[ClusterLabs] Fencing agent fence_xvm using multicast

Pierre C. Dussault pierrecharles.dussault at outlook.com
Thu Jul 24 04:47:16 UTC 2025 

Hi Reid,

Thanks for the feedback and suggestions. Sorry for delayed answer, I was away on vacation.

For now I'll try to use SBD fencing since I haven't been able to figure out the issue. It definitely wasn't nftables since I disabled it prior to doing configurations. I haven't touched any of the configuration in Proxmox for Apparmor, so that's running in its default settings. It seems some programs have an active profile in enforcing mode, but it doesn't seem like they are programs that would interact with KVM (although I may be wrong). I'll try to focus my efforts on SBD fencing and I'll circle back to fence_vxm once I get it working with SBD.

Thanks again,
Pierre

________________________________
From: Reid Wahl <nwahl at redhat.com>
Sent: Thursday, July 10, 2025 4:44 PM
To: Cluster Labs - All topics related to open-source clustering welcomed <users at clusterlabs.org>; pierrecharles.dussault at outlook.com <pierrecharles.dussault at outlook.com>
Subject: Re: [ClusterLabs] Fencing agent fence_xvm using multicast

On Mon, Jul 7, 2025 at 12:12 PM Pierre C. Dussault
<pierrecharles.dussault at outlook.com> wrote:
>
> Hi all,
>
> I am trying to get a working fencing device on a single Proxmox 8 host (not using the Proxmox tools) with fence_virtd and fence_virt/vxm. I can't get the command
>     # fence_xvm -o list
> to output anything, it keeps failing via timeout despite many attempts at finding the fault. The exact return message is:
>     Timed out waiting for response
>     Operation failed
>
> I am trying to configure it using the multicast Listener with the Libvirt backend. All settings were left to defaults except the listening interface which was set to the Linux bridge connecting the host and the guests. The fence_xvm.key file was copied in the /etc/cluster/ directory on the host and on the guests.
>
> I followed this: https://projects.clusterlabs.org/w/fencing/guest_fencing/ which didn't work,
> then this: https://kevwells.com/it-knowledge-base/how-to-install-cluster-fencing-using-libvert-on-kvm-virtual-machines/ which also didn't work.
>
> I read the man pages for fence_virt, fence_xvm, fence_virtd and fence_virt.conf.
> I read the README and doc files in "agents/virt" and "agent/virt/docs" from the source repository.
>
> I am at a loss here. Is there a better guide out there (or more up to date)?
>
> Thanks.
> _______________________________________________
> Manage your subscription:
> https://lists.clusterlabs.org/mailman/listinfo/users
>
> ClusterLabs home: https://www.clusterlabs.org/

Can you try with the firewall disabled on both the host and the
guests? If it works, then we know it's a firewall issue. You probably
need to allow traffic through 1229/udp on the host, in addition to
1229/tcp on the guests, if you are not already doing so. (Not sure if
1229/tcp is needed on the host.)

You can also try with SELinux (or AppArmor or whatever) disabled or
not-enforcing.

I haven't configured or troubleshot fence_xvm or fence_virt in a long
time. Firewall issues have been the most common problem for me though.

--
Regards,

Reid Wahl (He/Him)
Senior Software Engineer, Red Hat
RHEL High Availability - Pacemaker

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clusterlabs.org/pipermail/users/attachments/20250724/5e4a985b/attachment.htm>

More information about the Users mailing list