fence_azure_arm - Fence agent for Azure Resource Manager
fence_azure_arm is an I/O Fencing agent for Azure Resource
Manager. It uses Azure SDK for Python to connect to Azure.
For instructions to setup credentials see:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal
Username and password are application ID and authentication key
from "App registrations".
NOTE: NETWORK FENCING
Network fencing requires an additional Subnet named "fence-subnet"
for the Virtual Network using a Network Security Group with the following
rules:
+-----------+-----+-------------------------+------+------+-----+-----+--------+
| DIRECTION | PRI | NAME | PORT | PROT | SRC | DST | ACTION |
+-----------+-----+-------------------------+------+------+-----+-----+--------+
| Inbound | 100 | FENCE_DENY_ALL_INBOUND | Any | Any | Any | Any | Deny |
| Outbound | 100 | FENCE_DENY_ALL_OUTBOUND | Any | Any | Any | Any | Deny |
+-----------+-----+-------------------------+------+------+-----+-----+--------+
When using network fencing the reboot-action will cause a
quick-return once the network has been fenced (instead of waiting for the
off-action to succeed). It will check the status during the monitor-action,
and request power-on when the shutdown operation is complete.
fence_azure_arm accepts options on the command line as well as
from stdin. Fenced sends parameters through stdin when it execs the agent.
fence_azure_arm can be run by itself with command line options. This is
useful for testing and for turning outlets on or off from scripts.
Vendor URL: http://www.microsoft.com
- -o,
--action=[action]
- Fencing action (Default Value: reboot)
- -p,
--password=[authkey]
- Authentication key
- -S,
--password-script=[script]
- Script to run to retrieve password
- -n, --plug=[id]
- Physical plug number on device, UUID or identification of machine This
parameter is always required.
- -l,
--username=[appid]
- Application ID
- --resourceGroup=[name]
- Name of resource group. Metadata service is used if the value is not
provided.
- --tenantId=[name]
- Id of Azure Active Directory tenant.
- --subscriptionId=[name]
- Id of the Azure subscription. Metadata service is used if the value is not
provided.
- --network-fencing
- Use network fencing. See NOTE-section for configuration.
- --msi
- Determines if Managed Service Identity should be used.
- --cloud=[name]
- Name of the cloud you want to use.
- -q, --quiet
- Disable logging to stderr. Does not affect --verbose or --debug-file or
logging to syslog.
- -v, --verbose
- Verbose mode. Multiple -v flags can be stacked on the command line (e.g.,
-vvv) to increase verbosity.
- --verbose-level
- Level of debugging detail in output. Defaults to the number of --verbose
flags specified on the command line, or to 1 if verbose=1 in a stonith
device configuration (i.e., on stdin).
- -D,
--debug-file=[debugfile]
- Write debug information to given file
- -V, --version
- Display version information and exit
- -h, --help
- Display help and exit
- --plug-separator=[char]
- Separator for plug parameter when specifying more than 1 plug (Default
Value: ,)
- -C,
--separator=[char]
- Separator for CSV created by 'list' operation (Default Value: ,)
- --delay=[seconds]
- Wait X seconds before fencing is started (Default Value: 0)
- --disable-timeout=[true/false]
- Disable timeout (true/false) (default: true when run from Pacemaker 2.0+)
- --login-timeout=[seconds]
- Wait X seconds for cmd prompt after login (Default Value: 5)
- --power-timeout=[seconds]
- Test X seconds for status change after ON/OFF (Default Value: 150)
- --power-wait=[seconds]
- Wait X seconds after issuing ON/OFF (Default Value: 0)
- --shell-timeout=[seconds]
- Wait X seconds for cmd prompt after issuing command (Default Value: 3)
- --stonith-status-sleep=[seconds]
- Sleep X seconds between status calls during a STONITH action (Default
Value: 1)
- --retry-on=[attempts]
- Count of attempts to retry power on (Default Value: 1)
- on
- Power on machine.
- off
- Power off machine.
- reboot
- Reboot machine.
- status
- This returns the status of the plug/virtual machine.
- list
- List available plugs with aliases/virtual machines if there is support for
more then one device. Returns N/A otherwise.
- list-status
- List available plugs with aliases/virtual machines and their power state
if it can be obtained without additional commands.
- monitor
- Check the health of fence device
- metadata
- Display the XML metadata describing this resource.
- manpage
-
The operational behavior of this is not known.
- validate-all
- Validate if all required parameters are entered.
- action
- Fencing action (Default Value: reboot)
- password
- Authentication key Obsoletes: passwd
- password_script
- Script to run to retrieve password Obsoletes: passwd_script
- plug
- Physical plug number on device, UUID or identification of machine This
parameter is always required. Obsoletes: port
- username
- Application ID Obsoletes: login
- resourceGroup
- Name of resource group. Metadata service is used if the value is not
provided.
- tenantId
- Id of Azure Active Directory tenant.
- subscriptionId
- Id of the Azure subscription. Metadata service is used if the value is not
provided.
- network_fencing
- Use network fencing. See NOTE-section for configuration. Obsoletes:
network-fencing
- msi
- Determines if Managed Service Identity should be used.
- cloud
- Name of the cloud you want to use.
- quiet
- Disable logging to stderr. Does not affect --verbose or --debug-file or
logging to syslog.
- verbose
- Verbose mode. Multiple -v flags can be stacked on the command line (e.g.,
-vvv) to increase verbosity.
- verbose_level
- Level of debugging detail in output. Defaults to the number of --verbose
flags specified on the command line, or to 1 if verbose=1 in a stonith
device configuration (i.e., on stdin).
- debug_file
- Write debug information to given file Obsoletes: debug
- version
- Display version information and exit
- help
- Display help and exit
- plug_separator
- Separator for plug parameter when specifying more than 1 plug (Default
Value: ,)
- separator
- Separator for CSV created by 'list' operation (Default Value: ,)
- delay
- Wait X seconds before fencing is started (Default Value: 0)
- disable_timeout
- Disable timeout (true/false) (default: true when run from Pacemaker 2.0+)
- login_timeout
- Wait X seconds for cmd prompt after login (Default Value: 5)
- power_timeout
- Test X seconds for status change after ON/OFF (Default Value: 150)
- power_wait
- Wait X seconds after issuing ON/OFF (Default Value: 0)
- shell_timeout
- Wait X seconds for cmd prompt after issuing command (Default Value: 3)
- stonith_status_sleep
- Sleep X seconds between status calls during a STONITH action (Default
Value: 1)
- retry_on
- Count of attempts to retry power on (Default Value: 1)