Documentos de Académico
Documentos de Profesional
Documentos de Cultura
Andrew Beekhof
andrew@beekhof.net http://clusterlabs.org/mw/Image:Conguration_Explained.pdf
Table of Contents
Read-Me-First
The Scope of this Document
Formatting conventions used in this document
What Is Pacemaker?
Types of Pacemaker Clusters
Pacemaker Architecture
v v v vi vi ix 1 1 5 6 9 10 10 10 10 11 12 13 14 14
i
Installation
OS Installation
Cluster Software Installation
Install the Cluster Software
Security Shortcuts
Setup
Before You Continue
Finalize Node Conguration
Finalize Networking
Congure SSH
Short Node Names
Conguring OpenAIS
Propagate the Conguration
Verify OpenAIS Installation
Cluster from Scratch - DRBD, GFS2 and Apache on Fedora 12
15 16 19 19 21 22 23 25 27 27 29 30 31 32 33 34 35 36 36 39 44 46 46 47 48
ii
Populate DRBD with Data Congure the Cluster for DRBD Testing Migration
50 51 55 57 57 59 59 60 63 63 64 65 67 70 71 71 71 71 72 74 74 75 75 75 75
iii
Conversion to Active/Active
Install a Cluster Filesystem - GFS2
Setup Pacemaker-GFS2 Integration
Add the DLM service
Add the GFS2 service
Create a GFS2 Filesystem
Preparation
Create and Populate an GFS2 Partition
Recongure the Cluster for GFS2
Recongure Pacemaker for Active/Active
Recovery
Congure STONITH
Why You Need STONITH
What STONITH Device Should You Use
Conguring STONITH
Example
Conguration Recap
Final Cluster Conguration
Node List
Cluster Options
Resources
Default Options
Cluster from Scratch - DRBD, GFS2 and Apache on Fedora 12
Fencing Service Address Distributed lock manager Oracle control daemon DRBD - Shared Storage Cluster Filesystem Apache
75 76 76 76 76 76 77 78 79 81
iv
Read-Me-First
The Scope of this Document
The purpose of this document is to provide a start-to-nish guide to building an example active/passive cluster with Pacemaker and show how it can be converted to an active/active one. The example cluster will use: Fedora 11 as the host operating system OpenAIS to provide messaging and membership services, Pacemaker to perform resource management, DRBD as a cost-effective alternative to shared storage, GFS2 as the cluster lesystem (in active/active mode) The crm shell for displaying the conguration and making changes Given the graphical nature of the Fedora install process, a number of screenshots are included. However the guide is primarily composed of commands, the reasons for executing them and their expected outputs.
If a command is listed and not followed by any output, then it should be assumed that the command does not produce any.
What Is Pacemaker?
Pacemaker is a cluster resource manager. It achieves maximum availability for your cluster services (aka. resources) by detecting and recovering from node and resource-level failures by making use of the messaging and membership capabilities provided by your preferred cluster infrastructure (either OpenAIS or Heartbeat). Pacemakers key features include: Detection and recovery of node and service-level failures Storage agnostic, no requirement for shared storage Resource agnostic, anything that can be scripted can be clustered Support for both large and small clusters Optionally ensure data integrity with STONITH Ability to specify cluster-wide service ordering, colocation and anti-colocation Support for services which need to be active on multiple nodes Support for services with multiple modes (eg. master/slave, primary/secondary) Unied, scriptable, cluster shell
vi
By supporting many nodes, Pacemaker can dramatically reduce hardware costs by allowing several active/ passive clusters to be combined and share a common backup node
When shared storage is available, every node can potentially be used for failover. Pacemaker can even run multiple copies of services to spread out the workload.
vii
viii
Pacemaker Architecture
At the highest level, the cluster is made up of three pieces: Core cluster infrastructure providing messaging and membership functionality (illustrated in red) Non-cluster aware components (illustrated in blue). In a Pacemaker cluster, these pieces include not only the scripts that knows how to start, stop and monitor resources, but also a local daemon that masks the differences between the different standards these scripts implement. A brain (illustrated in green) that processes and reacts to events from the cluster (nodes leaving or joining) and resources (eg. monitor failures) as well as conguration changes from the administrator. In response to all of these events, Pacemaker will compute the ideal state of the cluster and plot a path to achieve it. This may include moving resources, stopping nodes and even forcing them ofine with remote power switches.
ix
When combined with OpenAIS, Pacemaker also supports popular open source cluster lesystems 1. Due to recent standardization in the cluster lesystem community, they make use of a common distributed lock manager which makes use of OpenAIS for its messaging capabilities and Pacemaker for its membership (which nodes are up/down) and fencing services.
Even though Pacemaker also supports Heartbeat, the lesystems need to use the stack for messaging and membership
and OpenAIS seems to be what theyre standardizing on. Technically it would be possible for them to support Heartbeat as well, however there seems little interest in this. Cluster from Scratch - DRBD, GFS2 and Apache on Fedora 12 x
Installation
OS Installation
Detailed instructions for installing Fedora are available at http://docs.fedoraproject.org/install-guide/f11/ in a number of languages. The abbreviated version is: Point your browser to http://fedoraproject.org/en/get-fedora-all, locate the Install Media section and download the install DVD that matches your hardware. Burn the disk image to a DVD2 and boot from it. Or use the image to boot a virtual machine as I have done here. After clicking through the welcome screen, select your language and keyboard layout 3
2 3
http://docs.fedoraproject.org/readme-burning-isos/ http://docs.fedoraproject.org/install-guide/f11/en-US/html/s1-langselection-x86.html 1
Assign your machine a host name. 4 I happen to control the clusterlabs.org domain name, so I will use that here.
You will then be prompted to indicate the machines physical location and to supply a root password 5. Now select where you want Fedora installed. 6 As I dont care about any existing data, I will accept the default and allow Fedora to use the complete drive. IMPORTANT: If you plan on following the DRBD or GFS2 portions of this guide, you should reserve at least 1Gb of space on each machine from which to create a shared volume.
4 5 6
The next step is to congure networking. Do not accept the default. Cluster machines should never obtain an ip address via DHCP. Here I will use the internal addresses for the clusterlab.org network.
Next choose which software should be installed. Deselect the default Ofce and Productivity as its not appropriate for a cluster node. Well install any needed software later. After you click next, Fedora will begin installing.
Once the node reboots, follow the on screen instructions 7 to create a system user and congure the time. It is highly recommended to enable NTP on your cluster nodes. Doing so ensures all nodes agree on the current time and makes reading log les signicantly easier.
Click through the next screens until you reach the login window. Click on the user you created and supply the password you indicated earlier.
http://docs.fedoraproject.org/install-guide/f11/en-US/html/ch-rstboot.html 4
been accepted into the distribution. However for now there are still some hoops to jump through. Start a terminal by going to Applications -> System Tools -> Terminal
That was the last screenshot by the way, from here on in were going to be working from the terminal. Switch to the super user account. You will need to supply the password you entered earlier during the installation process. su [beekhof@pcmk-1 ~]$ su Password: [root@pcmk-1 ~]#
Note that the username (the text before the @ symbol) now indicates were running as the super user root.
