Product SiteDocumentation Site

Chapter 5. Configure Fencing

Table of Contents

5.1. What is Fencing?
5.2. Choose a Fence Device
5.3. Configure the Cluster for Fencing
5.4. Example

5.1. What is Fencing?

Fencing protects your data from being corrupted, and your application from becoming unavailable, due to unintended concurrent access by rogue nodes.
Just because a node is unresponsive doesn’t mean it has stopped accessing your data. The only way to be 100% sure that your data is safe, is to use fencing to ensure that the node is truly offline before allowing the data to be accessed from another node.
Fencing also has a role to play in the event that a clustered service cannot be stopped. In this case, the cluster uses fencing to force the whole node offline, thereby making it safe to start the service elsewhere.
Fencing is also known as STONITH, an acronym for "Shoot The Other Node In The Head", since the most popular form of fencing is cutting a host’s power.
In order to guarantee the safety of your data, [6] fencing is enabled by default.

Note

It is possible to tell the cluster not to use fencing, by setting the stonith-enabled cluster option to false:
[root@pcmk-1 ~]# pcs property set stonith-enabled=false
[root@pcmk-1 ~]# crm_verify -L
However, this is completely inappropriate for a production cluster. It tells the cluster to simply pretend that failed nodes are safely powered off. Some vendors will refuse to support clusters that have fencing disabled. Even disabling it for a test cluster means you won’t be able to test real failure scenarios.


[6] If the data is corrupt, there is little point in continuing to make it available