HOME
Skills & Experience
Current Threats & Trends
Articles
- Identity & Access Management (IAM)Secure access with SSH keys, sudo, PAM, and cloud IAM roles.
- Automation & MonitoringStreamline operations with Ansible workflows, logging pipelines, and proactive monitoring.
- Backups & DRProtect data and maintain continuity with resilient backup and recovery strategies.
- Cloud SecurityDefend AWS and hybrid environments with strong identity, policy, and monitoring controls.
- AI SecurityPractical security engineering for LLMs and autonomous agents – risks, controls, architectures, and incident playbooks.
- System HardeningSecure Linux systems through patching, CIS benchmarks, and OS lockdown.
- Tools & CheatsheetsPractical quick-reference guides for Linux and cloud security administrators.
Lab Projects
Resources
About
Contact

Cluster fencing 101: why it prevents split-brain

September 12, 2025October 2, 2025 by Admin

Last updated: 20 Aug 2025

Definition: Fencing is how a cluster forcibly removes a failed/partitioned node to protect data. No fencing, no integrity.

Types

Power fencing (IPMI/iDRAC/iLO, PDUs): power-off the node.
Fabric fencing (SAN switch, SBD): cut disk or path access.

Minimal Pacemaker baseline

# Enable fencing
crm configure property stonith-enabled=true

# Example IPMI fence device (adjust params)
crm configure primitive fence-node1 stonith:external/ipmi \
  params ipaddr=10.0.10.11 login=admin passwd=REDACTED \
  op monitor interval=60s

Runbook (operators)

Confirm node state; do not manually power-on a fenced node until cleared.
Check logs: why fenced? power? storage? comms?
Recover node offline; rejoin only after health checks pass.

Testing

Simulate node failure in maintenance window; verify STONITH executes.
Prove service failover; record timings.