[openstack-dev] [TripleO] Fencing configuration

Michele Baldessari michele at acksyn.org
Thu Feb 4 17:31:12 UTC 2016 

Hi all,

currently in order to enable automatic fencing on the controllers we
need to pass something like the following yaml to an overcloud deploy:
"""
EnableFencing: true                                     
FencingConfig:                                         
  {                                                  
    "devices": [                                   
      {                                          
        "agent": "fence_xvm",                  
        "host_mac": "52:54:00:2d:bb:38",       
        "params": {                            
          "multicast_address": "225.0.0.12", 
          "port": "osp8-node1"               
        }                                      
      },                                         
      {                                          
        "agent": "fence_xvm",                  
        "host_mac": "52:54:00:e9:f4:a8",       
        "params": {                            
          "multicast_address": "225.0.0.12", 
          "port": "osp8-node2"               
        }                                      
      },                                         
....                                                       
"""

the problem with this approach is two-fold:
1) The stonith resources will be named something like "stonith-xvm-5254002dbb38".
This is rather suboptimal for a sysadmin as it is really important to
know which node is actually behind that stonith device without looking
at a db containing mac addresses<->node-name. Both for troubleshooting
purposes and for monitoring the health of the cluster.

2) While trying to build a template to configure instance HA, which also
requires the computing nodes to be fenced, the current implementation is
not really workable, because it assumes that each node has the pcs
command and it will basically check that the node where puppet runs
matches a macaddress in the FencingConfig table and will create the
stonith class in such a case. Compute nodes cannot invoke the pcs command
so the stonith devices for them need to be created on a controller and
they need the fencing information (node name + fencing info)

Jiri Stransky and I discussed this a bit and thought that it would be
best to bring it on the ML first to see if other people have opinions on
how to tackle this problem. Ideally we would have the FencingConfig info
above amended with the hostname of the node and then we could implement
the fencing for controllers + compute nodes in one of the steps in
overcloud_controller_pacemaker.pp.

Right now, one approach I am toying with is by tweaking
extraconfig/all_nodes/mac_hostname.yaml and then on a controller
parse the macaddresses + hostname and execute the pcs stonith commands
on a controller. It's quite hacky though, so am looking for other input
on this.

cheers,
Michele
-- 
Michele Baldessari            
C2A5 9DA3 9961 4FFB E01B  D0BC DDD4 DCCB 7515

More information about the OpenStack-dev mailing list