Red Hat Enterprise Linux 6
Fence Configuration Guide
Configuring and Managing Fence Devices for the High Availability Add-On
Steven Levine
John Ha
Red Hat Enterprise Linux 6 Fence Configuration Guide
Configuring and Managing Fence Devices for the High Availability Add-On
Steven Levine
Red Hat Custo mer Co ntent Services
slevine@redhat.co m
Jo hn Ha
Red Hat Custo mer Co ntent Services
Legal Notice
Co pyright © 20 16 Red Hat, Inc. and o thers.
This do cument is licensed by Red Hat under the Creative Co mmo ns Attributio n-ShareAlike 3.0
Unpo rted License. If yo u distribute this do cument, o r a mo dified versio n o f it, yo u must pro vide
attributio n to Red Hat, Inc. and pro vide a link to the o riginal. If the do cument is mo dified, all Red
Hat trademarks must be remo ved.
Red Hat, as the licenso r o f this do cument, waives the right to enfo rce, and agrees no t to assert,
Sectio n 4 d o f CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shado wman lo go , JBo ss, MetaMatrix, Fedo ra, the Infinity
Lo go , and RHCE are trademarks o f Red Hat, Inc., registered in the United States and o ther
co untries.
Linux ® is the registered trademark o f Linus To rvalds in the United States and o ther co untries.
Java ® is a registered trademark o f Oracle and/o r its affiliates.
XFS ® is a trademark o f Silico n Graphics Internatio nal Co rp. o r its subsidiaries in the United
States and/o r o ther co untries.
MySQL ® is a registered trademark o f MySQL AB in the United States, the Euro pean Unio n and
o ther co untries.
No de.js ® is an o fficial trademark o f Jo yent. Red Hat So ftware Co llectio ns is no t fo rmally
related to o r endo rsed by the o fficial Jo yent No de.js o pen so urce o r co mmercial pro ject.
The OpenStack ® Wo rd Mark and OpenStack Lo go are either registered trademarks/service
marks o r trademarks/service marks o f the OpenStack Fo undatio n, in the United States and o ther
co untries and are used with the OpenStack Fo undatio n's permissio n. We are no t affiliated with,
endo rsed o r spo nso red by the OpenStack Fo undatio n, o r the OpenStack co mmunity.
All o ther trademarks are the pro perty o f their respective o wners.
Abstract
Fencing is the disco nnectio n o f a no de fro m the cluster's shared sto rage. Fencing cuts o ff I/O
fro m shared sto rage, thus ensuring data integrity. This manual do cuments the co nfiguratio n o f
fencing o n clustered systems using High Availability Add-On and details the co nfiguratio n o f
suppo rted fence devices.
T able of Cont ent s
T able of Contents
. .reface
⁠P
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3. . . . . . . . . .
⁠1. Do c ument Co nventio ns
3
⁠1.1. Typ o g rap hic Co nventio ns
3
⁠1.2. Pull-q uo te Co nventio ns
4
⁠1.3. No tes and Warning s
5
⁠2 . G etting Help and G iving Feed b ac k
5
⁠2 .1. Do Yo u Need Help ?
⁠2 .2. We Need Feed b ac k
5
6
. .hapt
⁠C
. . . .er
. .1. .. Fencing
. . . . . . . .Pre. . . Configurat
. . . . . . . . . .ion
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7. . . . . . . . . .
⁠1.1. Co nfig uring ACPI Fo r Us e with Integ rated Fenc e Devic es
7
⁠1.1.1. Dis ab ling ACPI So ft-O ff with c hkc o nfig Manag ement
8
⁠1.1.2. Dis ab ling ACPI So ft-O ff with the BIO S
8
⁠1.1.3. Dis ab ling ACPI Co mp letely in the g rub .c o nf File
10
⁠1.2. SELinux
11
. .hapt
⁠C
. . . .er
. .2. .. Configuring
. . . . . . . . . . . Fencing
. . . . . . . .wit
. .h
. .t.he
. . ccs
. . . .Command
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1. 2. . . . . . . . . .
⁠2 .1. Co nfig uring Fenc e Devic es
12
⁠2 .2. Lis ting Fenc e Devic es and Fenc e Devic e O p tio ns
⁠2 .3. Co nfig uring Fenc ing fo r Clus ter Memb ers
⁠2 .3.1. Co nfig uring a Sing le Po wer-Bas ed Fenc e Devic e fo r a No d e
14
17
17
⁠2 .3.2. Co nfig uring a Sing le Sto rag e-Bas ed Fenc e Devic e fo r a No d e
⁠2 .3.3. Co nfig uring a Bac kup Fenc e Devic e
19
21
⁠2 .3.4. Co nfig uring a No d e with Red und ant Po wer
⁠2 .3.5. Tes ting the Fenc e Co nfig uratio n
24
27
⁠2 .3.6 . Remo ving Fenc e Metho d s and Fenc e Ins tanc es
27
. .hapt
⁠C
. . . .er
. .3.
. .Configuring
. . . . . . . . . . .Fencing
. . . . . . . wit
. . . h. .Conga
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2. 8. . . . . . . . . .
⁠3 .1. Co nfig uring Fenc e Daemo n Pro p erties
28
⁠3 .2. Co nfig uring Fenc e Devic es
⁠3 .2.1. Creating a Fenc e Devic e
⁠3 .2.2. Mo d ifying a Fenc e Devic e
⁠3 .2.3. Deleting a Fenc e Devic e
⁠3 .3. Co nfig uring Fenc ing fo r Clus ter Memb ers
⁠3 .3.1. Co nfig uring a Sing le Fenc e Devic e fo r a No d e
⁠3 .3.2. Co nfig uring a Bac kup Fenc e Devic e
⁠3 .3.3. Co nfig uring a No d e with Red und ant Po wer
⁠3 .3.4. Tes ting the Fenc e Co nfig uratio n
28
29
30
30
30
31
31
32
33
. .hapt
⁠C
. . . .er
. .4. .. Fence
. . . . . .Devices
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
...........
⁠4 .1. APC Po wer Switc h o ver Telnet and SSH
37
⁠4 .2. APC Po wer Switc h o ver SNMP
38
⁠4 .3. Bro c ad e Fab ric Switc h
41
⁠4 .4. Cis c o MDS
⁠4 .5. Cis c o UCS
⁠4 .6 . Dell Drac 5
⁠4 .7. Eato n Netwo rk Po wer Switc h
⁠4 .8 . Eg enera Blad eFrame
43
45
47
49
52
⁠4 .9 . Emers o n Netwo rk Po wer Switc h (SNMP interfac e)
⁠4 .10 . ePo werSwitc h
⁠4 .11. Fenc e Virt (Serial/VMChannel Mo d e)
⁠4 .12. Fenc e Virt (Multic as t Mo d e)
53
54
56
57
⁠4 .13. Fujits u-Siemens Remo teView Servic e Bo ard (RSB)
57
1
Fence Configurat ion G uide
⁠4 .13. Fujits u-Siemens Remo teView Servic e Bo ard (RSB)
⁠4 .14. Hewlett-Pac kard Blad eSys tem
⁠4 .15. Hewlett-Pac kard iLO
⁠4 .16 . Hewlett-Pac kard iLO MP
⁠4 .17. IBM Blad eCenter
57
59
60
62
64
⁠4 .18 . IBM Blad eCenter o ver SNMP
⁠4 .19 . IBM iPDU
⁠4 .20 . IF-MIB
⁠4 .21. Intel Mo d ular
66
69
71
74
⁠4 .22.
⁠4 .23.
⁠4 .24.
⁠4 .25.
76
78
78
79
IPMI o ver LAN
Fenc e kd ump
Multip ath Pers is tent Res ervatio n Fenc ing (Red Hat Enterp ris e Linux 6 .7 and later)
RHEV-M REST API
⁠4 .26 . SCSI Pers is tent Res ervatio ns
⁠4 .27. VMWare o ver SO AP API
⁠4 .28 . WTI Po wer Switc h
81
83
85
. .ppendix
⁠A
. . . . . . . A.
. . Revision
. . . . . . . . .Hist
. . . ory
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8. 8. . . . . . . . . .
⁠I.ndex
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8. 8. . . . . . . . . .
2
⁠P reface
Preface
1. Document Convent ions
This manual uses several conventions to highlight certain words and phrases and draw attention to
specific pieces of information.
1.1. T ypographic Convent ions
Four typographic conventions are used to call attention to specific words and phrases. These
conventions, and the circumstances they apply to, are as follows.
Mo no -spaced Bo l d
Used to highlight system input, including shell commands, file names and paths. Also used to
highlight keys and key combinations. For example:
To see the contents of the file my_next_bestsel l i ng _no vel in your current
working directory, enter the cat my_next_bestsel l i ng _no vel command at the
shell prompt and press Enter to execute the command.
The above includes a file name, a shell command and a key, all presented in mono-spaced bold and
all distinguishable thanks to context.
Key combinations can be distinguished from an individual key by the plus sign that connects each
part of a key combination. For example:
Press Enter to execute the command.
Press C trl +Al t+F2 to switch to a virtual terminal.
The first example highlights a particular key to press. The second example highlights a key
combination: a set of three keys pressed simultaneously.
If source code is discussed, class names, methods, functions, variable names and returned values
mentioned within a paragraph will be presented as above, in mo no -spaced bo l d . For example:
File-related classes include fi l esystem for file systems, fi l e for files, and d i r for
directories. Each class has its own associated set of permissions.
Pro p o rt io n al B o ld
This denotes words or phrases encountered on a system, including application names; dialog-box
text; labeled buttons; check-box and radio-button labels; menu titles and submenu titles. For
example:
Choose Syst em → Pref eren ces → Mo u se from the main menu bar to launch
Mo u se Pref eren ces. In the Butto ns tab, select the Left-hand ed mo use check
box and click C l o se to switch the primary mouse button from the left to the right
(making the mouse suitable for use in the left hand).
To insert a special character into a g ed it file, choose Ap p licat io n s →
Accesso ries → C h aract er Map from the main menu bar. Next, choose Search →
Fin d … from the C h aract er Map menu bar, type the name of the character in the
Search field and click Next. The character you sought will be highlighted in the
3
Fence Configurat ion G uide
C haracter T abl e. D ouble-click this highlighted character to place it in the T ext
to co py field and then click the C o py button. Now switch back to your document
and choose Ed it → Past e from the g ed it menu bar.
The above text includes application names; system-wide menu names and items; application-specific
menu names; and buttons and text found within a GUI interface, all presented in proportional bold
and all distinguishable by context.
Mono-spaced Bold Italic or Proportional Bold Italic
Whether mono-spaced bold or proportional bold, the addition of italics indicates replaceable or
variable text. Italics denotes text you do not input literally or displayed text that changes depending
on circumstance. For example:
To connect to a remote machine using ssh, type ssh username@ domain.name at a
shell prompt. If the remote machine is exampl e. co m and your username on that
machine is john, type ssh jo hn@ exampl e. co m.
The mo unt -o remo unt file-system command remounts the named file system.
For example, to remount the /ho me file system, the command is mo unt -o remo unt
/ho me.
To see the version of a currently installed package, use the rpm -q package
command. It will return a result as follows: package-version-release.
Note the words in bold italics above: username, domain.name, file-system, package, version and
release. Each word is a placeholder, either for text you enter when issuing a command or for text
displayed by the system.
Aside from standard usage for presenting the title of a work, italics denotes the first use of a new and
important term. For example:
Publican is a DocBook publishing system.
1.2. Pull-quot e Convent ions
Terminal output and source code listings are set off visually from the surrounding text.
Output sent to a terminal is set in mo no -spaced ro man and presented thus:
books
books_tests
Desktop
Desktop1
documentation drafts mss
downloads
images notes
photos
scripts
stuff
svgs
svn
Source-code listings are also set in mo no -spaced ro man but add syntax highlighting as follows:
static int kvm_vm_ioctl_deassign_device(struct kvm *kvm,
struct kvm_assigned_pci_dev *assigned_dev)
{
int r = 0;
struct kvm_assigned_dev_kernel *match;
mutex_lock(& kvm->lock);
match = kvm_find_assigned_dev(& kvm->arch.assigned_dev_head,
assigned_dev->assigned_dev_id);
if (!match) {
printk(KERN_INFO "%s: device hasn't been assigned
4
⁠P reface
before, "
"so cannot be deassigned\n", __func__);
r = -EINVAL;
goto out;
}
kvm_deassign_device(kvm, match);
kvm_free_assigned_device(kvm, match);
out:
mutex_unlock(& kvm->lock);
return r;
}
1.3. Not es and Warnings
Finally, we use three visual styles to draw attention to information that might otherwise be overlooked.
Note
Notes are tips, shortcuts or alternative approaches to the task at hand. Ignoring a note should
have no negative consequences, but you might miss out on a trick that makes your life easier.
Important
Important boxes detail things that are easily missed: configuration changes that only apply to
the current session, or services that need restarting before an update will apply. Ignoring a
box labeled “ Important” will not cause data loss but may cause irritation and frustration.
Warning
Warnings should not be ignored. Ignoring warnings will most likely cause data loss.
2. Get t ing Help and Giving Feedback
2.1. Do You Need Help?
If you experience difficulty with a procedure described in this documentation, visit the Red Hat
Customer Portal at http://access.redhat.com. From the Customer Portal, you can:
Search or browse through a knowledge base of technical support articles about Red Hat
products.
Submit a support case to Red Hat Global Support Services (GSS).
Access other product documentation.
5
Fence Configurat ion G uide
Red Hat also hosts a large number of electronic mailing lists for discussion of Red Hat software and
technology. You can find a list of publicly available mailing lists at
https://www.redhat.com/mailman/listinfo. Click the name of any mailing list to subscribe to that list or
to access the list archives.
2.2. We Need Feedback
If you find a typographical error in this manual, or if you have thought of a way to make this manual
better, we would love to hear from you. Please submit a report in Bugzilla: http://bugzilla.redhat.com/
against the product D ocumentation.
When submitting a bug report, be sure to mention the manual's identifier: Fence_Configuration_Guide
If you have a suggestion for improving the documentation, try to be as specific as possible when
describing it. If you have found an error, please include the section number and some of the
surrounding text so we can find it easily.
6
⁠Chapt er 1 . Fencing Pre- Configurat ion
Chapter 1. Fencing Pre-Configuration
This chapter describes tasks to perform and considerations to make before deploying fencing on
clusters using Red Hat High Availability Add-On, and consists of the following sections.
Section 1.1, “ Configuring ACPI For Use with Integrated Fence D evices”
1.1. Configuring ACPI For Use wit h Int egrat ed Fence Devices
If your cluster uses integrated fence devices, you must configure ACPI (Advanced Configuration and
Power Interface) to ensure immediate and complete fencing.
Note
For the most current information about integrated fence devices supported by Red Hat High
Availability Add-On, refer to http://www.redhat.com/cluster_suite/hardware/.
If a cluster node is configured to be fenced by an integrated fence device, disable ACPI Soft-Off for
that node. D isabling ACPI Soft-Off allows an integrated fence device to turn off a node immediately
and completely rather than attempting a clean shutdown (for example, shutd o wn -h no w).
Otherwise, if ACPI Soft-Off is enabled, an integrated fence device can take four or more seconds to
turn off a node (refer to note that follows). In addition, if ACPI Soft-Off is enabled and a node panics
or freezes during shutdown, an integrated fence device may not be able to turn off the node. Under
those circumstances, fencing is delayed or unsuccessful. Consequently, when a node is fenced with
an integrated fence device and ACPI Soft-Off is enabled, a cluster recovers slowly or requires
administrative intervention to recover.
Note
The amount of time required to fence a node depends on the integrated fence device used.
Some integrated fence devices perform the equivalent of pressing and holding the power
button; therefore, the fence device turns off the node in four to five seconds. Other integrated
fence devices perform the equivalent of pressing the power button momentarily, relying on the
operating system to turn off the node; therefore, the fence device turns off the node in a time
span much longer than four to five seconds.
To disable ACPI Soft-Off, use chkco nfi g management and verify that the node turns off immediately
when fenced. The preferred way to disable ACPI Soft-Off is with chkco nfi g management: however, if
that method is not satisfactory for your cluster, you can disable ACPI Soft-Off with one of the
following alternate methods:
Changing the BIOS setting to " instant-off" or an equivalent setting that turns off the node without
delay
Note
D isabling ACPI Soft-Off with the BIOS may not be possible with some computers.
7
Fence Configurat ion G uide
Appending acpi = o ff to the kernel boot command line of the /bo o t/g rub/g rub. co nf file
Important
This method completely disables ACPI; some computers do not boot correctly if ACPI is
completely disabled. Use this method only if the other methods are not effective for your
cluster.
The following sections provide procedures for the preferred method and alternate methods of
disabling ACPI Soft-Off:
Section 1.1.1, “ D isabling ACPI Soft-Off with chkco nfi g Management” — Preferred method
Section 1.1.2, “ D isabling ACPI Soft-Off with the BIOS” — First alternate method
Section 1.1.3, “ D isabling ACPI Completely in the g rub. co nf File” — Second alternate method
1.1.1. Disabling ACPI Soft -Off wit h chkco nfi g Management
You can use chkco nfi g management to disable ACPI Soft-Off either by removing the ACPI daemon
(acpi d ) from chkco nfi g management or by turning off acpi d .
Note
This is the preferred method of disabling ACPI Soft-Off.
D isable ACPI Soft-Off with chkco nfi g management at each cluster node as follows:
1. Run either of the following commands:
chkco nfi g --d el acpi d — This command removes acpi d from chkco nfi g
management.
— OR —
chkco nfi g --l evel 234 5 acpi d o ff — This command turns off acpi d .
2. Reboot the node.
3. When the cluster is configured and running, verify that the node turns off immediately when
fenced.
Note
You can fence the node with the fence_no d e command or C o n g a.
1.1.2. Disabling ACPI Soft -Off wit h t he BIOS
The preferred method of disabling ACPI Soft-Off is with chkco nfi g management (Section 1.1.1,
“ D isabling ACPI Soft-Off with chkco nfi g Management” ). However, if the preferred method is not
effective for your cluster, follow the procedure in this section.
8
⁠Chapt er 1 . Fencing Pre- Configurat ion
Note
D isabling ACPI Soft-Off with the BIOS may not be possible with some computers.
You can disable ACPI Soft-Off by configuring the BIOS of each cluster node as follows:
1. Reboot the node and start the BIO S C MO S Setup Uti l i ty program.
2. Navigate to the Po wer menu (or equivalent power management menu).
3. At the Po wer menu, set the So f t - O f f b y PWR - B T T N function (or equivalent) to In st an t O f f (or the equivalent setting that turns off the node via the power button without delay).
Example 1.1, “ BIO S C MO S Setup Uti l i ty: Soft-Off by PWR-BTTN set to Instant-Off”
shows a Po wer menu with AC PI Fu n ct io n set to En ab led and So f t - O f f b y PWR - B T T N
set to In st an t - O f f .
Note
The equivalents to AC PI Fu n ct io n , So f t - O f f b y PWR - B T T N , and In st an t - O f f may
vary among computers. However, the objective of this procedure is to configure the
BIOS so that the computer is turned off via the power button without delay.
4. Exit the BIO S C MO S Setup Uti l i ty program, saving the BIOS configuration.
5. When the cluster is configured and running, verify that the node turns off immediately when
fenced.
Note
You can fence the node with the fence_no d e command or C o n g a.
Examp le 1.1. BIO S C MO S Setup Uti l i ty: So f t - O f f b y PWR - B T T N set t o In st an t - O f f
+------------------------------------------|-----------------+
|
ACPI Function
[Enabled]
| Item Help
|
|
ACPI Suspend Type
[S1(POS)]
|-----------------|
| x Run VGABIOS if S3 Resume [Auto]
| Menu Level
* |
|
Suspend Mode
[Disabled]
|
|
|
HDD Power Down
[Disabled]
|
|
|
Soft-Off by PWR-BTTN
[Instant-Off]|
|
|
CPU THRM-Throttling
[50.0%]
|
|
|
Wake-Up by PCI card
[Enabled]
|
|
|
Power On by Ring
[Enabled]
|
|
|
Wake Up On LAN
[Enabled]
|
|
| x USB KB Wake-Up From S3
[Disabled]
|
|
|
Resume by Alarm
[Disabled]
|
|
| x Date(of Month) Alarm
0
|
|
| x Time(hh:mm:ss) Alarm
0 : 0 :
|
|
9
Fence Configurat ion G uide
|
POWER ON Function
[BUTTON ONLY]|
|
| x KB Power ON Password
Enter
|
|
| x Hot Key Power ON
Ctrl-F1
|
|
+------------------------------------------|-----------------+
This example shows AC PI Fu n ct io n set to En ab led , and So f t - O f f b y PWR - B T T N set to
In st an t - O f f .
