When do we need HARDWARE fencing?

robertut

Member
Sep 20, 2022
55
13
13
I've read about fencing and I need a bit of clarification.
The docs emphasise that fencing is needed to prevent any case when the same VM would be ran independently by multiple nodes from the same shared storage, which could lead into severe data corruption inside VM.

My question is: when do we have to take care of this? More precisely, when can this happen at all?
  • using a shared storage like NFS? I think yes.
  • using CEPH served by the nodes themselves?
  • using replication between local storage of the nodes?
In the latter two cases, is there a chance to really run into trouble?

So more concisely, is fencing something required/recommended only with shared storage?
 
Wait... is this true?

Hi Francis,

AFAIK, fencing was only possible up to Version 3.4 of Proxmox VE. Since 4.0 it's not possible to use any hardware fencing devices.

The only occurence of "fence.cfg" in the source code is in https://git.proxmox.com/?p=pve-cluster.git;a=blob;f=data/PVE/Cluster.pm#l68 - I am not sure about this but it looks like it was not reimplented since then.

QDevice is the way to go for a two node cluster.

Best regards,
Marco

No more hardware fencing? I'm sorry, I only started using Proxmox since version 7, but I got confused.

The FIRST hit Google throws when I search for keywords "proxmox fencing" is this: https://pve.proxmox.com/wiki/Fencing
I agree it has on top a sentence "Note: This article is about the previous Proxmox VE 3.x releases " but:
  • that doesn't mean it's completely invalid for newer Proxmox releases
  • the note can be hardly seen, should be more obvious
Or better, please remove the complete article as I see, searching thoriugh this entire forum that many people stilll think this is something valid for the current release of Proxmox.
  • Moreover, the current docs say:
Possible Fencing Methods
  • external power switches
  • isolate nodes by disabling complete network traffic on the switch
  • self fencing using watchdog timers

with no details about the first two, or, what's in the wiki seems to be invalid?
 
Last edited:
Hi,
How come this was never answered?
while i cannot say why this wasn't answered at the time. i can try to answer some things from the post

with the introduction of PVE 4, the HA stack changed as a whole, and fencing is only done now with the watchdog self-fencing. the old wiki article was kept up so users of those older versions still had a reference.
the (current) explanation and docs to fencing can be found here: https://pve.proxmox.com/wiki/High_Availability#ha_manager_fencing
 
  • Like
Reactions: totalizator
Thank you so much for the explanation. It's very easy to miss these changes as probably most folks googling pve fencing get redirected to the obsolete PVE3 wiki page.

This is exactly what I was looking for:

By default, all hardware watchdog modules are blocked for security reasons. They are like a loaded gun if not correctly initialized. To enable a hardware watchdog, you need to specify the module to load in /etc/default/pve-ha-manager