openstack controller fencing does not work

Solution In Progress - Updated -

Issue

  • We imported our controllers on Red Hat enterprise virtualization platform from KVM. Following that, we made a stack update by updating the fencing.

  • The following fencing devices are configured:

[root@tst-osctrl01 ~]# pcs stonith show --full
 Resource: stonith-fence_rhevm-566f70400060 (class=stonith type=fence_rhevm)
  Attributes: ipaddr=rhev-manager.locadomain login=admin@internal passwd=ecocenter pcmk_host_list=tst-osctrl02 port=tst-osctrl02 ssl=1 ssl_insecure=1
  Operations: monitor interval=60s (stonith-fence_rhevm-566f70400060-monitor-interval-60s)
 Resource: stonith-fence_rhevm-566f70400072 (class=stonith type=fence_rhevm)
  Attributes: ipaddr=rhev-manager.localdomain login=admin@internal passwd=ecocenter pcmk_host_list=tst-osctrl03 port=tst-osctrl03 ssl=1 ssl_insecure=1
  Operations: monitor interval=60s (stonith-fence_rhevm-566f70400072-monitor-interval-60s)
 Resource: stonith-fence_rhevm-566f7040004e (class=stonith type=fence_rhevm)
  Attributes: ipaddr=rhev-manager.localdomain login=admin@internal passwd=ecocenter pcmk_host_list=tst-osctrl01 port=tst-osctrl01 ssl=1 ssl_insecure=1
  Operations: monitor interval=60s (stonith-fence_rhevm-566f7040004e-monitor-interval-60s)
 Target: tst-osctrl01
   Level 1 - stonith-fence_rhevm-566f7040004e
 Target: tst-osctrl02
   Level 1 - stonith-fence_rhevm-566f70400060
 Target: tst-osctrl03
   Level 1 - stonith-fence_rhevm-566f70400072
  • But when I test the fecing that the node does not restart. Werun this command on another openstack controller:
# iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT && iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT && iptables -A INPUT -p tcp -m s
tate --state NEW -m tcp --dport 5016 -j ACCEPT && iptables -A INPUT -p udp -m state --state NEW -m udp --dport 5016 -j ACCEPT && iptables -A INPUT ! -i lo -j REJECT --reject-with icmp-host-prohibit
ed && iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT && iptables -A OUTPUT -p tcp --sport 5016 -j ACCEPT && iptables -A OUTPUT -p udp --sport 5016 -j ACCEPT && iptables -A OUTPUT ! -o lo -j REJECT
--reject-with icmp-host-prohibited
  • Fencing failed with the following error messages:
Dec 14 10:38:11 [7440] tst-osctrl01.localdomain stonith-ng:     info: call_remote_stonith:  Requesting that 'tst-osctrl01' perform op 'tst-osctrl02 reboot' with 'stonith-fence_rhevm-566
f70400060' for crmd.7444 (144s)
Dec 14 10:38:11 [7440] tst-osctrl01.localdomain stonith-ng:   notice: operation_finished:   fence_rhevm_reboot_1:696002:stderr [ 2020-12-14 10:38:11,766 ERROR: Failed: Unable to obtain
correct plug status or plug is not available ]
Dec 14 10:38:11 [7440] tst-osctrl01.localdomain stonith-ng:   notice: operation_finished:   fence_rhevm_reboot_1:696002:stderr [  ]
Dec 14 10:38:11 [7440] tst-osctrl01.localdomain stonith-ng:   notice: operation_finished:   fence_rhevm_reboot_1:696002:stderr [  ]
Dec 14 10:38:11 [7440] tst-osctrl01.localdomain stonith-ng:  warning: log_action:   fence_rhevm[696002] stderr: [ 2020-12-14 10:38:11,766 ERROR: Failed: Unable to obtain correct plug st
atus or plug is not available ]

Environment

  • Red Hat OpenStack Platform 13.0 (RHOSP)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content