perl-TimeDate resource-agents Transaction Summary ======================================================================================= Install Upgrade 23 Package(s) 0 Package(s) noarch x86_64 1:1.16-11.fc12 3.0.5-1.fc12 fedora updates 33 k 251 k
Total download size: 5.9 M Downloading Packages: (1/23): OpenIPMI-libs-2.0.16-4.fc12.x86_64.rpm (2/23): PyXML-0.8.4-15.x86_64.rpm (3/23): cluster-glue-1.0-0.11.b79635605337.hg.fc12.x86_64.rpm (5/23): corosync-1.1.2-1.fc12.x86_64.rpm (6/23): corosynclib-1.1.2-1.fc12.x86_64.rpm (7/23): gnutls-2.8.5-1.fc12.x86_64.rpm (8/23): heartbeat-3.0.0-0.5.0daab7da36a8.hg.fc12.x86_64.rpm (10/23): libesmtp-1.0.4-12.fc12.x86_64.rpm (11/23): libibverbs-1.1.3-3.fc12.x86_64.rpm (12/23): libmlx4-1.0.1-3.fc12.x86_64.rpm (13/23): librdmacm-1.0.10-1.fc12.x86_64.rpm (14/23): libtasn1-2.3-1.fc12.x86_64.rpm (15/23): libtool-ltdl-2.2.6-15.fc12.x86_64.rpm (16/23): libxslt-1.1.26-1.fc12.x86_64.rpm (17/23): lm_sensors-libs-3.1.1-4.fc12.x86_64.rpm (18/23): net-snmp-libs-5.4.2.1-18.fc12.x86_64.rpm (19/23): openhpi-libs-2.14.0-5.fc12.x86_64.rpm (20/23): pacemaker-1.1.0-1.fc12.x86_64.rpm (21/23): pacemaker-libs-1.1.0-1.fc12.x86_64.rpm (22/23): perl-TimeDate-1.16-11.fc12.noarch.rpm (23/23): resource-agents-3.0.5-1.fc12.x86_64.rpm Total Running rpm_check_debug Running Transaction Test Finished Transaction Test Transaction Test Succeeded Running Transaction Installing Installing Installing Installing Installing Installing Installing Installing Installing Installing Installing Installing Installing Installing Installing Installing Installing : libtool-ltdl-2.2.6-15.fc12.x86_64 : lm_sensors-libs-3.1.1-4.fc12.x86_64 : 1:net-snmp-libs-5.4.2.1-18.fc12.x86_64 : libxslt-1.1.26-1.fc12.x86_64 : openhpi-libs-2.14.0-5.fc12.x86_64 : PyXML-0.8.4-15.x86_64 : libesmtp-1.0.4-12.fc12.x86_64 : OpenIPMI-libs-2.0.16-4.fc12.x86_64 : libtasn1-2.3-1.fc12.x86_64 : gnutls-2.8.5-1.fc12.x86_64 : 1:perl-TimeDate-1.16-11.fc12.noarch : cluster-glue-libs-1.0-0.11.b79635605337.hg.fc12.x86_64 : cluster-glue-1.0-0.11.b79635605337.hg.fc12.x86_64 : libibverbs-1.1.3-3.fc12.x86_64 : resource-agents-3.0.5-1.fc12.x86_64 : librdmacm-1.0.10-1.fc12.x86_64 : corosynclib-1.1.2-1.fc12.x86_64 1/23 2/23 3/23 4/23 5/23 6/23 7/23 8/23 9/23 10/23 11/23 12/23 13/23 14/23 15/23 16/23 17/23 | 434 kB | 808 kB | 222 kB | 144 kB | 138 kB | 350 kB | 172 kB | | | | | | 54 kB 42 kB 26 kB 22 kB 44 kB 36 kB 00:00 00:00 00:00 00:00 00:00 00:00 00:00 00:00 00:00 00:00 00:00 00:00 00:00 00:00 00:00 00:00 00:00 00:00 00:00 00:00 00:00 00:00 00:00 00:06
| 232 kB | 397 kB | 1.3 MB | 128 kB | 545 kB | 250 kB | 33 kB | 251 kB 894 kB/s | 5.9 MB
---------------------------------------------------------------------------------------
Installing Installing Installing Installing Installing Installing Installed: pacemaker.x86_64 0:1.1.0-1.fc12 Dependency Installed: OpenIPMI-libs.x86_64 0:2.0.16-4.fc12 PyXML.x86_64 0:0.8.4-15 cluster-glue.x86_64 0:1.0-0.11.b79635605337.hg.fc12 cluster-glue-libs.x86_64 0:1.0-0.11.b79635605337.hg.fc12 corosync.x86_64 0:1.1.2-1.fc12 corosynclib.x86_64 0:1.1.2-1.fc12 gnutls.x86_64 0:2.8.5-1.fc12 heartbeat.x86_64 0:3.0.0-0.5.0daab7da36a8.hg.fc12 heartbeat-libs.x86_64 0:3.0.0-0.5.0daab7da36a8.hg.fc12 libesmtp.x86_64 0:1.0.4-12.fc12 libibverbs.x86_64 0:1.1.3-3.fc12 libmlx4.x86_64 0:1.0.1-3.fc12 librdmacm.x86_64 0:1.0.10-1.fc12 libtasn1.x86_64 0:2.3-1.fc12 libtool-ltdl.x86_64 0:2.2.6-15.fc12 libxslt.x86_64 0:1.1.26-1.fc12 lm_sensors-libs.x86_64 0:3.1.1-4.fc12 net-snmp-libs.x86_64 1:5.4.2.1-18.fc12 openhpi-libs.x86_64 0:2.14.0-5.fc12 pacemaker-libs.x86_64 0:1.1.0-1.fc12 perl-TimeDate.noarch 1:1.16-11.fc12 resource-agents.x86_64 0:3.0.5-1.fc12 Complete! [root@pcmk-1 ~]# : corosync-1.1.2-1.fc12.x86_64 : libmlx4-1.0.1-3.fc12.x86_64 : heartbeat-libs-3.0.0-0.5.0daab7da36a8.hg.fc12.x86_64 : heartbeat-3.0.0-0.5.0daab7da36a8.hg.fc12.x86_64 : pacemaker-1.1.0-1.fc12.x86_64 : pacemaker-libs-1.1.0-1.fc12.x86_64 18/23 19/23 20/23 21/23 22/23 23/23
Security Shortcuts
To simplify this guide and focus on the aspects directly connected to clustering, we will now disable the machines rewall and SELinux installation. Both of these actions create signicant security issues and should not be performed on machines that will be exposed to the outside world. sed -i.gres "s/SELINUX=enforcing/SELINUX=permissive/g" /etc/selinux/config /sbin/chkconfig --del iptables Now reboot all nodes so the new security settings take effect.
Setup
Before You Continue
Repeat the Installation steps so that you have 2 Fedora nodes with the cluster software installed. For the purposes of this document, the additional node is called pcmk-2 with address 19.168.9.42.
Now we need to make sure we can communicate with the machines by their name. If you have a DNS server, add additional entries for the three machines. Otherwise, youll need to add the machines to /etc/hosts . Below are the entries for my cluster nodes: grep test /etc/hosts
[root@pcmk-1 ~]# grep test /etc/hosts 192.168.122.101 pcmk-1.clusterlabs.org pcmk-1 192.168.122.102 pcmk-2.clusterlabs.org pcmk-2
We can now verify the setup by again using ping: ping pcmk-2
[root@pcmk-1 ~]# ping -c 3 pcmk-2 PING pcmk-2.clusterlabs.org (192.168.122.101) 56(84) bytes of data. 64 bytes from pcmk-1.clusterlabs.org (192.168.122.101): icmp_seq=1 ttl=64 time=0.164 ms 64 bytes from pcmk-1.clusterlabs.org (192.168.122.101): icmp_seq=2 ttl=64 time=0.475 ms 64 bytes from pcmk-1.clusterlabs.org (192.168.122.101): icmp_seq=3 ttl=64 time=0.186 ms --- pcmk-2.clusterlabs.org ping statistics --3 packets transmitted, 3 received, 0% packet loss, time 2001ms rtt min/avg/max/mdev = 0.164/0.275/0.475/0.141 ms
10
Congure SSH
SSH is a convenient and secure way to copy les and perform commands remotely. For the purposes of this guide, we will create a key without a password (using the -N option) so that we can perform remote actions without being prompted. NOTE: Unprotected SSH keys, those without a password, are not recommended for servers exposed to the outside world. Create a new key and allow anyone with that key to log in: ssh-keygen -t dsa -f ~/.ssh/id_dsa -N cp .ssh/id_dsa.pub .ssh/authorized_keys
[root@pcmk-1 ~]# ssh-keygen -t dsa -f ~/.ssh/id_dsa -N "" Generating public/private dsa key pair. Your identification has been saved in /root/.ssh/id_dsa. Your public key has been saved in /root/.ssh/id_dsa.pub. The key fingerprint is: 91:09:5c:82:5a:6a:50:08:4e:b2:0c:62:de:cc:74:44 root@pcmk-1.clusterlabs.org The key's randomart image is: +--[ DSA 1024]----+ |==.ooEo.. |X O + .o o | * A | | . | | | | + S + . | | | | | | | | |
Install the key on the other nodes and test that you can now run commands remotely, without being prompted scp -r .ssh pcmk-2: ssh pcmk-2 -- uname -n
[root@pcmk-1 ~]# scp -r .ssh pcmk-2: The authenticity of host 'pcmk-2 (192.168.122.102)' can't be established. RSA key fingerprint is b1:2b:55:93:f1:d9:52:2b:0f:f2:8a:4e:ae:c6:7c:9a. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'pcmk-2,192.168.122.102' (RSA) to the list of known hosts. root@pcmk-2's password: id_dsa.pub id_dsa known_hosts authorized_keys [root@pcmk-1 ~]# ssh pcmk-2 -- uname -n pcmk-2 [root@pcmk-1 ~]# 100% 100% 100% 100% 616 672 400 616 0.6KB/s 0.7KB/s 0.4KB/s 0.6KB/s 00:00 00:00 00:00 00:00
11
The output from the second command is ne, but we really dont need the domain name included in the basic host details. To address this, we need to update /etc/syscong/network. This is what it should look like before we start. cat /etc/sysconfig/network
NETWORKING=yes HOSTNAME=pcmk-1.clusterlabs.org GATEWAY=192.168.9.1
All we need to do now is strip off the domain name portion, which is stored elsewhere anyway. sed -i.gres 's/\.[a-z].*//g' /etc/sysconfig/network
[root@pcmk-1 ~]# sed -i.gres 's/\.[a-z].*//g' /etc/sysconfig/network
Now conrm the change was successful. The revised le contents should look something like this. cat /etc/sysconfig/network
[root@pcmk-1 ~]# cat /etc/sysconfig/network NETWORKING=yes HOSTNAME=pcmk-1 GATEWAY=192.168.9.1
However were not nished. The machine wont normally see the shortened host name until about it reboots, but we can force it to update source /etc/sysconfig/network hostname $HOSTNAME
[root@pcmk-1 ~]# source /etc/sysconfig/network [root@pcmk-1 ~]# hostname $HOSTNAME
Now check the machine is using the correct names uname -n dnsdomainname
[root@pcmk-1 ~]# uname -n pcmk-1 [root@pcmk-1 ~]# dnsdomainname clusterlabs.org
12
Conguring OpenAIS
Choose a port number and multi-cast 8 address 9. Be sure that the values you chose do not conict with any existing clusters you might have. For advice on choosing a multi-cast address, see http://www.29west.com/docs/THPM/multicast-address-assignment.html For this document, I have chosen port 4000 and used 226.94.1.1 as the multi-cast address. export ais_port=4000 export ais_mcast=226.94.1.1 Next we automatically determine the hosts address. By not using the full address, we make the conguration suitable to be copied to other nodes. export ais_addr=`ip addr | grep "inet " | tail -n 1 | awk '{print $4}' | sed s/255/0/` Display and verify the conguration options env | grep ais_
