table of contents
FENCE_AGENT(8) | System Manager's Manual | FENCE_AGENT(8) |
NAME¶
fence_azure_arm - Fence agent for Azure Resource Manager
DESCRIPTION¶
fence_azure_arm is an I/O Fencing agent for Azure Resource Manager. It uses Azure SDK for Python to connect to Azure.
For instructions to setup credentials see: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal
Username and password are application ID and authentication key from "App registrations".
NOTE: NETWORK FENCING
Network fencing requires an additional Subnet named "fence-subnet"
for the Virtual Network using a Network Security Group with the following
rules:
+-----------+-----+-------------------------+------+------+-----+-----+--------+
| DIRECTION | PRI | NAME | PORT | PROT | SRC | DST | ACTION |
+-----------+-----+-------------------------+------+------+-----+-----+--------+
| Inbound | 100 | FENCE_DENY_ALL_INBOUND | Any | Any | Any | Any | Deny |
| Outbound | 100 | FENCE_DENY_ALL_OUTBOUND | Any | Any | Any | Any | Deny |
+-----------+-----+-------------------------+------+------+-----+-----+--------+
When using network fencing the reboot-action will cause a quick-return once the network has been fenced (instead of waiting for the off-action to succeed). It will check the status during the monitor-action, and request power-on when the shutdown operation is complete.
fence_azure_arm accepts options on the command line as well as from stdin. Fenced sends parameters through stdin when it execs the agent. fence_azure_arm can be run by itself with command line options. This is useful for testing and for turning outlets on or off from scripts.
Vendor URL: http://www.microsoft.com
PARAMETERS¶
- -o, --action=[action]
- Fencing action (Default Value: reboot)
- -p, --password=[authkey]
- Authentication key
- -S, --password-script=[script]
- Script to run to retrieve password
- -n, --plug=[id]
- Physical plug number on device, UUID or identification of machine This parameter is always required.
- -l, --username=[appid]
- Application ID
- --resourceGroup=[name]
- Name of resource group. Metadata service is used if the value is not provided.
- --tenantId=[name]
- Id of Azure Active Directory tenant.
- --subscriptionId=[name]
- Id of the Azure subscription. Metadata service is used if the value is not provided.
- --network-fencing
- Use network fencing. See NOTE-section for configuration.
- --msi
- Determines if Managed Service Identity should be used.
- --cloud=[name]
- Name of the cloud you want to use.
- -q, --quiet
- Disable logging to stderr. Does not affect --verbose or --debug-file or logging to syslog.
- -v, --verbose
- Verbose mode
- -D, --debug-file=[debugfile]
- Write debug information to given file
- -V, --version
- Display version information and exit
- -h, --help
- Display help and exit
- -C, --separator=[char]
- Separator for CSV created by 'list' operation (Default Value: ,)
- --delay=[seconds]
- Wait X seconds before fencing is started (Default Value: 0)
- --login-timeout=[seconds]
- Wait X seconds for cmd prompt after login (Default Value: 5)
- --power-timeout=[seconds]
- Test X seconds for status change after ON/OFF (Default Value: 150)
- --power-wait=[seconds]
- Wait X seconds after issuing ON/OFF (Default Value: 0)
- --shell-timeout=[seconds]
- Wait X seconds for cmd prompt after issuing command (Default Value: 3)
- --retry-on=[attempts]
- Count of attempts to retry power on (Default Value: 1)
ACTIONS¶
- on
- Power on machine.
- off
- Power off machine.
- reboot
- Reboot machine.
- status
- This returns the status of the plug/virtual machine.
- list
- List available plugs with aliases/virtual machines if there is support for more then one device. Returns N/A otherwise.
- list-status
- List available plugs with aliases/virtual machines and their power state if it can be obtained without additional commands.
- monitor
- Check the health of fence device
- metadata
- Display the XML metadata describing this resource.
- manpage
-
The operational behavior of this is not known. - validate-all
- Validate if all required parameters are entered.
STDIN PARAMETERS¶
- action
- Fencing action (Default Value: reboot)
- password
- Authentication key Obsoletes: passwd
- password_script
- Script to run to retrieve password Obsoletes: passwd_script
- plug
- Physical plug number on device, UUID or identification of machine This parameter is always required. Obsoletes: port
- username
- Application ID Obsoletes: login
- resourceGroup
- Name of resource group. Metadata service is used if the value is not provided.
- tenantId
- Id of Azure Active Directory tenant.
- subscriptionId
- Id of the Azure subscription. Metadata service is used if the value is not provided.
- network_fencing
- Use network fencing. See NOTE-section for configuration. Obsoletes: network-fencing
- msi
- Determines if Managed Service Identity should be used.
- cloud
- Name of the cloud you want to use.
- quiet
- Disable logging to stderr. Does not affect --verbose or --debug-file or logging to syslog.
- verbose
- Verbose mode
- debug_file
- Write debug information to given file Obsoletes: debug
- version
- Display version information and exit
- help
- Display help and exit
- separator
- Separator for CSV created by 'list' operation (Default Value: ,)
- delay
- Wait X seconds before fencing is started (Default Value: 0)
- login_timeout
- Wait X seconds for cmd prompt after login (Default Value: 5)
- power_timeout
- Test X seconds for status change after ON/OFF (Default Value: 150)
- power_wait
- Wait X seconds after issuing ON/OFF (Default Value: 0)
- shell_timeout
- Wait X seconds for cmd prompt after issuing command (Default Value: 3)
- retry_on
- Count of attempts to retry power on (Default Value: 1)
2009-10-20 | fence_azure_arm (Fence Agent) |