Knowledge Base
linbit.com Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage
  1. Knowledge Base Topics
  2. /
  3. Pacemaker Stack
  4. /
  5. STONITH
  6. /
  7. Enabling STONITH in a VMware Guest Cluster

Enabling STONITH in a VMware Guest Cluster

This article will guide you through enabling STONITH/fencing in a VMware guest cluster using the fence_vmware_soap API.

Presently, for fencing VMware VMs, we suggest the fence_vmware_soap agent. This utilizes the VMware SOAP API. There is also a fence_vmware_rest stonith agent that utilizes the REST API. Both are currently maintained and should work. We are just more familiar with the SOAP stonith agent as it is the older of the two.

Firstly call the stonith agent directly from a cluster node to confirm communication with the hypervisor.

# fence_vmware_soap -a <vcenter_ip> -l <center_username> -p <vcenter_passwd> --ssl-insecure -o list

This will output all the VMs running, and from within this output you should be able to find the cluster nodes. Note these names because they will be needed for the next step.

When confirmed, configure the stonith resources within the cluster.

# crm configure primitive st_vmware_soap stonith:fence_vmware_soap \
   params ipaddr=<vcenter_ip> login=<center_username> \
   passwd=<vcenter_passwd> ssl=1 \
   pcmk_host_map=><pacemaker_node_nameA:vcenter_vmware_nameA;pacemaker_node_nameB:vcenter_vmware_nameB> \
   op start interval=0 timeout=60 \
   op stop interval=0 timeout=60 \
   op monitor interval=1800 timeout=60

Assuming that resource started without issue, then test actual fencing and verify both nodes get rebooted.

# crm node fence <pacemaker_node_nameA>

Reviewed 2020/12/01 - DGT