fence_azure_arm - Man Page
Fence agent for Azure Resource Manager
Description
fence_azure_arm is an I/O Fencing agent for Azure Resource Manager. It uses Azure SDK for Python to connect to Azure.
For instructions to setup credentials see: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal
Username and password are application ID and authentication key from "App registrations".
NOTE: NETWORK FENCING
Network fencing requires an additional Subnet named "fence-subnet" for the Virtual Network using a Network Security Group with the following rules:
+-----------+-----+-------------------------+------+------+-----+-----+--------+
| DIRECTION | PRI | NAME | PORT | PROT | SRC | DST | ACTION |
+-----------+-----+-------------------------+------+------+-----+-----+--------+
| Inbound | 100 | FENCE_DENY_ALL_INBOUND | Any | Any | Any | Any | Deny |
| Outbound | 100 | FENCE_DENY_ALL_OUTBOUND | Any | Any | Any | Any | Deny |
+-----------+-----+-------------------------+------+------+-----+-----+--------+
When using network fencing the reboot-action will cause a quick-return once the network has been fenced (instead of waiting for the off-action to succeed). It will check the status during the monitor-action, and request power-on when the shutdown operation is complete.
fence_azure_arm accepts options on the command line as well as from stdin. Fenced sends parameters through stdin when it execs the agent. fence_azure_arm can be run by itself with command line options. This is useful for testing and for turning outlets on or off from scripts.
Vendor URL: http://www.microsoft.com
Parameters
- -o, --action=[action]
Fencing action (Default Value: reboot)
- -p, --password=[authkey]
Authentication key
- -S, --password-script=[script]
Script to run to retrieve password
- -n, --plug=[id]
Physical plug number on device, UUID or identification of machine This parameter is always required.
- -l, --username=[appid]
Application ID
- --resourceGroup=[name]
Name of resource group. Metadata service is used if the value is not provided.
- --tenantId=[name]
Id of Azure Active Directory tenant.
- --subscriptionId=[name]
Id of the Azure subscription. Metadata service is used if the value is not provided.
- --network-fencing
Use network fencing. See NOTE-section for configuration.
- --msi
Determines if Managed Service Identity should be used.
- --cloud=[name]
Name of the cloud you want to use.
- --metadata-endpoint=[URL]
URL to metadata endpoint (used when cloud=stack).
- -q, --quiet
Disable logging to stderr. Does not affect --verbose or --debug-file or logging to syslog.
- -v, --verbose
Verbose mode. Multiple -v flags can be stacked on the command line (e.g., -vvv) to increase verbosity.
- --verbose-level
Level of debugging detail in output. Defaults to the number of --verbose flags specified on the command line, or to 1 if verbose=1 in a stonith device configuration (i.e., on stdin).
- -D, --debug-file=[debugfile]
Write debug information to given file
- -V, --version
Display version information and exit
- -h, --help
Display help and exit
- --plug-separator=[char]
Separator for plug parameter when specifying more than 1 plug (Default Value: ,)
- -C, --separator=[char]
Separator for CSV created by 'list' operation (Default Value: ,)
- --delay=[seconds]
Wait X seconds before fencing is started (Default Value: 0)
- --disable-timeout=[true/false]
Disable timeout (true/false) (default: true when run from Pacemaker 2.0+)
- --login-timeout=[seconds]
Wait X seconds for cmd prompt after login (Default Value: 5)
- --power-timeout=[seconds]
Test X seconds for status change after ON/OFF (Default Value: 150)
- --power-wait=[seconds]
Wait X seconds after issuing ON/OFF (Default Value: 0)
- --shell-timeout=[seconds]
Wait X seconds for cmd prompt after issuing command (Default Value: 3)
- --stonith-status-sleep=[seconds]
Sleep X seconds between status calls during a STONITH action (Default Value: 1)
- --retry-on=[attempts]
Count of attempts to retry power on (Default Value: 1)
Actions
- on
Power on machine.
- off
Power off machine.
- reboot
Reboot machine.
- status
This returns the status of the plug/virtual machine.
- list
List available plugs with aliases/virtual machines if there is support for more then one device. Returns N/A otherwise.
- list-status
List available plugs with aliases/virtual machines and their power state if it can be obtained without additional commands.
- monitor
Check the health of fence device
- metadata
Display the XML metadata describing this resource.
- manpage
The operational behavior of this is not known.
- validate-all
Validate if all required parameters are entered.
Stdin Parameters
- action
Fencing action (Default Value: reboot)
- password
Authentication key Obsoletes: passwd
- password_script
Script to run to retrieve password Obsoletes: passwd_script
- plug
Physical plug number on device, UUID or identification of machine This parameter is always required. Obsoletes: port
- username
Application ID Obsoletes: login
- resourceGroup
Name of resource group. Metadata service is used if the value is not provided.
- tenantId
Id of Azure Active Directory tenant.
- subscriptionId
Id of the Azure subscription. Metadata service is used if the value is not provided.
- network_fencing
Use network fencing. See NOTE-section for configuration. Obsoletes: network-fencing
- msi
Determines if Managed Service Identity should be used.
- cloud
Name of the cloud you want to use.
- metadata_endpoint
URL to metadata endpoint (used when cloud=stack). Obsoletes: metadata-endpoint
- quiet
Disable logging to stderr. Does not affect --verbose or --debug-file or logging to syslog.
- verbose
Verbose mode. Multiple -v flags can be stacked on the command line (e.g., -vvv) to increase verbosity.
- verbose_level
Level of debugging detail in output. Defaults to the number of --verbose flags specified on the command line, or to 1 if verbose=1 in a stonith device configuration (i.e., on stdin).
- debug_file
Write debug information to given file Obsoletes: debug
- version
Display version information and exit
- help
Display help and exit
- plug_separator
Separator for plug parameter when specifying more than 1 plug (Default Value: ,)
- separator
Separator for CSV created by 'list' operation (Default Value: ,)
- delay
Wait X seconds before fencing is started (Default Value: 0)
- disable_timeout
Disable timeout (true/false) (default: true when run from Pacemaker 2.0+)
- login_timeout
Wait X seconds for cmd prompt after login (Default Value: 5)
- power_timeout
Test X seconds for status change after ON/OFF (Default Value: 150)
- power_wait
Wait X seconds after issuing ON/OFF (Default Value: 0)
- shell_timeout
Wait X seconds for cmd prompt after issuing command (Default Value: 3)
- stonith_status_sleep
Sleep X seconds between status calls during a STONITH action (Default Value: 1)
- retry_on
Count of attempts to retry power on (Default Value: 1)