Fence Cisco UCS on RHEL 7

sayedma2 · ‎03-12-2017

Hello,

We are trying to Use 2 blade servers as Active/passive configuration for Oracle databases with shared storage. We would like to use fencing agent fence cisco ucs .

What should we use for plugin name/machine number. ?

Also for the ip address for host, should we use the one assigned to </org tree> or the one attached to /sys sub directory?

Kirk J · ‎03-12-2017

Greetings.

Typically for 'fencing' configuration, you need to setup an IPMI access policy for each of your blades in your RedHat/Oracle cluster.

Additionally, you will want to configure an administrative IP for each blade's service profile. The reason for setting an administrative IP that will be assigned at the service profile level (rather than the default IP that is immediately assigned to the CIMC during blade/rack server discovery), is that decommissioning a blade/rack server, can potentially hand the CIMC IP back to the pool, and another blade/server can pull it.

Using the Administrative IP, the IP will stick with the service profile, even if you decom the server, or need to re-assign the service profile to another physical server, and retain the IP info that you have configured in your RHEL fencing config.

The IPMI/fencing config allows the RHEL cluster to manually power off a specific cluster node in order to avoid a split brain scenario.

Some RedHat info on fencing with UCSM: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6-Beta/html/Fence_Configuration_Guide/s1-software-fence-ciscoucs-CA.html

Thanks,

Kirk...

sayedma2 · ‎03-14-2017

Hello,

Thank you for your reply.

Here is what i have been trying to do .

I.P. address of UCS manager = 10.10.63.86

Username= Admin

Password =XXXXX

Plug name= KRPLP-UCSC001- Svr1 (As in UCS profile)

When i execute the fence cisco ucs command

fence_cisco_ucs -a 10.10.63.86 -l admin -p XXXXX -n KRPLP-UCSC001-Svr1 -o status -v

I get the following error

aaaLogin inName="admin" inPassword="XXXXXX" />

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="https://10.10.63.86/nuova">here</a>.</p>
</body></html>

Unable to connect/login to fencing device

Not sure what nuova is

Kirk J · ‎03-15-2017

Was reviewing the https://access.redhat.com/solutions/31225 article, and it appears this is using a newer agent/xml method to communicate, so you do have an alternative to using the IPMI-lan method.

Make sure your conection string matches the syntax and options below:

# fence_cisco_ucs --ip="a.b.c.d" --username="admin" --passwd="XXXXX" -z 1 --plug="UCSPROFILE2" --suborg="/org-RHEL/" -o status -v

--port or --plug: The value should be the Cisco UCS ServiceProfileName which should be the same value as that of the Service Profile Listing.
--suborg: The value should have the /org- prefixed to the real Organization configured on the Cisco UCSM.

Thanks,

Kirk..