Fencing, or stonith (shoot the other node in the head), is used to protect data in the event that nodes become unresponsive. If a node fails to respond, it may still be accessing data. To ensure that your data is safe, you can use fencing to prevent a live node from accessing data until the original node is truly offline. To accomplish this task, you must configure a device that can ensure a node is taken offline. There are a number of available fencing agents that can be configured for this purpose. In general, stonith relies on particular hardware and service protocols that can force reboot or shutdown nodes physically to protect the cluster.

The following are different configurations that use some available fencing agents. Note that these examples make certain presumptions about hardware and assume that you already know how to set up, configure, and use the affected hardware. The following examples are provided for basic guidance only. It is recommended that you also refer to upstream documentation to familiarize yourself with some of the concepts that are presented in this documentation.

Before proceeding with any of the following configurations, ensure that stonith is enabled for your cluster configuration:

sudo pcs property set stonith-enabled=true

After configuring stonith, run the following commands to check your configuration and ensure that it is set up correctly:

sudo pcs stonith config
sudo pcs cluster verify --full

To check the status of your stonith configuration, run the following command:

sudo pcs stonith

To check the status of your cluster, run the following command:

sudo pcs status