Ubuntu HA - Pacemaker Fence Agents Supportability

Ubuntu HA - Pacemaker Fence Agents Supportability

After discussions among Ubuntu Developers, it was decided that Ubuntu project should focus in splitting all existing Pacemaker Fence Agents into different categories:

  • Fence Agents: [main]
  • Fence Agents: [universe]
  • Fence Agents: [universe]-community
  • Fence Agents: [non-supported]
  • Fence Agents: [deprecated]

Note: There is a current plan to split fence agents into different packages so supported agents can be installed independently.

Fence Agents: [main]

Agents in this list are supported just like any other package available in [main] repository would be.

FENCE AGENT FENCE AGENT DESCRIPTION EXTRA DESCRIPTION

POWER FENCING AGENTS

fence_ipmilan IPMI controlled machines
fence_ilo3 symlink to fence_ipmilan
fence_ilo4 symlink to fence_ipmilan
fence_ilo5 symlink to fence_ipmilan
fence_imm symlink to fence_ipmilan
fence_idrac symlink to fence_ipmilan

STORAGE FENCING AGENTS

fence_mpath SCSI-3 persistent reservations to control mpath devs
fence_sbd SBD (shared storage) fencing
fence_scsi SCSI-3 persistent reservations

VIRTUALIZATION FENCING AGENTS

fence_virsh Libvirt managed virtual machines

Fence Agents: [universe]

Agents in this list are supported just like any other package available in [universe] repository would be.

FENCE AGENT FENCE AGENT DESCRIPTION EXTRA DESCRIPTION

GENERIC AGENTS

fence_dummy dummy fence agent (for testing)
fence_ack_manual override fencing operations manually
fence_kdump kdump crash recovery service (acks being in kdump)
fence_kdump_send - acks entered kdump crash recovery service (tool)

POWER FENCING AGENTS

fence_amt Intel AMT
fence_intelmodular Intel Modular device (Intel MFSYS25, MFSYS35)
fence_ilo HP servers with iLO
fence_ilo2 - symlink to fence_ilo
fence_ilo_ssh HP iLO devices through ssh
fence_ilo3_ssh - symlink to fence_ilo_ssh
fence_ilo4_ssh - symlink to fence_ilo_ssh
fence_ilo5_ssh - symlink to fence_ilo_ssh
fence_ilo_moonshot HP Moonshot iLO
fence_ilo_mp HP iLO MP
fence_hpblade HP BladeSystem and HP Integrity Superdome X
fence_cisco_ucs Cisco UCS (fence machines)
fence_alom Sun Microsystems ALOM
fence_bladecenter IBM BladeCenter (w/ telnet/ssh support)
fence_ipdu IBM iPDU (network power switch) over SNMP
fence_lpar IBM LPARs (using HMC)
fence_ibmblade IBM BladeCenter over SNMP
fence_rsa IBM RSA II management interface
fence_drac Dell remote access card
fence_drac5 Dell remote access card v5 or CMC (DRAC)
fence_hds_cb Hitachi Compute Blade systems
fence_rsb Fujitsu-Siemens RSB management interface

NETWORK FENCING AGENTS

fence_heuristics_ping uses ping-heuristics to exec other fence in same level
fence_ifmib Any SNMP IF-MIB device (ethernet switches w/ iSCSI)

STORAGE FENCING AGENTS

fence_cisco_mds Cisco MDS 9000 w/ SNMP enabled
fence_sanbox2 QLogic SANBox2 FC switches
fence_brocade Brocade FC switches (disables specified port)

VIRTUALIZATION FENCING AGENTS

fence_vmware VMware ESX ESXi virtual machines
fence_vmware_rest VMware virtual machines (w/ VMware API)
fence_vmware_soap VMware virtual machines (w/ SOAP API v4.1+)
fence_vmware_vcloud VMware virtual machines on VMware vCloud Director API

CLOUD FENCING AGENTS

fence_aws AWS (boto3 library)
fence_azure_arm Azure Resource Manager (Azure SDK for Python)
fence_compute OpenStack Nova
fence_evacuate OpenStack Nova
fence_openstack Fence OpenStack’s Nova (w/ python-novaclient)
fence_gce Google Cloud Engine (googleapiclient lib)

CONTAINERS FENCING AGENTS

fence_docker Docker engine containers

Fence Agents: [universe]-community

Agents in this list are only supported by the upstream community. All bugs opened against these agents will be forwarded to upstream IF makes sense (affected version is close to upstream).

