fence_azure_arm(8)

1
2FENCE_AGENT(8)              System Manager's Manual             FENCE_AGENT(8)
3
4
5

NAME

7       fence_azure_arm - Fence agent for Azure Resource Manager
8

DESCRIPTION

10       fence_azure_arm  is an I/O Fencing agent for Azure Resource Manager. It
11       uses Azure SDK for Python to connect to Azure.
12
13       For  instructions  to  setup   credentials   see:   https://docs.micro‐
14       soft.com/en-us/azure/azure-resource-manager/resource-group-create-ser‐
15       vice-principal-portal
16
17       Username and password are application ID and  authentication  key  from
18       "App registrations".
19
20       NOTE: NETWORK FENCING
21       Network  fencing requires an additional Subnet named "fence-subnet" for
22       the Virtual Network using a Network Security Group with  the  following
23       rules:
24       +-----------+-----+-------------------------+------+------+-----+-----+--------+
25       | DIRECTION | PRI | NAME                    | PORT | PROT | SRC | DST |
26       ACTION |
27       +-----------+-----+-------------------------+------+------+-----+-----+--------+
28       | Inbound   | 100 | FENCE_DENY_ALL_INBOUND  | Any  | Any  | Any | Any |
29       Deny   |
30       | Outbound  | 100 | FENCE_DENY_ALL_OUTBOUND | Any  | Any  | Any | Any |
31       Deny   |
32       +-----------+-----+-------------------------+------+------+-----+-----+--------+
33
34       When  using network fencing the reboot-action will cause a quick-return
35       once the network has been fenced (instead of waiting for the off-action
36       to  succeed).  It  will check the status during the monitor-action, and
37       request power-on when the shutdown operation is complete.
38
39       fence_azure_arm accepts options on the command line  as  well  as  from
40       stdin.  Fenced  sends parameters through stdin when it execs the agent.
41       fence_azure_arm can be run by itself with command line  options.   This
42       is useful for testing and for turning outlets on or off from scripts.
43
44       Vendor URL: http://www.microsoft.com
45

PARAMETERS

47
48
49       -o, --action=[action]
50              Fencing action (Default Value: reboot)
51
52       -p, --password=[authkey]
53              Authentication key
54
55       -S, --password-script=[script]
56              Script to run to retrieve password
57
58       -n, --plug=[id]
59              Physical  plug  number  on device, UUID or identification of ma‐
60              chine This parameter is always required.
61
62       -l, --username=[appid]
63              Application ID
64
65       --resourceGroup=[name]
66              Name of resource group. Metadata service is used if the value is
67              not provided.
68
69       --tenantId=[name]
70              Id of Azure Active Directory tenant.
71
72       --subscriptionId=[name]
73              Id  of  the  Azure subscription. Metadata service is used if the
74              value is not provided.
75
76       --network-fencing
77              Use network fencing. See NOTE-section for configuration.
78
79       --msi  Determines if Managed Service Identity should be used.
80
81       --cloud=[name]
82              Name of the cloud you want to use.
83
84       --metadata-endpoint=[URL]
85              URL to metadata endpoint (used when cloud=stack).
86
87       -q, --quiet
88              Disable logging to stderr. Does not affect --verbose or --debug-
89              file or logging to syslog.
90
91       -v, --verbose
92              Verbose  mode.  Multiple  -v flags can be stacked on the command
93              line (e.g., -vvv) to increase verbosity.
94
95       --verbose-level
96              Level of debugging detail in output. Defaults to the  number  of
97              --verbose  flags  specified on the command line, or to 1 if ver‐
98              bose=1 in a  stonith  device  configuration  (i.e.,  on  stdin).
99
100
101       -D, --debug-file=[debugfile]
102              Write debug information to given file
103
104       -V, --version
105              Display version information and exit
106
107       -h, --help
108              Display help and exit
109
110       --plug-separator=[char]
111              Separator  for  plug  parameter when specifying more than 1 plug
112              (Default Value: ,)
113
114       -C, --separator=[char]
115              Separator for CSV created by 'list' operation (Default Value: ,)
116
117
118       --delay=[seconds]
119              Wait  X  seconds  before  fencing  is started (Default Value: 0)
120
121
122       --disable-timeout=[true/false]
123              Disable timeout (true/false) (default: true when run from  Pace‐
124              maker 2.0+)
125
126       --login-timeout=[seconds]
127              Wait  X  seconds  for  cmd prompt after login (Default Value: 5)
128
129
130       --power-timeout=[seconds]
131              Test X seconds for status change after  ON/OFF  (Default  Value:
132              150)
133
134       --power-wait=[seconds]
135              Wait X seconds after issuing ON/OFF (Default Value: 0)
136
137       --shell-timeout=[seconds]
138              Wait  X  seconds  for  cmd prompt after issuing command (Default
139              Value: 3)
140
141       --stonith-status-sleep=[seconds]
142              Sleep X seconds between status calls  during  a  STONITH  action
143              (Default Value: 1)
144
145       --retry-on=[attempts]
146              Count of attempts to retry power on (Default Value: 1)
147
148

