1fence_virtd.conf(5) File Formats Manual fence_virtd.conf(5)
2
3
4
6 fence_virt.conf - configuration file for fence_virtd
7
8
10 The fence_virt.conf file contains configuration information for
11 fence_virtd, a fencing request routing daemon for clusters of virtual
12 machines.
13
14 The file is tree-structured. There are parent/child relationships and
15 sibling relationships between the nodes.
16
17 foo {
18 bar {
19 baz = "1";
20 }
21 }
22
23 There are three primary sections of fence_virt.conf.
24
25
27 fence_virtd
28 This section contains global information about how fence_virtd is to
29 operate. The most important pieces of information are as follows:
30
31
32 listener
33 the listener plugin for receiving fencing requests from clients
34
35
36 backend
37 the plugin to be used to carry out fencing requests
38
39
40 foreground
41 do not fork into the background.
42
43
44 wait_for_backend
45 wait for the backend management layer to initialize rather than
46 giving up immediately
47
48
49 module_path
50 the module path to search for plugins
51
52
53 listeners
54 This section contains listener-specific configuration information; see
55 the section about listeners below.
56
57
58 backends
59 This section contains listener-specific configuration information; see
60 the section about listeners below.
61
62
63 groups
64 This section contains static maps of which virtual machines may fence
65 which other virtual machines; see the section about groups below.
66
67
68
70 There are various listeners available for fence_virtd, each one handles
71 decoding and authentication of a given fencing request. The following
72 configuration blocks belong in the listeners section of fence_virt.conf
73
74
75 multicast
76 key_file
77 the shared key file to use (default: /etc/clus‐
78 ter/fence_xvm.key).
79
80
81 hash the weakest hashing algorithm allowed for client requests.
82 Clients may send packets with stronger hashes than the one spec‐
83 ified, but not weaker ones. (default: sha256, but could be
84 sha1, sha512, or none)
85
86
87 auth the hashing algorithm to use for the simplistic challenge-
88 response authentication (default: sha256, but could be sha1,
89 sha512, or none)
90
91
92 family the IP family to use (default: ipv4, but may be ipv6)
93
94
95 address
96 the multicast address to listen on (default: 225.0.0.12)
97
98
99 port the multicast port to listen on (default: 1229)
100
101
102 interface
103 interface to listen on. By default, fence_virtd listens on the
104 default network interface. However, this causes problems in
105 some environments where the host computer is used as a gateway.
106
107
108 serial
109 The serial listener plugin utilizes libvirt's serial (or VMChannel)
110 mapping to listen for requests. When using the serial listener, it is
111 necessary to add a serial port (preferably pointing to /dev/ttyS1) or a
112 channel (preferrably pointing to 10.0.2.179:1229) to the libvirt domain
113 description. Note that only type unix , mode bind serial ports and
114 channels are supported. Example libvirt XML:
115
116 <serial type='unix'>
117 <source mode='bind' path='/sandbox/guests/fence_socket_molly'/>
118 <target port='1'/>
119 </serial>
120 <channel type='unix'>
121 <source mode='bind' path='/sandbox/guests/fence_molly_vmchannel'/>
122 <target type='guestfwd' address='10.0.2.179' port='1229'/>
123 </channel>
124
125
126 uri the URI to use when connecting to libvirt by the serial plugin.
127
128
129 path The same directory that is defined for the domain serial port
130 path (From example above: /sandbox/guests). Sockets must reside
131 in this directory in order to be considered valid. This can be
132 used to prevent fence_virtd from using the wrong sockets.
133
134
135 mode This selects the type of sockets to register. Valid values are
136 "serial" (default) and "vmchannel".
137
138
139
141 There are various backends available for fence_virtd, each one handles
142 routing a fencing request to a hypervisor or management tool. The fol‐
143 lowing configuration blocks belong in the backends section of
144 fence_virt.conf
145
146
147 libvirt
148 The libvirt plugin is the simplest plugin. It is used in environments
149 where routing fencing requests between multiple hosts is not required,
150 for example by a user running a cluster of virtual machines on a single
151 desktop computer.
152
153
154 uri the URI to use when connecting to libvirt.
155
156
157 libvirt-qpid
158 The libvirt-qpid plugin acts as a QMF Console to the libvirt-qpid dae‐
159 mon in order to route fencing requests over AMQP to the appropriate
160 computer. There are currently no configuration options for libvirt-
161 qpid.
162
163
164 host host or IP address of qpid broker. Defaults to 127.0.0.1.
165
166
167 port IP port of qpid broker. Defaults to 5672.
168
169
170 username
171 Username for GSSAPI, if configured.
172
173
174 service
175 Qpid service to connect to.
176
177
178 gssapi If set to 1, have fence_virtd use GSSAPI for authentication when
179 communicating with the Qpid broker. Default is 0 (off).
180
181
182 checkpoint
183 The checkpoint plugin uses CMAN, CPG, and OpenAIS checkpoints to track
184 virtual machines and route fencing requests to the appropriate com‐
185 puter.
186
187
188 uri the URI to use when connecting to libvirt by the checkpoint
189 plugin.
190
191
192 name_mode
193 The checkpoint plugin, in order to retain compatibility with
194 fence_xvm, stores virtual machines in a certain way in the Ope‐
195 nAIS checkpoints. The default was to use 'name' when using
196 fence_xvm and fence_xvmd, and so this is still the default.
197 However, it is strongly recommended to use 'uuid' instead of
198 'name' in all cluster environments involving more than one phys‐
199 ical host in order to avoid the potential for name collisions.
200
201
203 Fence_virtd supports static maps which allow grouping of VMs. The
204 groups are arbitrary and are checked at fence time. Any member of a
205 group may fence any other member. Hosts may be assigned to multiple
206 groups if desired.
207
208
209 group
210 This defines a group.
211
212
213 uuid defines UUID as a member of a group.
214
215
216 ip defines an IP which is allowed to send fencing requests for mem‐
217 bers of this group (e.g. for multicast). It is highly recom‐
218 mended that this be used in conjunction with a key file.
219
220
221
222
224 fence_virtd {
225 listener = "multicast";
226 backend = "checkpoint";
227 }
228
229 # this is the listeners section
230
231 listeners {
232 multicast {
233 key_file = "/etc/cluster/fence_xvm.key";
234 }
235 }
236
237 backends {
238 libvirt {
239 uri = "qemu:///system";
240 }
241 }
242
243 groups {
244 group {
245 ip = "192.168.1.1";
246 uuid = "44179d3f-6c63-474f-a212-20c8b4b25b16";
247 uuid = "1ce02c4b-dfa1-42cb-b5b1-f0b1091ece60";
248 }
249 }
250
251
253 fence_virtd(8), fence_virt(8), fence_xvm(8), fence(8)
254
255
256
257 fence_virtd.conf(5)