第5章 Fencing Controller nodes with STONITH
Fencing is the process of isolating a failed node to protect the cluster and the cluster resources. Without fencing, a failed node might result in data corruption in a cluster.
Director uses Pacemaker to provide a highly available cluster of Controller nodes. Pacemaker uses a process called STONITH to fence failed nodes. STONITH is an acronym for "Shoot the other node in the head".
If a Controller node fails a health check, the Controller node that acts as the Pacemaker designated coordinator (DC) uses the Pacemaker stonith
service to fence the impacted Controller node.
STONITH is disabled by default and requires manual configuration so that Pacemaker can control the power management of each node in the cluster.
Deploying a highly available overcloud without STONITH is not supported. You must configure a STONITH device for each node that is a part of the Pacemaker cluster in a highly available overcloud. For more information on STONITH and Pacemaker, see Fencing in a Red Hat High Availability Cluster and Support Policies for RHEL High Availability Clusters.
For more information on fencing with Pacemaker in Red Hat Enterprise Linux, see:
5.1. Supported fencing agents
When you deploy a high availability environment with fencing, you can choose one of the following fencing agents based on your environment needs. To change the fencing agent, you must configure additional parameters in the fencing.yaml
file, as described in 「Deploying and testing fencing on the overcloud」.
- Intelligent Platform Management Interface (IPMI)
- Default fencing mechanism that RHOSP uses to manage fencing.
- Storage Block Device (SBD)
- Use in deployments with Watchdog devices. The deployment must not use shared storage.
fence_kdump
Use in deployments with the
kdump
crash recovery service. If you choose this agent, make sure you have enough disk space to store the dump files.You can configure this agent as a secondary mechanism in addition to the IPMI,
fence_rhevm
, or Redfish fencing agents. If you configure multiple fencing agents, make sure that you allocate enough time for the first agent to complete the task before the second agent starts the next task.- Redfish
-
Use in deployments with servers that support the DMTF Redfish APIs. To specify this agent, change the value of the
agent
parameter tofence_redfish
in thefencing.yaml
file. For more information about Redfish, see the DTMF Documentation. fence_rhevm
for Red Hat Virtualization (RHV)Use to configure fencing for Controller nodes that run RHV environments. You can generate the
fencing.yaml
file in the same way as you do for IPMI fencing, but you must define thepm_type
parameter in thenodes.json
file to use RHV.By default, the
ssl_insecure
parameter is set to accept self-signed certificates. You can change the parameter value based on your security requirements.重要Make sure that you use a role with permissions to create and launch virtual machines in RHV, such as
UserVMManager
.