我们可以通过fence_vmware命令连接到vCenter来fence vCenter管理的虚拟机.
本文将简单的描述一下fence_vmware的使用, 以及/etc/cluster/cluster.conf的配置.
命令行帮助如下 :
[root@digoal_02 soft_bak]# fence_vmware --help
Usage:
fence_vmware [options]
Options:
-o, --action=<action> Action: status, reboot (default), off or on
-a, --ip=<ip> IP address or hostname of fencing device
-l, --username=<name> Login name
-p, --password=<password> Login password or passphrase
-S, --password-script=<script> Script to run to retrieve password
-n, --plug=<id> Physical plug number on device or
name of virtual machine
-e, --exec=<command> Command to execute
-d, --vmware_type=<type> Type of VMware to connect
-x, --ssh Use ssh connection
-k, --identity-file=<filename> Identity file (private key) for ssh
-s, --vmware-datacenter=<dc> VMWare datacenter filter
-v, --verbose Verbose mode
-D, --debug-file=<debugfile> Debugging to output file
-V, --version Output version information and exit
-h, --help Display this help and exit
-C, --separator=<char> Separator for CSV created by 'list' operation
--power-timeout <seconds> Test X seconds for status change after ON/OFF
--shell-timeout <seconds> Wait X seconds for cmd prompt after issuing command
--login-timeout <seconds> Wait X seconds for cmd prompt after login
--power-wait <seconds> Wait X seconds after issuing ON/OFF
--delay <seconds> Wait X seconds before fencing is started
--retry-on <attempts> Count of attempts to retry power on
[root@digoal_02 soft_bak]# fence_vmware_helper --help
Synopsis: /usr/sbin/fence_vmware_helper OPTIONS
Command-specific options:
--datacenter
The name of the datacenter
--operation (default 'list')
The operation to perform (on,off,list,status). Operations on/off/status require name of the virtual machine
--vmname
The name of the virtual machine
Common VI options:
--config (variable VI_CONFIG)
Location of the VI Perl configuration file
--credstore (variable VI_CREDSTORE)
Name of the credential store file defaults to <HOME>/.vmware/credstore/vicredentials.xml on Linux and <APPDATA>/VMware/credstore/vicredentials.xml on Windows
--encoding (variable VI_ENCODING, default 'utf8')
Encoding: utf8, cp936 (Simplified Chinese), iso-8859-1 (German), shiftjis (Japanese)
--help
Display usage information for the script
--passthroughauth (variable VI_PASSTHROUGHAUTH)
Attempt to use pass-through authentication
--passthroughauthpackage (variable VI_PASSTHROUGHAUTHPACKAGE, default 'Negotiate')
Pass-through authentication negotiation package
--password (variable VI_PASSWORD)
Password
--portnumber (variable VI_PORTNUMBER)
Port used to connect to server
--protocol (variable VI_PROTOCOL, default 'https')
Protocol used to connect to server
--savesessionfile (variable VI_SAVESESSIONFILE)
File to save session ID/cookie to utilize
--server (variable VI_SERVER, default 'localhost')
VI server to connect to. Required if url is not present
--servicepath (variable VI_SERVICEPATH, default '/sdk/webService')
Service path used to connect to server
--sessionfile (variable VI_SESSIONFILE)
File containing session ID/cookie to utilize
--url (variable VI_URL)
VI SDK URL to connect to. Required if server is not present
--username (variable VI_USERNAME)
Username
--verbose (variable VI_VERBOSE)
Display additional debugging information
--version
Display version information for the script
fence_vmware需要依赖vSphere提供的SDK.
如果你还没有安装SDK, 使用fence_vmware时会报错如下 :
解决以上报错, 首先要根据环境中vSphere的版本, 下载对应的sdk.
[root@digoal_01 vmware-vsphere-cli-distrib]# fence_vmware -a 10.10.10.155 -l OU\\digoal -p digoal_123321 -o list
fence_vmware_helper returned Please install VI Perl API package to use this tool!
Perl error: Can't locate VMware/VIRuntime.pm in @INC (@INC contains: /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at (eval 1) line 1.
BEGIN failed--compilation aborted at (eval 1) line 1.
Please use '-h' for usage解决以上报错, 首先要根据环境中vSphere的版本, 下载对应的sdk.
