f command succeeded the node is able to communicate with hypervisor. Stonith device should be configured using same configuration options as were tested in listing. Some of arguments for the fence_vmware_rest command and fence_vmware_rest fencing agent in pacemaker can have slightly different name.
For this reason check the help pages of both - fence_vmware_rest command and fence_vmware_rest fencing agent (In diagnostics section is shortened listing of options used by this solution)
Create the stonith device using command below. The pcmk_host_map attribute is used to map node hostname as see by cluster to the name of virtual machine as seen on vmware hypervisor.
The first attribute in pcmk_host_map is the cluster node name as seen in /etc/corosync/corosync.conf file and the next attribute, that is post semicolon is the cluster node names as seen by the vmware hypervisor.
Code:
# cat /etc/corosync/corosync.conf
[...]
nodelist {
node {
ring0_addr: node1 <<<=== Cluster node name
nodeid: 1
}
node {
ring0_addr: node2
nodeid: 2
}
}
# pcs stonith create vmfence fence_vmware_rest pcmk_host_map="node1:node1-vm;node2:node2-vm" ipaddr=<ESXi/vCenter IP address> ssl=1 login=<esxi_username> passwd=<esxi_password> ssl_insecure=1
To check the status of stonith device and its configuration use the commands below.
Code:
# pcs stonith show
Full list of resources:
vmfence (stonith:fence_vmware_rest): Started node1
# pcs stonith show vmfence --full
Resource: vmfence (class=stonith type=fence_vmware_rest)
Attributes: pcmk_host_map=node1:node1-vm;node2:node2-vm ipaddr=<ESXi/vCenter IP address> ssl=1 login=<esxi_username> passwd=<esxi_password> ssl_insecure=1
When stonith device is started proceed with proper testing of fencing in the cluster.
Additional notes and recommendations:
Make sure package fence-agents-4.0.11-86.el7 or later is installed which has new agent fence_vmware_rest.
fence_vmware_rest works with VMware vSphere version 6.5 or higher.
Please refer to following link for support policies of fence_vmware_rest.
Once configured, it is highly recommended to test the fence functionality.
The fence agent fence_vmware_soap causes CPU usage to spike.
There is a known limitation imposed by the VMware Rest API of 1000 VMs: fence_vmware_rest monitor fails with error: "Exception: 400: Too many virtual machines. Add more filter criteria to reduce the number."