fence机制: 隔离主机到存储的连接
配置fence_xvm步骤 KVM fence
请问物理机器需要真实的fence 设备吗? 否
一、将物理机器(宿主机)f0配置成fence设备
1. 安装fence设备软件包
#yum -y install fence-virtd-libvirt.x86_64 fence-virtd fence-virtd-multicast.x86_64
2. 生成对称的秘钥对
#mkdir /etc/cluster
#dd if=/dev/urandom of=/etc/cluster/fence_xvm.key bs=1k count=4
3. 给f0设备的virbr1设置对应的IP地址,如: 192.168.0.99 ,该IP地址必须能与nodea和nodeb的集群网络通讯
# cat /etc/libvirt/qemu/nodea.xml
<interface type='bridge'>
<mac address='52:54:00:02:00:0a'/>
<source bridge='virbr1'/>
<model type='virtio'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
</interface>
#cat /etc/libvirt/qemu/networks/privnet.xml
<network ipv6='yes'>
<name>privnet</name>
<uuid>b2eb5995-3e5b-49ad-bc00-622d38a06ff4</uuid>
<bridge name='virbr1' stp='on' delay='0'/>
<mac address='52:54:00:13:83:3f'/>
<ip address='192.168.0.99' netmask='255.255.255.0'>
</ip>
</network>
#systemctl restart libvirtd
or:
#ifconfig virbr1 192.168.0.99
4. 在两个集群节点上分别创建/etc/cluster目录
#mkdir /etc/cluster
5. 将f0上面的/etc/cluster/fence_xvm.key秘钥分别复制到集群节点的对应目录,目录和文件名必须保持一致
f0#scp /etc/cluster/fence_xvm.key root@nodea:/etc/cluster
f0#scp /etc/cluster/fence_xvm.key root@nodeb:/etc/cluster
6. 配置f0 fence
#fence_virtd -c
Interface [virbr0]: virbr1
# systemctl enable fence_virtd && systemctl start fence_virtd
至此f0配置完成
二、在集群节点上配置fence
1. 在所有的集群节点上开启1229端口
[root@nodea ~]#firewall-cmd --permanent --add-port=1229/tcp
[root@nodea~]# firewall-cmd --permanent --add-port=1229/udp
[root@nodea ~]# firewall-cmd –reload
[root@nodeb ~]#firewall-cmd --permanent --add-port=1229/tcp
[root@nodeb ~]# firewall-cmd --permanent --add-port=1229/udp
[root@nodeb ~]# firewall-cmd –reload
2. 创建fence设备 (在集群任一节点做即可)
#pcs stonith create fence_nodea fence_xvm port='nodea' pcmk_host_list='nodea.private.example.com'
#pcs stonith create fence_nodeb fence_xvm port='nodeb' pcmk_host_list='nodeb.private.example.com'
[root@nodeb ~]# pcs stonith show
fence_nodea (stonith:fence_xvm): Started
fence_nodeb (stonith:fence_xvm): Started
[root@nodeb ~]# pcs stonith show --full
Resource: fence_nodea (class=stonith type=fence_xvm)
Attributes: port=nodea pcmk_host_list=nodea.private.example.com
Operations: monitor interval=60s (fence_nodea-monitor-interval-60s)
Resource: fence_nodeb (class=stonith type=fence_xvm)
Attributes: port=nodeb pcmk_host_list=nodeb.private.example.com
Operations: monitor interval=60s (fence_nodeb-monitor-interval-60s)
3. 测试fence
[root@nodeb ~]# pcs stonith fence nodea.private.example.com
or
[root@nodeb ~]#ifdown eth1
报错分析
[root@nodeb ~]# pcs stonith fence nodea.private.example.com
Error: unable to fence 'nodea.private.example.com'
Command failed: No route to host
这个报错可以通过重启fence解决
[root@foundation0 networks]# systemctl restart fence_virtd.service