例如5.5的for linux x86_64 sdk如下 :
https://my.vmware.com/web/vmware/info/slug/datacenter_cloud_infrastructure/vmware_vsphere/5_5#drivers_tools
执行vmware-install.pl安装SDK :
vSphere SDK for Perl - 64-bit Linux Installer
File size: 26 MB
File type: gz
Download Now Download Manager Name: VMware-vSphere-Perl-SDK-5.5.0-2043780.x86_64.tar.gz
Release Date: 2014-09-09
Build Number: 2043780
vSphere SDK for Perl - 64-bit Linux Installer
Download an SDK for 64-bit Linux environments that allows to create Perl scripts to automate vSphere management.
MD5SUM: acf30529e00783f4a06ff5ce3ec9545c
SHA1SUM: 909a64950f4310ed36ec435f8922e110f8abd097执行vmware-install.pl安装SDK :
[root@digoal_01 soft_bak]# tar -zxvf VMware-vSphere-Perl-SDK-5.5.0-2043780.x86_64.tar.gz
[root@digoal_01 soft_bak]# cd vmware-vsphere-cli-distrib/
[root@digoal_01 vmware-vsphere-cli-distrib]# ll
total 280
drwxr-xr-x 10 root root 4096 Aug 13 23:54 apps
drwxr-xr-x 2 root root 4096 Aug 13 23:54 bin
drwxr-xr-x 3 root root 4096 Aug 13 23:54 doc
drwxr-xr-x 2 root root 4096 Aug 13 23:54 etc
-r--r--r-- 1 root root 253803 Aug 13 23:54 FILES
drwxr-xr-x 29 root root 4096 Aug 13 23:54 lib
-r--r--r-- 1 root root 3340 Aug 13 23:54 Makefile.PL
drwxr-xr-x 2 root root 4096 Aug 13 23:54 man
drwxr-xr-x 2 root root 4096 Aug 13 23:54 resources
lrwxrwxrwx 1 root root 35 Sep 25 09:41 vmware-install.pl -> bin/vmware-uninstall-vSphere-CLI.pl
[root@digoal_01 vmware-vsphere-cli-distrib]# ./vmware-install.pl
Creating a new vSphere CLI installer database using the tar4 format.
Installing vSphere CLI 5.5.0 build-2043780 for Linux.
..............................
Do you accept? (yes/no) yes
Thank you.
This vSphere CLI installer includes precompiled Perl modules for RHEL.
Answering yes will install the precompiled modules, and answering no will
install from CPAN.
Do you want to install precompiled Perl modules for RHEL?
[yes]
In which directory do you want to install the executable files?
[/usr/bin]
Please wait while copying vSphere CLI files...
The installation of vSphere CLI 5.5.0 build-2043780 for Linux completed
successfully. You can decide to remove this software from your system at any
time by invoking the following command:
"/usr/bin/vmware-uninstall-vSphere-CLI.pl".
This installer has successfully installed both vSphere CLI and the vSphere SDK
for Perl.
The following Perl modules were found on the system but may be too old to work
with vSphere CLI:
version 0.78 or newer
Enjoy,
--the VMware team
现在就可以使用fence_vmware来列出账号授权的虚拟机.
10.10.10.155 是vCenter的地址
OU\\digoal 是账号(这里假设vCenter的认证是通过AD域来管理的, 需要加前缀, 两个反斜线来转义)
digoal_123321 是域账号OU\digoal的密码
-o list 列出用户授权的虚拟机(这里列出的虚拟机名称要被fence_vmware用于开关机)
-v 输出明细数据
使用-n 指定虚拟机, 查看状态.
修改/etc/cluster/cluster.conf, 注意递增config_version版本.
重启集群 :
[参考]
1.
http://www.it165.net/os/html/201307/5698.html
[root@digoal_01 ~]# fence_vmware -a 10.10.10.155 -l OU\\digoal -p digoal_123321 -o list -v
fence_vmware_helper --server 'digoal_01' --username 'OU\digoal' --password 'digoal_123321' --operation list
digoal_02:[FOR-VC] digoal_02/digoal_02.vmx:poweredOn:connected
digoal_01:[FOR-VC] digoal_01/digoal_01.vmx:poweredOn:connected
digoal_02,
digoal_01,使用-n 指定虚拟机, 查看状态.
[root@digoal_01 vmware-vsphere-cli-distrib]# fence_vmware -a 10.10.10.155 -l OU\\digoal -p digoal_123321 -n digoal_01 -o status -v
fence_vmware_helper --server 'digoal_01' --username 'OU\digoal' --password 'digoal_123321' --operation status --vmname 'digoal_01'
digoal_01:[FOR-VC] digoal_01/digoal_01.vmx:poweredOn:connected
Status: ON修改/etc/cluster/cluster.conf, 注意递增config_version版本.
