I am trying to get a working fencing device on a single Proxmox 8 host (not
using the Proxmox tools) with fence_virtd and fence_virt/vxm. I can't get the
command
# fence_xvm -o list
to output anything, it keeps failing via timeout despite many attempts at
finding the fault. The exact return message is:
Timed out waiting for response
Operation failed
If it makes you feel any better, I work on pacemaker and I somewhat
frequently have this problem too. These are what my notes in my own
personal wiki (vim wiki syntax here) have to say:
= Debugging Fencing =
Fencing with all the VMs and their networking sure is annoying. The easiest
way to make sure
fencing is working is by running the following on both the cluster nodes and
the host:
{{{
[root@spire audit]# fence_xvm -o list -a 239.255.100.100
cluster01 a9e4b6ca-120f-42d5-b5a2-53212d256791 off
cluster02 6e0069cd-d7fb-4efc-8473-379095fbdd5f off
cluster03 ff3ff2bd-0e3a-4207-9be8-5323cc3f7a87 off
ctslab-exec 275f000c-c83f-4b85-a9fb-4b7587836ceb on
ctslab1 da19d332-c92b-4d88-8af2-2d8e38fba667 on
ctslab2 0eb3f87c-1205-4304-ba33-c0149aac8e3d on
}}}
If you don't get any output and it takes forever before timing out, here's some
things to check:
* Disable firewalld on the host and on the VMs. It can be made to work, but
it's obnoxious and I
hate it.
* Check `/var/log/audit/audit.log` to make sure there's no selinux problems.
If there are, use
`audit2allow` to generate policy. The man pages are helpful here.
* Make sure `/etc/cluster/fence_xvm.key` is the same on the host and all the
VMs. If not, copy it
over. Make sure to run `restorecon -Rv /etc/cluster` afterwards.
* Restart `fence_virtd` on the host after installing a new VM or reinstalling
an old one.
- Chris
_______________________________________________
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users
ClusterLabs home: https://www.clusterlabs.org/
