fence_azure_arm - Man Page

Fence agent for Azure Resource Manager

Description

fence_azure_arm is an I/O Fencing agent for Azure Resource Manager. It uses Azure SDK for Python to connect to Azure.

For instructions to setup credentials see: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal

Username and password are application ID and authentication key from "App registrations".

NOTE: NETWORK FENCING
Network fencing requires an additional Subnet named "fence-subnet" for the Virtual Network using a Network Security Group with the following rules:
+-----------+-----+-------------------------+------+------+-----+-----+--------+
| DIRECTION | PRI | NAME                    | PORT | PROT | SRC | DST | ACTION |
+-----------+-----+-------------------------+------+------+-----+-----+--------+
| Inbound   | 100 | FENCE_DENY_ALL_INBOUND  | Any  | Any  | Any | Any | Deny   |
| Outbound  | 100 | FENCE_DENY_ALL_OUTBOUND | Any  | Any  | Any | Any | Deny   |
+-----------+-----+-------------------------+------+------+-----+-----+--------+

When using network fencing the reboot-action will cause a quick-return once the network has been fenced (instead of waiting for the off-action to succeed). It will check the status during the monitor-action, and request power-on when the shutdown operation is complete.

fence_azure_arm accepts options on the command line as well as from stdin. Fenced sends parameters through stdin when it execs the agent. fence_azure_arm can be run by itself with command line options.  This is useful for testing and for turning outlets on or off from scripts.

Vendor URL: http://www.microsoft.com

Parameters

-o, --action=[action]

Fencing action (Default Value: reboot)

-p, --password=[authkey]

Authentication key

-S, --password-script=[script]

Script to run to retrieve password

-n, --plug=[id]

Physical plug number on device, UUID or identification of machine This parameter is always required.

-l, --username=[appid]

Application ID This parameter is always required.

--resourceGroup=[name]

Name of resource group. Metadata service is used if the value is not provided.

--tenantId=[name]

Id of Azure Active Directory tenant.

--subscriptionId=[name]

Id of the Azure subscription. Metadata service is used if the value is not provided.

--network-fencing

Use network fencing. See NOTE-section for configuration.

--msi

Determines if Managed Service Identity should be used.

--cloud=[name]

Name of the cloud you want to use.

-q, --quiet

Disable logging to stderr. Does not affect --verbose or --debug-file or logging to syslog.

-v, --verbose

Verbose mode

-D, --debug-file=[debugfile]

Write debug information to given file

-V, --version

Display version information and exit

-h, --help

Display help and exit

-C, --separator=[char]

Separator for CSV created by 'list' operation (Default Value: ,)

--delay=[seconds]

Wait X seconds before fencing is started (Default Value: 0)

--login-timeout=[seconds]

Wait X seconds for cmd prompt after login (Default Value: 5)

--power-timeout=[seconds]

Test X seconds for status change after ON/OFF (Default Value: 150)

--power-wait=[seconds]

Wait X seconds after issuing ON/OFF (Default Value: 0)

--shell-timeout=[seconds]

Wait X seconds for cmd prompt after issuing command (Default Value: 3)

--retry-on=[attempts]

Count of attempts to retry power on (Default Value: 1)

Actions

on

Power on machine.

off

Power off machine.

reboot

Reboot machine.

status

This returns the status of the plug/virtual machine.

list

List available plugs with aliases/virtual machines if there is support for more then one device. Returns N/A otherwise.

list-status

List available plugs with aliases/virtual machines and their power state if it can be obtained without additional commands.

monitor

Check the health of fence device

metadata

Display the XML metadata describing this resource.

manpage

The operational behavior of this is not known.

validate-all

Validate if all required parameters are entered.

Stdin Parameters

action

Fencing action (Default Value: reboot)

password

Authentication key Obsoletes: passwd

password_script

Script to run to retrieve password Obsoletes: passwd_script

plug

Physical plug number on device, UUID or identification of machine This parameter is always required. Obsoletes: port

username

Application ID This parameter is always required. Obsoletes: login

resourceGroup

Name of resource group. Metadata service is used if the value is not provided.

tenantId

Id of Azure Active Directory tenant.

subscriptionId

Id of the Azure subscription. Metadata service is used if the value is not provided.

network_fencing

Use network fencing. See NOTE-section for configuration. Obsoletes: network-fencing

msi

Determines if Managed Service Identity should be used.

cloud

Name of the cloud you want to use.

quiet

Disable logging to stderr. Does not affect --verbose or --debug-file or logging to syslog.

verbose

Verbose mode

debug_file

Write debug information to given file Obsoletes: debug

version

Display version information and exit

help

Display help and exit

separator

Separator for CSV created by 'list' operation (Default Value: ,)

delay

Wait X seconds before fencing is started (Default Value: 0)

login_timeout

Wait X seconds for cmd prompt after login (Default Value: 5)

power_timeout

Test X seconds for status change after ON/OFF (Default Value: 150)

power_wait

Wait X seconds after issuing ON/OFF (Default Value: 0)

shell_timeout

Wait X seconds for cmd prompt after issuing command (Default Value: 3)

retry_on

Count of attempts to retry power on (Default Value: 1)

Info

2009-10-20 fence_azure_arm (Fence Agent)