Guest Fencing

This HowTo applies to versions of Pacemaker >= 1.1.0

Fedora-12 and later
yum install fence-virt fence-virtd

From source
git clone git://fence-virt.git.sourceforge.net/gitroot/fence-virt/fence-virt cd fence-virt ./build sudo make install

For Guests Running on a Single Host
Run the configuration tool:

fence_virtd -c

Accept all the defaults except for exceptions listed below:

Setting a preferred interface causes fence_virtd to listen only on that interface. Normally, it listens on all interfaces. In environments where the virtual machines are using the host machine as a gateway, this *must* be set (typically to virbr0). Set to 'none' for no interface. Interface [none]: virbr0 For now, you should accept the default unless the guests are NATed. My guests do not have an address on the real network, so I need to indicate the interface the host talks to the guests on.

Key File [none]: /etc/cluster/fence_xvm.key This ensures only machines with the same file can initiate fencing requests

At the end, it will ask you to Replace /etc/fence_virt.conf with the above [y/N]? y say yes.

Now populate the security key: dd if=/dev/random bs=512 count=1 /etc/cluster/fence_xvm.key

You should end up with a configuration like the one below:

backends { libvirt { uri = "qemu:///system"; } }  listeners { multicast { key_file = "/etc/cluster/fence_xvm.key"; interface = "virbr0"; port = "1229"; address = "225.0.0.12"; family = "ipv4"; } }  fence_virtd { backend = "libvirt"; listener = "multicast"; module_path = "/usr/lib64/fence-virt"; }

For Guests Running on Multiple Hosts
Not yet supported, check back soon.

Rough commands: yum install -y libvirt-qpid qpidd chkconfig --level 2345 qpidd on chkconfig --level 2345 libvirt-qpid on  service qpidd start service libvirt-qpid start sed -i.sed s/libvirt/libvirt-qpid/g /etc/fence_virt.conf

Testing the Host
Run: fence_xvm -o hostlist

You should see output like the following: [03:37 PM] root@f12 ~ # fence_xvm -o hostlist pcmk-1              17bd6b6a-928f-2820-64ac-7c8d536df65f on  pcmk-2               f0062842-0196-7ec1-7623-e5bbe3a6632c on  pcmk-3               33e954b8-39ae-fb4b-e6e8-ecc443516b92 on  pcmk-4               98cda6de-74c4-97bf-0cfb-3954ff76a5c3 on  Remote: Operation was successful

Configure the Guest
Just install the key: scp /etc/cluster/fence_xvm.key pcmk-1:/etc/cluster/fence_xvm.key scp /etc/cluster/fence_xvm.key pcmk-2:/etc/cluster/fence_xvm.key scp /etc/cluster/fence_xvm.key pcmk-3:/etc/cluster/fence_xvm.key scp /etc/cluster/fence_xvm.key pcmk-4:/etc/cluster/fence_xvm.key

Now create the resource in Pacemaker: crm configure primitive st-virt stonith:fence_xvm

Done!