IPMI / STONITH howto with Pacemaker

With Dell kit of 1950/860 and newer, I’m using the built in IPMI-over-LAN in the BIOS for stonith instead of messing with DRAC5 or more complicated means. It’s easy to configure on it’s own IP and it just plain works.

First, a security note with people who have their machines on a “public” network: You’ll want to disable or set a password for the ‘null’ default user for ipmi. This may be done for you in recent versions of dell firmware, but it isn’t on some older stuff. Also, IPMI v. 1.5 doesn’t do encryption by default; you’ll want to make sure you set an encryption key in the bios settings and then use that when you connect (with the lanplus interface, and I have no idea what the syntax is with the stonith resource agent…) or you’ll be sending your authentication information “in the clear”. Since you need to have ADMINISTRATOR permission to reboot the machine as far as I know, you will want to make sure you have this secured… or anyone who’s sniffing can power your machines off at will.

You can test the sequence by using ipmitool. ipmitool -H (ip address) -U (user) -a chassis power cycle should cause your server to reboot after you enter the password. Please test this first.

Now all you need to do is add a configuration to your cluster. Using the pacemaker clm command line tool, just go configure primitive (host)-stonith stonith:external/ipmi \
params hostname=(host) ipaddr=(ip address) user=(user) passwd=(password) interface=lan. Double check your stonith resource agents to be sure of the syntax. ( crm# ra meta external/ipmi stonith )

You’ll want to add constraints (out of the scope of this document, since it depends on your cluster design) so that a host won’t have it’s own stonith running on it. Although I’m thinking that a game of stonith-based russian roulette would be kinda fun as a computer art installation someday.