Creating a fence device
A system administrator can create a fence device in the cluster with the pcs stonith create command:
# pcs stonith create name fencing_agent parameters
The command requires additional arguments, such as the fencing agent and the fencing parameters required for the fencing agent. There are generic properties for all the fencing agents shipped with Red Hat Enterprise Linux High Availability Add-on:
This setting defines the time to wait for fencing to complete in seconds. The default value is 60 seconds and is defined in the stonith-timeout cluster property. Setting stonith-timeout for a fencing device overrides the cluster default setting. If a fencing action takes longer than this timeout, the cluster will consider the fence operation to have failed.
When defining multiple fence devices for a single node, they need to be prioritized. The cluster tries the fence device first with the highest priority. If this setting is omitted, a priority of 0 is assumed.
This parameter maps host names to fence device ports for fencing devices that require the mapping, such as devices using the fence_apc fencing agents. The list is a semicolon-separated list of host name: port mappings, such as “nodea.example.com:1;nodeb.example.com:2“.
This parameter defines how the cluster determines the machines that may be controlled from the fencing device. Possible values are:
- dynamic-list: The cluster queries the fencing device. This only wors if the fencing device can return a list of ports, and the port names match the host names of the cluster nodes.
- static-list: The cluster uses a list of hosts provided by pcmk_host_list. Unless pcmk_host_map is also used, port names must match the host names of cluster nodes.
- none: The cluster assumes that every fencing device can fence every node in the cluster. Unless pcmk_host_map is also used, port names must match the host names of cluster nodes.
The default setting for pcmk_host_check is dynamic-list.
This parameter provides a space-separated list of machines that may be controlled by the fencing device. It is required if pcmk_host_check is set to static-list.
If none of the pcmk_host_* options are set, the cluster will default to querying the fence device for a list of ports. If a port name matches a hostname of a cluster node, that port will be used to fence that device.
In addition, a fencing device can be created for a single machine by specifying explicit port=”portname” and pcmk_host_list=”hostname” options.
In addition to the generic fencing properties listed previously, there are fencing agent-specific properties. The command pcs stonith describe fence_agent shows all required and optional parameters that may be set for a particular fence device:
# pcs stonith describe fence_apc Stonith options for: fence_apc ipaddr (required): IP Address or Host-name login (required): Login Name passwd: Login password or pass-phrase ...
In a cluster that uses virtual machine fencing with fence-virtd, the fence_xvm fencing agent can be configured as a fence device for a cluster node. To create the fence device myfence, using the fence_xvm fencing agent to fence the virtual machine myvm known in the cluster with the host name myvm.example.com, execute:
# pcs stonith create myfence fence_xvm port="myvm" pcmk_host_list="myvm.example.com"
Storage-based fence devices
Storage-based fence devices cut off a fenced node from storage access. A storage-based fence device does not power cycle a fenced node. When configuring a storage-based fence agent, such as fence_scsi, as a cluster fence device, it is important to add the meta parameter meta provides=unfencing for the node to automatically get unfenced when the node is rebooted and the cluster services are starting to allow the node to rejoin the cluster.
# pcs stonith create myscsifence fence_scsi devices=/dev/sda meta provides=unfencing
Display fencing devices
The pcs stonith show command allows a system administrator to view the list of configured fence devices in the cluster, the fencing agent that is used, and the current status of the fence device. Fence device status can be Started or Stopped. If the status of a fence device is Started, the· device is operational; if it is Stopped, the fence device is not operational.
# pcs stonith show fence_nodea (stonith:fence_rht): Started fence_nodeb (stonith:fence_rht): Started fence_nodec (stonith:fence_rht): Started fence_noded (stonith:fence_rht): Started
If a cluster node is specified as a parameter or the –full option is added, the pcs stonith show command shows the configuration options of the specified cluster node or all cluster nodes, respectively.
# pcs stonith show fence_nodea Resource: fence_nodea (class=stonith type=fence_rht) Attributes: port=nodea pcmk_host_list=nodea.private.example.com Operations: monitor interval=60 (fence_nodea-monitor-interval-60s)
Changing fencing devices
Fencing device options may be changed with the pcs stonith update fence_device_name command. This allows a system administrator to add a new fence device option or change an existing one.
For example, the fencing device fence_nodeb currently fences the virtual machine nodea instead of nodeb. This can be corrected by executing:
# pcs stonith update fence_nodeb port=nodeb
Removing fencing devices
At some point, it might be necessary to remove a fencing device from the cluster. This might happen because the corresponding cluster node was removed from the cluster permanently, or a different fencing mechanism is used to fence the node. The command pcs stonith delete fence_device_name allows a system administrator to remove a fencing device from the cluster. To remove the fencing device fence_noded from the cluster, execute:
# pcs stonith delete fence_noded Attempting to stop: fence_noded ... Stopped Deleting Resource - fence_noded
Testing fence configuration
There are two ways to check if a cluster fencing configuration is fully operational:
- By using the command pcs stonith fence hostname. This will attempt to fence the requested node. If successful, the cluster can fence this node.
- By disabling the network on a node, either by unplugging the network cable(s), closing the cluster ports on the firewall, or disabling the entire network stack. The other nodes in the cluster should detect that the machine has failed, and fence it. This will test the cluster’s ability to detect a failed node as well.
Setting Up Fencing Devices in a Pacemaker Cluster