1.1.3. Disabling ACPI Complet ely in t he g rub. co nf File
The preferred method of disabling ACPI Soft-Off is with chkco nfi g management (Section 1.1.1,
“ D isabling ACPI Soft-Off with chkco nfi g Management” ). If the preferred method is not effective for
your cluster, you can disable ACPI Soft-Off with the BIOS power management (Section 1.1.2,
“ D isabling ACPI Soft-Off with the BIOS” ). If neither of those methods is effective for your cluster, you
can disable ACPI completely by appending acpi = o ff to the kernel boot command line in the
g rub. co nf file.
Important
This method completely disables ACPI; some computers do not boot correctly if ACPI is
completely disabled. Use this method only if the other methods are not effective for your cluster.
You can disable ACPI completely by editing the g rub. co nf file of each cluster node as follows:
1. Open /bo o t/g rub/g rub. co nf with a text editor.
2. Append acpi = o ff to the kernel boot command line in /bo o t/g rub/g rub. co nf (refer to
Example 1.2, “ Kernel Boot Command Line with acpi = o ff Appended to It” ).
3. Reboot the node.
4. When the cluster is configured and running, verify that the node turns off immediately when
fenced.
Note
You can fence the node with the fence_no d e command or C o n g a.
Examp le 1.2. K ern el B o o t C o mman d Lin e wit h acpi = o ff Ap p en d ed t o It
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this
file
# NOTICE: You have a /boot partition. This means that
#
all kernel and initrd paths are relative to /boot/, eg.
#
root (hd0,0)
#
kernel /vmlinuz-version ro root=/dev/mapper/vg_doc01lv_root
#
initrd /initrd-[generic-]version.img
10
⁠Chapt er 1 . Fencing Pre- Configurat ion
#boot=/dev/hda
default=0
timeout=5
serial --unit=0 --speed=115200
terminal --timeout=5 serial console
title Red Hat Enterprise Linux Server (2.6.32-193.el6.x86_64)
root (hd0,0)
kernel /vmlinuz-2.6.32-193.el6.x86_64 ro
root=/dev/mapper/vg_doc01-lv_root console=ttyS0,115200n8 acpi=off
initrd /initramrs-2.6.32-131.0.15.el6.x86_64.img
In this example, acpi = o ff has been appended to the kernel boot command line — the line
starting with " kernel /vmlinuz-2.6.32-193.el6.x86_64.img" .
1.2. SELinux
The High Availability Add-On for Red Hat Enterprise Linux 6 supports SELinux in the enfo rci ng
state with the SELinux policy type set to targ eted .
Note
When using SELinux with the High Availability Add-On in a VM environment, you should
ensure that the SELinux boolean fenced _can_netwo rk_co nnect is persistently set to o n.
This allows the fence_xvm fencing agent to work properly, enabling the system to fence
virtual machines.
For more information about SELinux, refer to Deployment Guide for Red Hat Enterprise Linux 6.
11
Fence Configurat ion G uide
Chapter 2. Configuring Fencing with the ccs Command
As of the Red Hat Enterprise Linux 6.1 release and later, the Red Hat High Availability Add-On
provides support for the ccs cluster configuration command. The ccs command allows an
administrator to create, modify and view the cl uster. co nf cluster configuration file. You can use
the ccs command to configure a cluster configuration file on a local file system or on a remote node.
Using the ccs command, an administrator can also start and stop the cluster services on one or all
of the nodes in a configured cluster.
This chapter describes how to configure the Red Hat High Availability Add-On cluster configuration
file using the ccs command.
This chapter consists of the following sections:
Section 2.1, “ Configuring Fence D evices”
Note
Make sure that your deployment of High Availability Add-On meets your needs and can be
supported. Consult with an authorized Red Hat representative to verify your configuration
prior to deployment. In addition, allow time for a configuration burn-in period to test failure
modes.
Note
This chapter references commonly used cl uster. co nf elements and attributes. For a
comprehensive list and description of cl uster. co nf elements and attributes, refer to the
cluster schema at /usr/share/cl uster/cl uster. rng , and the annotated schema at
/usr/share/d o c/cman-X. Y . ZZ/cl uster_co nf. html (for example
/usr/share/d o c/cman-3. 0 . 12/cl uster_co nf. html ).
2.1. Configuring Fence Devices
Configuring fence devices consists of creating, updating, and deleting fence devices for the cluster.
You must create and name the fence devices in a cluster before you can configure fencing for the
nodes in the cluster. For information on configuring fencing for the individual nodes in the cluster,
see Section 2.3, “ Configuring Fencing for Cluster Members” .
Before configuring your fence devices, you may want to modify some of the fence daemon properties
for your system from the default values. The values you configure for the fence daemon are general
values for the cluster. The general fencing properties for the cluster you may want to modify are
summarized as follows:
The po st_fai l _d el ay attribute is the number of seconds the fence daemon (fenced ) waits
before fencing a node (a member of the fence domain) after the node has failed. The
po st_fai l _d el ay default value is 0 . Its value may be varied to suit cluster and network
performance.
12
⁠Chapt er 2 . Configuring Fencing wit h t he ccs Command
The po st-jo i n_d el ay attribute is the number of seconds the fence daemon (fenced ) waits
before fencing a node after the node joins the fence domain. The po st_jo i n_d el ay default
value is 6 . A typical setting for po st_jo i n_d el ay is between 20 and 30 seconds, but can vary
according to cluster and network performance.
You reset the values of the po st_fai l _d el ay and po st_jo i n_d el ay attributes with the -setfenced aemo n option of the ccs command. Note, however, that executing the ccs -setfenced aemo n command overwrites all existing fence daemon properties.
For example, to configure a value for the po st_fai l _d el ay attribute, execute the following
command. This command will overwrite the values of all other exisiting fence daemon properties that
you can set with this command.
ccs -h host --setfencedaemon post_fail_delay=value
To configure a value for the po st_jo i n_d el ay attribute, execute the following command. This
command will overwrite the values of all other exisiting fence daemon properties that you can set with
this command.
ccs -h host --setfencedaemon post_join_delay=value
To configure a value for both the the po st_jo i n_d el ay attribute and the po st_fai l _d el ay
attribute, execute the following command:
ccs -h host --setfencedaemon post_fail_delay=value post_join_delay=value
Note
For more information about the po st_jo i n_d el ay and po st_fai l _d el ay attributes as
well as the additional fence daemon properties you can modify, refer to the fenced(8) man
page and refer to the cluster schema at /usr/share/cl uster/cl uster. rng , and the
annotated schema at /usr/share/d o c/cman-X. Y . ZZ/cl uster_co nf. html .
To configure a fence device for a cluster, execute the following command:
ccs -h host --addfencedev
devicename
[fencedeviceoptions]
For example, to configure an APC fence device in the configuration file on the cluster node no d e-0 1
named myfence with an IP address of apc_i p_exampl e, a login of l o g i n_exampl e, and a
password of passwo rd _exampl e, execute the following command:
ccs -h node-01 --addfencedev myfence agent=fence_apc
ipaddr=apc_ip_example login=login_example passwd=password_example
The following example shows the fenced evi ces section of the cl uster. co nf configuration file
after you have added this APC fence device:
<fencedevices>
<fencedevice agent="fence_apc" ipaddr="apc_ip_example"
13
Fence Configurat ion G uide
login="login_example" name="myfence" passwd="password_example"/>
</fencedevices>
When configuring fence devices for a cluster, you may find it useful to see a listing of available
devices for your cluster and the options available for each device. You may also find it useful to see
a listing of fence devices currently configured for your cluster. For information on using the ccs
command to print a list of available fence devices and options or to print a list of fence devices
currently configured for your cluster, refer to Section 2.2, “ Listing Fence D evices and Fence D evice
Options” .
To remove a fence device from your cluster configuration, execute the following command:
ccs -h host --rmfencedev fence_device_name
For example, to remove a fence device that you have named myfence from the cluster configuration
file on cluster node no d e-0 1, execute the following command:
ccs -h node-01 --rmfencedev myfence
If you need to modify the attributes of a fence device you have already configured, you must first
remove that fence device then add it again with the modified attributes.
Note that when you have finished configuring all of the components of your cluster, you will need to
sync the cluster configuration file to all of the nodes.
2.2. List ing Fence Devices and Fence Device Opt ions
You can use the ccs command to print a list of available fence devices and to print a list of options
for each available fence type. You can also use the ccs command to print a list of fence devices
currently configured for your cluster.
To print a list of fence devices currently available for your cluster, execute the following command:
ccs -h host --lsfenceopts
For example, the following command lists the fence devices available on the cluster node no d e-0 1,
showing sample output.
[root@ ask-03 ~]# ccs -h no d e-0 1 --l sfenceo pts
fence_apc - Fence agent for APC over telnet/ssh
fence_apc_snmp - Fence agent for APC, Tripplite PDU over SNMP
fence_bladecenter - Fence agent for IBM BladeCenter
fence_bladecenter_snmp - Fence agent for IBM BladeCenter over SNMP
fence_brocade - Fence agent for HP Brocade over telnet/ssh
fence_cisco_mds - Fence agent for Cisco MDS
fence_cisco_ucs - Fence agent for Cisco UCS
fence_drac - fencing agent for Dell Remote Access Card
fence_drac5 - Fence agent for Dell DRAC CMC/5
fence_eaton_snmp - Fence agent for Eaton over SNMP
fence_egenera - I/O Fencing agent for the Egenera BladeFrame
fence_emerson - Fence agent for Emerson over SNMP
fence_eps - Fence agent for ePowerSwitch
fence_hpblade - Fence agent for HP BladeSystem
fence_ibmblade - Fence agent for IBM BladeCenter over SNMP
14
⁠Chapt er 2 . Configuring Fencing wit h t he ccs Command
fence_idrac - Fence agent for IPMI
fence_ifmib - Fence agent for IF MIB
fence_ilo - Fence agent for HP iLO
fence_ilo2 - Fence agent for HP iLO
fence_ilo3 - Fence agent for IPMI
fence_ilo3_ssh - Fence agent for HP iLO over SSH
fence_ilo4 - Fence agent for IPMI
fence_ilo4_ssh - Fence agent for HP iLO over SSH
fence_ilo_moonshot - Fence agent for HP Moonshot iLO
fence_ilo_mp - Fence agent for HP iLO MP
fence_ilo_ssh - Fence agent for HP iLO over SSH
fence_imm - Fence agent for IPMI
fence_intelmodular - Fence agent for Intel Modular
fence_ipdu - Fence agent for iPDU over SNMP
fence_ipmilan - Fence agent for IPMI
fence_kdump - Fence agent for use with kdump
fence_mpath - Fence agent for multipath persistent reservation
fence_pcmk - Helper that presents a RHCS-style interface to stonith-ng
for CMAN based clusters
fence_rhevm - Fence agent for RHEV-M REST API
fence_rsa - Fence agent for IBM RSA
fence_rsb - I/O Fencing agent for Fujitsu-Siemens RSB
fence_sanbox2 - Fence agent for QLogic SANBox2 FC switches
fence_sanlock - Fence agent for watchdog and shared storage
fence_scsi - fence agent for SCSI-3 persistent reservations
fence_tripplite_snmp - Fence agent for APC, Tripplite PDU over SNMP
fence_virsh - Fence agent for virsh
fence_virt - Fence agent for virtual machines
fence_vmware - Fence agent for VMWare
fence_vmware_soap - Fence agent for VMWare over SOAP API
fence_wti - Fence agent for WTI
fence_xvm - Fence agent for virtual machines
[root@ host-138 ~]# ccs -h host-138 --lsfenceopts
fence_apc - Fence agent for APC over telnet/ssh
fence_apc_snmp - Fence agent for APC, Tripplite PDU over SNMP
fence_bladecenter - Fence agent for IBM BladeCenter
fence_bladecenter_snmp - Fence agent for IBM BladeCenter over SNMP
fence_brocade - Fence agent for HP Brocade over telnet/ssh
fence_cisco_mds - Fence agent for Cisco MDS
fence_cisco_ucs - Fence agent for Cisco UCS
fence_drac - fencing agent for Dell Remote Access Card
fence_drac5 - Fence agent for Dell DRAC CMC/5
fence_eaton_snmp - Fence agent for Eaton over SNMP
fence_egenera - I/O Fencing agent for the Egenera BladeFrame
fence_emerson - Fence agent for Emerson over SNMP
fence_eps - Fence agent for ePowerSwitch
fence_hpblade - Fence agent for HP BladeSystem
fence_ibmblade - Fence agent for IBM BladeCenter over SNMP
fence_idrac - Fence agent for IPMI
fence_ifmib - Fence agent for IF MIB
fence_ilo - Fence agent for HP iLO
fence_ilo2 - Fence agent for HP iLO
fence_ilo3 - Fence agent for IPMI
fence_ilo3_ssh - Fence agent for HP iLO over SSH
fence_ilo4 - Fence agent for IPMI
fence_ilo4_ssh - Fence agent for HP iLO over SSH
15
Fence Configurat ion G uide
fence_ilo_moonshot - Fence agent for HP Moonshot iLO
fence_ilo_mp - Fence agent for HP iLO MP
fence_ilo_ssh - Fence agent for HP iLO over SSH
fence_imm - Fence agent for IPMI
fence_intelmodular - Fence agent for Intel Modular
fence_ipdu - Fence agent for iPDU over SNMP
fence_ipmilan - Fence agent for IPMI
fence_kdump - Fence agent for use with kdump
fence_mpath - Fence agent for multipath persistent reservation
fence_pcmk - Helper that presents a RHCS-style interface to stonith-ng
for CMAN based clusters
fence_rhevm - Fence agent for RHEV-M REST API
fence_rsa - Fence agent for IBM RSA
fence_rsb - I/O Fencing agent for Fujitsu-Siemens RSB
fence_sanbox2 - Fence agent for QLogic SANBox2 FC switches
fence_sanlock - Fence agent for watchdog and shared storage
fence_scsi - fence agent for SCSI-3 persistent reservations
fence_tripplite_snmp - Fence agent for APC, Tripplite PDU over SNMP
fence_virsh - Fence agent for virsh
fence_virt - Fence agent for virtual machines
fence_vmware - Fence agent for VMWare
fence_vmware_soap - Fence agent for VMWare over SOAP API
fence_wti - Fence agent for WTI
fence_xvm - Fence agent for virtual machines
To print a list of the options you can specify for a particular fence type, execute the following
command:
ccs -h host --lsfenceopts fence_type
For example, the following command lists the fence options for the fence_wti fence agent.
[root@ ask-03 ~]# ccs -h no d e-0 1 --l sfenceo pts fence_wti
fence_wti - Fence agent for WTI
Required Options:
Optional Options:
option: No description available
action: Fencing Action
ipaddr: IP Address or Hostname
login: Login Name
passwd: Login password or passphrase
passwd_script: Script to retrieve password
cmd_prompt: Force command prompt
secure: SSH connection
identity_file: Identity file for ssh
port: Physical plug number or name of virtual machine
inet4_only: Forces agent to use IPv4 addresses only
inet6_only: Forces agent to use IPv6 addresses only
ipport: TCP port to use for connection with device
verbose: Verbose mode
debug: Write debug information to given file
version: Display version information and exit
help: Display help and exit
separator: Separator for CSV created by operation list
power_timeout: Test X seconds for status change after ON/OFF
16
⁠Chapt er 2 . Configuring Fencing wit h t he ccs Command
shell_timeout: Wait X seconds for cmd prompt after issuing command
login_timeout: Wait X seconds for cmd prompt after login
power_wait: Wait X seconds after issuing ON/OFF
delay: Wait X seconds before fencing is started
retry_on: Count of attempts to retry power on
To print a list of fence devices currently configured for your cluster, execute the following command:
ccs -h host --lsfencedev
2.3. Configuring Fencing for Clust er Members
Once you have completed the initial steps of creating a cluster and creating fence devices, you need
to configure fencing for the cluster nodes. To configure fencing for the nodes after creating a new
cluster and configuring the fencing devices for the cluster, follow the steps in this section. Note that
you must configure fencing for each node in the cluster.
This section documents the following procedures:
Section 2.3.1, “ Configuring a Single Power-Based Fence D evice for a Node”
Section 2.3.2, “ Configuring a Single Storage-Based Fence D evice for a Node”
Section 2.3.3, “ Configuring a Backup Fence D evice”
Section 2.3.4, “ Configuring a Node with Redundant Power”
Section 2.3.6, “ Removing Fence Methods and Fence Instances”
2.3.1. Configuring a Single Power-Based Fence Device for a Node
Use the following procedure to configure a node with a single power-based fence device that uses a
fence device named apc, which uses the fence_apc fencing agent.
1. Add a fence method for the node, providing a name for the fence method.
ccs -h host --addmethod method node
For example, to configure a fence method named AP C for the node no d e-0 1. exampl e. co m
in the configuration file on the cluster node no d e-0 1. exampl e. co m, execute the following
command:
ccs -h node01.example.com --addmethod APC node01.example.com
2. Add a fence instance for the method. You must specify the fence device to use for the node,
the node this instance applies to, the name of the method, and any options for this method
that are specific to this node:
ccs -h host --addfenceinst fencedevicename node method [options]
For example, to configure a fence instance in the configuration file on the cluster node no d e0 1. exampl e. co m that uses the APC switch power port 1 on the fence device named apc to
fence cluster node no d e-0 1. exampl e. co m using the method named AP C , execute the
following command:
17
Fence Configurat ion G uide
ccs -h node01.example.com --addfenceinst apc node01.example.com APC
port=1
You will need to add a fence method for each node in the cluster. The following commands configure
a fence method for each node with the method name AP C . The device for the fence method specifies
apc as the device name, which is a device previously configured with the --ad d fenced ev option,
as described in Section 2.1, “ Configuring Fence D evices” . Each node is configured with a unique
APC switch power port number: The port number for no d e-0 1. exampl e. co m is 1, the port number
for no d e-0 2. exampl e. co m is 2, and the port number for no d e-0 3. exampl e. co m is 3.
ccs -h
ccs -h
ccs -h
ccs -h
port=1
ccs -h
port=2
ccs -h
port=3
node01.example.com
node01.example.com
node01.example.com
node01.example.com
--addmethod APC node01.example.com
--addmethod APC node02.example.com
--addmethod APC node03.example.com
--addfenceinst apc node01.example.com APC
node01.example.com --addfenceinst apc node02.example.com APC
node01.example.com --addfenceinst apc node03.example.com APC
Example 2.1, “ cl uster. co nf After Adding Power-Based Fence Methods ” shows a cl uster. co nf
configuration file after you have added these fencing methods and instances to each node in the
cluster.
Examp le 2.1. cl uster. co nf Af t er Ad d in g Po wer- B ased Fen ce Met h o d s
<cluster name="mycluster" config_version="3">
<clusternodes>
<clusternode name="node-01.example.com" nodeid="1">
<fence>
<method name="APC">
<device name="apc" port="1"/>
</method>
</fence>
</clusternode>
<clusternode name="node-02.example.com" nodeid="2">
<fence>
<method name="APC">
<device name="apc" port="2"/>
</method>
</fence>
</clusternode>
<clusternode name="node-03.example.com" nodeid="3">
<fence>
<method name="APC">
<device name="apc" port="3"/>
</method>
</fence>
</clusternode>
</clusternodes>
<fencedevices>
<fencedevice agent="fence_apc" ipaddr="apc_ip_example"
login="login_example" name="apc" passwd="password_example"/>
18
⁠Chapt er 2 . Configuring Fencing wit h t he ccs Command
</fencedevices>
<rm>
</rm>
</cluster>
Note that when you have finished configuring all of the components of your cluster, you will need to
sync the cluster configuration file to all of the nodes.
2.3.2. Configuring a Single St orage-Based Fence Device for a Node
When using non-power fencing methods (that is, SAN/storage fencing) to fence a node, you must
configure unfencing for the fence device. This ensures that a fenced node is not re-enabled until the
node has been rebooted. When you configure unfencing for a node, you specify a device that mirrors
the corresponding fence device you have configured for the node with the notable addition of the
explicit action of o n or enabl e.
