How to setup vcenter fence agent

最新推荐文章于 2022-10-10 11:42:43 发布

victoruu

最新推荐文章于 2022-10-10 11:42:43 发布

阅读量284

点赞数

分类专栏： Linux SAP HANA HA 文章标签： linux

原文链接：https://www.suse.com/zh-cn/support/kb/doc/?id=000019720

版权

Linux 同时被 3 个专栏收录

325 篇文章 22 订阅

订阅专栏

21 篇文章 4 订阅

订阅专栏

SAP HANA

20 篇文章 2 订阅

订阅专栏

This document (000019720) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Linux Enterprise High Availability Extension 15 SP1
SUSE Linux Enterprise High Availability Extension 12 SP4

Situation

How to configure the stonith:external/vcenter fence agent to reset nodes in a cluster.

Resolution

Prerequisites
1. Install the vSphere Web Services SDK on all nodes. This is provided and supported by VMWare
2. Generate vCenter credentials using credstore_admin.pl for user with role or rights to reset / power on VMs
Items to consider.

Use full domain name for user with correct rights. Here we created a user called "fencer" with the appropriate rights and is part of the axis.center domain. Example of adding the user to the credstore utilizing the IP address of the VSPHERE HOST and an actual password. By default it stores these in a file in "/root/.vmware/credstore/vicredentials.xml"

# credstore_admin.pl add -s <ip address> -u fencer@axis.center -p <password>

To display credentials currently stored in the vicredentials.xml

# credstore_admin.pl list
Example output:
Server       User Name   
10.156.201.177 fencer@axis.center

Test the credentials to make sure it can connect before configuring the cluster resources. Replace variables inside < > with own variables. If you see a WARN or ERROR, please resolve before continuing.

VI_SERVER=<IP Address of VSPHERE> VI_CREDSTORE=/root/.vmware/credstore/vicredentials.xml HOSTLIST="<name of host as it shows up in VSPHERE>" RESETPOWERON=0 stonith -t external/vcenter -E -S
Results: 
info: external/vcenter device OK

Copy credentials file to the same location on all nodes. Default location is "/root/.vmware/credstore/vicredentials.xml"

3. Configure the resource agents in the cluster. Use the following command to understand the required parameters for this resource agent. Normally a primitive is setup for each node that runs on the opposite node which has the correct settings to reset / reboot the other node.

# crm ra info stonith:external/vcenter

An example of cluster configuration.

primitive vcenter-fencing-ha1 stonith:external/vcenter \
  params VI_SERVER=<valid ip address of vsphere host> VI_CREDSTORE="/root/.vmware/credstore/vicredentials.xml" HOSTLIST="ha1=ha1" RESETPOWERON=0 pcmk_host_check=static-list pcmk_host_list=ha1\
  op monitor interval=60s
primitive vcenter-fencing-ha2 stonith:external/vcenter \
  params VI_SERVER=<valid ip address of vsphere host> VI_CREDSTORE="/root/.vmware/credstore/vicredentials.xml" HOSTLIST="ha2=ha2" RESETPOWERON=0 pcmk_host_check=static-list pcmk_host_list=ha2 \
  op monitor interval=60s
location loc-vcenter-fencing-ha1 vcenter-fencing-ha1 -inf: ha1
location loc-vcenter-fencing-ha2 vcenter-fencing-ha2 -inf: ha2

One should always test the fencing agent to make sure it will actually reset / reboot the node(s).
Using crm shell to fence node ha1

# crm node fence ha1

Using crm shell to fence node ha2

# crm node fence ha2

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.