1fence_virtd.conf(5) File Formats Manual fence_virtd.conf(5)
2
6 fence_virt.conf - configuration file for fence_virtd
7
10 The fence_virt.conf file contains configuration information for
11 fence_virtd, a fencing request routing daemon for clusters of virtual
12 machines.
13 The file is tree-structured. There are parent/child relationships and
15 sibling relationships between the nodes.
16 foo {
18 bar {
19 baz = "1";
20 }
21 }
22 There are three primary sections of fence_virt.conf.
24
27 fence_virtd
28 This section contains global information about how fence_virtd is to
29 operate. The most important pieces of information are as follows:
30 listener
33 the listener plugin for receiving fencing requests from clients
34 backend
37 the plugin to be used to carry out fencing requests
38 foreground
41 do not fork into the background.
42 wait_for_backend
45 wait for the backend management layer to initialize rather than
46 giving up immediately
47 module_path
50 the module path to search for plugins
51 listeners
54 This section contains listener-specific configuration information; see
55 the section about listeners below.
56 backends
59 This section contains listener-specific configuration information; see
60 the section about listeners below.
61 groups
64 This section contains static maps of which virtual machines may fence
65 which other virtual machines; see the section about groups below.
66
70 There are various listeners available for fence_virtd, each one handles
71 decoding and authentication of a given fencing request. The following
72 configuration blocks belong in the listeners section of fence_virt.conf
73 multicast
76 key_file
77 the shared key file to use (default: /etc/clus‐
78 ter/fence_xvm.key).
79 hash the weakest hashing algorithm allowed for client requests.
82 Clients may send packets with stronger hashes than the one spec‐
83 ified, but not weaker ones. (default: sha256, but could be
84 sha1, sha512, or none)
85 auth the hashing algorithm to use for the simplistic challenge-
88 response authentication (default: sha256, but could be sha1,
89 sha512, or none)
90 family the IP family to use (default: ipv4, but may be ipv6)
93 address
96 the multicast address to listen on (default: 225.0.0.12)
97 port the multicast port to listen on (default: 1229)
100 interface
103 interface to listen on. By default, fence_virtd listens on the
104 default network interface. However, this causes problems in
105 some environments where the host computer is used as a gateway.
106 serial
109 The serial listener plugin utilizes libvirt's serial (or VMChannel)
110 mapping to listen for requests. When using the serial listener, it is
111 necessary to add a serial port (preferably pointing to /dev/ttyS1) or a
112 channel (preferrably pointing to 10.0.2.179:1229) to the libvirt domain
113 description. Note that only type unix , mode bind serial ports and
114 channels are supported. Example libvirt XML:
115 <serial type='unix'>
117 <source mode='bind' path='/sandbox/guests/fence_socket_molly'/>
118 <target port='1'/>
119 </serial>
120 <channel type='unix'>
121 <source mode='bind' path='/sandbox/guests/fence_molly_vmchannel'/>
122 <target type='guestfwd' address='10.0.2.179' port='1229'/>
123 </channel>
124 uri the URI to use when connecting to libvirt by the serial plugin.
127 path The same directory that is defined for the domain serial port
130 path (From example above: /sandbox/guests). Sockets must reside
131 in this directory in order to be considered valid. This can be
132 used to prevent fence_virtd from using the wrong sockets.
133 mode This selects the type of sockets to register. Valid values are
136 "serial" (default) and "vmchannel".
137
141 There are various backends available for fence_virtd, each one handles
142 routing a fencing request to a hypervisor or management tool. The fol‐
143 lowing configuration blocks belong in the backends section of
144 fence_virt.conf
145 libvirt
148 The libvirt plugin is the simplest plugin. It is used in environments
149 where routing fencing requests between multiple hosts is not required,
150 for example by a user running a cluster of virtual machines on a single
151 desktop computer.
152 uri the URI to use when connecting to libvirt.
155 libvirt-qpid
158 The libvirt-qpid plugin acts as a QMF Console to the libvirt-qpid dae‐
159 mon in order to route fencing requests over AMQP to the appropriate
160 computer. There are currently no configuration options for libvirt-
161 qpid.
162 host host or IP address of qpid broker. Defaults to 127.0.0.1.
165 port IP port of qpid broker. Defaults to 5672.
168 username
171 Username for GSSAPI, if configured.
172 service
175 Qpid service to connect to.
176 gssapi If set to 1, have fence_virtd use GSSAPI for authentication when
179 communicating with the Qpid broker. Default is 0 (off).
180 checkpoint
183 The checkpoint plugin uses CMAN, CPG, and OpenAIS checkpoints to track
184 virtual machines and route fencing requests to the appropriate com‐
185 puter.
186 uri the URI to use when connecting to libvirt by the checkpoint
189 plugin.
190 name_mode
193 The checkpoint plugin, in order to retain compatibility with
194 fence_xvm, stores virtual machines in a certain way in the Ope‐
195 nAIS checkpoints. The default was to use 'name' when using
196 fence_xvm and fence_xvmd, and so this is still the default.
197 However, it is strongly recommended to use 'uuid' instead of
198 'name' in all cluster environments involving more than one phys‐
199 ical host in order to avoid the potential for name collisions.
200
203 Fence_virtd supports static maps which allow grouping of VMs. The
204 groups are arbitrary and are checked at fence time. Any member of a
205 group may fence any other member. Hosts may be assigned to multiple
206 groups if desired.
207 group
210 This defines a group.
211 uuid defines UUID as a member of a group.
214 ip defines an IP which is allowed to send fencing requests for mem‐
217 bers of this group (e.g. for multicast). It is highly recom‐
218 mended that this be used in conjunction with a key file.
219
224 fence_virtd {
225 listener = "multicast";
226 backend = "checkpoint";
227 }
228 # this is the listeners section
230 listeners {
232 multicast {
233 key_file = "/etc/cluster/fence_xvm.key";
234 }
235 }
236 backends {
238 libvirt {
239 uri = "qemu:///system";
240 }
241 }
242 groups {
244 group {
245 ip = "192.168.1.1";
246 uuid = "44179d3f-6c63-474f-a212-20c8b4b25b16";
247 uuid = "1ce02c4b-dfa1-42cb-b5b1-f0b1091ece60";
248 }
249 }
250
253 fence_virtd(8), fence_virt(8), fence_xvm(8), fence(8)
254 fence_virtd.conf(5)