For more information about unfencing a node, refer to the fence_no d e(8) man page.
Use the following procedure to configure a node with a single storage-based fence device that uses a
fence device named sanswi tch1, which uses the fence_sanbo x2 fencing agent.
1. Add a fence method for the node, providing a name for the fence method.
ccs -h host --addmethod method node
For example, to configure a fence method named SAN for the node no d e-0 1. exampl e. co m
in the configuration file on the cluster node no d e-0 1. exampl e. co m, execute the following
command:
ccs -h node01.example.com --addmethod SAN
node01.example.com
2. Add a fence instance for the method. You must specify the fence device to use for the node,
the node this instance applies to, the name of the method, and any options for this method
that are specific to this node:
ccs -h host --addfenceinst fencedevicename node method [options]
For example, to configure a fence instance in the configuration file on the cluster node no d e0 1. exampl e. co m that uses the SAN switch power port 11 on the fence device named
sanswi tch1 to fence cluster node no d e-0 1. exampl e. co m using the method named SAN,
execute the following command:
ccs -h node01.example.com --addfenceinst sanswitch1
node01.example.com SAN port=11
3. To configure unfencing for the storage based fence device on this node, execute the following
command:
ccs -h host --addunfence fencedevicename node action=on|off
You will need to add a fence method for each node in the cluster. The following commands configure
a fence method for each node with the method name SAN. The device for the fence method specifies
sanswi tch as the device name, which is a device previously configured with the --addfencedev
19
Fence Configurat ion G uide
option, as described in Section 2.1, “ Configuring Fence D evices” . Each node is configured with a
unique SAN physical port number: The port number for no d e-0 1. exampl e. co m is 11, the port
number for no d e-0 2. exampl e. co m is 12, and the port number for no d e-0 3. exampl e. co m is
13.
ccs -h node01.example.com
ccs -h node01.example.com
ccs -h node01.example.com
ccs -h node01.example.com
SAN port=11
ccs -h node01.example.com
SAN port=12
ccs -h node01.example.com
SAN port=13
ccs -h node01.example.com
port=11 action=on
ccs -h node01.example.com
port=12 action=on
ccs -h node01.example.com
port=13 action=on
--addmethod SAN node01.example.com
--addmethod SAN node02.example.com
--addmethod SAN node03.example.com
--addfenceinst sanswitch1 node01.example.com
--addfenceinst sanswitch1 node02.example.com
--addfenceinst sanswitch1 node03.example.com
--addunfence sanswitch1 node01.example.com
--addunfence sanswitch1 node02.example.com
--addunfence sanswitch1 node03.example.com
Example 2.2, “ cl uster. co nf After Adding Storage-Based Fence Methods ” shows a
cl uster. co nf configuration file after you have added fencing methods, fencing instances, and
unfencing to each node in the cluster.
Examp le 2.2. cl uster. co nf Af t er Ad d in g St o rag e- B ased Fen ce Met h o d s
<cluster name="mycluster" config_version="3">
<clusternodes>
<clusternode name="node-01.example.com" nodeid="1">
<fence>
<method name="SAN">
<device name="sanswitch1" port="11"/>
</method>
</fence>
<unfence>
<device name="sanswitch1" port="11" action="on"/>
</unfence>
</clusternode>
<clusternode name="node-02.example.com" nodeid="2">
<fence>
<method name="SAN">
<device name="sanswitch1" port="12"/>
</method>
</fence>
<unfence>
<device name="sanswitch1" port="12" action="on"/>
</unfence>
</clusternode>
<clusternode name="node-03.example.com" nodeid="3">
<fence>
<method name="SAN">
<device name="sanswitch1" port="13"/>
</method>
20
⁠Chapt er 2 . Configuring Fencing wit h t he ccs Command
</fence>
<unfence>
<device name="sanswitch1" port="13" action="on"/>
</unfence>
</clusternode>
</clusternodes>
<fencedevices>
<fencedevice agent="fence_sanbox2" ipaddr="san_ip_example"
login="login_example" name="sanswitch1" passwd="password_example"/>
</fencedevices>
<rm>
</rm>
</cluster>
Note that when you have finished configuring all of the components of your cluster, you will need to
sync the cluster configuration file to all of the nodes.
2.3.3. Configuring a Backup Fence Device
You can define multiple fencing methods for a node. If fencing fails using the first method, the system
will attempt to fence the node using the second method, followed by any additional methods you
have configured. To configure a backup fencing method for a node, you configure two methods for a
node, configuring a fence instance for each method.
Note
The order in which the system will use the fencing methods you have configured follows their
order in the cluster configuration file. The first method you configure with the ccs command is
the primary fencing method, and the second method you configure is the backup fencing
method. To change the order, you can remove the primary fencing method from the
configuration file, then add that method back.
Note that at any time you can print a list of fence methods and instances currently configured for a
node by executing the following command. If you do not specify a node, this command will list the
fence methods and instances currently configured for all nodes.
ccs -h host --lsfenceinst [node]
Use the following procedure to configure a node with a primary fencing method that uses a fence
device named apc, which uses the fence_apc fencing agent, and a backup fencing device that
uses a fence device named sanswi tch1, which uses the fence_sanbo x2 fencing agent. Since the
sanswi tch1 device is a storage-based fencing agent, you will need to configure unfencing for that
device as well.
1. Add a primary fence method for the node, providing a name for the fence method.
ccs -h host --addmethod method node
For example, to configure a fence method named AP C as the primary method for the node
no d e-0 1. exampl e. co m in the configuration file on the cluster node no d e0 1. exampl e. co m, execute the following command:
21
Fence Configurat ion G uide
ccs -h node01.example.com --addmethod APC node01.example.com
2. Add a fence instance for the primary method. You must specify the fence device to use for the
node, the node this instance applies to, the name of the method, and any options for this
method that are specific to this node:
ccs -h host --addfenceinst fencedevicename node method [options]
For example, to configure a fence instance in the configuration file on the cluster node no d e0 1. exampl e. co m that uses the APC switch power port 1 on the fence device named apc to
fence cluster node no d e-0 1. exampl e. co m using the method named AP C , execute the
following command:
ccs -h node01.example.com --addfenceinst apc node01.example.com APC
port=1
3. Add a backup fence method for the node, providing a name for the fence method.
ccs -h host --addmethod method node
For example, to configure a backup fence method named SAN for the node no d e0 1. exampl e. co m in the configuration file on the cluster node no d e-0 1. exampl e. co m,
execute the following command:
ccs -h node01.example.com --addmethod SAN
node01.example.com
4. Add a fence instance for the backup method. You must specify the fence device to use for the
node, the node this instance applies to, the name of the method, and any options for this
method that are specific to this node:
ccs -h host --addfenceinst fencedevicename node method [options]
For example, to configure a fence instance in the configuration file on the cluster node no d e0 1. exampl e. co m that uses the SAN switch power port 11 on the fence device named
sanswi tch1 to fence cluster node no d e-0 1. exampl e. co m using the method named SAN,
execute the following command:
ccs -h node01.example.com --addfenceinst sanswitch1
node01.example.com SAN port=11
5. Since the sanswi tch1 device is a storage-based device, you must configure unfencing for
this device.
ccs -h node01.example.com --addunfence sanswitch1
node01.example.com port=11 action=on
You can continue to add fencing methods as needed.
This procedure configures a fence device and a backup fence device for one node in the cluster. You
will need to configure fencing for the other nodes in the cluster as well.
22
⁠Chapt er 2 . Configuring Fencing wit h t he ccs Command
Example 2.3, “ cl uster. co nf After Adding Backup Fence Methods ” shows a cl uster. co nf
configuration file after you have added a power-based primary fencing method and a storage-based
backup fencing method to each node in the cluster.
Examp le 2.3. cl uster. co nf Af t er Ad d in g B acku p Fen ce Met h o d s
<cluster name="mycluster" config_version="3">
<clusternodes>
<clusternode name="node-01.example.com" nodeid="1">
<fence>
<method name="APC">
<device name="apc" port="1"/>
</method>
<method name="SAN">
<device name="sanswitch1" port="11"/>
</method>
</fence>
<unfence>
<device name="sanswitch1" port="11" action="on"/>
</unfence
</clusternode>
<clusternode name="node-02.example.com" nodeid="2">
<fence>
<method name="APC">
<device name="apc" port="2"/>
</method>
<method name="SAN">
<device name="sanswitch1" port="12"/>
</method>
</fence>
<unfence>
<device name="sanswitch1" port="12" action="on"/>
</unfence
</clusternode>
<clusternode name="node-03.example.com" nodeid="3">
<fence>
<method name="APC">
<device name="apc" port="3"/>
</method>
<method name="SAN">
<device name="sanswitch1" port="13"/>
</method>
</fence>
<unfence>
<device name="sanswitch1" port="13" action="on"/>
</unfence
</clusternode>
</clusternodes>
<fencedevices>
<fencedevice agent="fence_apc" ipaddr="apc_ip_example"
login="login_example" name="apc" passwd="password_example"/>
<fencedevice agent="fence_sanbox2" ipaddr="san_ip_example"
login="login_example" name="sanswitch1" passwd="password_example"/>
</fencedevices>
23
Fence Configurat ion G uide
<rm>
</rm>
</cluster>
Note that when you have finished configuring all of the components of your cluster, you will need to
sync the cluster configuration file to all of the nodes.
Note
The order in which the system will use the fencing methods you have configured follows their
order in the cluster configuration file. The first method you configure is the primary fencing
method, and the second method you configure is the backup fencing method. To change the
order, you can remove the primary fencing method from the configuration file, then add that
method back.
2.3.4 . Configuring a Node wit h Redundant Power
If your cluster is configured with redundant power supplies for your nodes, you must be sure to
configure fencing so that your nodes fully shut down when they need to be fenced. If you configure
each power supply as a separate fence method, each power supply will be fenced separately; the
second power supply will allow the system to continue running when the first power supply is fenced
and the system will not be fenced at all. To configure a system with dual power supplies, you must
configure your fence devices so that both power supplies are shut off and the system is taken
completely down. This requires that you configure two instances within a single fencing method, and
that for each instance you configure both fence devices with an acti o n attribute of o ff before
configuring each of the devices with an acti o n attribute of o n.
To configure fencing for a node with dual power supplies, follow the steps in this section.
1. Before you can configure fencing for a node with redundant power, you must configure each
of the power switches as a fence device for the cluster. For information on configuring fence
devices, see Section 2.1, “ Configuring Fence D evices” .
To print a list of fence devices currently configured for your cluster, execute the following
command:
ccs -h host --lsfencedev
2. Add a fence method for the node, providing a name for the fence method.
ccs -h host --addmethod method node
For example, to configure a fence method named AP C -d ual for the node no d e0 1. exampl e. co m in the configuration file on the cluster node no d e-0 1. exampl e. co m,
execute the following command:
ccs -h node01.example.com --addmethod APC-dual node01.example.com
24
⁠Chapt er 2 . Configuring Fencing wit h t he ccs Command
3. Add a fence instance for the first power supply to the fence method. You must specify the
fence device to use for the node, the node this instance applies to, the name of the method,
and any options for this method that are specific to this node. At this point you configure the
acti o n attribute as o ff.
ccs -h host --addfenceinst fencedevicename node method [options]
action=off
For example, to configure a fence instance in the configuration file on the cluster node no d e0 1. exampl e. co m that uses the APC switch power port 1 on the fence device named apc1 to
fence cluster node no d e-0 1. exampl e. co m using the method named AP C -d ual , and
setting the acti o n attribute to o ff, execute the following command:
ccs -h node01.example.com --addfenceinst apc1 node01.example.com
APC-dual port=1 action=off
4. Add a fence instance for the second power supply to the fence method. You must specify the
fence device to use for the node, the node this instance applies to, the name of the method,
and any options for this method that are specific to this node. At this point you configure the
acti o n attribute as o ff for this instance as well:
ccs -h host --addfenceinst fencedevicename node method [options]
action=off
For example, to configure a second fence instance in the configuration file on the cluster
node no d e-0 1. exampl e. co m that uses the APC switch power port 1 on the fence device
named apc2 to fence cluster node no d e-0 1. exampl e. co m using the same method as you
specified for the first instance named AP C -d ual , and setting the acti o n attribute to o ff,
execute the following command:
ccs -h node01.example.com --addfenceinst apc2 node01.example.com
APC-dual port=1 action=off
5. At this point, add another fence instance for the first power supply to the fence method,
configuring the acti o n attribute as o n. You must specify the fence device to use for the
node, the node this instance applies to, the name of the method, and any options for this
method that are specific to this node, and specifying the acti o n attribute as o n:
ccs -h host --addfenceinst fencedevicename node method [options]
action=on
For example, to configure a fence instance in the configuration file on the cluster node no d e0 1. exampl e. co m that uses the APC switch power port 1 on the fence device named apc1 to
fence cluster node no d e-0 1. exampl e. co m using the method named AP C -d ual , and
setting the acti o n attribute to o n, execute the following command:
ccs -h node01.example.com --addfenceinst apc1 node01.example.com
APC-dual port=1 action=on
6. Add another fence instance for second power supply to the fence method, specifying the
acti o n attribute as o n for this instance. You must specify the fence device to use for the
node, the node this instance applies to, the name of the method, and any options for this
method that are specific to this node as well as the acti o n attribute of o n.
25
Fence Configurat ion G uide
ccs -h host --addfenceinst fencedevicename node method [options]
action=on
For example, to configure a second fence instance in the configuration file on the cluster
node no d e-0 1. exampl e. co m that uses the APC switch power port 1 on the fence device
named apc2 to fence cluster node no d e-0 1. exampl e. co m using the same method as you
specified for the first instance named AP C -d ual and setting the acti o n attribute to o n,
execute the following command:
ccs -h node01.example.com --addfenceinst apc2 node01.example.com
APC-dual port=1 action=on
Example 2.4, “ cl uster. co nf After Adding D ual-Power Fencing ” shows a cl uster. co nf
configuration file after you have added fencing for two power supplies for each node in a cluster.
Examp le 2.4 . cl uster. co nf Af t er Ad d in g D u al- Po wer Fen cin g
<cluster name="mycluster" config_version="3">
<clusternodes>
<clusternode name="node-01.example.com" nodeid="1">
<fence>
<method name="APC-dual">
<device name="apc1" port="1"action="off"/>
<device name="apc2" port="1"action="off"/>
<device name="apc1" port="1"action="on"/>
<device name="apc2" port="1"action="on"/>
</method>
</fence>
</clusternode>
<clusternode name="node-02.example.com" nodeid="2">
<fence>
<method name="APC-dual">
<device name="apc1" port="2"action="off"/>
<device name="apc2" port="2"action="off"/>
<device name="apc1" port="2"action="on"/>
<device name="apc2" port="2"action="on"/>
</method>
</fence>
</clusternode>
<clusternode name="node-03.example.com" nodeid="3">
<fence>
<method name="APC-dual">
<device name="apc1" port="3"action="off"/>
<device name="apc2" port="3"action="off"/>
<device name="apc1" port="3"action="on"/>
<device name="apc2" port="3"action="on"/>
</method>
</fence>
</clusternode>
</clusternodes>
<fencedevices>
<fencedevice agent="fence_apc" ipaddr="apc_ip_example"
login="login_example" name="apc1" passwd="password_example"/>
26
⁠Chapt er 2 . Configuring Fencing wit h t he ccs Command
<fencedevice agent="fence_apc" ipaddr="apc_ip_example"
login="login_example" name="apc2" passwd="password_example"/>
</fencedevices>
<rm>
</rm>
</cluster>
Note that when you have finished configuring all of the components of your cluster, you will need to
sync the cluster configuration file to all of the nodes.
2.3.5. T est ing t he Fence Configurat ion
As of Red Hat Enterprise Linux Release 6.4, you can test the fence configuration for each node in a
cluster with the fence_check utility.
The following example shows the output of a successful execution of this command.
[root@ host-098 ~]# fence_check
fence_check run at Wed Jul 23 09:13:57 CDT 2014 pid: 4769
Testing host-098 method 1: success
Testing host-099 method 1: success
Testing host-100 method 1: success
For information on this utility, see the fence_check(8) man page.
2.3.6. Removing Fence Met hods and Fence Inst ances
To remove a fence method from your cluster configuration, execute the following command:
ccs -h host --rmmethod method node
For example, to remove a fence method that you have named AP C that you have configured for
no d e0 1. exampl e. co m from the cluster configuration file on cluster node
no d e0 1. exampl e. co m, execute the following command:
ccs -h node01.example.com
--rmmethod APC node01.example.com
To remove all fence instances of a fence device from a fence method, execute the following command:
ccs -h host --rmfenceinst fencedevicename node method
For example, to remove all instances of the fence device named apc1 from the method named AP C d ual configured for no d e0 1. exampl e. co m from the cluster configuration file on cluster node
no d e0 1. exampl e. co m, execute the following command:
ccs -h node01.example.com --rmfenceinst apc1 node01.example.com APC-dual
27
Fence Configurat ion G uide
Chapter 3. Configuring Fencing with Conga
This chapter describes how to configure fencing in Red Hat High Availability Add-On using C o n g a.
Note
Conga is a graphical user interface that you can use to administer the Red Hat High
Availability Add-On. Note, however, that in order to use this interface effectively you need to
have a good and clear understanding of the underlying concepts. Learning about cluster
configuration by exploring the available features in the user interface is not recommended, as
it may result in a system that is not robust enough to keep all services running when
components fail.
Section 3.2, “ Configuring Fence D evices”
3.1. Configuring Fence Daemon Propert ies
Clicking on the Fen ce D aemo n tab displays the Fen ce D aemo n Pro p ert ies page, which provides
an interface for configuring Po st Fail D elay and Po st Jo in D elay. The values you configure for
these parameters are general fencing properties for the cluster. To configure specific fence devices
for the nodes of the cluster, use the Fen ce D evices menu item of the cluster display, as described in
Section 3.2, “ Configuring Fence D evices” .
The Po st Fail D elay parameter is the number of seconds the fence daemon (fenced ) waits
before fencing a node (a member of the fence domain) after the node has failed. The Po st Fail
D elay default value is 0 . Its value may be varied to suit cluster and network performance.
The Po st Jo in D elay parameter is the number of seconds the fence daemon (fenced ) waits
before fencing a node after the node joins the fence domain. The Po st Jo in D elay default value
is 6 . A typical setting for Po st Jo in D elay is between 20 and 30 seconds, but can vary
according to cluster and network performance.
Enter the values required and click Appl y for changes to take effect.
Note
For more information about Po st Jo in D elay and Po st Fail D elay, refer to the fenced(8)
man page.
3.2. Configuring Fence Devices
Configuring fence devices consists of creating, updating, and deleting fence devices for the cluster.
You must configure the fence devices in a cluster before you can configure fencing for the nodes in
the cluster.
Creating a fence device consists of selecting a fence device type and entering parameters for that
fence device (for example, name, IP address, login, and password). Updating a fence device consists
of selecting an existing fence device and changing parameters for that fence device. D eleting a fence
device consists of selecting an existing fence device and deleting it.
28
⁠Chapt er 3. Configuring Fencing wit h Conga
This section provides procedures for the following tasks:
Creating fence devices — Refer to Section 3.2.1, “ Creating a Fence D evice” . Once you have
created and named a fence device, you can configure the fence devices for each node in the
cluster, as described in Section 3.3, “ Configuring Fencing for Cluster Members” .
Updating fence devices — Refer to Section 3.2.2, “ Modifying a Fence D evice” .
D eleting fence devices — Refer to Section 3.2.3, “ D eleting a Fence D evice” .
From the cluster-specific page, you can configure fence devices for that cluster by clicking on Fen ce
D evices along the top of the cluster display. This displays the fence devices for the cluster and
displays the menu items for fence device configuration: Ad d and D elet e. This is the starting point of
each procedure described in the following sections.
Note
If this is an initial cluster configuration, no fence devices have been created, and therefore
none are displayed.
Figure 3.1, “ luci fence devices configuration page” shows the fence devices configuration screen
before any fence devices have been created.
Fig u re 3.1. lu ci f en ce d evices co n f ig u rat io n p ag e
3.2.1. Creat ing a Fence Device
To create a fence device, follow these steps:
1. From the Fen ce D evices configuration page, click Ad d . Clicking Ad d displays the Ad d
Fence D evi ce (Instance) dialog box. From this dialog box, select the type of fence
device to configure.
