[pve-devel] PVE + Ceph + Ceph fencing?
Dietmar Maurer
dietmar at proxmox.com
Sat Nov 8 11:02:10 CET 2014
> SCENARIO: proxmox HA cluster, VM images exclusively on RBD
> GOAL: use Ceph auth for fencing
>
> Currently this can't be done, but I think the following changes would allow it:
> - Move storage client auth keyring from /etc/pve/priv/ceph to somewhere
> /etc/pve/nodes/<nodename>/ceph
> - Configure a different ceph user for each node
> - Make each proxmox node use his own auth keyring(user) for RBD
> - Develop a fence_ceph that allows to block access of a node to ceph storage
> (block user), removing capabilities to the user, or removing the user.
Well, I would not consider such thing very reliable.
And this would only fence the storage connection. What about other resources, for
example the IP address? If the VM still run and you only fence storage, you will get an
IP address conflict if you start the VM on another node.
More information about the pve-devel
mailing list