Corosync/pacemaker fencing issue
Hello all,
I've created a corosync/pacemaker cluster on Centos 8 with 3 Vmware nodes, everything runs as expected, i configured a floating ip among them, this responds well Quote:
With the following Quote:
Quote:
Quote:
Quote:
I don’t have DNS configured, servers resolv with hosts file, but this should be enough Has anyone encounter this problem? Can anyone please help? Thanks |
Hi,
Taken from the link you provided above. I split it to not make it a long one post. Environment Red Hat Enterprise Linux (RHEL) 7 Update 5 Red Hat Enterprise Linux (RHEL) 8 Pacemaker High Availability or Resilient Storage Add On VMware vSphere version 6.5 and above. |
Resolution
Assuming following is cluster architecture: cluster node hostnames are node1 and node2 cluster node names as seen by the vmware hypervisor (ESXi/vCenter) are node1-vm and node2-vm <ESXi/vCenter IP address> is IP address of vmware hypervisor which is managing cluster nodes VMs First check if cluster node is able to reach the hypervisor and list VMs on it. Following command will try to connect to hypervisor with provided credentials and list all machines. Code:
# fence_vmware_rest -a <ESXi/vCenter IP address> -l <esxi_username> -p <esxi_password> --ssl-insecure -z -o list | egrep "(node1-vm|node2-vm)" Node is able to communicate with ESXi/vCenter on port 443/tcp (when using SSL) or on port 80/tcp (without SSL). Ensure that the user has permissions on ESXi/vCenter for fencing. Check if the ESXi/vCenter has trustworthy SSL certificate. If the certificate cannot be trustworthy check solution on how to relax some SSL checks. |
f command succeeded the node is able to communicate with hypervisor. Stonith device should be configured using same configuration options as were tested in listing. Some of arguments for the fence_vmware_rest command and fence_vmware_rest fencing agent in pacemaker can have slightly different name.
For this reason check the help pages of both - fence_vmware_rest command and fence_vmware_rest fencing agent (In diagnostics section is shortened listing of options used by this solution) Create the stonith device using command below. The pcmk_host_map attribute is used to map node hostname as see by cluster to the name of virtual machine as seen on vmware hypervisor. The first attribute in pcmk_host_map is the cluster node name as seen in /etc/corosync/corosync.conf file and the next attribute, that is post semicolon is the cluster node names as seen by the vmware hypervisor. Code:
# cat /etc/corosync/corosync.conf Code:
# pcs stonith show Additional notes and recommendations: Make sure package fence-agents-4.0.11-86.el7 or later is installed which has new agent fence_vmware_rest. fence_vmware_rest works with VMware vSphere version 6.5 or higher. Please refer to following link for support policies of fence_vmware_rest. Once configured, it is highly recommended to test the fence functionality. The fence agent fence_vmware_soap causes CPU usage to spike. There is a known limitation imposed by the VMware Rest API of 1000 VMs: fence_vmware_rest monitor fails with error: "Exception: 400: Too many virtual machines. Add more filter criteria to reduce the number." |
A final note, is that not being a VM user, I cannot help more than copying and pasting as I did.
I hope it will help. |
All times are GMT -5. The time now is 08:14 PM. |