29
Fence Configurat ion G uide
2. Specify the information in the Ad d Fence D evi ce (Instance) dialog box according to
the type of fence device. In some cases you will need to specify additional node-specific
parameters for the fence device when you configure fencing for the individual nodes.
3. Click Submi t.
After the fence device has been added, it appears on the Fen ce D evices configuration page.
3.2.2. Modifying a Fence Device
To modify a fence device, follow these steps:
1. From the Fen ce D evices configuration page, click on the name of the fence device to modify.
This displays the dialog box for that fence device, with the values that have been configured
for the device.
2. To modify the fence device, enter changes to the parameters displayed.
3. Click Appl y and wait for the configuration to be updated.
3.2.3. Delet ing a Fence Device
Note
Fence devices that are in use cannot be deleted. To delete a fence device that a node is
currently using, first update the node fence configuration for any node using the device and
then delete the device.
To delete a fence device, follow these steps:
1. From the Fen ce D evices configuration page, check the box to the left of the fence device or
devices to select the devices to delete.
2. Click D el ete and wait for the configuration to be updated. A message appears indicating
which devices are being deleted.
When the configuration has been updated, the deleted fence device no longer appears in the display.
3.3. Configuring Fencing for Clust er Members
Once you have completed the initial steps of creating a cluster and creating fence devices, you need
to configure fencing for the cluster nodes. To configure fencing for the nodes after creating a new
cluster and configuring the fencing devices for the cluster, follow the steps in this section. Note that
you must configure fencing for each node in the cluster.
The following sections provide procedures for configuring a single fence device for a node,
configuring a node with a backup fence device, and configuring a node with redundant power
supplies:
Section 3.3.1, “ Configuring a Single Fence D evice for a Node”
Section 3.3.2, “ Configuring a Backup Fence D evice”
Section 3.3.3, “ Configuring a Node with Redundant Power”
30
⁠Chapt er 3. Configuring Fencing wit h Conga
3.3.1. Configuring a Single Fence Device for a Node
Use the following procedure to configure a node with a single fence device.
1. From the cluster-specific page, you can configure fencing for the nodes in the cluster by
clicking on N o d es along the top of the cluster display. This displays the nodes that
constitute the cluster. This is also the default page that appears when you click on the cluster
name beneath Man ag e C lu st ers from the menu on the left side of the lu ci H o meb ase
page.
2. Click on a node name. Clicking a link for a node causes a page to be displayed for that link
showing how that node is configured.
The node-specific page displays any services that are currently running on the node, as well
as any failover domains of which this node is a member. You can modify an existing failover
domain by clicking on its name.
3. On the node-specific page, under Fen ce D evices, click Ad d Fence Metho d . This displays
the Ad d Fence Metho d to No d e dialog box.
4. Enter a Met h o d N ame for the fencing method that you are configuring for this node. This is
an arbitrary name that will be used by Red Hat High Availability Add-On; it is not the same as
the D NS name for the device.
5. Click Submi t. This displays the node-specific screen that now displays the method you have
just added under Fen ce D evices.
6. Configure a fence instance for this method by clicking the Ad d Fence Instance button that
appears beneath the fence method. This displays the Ad d Fen ce D evice ( In st an ce) dropdown menu from which you can select a fence device you have previously configured, as
described in Section 3.2.1, “ Creating a Fence D evice” .
7. Select a fence device for this method. If this fence device requires that you configure nodespecific parameters, the display shows the parameters to configure.
Note
For non-power fence methods (that is, SAN/storage fencing), U n f en cin g is selected
by default on the node-specific parameters display. This ensures that a fenced node's
access to storage is not re-enabled until the node has been rebooted. For information
on unfencing a node, refer to the fence_no d e(8) man page.
8. Click Submi t. This returns you to the node-specific screen with the fence method and fence
instance displayed.
3.3.2. Configuring a Backup Fence Device
You can define multiple fencing methods for a node. If fencing fails using the first method, the system
will attempt to fence the node using the second method, followed by any additional methods you
have configured.
Use the following procedure to configure a backup fence device for a node.
1. Use the procedure provided in Section 3.3.1, “ Configuring a Single Fence D evice for a Node”
to configure the primary fencing method for a node.
31
Fence Configurat ion G uide
2. Beneath the display of the primary method you defined, click Ad d Fence Metho d .
3. Enter a name for the backup fencing method that you are configuring for this node and click
Submi t. This displays the node-specific screen that now displays the method you have just
added, below the primary fence method.
4. Configure a fence instance for this method by clicking Ad d Fence Instance. This displays
a drop-down menu from which you can select a fence device you have previously configured,
as described in Section 3.2.1, “ Creating a Fence D evice” .
5. Select a fence device for this method. If this fence device requires that you configure nodespecific parameters, the display shows the parameters to configure.
6. Click Submi t. This returns you to the node-specific screen with the fence method and fence
instance displayed.
You can continue to add fencing methods as needed. You can rearrange the order of fencing
methods that will be used for this node by clicking on Mo ve U p and Mo ve D o wn .
3.3.3. Configuring a Node wit h Redundant Power
If your cluster is configured with redundant power supplies for your nodes, you must be sure to
configure fencing so that your nodes fully shut down when they need to be fenced. If you configure
each power supply as a separate fence method, each power supply will be fenced separately; the
second power supply will allow the system to continue running when the first power supply is fenced
and the system will not be fenced at all. To configure a system with dual power supplies, you must
configure your fence devices so that both power supplies are shut off and the system is taken
completely down. When configuring your system using C o n g a, this requires that you configure two
instances within a single fencing method.
To configure fencing for a node with dual power supplies, follow the steps in this section.
1. Before you can configure fencing for a node with redundant power, you must configure each
of the power switches as a fence device for the cluster. For information on configuring fence
devices, see Section 3.2, “ Configuring Fence D evices” .
2. From the cluster-specific page, click on N o d es along the top of the cluster display. This
displays the nodes that constitute the cluster. This is also the default page that appears when
you click on the cluster name beneath Man ag e C lu st ers from the menu on the left side of
the lu ci H o meb ase page.
3. Click on a node name. Clicking a link for a node causes a page to be displayed for that link
showing how that node is configured.
4. On the node-specific page, click Ad d Fence Metho d .
5. Enter a name for the fencing method that you are configuring for this node.
6. Click Submi t. This displays the node-specific screen that now displays the method you have
just added under Fen ce D evices.
7. Configure the first power supply as a fence instance for this method by clicking Ad d Fence
Instance. This displays a drop-down menu from which you can select one of the power
fencing devices you have previously configured, as described in Section 3.2.1, “ Creating a
Fence D evice” .
8. Select one of the power fence devices for this method and enter the appropriate parameters
for this device.
32
⁠Chapt er 3. Configuring Fencing wit h Conga
9. Click Submi t. This returns you to the node-specific screen with the fence method and fence
instance displayed.
10. Under the same fence method for which you have configured the first power fencing device,
click Ad d Fence Instance. This displays a drop-down menu from which you can select
the second power fencing devices you have previously configured, as described in
Section 3.2.1, “ Creating a Fence D evice” .
11. Select the second of the power fence devices for this method and enter the appropriate
parameters for this device.
12. Click Submi t. This returns you to the node-specific screen with the fence methods and fence
instances displayed, showing that each device will power the system off in sequence and
power the system on in sequence. This is shown in Figure 3.2, “ D ual-Power Fencing
Configuration” .
Fig u re 3.2. D u al- Po wer Fen cin g C o n f ig u rat io n
3.3.4 . T est ing t he Fence Configurat ion
As of Red Hat Enterprise Linux Release 6.4, you can test the fence configuration for each node in a
cluster with the fence_check utility.
The following example shows the output of a successful execution of this command.
[root@ host-098 ~]# fence_check
33
Fence Configurat ion G uide
fence_check run at Wed Jul
Testing host-098 method 1:
Testing host-099 method 1:
Testing host-100 method 1:
23 09:13:57 CDT 2014 pid: 4769
success
success
success
For information on this utility, see the fence_check(8) man page.
34
⁠Chapt er 4 . Fence Devices
Chapter 4. Fence Devices
This chapter documents the fence devices currently supported in Red Hat Enterprise Linux HighAvailability Add-On.
Table 4.1, “ Fence D evice Summary” lists the fence devices, the fence device agents associated with
the fence devices, and provides a reference to the table documenting the parameters for the fence
devices.
T ab le 4 .1. Fen ce D evice Su mmary
Fen ce D evice
Fen ce Ag en t
R ef eren ce t o Paramet er
D escrip t io n
APC Power
Switch
(telnet/SSH)
APC Power
Switch over
SNMP
Brocade
Fabric Switch
Cisco MD S
Cisco UCS
D ell D RAC 5
D ell iD RAC
fence_apc
Table 4.2, “ APC Power Switch
(telnet/SSH)”
fence_apc_snmp
Table 4.3, “ APC Power Switch
over SNMP”
fence_brocade
Eaton Network
Power Switch
(SNMP
Interface)
Egenera
BladeFrame
Emerson
Network Power
Switch (SNMP
Interface)
ePowerSwitch
Fence virt
(Serial/VMCha
nnel Mode)
Fence virt
(fence_xvm/Mu
lticast Mode)
Fujitsu
Siemens
Remoteview
Service Board
(RSB)
fence_eaton_snmp
Table 4.4, “ Brocade Fabric
Switch”
Table 4.5, “ Cisco MD S”
Table 4.6, “ Cisco UCS”
Table 4.7, “ D ell D RAC 5”
Table 4.23, “ IPMI (Intelligent
Platform Management
Interface) LAN, D ell iD rac, IBM
Integrated Management
Module, HPiLO3, HPiLO4”
Table 4.8, “ Eaton Network
Power Controller (SNMP
Interface) (Red Hat Enterprise
Linux 6.4 and later)”
Table 4.9, “ Egenera
BladeFrame”
Table 4.10, “ Emerson Network
Power Switch (SNMP interface)
(Red Hat Enterprise Linux 6.7
and later)”
Table 4.11, “ ePowerSwitch”
Table 4.12, “ Fence virt
(Serial/VMChannel Mode)”
fence_cisco_mds
fence_cisco_ucs
fence_drac5
fence_idrac
fence_egenera
fence_emerson
fence_eps
fence_virt
fence_xvm
Table 4.13, “ Fence virt
(Multicast Mode) ”
fence_rsb
Table 4.14, “ Fujitsu Siemens
Remoteview Service Board
(RSB)”
35
Fence Configurat ion G uide
Fen ce D evice
Fen ce Ag en t
R ef eren ce t o Paramet er
D escrip t io n
HP
BladeSystem
fence_hpblade
HP iLO D evice
fence_ilo
HP iLO2
D evice
HP iLO3
D evice
fence_ilo2
HP iLO4
D evice
fence_ilo4
HP iLO MP
fence_ilo_mp
IBM
BladeCenter
IBM
BladeCenter
SNMP
IBM Integrated
Management
Module
fence_bladecenter
Table 4.15, “ HP BladeSystem
(Red Hat Enterprise Linux 6.4
and later)”
Table 4.16, “ HP iLO (Integrated
Lights Out) and HP iLO2”
Table 4.16, “ HP iLO (Integrated
Lights Out) and HP iLO2”
Table 4.23, “ IPMI (Intelligent
Platform Management
Interface) LAN, D ell iD rac, IBM
Integrated Management
Module, HPiLO3, HPiLO4”
Table 4.23, “ IPMI (Intelligent
Platform Management
Interface) LAN, D ell iD rac, IBM
Integrated Management
Module, HPiLO3, HPiLO4”
Table 4.17, “ HP iLO (Integrated
Lights Out) MP”
Table 4.18, “ IBM BladeCenter”
IBM iPD U
fence_ipdu
IF MIB
Intel Modular
IPMI
(Intelligent
Platform
Management
Interface) Lan
Fence kdump
Multipath
Persistent
Reservation
Fencing
RHEV-M
fencing
fence_ifmib
fence_intelmodular
fence_ipmilan
SCSI Fencing
fence_scsi
36
fence_ilo3
fence_ibmblade
Table 4.19, “ IBM BladeCenter
SNMP”
fence_imm
Table 4.23, “ IPMI (Intelligent
Platform Management
Interface) LAN, D ell iD rac, IBM
Integrated Management
Module, HPiLO3, HPiLO4”
Table 4.20, “ IBM iPD U (Red
Hat Enterprise Linux 6.4 and
later)”
Table 4.21, “ IF MIB”
Table 4.22, “ Intel Modular”
Table 4.23, “ IPMI (Intelligent
Platform Management
Interface) LAN, D ell iD rac, IBM
Integrated Management
Module, HPiLO3, HPiLO4”
Table 4.24, “ Fence kdump”
Table 4.25, “ Multipath
Persistent Reservation Fencing
(Red Hat Enterprise Linux 6.7
and later)”
Table 4.26, “ RHEV-M REST API
(RHEL 6.2 and later against
RHEV 3.0 and later)”
Table 4.27, “ SCSI Reservation
Fencing”
fence_kdump
fence_mpath
fence_rhevm
⁠Chapt er 4 . Fence Devices
Fen ce D evice
Fen ce Ag en t
R ef eren ce t o Paramet er
D escrip t io n
VMware
Fencing
(SOAP
Interface)
WTI Power
Switch
fence_vmware_soap
Table 4.28, “ VMware Fencing
(SOAP Interface) (Red Hat
Enterprise Linux 6.2 and later)”
fence_wti
Table 4.29, “ WTI Power
Switch”
4 .1. APC Power Swit ch over T elnet and SSH
Table 4.2, “ APC Power Switch (telnet/SSH)” lists the fence device parameters used by fence_apc,
the fence agent for APC over telnet/SSH.
T ab le 4 .2. APC Po wer Swit ch ( t eln et /SSH )
lu ci Field
cl uster. co n
f At t rib u t e
D escrip t io n
Name
name
IP Address or
Hostname
IP Port
(optional)
Login
Password
Password
Script
(optional)
Power Wait
(seconds)
Power Timeout
(seconds)
i pad d r
A name for the APC device connected to the cluster into which
the fence daemon logs via telnet/ssh.
The IP address or hostname assigned to the device.
Shell Timeout
(seconds)
Login Timeout
(seconds)
Times to Retry
Power On
Operation
Port
Switch
(optional)
D elay
(optional)
Use SSH
shel l _ti me
o ut
l o g i n_ti me
o ut
retry_o n
SSH Options
Path to SSH
Identity File
i ppo rt
login
passwd
passwd _scri
pt
po wer_wai t
po wer_ti meo
ut
The TCP port to use to connect to the device. The default port is
23, or 22 if Use SSH is selected.
The login name used to access the device.
The password used to authenticate the connection to the device.
The script that supplies a password for access to the fence
device. Using this supersedes the Passwo rd parameter.
Number of seconds to wait after issuing a power off or power on
command.
Number of seconds to wait before testing for a status change
after issuing a power on or power on command. The default
value is 20.
Number of seconds to wait for a command prompt after issuing a
command. The default value is 3.
Number of seconds to wait for a command prompt after login.
The default value is 5.
Number of attempts to retry a power on operation. The default
value is 1.
The port.
The switch number for the APC switch that connects to the node
when you have multiple daisy-chained switches.
d el ay
The number of seconds to wait before fencing is started. The
default value is 0.
secure
Indicates that system will use SSH to access the device. When
using SSH, you must specify either a password, a password
script, or an identity file.
ssh_o pti o ns SSH options to use. The default value is -1 -c bl o wfi sh.
i d enti ty_fi The identity file for SSH.
le
po rt
swi tch
37
Fence Configurat ion G uide
lu ci Field
cl uster. co n
f At t rib u t e
D escrip t io n
Figure 4.1, “ APC Power Switch” shows the configuration screen for adding an APC Power Switch
fence device.
Fig u re 4 .1. APC Po wer Swit ch
The following command creates a fence device instance for a APC device:
ccs -f cluster.conf --addfencedev apc agent=fence_apc ipaddr=192.168.0.1
login=root passwd=password123
The following is the cl uster. co nf entry for the fence_apc device:
<fencedevices>
<fencedevice agent="fence_apc" name="apc" ipaddr="apctelnet.example.com" login="root" passwd="password123"/>
</fencedevices>
4 .2. APC Power Swit ch over SNMP
38
⁠Chapt er 4 . Fence Devices
4 .2. APC Power Swit ch over SNMP
Table 4.3, “ APC Power Switch over SNMP” lists the fence device parameters used by
fence_apc_snmp, the fence agent for APC that logs into the SNP device via the SNMP protocol.
T ab le 4 .3. APC Po wer Swit ch o ver SN MP
lu ci Field
cl uster. co n
f At t rib u t e
D escrip t io n
Name
name
IP Address or
Hostname
UD P/TCP port
i pad d r
A name for the APC device connected to the cluster into which
the fence daemon logs via the SNMP protocol.
The IP address or hostname assigned to the device.
Login
Password
Password
Script
(optional)
SNMP Version
login
passwd
passwd _scri
pt
SNMP
Community
SNMP Security
Level
SNMP
Authentication
Protocol
SNMP Privacy
Protocol
SNMP Privacy
Protocol
Password
SNMP Privacy
Protocol Script
ud ppo rt
snmp_versi o
n
co mmuni ty
The SNMP version to use (1, 2c, 3); the default value is 1.
snmp_sec_l e
vel
snmp_auth_p
ro t
The SNMP security level (noAuthNoPriv, authNoPriv, authPriv).
snmp_pri v_p
ro t
snmp_pri v_p
asswd
The SNMP privacy protocol (D ES, AES).
snmp_pri v_p
asswd _scri p
t
po wer_wai t
The script that supplies a password for SNMP privacy protocol.
Using this supersedes the SN MP p rivacy p ro t o co l p asswo rd
parameter.
Number of seconds to wait after issuing a power off or power on
command.
Number of seconds to wait before testing for a status change
after issuing a power on or power on command. The default
value is 20.
Number of seconds to wait for a command prompt after issuing a
command. The default value is 3.
Number of seconds to wait for a command prompt after login.
The default value is 5.
Number of attempts to retry a power on operation. The default
value is 1.
Power Wait
(seconds)
Power Timeout po wer_ti meo
(seconds)
ut
Shell Timeout
(seconds)
Login Timeout
(seconds)
Times to Retry
Power On
Operation
Port (Outlet)
Number
D elay
(optional)
The UD P/TCP port to use for connection with the device; the
default value is 161.
The login name used to access the device.
The password used to authenticate the connection to the device.
The script that supplies a password for access to the fence
device. Using this supersedes the Passwo rd parameter.
shel l _ti me
o ut
l o g i n_ti me
o ut
retry_o n
The SNMP community string; the default value is pri vate.
The SNMP authentication protocol (MD 5, SHA).
The SNMP privacy protocol password.
po rt
The port.
d el ay
The number of seconds to wait before fencing is started. The
default value is 0.
39
Fence Configurat ion G uide
Figure 4.2, “ APC Power Switch over SNMP” shows the configuration screen for adding an APC
Power Switch fence device.
Fig u re 4 .2. APC Po wer Swit ch o ver SN MP
The following is the cl uster. co nf entry for the fence_apc_snmp device:
<fencedevice>
<fencedevice agent="fence_apc_snmp" community="private"
ipaddr="192.168.0.1" login="root" \
40
⁠Chapt er 4 . Fence Devices
name="apcpwsnmptst1" passwd="password123" power_wait="60"
snmp_priv_passwd="password123"/>
</fencedevices>
4 .3. Brocade Fabric Swit ch
Table 4.4, “ Brocade Fabric Switch” lists the fence device parameters used by fence_bro cad e, the
fence agent for Brocade FC switches.
T ab le 4 .4 . B ro cad e Fab ric Swit ch
lu ci Field
cl uster. co n
f At t rib u t e
D escrip t io n
Name
IP Address or
Hostname
Login
Password
Password
Script
(optional)
Force IP
Family
name
i pad d r
A name for the Brocade device connected to the cluster.
The IP address assigned to the device.
login
passwd
passwd _scri
pt
The login name used to access the device.
The password used to authenticate the connection to the device.