[root@pcmk-1 ~]# env | grep ais_ ais_mcast=226.94.1.1 ais_port=4000 ais_addr=192.168.9.0
Once youre happy with the chosen values, update the OpenAIS conguration cp /etc/corosync/corosync.conf.example /etc/corosync/corosync.conf sed -i.gres "s/.*mcastaddr:.*/mcastaddr:\ $ais_mcast/g" /etc/corosync/corosync.conf sed -i.gres "s/.*mcastport:.*/mcastport:\ $ais_port/g" /etc/corosync/corosync.conf sed -i.gres "s/.*bindnetaddr:.*/bindnetaddr:\ $ais_addr/g" /etc/corosync/corosync.conf
Tell Corosync to run as the root user cat <<-END >>/etc/corosync/corosync.conf aisexec { user: root group: root } END
http://en.wikipedia.org/wiki/Multicast http://en.wikipedia.org/wiki/Multicast_address 13
# Load the Pacemaker Cluster Resource Manager name: pacemaker ver: 0 } END
The nal conguration should look something like the sample in the appendix.
Check the cluster started correctly and that an initial membership was able to form grep -e "Corosync Cluster Engine" -e "configuration file" /var/log/messages grep TOTEM /var/log/messages
[root@pcmk-1 ~]# grep -e "corosync.*network interface" -e "Corosync Cluster Engine" -e "Successfully read main configuration file" /var/log/messages Aug 27 09:05:34 pcmk-1 corosync[1540]: [MAIN provide service. Aug 27 09:05:34 pcmk-1 corosync[1540]: [MAIN corosync.conf'. [root@pcmk-1 ~]# grep TOTEM /var/log/messages Aug 27 09:05:34 pcmk-1 corosync[1540]: [TOTEM ] Initializing transport (UDP/IP). Aug 27 09:05:34 pcmk-1 corosync[1540]: [TOTEM ] Initializing transmit/receive security: libtomcrypt SOBER128/SHA1HMAC (mode 0). Aug 27 09:05:35 pcmk-1 corosync[1540]: [TOTEM ] The network interface [192.168.122.101] is now up. Aug 27 09:05:35 pcmk-1 corosync[1540]: [TOTEM ] A processor joined or left the membership and a new membership was formed. ] Corosync Cluster Engine ('1.1.0'): started and ready to ] Successfully read main configuration file '/etc/corosync/
With one node functional, its now safe to start OpenAIS on the second node as well. ssh pcmk-2 -- /etc/init.d/corosync start
[root@pcmk-1 ~]# ssh pcmk-2 -- /etc/init.d/corosync start Starting Corosync Cluster Engine (corosync): [ OK ]
14
[root@pcmk-1 ~]#
... lots of processes ... 0:01 /usr/sbin/corosync 0:00 0:00 0:00 0:00 0:00 0:00 \_ /usr/lib64/heartbeat/stonithd \_ /usr/lib64/heartbeat/cib \_ /usr/lib64/heartbeat/lrmd \_ /usr/lib64/heartbeat/attrd \_ /usr/lib64/heartbeat/pengine \_ /usr/lib64/heartbeat/crmd
And nally, check for any ERRORs during startup, there shouldnt be any, and display the clusters status. grep ERROR: /var/log/messages | grep -v unpack_resources crm_mon
[root@pcmk-1 ~]# grep ERROR: /var/log/messages | grep -v unpack_resources [root@pcmk-1 ~]# crm_mon ============ Last updated: Thu Aug 27 16:54:55 2009
15
Stack: openais Current DC: pcmk-1 - partition with quorum Version: 1.0.5-462f1569a43740667daf7b0f6b521742e9eb8fa7 2 Nodes configured, 2 expected votes 0 Resources configured. ============ Online: [ pcmk-1 pcmk-2 ]
The primary tool for monitoring the status of the cluster is crm_mon (also available as crm status). It can be run in a variety of modes and has a number of output options. To nd out about any of the tools that come with Pacemaker, simply invoke them with the --help option or consult the included man pages. Both sets of output are created from the tool, and so will always be in sync with each other and the tool itself. Additionally, the Pacemaker version and supported cluster stack(s) is available via the --version option. crm_mon --version
16
crm_mon --help
[root@pcmk-1 ~]# crm_mon --version crm_mon 1.0.5 for OpenAIS and Heartbeat (Build: 462f1569a43740667daf7b0f6b521742e9eb8fa7) Written by Andrew Beekhof [root@pcmk-1 ~]# crm_mon --help crm_mon - Provides a summary of cluster's current state. Outputs varying levels of detail in a number of different formats. Usage: crm_mon mode [options] Options: -?, --help -$, --version -V, --verbose Modes: -h, --as-html=value -w, --web-cgi -s, --simple-status -T, --mail-to=value Display Options: -n, --group-by-node -r, --inactive -f, --failcounts -o, --operations -t, --timing-details Group resources by node Display resource fail counts Display resource operation history Display resource operation history with timing details Display inactive resources Write cluster status to the named file Web mode with output suitable for cgi Display the cluster status once as a simple one line output (suitable for nagios) Send Mail alerts to this user. See also --mail-from, --mail-host, --mail-prefix This text Version information Increase debug output
Additional Options: -i, --interval=value -1, --one-shot -N, --disable-ncurses -d, --daemonize -p, --pid-file=value -F, --mail-from=value -H, --mail-host=value -P, --mail-prefix=value -E, --external-agent=value Update frequency in seconds Display the cluster status once on the console and exit Disable the use of ncurses Run in the background as a daemon (Advanced) Daemon pid file location Mail alerts should come from the named user Mail alerts should be sent via the named host Subjects for mail alerts should start with this string A program to run when resource operations take place. A recipient for your program (assuming you want the program to send
Display the clusters status on the console with updates as they occur: # crm_mon Display the clusters status on the console just once then exit: # crm_mon Display your clusters status, group resources by node, and include inactive resources in the list: # crm_mon --group-by-node --inactive
17
Start crm_mon as a background daemon and have it write the clusters status to an HTML file: # crm_mon --daemonize --as-html /path/to/docroot/filename.html Start crm_mon as a background daemon and have it send email alerts: # crm_mon --daemonize --mail-to user@example.com --mail-host mail.example.com Start crm_mon as a background daemon and have it send SNMP alerts: # crm_mon --daemonize --snmp-traps snmptrapd.example.com
18
For those that are not of afraid of XML, you can see the raw conguration by appending xml to the previous command. crm configure show xml
[root@pcmk-2 ~]# crm configure show xml <?xml version="1.0" ?> <cib admin_epoch="0" crm_feature_set="3.0.1" dc-uuid="pcmk-1" epoch="13" have-quorum="1" num_updates="7" validate-with="pacemaker-1.0"> <configuration> <crm_config> <cluster_property_set id="cib-bootstrap-options"> <nvpair id="cib-bootstrap-options-dc-version" name="dc-version" value="1.0.5-462f1569a43740667daf7b0f6b521742e9eb8fa7"/> <nvpair id="cib-bootstrap-options-cluster-infrastructure" name="cluster-infrastructure" value="openais"/> <nvpair id="cib-bootstrap-options-expected-quorum-votes" name="expected-quorum-votes" value="2"/> </cluster_property_set> </crm_config> <rsc_defaults/> <op_defaults/> <nodes> <node id="pcmk-1" type="normal" uname="pcmk-1"/> <node id="pcmk-2" type="normal" uname="pcmk-2"/> </nodes> <resources/> <constraints/> </configuration> </cib>
19
Before we make any changes, its a good idea to check the validity of the conguration. crm_verify -L
[root@pcmk-1 ~]# crm_verify -L crm_verify[2195]: 2009/08/27_16:57:12 ERROR: unpack_resources: Resource start-up disabled since no STONITH resources have been defined crm_verify[2195]: 2009/08/27_16:57:12 ERROR: unpack_resources: Either configure some or disable STONITH with the stonith-enabled option crm_verify[2195]: 2009/08/27_16:57:12 ERROR: unpack_resources: NOTE: Clusters with shared data need STONITH to ensure data integrity Errors found during check: config not valid -V may provide more details [root@pcmk-1 ~]#
As you can see, the tool has found some errors. In order to guarantee the safety of your data 10, Pacemaker ships with STONITH11 enabled. However it also knows when no STONITH conguration has been supplied and reports this as a problem (since the cluster would not be able to make progress if a situation requiring node fencing arose). For now, we will disable this feature and congure it later in the Conguring STONITH section. It is important to note that the use of STONITH is highly encouraged, turning it off tells the cluster to simply pretend that failed nodes are safely powered off. Some vendors will even refuse to support clusters that have it disabled. To disable STONITH, we set the stonith-enabled cluster option to false. crm configure property stonith-enabled=false crm_verify -L
[root@pcmk-1 ~]# crm configure property stonith-enabled=false [root@pcmk-1 ~]# crm_verify -L [root@pcmk-1 ~]#
With the new cluster option set, the conguration is now valid.
