proxmox 3.4 cluster fencing vs ilo4

[coppola_f]

guys,
i'm going to complete configuration using 2 hp dl380 gen9 servers with sas storage and multipath (thanks to adamb for some suggestions on multipathing over sas!)

now testing fencing with poor results....

my fencing settings for nodes are as follows:

name="ipmi_fence_node2" power_wait="5" login="Administrator" passwd="xxxxxxxx" lanplus="1" cipher="3" agent="fence_ilo4" ipaddr="10.30.6.xx"

when i try to manually fence the node

fence_node pve-node2

this is the result:

fence pve-node2 dev 0.0 agent fence_ilo4 result: error from agent
agent args: action=reboot nodename=pve-node2 agent=fence_ilo4 ipaddr=10.30.6.xx login=Administrator passwd=xxxxxxxxxxxxx lanplus=1 cipher=3 power_wait=5
fence pve-node2 failed


i've tested fence_ipmilan agent also with same results..

if i try to operate with fence_ipmilan from an ubuntu linux box, i'm able to make node reboot (without specification of the cipher suite!) using this command line:

fence_ipmilan -v -P -T 4 -a 10.30.6.87 -l Administrator -p xxxxxxxx -o reboot

i've found difference between ipmitool between proxmox and ubuntu

proxmox
ipmitool -V --> returns v.1.8.11
ubuntu
ipmitool -V --> returns v.1.8.13

any suggestion?!?

many thanks

Francesco

 

[adamb]

Can you provide your entire cluster.conf?

Here is a fence device line from one of my working clusters.

<fencedevice agent="fence_ilo4" ipaddr="10.80.8.102" lanplus="1" login="fence" name="ipmi1" passwd="7fprjMLc" power_wait="5"/>

I like to test by just getting the status instead of a reboot, like below.

fence_ilo4 -P -C 3 -l fence -p 7fprjMLc -a 10.80.8.102 -o status

I also want to mention that iLO fencing is not 100%. If the server which fails has no power, the fence action will fail and the cluster will not failover. To be 100% you should use something like a switchable APC PDU along with the iLO's. That way your covered in all aspects of a failover.

 

[coppola_f]

Adam,

you'll find the full cluster.conf file below (only password have been masked):


<?xml version="1.0"?>
<cluster name="pve-cluster" config_version="7">

<cman two_node="1" expected_votes="1" keyfile="/var/lib/pve-cluster/corosync.authkey">
</cman>

<clusternodes>
<clusternode name="pve-node1" votes="1" nodeid="1">
<fence>
<method name="1">
<device name="ipmi_fence_node1" action="reboot"/>
</method>
</fence>
</clusternode>
<clusternode name="pve-node2" votes="1" nodeid="2">
<fence>
<method name="1">
<device name="ipmi_fence_node2" action="reboot"/>
</method>
</fence>
</clusternode>
</clusternodes>

<fencedevices>
<fencedevice agent="fence_ilo4" ipaddr="10.30.6.87" login="administrator" name="ipmi_fence_node1" passwd="xxxxxxxxxxxx" lanplus="1" cipher="1" power_wait="5"/>
<fencedevice agent="fence_ilo4" ipaddr="10.30.6.88" login="administrator" name="ipmi_fence_node2" passwd="xxxxxxxxxxxx" lanplus="1" cipher="1" power_wait="5"/>
</fencedevices>

</cluster>

PS: here you find cipher set to 1, i've also tested with this value set to 3....

as i've already told before,
my suspects are in ipmitool package version (1.8.11 on proxmox vs 1.8.13 on ubuntu)

btw,
waiting your suggestions!!

many thanks again for your time!!

regards,
Ffrancesco

 

[adamb]

I doubt that as I am having no issues with 1.8.11 on many many clusters. I am using a cipher of 3 and its definitely required for things to work.

 

[coppola_f]

ok,
i'll try later this afternoon!!
(i'm out of office for field support to customers!)

many thanks

Francesco

 

[coppola_f]

Adam,

made some more testing...
without success....

actually the units are not running in production env but still in our lab for preconfiguration so......

i've choosen to completely rebuild the units and re-do all configs (from os to storage, multipath, fencing cluster and so on....)

now all is working fine!
it seems some test or setting we've done in the previous configuration run....
may have introduced the error!!

now
fence_check returns success on both nodes!!

many many thanks again for your time and extreme courtesy!!!

my best regards,
Francesco