The script that supplies a password for access to the fence
device. Using this supersedes the Passwo rd parameter.
i net4 _o nl y
,
i net6 _o nl y
cmd _pro mpt
Force the agent to use IPv4 or IPv6 addresses only
Force
Command
Prompt
Power Wait
po wer_wai t
(seconds)
Power Timeout po wer_ti meo
(seconds)
ut
Shell Timeout
(seconds)
Login Timeout
(seconds)
Times to Retry
Power On
Operation
Port
D elay
(optional)
Use SSH
SSH Options
Path to SSH
Identity File
shel l _ti me
o ut
l o g i n_ti me
o ut
retry_o n
The command prompt to use. The default value is '\$'.
Number of seconds to wait after issuing a power off or power on
command.
Number of seconds to wait before testing for a status change
after issuing a power on or power on command. The default
value is 20.
Number of seconds to wait for a command prompt after issuing a
command. The default value is 3.
Number of seconds to wait for a command prompt after login.
The default value is 5.
Number of attempts to retry a power on operation. The default
value is 1.
The switch outlet number.
The number of seconds to wait before fencing is started. The
default value is 0.
secure
Indicates that the system will use SSH to access the device.
When using SSH, you must specify either a password, a
password script, or an identity file.
ssh_o pti o ns SSH options to use. The default value is -1 -c bl o wfi sh.
i d enti ty_fi The identity file for SSH.
le
po rt
d el ay
41
Fence Configurat ion G uide
lu ci Field
cl uster. co n
f At t rib u t e
D escrip t io n
Unfencing
unfence
section of the
cluster
configuration
file
When enabled, this ensures that a fenced node is not re-enabled
until the node has been rebooted. This is necessary for nonpower fence methods (that is, SAN/storage fencing). When you
configure a device that requires unfencing, the cluster must first
be stopped and the full configuration including devices and
unfencing must be added before the cluster is started. For more
information about unfencing a node, refer to the fence_no d e(8)
man page.
Figure 4.3, “ Brocade Fabric Switch” shows the configuration screen for adding an Brocade Fabric
Switch fence device.
Fig u re 4 .3. B ro cad e Fab ric Swit ch
The following command creates a fence device instance for a Brocade device:
ccs -f cluster.conf --addfencedev brocadetest agent=fence_brocade
ipaddr=brocadetest.example.com login=root \
passwd=password123
The following is the cl uster. co nf entry for the fence_bro cad e device:
<fencedevices>
<fencedevice agent="fence_brocade" ipaddr="brocadetest.example.com"
login="brocadetest" \
42
⁠Chapt er 4 . Fence Devices
name="brocadetest" passwd="brocadetest"/>
</fencedevices>
4 .4 . Cisco MDS
Table 4.5, “ Cisco MD S” lists the fence device parameters used by fence_ci sco _md s, the fence
agent for Cisco MD S.
T ab le 4 .5. C isco MD S
lu ci Field
cl uster. co n
f At t rib u t e
D escrip t io n
Name
name
IP Address or
Hostname
UD P/TCP port
(optional)
Login
Password
Password
Script
(optional)
SNMP Version
i pad d r
A name for the Cisco MD S 9000 series device with SNMP
enabled.
The IP address or hostname assigned to the device.
SNMP
Community
SNMP Security
Level
SNMP
Authentication
Protocol
SNMP Privacy
Protocol
SNMP Privacy
Protocol
Password
SNMP Privacy
Protocol Script
ud ppo rt
login
passwd
passwd _scri
pt
snmp_versi o
n
co mmuni ty
The SNMP version to use (1, 2c, 3).
snmp_sec_l e
vel
snmp_auth_p
ro t
The SNMP security level (noAuthNoPriv, authNoPriv, authPriv).
snmp_pri v_p
ro t
snmp_pri v_p
asswd
The SNMP privacy protocol (D ES, AES).
snmp_pri v_p
asswd _scri p
t
po wer_wai t
The script that supplies a password for SNMP privacy protocol.
Using this supersedes the SN MP p rivacy p ro t o co l p asswo rd
parameter.
Number of seconds to wait after issuing a power off or power on
command.
Number of seconds to wait before testing for a status change
after issuing a power on or power on command. The default
value is 20.
Number of seconds to wait for a command prompt after issuing a
command. The default value is 3.
Number of seconds to wait for a command prompt after login.
The default value is 5.
Number of attempts to retry a power on operation. The default
value is 1.
Power Wait
(seconds)
Power Timeout po wer_ti meo
(seconds)
ut
Shell Timeout
(seconds)
Login Timeout
(seconds)
Times to Retry
Power On
Operation
The UD P/TCP port to use for connection with the device; the
default value is 161.
The login name used to access the device.
The password used to authenticate the connection to the device.
The script that supplies a password for access to the fence
device. Using this supersedes the Passwo rd parameter.
shel l _ti me
o ut
l o g i n_ti me
o ut
retry_o n
The SNMP community string.
The SNMP authentication protocol (MD 5, SHA).
The SNMP privacy protocol password.
43
Fence Configurat ion G uide
lu ci Field
cl uster. co n
f At t rib u t e
D escrip t io n
Port (Outlet)
Number
D elay
(optional)
po rt
The port.
d el ay
The number of seconds to wait before fencing is started. The
default value is 0.
Figure 4.4, “ Cisco MD S” shows the configuration screen for adding an Cisco MD S fence device.
Fig u re 4 .4 . C isco MD S
44
⁠Chapt er 4 . Fence Devices
The following command creates a fence device instance for a Cisco MD S device:
ccs -f cluster.conf --addfencedev mds agent=fence_cisco_mds
ipaddr=192.168.0.1 name=ciscomdstest1 login=root \
passwd=password123 power_wait=60 snmp_priv_passwd=password123 udpport=161
The following is the cl uster. co nf entry for the fence_ci sco _md s device:
<fencedevices>
<fencedevice agent="fence_cisco_mds" community="private"
ipaddr="192.168.0.1" login="root" \
name="ciscomdstest1" passwd="password123" power_wait="60"
snmp_priv_passwd="password123" \
udpport="161"/>
</fencedevices>
4 .5. Cisco UCS
Table 4.6, “ Cisco UCS” lists the fence device parameters used by fence_ci sco _ucs, the fence
agent for Cisco UCS.
T ab le 4 .6 . C isco U C S
lu ci Field
cl uster. co n
f At t rib u t e
D escrip t io n
Name
IP Address or
Hostname
IP port
(optional)
Login
Password
Password
Script
(optional)
Use SSL
SubOrganization
Power Wait
(seconds)
Power Timeout
(seconds)
name
i pad d r
A name for the Cisco UCS device.
The IP address or hostname assigned to the device.
i ppo rt
The TCP port to use to connect to the device.
login
passwd
passwd _scri
pt
The login name used to access the device.
The password used to authenticate the connection to the device.
The script that supplies a password for access to the fence
device. Using this supersedes the Passwo rd parameter.
ssl
subo rg
Use SSL connections to communicate with the device.
Additional path needed to access suborganization.
po wer_wai t
Shell Timeout
(seconds)
Login Timeout
(seconds)
Times to Retry
Power On
Operation
shel l _ti me
o ut
l o g i n_ti me
o ut
retry_o n
Number of seconds to wait after issuing a power off or power on
command.
Number of seconds to wait before testing for a status change
after issuing a power on or power on command. The default
value is 20.
Number of seconds to wait for a command prompt after issuing a
command. The default value is 3.
Number of seconds to wait for a command prompt after login.
The default value is 5.
Number of attempts to retry a power on operation. The default
value is 1.
po wer_ti meo
ut
45
Fence Configurat ion G uide
lu ci Field
cl uster. co n
f At t rib u t e
D escrip t io n
Port (Outlet)
Number
D elay
(optional)
po rt
Name of virtual machine.
d el ay
The number of seconds to wait before fencing is started. The
default value is 0.
Figure 4.5, “ Cisco UCS” shows the configuration screen for adding a Cisco UCS fence device.
Fig u re 4 .5. C isco U C S
The following command creates a fence device instance for a Cisco UCS device:
ccs -f cluster.conf --addfencedev ucs agent=fence_cisco_ucs
ipaddr=192.168.0.1 login=root passwd=password123 \
suborg=/org-RHEL/org-Fence/
The following is an example cl uster. co nf entry for the fence_ci sco _ucs device as created
using either Conga or ccs:
46
⁠Chapt er 4 . Fence Devices
<fencedevices>
<fencedevice agent="fence_cisco_ucs" ipaddr="192.168.0.1" login="root"
name="ciscoucstest1" \
passwd="password123" power_wait="60" ssl="on" suborg="/org-RHEL/orgFence/"/>
</fencedevices>
4 .6. Dell Drac 5
Table 4.7, “ D ell D RAC 5” lists the fence device parameters used by fence_d rac5, the fence agent for
D ell D RAC 5.
T ab le 4 .7. D ell D R AC 5
lu ci Field
cl uster. co n
f At t rib u t e
D escrip t io n
Name
IP Address or
Hostname
IP Port
(optional)
Login
Password
Password
Script
(optional)
Use SSH
name
i pad d r
The name assigned to the D RAC.
The IP address or hostname assigned to the D RAC.
i ppo rt
The TCP port to use to connect to the device.
login
passwd
passwd _scri
pt
The login name used to access the D RAC.
The password used to authenticate the connection to the D RAC.
The script that supplies a password for access to the fence
device. Using this supersedes the Passwo rd parameter.
SSH Options
Path to SSH
Identity File
Module Name
Force
Command
Prompt
Power Wait
(seconds)
D elay
(seconds)
Power Timeout
(seconds)
Shell Timeout
(seconds)
Login Timeout
(seconds)
Times to Retry
Power On
Operation
Indicates that the system will use SSH to access the device.
When using SSH, you must specify either a password, a
password script, or an identity file.
ssh_o pti o ns SSH options to use. The default value is -1 -c bl o wfi sh.
i d enti ty_fi The identity file for SSH.
le
mo d ul e_nam (optional) The module name for the D RAC when you have
e
multiple D RAC modules.
cmd _pro mpt
The command prompt to use. The default value is '\$'.
secure
po wer_wai t
d el ay
po wer_ti meo
ut
shel l _ti me
o ut
l o g i n_ti me
o ut
retry_o n
Number of seconds to wait after issuing a power off or power on
command.
The number of seconds to wait before fencing is started. The
default value is 0.
Number of seconds to wait before testing for a status change
after issuing a power on or power on command. The default
value is 20.
Number of seconds to wait for a command prompt after issuing a
command. The default value is 3.
Number of seconds to wait for a command prompt after login.
The default value is 5.
Number of attempts to retry a power on operation. The default
value is 1.
47
Fence Configurat ion G uide
lu ci Field
cl uster. co n
f At t rib u t e
D escrip t io n
Figure 4.6, “ D ell D rac 5” shows the configuration screen for adding a D ell D rac 5 device
Fig u re 4 .6 . D ell D rac 5
The following command creates a fence device instance for a D ell D rac 5 device:
ccs -f cluster.conf --addfencedev delldrac5test1 agent=fence_drac5
ipaddr=192.168.0.1 login=root passwd=password123\
module_name=drac1 power_wait=60
48
⁠Chapt er 4 . Fence Devices
The following is the cl uster. co nf entry for the fence_d rac5 device:
<fencedevices>
<fencedevice agent="fence_drac5" cmd_prompt="\$" ipaddr="192.168.0.1"
login="root" module_name="drac1" \
name="delldrac5test1" passwd="password123" power_wait="60"/>
</fencedevices>
4 .7. Eat on Net work Power Swit ch
Table 4.8, “ Eaton Network Power Controller (SNMP Interface) (Red Hat Enterprise Linux 6.4 and
later)” lists the fence device parameters used by fence_eato n_snmp, the fence agent for the Eaton
over SNMP network power switch.
T ab le 4 .8. Eat o n N et wo rk Po wer C o n t ro ller ( SN MP In t erf ace) ( R ed H at En t erp rise Lin u x
6 .4 an d lat er)
lu ci Field
cl uster. co n
f At t rib u t e
D escrip t io n
Name
name
IP Address or
Hostname
UD P/TCP Port
(optional)
Login
Password
Password
Script
(optional)
SNMP Version
i pad d r
A name for the Eaton network power switch connected to the
cluster.
The IP address or hostname assigned to the device.
SNMP
Community
SNMP Security
Level
SNMP
Authentication
Protocol
SNMP Privacy
Protocol
SNMP Privacy
Protocol
Password
SNMP Privacy
Protocol Script
Power wait
(seconds)
ud ppo rt
login
passwd
passwd _scri
pt
The UD P/TCP port to use for connection with the device; the
default value is 161.
The login name used to access the device.
The password used to authenticate the connection to the device.
The script that supplies a password for access to the fence
device. Using this supersedes the Passwo rd parameter.
snmp_versi o
n
co mmuni ty
The SNMP version to use (1, 2c, 3); the default value is 1.
snmp_sec_l e
vel
snmp_auth_p
ro t
The SNMP security level (noAuthNoPriv, authNoPriv, authPriv).
snmp_pri v_p
ro t
snmp_pri v_p
asswd
The SNMP privacy protocol (D ES, AES).
snmp_pri v_p
asswd _scri p
t
po wer_wai t
The script that supplies a password for SNMP privacy protocol.
Using this supersedes the SN MP p rivacy p ro t o co l p asswo rd
parameter.
Number of seconds to wait after issuing a power off or power on
command.
The SNMP community string; the default value is pri vate.
The SNMP authentication protocol (MD 5, SHA).
The SNMP privacy protocol password.
49
Fence Configurat ion G uide
lu ci Field
cl uster. co n
f At t rib u t e
Power Timeout po wer_ti meo
(seconds)
ut
Shell Timeout
(seconds)
Login Timeout
(seconds)
Times to Retry
Power On
Operation
Port (Outlet)
Number
D elay
(optional)
shel l _ti me
o ut
l o g i n_ti me
o ut
retry_o n
po rt
d el ay
D escrip t io n
Number of seconds to wait before testing for a status change
after issuing a power on or power on command. The default
value is 20.
Number of seconds to wait for a command prompt after issuing a
command. The default value is 3.
Number of seconds to wait for a command prompt after login.
The default value is 5.
Number of attempts to retry a power on operation. The default
value is 1.
Physical plug number or name of virtual machine. This
parameter is always required.
The number of seconds to wait before fencing is started. The
default value is 0.
Figure 4.7, “ Eaton Network Power Switch” shows the configuration screen for adding an Eaton
Network Power Switch fence device.
50
⁠Chapt er 4 . Fence Devices
Fig u re 4 .7. Eat o n N et wo rk Po wer Swit ch
The following command creates a fence device instance for an Eaton Network Power Switch device:
ccs -f cluster.conf --addfencedev eatontest agent=fence_eaton_snmp
ipaddr=192.168.0.1 login=root \
passwd=password123 power_wait=60 snmp_priv_passwd=eatonpassword123
udpport=161
The following is the cl uster. co nf entry for the fence_eato n_snmp device:
51
Fence Configurat ion G uide
<fencedevices>
<fencedevice agent="fence_eaton_snmp" community="private"
ipaddr="eatonhost" login="eatonlogin" \
name="eatontest" passwd="password123" passwd_script="eatonpwscr"
power_wait="3333" \
snmp_priv_passwd="eatonprivprotpass"
snmp_priv_passwd_script="eatonprivprotpwscr" udpport="161"/>
</fencedevices>
4 .8. Egenera BladeFrame
Table 4.9, “ Egenera BladeFrame” lists the fence device parameters used by fence_eg enera, the
fence agent for the Egenera BladeFrame.
T ab le 4 .9 . Eg en era B lad eFrame
lu ci Field
cl uster. co n
f At t rib u t e
D escrip t io n
Name
name
CServer
cserver
ESH Path
(optional)
Username
lpan
pserver
D elay
(optional)
Unfencing
esh
A name for the Egenera BladeFrame device connected to the
cluster.
The hostname (and optionally the username in the form of
username@ ho stname) assigned to the device. Refer to the
fence_egenera(8) man page for more information.
The path to the esh command on the cserver (default is
/opt/panmgr/bin/esh)
The login name. The default value is ro o t.
The logical process area network (LPAN) of the device.
The processing blade (pserver) name of the device.
The number of seconds to wait before fencing is started. The
default value is 0.
When enabled, this ensures that a fenced node is not re-enabled
until the node has been rebooted. This is necessary for nonpower fence methods (that is, SAN/storage fencing). When you
configure a device that requires unfencing, the cluster must first
be stopped and the full configuration including devices and
unfencing must be added before the cluster is started. For more
information about unfencing a node, refer to the fence_no d e(8)
man page.
user
l pan
pserver
d el ay
unfence
section of the
cluster
configuration
file
Figure 4.8, “ Egenera BladeFrame” shows the configuration screen for adding an Egenera
BladeFrame fence device.
52
⁠Chapt er 4 . Fence Devices
Fig u re 4 .8. Eg en era B lad eFrame
The following command creates a fence device instance for an Egenera BladeFrame device:
ccs -f cluster.conf --addfencedev egeneratest agent=fence_egenera
user=root cserver=cservertest
The following is the cl uster. co nf entry for the fence_eg enera device:
<fencedevices>
<fencedevice agent="fence_egenera" cserver="cservertest"
name="egeneratest" user="root"/>
</fencedevices>
4 .9. Emerson Net work Power Swit ch (SNMP int erface)
Table 4.10, “ Emerson Network Power Switch (SNMP interface) (Red Hat Enterprise Linux 6.7 and
later)” lists the fence device parameters used by fence_emerso n, the fence agent for Emerson over
SNMP.
T ab le 4 .10. Emerso n N et wo rk Po wer Swit ch ( SN MP in t erf ace) ( R ed H at En t erp rise Lin u x
6 .7 an d lat er)
lu ci Field
cl uster. co n
f At t rib u t e
D escrip t io n
Name
name
IP Address or
Hostname
UD P/TCP Port
(optional)
i pad d r
A name for the Emerson Network Power Switch device connected
to the cluster.
The IP address or hostname assigned to the device.
ud ppo rt
UD P/TCP port to use for connections with the device; the default
value is 161.
53
Fence Configurat ion G uide
lu ci Field
cl uster. co n
f At t rib u t e
D escrip t io n
Login
Password
Password
Script
(optional)
SNMP Version
login
passwd
passwd _scri
pt
The login name used to access the device.
The password used to authenticate the connection to the device.
The script that supplies a password for access to the fence
device. Using this supersedes the Passwo rd parameter.
snmp_versi o
n
co mmuni ty
The SNMP version to use (1, 2c, 3); the default value is 1.
snmp_sec_l e
vel
snmp_auth_p
ro t
The SNMP security level (noAuthNoPriv, authNoPriv, authPriv).
snmp_pri v_p
ro t
snmp_pri v_p
asswd
The SNMP privacy protocol (D ES, AES).
snmp_pri v_p
asswd _scri p
t
po wer_wai t
The script that supplies a password for SNMP privacy protocol.
Using this supersedes the SN MP p rivacy p ro t o co l p asswo rd
parameter.
Number of seconds to wait after issuing a power off or power on
command.
Number of seconds to wait before testing for a status change
after issuing a power on or power on command. The default
value is 20.
Number of seconds to wait for a command prompt after issuing a
command. The default value is 3.
Number of seconds to wait for a command prompt after login.
The default value is 5.
Number of attempts to retry a power on operation. The default
value is 1.
SNMP
Community
SNMP Security
Level
SNMP
Authentication
Protocol
SNMP Privacy
Protocol
SNMP privacy
protocol
password
SNMP Privacy
Protocol Script
Power Wait
(seconds)
Power Timeout po wer_ti meo
(seconds)
ut
Shell Timeout
(seconds)
Login Timeout
(seconds)
Times to Retry
Power On
Operation
Port (Outlet)
Number
D elay
(optional)
shel l _ti me
o ut
l o g i n_ti me
o ut
retry_o n
The SNMP community string.
The SNMP authentication protocol (MD 5, SHA).
The SNMP Privacy Protocol Password.
po rt
Physical plug number or name of virtual machine.
d el ay
The number of seconds to wait before fencing is started. The
default value is 0.
4 .10. ePowerSwit ch
Table 4.11, “ ePowerSwitch” lists the fence device parameters used by fence_eps, the fence agent for
ePowerSwitch.
T ab le 4 .11. ePo werSwit ch
lu ci Field
cl uster. co n
f At t rib u t e
D escrip t io n
Name
name
A name for the ePowerSwitch device connected to the cluster.
