[ClusterLabs] fence_virt architecture? (was: Re: Still Beginner STONITH Problem)
hunter86_bg at yahoo.com
Sun Jul 19 02:55:24 EDT 2020
My understanding is that fence_xvm is reaching each Hypervisour via multicast (otherwise why multicast ?)... yet I could be simply fooling myself.
If the VMs are behind NAT, I think that the simplest way to STONITH is to use SBD over iSCSI.
Yet, my KVM knowledge is limited and I didn't see any proof that I'm right (libvirt network was in NAT mode) or wrong (VMs using Host's bond in a bridged network).
На 19 юли 2020 г. 9:45:29 GMT+03:00, Andrei Borzenkov <arvidjaar at gmail.com> написа:
>18.07.2020 03:36, Reid Wahl пишет:
>> I'm not sure that the libvirt backend is intended to be used in this
>> with multiple hosts using the same multicast address. From the
>> fence_virt.conf man page:
>> The libvirt plugin is the simplest plugin. It is used
>> environments where routing fencing requests between multiple hosts is
>> required, for example by a user running a cluster of virtual
>> machines on a single desktop computer.
>> The libvirt-qmf plugin acts as a QMFv2 Console to the
>> daemon in order to route fencing requests over AMQP to the
>> The cpg plugin uses corosync CPG and libvirt to track virtual
>> machines and route fencing requests to the appropriate computer.
>> I'm not an expert on fence_xvm or libvirt. It's possible that this is
>> viable configuration with the libvirt backend.
>> However, when users want to configure fence_xvm for multiple hosts
>> libvirt backend, I have typically seen them configure multiple
>> devices (one per host) and configure a different multicast address on
>> If you have a Red Hat account, see also:
>> - https://access.redhat.com/solutions/2386421
>What's the point in using multicast listener if every host will have
>unique multicast address and there will be separate stonith agent for
>each host using this unique address? That's not what everyone expects
>seeing "multicast" as communication protocol.
>This is serious question. If intention is to avoid TCP overhead, why
>simply use UDP with unique address? Or is single multicast address
>possible and this article describes "what I once set up and it worked
>for me" and not "how it is designed to work"?
>Also what is not clear - which fence_virtd instance on host will be
>contacted by stonith agent on cluster node? I.e. consider
>three hosts host1, host2, host3
>three VM vm1, vm2, vm3 each active on corresponding host
>vm1 on host1 want to fence vm3 on host3. Will it
>a) contact fence_virtd on host1 and fence_virtd on host1 will forward
>request to host3? Or
>b) is it mandatory for vm1 to have connectivity to fence_virtd on
>If we combine existence of local-only listeners (like serial or vsock)
>and distributed backend (like cpg) it strongly suggests that vm1
>-(listener)-> host1 -(backend)-> host3 -> -(fence)->vm3 is possible.
>If each cluster node always directly contacts fence_virtd on *target*
>host then libvirt backend is still perfectly usable for multi-host
>configuration as every fence_virtd will only ever fence local VM.
>Is there any high level architecture overview (may be presentation from
>Manage your subscription:
>ClusterLabs home: https://www.clusterlabs.org/
More information about the Users