How to setup vcenter fence agent

This document (000019720) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Linux Enterprise High Availability Extension 15 SP1
SUSE Linux Enterprise High Availability Extension 12 SP4

Situation

How to configure the stonith:external/vcenter fence agent to reset nodes in a cluster.

Resolution

Prerequisites
1. Install the vSphere Web Services SDK on all nodes.  This is provided and supported by VMWare 
2. Generate vCenter credentials using credstore_admin.pl for user with role or rights to reset / power on VMs
    Items to consider.
  • Use full domain name for user with correct rights.  Here we created a user called "fencer" with the appropriate rights and is part of the axis.center domain.   Example of adding the user to the credstore utilizing the IP address of the VSPHERE HOST and an actual password.   By default it stores these in a file in "/root/.vmware/credstore/vicredentials.xml"
  • # credstore_admin.pl add -s <ip address> -u fencer@axis.center -p <password>
  • To display credentials currently stored in the vicredentials.xml 
    # credstore_admin.pl list
    Example output:
    Server       User Name   
    10.156.201.177 fencer@axis.center
    
  • Test the credentials to make sure it can connect before configuring the cluster resources.  Replace variables inside <  > with own variables.  If you see a WARN or ERROR, please resolve before continuing.
    VI_SERVER=<IP Address of VSPHERE> VI_CREDSTORE=/root/.vmware/credstore/vicredentials.xml HOSTLIST="<name of host as it shows up in VSPHERE>" RESETPOWERON=0 stonith -t external/vcenter -E -S
    Results: 
    info: external/vcenter device OK
    
  •  Copy credentials file to the same location on all nodes.   Default location is "/root/.vmware/credstore/vicredentials.xml"
3.  Configure the resource agents in the cluster.   Use the following command to understand the required parameters for this resource agent.   Normally a primitive is setup for each node that runs on the opposite node which has the correct settings to reset / reboot the other node.
# crm ra info stonith:external/vcenter
An example of cluster configuration. 
primitive vcenter-fencing-ha1 stonith:external/vcenter \
  params VI_SERVER=<valid ip address of vsphere host> VI_CREDSTORE="/root/.vmware/credstore/vicredentials.xml" HOSTLIST="ha1=ha1" RESETPOWERON=0 pcmk_host_check=static-list pcmk_host_list=ha1\
  op monitor interval=60s
primitive vcenter-fencing-ha2 stonith:external/vcenter \
  params VI_SERVER=<valid ip address of vsphere host> VI_CREDSTORE="/root/.vmware/credstore/vicredentials.xml" HOSTLIST="ha2=ha2" RESETPOWERON=0 pcmk_host_check=static-list pcmk_host_list=ha2 \
  op monitor interval=60s
location loc-vcenter-fencing-ha1 vcenter-fencing-ha1 -inf: ha1
location loc-vcenter-fencing-ha2 vcenter-fencing-ha2 -inf: ha2
One should always test the fencing agent to make sure it will actually reset / reboot the node(s).   
Using crm shell to fence node ha1
# crm node fence ha1
Using crm shell to fence node ha2
# crm node fence ha2

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:000019720
  • Creation Date: 18-Sep-2020
  • Modified Date:21-Sep-2020
    • SUSE Linux Enterprise High Availability Extension

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback@suse.com

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.


SUSE Customer Support Quick Reference Guide SUSE Technical Support Handbook Update Advisories
Support FAQ

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center