54
⁠Chapt er 4 . Fence Devices
lu ci Field
cl uster. co n
f At t rib u t e
D escrip t io n
IP Address or
Hostname
Login
Password
Password
Script
(optional)
Name of
Hidden Page
Times to Retry
Power On
Operation
Port (Outlet)
Number
D elay
(optional)
i pad d r
The IP address or hostname assigned to the device.
login
passwd
passwd _scri
pt
The login name used to access the device.
The password used to authenticate the connection to the device.
The script that supplies a password for access to the fence
device. Using this supersedes the Passwo rd parameter.
hi d d en_pag
e
retry_o n
The name of the hidden page for the device.
po rt
Physical plug number or name of virtual machine.
d el ay
The number of seconds to wait before fencing is started. The
default value is 0.
Number of attempts to retry a power on operation. The default
value is 1.
Figure 4.9, “ ePowerSwitch” shows the configuration screen for adding an ePowerSwitch fence
device.
Fig u re 4 .9 . ePo werSwit ch
The following command creates a fence device instance for an ePowerSwitch device:
55
Fence Configurat ion G uide
ccs -f cluster.conf --addfencedev epstest1 agent=fence_eps
ipaddr=192.168.0.1 login=root passwd=password123 \
hidden_page=hidden.htm
The following is the cl uster. co nf entry for the fence_eps device:
<fencedevices>
<fencedevice agent="fence_eps" hidden_page="hidden.htm"
ipaddr="192.168.0.1" login="root" name="epstest1" \
passwd="password123"/>
</fencedevices>
4 .11. Fence Virt (Serial/VMChannel Mode)
Table 4.12, “ Fence virt (Serial/VMChannel Mode)” lists the fence device parameters used by
fence_vi rt, the fence agent for virtual machines using VM channel or serial mode .
T ab le 4 .12. Fen ce virt ( Serial/VMC h an n el Mo d e)
lu ci Field
cl uster. co n
f At t rib u t e
D escrip t io n
Name
Serial D evice
name
seri al _d ev
i ce
Serial
Parameters
VM Channel IP
Address
Timeout
(optional)
D omain
seri al _para
ms
channel _ad
d ress
ti meo ut
A name for the Fence virt fence device.
On the host, the serial device must be mapped in each domain's
configuration file. For more information, see the fence_vi rt
man page. If this field is specified, it causes the fence_vi rt
fencing agent to operate in serial mode. Not specifying a value
causes the fence_vi rt fencing agent to operate in VM channel
mode.
The serial parameters. The default is 115200, 8N1.
D elay
(optional)
po rt (formerly
d o mai n)
i ppo rt
d el ay
The channel IP. The default value is 10.0.2.179.
Fencing timeout, in seconds. The default value is 30.
Virtual machine (domain UUID or name) to fence.
The channel port. The default value is 1229, which is the value
used when configuring this fence device with lu ci.
Fencing delay, in seconds. The fence agent will wait the
specified number of seconds before attempting a fencing
operation. The default value is 0.
The following command creates a fence device instance for virtual machines using serial mode.
ccs -f cluster.conf --addfencedev fencevirt1 agent=fence_virt
serial_device=/dev/ttyS1 serial_params=19200, 8N1
The following is the cl uster. co nf entry for the fence_vi rt device:
<fencedevices>
56
⁠Chapt er 4 . Fence Devices
<fencedevice agent="fence_virt" name="fencevirt1"
serial_device="/dev/ttyS1" serial_params="19200, 8N1"/>
</fencedevices>
4 .12. Fence Virt (Mult icast Mode)
Table 4.13, “ Fence virt (Multicast Mode) ” lists the fence device parameters used by fence_xvm, the
fence agent for virtual machines using multicast.
T ab le 4 .13. Fen ce virt ( Mu lt icast Mo d e)
lu ci Field
cl uster. co n
f At t rib u t e
D escrip t io n
Name
Timeout
D omain
name
ti meo ut
po rt (formerly
d o mai n)
d el ay
A name for the Fence virt fence device.
Fencing timeout, in seconds. The default value is 30.
Virtual machine (domain UUID or name) to fence.
D elay
(optional)
Fencing delay, in seconds. The fence agent will wait the
specified number of seconds before attempting a fencing
operation. The default value is 0.
4 .13. Fujit su-Siemens Remot eView Service Board (RSB)
Table 4.14, “ Fujitsu Siemens Remoteview Service Board (RSB)” lists the fence device parameters
used by fence_rsb, the fence agent for Fujitsu-Siemens RemoteView Service Board (RSB).
T ab le 4 .14 . Fu jit su Siemen s R emo t eview Service B o ard ( R SB )
lu ci Field
cl uster. co n
f At t rib u t e
D escrip t io n
Name
IP Address or
Hostname
Login
Password
Password
Script
(optional)
TCP Port
name
i pad d r
A name for the RSB to use as a fence device.
The hostname assigned to the device.
login
passwd
passwd _scri
pt
The login name used to access the device.
The password used to authenticate the connection to the device.
The script that supplies a password for access to the fence
device. Using this supersedes the Passwo rd parameter.
i ppo rt
Force
Command
Prompt
Power Wait
(seconds)
D elay
(seconds)
Power Timeout
(seconds)
cmd _pro mpt
The port number on which the telnet service listens. The default
value is 3172.
The command prompt to use. The default value is '\$'.
po wer_wai t
d el ay
po wer_ti meo
ut
Number of seconds to wait after issuing a power off or power on
command.
The number of seconds to wait before fencing is started. The
default value is 0.
Number of seconds to wait before testing for a status change
after issuing a power on or power on command. The default
value is 20.
57
Fence Configurat ion G uide
lu ci Field
cl uster. co n
f At t rib u t e
D escrip t io n
Shell Timeout
(seconds)
Login Timeout
(seconds)
Times to Retry
Power On
Operation
shel l _ti me
o ut
l o g i n_ti me
o ut
retry_o n
Number of seconds to wait for a command prompt after issuing a
command. The default value is 3.
Number of seconds to wait for a command prompt after login.
The default value is 5.
Number of attempts to retry a power on operation. The default
value is 1.
Figure 4.10, “ Fujitsu-Siemens RSB” shows the configuration screen for adding an Fujitsu-Siemens
RSB fence device.
Fig u re 4 .10. Fu jit su - Siemen s R SB
The following command creates a fence device instance for a Fujiitsu-Siemens RSB device:
ccs -f cluster.conf --addfencedev fsrbtest1 agent=fence_rsb
ipaddr=192.168.0.1 login=root passwd=password123 \
telnet_port=3172
The following is the cl uster. co nf entry for the fence_rsb device:
<fencedevices>
<fencedevice agent="fence_rsb" ipaddr="192.168.0.1" login="root"
58
⁠Chapt er 4 . Fence Devices
name="fsrsbtest1" passwd="password123" telnet_port="3172"/>
</fencedevices>
4 .14 . Hewlet t -Packard BladeSyst em
Table 4.15, “ HP BladeSystem (Red Hat Enterprise Linux 6.4 and later)” lists the fence device
parameters used by fence_hpbl ad e, the fence agent for HP BladeSystem.
T ab le 4 .15. H P B lad eSyst em ( R ed H at En t erp rise Lin u x 6 .4 an d lat er)
lu ci Field
cl uster. co n
f At t rib u t e
D escrip t io n
Name
name
IP Address or
Hostname
IP Port
(optional)
Login
i pad d r
The name assigned to the HP Bladesystem device connected to
the cluster.
The IP address or hostname assigned to the HP BladeSystem
device.
The TCP port to use to connect to the device.
Password
passwd
Password
Script
(optional)
Force
Command
Prompt
Missing port
returns OFF
instead of
failure
Power Wait
(seconds)
Power Timeout
(seconds)
passwd _scri
pt
The login name used to access the HP BladeSystem device. This
parameter is required.
The password used to authenticate the connection to the fence
device.
The script that supplies a password for access to the fence
device. Using this supersedes the Passwo rd parameter.
cmd _pro mpt
The command prompt to use. The default value is '\$'.
mi ssi ng _as
_o ff
Missing port returns OFF instead of failure.
po wer_wai t
Shell Timeout
(seconds)
Login Timeout
(seconds)
Times to Retry
Power On
Operation
Use SSH
shel l _ti me
o ut
l o g i n_ti me
o ut
retry_o n
Number of seconds to wait after issuing a power off or power on
command.
Number of seconds to wait before testing for a status change
after issuing a power on or power on command. The default
value is 20.
Number of seconds to wait for a command prompt after issuing a
command. The default value is 3.
Number of seconds to wait for a command prompt after login.
The default value is 5.
Number of attempts to retry a power on operation. The default
value is 1.
SSH Options
Path to SSH
Identity File
i ppo rt
login
po wer_ti meo
ut
Indicates that the system will use SSH to access the device.
When using SSH, you must specify either a password, a
password script, or an identity file.
ssh_o pti o ns SSH options to use. The default value is -1 -c bl o wfi sh.
i d enti ty_fi The identity file for SSH.
le
secure
59
Fence Configurat ion G uide
Figure 4.11, “ HP BladeSystem” shows the configuration screen for adding an HP BladeSystem fence
device.
Fig u re 4 .11. H P B lad eSyst em
The following command creates a fence device instance for a BladeSystem device:
ccs -f cluster.conf --addfencedev hpbladetest1 agent=fence_hpblade
cmd_prompt=c7000oa> ipaddr=192.168.0.1 \
login=root passwd=password123 missing_as_off=on power_wait=60
The following is the cl uster. co nf entry for the fence_hpbl ad e device:
<fencedevices>
<fencedevice agent="fence_hpblade" cmd_prompt="c7000oa>"
ipaddr="hpbladeaddr" ipport="13456" \
login="root" missing_as_off="on" name="hpbladetest1"
passwd="password123" passwd_script="hpbladepwscr" \
power_wait="60"/>
</fencedevices>
4 .15. Hewlet t -Packard iLO
60
⁠Chapt er 4 . Fence Devices
The fence agents for HP iLO devices fence_i l o and HP iLO2 devices fence_i l o 2. share the
same implementation. Table 4.16, “ HP iLO (Integrated Lights Out) and HP iLO2” lists the fence device
parameters used by these agents.
T ab le 4 .16 . H P iLO ( In t eg rat ed Lig h t s O u t ) an d H P iLO 2
lu ci Field
cl uster. co n
f At t rib u t e
D escrip t io n
Name
IP Address or
Hostname
IP Port
(optional)
Login
Password
Password
Script
(optional)
Power Wait
(seconds)
D elay
(seconds)
Power Timeout
(seconds)
name
i pad d r
A name for the server with HP iLO support.
The IP address or hostname assigned to the device.
i ppo rt
TCP port to use for connection with the device. The default value
is 443.
The login name used to access the device.
The password used to authenticate the connection to the device.
The script that supplies a password for access to the fence
device. Using this supersedes the Passwo rd parameter.
Shell Timeout
(seconds)
Login Timeout
(seconds)
Times to Retry
Power On
Operation
shel l _ti me
o ut
l o g i n_ti me
o ut
retry_o n
login
passwd
passwd _scri
pt
po wer_wai t
d el ay
po wer_ti meo
ut
Number of seconds to wait after issuing a power off or power on
command.
The number of seconds to wait before fencing is started. The
default value is 0.
Number of seconds to wait before testing for a status change
after issuing a power on or power on command. The default
value is 20.
Number of seconds to wait for a command prompt after issuing a
command. The default value is 3.
Number of seconds to wait for a command prompt after login.
The default value is 5.
Number of attempts to retry a power on operation. The default
value is 1.
Figure 4.12, “ HP iLO” shows the configuration screen for adding an HP iLO fence device.
61
Fence Configurat ion G uide
Fig u re 4 .12. H P iLO
The following command creates a fence device instance for a HP iLO device:
ccs -f cluster.conf --addfencedev hpilotest1 agent=fence_hpilo
ipaddr=192.168.0.1 login=root passwd=password123 \
power_wait=60
The following is the cl uster. co nf entry for the fence_i l o device:
<fencedevices>
<fencedevice agent="fence_ilo" ipaddr="192.168.0.1" login="root"
name="hpilotest1" passwd="password123" \
power_wait="60"/>
</fencedevices>
4 .16. Hewlet t -Packard iLO MP
Table 4.17, “ HP iLO (Integrated Lights Out) MP” lists the fence device parameters used by
fence_i l o _mp, the fence agent for HP iLO MP devices.
T ab le 4 .17. H P iLO ( In t eg rat ed Lig h t s O u t ) MP
62
⁠Chapt er 4 . Fence Devices
lu ci Field
cl uster. co n
f At t rib u t e
D escrip t io n
Name
IP Address or
Hostname
IP Port
(optional)
Login
Password
Password
Script
(optional)
Use SSH
name
i pad d r
A name for the server with HP iLO support.
The IP address or hostname assigned to the device.
i ppo rt
TCP port to use for connection with the device.
login
passwd
passwd _scri
pt
The login name used to access the device.
The password used to authenticate the connection to the device.
The script that supplies a password for access to the fence
device. Using this supersedes the Passwo rd parameter.
SSH Options
Path to SSH
Identity File
Force
Command
Prompt
Power Wait
(seconds)
D elay
(seconds)
Power Timeout
(seconds)
Shell Timeout
(seconds)
Login Timeout
(seconds)
Times to Retry
Power On
Operation
Indicates that the system will use SSH to access the device.
When using SSH, you must specify either a password, a
password script, or an identity file.
ssh_o pti o ns SSH options to use. The default value is -1 -c bl o wfi sh.
i d enti ty_fi The Identity file for SSH.
le
cmd _pro mpt
The command prompt to use. The default value is 'MP>', 'hpiLO>'.
secure
po wer_wai t
d el ay
po wer_ti meo
ut
shel l _ti me
o ut
l o g i n_ti me
o ut
retry_o n
Number of seconds to wait after issuing a power off or power on
command.
The number of seconds to wait before fencing is started. The
default value is 0.
Number of seconds to wait before testing for a status change
after issuing a power on or power on command. The default
value is 20.
Number of seconds to wait for a command prompt after issuing a
command. The default value is 3.
Number of seconds to wait for a command prompt after login.
The default value is 5.
Number of attempts to retry a power on operation. The default
value is 1.
Figure 4.13, “ HP iLO MP” shows the configuration screen for adding an HP iLO MPfence device.
63
Fence Configurat ion G uide
Fig u re 4 .13. H P iLO MP
The following command creates a fence device instance for a HP iLO MP device:
ccs -f cluster.conf --addfencedev hpilomptest1 agent=fence_hpilo
cmd_prompt=hpiLO-> ipaddr=192.168.0.1 \
login=root passwd=password123 power_wait=60
The following is the cl uster. co nf entry for the fence_hpi l o _mp device:
<fencedevices>
<fencedevice agent="fence_ilo_mp" cmd_prompt="hpiLO-& gt;"
ipaddr="192.168.0.1" login="root" name="hpilomptest1"
passwd="password123" power_wait="60"/>
</fencedevices>
4 .17. IBM BladeCent er
Table 4.18, “ IBM BladeCenter” lists the fence device parameters used by fence_bl ad ecenter, the
fence agent for IBM BladeCenter.
T ab le 4 .18. IB M B lad eC en t er
64
⁠Chapt er 4 . Fence Devices
lu ci Field
cl uster. co n
f At t rib u t e
D escrip t io n
Name
IP Address or
Hostname
IP port
(optional)
Login
Password
Password
Script
(optional)
Power Wait
(seconds)
Power Timeout
(seconds)
name
i pad d r
A name for the IBM BladeCenter device connected to the cluster.
The IP address or hostname assigned to the device.
i ppo rt
TCP port to use for connection with the device.
login
passwd
passwd _scri
pt
The login name used to access the device.
The password used to authenticate the connection to the device.
The script that supplies a password for access to the fence
device. Using this supersedes the Passwo rd parameter.
po wer_wai t
Shell Timeout
(seconds)
Login Timeout
(seconds)
Times to Retry
Power On
Operation
Use SSH
shel l _ti me
o ut
l o g i n_ti me
o ut
retry_o n
Number of seconds to wait after issuing a power off or power on
command.
Number of seconds to wait before testing for a status change
after issuing a power on or power on command. The default
value is 20.
Number of seconds to wait for a command prompt after issuing a
command. The default value is 3.
Number of seconds to wait for a command prompt after login.
The default value is 5.
Number of attempts to retry a power on operation. The default
value is 1.
SSH Options
Path to SSH
Identity File
po wer_ti meo
ut
Indicates that system will use SSH to access the device. When
using SSH, you must specify either a password, a password
script, or an identity file.
ssh_o pti o ns SSH options to use. The default value is -1 -c bl o wfi sh.
i d enti ty_fi The identity file for SSH.
le
secure
Figure 4.14, “ IBM BladeCenter” shows the configuration screen for adding an IBM BladeCenter fence
device.
65
Fence Configurat ion G uide
Fig u re 4 .14 . IB M B lad eC en t er
The following command creates a fence device instance for an IBM BladeCenter device:
ccs -f cluster.conf --addfencedev bladecentertest1
agent=fence_bladecenter ipaddr=192.168.0.1 login=root \
passwd=password123 power_wait=60
The following is the cl uster. co nf entry for the fence_bl ad ecenter device:
<fencedevices>
<fencedevice agent="fence_bladecenter" ipaddr="192.168.0.1"
login="root" name="bladecentertest1" passwd="password123" \
power_wait="60"/>
</fencedevices>
4 .18. IBM BladeCent er over SNMP
Table 4.19, “ IBM BladeCenter SNMP” lists the fence device parameters used by fence_i bmbl ad e,
the fence agent for IBM BladeCenter over SNMP.
T ab le 4 .19 . IB M B lad eC en t er SN MP
66
⁠Chapt er 4 . Fence Devices
lu ci Field
cl uster. co n
f At t rib u t e
D escrip t io n
Name
name
IP Address or
Hostname
UD P/TCP Port
(optional)
Login
Password
Password
Script
(optional)
SNMP Version
i pad d r
A name for the IBM BladeCenter SNMP device connected to the
cluster.
The IP address or hostname assigned to the device.
SNMP
Community
SNMP Security
Level
SNMP
Authentication
Protocol
SNMP Privacy
Protocol
SNMP privacy
protocol
password
SNMP Privacy
Protocol Script
ud ppo rt
login
passwd
passwd _scri
pt
snmp_versi o
n
co mmuni ty
The SNMP version to use (1, 2c, 3); the default value is 1.
snmp_sec_l e
vel
snmp_auth_p
ro t
The SNMP security level (noAuthNoPriv, authNoPriv, authPriv).
snmp_pri v_p
ro t
snmp_pri v_p
asswd
The SNMP privacy protocol (D ES, AES).
snmp_pri v_p
asswd _scri p
t
po wer_wai t
The script that supplies a password for SNMP privacy protocol.
Using this supersedes the SN MP p rivacy p ro t o co l p asswo rd
parameter.
Number of seconds to wait after issuing a power off or power on
command.
Number of seconds to wait before testing for a status change
after issuing a power on or power on command. The default
value is 20.
Number of seconds to wait for a command prompt after issuing a
command. The default value is 3.
Number of seconds to wait for a command prompt after login.
The default value is 5.
Number of attempts to retry a power on operation. The default
value is 1.
Power Wait
(seconds)
Power Timeout po wer_ti meo
(seconds)
ut
Shell Timeout
(seconds)
Login Timeout
(seconds)
Times to Retry
Power On
Operation
Port (Outlet)
Number
D elay
(optional)
UD P/TCP port to use for connections with the device; the default
value is 161.
The login name used to access the device.
The password used to authenticate the connection to the device.
The script that supplies a password for access to the fence
device. Using this supersedes the Passwo rd parameter.
shel l _ti me
o ut
l o g i n_ti me
o ut
retry_o n
The SNMP community string.
The SNMP authentication protocol (MD 5, SHA).
The SNMP Privacy Protocol Password.
po rt
Physical plug number or name of virtual machine.
d el ay
The number of seconds to wait before fencing is started. The
default value is 0.
Figure 4.15, “ IBM BladeCenter SNMP” shows the configuration screen for adding an IBM
BladeCenter SNMP fence device.
