1fence_virtd.conf(5) File Formats Manual fence_virtd.conf(5)
2
3
4
6 fence_virt.conf - configuration file for fence_virtd
7
8
10 The fence_virt.conf file contains configuration information for
11 fence_virtd, a fencing request routing daemon for clusters of virtual
12 machines.
13
14 The file is tree-structured. There are parent/child relationships and
15 sibling relationships between the nodes.
16
17 foo {
18 bar {
19 baz = "1";
20 }
21 }
22
23 There are three primary sections of fence_virt.conf.
24
25
27 fence_virtd
28 This section contains global information about how fence_virtd is to
29 operate. The most important pieces of information are as follows:
30
31
32 listener
33 the listener plugin for receiving fencing requests from clients
34
35
36 backend
37 the plugin to be used to carry out fencing requests
38
39
40 foreground
41 do not fork into the background.
42
43
44 wait_for_init
45 wait for the frontend and backends to become available rather
46 than giving up immediately. This replaces wait_for_backend in
47 0.2.x.
48
49
50 module_path
51 the module path to search for plugins
52
53
54 listeners
55 This section contains listener-specific configuration information; see
56 the section about listeners below.
57
58
59 backends
60 This section contains listener-specific configuration information; see
61 the section about listeners below.
62
63
64 groups
65 This section contains static maps of which virtual machines may fence
66 which other virtual machines; see the section about groups below.
67
68
69
71 There are various listeners available for fence_virtd, each one handles
72 decoding and authentication of a given fencing request. The following
73 configuration blocks belong in the listeners section of fence_virt.conf
74
75
76 multicast
77 key_file
78 the shared key file to use (default: /etc/clus‐
79 ter/fence_xvm.key).
80
81
82 hash the weakest hashing algorithm allowed for client requests.
83 Clients may send packets with stronger hashes than the one spec‐
84 ified, but not weaker ones. (default: sha256, but could be
85 sha1, sha512, or none)
86
87
88 auth the hashing algorithm to use for the simplistic challenge-
89 response authentication (default: sha256, but could be sha1,
90 sha512, or none)
91
92
93 family the IP family to use (default: ipv4, but may be ipv6)
94
95
96 address
97 the multicast address to listen on (default: 225.0.0.12)
98
99
100 port the multicast port to listen on (default: 1229)
101
102
103 interface
104 interface to listen on. By default, fence_virtd listens on all
105 interfaces. However, this causes problems in some environments
106 where the host computer is used as a gateway.
107
108
109 serial
110 The serial listener plugin utilizes libvirt's serial (or VMChannel)
111 mapping to listen for requests. When using the serial listener, it is
112 necessary to add a serial port (preferably pointing to /dev/ttyS1) or a
113 channel (preferably pointing to 10.0.2.179:1229) to the libvirt domain
114 description. Note that only type unix , mode bind serial ports and
115 channels are supported. Example libvirt XML:
116
117 <serial type='unix'>
118 <source mode='bind' path='/sandbox/guests/fence_socket_molly'/>
119 <target port='1'/>
120 </serial>
121 <channel type='unix'>
122 <source mode='bind' path='/sandbox/guests/fence_molly_vmchannel'/>
123 <target type='guestfwd' address='10.0.2.179' port='1229'/>
124 </channel>
125
126
127 uri the URI to use when connecting to libvirt by the serial plugin.
128
129
130 path The same directory that is defined for the domain serial port
131 path (From example above: /sandbox/guests). Sockets must reside
132 in this directory in order to be considered valid. This can be
133 used to prevent fence_virtd from using the wrong sockets.
134
135
136 mode This selects the type of sockets to register. Valid values are
137 "serial" (default) and "vmchannel".
138
139
140 tcp
141 The tcp listener operates similarly to the multicast listener but uses
142 TCP sockets for communication instead of using multicast packets.
143
144
145 key_file
146 the shared key file to use (default: /etc/clus‐
147 ter/fence_xvm.key).
