[Pacemaker] Fencing of movable VirtualDomains

emmanuel segura emi2fast at gmail.com
Thu Oct 2 19:00:12 CEST 2014


for guest fencing you can use, something like this
http://www.daemonzone.net/e/3/, rather to have a full cluster stack in
your guest, you can try to use pacemaker-remote for your virtual guest

2014-10-02 18:41 GMT+02:00 Daniel Dehennin <daniel.dehennin at baby-gnu.org>:
> Hello,
>
> I'm setting up a 3 nodes OpenNebula[1] cluster on Debian Wheezy using a
> SAN for shared storage and KVM as hypervisor.
>
> The OpenNebula fontend is a VM for HA[2].
>
> I had some quorum issues when the node running the fontend die as the
> two other nodes loose quorum, so I added a pure quorum node in
> standby="on" mode.
>
> My physical hosts are fenced using stonith:external/ipmi, which works
> great, one stonith device per node with a anti-location on itself.
>
> I have more troubles fencing the VMs since they can move.
>
> I try to define a stonith device per VM and colocate it with the VM
> itslef like this:
>
> #+begin_src
> primitive ONE-Frontend ocf:heartbeat:VirtualDomain \
>         params config="/var/lib/one/datastores/one/one.xml" \
>         op start interval="0" timeout="90" \
>         op stop interval="0" timeout="100" \
>         meta target-role="Stopped"
> primitive Quorum-Node ocf:heartbeat:VirtualDomain \
>         params config="/var/lib/one/datastores/one/quorum.xml" \
>         op start interval="0" timeout="90" \
>         op stop interval="0" timeout="100" \
>         meta target-role="Started" is-managed="true"
> primitive Stonith-Quorum-Node stonith:external/libvirt \
>         params hostlist="quorum" hypervisor_uri="qemu:///system"
>         pcmk_host_list="quorum" pcmk_host_check="static-list" \
>         op monitor interval="30m" \
>         meta target-role="Started"
> location ONE-Fontend-fenced-by-hypervisor Stonith-ONE-Frontend \
>         rule $id="ONE-Fontend-fenced-by-hypervisor-rule" inf: #uname ne quorum or #uname ne one
> location ONE-Frontend-run-on-hypervisor ONE-Frontend \
>         rule $id="ONE-Frontend-run-on-hypervisor-rule" 20: #uname eq nebula1 \
>         rule $id="ONE-Frontend-run-on-hypervisor-rule-0" 30: #uname eq nebula2 \
>         rule $id="ONE-Frontend-run-on-hypervisor-rule-1" 40: #uname eq nebula3
> location Quorum-Node-fenced-by-hypervisor Stonith-Quorum-Node \
>         rule $id="Quorum-Node-fenced-by-hypervisor-rule" inf: #uname ne quorum or #uname ne one
> location Quorum-Node-run-on-hypervisor Quorum-Node \
>         rule $id="Quorum-Node-run-on-hypervisor-rule" 50: #uname eq nebula1 \
>         rule $id="Quorum-Node-run-on-hypervisor-rule-0" 40: #uname eq nebula2 \
>         rule $id="Quorum-Node-run-on-hypervisor-rule-1" 30: #uname eq nebula3
> colocation Fence-ONE-Frontend-on-its-hypervisor inf: ONE-Frontend
>         Stonith-ONE-Frontend
> colocation Fence-Quorum-Node-on-its-hypervisor inf: Quorum-Node
>         Stonith-Quorum-Node
> property $id="cib-bootstrap-options" \
>         dc-version="1.1.7-ee0730e13d124c3d58f00016c3376a1de5323cff" \
>         cluster-infrastructure="openais" \
>         expected-quorum-votes="5" \
>         stonith-enabled="true" \
>         last-lrm-refresh="1412242734" \
>         stonith-timeout="30" \
>         symmetric-cluster="false"
> #+end_src
>
> But, I can not start the Quorum-Node resource, I get the following in logs:
>
> #+begin_src
> info: can_fence_host_with_device: Stonith-nebula2-IPMILAN can not fence quorum: static-list
> #+end_src
>
> All the examples I found describe a configuration where each VM stay on
> a single hypervisor, in which case libvirt is configured to listen on
> TCP and the “hypervisor_uri” point to it.
>
> Does someone have ideas on configuring stonith:external/libvirt for
> movable VMs?
>
> Regards.
>
> Footnotes:
> [1]  http://opennebula.org/
>
> [2]  http://docs.opennebula.org/4.8/advanced_administration/high_availability/oneha.html
>
> --
> Daniel Dehennin
> Récupérer ma clef GPG: gpg --recv-keys 0xCC1E9E5B7A6FE2DF
> Fingerprint: 3E69 014E 5C23 50E8 9ED6  2AAD CC1E 9E5B 7A6F E2DF
>
> _______________________________________________
> Pacemaker mailing list: Pacemaker at oss.clusterlabs.org
> http://oss.clusterlabs.org/mailman/listinfo/pacemaker
>
> Project Home: http://www.clusterlabs.org
> Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> Bugs: http://bugs.clusterlabs.org
>



-- 
esta es mi vida e me la vivo hasta que dios quiera



More information about the Pacemaker mailing list