67
Fence Configurat ion G uide
Fig u re 4 .15. IB M B lad eC en t er SN MP
The following command creates a fence device instance for an IBM BladeCenter SNMP device:
ccs -f cluster.conf --addfencedev bladesnmp1 agent=fence_ibmblade
community=private ipaddr=192.168.0.1 login=root \
passwd=password123 snmp_priv_passwd=snmpasswd123 power_wait=60
The following is the cl uster. co nf entry for the fence_i bmbl ad e device:
<fencedevices>
<fencedevice agent="fence_ibmblade" community="private"
68
⁠Chapt er 4 . Fence Devices
ipaddr="192.168.0.1" login="root" name="bladesnmp1" \
passwd="password123" power_wait="60" snmp_priv_passwd="snmpasswd123"
udpport="161"/>
</fencedevices>
4 .19. IBM iPDU
Table 4.20, “ IBM iPD U (Red Hat Enterprise Linux 6.4 and later)” lists the fence device parameters
used by fence_i pd u, the fence agent for iPD U over SNMP devices.
T ab le 4 .20. IB M iPD U ( R ed H at En t erp rise Lin u x 6 .4 an d lat er)
lu ci Field
cl uster. co n
f At t rib u t e
D escrip t io n
Name
name
IP Address or
Hostname
UD P/TCP Port
i pad d r
A name for the IBM iPD U device connected to the cluster into
which the fence daemon logs via the SNMP protocol.
The IP address or hostname assigned to the device.
Login
Password
Password
Script
(optional)
SNMP Version
login
passwd
passwd _scri
pt
SNMP
Community
SNMP Security
Level
SNMP
Authentication
Protocol
SNMP Privacy
Protocol
SNMP Privacy
Protocol
Password
SNMP Privacy
Protocol Script
ud ppo rt
snmp_versi o
n
co mmuni ty
The SNMP version to use (1, 2c, 3); the default value is 1.
snmp_sec_l e
vel
snmp_auth_p
ro t
The SNMP security level (noAuthNoPriv, authNoPriv, authPriv).
snmp_pri v_p
ro t
snmp_pri v_p
asswd
The SNMP privacy protocol (D ES, AES).
snmp_pri v_p
asswd _scri p
t
po wer_wai t
The script that supplies a password for SNMP privacy protocol.
Using this supersedes the SN MP p rivacy p ro t o co l p asswo rd
parameter.
Number of seconds to wait after issuing a power off or power on
command.
Number of seconds to wait before testing for a status change
after issuing a power on or power on command. The default
value is 20.
Number of seconds to wait for a command prompt after issuing a
command. The default value is 3.
Number of seconds to wait for a command prompt after login.
The default value is 5.
Power Wait
(seconds)
Power Timeout po wer_ti meo
(seconds)
ut
Shell Timeout
(seconds)
Login Timeout
(seconds)
The UD P/TCP port to use for connection with the device; the
default value is 161.
The login name used to access the device.
The password used to authenticate the connection to the device.
The script that supplies a password for access to the fence
device. Using this supersedes the Passwo rd parameter.
shel l _ti me
o ut
l o g i n_ti me
o ut
The SNMP community string; the default value is pri vate.
The SNMP Authentication Protocol (MD 5, SHA).
The SNMP privacy protocol password.
69
Fence Configurat ion G uide
lu ci Field
cl uster. co n
f At t rib u t e
D escrip t io n
Times to Retry
Power On
Operation
Port (Outlet)
Number
D elay
(optional)
retry_o n
Number of attempts to retry a power on operation. The default
value is 1.
po rt
Physical plug number or name of virtual machine.
d el ay
The number of seconds to wait before fencing is started. The
default value is 0.
Figure 4.16, “ IBM iPD U” shows the configuration screen for adding an IBM iPD U fence device.
Fig u re 4 .16 . IB M iPD U
70
⁠Chapt er 4 . Fence Devices
The following command creates a fence device instance for an IBM iPD U device:
ccs -f cluster.conf --addfencedev ipdutest1 agent=fence_ipdu
community=ipdusnmpcom ipaddr=192.168.0.1 login=root \
passwd=password123 snmp_priv_passwd=snmpasswd123 power_wait=60
snmp_priv_prot=AES udpport=111
The following is the cl uster. co nf entry for the fence_i pd u device:
<fencedevices>
<fencedevice agent="fence_ipdu" community="ipdusnmpcom"
ipaddr="ipduhost" login="root" name="ipdutest1" \
passwd="password123" power_wait="60"
snmp_priv_passwd="ipduprivprotpasswd" snmp_priv_prot="AES" \
udpport="111"/>
</fencedevices>
4 .20. IF-MIB
Table 4.21, “ IF MIB” lists the fence device parameters used by fence_i fmi b, the fence agent for IFMIB devices.
T ab le 4 .21. IF MIB
lu ci Field
cl uster. co n
f At t rib u t e
D escrip t io n
Name
IP Address or
Hostname
UD P/TCP Port
(optional)
Login
Password
Password
Script
(optional)
SNMP Version
name
i pad d r
A name for the IF MIB device connected to the cluster.
The IP address or hostname assigned to the device.
ud ppo rt
The UD P/TCP port to use for connection with the device; the
default value is 161.
The login name used to access the device.
The password used to authenticate the connection to the device.
The script that supplies a password for access to the fence
device. Using this supersedes the Passwo rd parameter.
SNMP
Community
SNMP Security
Level
SNMP
Authentication
Protocol
SNMP Privacy
Protocol
SNMP Privacy
Protocol
Password
login
passwd
passwd _scri
pt
snmp_versi o
n
co mmuni ty
The SNMP version to use (1, 2c, 3); the default value is 1.
snmp_sec_l e
vel
snmp_auth_p
ro t
The SNMP security level (noAuthNoPriv, authNoPriv, authPriv).
snmp_pri v_p
ro t
snmp_pri v_p
asswd
The SNMP privacy protocol (D ES, AES).
The SNMP community string.
The SNMP authentication protocol (MD 5, SHA).
The SNMP privacy protocol password.
71
Fence Configurat ion G uide
lu ci Field
cl uster. co n
f At t rib u t e
SNMP Privacy snmp_pri v_p
Protocol Script asswd _scri p
t
Power Wait
po wer_wai t
(seconds)
Power Timeout po wer_ti meo
(seconds)
ut
Shell Timeout
(seconds)
Login Timeout
(seconds)
Times to Retry
Power On
Operation
Port (Outlet)
Number
D elay
(optional)
shel l _ti me
o ut
l o g i n_ti me
o ut
retry_o n
D escrip t io n
The script that supplies a password for SNMP privacy protocol.
Using this supersedes the SN MP p rivacy p ro t o co l p asswo rd
parameter.
Number of seconds to wait after issuing a power off or power on
command.
Number of seconds to wait before testing for a status change
after issuing a power on or power on command. The default
value is 20.
Number of seconds to wait for a command prompt after issuing a
command. The default value is 3.
Number of seconds to wait for a command prompt after login.
The default value is 5.
Number of attempts to retry a power on operation. The default
value is 1.
po rt
Physical plug number or name of virtual machine.
d el ay
The number of seconds to wait before fencing is started. The
default value is 0.
Figure 4.17, “ IF-MIB” shows the configuration screen for adding an IF-MIB fence device.
72
⁠Chapt er 4 . Fence Devices
Fig u re 4 .17. IF- MIB
The following command creates a fence device instance for an IF-MIB device:
ccs -f cluster.conf --addfencedev ifmib1 agent=fence_ifmib
community=private ipaddr=192.168.0.1 login=root \
passwd=password123 snmp_priv_passwd=snmpasswd123 power_wait=60
udpport=161
The following is the cl uster. co nf entry for the fence_i fmi b device:
<fencedevices>
73
Fence Configurat ion G uide
<fencedevice agent="fence_ifmib" community="private"
ipaddr="192.168.0.1" login="root" name="ifmib1" \
passwd="password123" power_wait="60" snmp_priv_passwd="snmpasswd123"
udpport="161"/>
</fencedevices>
4 .21. Int el Modular
Table 4.22, “ Intel Modular” lists the fence device parameters used by fence_i ntel mo d ul ar, the
fence agent for Intel Modular.
T ab le 4 .22. In t el Mo d u lar
lu ci Field
cl uster. co n
f At t rib u t e
D escrip t io n
Name
IP Address or
Hostname
UD P/TCP Port
(optional)
Login
Password
Password
Script
(optional)
SNMP Version
name
i pad d r
A name for the Intel Modular device connected to the cluster.
The IP address or hostname assigned to the device.
ud ppo rt
The UD P/TCP port to use for connection with the device; the
default value is 161.
The login name used to access the device.
The password used to authenticate the connection to the device.
The script that supplies a password for access to the fence
device. Using this supersedes the Passwo rd parameter.
SNMP
Community
SNMP Security
Level
SNMP
Authentication
Protocol
SNMP Privacy
Protocol
SNMP Privacy
Protocol
Password
SNMP Privacy
Protocol Script
login
passwd
passwd _scri
pt
snmp_versi o
n
co mmuni ty
The SNMP version to use (1, 2c, 3); the default value is 1.
snmp_sec_l e
vel
snmp_auth_p
ro t
The SNMP security level (noAuthNoPriv, authNoPriv, authPriv).
snmp_pri v_p
ro t
snmp_pri v_p
asswd
The SNMP privacy protocol (D ES, AES).
snmp_pri v_p
asswd _scri p
t
po wer_wai t
The script that supplies a password for SNMP privacy protocol.
Using this supersedes the SN MP p rivacy p ro t o co l p asswo rd
parameter.
Number of seconds to wait after issuing a power off or power on
command.
Number of seconds to wait before testing for a status change
after issuing a power on or power on command. The default
value is 20.
Number of seconds to wait for a command prompt after issuing a
command. The default value is 3.
Number of seconds to wait for a command prompt after login.
The default value is 5.
Power Wait
(seconds)
Power Timeout po wer_ti meo
(seconds)
ut
Shell Timeout
(seconds)
Login Timeout
(seconds)
74
shel l _ti me
o ut
l o g i n_ti me
o ut
The SNMP community string; the default value is pri vate.
The SNMP authentication protocol (MD 5, SHA).
The SNMP privacy protocol password.
⁠Chapt er 4 . Fence Devices
lu ci Field
cl uster. co n
f At t rib u t e
D escrip t io n
Times to Retry
Power On
Operation
Port (Outlet)
Number
D elay
(optional)
retry_o n
Number of attempts to retry a power on operation. The default
value is 1.
po rt
Physical plug number or name of virtual machine.
d el ay
The number of seconds to wait before fencing is started. The
default value is 0.
Figure 4.18, “ Intel Modular” shows the configuration screen for adding an Intel Modular fence device.
Fig u re 4 .18. In t el Mo d u lar
75
Fence Configurat ion G uide
The following command creates a fence device instance for an Intel Modular device:
ccs -f cluster.conf --addfencedev intelmodular1 agent=fence_intelmodular
community=private ipaddr=192.168.0.1 login=root \
passwd=password123 snmp_priv_passwd=snmpasswd123 power_wait=60
udpport=161
The following is the cl uster. co nf entry for the fence_i ntel mo d ul ar device:
<fencedevices>
<fencedevice agent="fence_intelmodular" community="private"
ipaddr="192.168.0.1" login="root" name="intelmodular1" \
passwd="password123" power_wait="60" snmp_priv_passwd="snmpasswd123"
udpport="161"/>
</fencedevices>
4 .22. IPMI over LAN
The fence agents for IPMI over LAN (fence_i pmi l an,) D ell iD RAC (fence_i d rac), IBM Integrated
Management Module (fence_i mm), HP iLO3 devices (fence_i l o 3), and HP iLO4 devices
(fence_i l o 4 ) share the same implementation. Table 4.23, “ IPMI (Intelligent Platform Management
Interface) LAN, D ell iD rac, IBM Integrated Management Module, HPiLO3, HPiLO4” lists the fence
device parameters used by these agents.
T ab le 4 .23. IPMI ( In t ellig en t Plat f o rm Man ag emen t In t erf ace) LAN , D ell iD rac, IB M
In t eg rat ed Man ag emen t Mo d u le, H PiLO 3, H PiLO 4
lu ci Field
cl uster. co n
f At t rib u t e
D escrip t io n
Name
IP Address or
Hostname
Login
name
i pad d r
A name for the fence device connected to the cluster.
The IP address or hostname assigned to the device.
login
Password
Password
Script
(optional)
Authentication
Type
Use Lanplus
passwd
passwd _scri
pt
The login name of a user capable of issuing power on/off
commands to the given port.
The password used to authenticate the connection to the port.
The script that supplies a password for access to the fence
device. Using this supersedes the Passwo rd parameter.
auth
Authentication type: no ne, passwo rd , or MD 5.
l anpl us
Ciphersuite to
use
Privilege level
IPMI Operation
Timeout
Power Timeout
(seconds)
ci pher
T rue or 1. If blank, then value is Fal se. It is recommended that
you enable Lanplus to improve the security of your connection if
your hardware supports it.
The remote server authentication, integrity, and encryption
algorithms to use for IPMIv2 lanplus connections.
The privilege level on the device.
Timeout in seconds for IPMI operation.
76
pri vl vl
ti meo ut
po wer_ti meo
ut
Number of seconds to wait before testing for a status change
after issuing a power on or power on command. The default
value is 20.
⁠Chapt er 4 . Fence Devices
lu ci Field
cl uster. co n
f At t rib u t e
D escrip t io n
Shell Timeout
(seconds)
Login Timeout
(seconds)
Times to Retry
Power On
Operation
Power Wait
(seconds)
shel l _ti me
o ut
l o g i n_ti me
o ut
retry_o n
Number of seconds to wait for a command prompt after issuing a
command. The default value is 3.
Number of seconds to wait for a command prompt after login.
The default value is 5.
Number of attempts to retry a power on operation. The default
value is 1.
po wer_wai t
D elay
(optional)
d el ay
Number of seconds to wait after issuing a power off or power on
command. The default value is 2 seconds for fence_i pmi l an,
fence_i d rac, fence_i mm, and fence_i l o 4 . The default
value is 4 seconds for fence_i l o 3.
The number of seconds to wait before fencing is started. The
default value is 0.
Figure 4.19, “ IPMI over LAN” shows the configuration screen for adding an IPMI over LAN device
Fig u re 4 .19 . IPMI o ver LAN
77
Fence Configurat ion G uide
The following command creates a fence device instance for an IPMI over LAN device:
ccs -f cluster.conf --addfencedev ipmitest1 agent=fence_ipmilan
auth=password cipher=3 ipaddr=192.168.0.1 \
lanplus=on login=root passwd=password123
The following is the cl uster. co nf entry for the fence_i pmi l an device:
<fencedevices>
<fencedevice agent="fence_ipmilan" auth="password" cipher="3"
ipaddr="192.168.0.1" lanplus="on" login="root" \
name="ipmitest1" passwd="password123"/>
</fencedevices>
4 .23. Fence kdump
Table 4.24, “ Fence kdump” lists the fence device parameters used by fence_d kump, the fence agent
for kd ump crash recovery service. Note that fence_kd ump is not a replacement for traditional
fencing methods; The fence_kd ump agent can detect only that a node has entered the kd ump crash
recovery service. This allows the kd ump crash recovery service to complete without being preempted
by traditional power fencing methods.
T ab le 4 .24 . Fen ce kd u mp
lu ci Field
cl uster. co n
f At t rib u t e
D escrip t io n
Name
IP Family
IP Port
(optional)
Operation
Timeout
(seconds)
(optional)
Node name
name
fami l y
i ppo rt
ti meo ut
A name for the fence_kd ump device.
IP network family. The default value is auto .
IP port number that the fence_kd ump agent will use to listen for
messages. The default value is 7410.
Number of seconds to wait for message from failed node.
no d ename
Name or IP address of the node to be fenced.
4 .24 . Mult ipat h Persist ent Reservat ion Fencing (Red Hat Ent erprise
Linux 6.7 and lat er)
Table 4.25, “ Multipath Persistent Reservation Fencing (Red Hat Enterprise Linux 6.7 and later)” lists
the fence device parameters used by fence_mpath, the fence agent for multipath persistent
reservation fencing.
T ab le 4 .25. Mu lt ip at h Persist en t R eservat io n Fen cin g ( R ed H at En t erp rise Lin u x 6 .7 an d
lat er)
lu ci Field
cl uster. co n
f At t rib u t e
D escrip t io n
Name
name
A name for the fence_mpath device.
78
⁠Chapt er 4 . Fence Devices
lu ci Field
cl uster. co n
f At t rib u t e
D escrip t io n
D evices
(Comma
delimited list)
Use sudo
when calling
third-party
software
Path to sudo
binary
(optional)
Path to
mpathpersist
binary
(optional)
Path to a
directory
where the
fence agent
can store
information
(optional)
Power Wait
(seconds)
Power Timeout
(seconds)
d evi ces
Comma-separated list of devices to use for the current operation.
Each device must support SCSI-3 persistent reservations.
sud o
Use sudo (without password) when calling 3rd party sotfware.
sud o _path
Path to sudo binary (default value is /usr/bi n/sud o .
mpathpersi s
t_path
Path to mpathpersist binary (default value is
/sbi n/mpathpersi st.
sto re_path
Path to directory where fence agent can store information
(default value is /var/run/cl uster.
po wer_wai t
Shell Timeout
(seconds)
Login Timeout
(seconds)
Times to Retry
Power On
Operation
Unfencing
shel l _ti me
o ut
l o g i n_ti me
o ut
retry_o n
Number of seconds to wait after issuing a power off or power on
command.
Number of seconds to wait before testing for a status change
after issuing a power on or power on command. The default
value is 20.
Number of seconds to wait for a command prompt after issuing a
command. The default value is 3.
Number of seconds to wait for a command prompt after login.
The default value is 5.
Number of attempts to retry a power on operation. The default
value is 1.
Key for current
action
key
D elay
(optional)
d el ay
po wer_ti meo
ut
unfence
section of the
cluster
configuration
file
When enabled, this ensures that a fenced node is not re-enabled
until the node has been rebooted. This is necessary for nonpower fence methods. When you configure a device that requires
unfencing, the cluster must first be stopped and the full
configuration including devices and unfencing must be added
before the cluster is started. For more information about
unfencing a node, refer to the fence_no d e(8) man page.
Key to use for the current operation. This key should be unique
to a node and written in /etc/mul ti path. co nf. For the " on"
action, the key specifies the key use to register the local node.
For the " off" action, this key specifies the key to be removed from
the device(s). This parameter is always required.
The number of seconds to wait before fencing is started. The
default value is 0.
4 .25. RHEV-M REST API
79
Fence Configurat ion G uide
Table 4.26, “ RHEV-M REST API (RHEL 6.2 and later against RHEV 3.0 and later)” lists the fence
device parameters used by fence_rhevm, the fence agent for RHEV-M REST API.
T ab le 4 .26 . R H EV- M R EST API ( R H EL 6 .2 an d lat er ag ain st R H EV 3.0 an d lat er)
lu ci Field
cl uster. co n
f At t rib u t e
D escrip t io n
Name
IP Address or
Hostname
IP Port
(optional)
Login
Password
Password
Script
(optional)
Use SSL
Power Wait
(seconds)
Power Timeout
(seconds)
name
i pad d r
Name of the RHEV-M REST API fencing device.
The IP address or hostname assigned to the device.
i ppo rt
The TCP port to use for connection with the device.
login
passwd
passwd _scri
pt
The login name used to access the device.
The password used to authenticate the connection to the device.
The script that supplies a password for access to the fence
device. Using this supersedes the Passwo rd parameter.
ssl
po wer_wai t
Shell Timeout
(seconds)
Login Timeout
(seconds)
Times to Retry
Power On
Operation
Port (Outlet)
Number
D elay
(optional)
shel l _ti me
o ut
l o g i n_ti me
o ut
retry_o n
Use SSL connections to communicate with the device.
Number of seconds to wait after issuing a power off or power on
command.
Number of seconds to wait before testing for a status change
after issuing a power on or power on command. The default
value is 20.
Number of seconds to wait for a command prompt after issuing a
command. The default value is 3.
Number of seconds to wait for a command prompt after login.
The default value is 5.
Number of attempts to retry a power on operation. The default
value is 1.
po wer_ti meo
ut
po rt
Physical plug number or name of virtual machine.
d el ay
The number of seconds to wait before fencing is started. The
default value is 0.
