[ClusterLabs] Fencing agent fence_xvm using multicast

Reid Wahl nwahl at redhat.com
Thu Jul 10 20:44:00 UTC 2025 

On Mon, Jul 7, 2025 at 12:12 PM Pierre C. Dussault
<pierrecharles.dussault at outlook.com> wrote:
>
> Hi all,
>
> I am trying to get a working fencing device on a single Proxmox 8 host (not using the Proxmox tools) with fence_virtd and fence_virt/vxm. I can't get the command
>     # fence_xvm -o list
> to output anything, it keeps failing via timeout despite many attempts at finding the fault. The exact return message is:
>     Timed out waiting for response
>     Operation failed
>
> I am trying to configure it using the multicast Listener with the Libvirt backend. All settings were left to defaults except the listening interface which was set to the Linux bridge connecting the host and the guests. The fence_xvm.key file was copied in the /etc/cluster/ directory on the host and on the guests.
>
> I followed this: https://projects.clusterlabs.org/w/fencing/guest_fencing/ which didn't work,
> then this: https://kevwells.com/it-knowledge-base/how-to-install-cluster-fencing-using-libvert-on-kvm-virtual-machines/ which also didn't work.
>
> I read the man pages for fence_virt, fence_xvm, fence_virtd and fence_virt.conf.
> I read the README and doc files in "agents/virt" and "agent/virt/docs" from the source repository.
>
> I am at a loss here. Is there a better guide out there (or more up to date)?
>
> Thanks.
> _______________________________________________
> Manage your subscription:
> https://lists.clusterlabs.org/mailman/listinfo/users
>
> ClusterLabs home: https://www.clusterlabs.org/

Can you try with the firewall disabled on both the host and the
guests? If it works, then we know it's a firewall issue. You probably
need to allow traffic through 1229/udp on the host, in addition to
1229/tcp on the guests, if you are not already doing so. (Not sure if
1229/tcp is needed on the host.)

You can also try with SELinux (or AppArmor or whatever) disabled or
not-enforcing.

I haven't configured or troubleshot fence_xvm or fence_virt in a long
time. Firewall issues have been the most common problem for me though.

-- 
Regards,

Reid Wahl (He/Him)
Senior Software Engineer, Red Hat
RHEL High Availability - Pacemaker

More information about the Users mailing list