FENCE AGENT FENCE AGENT DESCRIPTION EXTRA DESCRIPTION

POWER FENCING AGENTS

fence_apc APC network power switch
fence_apc_snmp APC network power switch or Tripplite PDU devices
fence_tripplite_snmp - symlink to fence_tripplite_snmp
fence_rdc_serial Serial cable to reset Motherboard switches
fence_eaton_snmp Eaton network power switch (SNMP)
fence_emerson Emerson MPX and MPH2 managed rack PDU
fence_eps ePowerSwitch 8M+
fence_netio Koukaam NETIO-230B PDU (telnet)
fence_powerman Powerman management utility (LLNL Systems)
fence_raritan Raritan Dominion PX (DPXS12-20 PDU)
fence_redfish Out-of-Band controllers supporting Redfish APIs
fence_wti WTI Network Power Switch (NPS)

VIRTUALIZATION FENCING AGENTS

fence_xenapi Citrix Xen Server over XenAPI
fence_vbox VirtualBox virtual machines
fence_pve Proxmox Virtual Environment
fence_zvm Power fencing on GFS VM in z/VM cluster (z/VM SMAPI)
fence_zvmip z/VM virtual machines (z/VM SMAPI via TCP/IP)

CLOUD FENCING AGENTS

fence_ovh OVH Cloud Data Centers
fence_aliyun Aliyun

Fence Agents: [non-supported]

Agents in this list are NOT supported in Ubuntu and might be removed in future Ubuntu HA versions.

FENCE AGENT

FENCE AGENT DESCRIPTION

EXTRA DESCRIPTION
fence_ironic OpenStack’s Ironic (not intended for production)
fence_rhevm RHEV-M REST API to fence virtual machines
fence_ldom Sun Microsystems Logical Domain virtual machines

Fence Agents: [deprecated]

Agents in this list are NOT supported in Ubuntu OR Upstream (due to being deprecated in favor of other agents) and might be removed in future Ubuntu HA versions.

FENCE AGENT

FENCE AGENT DESCRIPTION

EXTRA DESCRIPTION
N/A N/A N/A

Almost all feedback I just provided for resource-agent applies here as well - let us discuss and resolve it as one in the discussion there.

Seeing a third column “Extra Description” here already, is there any chance we can have a vertical line between table-cells for better readability?

For the actual initial categorization I’ll have to leave that to you as you are deeper into these than I am. A few minor questions thou:

  • fence_tripplite_snmp - symlink to fence_tripplite_snmp
    Isn’t that a link to itself? Is there an entry missing?
  • what makes you choose fence_lpar and fence_zvm into different groups?
  • are hpblade and bladecenter as well as hds_cb and others still really a thing to put so high up these days?
  • fence_apc would that be responsible for the common battery-packs used in home environments? If so shouldn’t this be grouped up higher for the community needing this probably often?

I realized most of above probably will be answered by my general request to add a “why” statement for the classification. But I hope that gave you a good idea what kind of clarifications I’d have in mind.

Unfortunately not. I have spent significant amount of time trying to make better formatted tables, including trying to embed gsheets, trying to use html+css, trying to customize html within this markdown setup, and this was the best I could extract from discourse.

No, fence_tripplite_snmp is a symlink to fence_apc_snmp. Will fix.

As explained in resource-agents-supportability page, I considered the session [universe]-community a session to be supported by Ubuntu community/project forwarding issues to upstream maintainers directly, without much investigation on our side. Of course this would only work for versions close to -devel, but at least is something.

The main reason I did not include the z/VM fencing agents in the regular [universe] session, the one where Ubuntu community would try to investigate the issue and help out in an opened bug, like the LPAR fence agent, because the z/VM fencing agents require z/VM SMAPI user configuration/setup.

It is extremely error-prone to configure z/VM SMAPI in a functional way. An example of that is previous attempts from IBM to deliver the SMAPI already configured by default (on z/VM SSI installation) and/or by services. I don’t think Ubuntu project should any attempt of debugging an issue here, just forward to IBM upstream.

LPAR agent is easier to be supported as there isn’t complicated intermediate RPC services like the ones provided by z/VM SMAPI user.

There things to be decided here:

  • Should all vendor provided fencing agents be supported by Ubuntu community at all ? Is this something expected from UA ?

  • Should we just forward issues with vendor specific agents to upstream (clusterlabs and/or vendor agent developers ?)

  • Lots of issues will probably be fixed by unrelated (to the agent development) people simply because they are too old.

I had doubts about all “vendor specific” agents but, at the same time, it is very common for Linux vendors to provide support in a “generic” (best effort ?) way for those (the most used ones).

It is the regular APC network power switch controlled by ssh with a switch number for a device and yes, it probably makes sense to have it at least in [universe].

After we discuss all the types of binary packages and how they will be supported, I can re-classify this based in our final agreement.