[ClusterLabs] About fencing stonith

Ken Gaillot kgaillot at redhat.com
Thu Sep 6 20:19:23 EDT 2018 

On Thu, 2018-09-06 at 17:33 -0300, Marcos Renato da Silva Junior wrote:
> Hi,
> I created a testing environment based on Raspberry Pi (attached
> diagram), in my tests it has worked well, but I did not implement
> anything about fencing and stonith, what is the need and how to
> implement?
> Thanks,
> Marcos.

The need for fencing is to be able to recover from problems that
disrupt normal cluster operation.

For example, if one node has the IP but becomes overloaded and can't
respond to requests, the cluster can't stop the IP on the unresponsive
node. If the cluster brings up the IP on another node anyway (which it
will do if there's no fencing), packets will randomly go to one or the
other node, causing the service to fail. With fencing, the cluster
powers down the unresponsive node, and can safely bring up the IP
elsewhere.

> corosync.conf :
> totem {
>     version: 2
>     cluster_name: debian
>     token: 3000
>     token_retransmits_before_loss_const: 10
>     clear_node_high_bit: yes
>     crypto_cipher: aes256
>     crypto_hash: sha1
>     interface {
>         bindnetaddr: 192.168.0.0
>         mcastaddr: 239.255.1.1
>         mcastport: 5405
>         ttl: 1
>     }
> }
> 
> logging {
>     fileline: off
>     to_stderr: no
>     to_logfile: no
>     to_syslog: yes
>     syslog_facility: daemon
>     debug: off
>     timestamp: on
>     logger_subsys {
>         subsys: QUORUM
>         debug: off
>     }
> }
> 
> quorum {
>     provider: corosync_votequorum
>     expected_votes: 2
>         two_node: 1
> }
> 
> crm configure property stonith-enabled=false
> 
> crm configure property no-quorum-policy=ignore
> 
> crm configure primitive LDAP-IP ocf:heartbeat:IPaddr2 \
> params ip="192.168.0.10" nic="eth0" cidr_netmask="24" \
> op monitor interval=10s timeout=20s
> crm configure primitive LDAP ocf:heartbeat:slapd params \
>  slapd="/usr/sbin/slapd" \
>  config="/etc/ldap/slapd.d/" \
>  user="openldap" group="openldap" \
>  services="ldap:///" \
>  watch_suffix="dc=acme,dc=lab" \
>  bind_dn="cn=admin,dc=acme,dc=lab" \
>  password="password" \
>  op monitor interval=10s timeout=20s
> crm configure clone LDAP-CLONE LDAP
> crm configure colocation LDAP-IP_WITH_LDAP inf: LDAP-IP LDAP-CLONE
> 
> crm configure order LDAP-IP_BEFORE_LDAP inf: LDAP-IP LDAP-CLONE
> 
> crm configure location PREFER_RASP4_LDAP LDAP-IP 50: rasp4
> 
> crm configure primitive RADIUS-IP ocf:heartbeat:IPaddr2 \
> params ip="192.168.0.9" nic="eth0" cidr_netmask="24" \
> op monitor interval=10s timeout=20s
> crm configure primitive RADIUS lsb:freeradius op monitor interval=10s
> timeout=20s
> crm configure clone RADIUS-CLONE RADIUS
> crm configure colocation RADIUS-IP_WITH_RADIUS inf: RADIUS-IP RADIUS-
> CLONE
> 
> crm configure order RADIUS-IP_BEFORE_RADIUS inf: RADIUS-IP RADIUS-
> CLONE
> 
> crm configure location PREFER_RASP4_RADIUS RADIUS-IP 50: rasp4
> 
> 
> diagram.jpg
-- 
Ken Gaillot <kgaillot at redhat.com>

More information about the Users mailing list