7f6798916a
Remove the checkpoint backend plugin, as it used CMAN and openais checkpoints. Given nobody is using CMAN or openais anymore, the plugin was useless for clusters running the current stack. Signed-off-by: Ryan McCabe <rmccabe@redhat.com>
316 lines
7.0 KiB
Groff
316 lines
7.0 KiB
Groff
.TH fence_virtd.conf 5
|
|
|
|
.SH NAME
|
|
fence_virt.conf - configuration file for fence_virtd
|
|
|
|
.SH DESCRIPTION
|
|
|
|
The fence_virt.conf file contains configuration information for fence_virtd,
|
|
a fencing request routing daemon for clusters of virtual machines.
|
|
|
|
The file is tree-structured. There are parent/child relationships and sibling
|
|
relationships between the nodes.
|
|
|
|
foo {
|
|
bar {
|
|
baz = "1";
|
|
}
|
|
}
|
|
|
|
There are three primary sections of fence_virt.conf.
|
|
|
|
.SH SECTIONS
|
|
.SS fence_virtd
|
|
|
|
This section contains global information about how fence_virtd is to operate.
|
|
The most important pieces of information are as follows:
|
|
|
|
.TP
|
|
.B listener
|
|
.
|
|
the listener plugin for receiving fencing requests from clients
|
|
|
|
.TP
|
|
.B backend
|
|
.
|
|
the plugin to be used to carry out fencing requests
|
|
|
|
.TP
|
|
.B foreground
|
|
.
|
|
do not fork into the background.
|
|
|
|
.TP
|
|
.B wait_for_init
|
|
.
|
|
wait for the frontend and backends to become available rather than giving up immediately.
|
|
This replaces wait_for_backend in 0.2.x.
|
|
|
|
.TP
|
|
.B module_path
|
|
.
|
|
the module path to search for plugins
|
|
|
|
.SS listeners
|
|
|
|
This section contains listener-specific configuration information; see the
|
|
section about listeners below.
|
|
|
|
.SS backends
|
|
|
|
This section contains listener-specific configuration information; see the
|
|
section about listeners below.
|
|
|
|
.SS groups
|
|
|
|
This section contains static maps of which virtual machines
|
|
may fence which other virtual machines; see the section
|
|
about groups below.
|
|
|
|
|
|
.SH LISTENERS
|
|
|
|
There are various listeners available for fence_virtd, each one handles
|
|
decoding and authentication of a given fencing request. The following
|
|
configuration blocks belong in the \fBlisteners\fP section of fence_virt.conf
|
|
|
|
.SS multicast
|
|
.TP
|
|
.B key_file
|
|
.
|
|
the shared key file to use (default: /etc/cluster/fence_xvm.key).
|
|
|
|
.TP
|
|
.B hash
|
|
.
|
|
the weakest hashing algorithm allowed for client requests. Clients may send packets with stronger hashes than the one specified, but not weaker ones. (default: sha256, but could
|
|
be sha1, sha512, or none)
|
|
|
|
.TP
|
|
.B auth
|
|
.
|
|
the hashing algorithm to use for the simplistic challenge-response authentication
|
|
(default: sha256, but could be sha1, sha512, or none)
|
|
|
|
.TP
|
|
.B family
|
|
.
|
|
the IP family to use (default: ipv4, but may be ipv6)
|
|
|
|
.TP
|
|
.B address
|
|
.
|
|
the multicast address to listen on (default: 225.0.0.12)
|
|
|
|
.TP
|
|
.B port
|
|
.
|
|
the multicast port to listen on (default: 1229)
|
|
|
|
.TP
|
|
.B interface
|
|
.
|
|
interface to listen on. By default, fence_virtd listens on all interfaces.
|
|
However, this causes problems in some environments where the host computer
|
|
is used as a gateway.
|
|
|
|
.SS serial
|
|
|
|
The serial listener plugin utilizes libvirt's serial (or VMChannel)
|
|
mapping to listen for requests. When using the serial listener, it is
|
|
necessary to add a serial port (preferably pointing to /dev/ttyS1) or
|
|
a channel (preferrably pointing to 10.0.2.179:1229) to the
|
|
libvirt domain description. Note that only type
|
|
.B unix
|
|
, mode
|
|
.B bind
|
|
serial ports and channels are supported. Example libvirt XML:
|
|
|
|
.in 8
|
|
<\fBserial\fP type='unix'>
|
|
<source mode='bind' path='/sandbox/guests/fence_socket_molly'/>
|
|
<target port='1'/>
|
|
</serial>
|
|
<\fBchannel\fP type='unix'>
|
|
<source mode='bind' path='/sandbox/guests/fence_molly_vmchannel'/>
|
|
<target type='guestfwd' address='10.0.2.179' port='1229'/>
|
|
</channel>
|
|
.in 0
|
|
|
|
.TP
|
|
.B uri
|
|
.
|
|
the URI to use when connecting to libvirt by the serial plugin.
|
|
|
|
.TP
|
|
.B path
|
|
.
|
|
The same directory that is defined for the domain serial port path (From example above: /sandbox/guests). Sockets must reside in this directory in order to be considered valid. This can be used to prevent fence_virtd from using the wrong sockets.
|
|
|
|
.TP
|
|
.B mode
|
|
.
