How to setup vcenter fence agent
This document (000019720) is provided subject to the disclaimer at the end of this document.
SUSE Linux Enterprise High Availability Extension 12 SP4
1. Install the vSphere Web Services SDK on all nodes. This is provided and supported by VMWare
2. Generate vCenter credentials using credstore_admin.pl for user with role or rights to reset / power on VMs
Items to consider.
- Use full domain name for user with correct rights. Here we created a user called "fencer" with the appropriate rights and is part of the axis.center domain. Example of adding the user to the credstore utilizing the IP address of the VSPHERE HOST and an actual password. By default it stores these in a file in "/root/.vmware/credstore/vicredentials.xml"
# credstore_admin.pl add -s <ip address> -u firstname.lastname@example.org -p <password>
- To display credentials currently stored in the vicredentials.xml
# credstore_admin.pl list Example output: Server User Name 10.156.201.177 email@example.com
- Test the credentials to make sure it can connect before configuring the cluster resources. Replace variables inside < > with own variables. If you see a WARN or ERROR, please resolve before continuing.
VI_SERVER=<IP Address of VSPHERE> VI_CREDSTORE=/root/.vmware/credstore/vicredentials.xml HOSTLIST="<name of host as it shows up in VSPHERE>" RESETPOWERON=0 stonith -t external/vcenter -E -S Results: info: external/vcenter device OK
- Copy credentials file to the same location on all nodes. Default location is "/root/.vmware/credstore/vicredentials.xml"
# crm ra info stonith:external/vcenterAn example of cluster configuration.
primitive vcenter-fencing-ha1 stonith:external/vcenter \ params VI_SERVER=<valid ip address of vsphere host> VI_CREDSTORE="/root/.vmware/credstore/vicredentials.xml" HOSTLIST="ha1=ha1" RESETPOWERON=0 pcmk_host_check=static-list pcmk_host_list=ha1\ op monitor interval=60s primitive vcenter-fencing-ha2 stonith:external/vcenter \ params VI_SERVER=<valid ip address of vsphere host> VI_CREDSTORE="/root/.vmware/credstore/vicredentials.xml" HOSTLIST="ha2=ha2" RESETPOWERON=0 pcmk_host_check=static-list pcmk_host_list=ha2 \ op monitor interval=60s location loc-vcenter-fencing-ha1 vcenter-fencing-ha1 -inf: ha1 location loc-vcenter-fencing-ha2 vcenter-fencing-ha2 -inf: ha2One should always test the fencing agent to make sure it will actually reset / reboot the node(s).
Using crm shell to fence node ha1
# crm node fence ha1Using crm shell to fence node ha2
# crm node fence ha2
- Document ID:000019720
- Creation Date: 18-Sep-2020
- Modified Date:21-Sep-2020
- SUSE Linux Enterprise High Availability Extension
For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com