[root@digoal_02 ~]# cat /etc/cluster/cluster.conf
<cluster config_version="31" name="digoal001">
<fence_daemon post_fail_delay="6" post_join_delay="30"/>
<clusternodes>
<clusternode name="10.10.10.154" nodeid="1">
<fence>
<method name="abc">
<device action="off" port="digoal_01" name="fence_vc"/> # port 是这个主机对应的vCenter里的虚拟机名
<device action="on" port="digoal_01" name="fence_vc"/>
</method>
</fence>
</clusternode>
<clusternode name="10.10.10.221" nodeid="2">
<fence>
<method name="abc">
<device action="off" port="digoal_02" name="fence_vc"/>
<device action="on" port="digoal_02" name="fence_vc"/>
</method>
</fence>
</clusternode>
</clusternodes>
<cman expected_votes="1" transport="udpu" two_node="1"/>
<fencedevices>
<fencedevice agent="fence_vmware" ipaddr="10.10.10.155" login="OU\digoal" name="fence_vc" passwd="digoal_123321"/>
</fencedevices>
<rm>
<failoverdomains>
<failoverdomain name="digoal001_fd" nofailback="1" ordered="1" restricted="1">
<failoverdomainnode name="10.10.10.154" priority="1"/>
<failoverdomainnode name="10.10.10.221" priority="1"/>
</failoverdomain>
</failoverdomains>
<resources>
<ip address="10.10.10.223" monitor_link="1"/>
<script file="/usr/local/bin/pgctl.sh" name="pgctl">
<action name="status" interval="10"/>
</script>
</resources>
<service autostart="0" domain="digoal001_fd" name="digoal001_pg">
<ip ref="10.10.10.223"/>
<script ref="pgctl"/>
</service>
</rm>
<logging/>
</cluster>重启集群 :
clusvcadm -d service_name
umount gfs_dir
service clvmd stop
service rgmanager stop
service cman stop
service cman start
service rgmanager start
service clvmd start
mount gfs_dir
clusvcadm -e service_name[参考]
6.
# man fence_vmware
# man fence_vmware_helper
# man fence_vmware_soap
8. /usr/share/cluster/cluster.rng
<!-- fence_vmware -->
<group rha:name="fence_vmware" rha:description="Fence agent for VMWare">
<optional>
<attribute name="option"/> <!-- deprecated; for compatibility. use "action" -->
</optional>
<optional>
<attribute name="action" rha:description="Fencing Action" />
</optional>
<optional>
<attribute name="ipaddr" rha:description="IP Address or Hostname" />
</optional>
<optional>
<attribute name="login" rha:description="Login Name" />
</optional>
<optional>
<attribute name="passwd" rha:description="Login password or passphrase" />
</optional>
<optional>
<attribute name="passwd_script" rha:description="Script to retrieve password" />
</optional>
<optional>
<attribute name="port" rha:description="Physical plug number or name of virtual machine" />
</optional>
<optional>
<attribute name="exec" rha:description="Command to execute" />
</optional>
<optional>
<attribute name="vmware_type" rha:description="Type of VMware to connect" />
</optional>
<optional>
<attribute name="secure" rha:description="SSH connection" />
</optional>
<optional>
<attribute name="identity_file" rha:description="Identity file for ssh" />
</optional>
<optional>
<attribute name="vmware_datacenter" rha:description="Show only machines in specified datacenter" />
</optional>
<optional>
<attribute name="verbose" rha:description="Verbose mode" />
</optional>
<optional>
<attribute name="debug" rha:description="Write debug information to given file" />
</optional>
<optional>
<attribute name="version" rha:description="Display version information and exit" />
</optional>
<optional>
<attribute name="help" rha:description="Display help and exit" />
</optional>
<optional>
<attribute name="separator" rha:description="Separator for CSV created by operation list" />
</optional>
<optional>
<attribute name="power_timeout" rha:description="Test X seconds for status change after ON/OFF" />
</optional>
<optional>
<attribute name="shell_timeout" rha:description="Wait X seconds for cmd prompt after issuing command" />
</optional>
<optional>
<attribute name="login_timeout" rha:description="Wait X seconds for cmd prompt after login" />
</optional>
<optional>
<attribute name="power_wait" rha:description="Wait X seconds after issuing ON/OFF" />
</optional>
<optional>
<attribute name="delay" rha:description="Wait X seconds before fencing is started" />
</optional>
<optional>
<attribute name="retry_on" rha:description="Count of attempts to retry power on" />
</optional>
</group>