How to configure fence_ipmilan with Red Hat Enterprise Linux High Availability Pacemaker Add On

Solution Verified - Updated 15 Aug 2025

Environment

Red Hat Enterprise Linux Server 6 (with the Pacemaker High Availability Add on)
Red Hat Enterprise Linux Server 7 (with the Pacemaker High Availability Add on)
Red Hat Enterprise Linux Server 8 (with the Pacemaker High Availability Add on)
Red Hat Enterprise Linux Server 9 (with the Pacemaker High Availability Add on)

For rgmanager-style clusters please refer to Solution 54843

Issue

How do you configure an ILO 3, 4, 5 or 6 fence device for Red Hat Enterprise Linux Pacemaker clustering?

Resolution

To prevent graceful shutdown,
- on RHEL 6: Stop and disable the acpid daemon as in the article High Availability Cluster nodes shutdown gracefully rather than powering off when fenced in RHEL
- on RHEL 7, 8 and 9: Disable power-key handling as described in the solution Fencing fails in a RHEL 7, 8, 9 High Availability cluster because systemd initiates a graceful shutdown
Ensure UDP port 623 is opened in network , and is whitelisted for bidirectional communication between the source(nodeip) and the destination(ilo/idrac) .
In the BMC web console (e.g. HP iLO, Dell iDRAC), look for a setting with a name "Enable IPMI over LAN" and enable it.
Check if necessary privileges are set for the fence user , Either Administrator privileges or Custom privileges with at least permissions , Remote Console Access and Remote Server Power/Restart Access enabled.

Verify that the device is reachable via ipmi:

  # fence_ipmilan -a <ilo/drac/imm_ip> -P -l <ilo/drac/imm_username> -p <ilo/drac/imm_password> -o status

The desired output is:
```
  Chassis Power is on
```
Testing ipmi interaction using the time command will inform us of the time it took to connect to the device. This is useful when setting timeouts in stonith:
```
  # time fence_ipmilan -a <ilo/drac/imm_ip> -P -l <ilo/drac/imm_username> -p <ilo/drac/imm_password> -o status
```

Options used in fence_ipmilan. For full list of options run fence_ipmilan -h.

  Usage:
          fence_ipmilan [options]
  Options:
     -a, --ip=[ip]                  IP address or hostname of fencing device
     -l, --username=[name]          Login name
     -p, --password=[password]      Login password or passphrase
     -P, --lanplus                  Use Lanplus to improve security of connection
     -o, --action=[action]          Action: status, reboot (default), off or on

Create stonith device in pacemaker using command below:

  # pcs stonith create ipmi-fence-node1 fence_ipmilan pcmk_host_list="node1" ipaddr="10.0.0.1" login="xxx" passwd="xxx" lanplus=1  power_wait=4

To check the configuration of 'ipmi-fence-node1' stonith device in pacemaker use command below:

  # pcs stonith show ipmi-fence-node1
   Resource: ipmi-fence-node1 (class=stonith type=fence_ipmilan)
    Attributes: pcmk_host_list=node1 ipaddr=10.0.0.1 login=xxx passwd=xxx lanplus=1 power_wait=4
    Operations: monitor interval=60s (ipmi-fence-node1-monitor-interval-60s)

To list configured stonith devices in pacemaker use command below:

  # pcs stonith show
  ipmi-fence-node1        (stonith:fence_ipmilan):        Started node1
  ipmi-fence-node2        (stonith:fence_ipmilan):        Started node2

After creating the stonith devices Test the fencing to ensure that it is working properly

SBR

Clusterha

Product(s)

Red Hat Enterprise Linux

Components

cluster

Category

Configure

Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.