I’ve been experimenting with the Red Hat Cluster Suite to gain more experience with it. To build a functional cluster I had to get fencing working. You can read here what fencing is. At my work we use HP iLO devices for fencing. In my test setup I don’t have that kind of hardware, I’m running a VMWare server on an old white box. After some tinkering I’ve got fencing to work on VMWare server 1.08 and 2.0.
I am using the following setup:.
A Ubuntu server with VMware server 1.x or 2.x as a host.
Centos 5.2 guests with Red Hat Cluster suite with all updates installed.
So what do you need to get fencing to work?
Fence driver
Not really a driver but the fence_vmware perl script. I am using the 1.4 version from the main branch. Placed it as /sbin/fence_vmware on the nodes and made it executable. I commented out some sections:
Stuff regarding release info:
#print “$pname $RELEASE_VERSION $BUILD_DATE\n”;
#print “$REDHAT_COPYRIGHT\n” if ( $REDHAT_COPYRIGHT );
The password script option ($opt_S) on two locations in the script:
#if (defined $opt_S) {
# $pwd_script_out = `$opt_S`;
# chomp($pwd_script_out);
# if ($pwd_script_out) {
# $opt_p = $pwd_script_out;
# }
#}
I did not pursue fence_vmware_ng, solving its errors in my setup seemed too much trouble.
Perl Api
The vmware perl api. Download the tarball, extract it and run the perl install script inside. Install this software on all cluster nodes. You need GCC, kernel-devel packages and some crypto libraries (openssl-devel) for the installation to complete successfully. After the installation I had to make two symlinks because the api was expecting some libraries in /usr/bin instead of /usr/lib.
ln -s /usr/lib/libcrypto.so /usr/bin/libcrypto.so.0.9.7
ln -s /usr/lib/libssl.so /usr/bin/libssl.so.0.9.7
Cluster configuration
A modified cluster.conf. First modify the the clusternodes in the <clusternodes> section to contain <fence> entries for each node.
<clusternode name=”node1″ nodeid=”1″ votes=”1″>
<fence>
<method name=”1″>
<device name=”node1_fence”/>
</method>
</fence>
</clusternode>
<clusternode name=”node2″ nodeid=”2″ votes=”1″>
<fence>
<method name=”1″>
<device name=”node2_fence”/>
</method>
</fence>
</clusternode>
For each fencedevice, in above case node1_fence and node2_fence, an entry must be added to the <fencedevices> section with the relevant options configured.
<fencedevices>
<fencedevice agent=”fence_vmware” name=”node1_fence” ipaddr=”vmware_server” switch=”8333″ login=”fence_user” passwd=”fence_passwd” port=”/vmware/node1/node1.vmx”/>
<fencedevice agent=”fence_vmware” name=”node2_fence” ipaddr=”vmware_server” switch=”8333″ login=”fence_user” passwd=”fence_passwd” port=”/vmware/node2/node2.vmx”/>
</fencedevices>
Options explained:
agent = relates to fence_vmware in /sbin
name = name of the fence device as mentioned in the <fence> section of the <clusternode>
ipaddr = ip or hostname of the vmware server
switch = the portnumber the vmware server listens on (for 1.x it is 902, for 2.x it is 8333).
login = the login of a user with enough privileges to powercycle this particular vm
passwd = password of above user
port = path to the vmx of the to be fenced server
Sources of information:
VMware Communities
VMware Fencing in Red Hat Cluster 5
Red Hat Cluster FAQ
Red Hat Fencing FAQ