This article is intended to guide you through enabling STONITH/fencing in a VMware guest cluster using the fence_vmware_soap API.
Presently, for fencing VMware VMs we suggest the fence_vmware_soap agent. This utilizes the VMware SOAP API. There is also a fence_vmware_rest stonith agent that utilizes the REST API. Both are currently maintained and should work. We're just more familiar with the SOAP stonith agent as it's the older of the two.
Firstly call the stonith agent directly from a cluster node to confirm communication with the hypervisor.
# fence_vmware_soap -a <vcenter_ip> -l <center_username> -p <vcenter_passwd> --ssl-insecure -o list
This should output all the VMs running, and from within this output you should be able to find the cluster nodes. Note these names as you'll need them for the next step.
Once confirmed, configure the stonith resources within the cluster.
# crm configure primitive st_vmware_soap stonith:fence_vmware_soap \
params ipaddr="<vcenter_ip>" login="<center_username>" \
passwd="<vcenter_passwd>" ssl="1" \
pcmk_host_map="><pacemaker_node_nameA:vcenter_vmware_nameA;pacemaker_node_nameB:vcenter_vmware_nameB>" \
op start interval="0" timeout="60" \
op stop interval="0" timeout="60" \
op monitor interval="1800" timeout="60"
Assuming that resource started without issue, then test actual fencing and make sure both nodes get rebooted.
# crm node fence <pacemaker_node_nameA>
Reviewed 2020/12/01 - DGT