Currently, Pacemaker assumes that fencing the node running a guest node takes down the guest node as well. That's not true for all virtualization technologies, so currently we just document the limitation.

It would be nice to allow guest nodes that need separate fencing. Perhaps we could have a new resource metadata option remote-with-hypervisor=true/false, and allow fence devices to be configured for guest when false.