/ 8.3. STONITH Configuration | ||||
|---|---|---|---|---|
 | 8.2. Node Level Fencing | 8.4. Monitoring Fencing Devices |  | |
/ 8.3. STONITH Configuration | ||||
|---|---|---|---|---|
| 8.2. Node Level Fencing | 8.4. Monitoring Fencing Devices | | |
To configure fencing, you need to configure one or more STONITH
resources—the stonithd daemon requires no configuration. All
configuration is stored in the CIB. A STONITH resource is a resource of
class stonith (see
Section 14.1, “Supported Resource Agent Classes”). STONITH resources
are a representation of STONITH plug-ins in the CIB. Apart from the
fencing operations, the STONITH resources can be started, stopped and
monitored, just like any other resource. Starting or stopping STONITH
resources means enabling and disabling STONITH in this case. Starting
and stopping are thus only administrative operations and do not translate
to any operation on the fencing device itself. However, monitoring does
translate to device status.
STONITH resources can be configured just like any other resource. For more information about configuring resources, see Section 4.3, “Creating STONITH Resources” or Section 5.4, “Creating a STONITH Resource”.
The list of parameters (attributes) depends on the respective STONITH type. To view a list of parameters for a specific device, use the stonith command:
stonith -t stonith-device-type -n
For example, to view the parameters for the ibmhmc
device type, enter the following:
stonith -t ibmhmc -n
To get a short help text for the device, use the -h
option:
stonith -t stonith-device-type -h
In the following, find some example configurations written in the syntax
of the crm command line tool. To apply them, put the
sample in a text file (for example, sample.txt) and
run:
crm < sample.txt
For more information about configuring resources with the crm command line tool, refer to Chapter 5, Configuring Cluster Resources From Command Line.
![[Warning]](admon/warning.png) | Testing Configurations |
|---|---|
Some of the examples below are for demonstration and testing purposes
only. Do not use any of the | |
Example 8.1. Testing Configuration
configure primitive st-null stonith:null \ params hostlist="node1 node2" clone fencing st-null commit
Example 8.2. Testing Configuration
An alternative configuration:
configure primitive st-node1 stonith:null \ params hostlist="node1" primitive st-node2 stonith:null \ params hostlist="node2" location l-st-node1 st-node1 -inf: node1 location l-st-node2 st-node2 -inf: node2 commit
This configuration example is perfectly alright as far as the cluster software is concerned. The only difference to a real world configuration is that no fencing operation takes place.
Example 8.3. Testing Configuration
A more realistic example, but still only for testing, is the following external/ssh configuration:
configure primitive st-ssh stonith:external/ssh \ params hostlist="node1 node2" clone fencing st-ssh commit
This one can also reset nodes. The configuration is remarkably similar
to the first one which features the null STONITH device. In this
example, clones are used. They are a CRM/Pacemaker feature. A clone is
basically a shortcut: instead of defining n
identical, yet differently named resources, a single cloned resource
suffices. By far the most common use of clones is with STONITH
resources if the STONITH device is accessible from all nodes.
Example 8.4. Configuration of an IBM RSA Lights-out Device
The real device configuration is not much different, though some devices may require more attributes. An IBM RSA lights-out device might be configured like this:
configure primitive st-ibmrsa-1 stonith:external/ibmrsa-telnet \ params nodename=node1 ipaddr=192.168.0.101 \ userid=USERID passwd=PASSW0RD primitive st-ibmrsa-2 stonith:external/ibmrsa-telnet \ params nodename=node2 ipaddr=192.168.0.102 \ userid=USERID passwd=PASSW0RD location l-st-node1 st-ibmrsa-1 -inf: node1 location l-st-node2 st-ibmrsa-2 -inf: node2 commit
In this example, location constraints are used because of the following reason: There is always certain probability that the STONITH operation is going to fail. Hence, a STONITH operation on the node which is the executioner too is not reliable. If the node is reset, then it cannot send the notification about the fencing operation outcome. The only way to do that is to assume that the operation is going to succeed and send the notification beforehand. But if the operation fails, we are in trouble. Therefore, stonithd refuses to kill its host by convention.
Example 8.5. Configuration of an UPS Fencing Device
The configuration of a UPS kind of fencing device is similar to the examples above, the details are left as an exercise to the reader. All UPS devices employ the same mechanics for fencing, but how the device itself is accessed, is different. Old UPS devices (those that were considered professional), used to have just a serial port, typically connected at 1200baud using a special serial cable. Many new ones still have a serial port, but often they also sport a USB interface or an ethernet interface. The kind of connection you can use depends on what the plug-in supports.
For example, compare the apcmaster with the
apcsmart device by using the stonith -t
stonith-device-type -n command:
stonith -t apcmaster -h
returns the following information:
STONITH Device: apcmaster - APC MasterSwitch (via telnet) NOTE: The APC MasterSwitch accepts only one (telnet) connection/session a time. When one session is active, subsequent attempts to connect to the MasterSwitch will fail. For more information see http://www.apc.com/ List of valid parameter names for apcmaster STONITH device: ipaddr login password
With
stonith -t apcsmart -h
you get the following output:
STONITH Device: apcsmart - APC Smart UPS (via serial port - NOT USB!). Works with higher-end APC UPSes, like Back-UPS Pro, Smart-UPS, Matrix-UPS, etc. (Smart-UPS may have to be >= Smart-UPS 700?). See http://www.networkupstools.org/protocols/apcsmart.html for protocol compatibility details. For more information see http://www.apc.com/ List of valid parameter names for apcsmart STONITH device: ttydev hostlist
The first plug-in supports APC UPS with a network port and telnet protocol. The second plug-in uses the APC SMART protocol over the serial line which is supported by many different APC UPS product lines.
In Section 8.3.1, “Example STONITH Resource Configurations” you learned that there are several ways to configure a STONITH resource: using constraints, or clones or both. The choice which construct to use for configuration depends on several factors (nature of the fencing device, number of host managed by the device, number of cluster nodes) and last but not least, also on personal preference.
In short: if clones are safe to use with your configuration and if they reduce the configuration, then use cloned STONITH resources.
