Fencing KVM

[megap]

Hi!

I'm configuring a 3 node HA cluster.

Somebody knows if is possible to fence a KVM?

I am contemplating the possibility to autodetect when a KVM is freeze and unresponsive, if it exists some fencing method to do a KVM restart in the same node or another node in the cluster.

Looking some info, I found something about fence_pve ( https://www.mankier.com/8/fence_pve )but I don't know how to use, I get some errors:

 fence_pve -o reboot -a 192.168.1.217 -l user -p pass -n pvevm:100 -N node2 -vINFO:root:Delay 0 second(s) before logging in to the fence device
DEBUG:root:URL: https://192.168.1.217:8006/api2/json/access/ticket
* About to connect() to 192.168.1.217 port 8006 (#0)
*   Trying 192.168.1.217...
* connected
* Connected to 192.168.1.217 (192.168.1.217) port 8006 (#0)
* found 172 certificates in /etc/ssl/certs/ca-certificates.crt
*        server certificate verification SKIPPED
*        common name: node2.nodes.net (does not match '192.168.1.217')
*        server certificate expiration date OK
*        server certificate activation date OK
*        certificate public key: RSA
*        certificate version: #3
*        subject: OU=PVE Cluster Node,O=Proxmox Virtual Environment,CN=node2.nodes.net
*        start date: Sat, 23 May 2015 08:27:28 GMT


*        expire date: Tue, 20 May 2025 08:27:28 GMT


*        issuer: CN=Proxmox Virtual Environment,OU=514e331b5abdfd0fd42c3b474cd2ca8f,O=PVE Cluster Manager CA
*        compression: NULL
*        cipher: AES-128-CBC
*        MAC: SHA1
> POST /api2/json/access/ticket HTTP/1.1
User-Agent: PycURL/7.24.0
Host: 192.168.1.217:8006
Accept: */*
Content-Length: 28
Content-Type: application/x-www-form-urlencoded


* upload completely sent off: 28 out of 28 bytes
* additional stuff not fine transfer.c:1037: 0 0
* additional stuff not fine transfer.c:1037: 0 0
* additional stuff not fine transfer.c:1037: 0 0
* additional stuff not fine transfer.c:1037: 0 0
* Operation timed out after 3001 milliseconds with 0 bytes received
* Closing connection #0
ERROR:root:Connection failed
ERROR:root:Unable to connect/login to fencing device

Somebody can help me if fence_pve is the method I need or what I can to use?

Best regards.

 

[LnxBil]

I could only log in using root to fence, any other user i tried was not able to fence, status yes, but fencing no.

I can use this from inside my test pve cluster

fence_pve --ip=pve-hostname --username=root@pam --password=PASSWORD --action=status --plug=30000
Status: ON

or

fence_pve --ip=pve-hostname --username=root@pam --password=PASSWORD --action=reboot --plug=30000
Success: Rebooted

 

[megap]

Hi LnxBil.

Your sentence is wornking. I need to add @pam to the user.

Do you know some method to auto detect some KVM freezed and restart it?

Best regards.
D. Galera.

 

[LnxBil]

Consider using a watchdog (see https://pve.proxmox.com/wiki/Manual:_vm.conf)

 

[megap]

Thank you!

I'm going to investigate!