Bug 1120858

Summary: [RFE] Option to disable fencing for a cluster
Product: Red Hat Enterprise Virtualization Manager Reporter: Scott Herold <sherold>
Component: ovirt-engineAssignee: Martin Perina <mperina>
Status: CLOSED ERRATA QA Contact: sefi litmanovich <slitmano>
Severity: high Docs Contact:
Priority: high    
Version: 3.4.0CC: adahms, bazulay, dfediuck, ecohen, gklein, howey.vernon, iheim, lpeer, oourfali, pstehlik, rbalakri, Rhev-m-bugs, sherold, yeylon
Target Milestone: ---Keywords: FutureFeature
Target Release: 3.5.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: infra
Fixed In Version: ovirt-3.5.0_rc1.1 Doc Type: Enhancement
Doc Text:
This enhancement adds the ability to disable fencing for a cluster. This allows system administrators who are aware that certain hosts in a cluster may experience temporary connection issues to disable and re-enable fencing when performing maintenance on a machine.
 Story Points: ---
Clone Of:
: 1188504 (view as bug list) Environment:
Last Closed: 2015-02-11 18:06:20 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Infra RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1084611, 1110176, 1142923, 1156165, 1188504    

Description Scott Herold 2014-07-17 21:29:20 UTC 
Provide an option to enable or disable fencing within a cluster through the "Fencing Policy" Configuration UI provided by BZ 1118879.

This option will enable users who are or may experience fencing storm situations to disable fencing until proper diagnostics or maintenance activities are completed.  This will enable users to shift a cluster or set of clusters into a "maintenance" mode if there will be an expected disruption to the engine instance, or the network or infrastructure components managing engine/host connectivity.

UI
--
A simple enabled/disabled option should be made available to the user within the Fencing Policy configuration tab to:
"Enable fencing operations for this cluster"
DEFAULT: Enabled
Comment 1 Barak 2014-07-28 10:52:38 UTC 
What are the implications on HA vms ?
On host level we have "disable fencing" checkbox - which means "do not run HA vms on this host" , among other things.

I assume this policy will not have any effect on the HA vms whatsoever ?
Comment 2 Scott Herold 2014-07-30 15:33:53 UTC 
Barak - I don't think this should affect running VMs.  If a user disables fencing at the cluster level, they need to assume a level of risk knowing they have HA VMs configured.  What is the current behaviour for disabling fencing at a host level? Is it possible to:

1) Start an HA VM (New or Existing) on that host
2) Live Migrate a running VM to that host

Is there a mechanism that we can "easily" use to provide a message to users when attempting a now invalid action stating "HA/Fencing is disabled for this cluster, so VM operations on HA VMs are currently limited"
Comment 3 Oved Ourfali 2014-07-31 07:30:02 UTC 
(In reply to Scott Herold from comment #2)
> Barak - I don't think this should affect running VMs.  If a user disables
> fencing at the cluster level, they need to assume a level of risk knowing
> they have HA VMs configured.  What is the current behaviour for disabling
> fencing at a host level? Is it possible to:
> 
> 1) Start an HA VM (New or Existing) on that host
> 2) Live Migrate a running VM to that host
> 

Barak - it seems like there is no such logic at the moment.
Asked both Eli and Omer regarding that.

> Is there a mechanism that we can "easily" use to provide a message to users
> when attempting a now invalid action stating "HA/Fencing is disabled for
> this cluster, so VM operations on HA VMs are currently limited"

I think we should give that as a question mark next to this setting, specifying that if you disable fencing on this cluster then HA VMs that run on a host that isn't reachable won't be restarted anywhere else.

Does that make sense?

CC-ing Doron as well, to keep him in the loop.
Comment 4 Oved Ourfali 2014-08-06 13:29:55 UTC 
In addition for that, we can add an alert saying that "Fencing is disabled on cluster XXX. HA VMs running on a non-responsive host will not be restarted elsewhere".

Scott - please ACK what's written in this comment, and in Comment #3.
Comment 5 Scott Herold 2014-08-06 13:37:32 UTC 
Ack Comment 3 and Comment 4

I really like the Cluster Alert idea.  Makes it more obvious to the user and less likely to be overlooked.
Comment 7 errata-xmlrpc 2015-02-11 18:06:20 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0158.html