<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Fencing requires some mechanism, outside the nodes themselves,
that can terminate the nodes. Typically, IPMI (iLO, iRMC, RSA,
DRAC, etc) is used for this. Alternatively, switched PDUs are
common. If you don't have these but do have a watchdog timer on
your nodes, SBD (storage-based death) can work.</p>
<p>You can use 'fence_<device> <options> -o status' at
the command line to figure out the what will work with your
hardware. Once you can called 'fence_foo ... -o status' and get
the status of each node, then translating that into a pacemaker
configuration is pretty simple. That's when you enable stonith. <br>
</p>
<p>Once stonith is setup and working in pacemaker (ie: you can crash
a node and the peer reboots it), then you will go to DRBD and set
'fencing: resource-and-stonith;' (tells DRBD to block on
communication failure with the peer and request a fence), and then
setup the 'fence-handler /path/to/crm-fence-peer.sh' and
'unfence-handler /path/to/crm-unfence-handler.sh' (I am going from
memory, check the man page to verify syntax). <br>
</p>
<p>With all this done; if either pacemaker/corosync or DRBD lose
contact with the peer, they will block and fence. Only after the
peer has been confirmed terminated will IO resume. This way,
split-nodes become effectively impossible.</p>
<p>digimer<br>
</p>
<div class="moz-cite-prefix">On 2019-04-17 5:17 p.m., JCA wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAFy1yb37PoLpqsnyfTfP9wnyRRjdeVvPDZ=Y6xCe5zE-2TtEUg@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">Here is what I did:
<div><br>
</div>
<div>
<div># pcs stonith create disk_fencing fence_scsi
pcmk_host_list="one two" pcmk_monitor_action="metadata"
pcmk_reboot_action="off"
devices="/dev/disk/by-id/ata-VBOX_HARDDISK_VBaaa429e4-514e8ecb"
meta provides="unfencing"</div>
</div>
<div><br>
</div>
<div>where ata-VBOX-... corresponds to the device where I
have the partition that is shared between both nodes in my
cluster. The command completes without any errors (that I
can see) and after that I have</div>
<div><br>
</div>
<div>
<div># pcs status</div>
<div>Cluster name: ClusterOne</div>
<div>Stack: corosync</div>
<div>Current DC: one (version 1.1.19-8.el7_6.4-c3c624ea3d)
- partition with quorum</div>
<div>Last updated: Wed Apr 17 14:35:25 2019</div>
<div>Last change: Wed Apr 17 14:11:14 2019 by root via
cibadmin on one</div>
<div><br>
</div>
<div>2 nodes configured</div>
<div>5 resources configured</div>
<div><br>
</div>
<div>Online: [ one two ]</div>
<div><br>
</div>
<div>Full list of resources:</div>
<div><br>
</div>
<div> MyCluster<span style="white-space:pre"> </span>(ocf::myapp:myapp-script):<span style="white-space:pre"> </span>Stopped</div>
<div> Master/Slave Set: DrbdDataClone [DrbdData]</div>
<div> Stopped: [ one two ]</div>
<div> DrbdFS<span style="white-space:pre"> </span>(ocf::heartbeat:Filesystem):<span style="white-space:pre"> </span>Stopped</div>
<div> disk_fencing <span style="white-space:pre"> </span>(stonith:fence_scsi):<span style="white-space:pre"> </span>Stopped</div>
<div><br>
</div>
<div>Daemon Status:</div>
<div> corosync: active/enabled</div>
<div> pacemaker: active/enabled</div>
<div> pcsd: active/enabled</div>
</div>
<div><br>
</div>
<div>Things stay that way indefinitely, until I set
stonith-enabled to false - at which point all the
resources above get started immediately.</div>
<div><br>
</div>
<div>Obviously, I am missing something big here. But, what
is it?</div>
<div><br>
</div>
</div>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Wed, Apr 17, 2019 at 2:59
PM Adam Budziński <<a
href="mailto:budzinski.adam@gmail.com"
moz-do-not-send="true">budzinski.adam@gmail.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div dir="auto">You did not configure any fencing device.</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">śr., 17.04.2019, 22:51
użytkownik JCA <<a href="mailto:1.41421@gmail.com"
target="_blank" moz-do-not-send="true">1.41421@gmail.com</a>>
napisał:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div dir="ltr">
<div dir="ltr">I am trying to get fencing working, as
described in the "Cluster from Scratch" guide, and I
am stymied at get-go :-(
<div><br>
</div>
<div>The document mentions a property named
stonith-enabled. When I was trying to get my first
cluster going, I noticed that my resources would
start only when this property is set to false, by
means of </div>
<div><br>
</div>
<div> # pcs property set stonith-enabled=false<br>
</div>
<div><br>
</div>
<div>Otherwise, all the resources remain stopped.</div>
<div><br>
</div>
<div>I created a fencing resource for the partition
that I am sharing across the the nodes, by means of
DRBD. This works fine - but I still have the same
problem as above - i.e. when stonith-enabled is set
to true, all the resources get stopped, and remain
in that state.</div>
<div><br>
</div>
<div>I am very confused here. Can anybody point me in
the right direction out of this conundrum?</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
</div>
</div>
_______________________________________________<br>
Manage your subscription:<br>
<a
href="https://lists.clusterlabs.org/mailman/listinfo/users"
rel="noreferrer noreferrer" target="_blank"
moz-do-not-send="true">https://lists.clusterlabs.org/mailman/listinfo/users</a><br>
<br>
ClusterLabs home: <a href="https://www.clusterlabs.org/"
rel="noreferrer noreferrer" target="_blank"
moz-do-not-send="true">https://www.clusterlabs.org/</a></blockquote>
</div>
_______________________________________________<br>
Manage your subscription:<br>
<a href="https://lists.clusterlabs.org/mailman/listinfo/users"
rel="noreferrer" target="_blank" moz-do-not-send="true">https://lists.clusterlabs.org/mailman/listinfo/users</a><br>
<br>
ClusterLabs home: <a href="https://www.clusterlabs.org/"
rel="noreferrer" target="_blank" moz-do-not-send="true">https://www.clusterlabs.org/</a></blockquote>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Manage your subscription:
<a class="moz-txt-link-freetext" href="https://lists.clusterlabs.org/mailman/listinfo/users">https://lists.clusterlabs.org/mailman/listinfo/users</a>
ClusterLabs home: <a class="moz-txt-link-freetext" href="https://www.clusterlabs.org/">https://www.clusterlabs.org/</a></pre>
</blockquote>
</body>
</html>