Hello, I'm researching HA in Proxmox and came across the concept of fencing. I understand that it isolates a node from a cluster when it's faulty, but I don't quite grasp its real significance. I saw an example involving shared storage, but I didn't understand how fencing protects my cluster.
Fencing HA
- Thread starter CedricKid
- Start date
Hi @CedricKid ,
Your post contains no question marks "?" , i.e. there is no specific question in there. It seems like you are confused about HA Fencing and are looking for more information. Here are a few resources that may be helpful to review:
https://access.redhat.com/documenta..._availability_add-on_overview/s1-fencing-haao
https://clusterlabs.org/pacemaker/doc/2.1/Pacemaker_Explained/html/fencing.html
https://clusterlabs.org/pacemaker/doc/crm_fencing.html
https://documentation.suse.com/sle-ha/12-SP5/html/SLE-HA-all/cha-ha-fencing.html
Or, perhaps this may be helpful:
Imagine you are making soup with your roommate. You are constantly communicating and coordinating how much salt to add into the pot.
At some point, your roommate is not answering the phone and you have to run out. There is a chance that the roommate will come and add salt, which you just did. Because there is no communication, you need to prevent your roommate from adding salt. So you lock the door with a key they don't have. You fenced them from the soup.
Soup is the shared resource that must only be accessed in coordination with other stakeholders. Fencing prevents non-coordinated access, which can otherwise lead to data loss/corruption.
Blockbridge : Ultra low latency all-NVME shared storage for Proxmox - https://www.blockbridge.com/proxmox
Your post contains no question marks "?" , i.e. there is no specific question in there. It seems like you are confused about HA Fencing and are looking for more information. Here are a few resources that may be helpful to review:
https://access.redhat.com/documenta..._availability_add-on_overview/s1-fencing-haao
https://clusterlabs.org/pacemaker/doc/2.1/Pacemaker_Explained/html/fencing.html
https://clusterlabs.org/pacemaker/doc/crm_fencing.html
https://documentation.suse.com/sle-ha/12-SP5/html/SLE-HA-all/cha-ha-fencing.html
Or, perhaps this may be helpful:
Imagine you are making soup with your roommate. You are constantly communicating and coordinating how much salt to add into the pot.
At some point, your roommate is not answering the phone and you have to run out. There is a chance that the roommate will come and add salt, which you just did. Because there is no communication, you need to prevent your roommate from adding salt. So you lock the door with a key they don't have. You fenced them from the soup.
Soup is the shared resource that must only be accessed in coordination with other stakeholders. Fencing prevents non-coordinated access, which can otherwise lead to data loss/corruption.
Blockbridge : Ultra low latency all-NVME shared storage for Proxmox - https://www.blockbridge.com/proxmox
Last edited:
Okay, thank you. The example is very clear. So, in the context of Proxmox, for instance, could we encounter an issue with shared Ceph storage? For example, if my PVE2, which can no longer communicate, creates a 50GB VM, would the other PVE nodes not see that 50GB has been taken? Could this potentially lead to unintentional simultaneous access to shared resources ?
Last edited:
No, you will not encounter this issue if you have a properly configured cluster. I.e. don't try to circumvent a supported configuration.
If it can't communicate - it will not be able to create a VM or a disk. The Proxmox cluster architecture will block that attempt.
There are many fences (pun intended) in place to prevent this from happening. If you intentionally circumvent them - that is not a PVE problem.
Blockbridge : Ultra low latency all-NVME shared storage for Proxmox - https://www.blockbridge.com/proxmox