Figure 4.20, “ RHEV-M REST API” shows the configuration screen for adding an RHEV-M REST API
device
80
⁠Chapt er 4 . Fence Devices
Fig u re 4 .20. R H EV- M R EST API
The following command creates a fence device instance for an RHEV-M REST API device:
ccs -f cluster.conf --addfencedev rhevmtest1 agent=fence_rhevm
ipaddr=192.168.0.1 login=root passwd=password123 \
power_wait=60 ssl=on
The following is the cl uster. co nf entry for the fence_rhevm device:
<fencedevices>
<fencedevice agent="fence_rhevm" ipaddr="192.168.0.1" login="root"
name="rhevmtest1" passwd="password123" \
power_wait="60" ssl="on"/>
</fencedevices>
4 .26. SCSI Persist ent Reservat ions
Table 4.27, “ SCSI Reservation Fencing” lists the fence device parameters used by fence_scsi , the
fence agent for SCSI persistent reservations.
81
Fence Configurat ion G uide
Note
Use of SCSI persistent reservations as a fence method is supported with the following
limitations:
When using SCSI fencing, all nodes in the cluster must register with the same devices so
that each node can remove another node's registration key from all the devices it is
registered with.
D evices used for the cluster volumes should be a complete LUN, not partitions. SCSI
persistent reservations work on an entire LUN, meaning that access is controlled to each
LUN, not individual partitions.
It is recommended that devices used for the cluster volumes be specified in the format
/d ev/d i sk/by-i d /xxx where possible. D evices specified in this format are consistent
among all nodes and will point to the same disk, unlike devices specified in a format such as
/d ev/sd a which can point to different disks from machine to machine and across reboots.
T ab le 4 .27. SC SI R eservat io n Fen cin g
lu ci Field
cl uster. co n
f At t rib u t e
D escrip t io n
Name
Unfencing
name
unfence
section of the
cluster
configuration
file
Node name
no d ename
Key for current
action
key
D elay
(optional)
d el ay
A name for the SCSI fence device.
When enabled, this ensures that a fenced node is not re-enabled
until the node has been rebooted. This is necessary for nonpower fence methods (that is, SAN/storage fencing). When you
configure a device that requires unfencing, the cluster must first
be stopped and the full configuration including devices and
unfencing must be added before the cluster is started. For more
information about unfencing a node, refer to the fence_no d e(8)
man page.
The node name is used to generate the key value used for the
current operation.
(overrides node name) Key to use for the current operation. This
key should be unique to a node. For the " on" action, the key
specifies the key use to register the local node. For the " off"
action,this key specifies the key to be removed from the device(s).
The number of seconds to wait before fencing is started. The
default value is 0.
Figure 4.21, “ SCSI Fencing” shows the configuration screen for adding an SCSI fence device
82
⁠Chapt er 4 . Fence Devices
Fig u re 4 .21. SC SI Fen cin g
The following command creates a fence device instance for a SCSI Fence device:
ccs -f cluster.conf --addfencedev scsifencetest1 agent=fence_scsi
The following is the cl uster. co nf entry for the fence_scsi device:
<fencedevices>
<<fencedevice agent="fence_scsi" name="scsifencetest1"/>
</fencedevices>
4 .27. VMWare over SOAP API
Table 4.28, “ VMware Fencing (SOAP Interface) (Red Hat Enterprise Linux 6.2 and later)” lists the
fence device parameters used by fence_vmware_so ap, the fence agent for VMWare over SOAP API.
T ab le 4 .28. VMware Fen cin g ( SO AP In t erf ace) ( R ed H at En t erp rise Lin u x 6 .2 an d lat er)
lu ci Field
cl uster. co n
f At t rib u t e
D escrip t io n
Name
IP Address or
Hostname
IP Port
(optional)
Login
Password
Password
Script
(optional)
Power Wait
(seconds)
Power Timeout
(seconds)
name
i pad d r
Name of the virtual machine fencing device.
The IP address or hostname assigned to the device.
i ppo rt
The TCP port to use for connection with the device. The default
port is 80, or 443 if Use SSL is selected.
The login name used to access the device.
The password used to authenticate the connection to the device.
The script that supplies a password for access to the fence
device. Using this supersedes the Passwo rd parameter.
login
passwd
passwd _scri
pt
po wer_wai t
po wer_ti meo
ut
Number of seconds to wait after issuing a power off or power on
command.
Number of seconds to wait before testing for a status change
after issuing a power on or power on command. The default
value is 20.
83
Fence Configurat ion G uide
lu ci Field
cl uster. co n
f At t rib u t e
D escrip t io n
Shell Timeout
(seconds)
Login Timeout
(seconds)
Times to Retry
Power On
Operation
VM name
shel l _ti me
o ut
l o g i n_ti me
o ut
retry_o n
Number of seconds to wait for a command prompt after issuing a
command. The default value is 3.
Number of seconds to wait for a command prompt after login.
The default value is 5.
Number of attempts to retry a power on operation. The default
value is 1.
po rt
VM UUID
D elay
(optional)
Use SSL
uui d
d el ay
Name of virtual machine in inventory path format (e.g.,
/datacenter/vm/D iscovered_virtual_machine/myMachine).
The UUID of the virtual machine to fence.
The number of seconds to wait before fencing is started. The
default value is 0.
Use SSL connections to communicate with the device.
ssl
Figure 4.22, “ VMWare over SOAP Fencing” shows the configuration screen for adding a VMWare
over SOAP fence device
Fig u re 4 .22. VMWare o ver SO AP Fen cin g
The following command creates a fence device instance for a VMWare over SOAP fence device:
84
⁠Chapt er 4 . Fence Devices
ccs -f cluster.conf --addfencedev vmwaresoaptest1 agent=fence_vmware_soap
login=root passwd=password123 power_wait=60 \
separator=,
The following is the cl uster. co nf entry for the fence_vmware_so ap device:
<fencedevices>
<fencedevice agent="fence_vmware_soap" ipaddr="192.168.0.1"
login="root" name="vmwaresoaptest1" passwd="password123" \
power_wait="60" separator="."/>
</fencedevices>
4 .28. WT I Power Swit ch
Table 4.29, “ WTI Power Switch” lists the fence device parameters used by fence_wti , the fence
agent for the WTI network power switch.
T ab le 4 .29 . WT I Po wer Swit ch
lu ci Field
cl uster. co n
f At t rib u t e
D escrip t io n
Name
IP Address or
Hostname
IP Port
(optional)
Login
Password
Password
Script
(optional)
Force
command
prompt
Power Wait
(seconds)
Power Timeout
(seconds)
name
i pad d r
A name for the WTI power switch connected to the cluster.
The IP or hostname address assigned to the device.
i ppo rt
The TCP port to use to connect to the device.
login
passwd
passwd _scri
pt
The login name used to access the device.
The password used to authenticate the connection to the device.
The script that supplies a password for access to the fence
device. Using this supersedes the Passwo rd parameter.
cmd _pro mpt
The command prompt to use. The default value is ['RSM>',
'>MPC', 'IPS>', 'TPS>', 'NBB>', 'NPS>', 'VMR>']
po wer_wai t
Shell Timeout
(seconds)
Login Timeout
(seconds)
Times to Retry
Power On
Operation
Use SSH
shel l _ti me
o ut
l o g i n_ti me
o ut
retry_o n
Number of seconds to wait after issuing a power off or power on
command.
Number of seconds to wait before testing for a status change
after issuing a power on or power on command. The default
value is 20.
Number of seconds to wait for a command prompt after issuing a
command. The default value is 3.
Number of seconds to wait for a command prompt after login.
The default value is 5.
Number of attempts to retry a power on operation. The default
value is 1.
SSH Options
po wer_ti meo
ut
Indicates that system will use SSH to access the device. When
using SSH, you must specify either a password, a password
script, or an identity file.
ssh_o pti o ns SSH options to use. The default value is -1 -c bl o wfi sh.
secure
85
Fence Configurat ion G uide
lu ci Field
cl uster. co n
f At t rib u t e
D escrip t io n
Path to SSH
Identity File
Port
i d enti ty_fi
le
po rt
The identity file for SSH.
Physical plug number or name of virtual machine.
Figure 4.23, “ WTI Fencing” shows the configuration screen for adding a WTI fence device
Fig u re 4 .23. WT I Fen cin g
The following command creates a fence device instance for a WTI fence device:
ccs -f cluster.conf --addfencedev wtipwrsw1 agent=fence_wti
cmd_prompt=VMR> login=root passwd=password123 \
power_wait=60
The following is the cl uster. co nf entry for the fence_wti device:
<fencedevices>
<fencedevice agent="fence_wti" cmd_prompt="VMR& gt;"
ipaddr="192.168.0.1" login="root" name="wtipwrsw1" \
86
⁠Chapt er 4 . Fence Devices
passwd="password123" power_wait="60"/>
</fencedevices>
87
Fence Configurat ion G uide
Appendix A. Revision History
R evisio n 3- 5
Wed Ap r 27 2016
Preparing document for 6.8 GA publication.
St even Levin e
R evisio n 3- 4
Wed Mar 9 2016
Initial revision for Red Hat Enterprise Linux 6.8 Beta release
St even Levin e
R evisio n 2- 2
Wed Ju l 8 2015
Initial revision for Red Hat Enterprise Linux 6.7
St even Levin e
R evisio n 2- 1
T h u Ap r 16 2015
Initial revision for Red Hat Enterprise Linux 6.7 Beta release
St even Levin e
R evisio n 1- 13
Wed O ct 8 2014
Initial revision for Red Hat Enterprise Linux 6.6
St even Levin e
R evisio n 1- 11
T h u Au g 7 2014
Initial revision for Red Hat Enterprise Linux 6.6 Beta release
St even Levin e
R evisio n 1- 9
Wed N o v 20 2013
Initial revision for Red Hat Enterprise Linux 6.5
Jo h n H a
R evisio n 1- 4
Mo n N o v 28 2012
Initial revision for Red Hat Enterprise Linux 6.5 Beta release
Jo h n H a
R evisio n 1- 2
Mo n N o v 28 2012
Initial revision for Red Hat Enterprise Linux 6.4 Beta release
Jo h n H a
Index
A
AC PI
- configuring, Configuring ACPI For Use with Integrated Fence D evices
APC p o wer swit ch o ver SN MP f en ce d evice , APC Po wer Swit ch o ver SN MP
APC p o wer swit ch o ver t eln et /SSH f en ce d evice , APC Po wer Swit ch o ver T eln et an d
SSH
B
B ro cad e f ab ric swit ch f en ce d evice , B ro cad e Fab ric Swit ch
C
C ISC O MD S f en ce d evice , C isco MD S
C isco U C S f en ce d evice , C isco U C S
clu st er ad min ist rat io n
- configuring ACPI, Configuring ACPI For Use with Integrated Fence D evices
88
⁠Appendix A. Revision Hist ory
D
D ell D R AC 5 f en ce d evice , D ell D rac 5
D ell iD R AC f en ce d evice , IPMI o ver LAN
E
Eat o n n et wo rk p o wer swit ch , Eat o n N et wo rk Po wer Swit ch
Eg en era B lad eFrame f en ce d evice , Eg en era B lad eFrame
Emerso n n et wo rk p o wer swit ch f en ce d evice , Emerso n N et wo rk Po wer Swit ch
( SN MP in t erf ace)
ePo werSwit ch f en ce d evice , ePo werSwit ch
F
f eed b ack
- contact information for this manual, We Need Feedback
f en ce
- configuration, Fencing Pre-Configuration
- devices, Fence D evices
f en ce ag en t
- fence_apc, APC Power Switch over Telnet and SSH
- fence_apc_snmp, APC Power Switch over SNMP
- fence_bladecenter, IBM BladeCenter
- fence_brocade, Brocade Fabric Switch
- fence_cisco_mds, Cisco MD S
- fence_cisco_ucs, Cisco UCS
- fence_drac5, D ell D rac 5
- fence_eaton_snmp, Eaton Network Power Switch
- fence_egenera, Egenera BladeFrame
- fence_emerson, Emerson Network Power Switch (SNMP interface)
- fence_eps, ePowerSwitch
- fence_hpblade, Hewlett-Packard BladeSystem
- fence_ibmblade, IBM BladeCenter over SNMP
- fence_idrac, IPMI over LAN
- fence_ifmib, IF-MIB
- fence_ilo, Hewlett-Packard iLO
- fence_ilo2, Hewlett-Packard iLO
- fence_ilo3, IPMI over LAN
- fence_ilo4, IPMI over LAN
- fence_ilo_mp, Hewlett-Packard iLO MP
- fence_imm, IPMI over LAN
- fence_intelmodular, Intel Modular
- fence_ipdu, IBM iPD U
- fence_ipmilan, IPMI over LAN
- fence_kdump, Fence kdump
- fence_mpath, Multipath Persistent Reservation Fencing (Red Hat Enterprise Linux 6.7
and later)
- fence_rhevm, RHEV-M REST API
- fence_rsb, Fujitsu-Siemens RemoteView Service Board (RSB)
- fence_scsi, SCSI Persistent Reservations
- fence_virt, Fence Virt (Serial/VMChannel Mode)
- fence_vmware_soap, VMWare over SOAP API
- fence_wti, WTI Power Switch
89
Fence Configurat ion G uide
- fence_xvm, Fence Virt (Multicast Mode)
f en ce co n f ig u rat io n , Fen cin g Pre- C o n f ig u rat io n , C o n f ig u rin g Fen cin g wit h C o n g a
- SELinux, SELinux
f en ce d evice
- APC power switch over SNMP, APC Power Switch over SNMP
- APC power switch over telnet/SSH, APC Power Switch over Telnet and SSH
- Brocade fabric switch, Brocade Fabric Switch
- Cisco MD S, Cisco MD S
- Cisco UCS, Cisco UCS
- D ell D RAC 5, D ell D rac 5
- D ell iD RAC, IPMI over LAN
- Eaton network power switch, Eaton Network Power Switch
- Egenera BladeFrame, Egenera BladeFrame
- Emerson network power switch, Emerson Network Power Switch (SNMP interface)
- ePowerSwitch, ePowerSwitch
- Fence virt, Fence Virt (Serial/VMChannel Mode)
- Fence virt (Multicast Mode), Fence Virt (Multicast Mode)
- Fujitsu Siemens RemoteView Service Board (RSB), Fujitsu-Siemens RemoteView
Service Board (RSB)
- HP BladeSystem, Hewlett-Packard BladeSystem
- HP iLO, Hewlett-Packard iLO
- HP iLO MP, Hewlett-Packard iLO MP
- HP iLO2, Hewlett-Packard iLO
- HP iLO3, IPMI over LAN
- HP iLO4, IPMI over LAN
- IBM BladeCenter, IBM BladeCenter
- IBM BladeCenter SNMP, IBM BladeCenter over SNMP
- IBM Integrated Management Module, IPMI over LAN
- IBM iPD U, IBM iPD U
- IF MIB, IF-MIB
- Intel Modular, Intel Modular
- IPMI LAN, IPMI over LAN
- multipath persistent reservation fencing, Multipath Persistent Reservation Fencing
(Red Hat Enterprise Linux 6.7 and later)
- RHEV-M REST API, RHEV-M REST API
- SCSI fencing, SCSI Persistent Reservations
- VMware (SOAP interface), VMWare over SOAP API
- WTI power switch, WTI Power Switch
f en ce d evices, Fen ce D evices
Fen ce virt f en ce d evice , Fen ce Virt ( Serial/VMC h an n el Mo d e) , Fen ce Virt ( Mu lt icast
Mo d e)
f en ce_ap c f en ce ag en t , APC Po wer Swit ch o ver T eln et an d SSH
f en ce_ap c_sn mp f en ce ag en t , APC Po wer Swit ch o ver SN MP
f en ce_b lad ecen t er f en ce ag en t , IB M B lad eC en t er
f en ce_b ro cad e f en ce ag en t , B ro cad e Fab ric Swit ch
f en ce_cisco _md s f en ce ag en t , C isco MD S
f en ce_cisco _u cs f en ce ag en t , C isco U C S
f en ce_d rac5 f en ce ag en t , D ell D rac 5
f en ce_eat o n _sn mp f en ce ag en t , Eat o n N et wo rk Po wer Swit ch
90
⁠Appendix A. Revision Hist ory
f en ce_eg en era f en ce ag en t , Eg en era B lad eFrame
f en ce_emerso n f en ce ag en t , Emerso n N et wo rk Po wer Swit ch ( SN MP in t erf ace)
f en ce_ep s f en ce ag en t , ePo werSwit ch
f en ce_h p b lad e f en ce ag en t , H ewlet t - Packard B lad eSyst em
f en ce_ib mb lad e f en ce ag en t , IB M B lad eC en t er o ver SN MP
f en ce_id rac f en ce ag en t , IPMI o ver LAN
f en ce_if mib f en ce ag en t , IF- MIB
f en ce_ilo f en ce ag en t , H ewlet t - Packard iLO
f en ce_ilo 2 f en ce ag en t , H ewlet t - Packard iLO
f en ce_ilo 3 f en ce ag en t , IPMI o ver LAN
f en ce_ilo 4 f en ce ag en t , IPMI o ver LAN
f en ce_ilo _mp f en ce ag en t , H ewlet t - Packard iLO MP
f en ce_imm f en ce ag en t , IPMI o ver LAN
f en ce_in t elmo d u lar f en ce ag en t , In t el Mo d u lar
f en ce_ip d u f en ce ag en t , IB M iPD U
f en ce_ip milan f en ce ag en t , IPMI o ver LAN
f en ce_kd u mp f en ce ag en t , Fen ce kd u mp
f en ce_mp at h f en ce ag en t , Mu lt ip at h Persist en t R eservat io n Fen cin g ( R ed H at
En t erp rise Lin u x 6 .7 an d lat er)
f en ce_rh evm f en ce ag en t , R H EV- M R EST API
f en ce_rsb f en ce ag en t , Fu jit su - Siemen s R emo t eView Service B o ard ( R SB )
f en ce_scsi f en ce ag en t , SC SI Persist en t R eservat io n s
f en ce_virt f en ce ag en t , Fen ce Virt ( Serial/VMC h an n el Mo d e)
f en ce_vmware_so ap f en ce ag en t , VMWare o ver SO AP API
f en ce_wt i f en ce ag en t , WT I Po wer Swit ch
f en ce_xvm f en ce ag en t , Fen ce Virt ( Mu lt icast Mo d e)
f en cin g
- configuration, Configuring Fencing with the ccs Command, Configuring Fencing with
Conga
f en cin g co n f ig u rat io n , C o n f ig u rin g Fen cin g wit h t h e ccs C o mman d
Fu jit su Siemen s R emo t eView Service B o ard ( R SB ) f en ce d evice, Fu jit su - Siemen s
R emo t eView Service B o ard ( R SB )
H
h elp
- getting help, D o You Need Help?
H P B lad esyst em f en ce d evice , H ewlet t - Packard B lad eSyst em
H P iLO f en ce d evice, H ewlet t - Packard iLO
H P iLO MP f en ce d evice , H ewlet t - Packard iLO MP
H P iLO 2 f en ce d evice, H ewlet t - Packard iLO
H P iLO 3 f en ce d evice, IPMI o ver LAN
H P iLO 4 f en ce d evice, IPMI o ver LAN
91
Fence Configurat ion G uide
I
IB M B lad eC en t er f en ce d evice , IB M B lad eC en t er
IB M B lad eC en t er SN MP f en ce d evice , IB M B lad eC en t er o ver SN MP
IB M In t eg rat ed Man ag emen t Mo d u le f en ce d evice , IPMI o ver LAN
IB M iPD U f en ce d evice , IB M iPD U
IF MIB f en ce d evice , IF- MIB
in t eg rat ed f en ce d evices
- configuring ACPI, Configuring ACPI For Use with Integrated Fence D evices
In t el Mo d u lar f en ce d evice , In t el Mo d u lar
IPMI LAN f en ce d evice , IPMI o ver LAN
M
mu lt ip at h p ersist en t reservat io n f en ce d evice , Mu lt ip at h Persist en t R eservat io n
Fen cin g ( R ed H at En t erp rise Lin u x 6 .7 an d lat er)
R
R H EV- M R EST API f en ce d evice , R H EV- M R EST API
S
SC SI f en cin g , SC SI Persist en t R eservat io n s
SELin u x
- configuring, SELinux
T
t ab les
- fence devices, parameters, Fence D evices
V
VMware ( SO AP in t erf ace) f en ce d evice , VMWare o ver SO AP API
W
WT I p o wer swit ch f en ce d evice , WT I Po wer Swit ch
92