10 11
If the data is corrupt, there is little point in continuing to make it available A common node fencing mechanism. Used to ensure data integrity by powering off bad nodes. 20
Adding a Resource
The rst thing we should do is congure an IP address. Regardless of where the cluster service(s) are running, we need a consistent address to contact them on. Here I will choose and add 192.168.9.101 as the oating address, give it the imaginative name ClusterIP and tell the cluster to check that its running every 30 seconds. Important: The chosen address must not be one already associated with a physical node crm configure primitive ClusterIP ocf:heartbeat:IPaddr2 \ params ip=192.168.9.101 cidr_netmask=32 \ op monitor interval=30s The other important piece of information here is ocf:heartbeat:IPaddr2. This tells Pacemaker three things about the resource you want to add. The rst eld, ocf, is the standard to which the resource script conforms to and where to nd it. The second eld is specic to OCF resources and tells the cluster which namespace to nd the resource script in, in this case heartbeat. The last eld indicates the name of the resource script. To obtain a list of the available resource classes, run crm ra classes
[root@pcmk-1 ~]# crm ra classes heartbeat lsb ocf / heartbeat pacemaker stonith
To then nd all the OCF resource agents provided by Pacemaker and Heartbeat, run crm ra list ocf heartbeat crm ra list ocf pacemaker
[root@pcmk-1 ~]# crm ra list ocf pacemaker ClusterMon ping AoEtarget Dummy ICP LVM ManageVE SAPDatabase SphinxSearchDaemon VIPArip WinPopup apache iSCSILogicalUnit ldirectord oracle portblock tomcat [root@pcmk-1 ~]# Dummy pingd AudibleAlarm EvmsSCC IPaddr LinuxSCSI Pure-FTPd SAPInstance Squid VirtualDomain Xen db2 iSCSITarget mysql oralsnr rsyncd vmware ClusterMon Evmsd IPaddr2 MailTo Raid1 SendArp Stateful WAS Xinetd drbd ids mysql-proxy pgsql scsi2reservation Delay Filesystem IPsrcaddr ManageRAID Route ServeRAID SysInfo WAS6 anything eDir88 iscsi nfsserver pingd sfex Stateful SysInfo SystemHealth controld
21
Now verify that the IP resource has been added and display the clusters status to see that it is now active. crm configure show crm_mon
[root@pcmk-1 ~]# crm configure show node pcmk-1 node pcmk-2 primitive ClusterIP ocf:heartbeat:IPaddr2 \ params ip="192.168.9.101" cidr_netmask="32" \ op monitor interval="30s" property $id="cib-bootstrap-options" \ dc-version="1.0.5-462f1569a43740667daf7b0f6b521742e9eb8fa7" \ cluster-infrastructure="openais" \ expected-quorum-votes="2" \ stonith-enabled="false" \ [root@pcmk-1 ~]# crm_mon ============ Last updated: Fri Aug 28 15:23:48 2009 Stack: openais Current DC: pcmk-1 - partition with quorum Version: 1.0.5-462f1569a43740667daf7b0f6b521742e9eb8fa7 2 Nodes configured, 2 expected votes 1 Resources configured. ============ Online: [ pcmk-1 pcmk-2 ] ClusterIP (ocf::heartbeat:IPaddr): Started pcmk-1
Perform a Failover
Being a high-availability cluster, we should test failover of our new resource before moving on. First, nd the node on which the IP address is running. crm resource status ClusterIP
[root@pcmk-1 ~]# crm resource status ClusterIP resource ClusterIP is running on: pcmk-1 [root@pcmk-1 ~]#
22
Once OpenAIS is no longer running, go to the other node and check the cluster status with crm_mon.
[root@pcmk-2 ~]# crm_mon ============ Last updated: Fri Aug 28 15:27:35 2009 Stack: openais Current DC: pcmk-2 - partition WITHOUT quorum Version: 1.0.5-462f1569a43740667daf7b0f6b521742e9eb8fa7 2 Nodes configured, 2 expected votes 1 Resources configured. ============ Online: [ pcmk-2 ] OFFLINE: [ pcmk-1 ]
There are three things to notice about the clusters current state. The rst is that, as expected, pcmk-1 is now ofine. However we can also see that ClusterIP isnt running anywhere!
Therefore a two-node cluster only has quorum when both nodes are running, which is no longer the case for our cluster. This would normally make the creation of a two-node cluster pointless 12, however it is possible to control how Pacemaker behaves when quorum is lost. In particular, we can tell the cluster to simply ignore quorum altogether. crm configure property no-quorum-policy=ignore crm configure show
[root@pcmk-1 ~]# crm configure property no-quorum-policy=ignore [root@pcmk-1 ~]# crm configure show node pcmk-1 node pcmk-2 primitive ClusterIP ocf:heartbeat:IPaddr2 \ params ip="192.168.9.101" cidr_netmask="32" \ op monitor interval="30s" property $id="cib-bootstrap-options" \ dc-version="1.0.5-462f1569a43740667daf7b0f6b521742e9eb8fa7" \ cluster-infrastructure="openais" \ expected-quorum-votes="2" \ stonith-enabled="false" \ no-quorum-policy="ignore"
12
Actually some would argue that two-node clusters are always pointless, but that is an argument for another time. 23
After a few moments, the cluster will start the IP address on the remaining node. Note that the cluster still does not have quorum.
[root@pcmk-2 ~]# crm_mon ============ Last updated: Fri Aug 28 15:30:18 2009 Stack: openais Current DC: pcmk-2 - partition WITHOUT quorum Version: 1.0.5-462f1569a43740667daf7b0f6b521742e9eb8fa7 2 Nodes configured, 2 expected votes 1 Resources configured. ============ Online: [ pcmk-2 ] OFFLINE: [ pcmk-1 ] ClusterIP (ocf::heartbeat:IPaddr): Started pcmk-2
Now simulate node recovery by restarting the cluster stack on pcmk-1 and check the clusters status. /etc/init.d/corosync start crm_mon
[root@pcmk-1 ~]# /etc/init.d/corosync start Starting Corosync Cluster Engine (corosync): [root@pcmk-1 ~]# crm_mon ============ Last updated: Fri Aug 28 15:32:13 2009 Stack: openais Current DC: pcmk-2 - partition with quorum Version: 1.0.5-462f1569a43740667daf7b0f6b521742e9eb8fa7 2 Nodes configured, 2 expected votes 1 Resources configured. ============ Online: [ pcmk-1 pcmk-2 ] ClusterIP (ocf::heartbeat:IPaddr): Started pcmk-1 [ OK ]
Here we see something that some may consider surprising, the IP is back running at its original location!