ACTIONS

150
151
152       on     Power on machine.
153
154       off    Power off machine.
155
156       reboot Reboot machine.
157
158       status This returns the status of the plug/virtual machine.
159
160       list   List  available  plugs with aliases/virtual machines if there is
161              support for more then one device. Returns N/A otherwise.
162
163       list-status
164              List available plugs with  aliases/virtual  machines  and  their
165              power  state  if it can be obtained without additional commands.
166
167
168       monitor
169              Check the health of fence device
170
171       metadata
172              Display the XML metadata describing this resource.
173
174       manpage
175               The operational behavior of this is not known.
176
177       validate-all
178              Validate if all required parameters are entered.
179
180

STDIN PARAMETERS

182
183
184       action Fencing action (Default Value: reboot)
185
186       password
187              Authentication key Obsoletes: passwd
188
189       password_script
190              Script to run  to  retrieve  password  Obsoletes:  passwd_script
191
192
193       plug   Physical  plug  number  on device, UUID or identification of ma‐
194              chine This parameter is always required. Obsoletes:  port
195
196
197       username
198              Application ID Obsoletes: login
199
200       resourceGroup
201              Name of resource group. Metadata service is used if the value is
202              not provided.
203
204       tenantId
205              Id of Azure Active Directory tenant.
206
207       subscriptionId
208              Id of the Azure subscription. Metadata service is  used  if  the
209              value is not provided.
210
211       network_fencing
212              Use  network  fencing. See NOTE-section for configuration. Obso‐
213              letes: network-fencing
214
215       msi    Determines if Managed Service Identity should be used.
216
217       cloud  Name of the cloud you want to use.
218
219       metadata_endpoint
220              URL to metadata endpoint  (used  when  cloud=stack).  Obsoletes:
221              metadata-endpoint
222
223       quiet  Disable logging to stderr. Does not affect --verbose or --debug-
224              file or logging to syslog.
225
226       verbose
227              Verbose mode. Multiple -v flags can be stacked  on  the  command
228              line (e.g., -vvv) to increase verbosity.
229
230       verbose_level
231              Level  of  debugging detail in output. Defaults to the number of
232              --verbose flags specified on the command line, or to 1  if  ver‐
233              bose=1  in  a  stonith  device  configuration  (i.e., on stdin).
234
235
236       debug_file
237              Write debug information to given file Obsoletes: debug
238
239       version
240              Display version information and exit
241
242       help   Display help and exit
243
244       plug_separator
245              Separator for plug parameter when specifying more  than  1  plug
246              (Default Value: ,)
247
248       separator
249              Separator for CSV created by 'list' operation (Default Value: ,)
250
251
252       delay  Wait X seconds before fencing  is  started  (Default  Value:  0)
253
254
255       disable_timeout
256              Disable  timeout (true/false) (default: true when run from Pace‐
257              maker 2.0+)
258
259       login_timeout
260              Wait X seconds for cmd prompt after  login  (Default  Value:  5)
261
262
263       power_timeout
264              Test  X  seconds  for status change after ON/OFF (Default Value:
265              150)
266
267       power_wait
268              Wait X seconds after issuing ON/OFF (Default Value: 0)
269
270       shell_timeout
271              Wait X seconds for cmd prompt  after  issuing  command  (Default
272              Value: 3)
273
274       stonith_status_sleep
275              Sleep  X  seconds  between  status calls during a STONITH action
276              (Default Value: 1)
277
278       retry_on
279              Count of attempts to retry power on (Default Value: 1)
280
281
282
283fence_azure_arm (Fence Agent)     2009-10-20                    FENCE_AGENT(8)