my options are getting very limited very fast on what agent to use with my 2 Node RHEL 7 VM Cluster.
fence_vmware_soap "plug id"?
I have a ESX resource cluster of 7 blades being managed by a Vsphere 6.0 server. I found the blade that the Cluster VM(s) is housed on. WTF is the plug id (sorry for the frustration) being asked for on the command line for the fence_vmware_soap agent.
I have tried to use a iscsi target being presented by a external host, but as I have tried to use iscsiadm to discover the tartget, I get connection refused.
Cant use fence_scsi because the fence_scsi on VMware shared virtual disk does not support scsi-3.
I don't see a plug id option? What fence-agent version are you using? This is the output from 4.0.11-27 of fence-agents-vmware-soap.x86_64.
# pcs stonith describe fence_vmware_soap
fence_vmware_soap - Fence agent for VMWare over SOAP API
fence_vmware_soap is an I/O Fencing agent which can be used with the virtual machines managed by VMWare products that have SOAP API v4.1+.
.P
Name of virtual machine (-n / port) has to be used in inventory path format (e.g. /datacenter/vm/Discovered virtual machine/myMachine). In the cases when name of yours VM is unique you can use it instead. Alternatively you can always use UUID to access virtual machine.
Stonith options:
ipport: TCP/UDP port to use for connection with device
notls: Disable TLS negotiation, force SSL 3.0
ssl_secure: SSL connection with verifying fence device's certificate
port (required): Physical plug number, name of virtual machine or UUID
inet6_only: Forces agent to use IPv6 addresses only
ipaddr (required): IP Address or Hostname
inet4_only: Forces agent to use IPv4 addresses only
passwd_script: Script to retrieve password
passwd: Login password or passphrase
ssl: SSL connection
ssl_insecure: SSL connection without verifying fence device's certificate
action (required): Fencing Action
login (required): Login Name
verbose: Verbose mode
debug: Write debug information to given file
version: Display version information and exit
help: Display help and exit
separator: Separator for CSV created by operation list
power_wait: Wait X seconds after issuing ON/OFF
login_timeout: Wait X seconds for cmd prompt after login
power_timeout: Test X seconds for status change after ON/OFF
delay: Wait X seconds before fencing is started
shell_timeout: Wait X seconds for cmd prompt after issuing command
retry_on: Count of attempts to retry power on
priority: The priority of the stonith resource. Devices are tried in order of highest priority to lowest.
pcmk_host_map: A mapping of host names to ports numbers for devices that do not support host names.
pcmk_host_list: A list of machines controlled by this device (Optional unless pcmk_host_check=static-list).
pcmk_host_check: How to determine which machines are controlled by the device.
pcmk_delay_max: Enable random delay for stonith actions and specify the maximum of random delay
Well, that's whats frustrating about Linux so far. The agent doesn't require it, but, the PaceMaker framework does. Finally had to submit a Support ticket to RHEL, and the Plug id is whats returned when you query the VM server, basically, the UUID of the VM residing on ESX server.
Pacemaker is new in RHEL7 and is not well documented by Red Hat and the community site uses different commands/syntax so not much carries over cleanly. Pacemaker can be a pain to configure but it works very well once going and does the job it is designed to do very well. That being said, I haven't found a use case where I would use it on VM's.
Stonith/fencing is a vital part of pacemaker, but if you are just testing you can disable it and the resources will start without it.