24
If we now retry the failover test, we see that as expected ClusterIP still moves to pcmk-2 when pcmk-1 is taken ofine. ssh pcmk-1 -- /etc/init.d/corosync stop ssh pcmk-2 -- crm_mon -1
[root@pcmk-1 ~]# ssh pcmk-1 -- /etc/init.d/corosync stop Stopping Corosync Cluster Engine (corosync): Waiting for services to unload: [root@pcmk-1 ~]# ssh pcmk-2 -- crm_mon -1 ============ Last updated: Fri Aug 28 15:39:38 2009 Stack: openais Current DC: pcmk-2 - partition WITHOUT quorum Version: 1.0.5-462f1569a43740667daf7b0f6b521742e9eb8fa7 2 Nodes configured, 2 expected votes 1 Resources configured. ============ Online: [ pcmk-2 ] [ [ OK OK ] ]
13
It should be noted that Pacemakers denition of optimal may not always agree with that of a humans. The order in which
Pacemaker processes lists of resources and nodes create implicit preferences (required in order to create a stabile solution) in situations where the administrator had not explicitly specied some. Cluster from Scratch - DRBD, GFS2 and Apache on Fedora 12 25
OFFLINE: [ pcmk-1 ] ClusterIP (ocf::heartbeat:IPaddr): Started pcmk-2
However when we bring pcmk-1 back online, ClusterIP now remains running on pcmk-2.
[root@pcmk-1 ~]# /etc/init.d/corosync start Starting Corosync Cluster Engine (corosync): [root@pcmk-1 ~]# crm_mon ============ Last updated: Fri Aug 28 15:41:23 2009 Stack: openais Current DC: pcmk-2 - partition with quorum Version: 1.0.5-462f1569a43740667daf7b0f6b521742e9eb8fa7 2 Nodes configured, 2 expected votes 1 Resources configured. ============ Online: [ pcmk-1 pcmk-2 ] ClusterIP (ocf::heartbeat:IPaddr): Started pcmk-2 [ OK ]
26
Installation
Before continuing, we need to make sure Apache is installed on both hosts. yum install -y httpd
[root@ppcmk-1 ~]# yum install -y httpd Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package httpd.x86_64 0:2.2.13-2.fc12 set to be updated --> Processing Dependency: httpd-tools = 2.2.13-2.fc12 for package: httpd-2.2.13-2.fc12.x86_64 --> Processing Dependency: apr-util-ldap for package: httpd-2.2.13-2.fc12.x86_64 --> Processing Dependency: /etc/mime.types for package: httpd-2.2.13-2.fc12.x86_64 --> Processing Dependency: libaprutil-1.so.0()(64bit) for package: httpd-2.2.13-2.fc12.x86_64 --> Processing Dependency: libapr-1.so.0()(64bit) for package: httpd-2.2.13-2.fc12.x86_64 --> Running transaction check ---> Package apr.x86_64 0:1.3.9-2.fc12 set to be updated ---> Package apr-util.x86_64 0:1.3.9-2.fc12 set to be updated ---> Package apr-util-ldap.x86_64 0:1.3.9-2.fc12 set to be updated ---> Package httpd-tools.x86_64 0:2.2.13-2.fc12 set to be updated ---> Package mailcap.noarch 0:2.1.30-1.fc12 set to be updated --> Finished Dependency Resolution Dependencies Resolved ============================================================================================================ Package Installing: httpd Installing for dependencies: apr apr-util apr-util-ldap httpd-tools mailcap Transaction Summary ============================================================================================================ Install Upgrade 6 Package(s) 0 Package(s) x86_64 x86_64 x86_64 x86_64 noarch 1.3.9-2.fc12 1.3.9-2.fc12 1.3.9-2.fc12 2.2.13-2.fc12 2.1.30-1.fc12 rawhide rawhide rawhide rawhide rawhide 117 k 84 k 15 k 63 k 25 k x86_64 2.2.13-2.fc12 rawhide 735 k Arch Version Repository Size ============================================================================================================
27
Downloading Packages: (1/6): apr-1.3.9-2.fc12.x86_64.rpm (2/6): apr-util-1.3.9-2.fc12.x86_64.rpm (3/6): apr-util-ldap-1.3.9-2.fc12.x86_64.rpm (4/6): httpd-2.2.13-2.fc12.x86_64.rpm (5/6): httpd-tools-2.2.13-2.fc12.x86_64.rpm (6/6): mailcap-2.1.30-1.fc12.noarch.rpm Total Running rpm_check_debug Running Transaction Test Finished Transaction Test Transaction Test Succeeded Running Transaction Installing Installing Installing Installing Installing Installing Installed: httpd.x86_64 0:2.2.13-2.fc12 Dependency Installed: apr.x86_64 0:1.3.9-2.fc12 httpd-tools.x86_64 0:2.2.13-2.fc12 Complete! [root@pcmk-1 ~]# apr-util.x86_64 0:1.3.9-2.fc12 mailcap.noarch 0:2.1.30-1.fc12 : apr-1.3.9-2.fc12.x86_64 : apr-util-1.3.9-2.fc12.x86_64 : apr-util-ldap-1.3.9-2.fc12.x86_64 : httpd-tools-2.2.13-2.fc12.x86_64 : mailcap-2.1.30-1.fc12.noarch : httpd-2.2.13-2.fc12.x86_64
| 117 kB | | | | 84 kB 15 kB 63 kB 25 kB
| 735 kB
apr-util-ldap.x86_64 0:1.3.9-2.fc12
Also, we need the wget tool in order for the cluster to be able to check the status of the Apache server. yum install -y wget
[root@pcmk-1 ~]# yum install -y wget Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package wget.x86_64 0:1.11.4-5.fc12 set to be updated --> Finished Dependency Resolution Dependencies Resolved ============================================================================================================ Package Installing: wget Transaction Summary ============================================================================================================ Install Upgrade 1 Package(s) 0 Package(s) x86_64 1.11.4-5.fc12 rawhide 393 k Arch Version Repository Size ============================================================================================================
28
wget-1.11.4-5.fc12.x86_64.rpm Running rpm_check_debug Running Transaction Test Finished Transaction Test Transaction Test Succeeded Running Transaction Installing Installed: wget.x86_64 0:1.11.4-5.fc12 Complete! [root@pcmk-1 ~]# : wget-1.11.4-5.fc12.x86_64
1/1
Preparation
First we need to create a page for Apache to serve up. On Fedora the default Apache docroot is /var/www/html, so well create an index le there. cat <<-END >/var/www/html/index.html <html> <body>My Test Site - pcmk-1</body> </html> END
[root@pcmk-1 ~]# cat <<-END >/var/www/html/index.html > <html> > <body>My Test Site - pcmk-1</body> > </html> > END [root@pcmk-1 ~]#
For the moment, we will simplify things by serving up only a static site and manually sync the data between the two nodes. So run the command again on pcmk-2. cat <<-END >/var/www/html/index.html <html> <body>My Test Site - pcmk-2</body> </html> END
[root@pcmk-2 ~]# cat <<-END >/var/www/html/index.html > <html> > <body>My Test Site - pcmk-2</body> > </html> > END [root@pcmk-2 ~]#
29
Wait a moment, the WebSite resource isnt running on the same host as our IP address!
14
Compare the key used here ocf:heartbeat:apache with the one we used earlier for the IP address: ocf:heartbeat:IPaddr2 30
31
32
Wait a minute, the resources are still on pcmk-2! Even though we now prefer pcmk-1 over pcmk-2, that preference is (intentionally) less than the resource stickiness (how much we preferred not to have unnecessary downtime). To see the current placement scores, you can use a tool called ptest ptest -sL
33
Notice how the colocation rule we created has ensured that ClusterIP was also moved to pcmk-1. For the curious, we can see the effect of this command by examining the conguration crm configure show
[root@pcmk-1 ~]# crm configure show node pcmk-1 node pcmk-2 primitive WebSite ocf:heartbeat:apache \ params configfile="/etc/httpd/conf/httpd.conf" \ op monitor interval="1min" primitive ClusterIP ocf:heartbeat:IPaddr2 \ params ip="192.168.9.101" cidr_netmask="32" \ op monitor interval="30s" location cli-prefer-WebSite WebSite \ rule $id="cli-prefer-rule-WebSite" inf: #uname eq pcmk-1 location prefer-pcmk-1 WebSite 50: pcmk-1 colocation website-with-ip inf: WebSite ClusterIP property $id="cib-bootstrap-options" \ dc-version="1.0.5-462f1569a43740667daf7b0f6b521742e9eb8fa7" \ cluster-infrastructure="openais" \ expected-quorum-votes="2" \ stonith-enabled="false" \ no-quorum-policy="ignore" rsc_defaults $id="rsc-options" \ resource-stickiness="100"
34
Giving Control Back to the Cluster Once weve nished whatever activity that required us to move the resources to pcmk-1, in our case nothing, we can then allow the cluster to resume normal operation with the unmove command. Since we previously congured a default stickiness, the resources will remain on pcmk-1. crm resource unmove WebSite crm configure show
[root@pcmk-1 ~]# crm resource unmove WebSite [root@pcmk-1 ~]# crm configure show node pcmk-1 node pcmk-2 primitive WebSite ocf:heartbeat:apache \ params configfile="/etc/httpd/conf/httpd.conf" \ op monitor interval="1min" primitive ClusterIP ocf:heartbeat:IPaddr2 \ params ip="192.168.9.101" cidr_netmask="32" \ op monitor interval="30s" location prefer-pcmk-1 WebSite 50: pcmk-1 colocation website-with-ip inf: WebSite ClusterIP property $id="cib-bootstrap-options" \ dc-version="1.0.5-462f1569a43740667daf7b0f6b521742e9eb8fa7" \ cluster-infrastructure="openais" \ expected-quorum-votes="2" \ stonith-enabled="false" \ no-quorum-policy="ignore" rsc_defaults $id="rsc-options" \ resource-stickiness="100"
Note that the automated constraint is now gone. If we check the cluster status, we can also see that as expected the resources are still active on pcmk-1.
