Home > Uncategorized > Setting up RHEL 6 Cluster Fencing on vCenter VMware VMs

Setting up RHEL 6 Cluster Fencing on vCenter VMware VMs

My reference below is based on the posting here (thanks to this author for sharing this invaluable info):

This has been tested and validated on ESXi 5.5, RHEL 6.5 with a 3-node cluster. Was very useful and saved lot of time.


vCenter: vcenter.domain.com

vCenter Account: root (create your own username with similar privileges to stop/restart nodes if you don’t want to use root)

Password: password

node1: node1.domain.com  (Named node1 in vCenter)

node2: node2.domain.com  (Named node2 in vCenter)

node3: node3.domain.com  (Named node3 in vCenter)

Key Tip: fencing may fail using the system name, use UUIDs instead.


Retrieve UUID of your 3-nodes

On node1.domain.com, run the following (use ssl or it will not likely retrieve anything):

fence_vmware_soap --ip vcenter.domain.com --username root --password  password --ssl -z --action list |grep node

Note the node and UUID associated with it.


Test fencing from node1 to node3:

fence_vmware_soap --ip --username root --password password -z --action off --uuid 564d2c92-23d6-6094-2bc4-ff503470cdec
fence_vmware_soap --ip --username root --password password -z --action on --uuid 564d2c92-23d6-6094-2bc4-ff503470cdec

After successful tests, add Fencing in LUCI:


  • Add a fence device that tells your cluster how to log into your VC
  • Attach a fencing method to each node and give it the UUID you used earlier to

Log into LUCI and select your cluster, then select the Fence Devices tab.  Select Add.

Fill out the form exactly as shown:

Fence type: VMWare (SOAP Interface)

Name: fence_node1  (Just needs to be descriptive)

IP Address or Hostname: node1.domain.com

IP Port (optional): blank

Login: root

password: password

Leave the rest as they are or blank

Now, go to Manage Clusters in LUCI and select your first node by clicking on the name. At the bottom of the screen for your node, select Add Fence Method.  Give it a name, the name doesn’t matter unless you are planning on using multiple methods.  Submit your change.  Now select Add Fence Instance that appears inside the method box and fill it out exactly as described below:

Select the fencing device you configured in step 1

VM Name: Leave blank

VM UUID: 564dbfa6-7885-b25f-5812-4dae4269a1d6

Use SSL: Check it on.  Fencing will not work without this checked.


Do the same for node2, node3. Check the bottom of this dialog for each node while your here and verify that all your required daemons are running before testing fencing.

Categories: Uncategorized
  1. ramu
    January 5, 2017 at 6:22 am

    Thank you a lot, it was saved my time

  2. Mario
    November 24, 2017 at 3:58 pm

    Hi, did you do failover tests like pulling the ethernet cable, or pulling the power cables? Because it’s virtual, it has a strange behaviour in the cluster.

    • December 17, 2017 at 6:36 am

      I tested by disabling eth* interfaces that simulate a failed network and it was successful. Yes, you are right – as a virtual system, the behaviors can be slightly different, but the software logic remains the same. If failure is detected, it will be behave in the way the software is programmed to do.

  3. Alexander Ogbogu
    January 6, 2018 at 6:25 am

    Fence_vmware_soap not working between RHEL 6.8 cluster nodes and Vcenter (ESXi 5.5), can’t retrieved VM UUIDs:

    To start with, I am not an expert in Vcenter/ESX server, but I experienced an issues which goes thus:

    I setup a RHCS (Redhat CLuster services) on 2 nodes (both on RHEL 6.8 version) and both on a VM ESXi 5.5. I intend to using Fence_vmware_Soap as the fencing agent in Redhat Enterprise Linux 6.8. I have fence-agents rpm package installed on each cluster nodes, I have a username/password – rhel1/passw@rd1. on the Vcenter server with the privilege to on/off the VMs.

    See the following parameters I used to test the fencing device –

    Vcenter server IP –
    Vcenter Username/Password – rhel1/passw@rd1.

    Node1: sv001pp01Node1
    Node2: sv001pp01Node2

    I did the following series of testing using commands as follows on Node1:

    Test 1:

    root@sv001pp01Node1 Desktop]# fence_vmware_soap –ip –username rhel1 –password passw@rd1. –ssl -z -action list |grep node

    I get the error: unable to connect/login to fencing device

    Test 2

    After googled a solution regarding the vcenter server understanding the character @, I changed it to “@ and did as follows:

    root@sv001pp01Node1 Desktop]# fence_vmware_soap –ip –username rhel1 –password passw@rd1. –ssl -z -action list |grep node

    I get the error: I get complain about the plug number or machine identification

    Test 3:

    I tried the follow:

    root@sv001pp01Node1 Desktop]# fence_vmware_soap -z -l rhel1 -p passw@rd1. -a -o list

    I get the following error: enter the fence address

    I am stuck in this project phase, how do I resolve this issue with the fence_vmware_soap not retrieving the VM UUIDs?

    Do I still need to install another rpm package for fence_vmware_soap?
    Or, is there a command I am missing in the whole process? Please, I need an urgent help. I am week behind in the delivery date already.

    I appreciate anyone’s help.


    I can be reach via alexogbogu@gmail.com or this forum.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: