table of contents
| FENCE_AGENT(8) | System Manager's Manual | FENCE_AGENT(8) |
NAME¶
fence_aws_vpc_net - Fence agent for AWS (Amazon Web Services) Net
DESCRIPTION¶
fence_aws_vpc is a Network and Power Fencing agent for AWS VPC that works by manipulating security groups. It uses the boto3 library to connect to AWS.
boto3 can be configured with AWS CLI or by creating ~/.aws/credentials. For instructions see: https://boto3.readthedocs.io/en/latest/guide/quickstart.html#configuration NOTE: If onfence-poweroff is set, the agent won't be able to power on the node again, it will have to be powered on manually or with other automation.
The fence agent accepts options on the command line as well as from stdin. Fenced sends parameters through stdin when it execs the agent. The agent can be run by itself with command line options. This is useful for testing and for turning outlets on or off from scripts.
Vendor URL: http://www.amazon.com
PARAMETERS¶
- -o, --action=[action]
- Fencing action (Default Value: reboot)
- -n, --plug=[id]
- AWS Instance ID to perform action on This parameter is always required.
- -r, --region=[region]
- AWS Region.
- -a, --access-key=[key]
- AWS Access Key.
- -s, --secret-key=[key]
- AWS Secret Key.
- --secg=[sg1,sg2,...]
- Security Groups to remove.
- --skip-race-check
- Skip race condition check.
- --invert-sg-removal
- Remove all security groups except specified..
- --unfence-ignore-restore
- Remove all security groups except specified..
- --filter=[key=value]
- Filter for list-action
- -b, --boto3_debug=[option]
- Boto Lib debug (Default Value: False)
- --onfence-poweroff
- Power off the machine async..
- --ignore-tag-write-failure
- Continue to fence even if backup tag fails..
- --ignore-instance-state
- Fence regardless of AWS state
- --interface0-sg=[sg1,sg2,...]
- Security Groups to restore for interface 0 (bypasses tag logic)
- --interface1-sg=[sg1,sg2,...]
- Security Groups to restore for interface 1 (bypasses tag logic)
- --interface2-sg=[sg1,sg2,...]
- Security Groups to restore for interface 2 (bypasses tag logic)
- --interface3-sg=[sg1,sg2,...]
- Security Groups to restore for interface 3 (bypasses tag logic)
- --interface4-sg=[sg1,sg2,...]
- Security Groups to restore for interface 4 (bypasses tag logic)
- --interface5-sg=[sg1,sg2,...]
- Security Groups to restore for interface 5 (bypasses tag logic)
- --interface6-sg=[sg1,sg2,...]
- Security Groups to restore for interface 6 (bypasses tag logic)
- --interface7-sg=[sg1,sg2,...]
- Security Groups to restore for interface 7 (bypasses tag logic)
- --interface8-sg=[sg1,sg2,...]
- Security Groups to restore for interface 8 (bypasses tag logic)
- --interface9-sg=[sg1,sg2,...]
- Security Groups to restore for interface 9 (bypasses tag logic)
- --interface10-sg=[sg1,sg2,...]
- Security Groups to restore for interface 10 (bypasses tag logic)
- --interface11-sg=[sg1,sg2,...]
- Security Groups to restore for interface 11 (bypasses tag logic)
- --interface12-sg=[sg1,sg2,...]
- Security Groups to restore for interface 12 (bypasses tag logic)
- --interface13-sg=[sg1,sg2,...]
- Security Groups to restore for interface 13 (bypasses tag logic)
- --interface14-sg=[sg1,sg2,...]
- Security Groups to restore for interface 14 (bypasses tag logic)
- --interface15-sg=[sg1,sg2,...]
- Security Groups to restore for interface 15 (bypasses tag logic)
- -q, --quiet
- Disable logging to stderr. Does not affect --verbose or --debug-file or logging to syslog.
- -v, --verbose
- Verbose mode. Multiple -v flags can be stacked on the command line (e.g., -vvv) to increase verbosity.
- --verbose-level
- Level of debugging detail in output. Defaults to the number of --verbose flags specified on the command line, or to 1 if verbose=1 in a stonith device configuration (i.e., on stdin).
- -D, --debug-file=[debugfile]
- Write debug information to given file
- -V, --version
- Display version information and exit
- -h, --help
- Display help and exit
- --plug-separator=[char]
- Separator for plug parameter when specifying more than 1 plug (Default Value: ,)
- -C, --separator=[char]
- Separator for CSV created by 'list' operation (Default Value: ,)
- --delay=[seconds]
- Wait X seconds before fencing is started (Default Value: 0)
- --disable-timeout=[true/false]
- Disable timeout (true/false) (default: true when run from Pacemaker 2.0+)
- --login-timeout=[seconds]
- Wait X seconds for cmd prompt after login (Default Value: 5)
- --power-timeout=[seconds]
- Test X seconds for status change after ON/OFF (Default Value: 20)
- --power-wait=[seconds]
- Wait X seconds after issuing ON/OFF (Default Value: 0)
- --shell-timeout=[seconds]
- Wait X seconds for cmd prompt after issuing command (Default Value: 3)
- --stonith-status-sleep=[seconds]
- Sleep X seconds between status calls during a STONITH action (Default Value: 1)
- --retry-on=[attempts]
- Count of attempts to retry power on (Default Value: 1)
ACTIONS¶
- on
- Power on machine.
- off
- Power off machine.
- reboot
- Reboot machine.
- status
- This returns the status of the plug/virtual machine.
- list
- List available plugs with aliases/virtual machines if there is support for more then one device. Returns N/A otherwise.
- list-status
- List available plugs with aliases/virtual machines and their power state if it can be obtained without additional commands.
- monitor
- Check the health of fence device
- metadata
- Display the XML metadata describing this resource.
- manpage
-
The operational behavior of this is not known. - validate-all
- Validate if all required parameters are entered.
STDIN PARAMETERS¶
- action
- Fencing action (Default Value: reboot)
- plug
- AWS Instance ID to perform action on This parameter is always required. Obsoletes: port
- region
- AWS Region.
- access_key
- AWS Access Key.
- secret_key
- AWS Secret Key.
- secg
- Security Groups to remove.
- skip_race_check
- Skip race condition check.
- invert_sg_removal
- Remove all security groups except specified.. Obsoletes: invert-sg-removal
- unfence_ignore_restore
- Remove all security groups except specified.. Obsoletes: unfence-ignore-restore
- filter
- Filter for list-action
- boto3_debug
- Boto Lib debug (Default Value: False)
- onfence_poweroff
- Power off the machine async.. Obsoletes: onfence-poweroff
- ignore_tag_write_failure
- Continue to fence even if backup tag fails.. Obsoletes: ignore-tag-write-failure
- ignore_instance_state
- Fence regardless of AWS state Obsoletes: ignore-instance-state
- interface0_sg
- Security Groups to restore for interface 0 (bypasses tag logic) Obsoletes: interface0-sg
- interface1_sg
- Security Groups to restore for interface 1 (bypasses tag logic) Obsoletes: interface1-sg
- interface2_sg
- Security Groups to restore for interface 2 (bypasses tag logic) Obsoletes: interface2-sg
- interface3_sg
- Security Groups to restore for interface 3 (bypasses tag logic) Obsoletes: interface3-sg
- interface4_sg
- Security Groups to restore for interface 4 (bypasses tag logic) Obsoletes: interface4-sg
- interface5_sg
- Security Groups to restore for interface 5 (bypasses tag logic) Obsoletes: interface5-sg
- interface6_sg
- Security Groups to restore for interface 6 (bypasses tag logic) Obsoletes: interface6-sg
- interface7_sg
- Security Groups to restore for interface 7 (bypasses tag logic) Obsoletes: interface7-sg
- interface8_sg
- Security Groups to restore for interface 8 (bypasses tag logic) Obsoletes: interface8-sg
- interface9_sg
- Security Groups to restore for interface 9 (bypasses tag logic) Obsoletes: interface9-sg
- interface10_sg
- Security Groups to restore for interface 10 (bypasses tag logic) Obsoletes: interface10-sg
- interface11_sg
- Security Groups to restore for interface 11 (bypasses tag logic) Obsoletes: interface11-sg
- interface12_sg
- Security Groups to restore for interface 12 (bypasses tag logic) Obsoletes: interface12-sg
- interface13_sg
- Security Groups to restore for interface 13 (bypasses tag logic) Obsoletes: interface13-sg
- interface14_sg
- Security Groups to restore for interface 14 (bypasses tag logic) Obsoletes: interface14-sg
- interface15_sg
- Security Groups to restore for interface 15 (bypasses tag logic) Obsoletes: interface15-sg
- quiet
- Disable logging to stderr. Does not affect --verbose or --debug-file or logging to syslog.
- verbose
- Verbose mode. Multiple -v flags can be stacked on the command line (e.g., -vvv) to increase verbosity.
- verbose_level
- Level of debugging detail in output. Defaults to the number of --verbose flags specified on the command line, or to 1 if verbose=1 in a stonith device configuration (i.e., on stdin).
- debug_file
- Write debug information to given file Obsoletes: debug
- version
- Display version information and exit
- help
- Display help and exit
- plug_separator
- Separator for plug parameter when specifying more than 1 plug (Default Value: ,)
- separator
- Separator for CSV created by 'list' operation (Default Value: ,)
- delay
- Wait X seconds before fencing is started (Default Value: 0)
- disable_timeout
- Disable timeout (true/false) (default: true when run from Pacemaker 2.0+)
- login_timeout
- Wait X seconds for cmd prompt after login (Default Value: 5)
- power_timeout
- Test X seconds for status change after ON/OFF (Default Value: 20)
- power_wait
- Wait X seconds after issuing ON/OFF (Default Value: 0)
- shell_timeout
- Wait X seconds for cmd prompt after issuing command (Default Value: 3)
- stonith_status_sleep
- Sleep X seconds between status calls during a STONITH action (Default Value: 1)
- retry_on
- Count of attempts to retry power on (Default Value: 1)
| 2009-10-20 | fence_aws_vpc_net (Fence Agent) |