[root@pcmk-1 ~]# crm_mon ============ Last updated: Fri Aug 28 16:20:53 2009 Stack: openais Current DC: pcmk-2 - partition with quorum Version: 1.0.5-462f1569a43740667daf7b0f6b521742e9eb8fa7 2 Nodes configured, 2 expected votes 2 Resources configured. ============ Online: [ pcmk-1 pcmk-2 ] ClusterIP (ocf::heartbeat:IPaddr): WebSite (ocf::heartbeat:apache): Started pcmk-1 Started pcmk-1
35
Install Pre-requisites
DRBD does not currently ship with Fedora 12 and since there is a kernel component, can be sensitive to system updates which may change the kernels APIs and ABIs. For this reason well simply build our own DRBD packages - to be sure they are a perfect match for the machine. First we need to install a few packages that DRBD needs: yum install -y flex gcc glibc-devel kernel-headers kernel-devel rpm-build
[root@pcmk-1 ~]# yum install -y flex gcc glibc-devel kernel-headers kernel-devel rpm-build Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package flex.x86_64 0:2.5.35-7.fc12 set to be updated ---> Package gcc.x86_64 0:4.4.2-7.fc12 set to be updated --> Processing Dependency: libgomp = 4.4.2-7.fc12 for package: gcc-4.4.2-7.fc12.x86_64 --> Processing Dependency: cpp = 4.4.2-7.fc12 for package: gcc-4.4.2-7.fc12.x86_64 --> Processing Dependency: cloog-ppl >= 0.15 for package: gcc-4.4.2-7.fc12.x86_64 --> Processing Dependency: libgomp.so.1()(64bit) for package: gcc-4.4.2-7.fc12.x86_64 ---> Package glibc-devel.x86_64 0:2.11-2 set to be updated --> Processing Dependency: glibc-headers = 2.11-2 for package: glibc-devel-2.11-2.x86_64 --> Processing Dependency: glibc-headers for package: glibc-devel-2.11-2.x86_64 ---> Package kernel-devel.x86_64 0:2.6.31.6-162.fc12 set to be installed ---> Package kernel-headers.x86_64 0:2.6.31.6-162.fc12 set to be updated ---> Package rpm-build.x86_64 0:4.7.1-6.fc12 set to be updated --> Processing Dependency: patch >= 2.5 for package: rpm-build-4.7.1-6.fc12.x86_64 --> Processing Dependency: elfutils >= 0.128 for package: rpm-build-4.7.1-6.fc12.x86_64 --> Processing Dependency: pkgconfig for package: rpm-build-4.7.1-6.fc12.x86_64 --> Processing Dependency: unzip for package: rpm-build-4.7.1-6.fc12.x86_64 --> Running transaction check ---> Package cloog-ppl.x86_64 0:0.15.7-1.fc12 set to be updated --> Processing Dependency: libppl.so.7()(64bit) for package: cloog-ppl-0.15.7-1.fc12.x86_64 --> Processing Dependency: libgmpxx.so.4()(64bit) for package: cloog-ppl-0.15.7-1.fc12.x86_64 --> Processing Dependency: libppl_c.so.2()(64bit) for package: cloog-ppl-0.15.7-1.fc12.x86_64 --> Processing Dependency: libgmp.so.3()(64bit) for package: cloog-ppl-0.15.7-1.fc12.x86_64 ---> Package cpp.x86_64 0:4.4.2-7.fc12 set to be updated --> Processing Dependency: libmpfr.so.1()(64bit) for package: cpp-4.4.2-7.fc12.x86_64 ---> Package elfutils.x86_64 0:0.143-1.fc12 set to be updated
36
Total download size: 24 M Downloading Packages: (1/18): cloog-ppl-0.15.7-1.fc12.x86_64.rpm (2/18): cpp-4.4.2-7.fc12.x86_64.rpm (3/18): elfutils-0.143-1.fc12.x86_64.rpm (4/18): elfutils-libs-0.143-1.fc12.x86_64.rpm | 82 kB 00:00 00:02 00:00 00:00 | 3.7 MB | 177 kB | 162 kB
37
(5/18): flex-2.5.35-7.fc12.x86_64.rpm (6/18): gcc-4.4.2-7.fc12.x86_64.rpm (7/18): glibc-devel-2.11-2.x86_64.rpm (8/18): glibc-headers-2.11-2.x86_64.rpm (9/18): gmp-4.3.1-5.fc12.x86_64.rpm (10/18): kernel-devel-2.6.31.6-162.fc12.x86_64.rpm (11/18): kernel-headers-2.6.31.6-162.fc12.x86_64.rpm (12/18): libgomp-4.4.2-7.fc12.x86_64.rpm (13/18): mpfr-2.4.1-3.fc12.x86_64.rpm (14/18): patch-2.6-1.fc12.x86_64.rpm (15/18): pkgconfig-0.23-9.fc12.x86_64.rpm (16/18): ppl-0.10.2-10.fc12.x86_64.rpm (17/18): rpm-build-4.7.1-6.fc12.x86_64.rpm (18/18): unzip-5.52-11.fc12.x86_64.rpm Total Running rpm_check_debug Running Transaction Test Finished Transaction Test Transaction Test Succeeded Running Transaction Installing Installing Installing Installing Installing Installing Installing Installing Installing Installing Installing Installing Installing Installing Installing Installing Installing Installing Installed: flex.x86_64 0:2.5.35-7.fc12 glibc-devel.x86_64 0:2.11-2 kernel-headers.x86_64 0:2.6.31.6-162.fc12 Dependency Installed: cloog-ppl.x86_64 0:0.15.7-1.fc12 elfutils-libs.x86_64 0:0.143-1.fc12 libgomp.x86_64 0:4.4.2-7.fc12 pkgconfig.x86_64 1:0.23-9.fc12 Complete! [root@pcmk-1 ~]# cpp.x86_64 0:4.4.2-7.fc12 glibc-headers.x86_64 0:2.11-2 mpfr.x86_64 0:2.4.1-3.fc12 ppl.x86_64 0:0.10.2-10.fc12 gcc.x86_64 0:4.4.2-7.fc12 : gmp-4.3.1-5.fc12.x86_64 : mpfr-2.4.1-3.fc12.x86_64 : cpp-4.4.2-7.fc12.x86_64 : ppl-0.10.2-10.fc12.x86_64 : cloog-ppl-0.15.7-1.fc12.x86_64 : 1:pkgconfig-0.23-9.fc12.x86_64 : libgomp-4.4.2-7.fc12.x86_64 : elfutils-libs-0.143-1.fc12.x86_64 : elfutils-0.143-1.fc12.x86_64 : patch-2.6-1.fc12.x86_64 : unzip-5.52-11.fc12.x86_64 : kernel-headers-2.6.31.6-162.fc12.x86_64 : rpm-build-4.7.1-6.fc12.x86_64 : flex-2.5.35-7.fc12.x86_64 : glibc-headers-2.11-2.x86_64 : glibc-devel-2.11-2.x86_64 : gcc-4.4.2-7.fc12.x86_64 : kernel-devel-2.6.31.6-162.fc12.x86_64
--------------------------------------------------------------------------------------------------------
1/18 2/18 3/18 4/18 5/18 6/18 7/18 8/18 9/18 10/18 11/18 12/18 13/18 14/18 15/18 16/18 17/18 18/18
38
[root@pcmk-1 ~]# wget http://oss.linbit.com/drbd/8.3/drbd-8.3.6.tar.gz --2009-12-08 11:04:36-http://oss.linbit.com/drbd/8.3/drbd-8.3.6.tar.gz Resolving oss.linbit.com... 212.69.161.111 Connecting to oss.linbit.com|212.69.161.111|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 457469 (447K) [application/x-gzip] Saving to: drbd-8.3.6.tar.gz 100%[==============================================================>] 457,469 2009-12-08 11:04:37 (1.12 MB/s) - drbd-8.3.6.tar.gz saved [457469/457469] [root@pcmk-1 ~]# tar zxf drbd-8.3.6.tar.gz [root@pcmk-1 ~]# cd drbd-8.3.6 [root@pcmk-1 drbd-8.3.6]# make rpm make: *** No rule to make target `rpm'. checking for gcc... gcc checking for C compiler default output file name... a.out checking whether the C compiler works... yes checking whether we are cross compiling... no checking for suffix of executables... checking for suffix of object files... o checking whether we are using the GNU C compiler... yes checking whether gcc accepts -g... yes checking for gcc option to accept ISO C89... none needed checking whether ln -s works... yes checking for sed... /bin/sed checking for grep... /bin/grep checking for flex... /usr/bin/flex checking for rpmbuild... /usr/bin/rpmbuild checking for xsltproc... /usr/bin/xsltproc checking for tar... /bin/tar checking for git... no checking for dpkg-buildpackage... no checking for udevadm... /sbin/udevadm checking for udevinfo... /usr/bin/udevinfo configure: WARNING: No dpkg-buildpackage found, building Debian packages is disabled. configure: WARNING: Cannot update buildtag without git. You may safely ignore this warning when building from a tarball. Stop. [root@pcmk-1 drbd-8.3.6]# ./configure --with-km --enable-spec 1.12M/s in 0.4s
15
At the time of writing, the latest version was 8.3.6. If a later version is now available it would be advisable to try that rst. 39
checking for /Makefile... no
configure: WARNING: Unable to find a kernel Makefile in . You will have to set KDIR correctly when invoking make. checking for /etc/gentoo-release... no checking for /etc/redhat-release... yes checking for /etc/slackware-version... no checking for /etc/debian_version... no checking for /etc/SuSErelease... no configure: configured for Red Hat (includes Fedora, RHEL, CentOS). configure: creating ./config.status config.status: creating drbd.spec config.status: creating drbd-km.spec
The following build log is quite long and is only included for reference in case it does not work on your machine. Most people can skip to the end.
