Product SiteDocumentation Site

5.3. Configure the Cluster for Fencing

  1. Install the fence agent(s). To see what packages are available, run yum search fence-. Be sure to install the package(s) on all cluster nodes.
  2. Configure the fence device itself to be able to fence your nodes and accept fencing requests. This includes any necessary configuration on the device and on the nodes, and any firewall or SELinux changes needed. Test the communication between the device and your nodes.
  3. Find the name of the correct fence agent: pcs stonith list
  4. Find the parameters associated with the device: pcs stonith describe agent_name
  5. Create a local copy of the CIB: pcs cluster cib stonith_cfg
  6. Create the fencing resource: pcs -f stonith_cfg stonith create stonith_id stonith_device_type [stonith_device_options]
    Any flags that do not take arguments, such as --ssl, should be passed as ssl=1.
  7. Enable fencing in the cluster: pcs -f stonith_cfg property set stonith-enabled=true
  8. If the device does not know how to fence nodes based on their cluster node name, you may also need to set the special pcmk_host_map parameter. See man pacemaker-fenced for details.
  9. If the device does not support the list command, you may also need to set the special pcmk_host_list and/or pcmk_host_check parameters. See man pacemaker-fenced for details.
  10. If the device does not expect the victim to be specified with the port parameter, you may also need to set the special pcmk_host_argument parameter. See man pacemaker-fenced for details.
  11. Commit the new configuration: pcs cluster cib-push stonith_cfg
  12. Once the fence device resource is running, test it (you might want to stop the cluster on that machine first): stonith_admin --reboot nodename