SUSE Support

Here When You Need Us

fence_azure_arm agent requires the powerOff permission

This document (000019730) is provided subject to the disclaimer at the end of this document.


SUSE Linux Enterprise Server 12 SP5
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server in Microsoft Azure Cloud


After updating to fence-agents-4.4.0, the fence_azure_arm agent requires the powerOff permission in Azure Compute instead of the deallocate permission.

This can result in a failed fence operation if the Azure service principal that a fence_azure_arm resource is configured to use does not have a permission to perform the powerOff action.


The Azure service principal that a fence_azure_arm resource is configured to use
needs to be adjusted to have the following permission:
The deallocate permission is no longer needed by the fence_azure_arm agent.


The fence_azure_arm resource agent was improved in fence-agents-4.4.0 to use the forced powerOff operation to fence a node in Azure Compute instead of using the deallocate operation.

Additional Information

SLES12-SP4 first shipped with fence-agents-4.2.1+git.1537269352.7b1fd536-1.7 and the current MU is fence-agents-4.4.0+git.1558595666.5f79f9e9-3.14.1. 

The former package implements the off action using the deallocate operation, while the latter uses the powerOff operation. Specifically, the change occurred in package version fence-agents-4.4.0+git.1558595666.5f79f9e9-3.5.1.

This means that when updating from previous SLES 12 versions, to SLES12-SP4 using fence-agents-4.4.0, the user also needs to *manually* update the Linux Fence Agent Role in Azure that they use with the fence_azure_arm agent. As such, the deallocate permission needs to be changed to powerOff.

For more details, see also :



This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:000019730
  • Creation Date: 09-Oct-2020
  • Modified Date:12-Oct-2020
    • SUSE Linux Enterprise High Availability Extension
    • SUSE Linux Enterprise Server

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.