[root@pcmk-1 drbd-8.3.6]# rpmbuild -ba --define "_sourcedir `pwd`/.." drbd-km.spec Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.Q7iVhB + umask 022 + cd /root/rpmbuild/BUILD + cd /root/rpmbuild/BUILD + rm -rf drbd-8.3.6 + /usr/bin/gzip -dc /root/drbd-8.3.6.tar.gz + /bin/tar -xf + STATUS=0 + '[' 0 -ne 0 ']' + cd drbd-8.3.6 + /bin/chmod -Rf a+rX,u+w,g-w,o-w . + test -d /lib/modules/2.6.31.6-162.fc12.x86_64/build/. ++ KDIR=/lib/modules/2.6.31.6-162.fc12.x86_64/build ++ scripts/get_uts_release.sh + test 2.6.31.6-162.fc12.x86_64 = 2.6.31.6-162.fc12.x86_64 + exit 0 Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.08bAH0 + umask 022 + cd /root/rpmbuild/BUILD + cd drbd-8.3.6 + CFLAGS='-O2 -g' + export CFLAGS + CXXFLAGS='-O2 -g' + export CXXFLAGS + FFLAGS='-O2 -g' + export FFLAGS + ./configure --host=x86_64-unknown-linux-gnu --build=x86_64-unknown-linux-gnu --target=x86_64-redhat-linux --program-prefix= --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/ etc --datadir=/usr/share --includedir=/usr/include --libdir=/usr/lib64 --libexecdir=/usr/libexec -localstatedir=/var --sharedstatedir=/var/lib --mandir=/usr/share/man --infodir=/usr/share/info -without-utils --with-km --without-udev --without-xen --without-pacemaker --without-heartbeat --withoutrgmanager --without-bashcompletion checking for x86_64-unknown-linux-gnu-gcc... no checking for gcc... gcc checking for C compiler default output file name... a.out checking whether the C compiler works... yes checking whether we are cross compiling... no checking for suffix of executables... checking for suffix of object files... o checking whether we are using the GNU C compiler... yes checking whether gcc accepts -g... yes
40
checking for gcc option to accept ISO C89... none needed checking whether ln -s works... yes checking for sed... /bin/sed checking for grep... /bin/grep checking for flex... /usr/bin/flex checking for rpmbuild... /usr/bin/rpmbuild checking for xsltproc... /usr/bin/xsltproc checking for tar... /bin/tar checking for git... no checking for dpkg-buildpackage... no checking for udevadm... /sbin/udevadm checking for udevinfo... /usr/bin/udevinfo configure: WARNING: No dpkg-buildpackage found, building Debian packages is disabled.
configure: WARNING: Cannot update buildtag without git. You may safely ignore this warning when building from a tarball. checking for /Makefile... no configure: WARNING: Unable to find a kernel Makefile in . You will have to set KDIR correctly when invoking make. checking for /etc/gentoo-release... no checking for /etc/redhat-release... yes checking for /etc/slackware-version... no checking for /etc/debian_version... no checking for /etc/SuSErelease... no configure: configured for Red Hat (includes Fedora, RHEL, CentOS). configure: creating ./config.status config.status: creating Makefile config.status: creating user/Makefile config.status: creating scripts/Makefile config.status: creating documentation/Makefile + echo kernelversion=2.6.31.6-162.fc12.x86_64 kernelversion=2.6.31.6-162.fc12.x86_64 + echo 'kversion=%{kversion}' kversion=%{kversion} + echo krelver=2.6.31.6_162.fc12.x86_64 krelver=2.6.31.6_162.fc12.x86_64 + make module KDIR=/lib/modules/2.6.31.6-162.fc12.x86_64/build make[1]: Entering directory `/root/rpmbuild/BUILD/drbd-8.3.6/drbd' Calling toplevel makefile of kernel source tree, which I believe is in KDIR=/lib/modules/2.6.31.6-162.fc12.x86_64/build test -f ../scripts/adjust_drbd_config_h.sh && \ KDIR=/lib/modules/2.6.31.6-162.fc12.x86_64/build O= /bin/bash ../scripts/adjust_drbd_config_h.sh /lib/modules/2.6.31.6-162.fc12.x86_64/build ~/rpmbuild/BUILD/drbd-8.3.6/drbd ~/rpmbuild/BUILD/drbd-8.3.6/drbd Using unmodified drbd_config.h make -C /lib/modules/2.6.31.6-162.fc12.x86_64/build CC [M] CC [M] CC [M] CC [M] CC [M] CC [M] CC [M] CC [M] SUBDIRS=/root/rpmbuild/BUILD/drbd-8.3.6/drbd modules
make[2]: Entering directory `/usr/src/kernels/2.6.31.6-162.fc12.x86_64' /root/rpmbuild/BUILD/drbd-8.3.6/drbd/drbd_buildtag.o /root/rpmbuild/BUILD/drbd-8.3.6/drbd/drbd_bitmap.o /root/rpmbuild/BUILD/drbd-8.3.6/drbd/drbd_proc.o /root/rpmbuild/BUILD/drbd-8.3.6/drbd/drbd_worker.o /root/rpmbuild/BUILD/drbd-8.3.6/drbd/drbd_receiver.o /root/rpmbuild/BUILD/drbd-8.3.6/drbd/drbd_req.o /root/rpmbuild/BUILD/drbd-8.3.6/drbd/drbd_actlog.o /root/rpmbuild/BUILD/drbd-8.3.6/drbd/lru_cache.o
41
CC [M] CC [M] CC [M] CC [M] LD [M] LD [M] /root/rpmbuild/BUILD/drbd-8.3.6/drbd/drbd_main.o /root/rpmbuild/BUILD/drbd-8.3.6/drbd/drbd_strings.o /root/rpmbuild/BUILD/drbd-8.3.6/drbd/drbd_nl.o /root/rpmbuild/BUILD/drbd-8.3.6/drbd/drbd_tracing.o /root/rpmbuild/BUILD/drbd-8.3.6/drbd/drbd.o /root/rpmbuild/BUILD/drbd-8.3.6/drbd/drbd_trace.o
Building modules, stage 2. MODPOST 2 modules CC LD [M] CC LD [M] /root/rpmbuild/BUILD/drbd-8.3.6/drbd/drbd.mod.o /root/rpmbuild/BUILD/drbd-8.3.6/drbd/drbd.ko /root/rpmbuild/BUILD/drbd-8.3.6/drbd/drbd_trace.mod.o /root/rpmbuild/BUILD/drbd-8.3.6/drbd/drbd_trace.ko
