This post will illustrate the fencing policy for a cluster.

Enable fencing

By default, fencing is enabled on the cluster. However, it can be disabled if it is required. If this option is disabled, that means it will complete disabling fencing for hosts in the cluster. This is usable in the situation when there are temporary network issues between engine and hosts (for example during switch replacement), so you can disable fencing, replace the switch and when the connection is restored, enable fencing again. Please note that if fencing is disabled, highly available virtual machines running on non-responsive hosts will not be restarted elsewhere.

Skip fencing if host has live lease on storage

If this checkbox is selected, any hosts in the cluster that are not responsive and still connected to storage will not be fenced. When the host is connected to storage it has to renew its storage lease at least every 60 secs, so if the option is enabled and the engine tries to fence the host using a fence proxy (another host in cluster/DC which has a good connection), fence proxy checks if non-responsive host renewed its storage lease in the last HostStorageLeaseAliveCheckingInterval 90 secs, which make sure not execute fencing before the host is non-responsive for a longer time. And if the lease was renewed, fencing is aborted. HostStorageLeaseAliveCheckingInterval is the interval in seconds after which is safe to check host storage lease status when the host stopped responding to monitoring. You can check the HostStorageLeaseAliveCheckingInterval settings with the below command:

$ /usr/share/ovirt-engine/dbscripts/ -c "select option_name,default_value,option_value,version from vdc_options where option_name="HostStorageLeaseAliveCheckingInterval";"

                      option_name           | default_value | option_value  | version
    HostStorageLeaseAliveCheckingInterval   |      90       |       90      | general
(1 row)

Skip fencing on cluster connectivity issues

If this checkbox is selected, fencing will be temporarily disabled if the percentage of hosts in the cluster that are experiencing connectivity issues is greater than or equal to the defined Threshold. The Threshold available values are 25, 50, 75, and 100. This option is useless in clusters with less than 3 hosts.