the names are the same, pcmk_host_list is sufficient.
>> pcmk_host_map is the equivalent for when they're different.
> Okay, I see that I can get a list of stonith options with `stonith describe fence_vmware_soap`.  However, this isn't terribly detailed.  Is there a command to get more detailed information, like a man page would?  I did look at `man stonithd` but that doesn't clarify things further either.  I apologize if there's documentation somewhere that I could be reading instead of posting questions here...anyways here are my immediate questions after looking at the above:

There is 'man fence_vmware_soap' but I think it has pretty much the same 
info as 'pcs stonith describe fence_vmware_soap' as they are both 
generated from the same source.

There is also a documentation describing fencing from pacemaker's point 
of view. It is quite low-level, it shows XML snippets of pacemaker 
configuration and uses pacemaker's cli tools.

> 1.  I see that it says "action" is required, but is missing in the example `pcs stonith create ...` command.  Is this something variable provided by pacemaker rather than part of the configure command?

When a fence agent is run it requires an action to be specified. It 
tells the agent what to do: just check status of a device, reboot it, 
and so on. However, when you are configuring a fence agent using pcs, 
you are telling pacemaker how to use the fence agent, you are not 
running the agent. When pacemaker decides it is necessary to check the 
fencing device or to fence a node, then the agent is run by pacemaker. 
And pacemaker specifies the action when running the agent.

It is actually not a good idea to specify the action option in a pcs 
stonith create command. Doing so, you may overwrite the action pacemaker 
intends the agent to do.

> 2.  How should pcmk_host_list contents be formatted?  A comma-separated list like "hostname1,hostname2,hostname3"?  Based on the example value provided for pcmk_host_map, I guess it may be semicolons instead of commas?  I did find a little more detail in `man stonithd`, but it still doesn't specify how this parameter's value should be formatted.

It looks like it should be space-separated list. There is an example XML 
snippet of pacemaker configuration (CIB):

This is pcs command to create the snippet:
pcs stonith create Fencing fence_ipmilan passwd=testuser \
login=abc123 ipaddr= "pcmk_host_list=pcmk-1 pcmk-2"

> 3.  I see that "port" is required and am still unsure of what this should be set to.  Describe says "Physical plug number on device, UUID or identification of machine".  When you say "the above command presumes one fence device per node", is this a requirement for the fence_vmware_soap device, or is there a different syntax available?  I don't understand the "one device per node" versus "one device for the cluster" concept very well.  Is a single device for the cluster worse idea for some reason?  For a 3-node cluster with one device per node, do I need to create 3 different stonith devices, with port=<hostname> for each different host in the cluster, but all of the nodes in the pcmk_host_list parameter?

This is similar to the action issue above. By setting pcmk_host_map or 
pcmk_host_list you tell pacemaker which nodes a fence agent is able to 
fence. When pacemaker runs the fence agent, it sets its port parameter 
accordingly to make it work with a desired node.

Handling the action and port options of fence agents has been change 
several times in pcs so I'm not quite sure now how your pcs version 
handles them.


> Thank you for any insights,

More information about the Users mailing list