f38f9327d8
This allows fencing requests with the appropriate key file to control VMs assigned to the same group. Signed-off-by: Lon Hohberger <lon@users.sourceforge.net>
284 lines
6.2 KiB
Groff
284 lines
6.2 KiB
Groff
.TH fence_virtd.conf 5
|
|
|
|
.SH NAME
|
|
fence_virtd.conf - configuration file for fence_virtd
|
|
|
|
.SH DESCRIPTION
|
|
|
|
The fence_virtd.conf file contains configuration information for fence_virtd,
|
|
a fencing request routing daemon for clusters of virtual machines.
|
|
|
|
The file is tree-structured. There are parent/child relationships and sibling
|
|
relationships between the nodes.
|
|
|
|
foo {
|
|
bar {
|
|
baz = "1";
|
|
}
|
|
}
|
|
|
|
There are three primary sections of fence_virtd.conf.
|
|
|
|
.SH SECTIONS
|
|
.SS fence_virtd
|
|
|
|
This section contains global information about how fence_virtd is to operate.
|
|
The most important pieces of information are as follows:
|
|
|
|
.TP
|
|
.B listener
|
|
.
|
|
the listener plugin for receiving fencing requests from clients
|
|
|
|
.TP
|
|
.B backend
|
|
.
|
|
the plugin to be used to carry out fencing requests
|
|
|
|
.TP
|
|
.B foreground
|
|
.
|
|
do not fork into the background.
|
|
|
|
.TP
|
|
.B wait_for_backend
|
|
.
|
|
wait for the backend management layer to initialize rather than giving up immediately
|
|
|
|
.TP
|
|
.B module_path
|
|
.
|
|
the module path to search for plugins
|
|
|
|
.SS listeners
|
|
|
|
This section contains listener-specific configuration information; see the
|
|
section about listeners below.
|
|
|
|
.SS backends
|
|
|
|
This section contains listener-specific configuration information; see the
|
|
section about listeners below.
|
|
|
|
.SS groups
|
|
|
|
This section contains static maps of which virtual machines
|
|
may fence which other virtual machines; see the section
|
|
about groups below.
|
|
|
|
|
|
.SH LISTENERS
|
|
|
|
There are various listeners available for fence_virtd, each one handles
|
|
decoding and authentication of a given fencing request. The following
|
|
configuration blocks belong in the \fBlisteners\fP section of fence_virtd.conf
|
|
|
|
.SS multicast
|
|
.TP
|
|
.B key_file
|
|
.
|
|
the shared key file to use (default: /etc/cluster/fence_xvm.key).
|
|
|
|
.TP
|
|
.B hash
|
|
.
|
|
the hashing algorithm to use for packet signing (default: sha256, but could
|
|
be sha1, sha512, or none)
|
|
|
|
.TP
|
|
.B auth
|
|
.
|
|
the hashing algorithm to use for the simplistic challenge-response authentication
|
|
(default: sha256, but could be sha1, sha512, or none)
|
|
|
|
.TP
|
|
.B family
|
|
.
|
|
the IP family to use (default: ipv4, but may be ipv6)
|
|
|
|
.TP
|
|
.B address
|
|
.
|
|
the multicast address to listen on (default: 225.0.0.12)
|
|
|
|
.TP
|
|
.B port
|
|
.
|
|
the multicast port to listen on (default: 1229)
|
|
|
|
.TP
|
|
.B interface
|
|
.
|
|
interface to listen on. By default, fence_virtd listens on all interfaces.
|
|
However, this causes problems in some environments where the host computer
|
|
is used as a gateway.
|
|
|
|
.SS serial
|
|
|
|
The serial listener plugin utilizes libvirt's serial (or VMChannel)
|
|
mapping to listen for requests. When using the serial listener, it is
|
|
necessary to add a serial port (preferably pointing to /dev/ttyS1) or
|
|
a channel (preferrably pointing to 10.0.2.179:1229) to the
|
|
libvirt domain description. Note that only type
|
|
.B unix
|
|
, mode
|
|
.B bind
|
|
serial ports and channels are supported. Example libvirt XML:
|
|
|
|
.in 8
|
|
<\fBserial\fP type='unix'>
|
|
<source mode='bind' path='/sandbox/guests/fence_socket_molly'/>
|
|
<target port='1'/>
|
|
</serial>
|
|
<\fBchannel\fP type='unix'>
|
|
<source mode='bind' path='/sandbox/guests/fence_molly_vmchannel'/>
|
|
<target type='guestfwd' address='10.0.2.179' port='1229'/>
|
|
</serial>
|
|
.in 0
|
|
|
|
.TP
|
|
.B uri
|
|
.
