How to configure fence_ipmilan with Red Hat Enterprise Linux High Availability Add On

Solution Verified - Updated 7 Aug 2024

Environment

Red Hat Enterprise Linux Server 5 (with the High Availability Add on)
Red Hat Enterprise Linux Server 6 (with the High Availability Add on)

For pacemaker cluster please refer to Solution 2271811.

Issue

How do you configure an ILO 3 or 4 fence device for Red Hat Enterprise Linux Clustering?
How do you configure a iDrac fence device for Red Hat Enterprise Linux Clustering?
How do you configure an IBM IMM fence device for Red Hat Enterprise Linux Clustering?
My fences fail with:

fence node2 dev 0.0 agent fence_ipmilan result: error from agent

Resolution

Stop and disable the acpid daemon (more information can be found in the article High Availability Cluster nodes shutdown gracefully rather than powering off when fenced in RHEL):

    $ service acpid stop; chkconfig acpid off

Ensure UDP port 623 is opened in firewall.
Ensure fence device IP / username / password used in the /etc/cluster/cluster.conf file is correct. (This is applicable when fence_node node-name command fails with the mentioned error.)
Test ipmi interaction with device:

    $ fence_ipmilan -a <ilo/drac/imm_ip> -P -l <ilo/drac/imm_username> -p <ilo/drac/imm_password> -o status

The desired output is:

    Chassis Power is on

Options used in fence_ipmilan. For full list of options run fence_ipmilan -h.

Usage:
        fence_ipmilan [options]
Options:
   -a, --ip=[ip]                  IP address or hostname of fencing device
   -l, --username=[name]          Login name
   -p, --password=[password]      Login password or passphrase
   -P, --lanplus                  Use Lanplus to improve security of connection
   -o, --action=[action]          Action: status, reboot (default), off or on

Edit the /etc/cluster/cluster.conf to add the fence device:

    <?xml version="1.0"?>                                                                                                                                                                
    <cluster alias="rh5nodesThree" config_version="32" name="rh5nodesThree">
        <fence_daemon clean_start="0" post_fail_delay="1" post_join_delay="3"/>
        <clusternodes>
            <clusternode name="rh5node1.examplerh.com" nodeid="1" votes="1">
                <fence>
                    <method name="1">
                        <device name="device_node1"/>
                    </method>
                </fence>
            </clusternode>
            <clusternode name="rh5node2.examplerh.com" nodeid="2" votes="1">
                <fence>
                    <method name="2">
                        <device name="device_node2"/>
                    </method>
                </fence>
            </clusternode>
            <clusternode name="rh5node3.examplerh.com" nodeid="3" votes="1">
                <fence>
                    <method name="3">
                        <device name="device_node3"/>
                    </method>
                </fence>
            </clusternode>
        </clusternodes>
        <cman expected_votes="3">
            <multicast addr="229.5.1.1"/>
        </cman>
        <fencedevices>
            <fencedevice agent="fence_ipmilan" ipaddr="XX.XX.XX.XX" login="username" name="device_node1" passwd="password"  lanplus="1" power_wait="4"/>
            <fencedevice agent="fence_ipmilan" ipaddr="XX.XX.XX.XX" login="username" name="device_node2" passwd="password"  lanplus="1" power_wait="4"/>
            <fencedevice agent="fence_ipmilan" ipaddr="XX.XX.XX.XX" login="username" name="device_node3" passwd="password"  lanplus="1" power_wait="4"/>
        </fencedevices>
        <rm>
            <failoverdomains/>
            <resources/>
        </rm>
    </cluster>

Some IPMI devices require use of lanplus for communication. To enable lanplus put lanplus="1" into fencing device configuration.
Once the entry for fence_ipmilan agent is made in cluster.conf file as shown above, please increment the config_version in cluster.conf by 1 and propagate the updated cluster.conf file to all the nodes using steps described in following article:

How can I propagate changes I've made to /etc/cluster/cluster.conf to all the nodes in my cluster?
Test that fencing is successful. From node1 attempt to fence node2 as follows:

    $ fence_node node2

For a complete list of options you can use with fence_ipmilan, see the fence_ipmilan(8) man page. See the "STDIN PARAMETERS" section there to see how the options for the command translate to attributes in the cluster.conf XML:

# man fence_ipmilan

For more information on fencing cluster nodes manually, see How do you manually call fencing agents from the command line?

Root Cause

Support for the iLO3 fence device has been added to the fence_ipmilan fence device in the following errata. The iLO3 firmware should be a minimum of 1.15 as provided by HP.
iLO version 3 and 4 require a power_wait of 4 or more seconds.
For Dell machines with DRAC5 cards you'll want to use fence_drac5
For Dell machines with DRAC4 or older you'll want to use fence_drac
For IBM Machines see What fence device to use with IBM 3650X series m2/m4 model servers? and This content is not included.fence_rsa failed to fence a node which has a Integrated Management Module (IMM) fence device..

SBR

Clusterha

Product(s)

Red Hat Enterprise Linux

Components

cluster

Category

Troubleshoot

Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.