I added the Linux Fence Agent Role to the VM and fence_azure_arm command works from the command line.
Note that you do not need to add the subscription id or any other info from the command line. So, when you add the Role to allow fencing in the VM, it simplifies the usage. This is on a RHEL 9.3 OS image.
AZ_GRP_ID=az group show -n ${MYGRP} --query id --output tsv 2>/dev/null
VM_MSI_ID=az vm identity show --name ${VM_HOSTNAME} -g ${MYGRP} --query 'principalId' --output tsv 2>/dev/null
az role assignment create --role "Linux Fence Agent Role" --assignee-object-id "${VM_MSI_ID}" --scope ${AZ_GRP_ID}
I added the Linux Fence Agent Role to the VM and fence_azure_arm command works from the command line.
Note that you do not need to add the subscription id or any other info from the command line. So, when you add the Role to allow fencing in the VM, it simplifies the usage. This is on a RHEL 9.3 OS image.
AZ_GRP_ID=
az group show -n ${MYGRP} --query id --output tsv 2>/dev/null
VM_MSI_ID=
az vm identity show --name ${VM_HOSTNAME} -g ${MYGRP} --query 'principalId' --output tsv 2>/dev/null
az role assignment create --role "Linux Fence Agent Role" --assignee-object-id "${VM_MSI_ID}" --scope ${AZ_GRP_ID}
[root@r9p2clazpn1 azureuser]# fence_azure_arm --resourceGroup MYGRP -msi -n r9p2clazpn1 -o list r9p2clazpn1, r9p2clazpn2, [root@r9p2clazpn1 azureuser]# fence_azure_arm --resourceGroup MYGRP --msi -n r9p2clazpn2 -o list r9p2clazpn1, r9p2clazpn2,
[azureuser@r9p2clazpn1 ~]$ sudo pcs stonith config vmfence1 Resource: vmfence1 (class=stonith type=fence_azure_arm) Attributes: vmfence1-instance_attributes msi=true pcmk_action_limit=3 pcmk_delay_max=15 pcmk_host_list=r9p2clazpn1 pcmk_host_map=r9p2clazpn1: pcmk_monitor_retries=4 pcmk_monitor_timeout=120 pcmk_reboot_timeout=900 power_timeout=240 resourceGroup=MYGRP Operations: monitor: vmfence1-monitor-interval-3600 interval=3600
[azureuser@r9p2clazpn1 ~]$ sudo pcs status Cluster name: r9p2clazp Cluster Summary:
Node List:
Full List of Resources:
Daemon Status: corosync: active/enabled pacemaker: active/enabled pcsd: active/enabled
[azureuser@r9p2clazpn1 ~]$ rpm -qa|grep fence|sort fence-agents-azure-arm-4.10.0-55.el9.x86_64 fence-agents-common-4.10.0-55.el9.noarch