|
|
This selects the type of sockets to register. Valid values are "serial"
|
|
(default) and "vmchannel".
|
|
|
|
.SS tcp
|
|
The tcp listener operates similarly to the multicast listener but uses TCP sockets for communication instead of using multicast packets.
|
|
|
|
.TP
|
|
.B key_file
|
|
.
|
|
the shared key file to use (default: /etc/cluster/fence_xvm.key).
|
|
|
|
.TP
|
|
.B hash
|
|
.
|
|
the hashing algorithm to use for packet signing (default: sha256, but could
|
|
be sha1, sha512, or none)
|
|
|
|
.TP
|
|
.B auth
|
|
.
|
|
the hashing algorithm to use for the simplistic challenge-response authentication
|
|
(default: sha256, but could be sha1, sha512, or none)
|
|
|
|
.TP
|
|
.B family
|
|
.
|
|
the IP family to use (default: ipv4, but may be ipv6)
|
|
|
|
.TP
|
|
.B address
|
|
.
|
|
the IP address to listen on (default: 127.0.0.1 for IPv4, ::1 for IPv6)
|
|
|
|
.TP
|
|
.B port
|
|
.
|
|
the TCP port to listen on (default: 1229)
|
|
|
|
.SH BACKENDS
|
|
|
|
There are various backends available for fence_virtd, each one handles
|
|
routing a fencing request to a hypervisor or management tool. The following
|
|
configuration blocks belong in the \fBbackends\fP section of fence_virt.conf
|
|
|
|
.SS libvirt
|
|
|
|
The libvirt plugin is the simplest plugin. It is used in environments where
|
|
routing fencing requests between multiple hosts is not required, for example
|
|
by a user running a cluster of virtual machines on a single desktop computer.
|
|
|
|
.TP
|
|
.B uri
|
|
.
|
|
the URI to use when connecting to libvirt.
|
|
|
|
.SS libvirt-qmf
|
|
|
|
The libvirt-qmf plugin acts as a QMFv2 Console to the libvirt-qmf daemon in
|
|
order to route fencing requests over AMQP to the appropriate computer.
|
|
|
|
.TP
|
|
.B host
|
|
.
|
|
host or IP address of qpid broker. Defaults to 127.0.0.1.
|
|
|
|
.TP
|
|
.B port
|
|
.
|
|
IP port of qpid broker. Defaults to 5672.
|
|
|
|
.TP
|
|
.B username
|
|
.
|
|
Username for GSSAPI, if configured.
|
|
|
|
.TP
|
|
.B service
|
|
.
|
|
Qpid service to connect to.
|
|
|
|
.TP
|
|
.B gssapi
|
|
.
|
|
If set to 1, have fence_virtd use GSSAPI for authentication when communicating
|
|
with the Qpid broker. Default is 0 (off).
|
|
|
|
.SS cpg
|
|
|
|
The cpg plugin uses corosync CPG and libvirt to track virtual
|
|
machines and route fencing requests to the appropriate computer.
|
|
|
|
.TP
|
|
.B uri
|
|
.
|
|
the URI to use when connecting to libvirt by the cpg plugin.
|
|
|
|
.TP
|
|
.B name_mode
|
|
.
|
|
The cpg plugin, in order to retain compatibility with fence_xvm,
|
|
stores virtual machines in a certain way. The
|
|
default was to use 'name' when using fence_xvm and fence_xvmd, and so this
|
|
is still the default. However, it is strongly recommended to use 'uuid'
|
|
instead of 'name' in all cluster environments involving more than one
|
|
physical host in order to avoid the potential for name collisions.
|
|
|
|
.SH GROUPS
|
|
|
|
Fence_virtd supports static maps which allow grouping of VMs. The
|
|
groups are arbitrary and are checked at fence time. Any member of
|
|
a group may fence any other member. Hosts may be assigned to multiple
|
|
groups if desired.
|
|
|
|
.SS group
|
|
|
|
This defines a group.
|
|
|
|
.TP
|
|
.B uuid
|
|
.
|
|
defines UUID as a member of a group.
|
|
|
|
.TP
|
|
.B ip
|
|
.
|
|
defines an IP which is allowed to send fencing requests
|
|
for members of this group (e.g. for multicast). It is
|
|
highly recommended that this be used in conjunction with
|
|
a key file.
|
|
|
|
|
|
|
|
.SH EXAMPLE
|
|
|
|
fence_virtd {
|
|
listener = "multicast";
|
|
backend = "cpg";
|
|
}
|
|
|
|
# this is the listeners section
|
|
|
|
listeners {
|
|
multicast {
|
|
key_file = "/etc/cluster/fence_xvm.key";
|
|
}
|
|
}
|
|
|
|
backends {
|
|
libvirt {
|
|
uri = "qemu:///system";
|
|
}
|
|
}
|
|
|
|
groups {
|
|
group {
|
|
ip = "192.168.1.1";
|
|
uuid = "44179d3f-6c63-474f-a212-20c8b4b25b16";
|
|
uuid = "1ce02c4b-dfa1-42cb-b5b1-f0b1091ece60";
|
|
}
|
|
}
|
|
|
|
.SH SEE ALSO
|
|
fence_virtd(8), fence_virt(8), fence_xvm(8), fence(8)
|