fence_azure_arm - Fence agent for Azure Resource Manager
Used to deallocate virtual machines and to report power state of
virtual machines running in Azure. It uses Azure SDK for Python to connect
to Azure.
For instructions to setup credentials see:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal
Username and password are application ID and authentication key
from "App registrations".
NOTE: NETWORK FENCING
Network fencing requires an additional Subnet named "fence-subnet"
for the Virtual Network using a Network Security Group with the following
rules:
+-----------+-----+-------------------------+------+------+-----+-----+--------+
| DIRECTION | PRI | NAME | PORT | PROT | SRC | DST | ACTION |
+-----------+-----+-------------------------+------+------+-----+-----+--------+
| Inbound | 100 | FENCE_DENY_ALL_INBOUND | Any | Any | Any | Any | Deny |
| Outbound | 100 | FENCE_DENY_ALL_OUTBOUND | Any | Any | Any | Any | Deny |
+-----------+-----+-------------------------+------+------+-----+-----+--------+
When using network fencing the reboot-action will cause a
quick-return once the network has been fenced (instead of waiting for the
off-action to succeed). It will check the status during the monitor-action,
and request power-on when the shutdown operation is complete.
fence_azure_arm accepts options on the command line as well as
from stdin. Fenced sends parameters through stdin when it execs the agent.
fence_azure_arm can be run by itself with command line options. This is
useful for testing and for turning outlets on or off from scripts.
Vendor URL: http://www.microsoft.com
- -o,
--action=[action]
- Fencing action (Default Value: reboot)
- -p,
--password=[authkey]
- Authentication key
- -S,
--password-script=[script]
- Script to run to retrieve password
- -n, --plug=[id]
- Physical plug number on device, UUID or identification of machine This
parameter is always required.
- -l,
--username=[appid]
- Application ID This parameter is always required.
- --resourceGroup=[name]
- Name of resource group. Metadata service is used if the value is not
provided.
- --tenantId=[name]
- Id of Azure Active Directory tenant.
- --subscriptionId=[name]
- Id of the Azure subscription. Metadata service is used if the value is not
provided.
- --network-fencing
- Use network fencing. See NOTE-section for configuration.
- --msi
- Determines if Managed Service Identity should be used.
- --cloud=[name]
- Name of the cloud you want to use.
- -q, --quiet
- Disable logging to stderr. Does not affect --verbose or --debug-file or
logging to syslog.
- -v, --verbose
- Verbose mode
- -D,
--debug-file=[debugfile]
- Write debug information to given file
- -V, --version
- Display version information and exit
- -h, --help
- Display help and exit
- -C,
--separator=[char]
- Separator for CSV created by 'list' operation (Default Value: ,)
- --delay=[seconds]
- Wait X seconds before fencing is started (Default Value: 0)
- --login-timeout=[seconds]
- Wait X seconds for cmd prompt after login (Default Value: 5)
- --power-timeout=[seconds]
- Test X seconds for status change after ON/OFF (Default Value: 150)
- --power-wait=[seconds]
- Wait X seconds after issuing ON/OFF (Default Value: 0)
- --shell-timeout=[seconds]
- Wait X seconds for cmd prompt after issuing command (Default Value: 3)
- --retry-on=[attempts]
- Count of attempts to retry power on (Default Value: 1)
- on
- Power on machine.
- off
- Power off machine.
- reboot
- Reboot machine.
- status
- This returns the status of the plug/virtual machine.
- list
- List available plugs with aliases/virtual machines if there is support for
more then one device. Returns N/A otherwise.
- list-status
- List available plugs with aliases/virtual machines and their power state
if it can be obtained without additional commands.
- monitor
- Check the health of fence device
- metadata
- Display the XML metadata describing this resource.
- manpage
-
The operational behavior of this is not known.
- validate-all
- Validate if all required parameters are entered.
- action
- Fencing action (Default Value: reboot)
- password
- Authentication key Obsoletes: passwd
- password_script
- Script to run to retrieve password Obsoletes: passwd_script
- plug
- Physical plug number on device, UUID or identification of machine This
parameter is always required. Obsoletes: port
- username
- Application ID This parameter is always required. Obsoletes: login
- resourceGroup
- Name of resource group. Metadata service is used if the value is not
provided.
- tenantId
- Id of Azure Active Directory tenant.
- subscriptionId
- Id of the Azure subscription. Metadata service is used if the value is not
provided.
- network_fencing
- Use network fencing. See NOTE-section for configuration. Obsoletes:
network-fencing
- msi
- Determines if Managed Service Identity should be used.
- cloud
- Name of the cloud you want to use.
- quiet
- Disable logging to stderr. Does not affect --verbose or --debug-file or
logging to syslog.
- verbose
- Verbose mode
- debug_file
- Write debug information to given file Obsoletes: debug
- version
- Display version information and exit
- help
- Display help and exit
- separator
- Separator for CSV created by 'list' operation (Default Value: ,)
- delay
- Wait X seconds before fencing is started (Default Value: 0)
- login_timeout
- Wait X seconds for cmd prompt after login (Default Value: 5)
- power_timeout
- Test X seconds for status change after ON/OFF (Default Value: 150)
- power_wait
- Wait X seconds after issuing ON/OFF (Default Value: 0)
- shell_timeout
- Wait X seconds for cmd prompt after issuing command (Default Value: 3)
- retry_on
- Count of attempts to retry power on (Default Value: 1)