fence_xvm -o list command timed out when Firewalld is running

Solution Verified - Updated

Environment

  • Red Hat Enterprise Linux 8 (with the High Availability Add on)
  • Pacemaker

Issue

  • fence_xvm -o list command getting time-out
  • Unable to list the KVM VMs list

Resolution

  • On KVM Host, add following port in libvirt zone and reload the firewalld daemon.
firewall-cmd --add-port=1229/udp --permanent --zone=libvirt
firewall-cmd --reload
  • Confirm above mentioned port has been added in libvirt zone or not,
[root@rhvnode rhvuser]# firewall-cmd --list-ports --zone=libvirt
1229/udp
[root@rhvnode rhvuser]#

** Note: on RHEL 7 or later, Ensure port 1229 is added in fence_virt conf file and libvirt zone in firewalld configuration.

For more details refer How to configure fence agent 'fence_xvm' in RHEL cluster

Root Cause

  • When fence_virt package is installed it adds the libvirt zone in firewalld config.
  • Also upon checking the fence_virt.conf file, it's using libvirt module as a backend so add UDP/1229 port in libvirt zone in firewalld config.

Diagnostic Steps

  • Sample fence-virt conf file,
[root@rhvnode rhvuser]# cat /etc/fence_virt.conf
backends {
	libvirt {
		uri = "qemu:///system";
	}

}

listeners {
	multicast {
		port = "1229";
		family = "ipv4";
		interface = "virbr0";
		address = "225.0.0.12";
		key_file = "/etc/cluster/fence_xvm.key";
	}

}

fence_virtd {
	module_path = "/usr/lib64/fence-virt/";
	backend = "libvirt";
	listener = "multicast";
}

[root@rhvnode rhvuser]#
  • Get firewall zones,
[root@rhvnode rhvuser]# firewall-cmd --get-zones
block dmz drop external home internal libvirt nm-shared public trusted work
[root@rhvnode rhvuser]#
  • Check if libvirt zone is active or not
[root@rhvnode rhvuser]# firewall-cmd --get-active-zones
libvirt
  interfaces: virbr0 
[root@rhvnode rhvuser]#
  • Check UDP port 1229 is open in firewalld,
[root@rhvnode rhvuser]# firewall-cmd --list-all
libvirt (active)
  target: ACCEPT
  icmp-block-inversion: no
  interfaces: virbr0
  sources: 
  services: dhcp dhcpv6 dns ssh tftp
  ports: 1229/udp
  protocols: icmp ipv6-icmp
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 
[root@rhvnode rhvuser]#
  • Once required port added in libvirt zone, fence_xvm -o list command able to list the VMs,
[root@rhvnode]# fence_xvm -o list
rhel_8_4_test1                   b2252ed7-dc1c-4268-b767-b94b222467df off
rhel_8_4_test2                   82329cd7-85ca-4d34-867a-107e53f8704f off
[root@rhvnode]#
SBR
Product(s)
Components
Category
Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.