148
149
150 hash the hashing algorithm to use for packet signing (default:
151 sha256, but could be sha1, sha512, or none)
152
153
154 auth the hashing algorithm to use for the simplistic challenge-
155 response authentication (default: sha256, but could be sha1,
156 sha512, or none)
157
158
159 family the IP family to use (default: ipv4, but may be ipv6)
160
161
162 address
163 the IP address to listen on (default: 127.0.0.1 for IPv4, ::1
164 for IPv6)
165
166
167 port the TCP port to listen on (default: 1229)
168
169
170 vsock
171 The vsock listener operates similarly to the multicast listener but
172 uses virtual machine sockets (AF_VSOCK) for communication instead of
173 using multicast packets.
174
175
176 key_file
177 the shared key file to use (default: /etc/clus‐
178 ter/fence_xvm.key).
179
180
181 hash the hashing algorithm to use for packet signing (default:
182 sha256, but could be sha1, sha512, or none)
183
184
185 auth the hashing algorithm to use for the simplistic challenge-
186 response authentication (default: sha256, but could be sha1,
187 sha512, or none)
188
189
190 port the vsock port to listen on (default: 1229)
191
192
194 There are various backends available for fence_virtd, each one handles
195 routing a fencing request to a hypervisor or management tool. The fol‐
196 lowing configuration blocks belong in the backends section of
197 fence_virt.conf
198
199
200 libvirt
201 The libvirt plugin is the simplest plugin. It is used in environments
202 where routing fencing requests between multiple hosts is not required,
203 for example by a user running a cluster of virtual machines on a single
204 desktop computer.
205
206
207 uri the URI to use when connecting to libvirt.
208
209
210 libvirt-qmf
211 The libvirt-qmf plugin acts as a QMFv2 Console to the libvirt-qmf dae‐
212 mon in order to route fencing requests over AMQP to the appropriate
213 computer.
214
215
216 host host or IP address of qpid broker. Defaults to 127.0.0.1.
217
218
219 port IP port of qpid broker. Defaults to 5672.
220
221
222 username
223 Username for GSSAPI, if configured.
224
225
226 service
227 Qpid service to connect to.
228
229
230 gssapi If set to 1, have fence_virtd use GSSAPI for authentication when
231 communicating with the Qpid broker. Default is 0 (off).
232
233
234 cpg
235 The cpg plugin uses corosync CPG and libvirt to track virtual machines
236 and route fencing requests to the appropriate computer.
237
238
239 uri the URI to use when connecting to libvirt by the cpg plugin.
240
241
242 name_mode
243 The cpg plugin, in order to retain compatibility with fence_xvm,
244 stores virtual machines in a certain way. The default was to
245 use 'name' when using fence_xvm and fence_xvmd, and so this is
246 still the default. However, it is strongly recommended to use
247 'uuid' instead of 'name' in all cluster environments involving
248 more than one physical host in order to avoid the potential for
249 name collisions.
250
251
253 Fence_virtd supports static maps which allow grouping of VMs. The
254 groups are arbitrary and are checked at fence time. Any member of a
255 group may fence any other member. Hosts may be assigned to multiple
256 groups if desired.
257
258
259 group
260 This defines a group.
261
262
263 uuid defines UUID as a member of a group.
264
265
266 ip defines an IP which is allowed to send fencing requests for mem‐
267 bers of this group (e.g. for multicast). It is highly recom‐
268 mended that this be used in conjunction with a key file.
269
270
271
272
274 fence_virtd {
275 listener = "multicast";
276 backend = "cpg";
277 }
278
279 # this is the listeners section
280
281 listeners {
282 multicast {
283 key_file = "/etc/cluster/fence_xvm.key";
284 }
285 }
286
287 backends {
288 libvirt {
289 uri = "qemu:///system";
290 }
291 }
292
293 groups {
294 group {
295 ip = "192.168.1.1";
296 uuid = "44179d3f-6c63-474f-a212-20c8b4b25b16";
297 uuid = "1ce02c4b-dfa1-42cb-b5b1-f0b1091ece60";
298 }
299 }
300
301
303 fence_virtd(8), fence_virt(8), fence_xvm(8), fence(8)
304
305
306
307 fence_virtd.conf(5)