|
|
the URI to use when connecting to libvirt by the serial plugin.
|
|
|
|
.TP
|
|
.B path
|
|
.
|
|
Sockets must reside in this directory in order to be considered
|
|
valid. This can be used to prevent fence_virtd from using the wrong
|
|
sockets.
|
|
|
|
.TP
|
|
.B mode
|
|
.
|
|
This selects the type of sockets to register. Valid values are "serial"
|
|
(default) and "vmchannel".
|
|
|
|
|
|
.SH BACKENDS
|
|
|
|
There are various backends available for fence_virtd, each one handles
|
|
routing a fencing request to a hypervisor or management tool. The following
|
|
configuration blocks belong in the \fBbackends\fP section of fence_virtd.conf
|
|
|
|
.SS libvirt
|
|
|
|
The libvirt plugin is the simplest plugin. It is used in environments where
|
|
routing fencing requests between multiple hosts is not required, for example
|
|
by a user running a cluster of virtual machines on a single desktop computer.
|
|
|
|
.TP
|
|
.B uri
|
|
.
|
|
the URI to use when connecting to libvirt.
|
|
|
|
.SS libvirt-qpid
|
|
|
|
The libvirt-qpid plugin acts as a QMF Console to the libvirt-qpid daemon in
|
|
order to route fencing requests over AMQP to the appropriate computer. There
|
|
are currently no configuration options for libvirt-qpid.
|
|
|
|
.TP
|
|
.B host
|
|
.
|
|
host or IP address of qpid broker. Defaults to 127.0.0.1.
|
|
|
|
.TP
|
|
.B port
|
|
.
|
|
IP port of qpid broker. Defaults to 5672.
|
|
|
|
.TP
|
|
.B username
|
|
.
|
|
Username for GSSAPI, if configured.
|
|
|
|
.TP
|
|
.B service
|
|
.
|
|
Qpid service to connect to.
|
|
|
|
.TP
|
|
.B gssapi
|
|
.
|
|
If set to 1, have fence_virtd use GSSAPI for authentication when communicating
|
|
with the Qpid broker. Default is 0 (off).
|
|
|
|
.SS checkpoint
|
|
|
|
The checkpoint plugin uses CMAN, CPG, and OpenAIS checkpoints to track virtual
|
|
machines and route fencing requests to the appropriate computer.
|
|
|
|
.TP
|
|
.B uri
|
|
.
|
|
the URI to use when connecting to libvirt by the checkpoint plugin.
|
|
|
|
.TP
|
|
.B name_mode
|
|
.
|
|
The checkpoint plugin, in order to retain compatibility with fence_xvm,
|
|
stores virtual machines in a certain way in the OpenAIS checkpoints. The
|
|
default was to use 'name' when using fence_xvm and fence_xvmd, and so this
|
|
is still the default. However, it is strongly recommended to use 'uuid'
|
|
instead of 'name' in all cluster environments involving more than one
|
|
physical host in order to avoid the potential for name collisions.
|
|
|
|
.SH GROUPS
|
|
|
|
Fence_virtd supports static maps which allow grouping of VMs. The
|
|
groups are arbitrary and are checked at fence time. Any member of
|
|
a group may fence any other member. Hosts may be assigned to multiple
|
|
groups if desired.
|
|
|
|
.SS group
|
|
|
|
This defines a group.
|
|
|
|
.TP
|
|
.B uuid
|
|
.
|
|
defines UUID as a member of a group.
|
|
|
|
.TP
|
|
.B ip
|
|
.
|
|
defines an IP which is allowed to send fencing requests
|
|
for members of this group (e.g. for multicast). It is
|
|
highly recommended that this be used in conjunction with
|
|
a key file.
|
|
|
|
|
|
|
|
.SH EXAMPLE
|
|
|
|
fence_virtd {
|
|
listener = "multicast";
|
|
backend = "checkpoint";
|
|
}
|
|
|
|
# this is the listeners section
|
|
|
|
listeners {
|
|
multicast {
|
|
key_file = "/etc/cluster/fence_xvm.key";
|
|
}
|
|
}
|
|
|
|
backends {
|
|
libvirt {
|
|
uri = "qemu:///system";
|
|
}
|
|
}
|
|
|
|
groups {
|
|
group {
|
|
ip = "192.168.1.1";
|
|
uuid = "44179d3f-6c63-474f-a212-20c8b4b25b16";
|
|
uuid = "1ce02c4b-dfa1-42cb-b5b1-f0b1091ece60";
|
|
}
|
|
}
|
|
|
|
.SH SEE ALSO
|
|
fence_virtd(8), fence_virt(8), fence_xvm(8), fence(8)
|