make[2]: Leaving directory `/usr/src/kernels/2.6.31.6-162.fc12.x86_64' mv .drbd_kernelrelease.new .drbd_kernelrelease Memorizing module configuration ... done. make[1]: Leaving directory `/root/rpmbuild/BUILD/drbd-8.3.6/drbd' Module build was successful. + exit 0 Executing(%install): /bin/sh -e /var/tmp/rpm-tmp.sAoLRi + umask 022 + cd /root/rpmbuild/BUILD + cd drbd-8.3.6 + rm -rf /root/rpmbuild/BUILDROOT/drbd-km-8.3.6-12.fc12.x86_64 + make install DESTDIR=/root/rpmbuild/BUILDROOT/drbd-km-8.3.6-12.fc12.x86_64 make[1]: Entering directory `/root/rpmbuild/BUILD/drbd-8.3.6/user' make[1]: Nothing to be done for `install'. make[1]: Leaving directory `/root/rpmbuild/BUILD/drbd-8.3.6/user' make[1]: Entering directory `/root/rpmbuild/BUILD/drbd-8.3.6/scripts' make[1]: Nothing to be done for `install'. make[1]: Leaving directory `/root/rpmbuild/BUILD/drbd-8.3.6/scripts' make[1]: Entering directory `/root/rpmbuild/BUILD/drbd-8.3.6/documentation' set -e; for f in ; do \ s=${f##*.}; \ install -v -D -m 644 $f /root/rpmbuild/BUILDROOT/drbd-km-8.3.6-12.fc12.x86_64/usr/share/man/man $s/$f ; \ done make[1]: Leaving directory `/root/rpmbuild/BUILD/drbd-8.3.6/documentation' make -C drbd install make[1]: Entering directory `/root/rpmbuild/BUILD/drbd-8.3.6/drbd' install -d /root/rpmbuild/BUILDROOT/drbd-km-8.3.6-12.fc12.x86_64/lib/modules/2.6.31.6-162.fc12.x86_64/ kernel/drivers/block install -m 644 drbd.ko /root/rpmbuild/BUILDROOT/drbd-km-8.3.6-12.fc12.x86_64/lib/modules/ 2.6.31.6-162.fc12.x86_64/kernel/drivers/block make[1]: Leaving directory `/root/rpmbuild/BUILD/drbd-8.3.6/drbd' + cd drbd + mv .kernel.config.gz k-config-2.6.31.6-162.fc12.x86_64.gz + /usr/lib/rpm/brp-compress + /usr/lib/rpm/brp-strip + /usr/lib/rpm/brp-strip-static-archive + /usr/lib/rpm/brp-strip-comment-note Processing files: drbd-km-2.6.31.6_162.fc12.x86_64-8.3.6-12.fc12.x86_64 Executing(%doc): /bin/sh -e /var/tmp/rpm-tmp.ixFNFB + umask 022 + cd /root/rpmbuild/BUILD + cd drbd-8.3.6 + DOCDIR=/root/rpmbuild/BUILDROOT/drbd-km-8.3.6-12.fc12.x86_64/usr/share/doc/drbdkm-2.6.31.6_162.fc12.x86_64-8.3.6
42
+ export DOCDIR + rm -rf /root/rpmbuild/BUILDROOT/drbd-km-8.3.6-12.fc12.x86_64/usr/share/doc/drbdkm-2.6.31.6_162.fc12.x86_64-8.3.6
+ /bin/mkdir -p /root/rpmbuild/BUILDROOT/drbd-km-8.3.6-12.fc12.x86_64/usr/share/doc/drbdkm-2.6.31.6_162.fc12.x86_64-8.3.6 + cp -pr COPYING /root/rpmbuild/BUILDROOT/drbd-km-8.3.6-12.fc12.x86_64/usr/share/doc/drbdkm-2.6.31.6_162.fc12.x86_64-8.3.6 + cp -pr ChangeLog /root/rpmbuild/BUILDROOT/drbd-km-8.3.6-12.fc12.x86_64/usr/share/doc/drbdkm-2.6.31.6_162.fc12.x86_64-8.3.6 + cp -pr drbd/k-config-2.6.31.6-162.fc12.x86_64.gz /root/rpmbuild/BUILDROOT/drbd-km-8.3.6-12.fc12.x86_64/ usr/share/doc/drbd-km-2.6.31.6_162.fc12.x86_64-8.3.6 + exit 0 Requires(interp): /bin/sh /bin/sh /bin/sh Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 Requires(post): /bin/sh Requires(preun): /bin/sh Requires(postun): /bin/sh Conflicts: drbd-kmod <= 8.3.6_3 Checking for unpackaged file(s): /usr/lib/rpm/check-files /root/rpmbuild/BUILDROOT/drbdkm-8.3.6-12.fc12.x86_64 Wrote: /root/rpmbuild/SRPMS/drbd-km-8.3.6-12.fc12.src.rpm Wrote: /root/rpmbuild/RPMS/x86_64/drbd-km-2.6.31.6_162.fc12.x86_64-8.3.6-12.fc12.x86_64.rpm Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.MB9N8D + umask 022 + cd /root/rpmbuild/BUILD + cd drbd-8.3.6 + rm -rf /root/rpmbuild/BUILDROOT/drbd-km-8.3.6-12.fc12.x86_64 + exit 0
43
Total size: 4.8 M Downloading Packages: Running rpm_check_debug Running Transaction Test Finished Transaction Test Transaction Test Succeeded Running Transaction Installing Installing Installing Installed: : drbd-utils-8.3.6-1.fc12.x86_64 : drbd-km-2.6.31.6_162.fc12.x86_64-8.3.6-12.fc12.x86_64 : drbd-pacemaker-8.3.6-1.fc12.x86_64 1/3 2/3 3/3
44
drbd-km-2.6.31.6_162.fc12.x86_64.x86_64 0:8.3.6-12.fc12 drbd-utils.x86_64 0:8.3.6-1.fc12 Complete! [root@pcmk-1 x86_64]#
By default DRBD congures itself to start when the machine is powered on, however since we want the cluster to manage it, we will need to disable this behavior: chkconfig --del drbd
We could rebuild the drbd package on pcmk-2, however if they share the same architecture (x86_64 in this case) we can reuse the ones we built for pcmk-1. Assuming this is the case for you, copy them to pcmk-2 and install: cd /root/rpmbuild/RPMS/`uname -m` scp drbd-km-*.rpm pcmk-2: ssh pcmk-2 -- yum install -y drbd-utils drbd-pacemaker ssh pcmk-2 -- yum localinstall -y --nogpgcheck drbd-km-*-8.3.6-*.rpm chkconfig --del drbd
[root@pcmk-1 x86_64]# scp drbd-*.rpm pcmk-2: drbd-8.3.6-1.fc12.x86_64.rpm drbd-bash-completion-8.3.6-1.fc12.x86_64.rpm drbd-heartbeat-8.3.6-1.fc12.x86_64.rpm drbd-km-2.6.31.6_162.fc12.x86_64-8.3.6-12.fc12.x86_64.rpm drbd-pacemaker-8.3.6-1.fc12.x86_64.rpm drbd-udev-8.3.6-1.fc12.x86_64.rpm drbd-utils-8.3.6-1.fc12.x86_64.rpm drbd-xen-8.3.6-1.fc12.x86_64.rpm 100% 21KB 20.7KB/s 5.1KB/s 6.6KB/s 1.2MB/s 17.7KB/s 4.0KB/s 6.5KB/s 00:00 00:00 00:00 00:00 00:00 00:00 00:00 00:00 100% 5260 100% 6716 100% 1271KB 100% 100% 18KB 100% 4103 100% 6690
265KB 264.8KB/s
[root@pcmk-1 x86_64]# ssh pcmk-2 -- yum localinstall -y --nogpgcheck drbd-utils-8.3.6-*.rpm drbdpacemaker-8.3.6-*.rpm drbd-km-*-8.3.6-*.rpm Setting up Local Package Process Examining drbd-utils-8.3.6-1.fc12.x86_64.rpm: drbd-utils-8.3.6-1.fc12.x86_64 Marking drbd-utils-8.3.6-1.fc12.x86_64.rpm to be installed Examining drbd-pacemaker-8.3.6-1.fc12.x86_64.rpm: drbd-pacemaker-8.3.6-1.fc12.x86_64 Marking drbd-pacemaker-8.3.6-1.fc12.x86_64.rpm to be installed Examining drbd-km-2.6.31.6_162.fc12.x86_64-8.3.6-12.fc12.x86_64.rpm: drbdkm-2.6.31.6_162.fc12.x86_64-8.3.6-12.fc12.x86_64 Marking drbd-km-2.6.31.6_162.fc12.x86_64-8.3.6-12.fc12.x86_64.rpm to be installed Resolving Dependencies --> Running transaction check ---> Package drbd-km-2.6.31.6_162.fc12.x86_64.x86_64 0:8.3.6-12.fc12 set to be updated ---> Package drbd-pacemaker.x86_64 0:8.3.6-1.fc12 set to be updated ---> Package drbd-utils.x86_64 0:8.3.6-1.fc12 set to be updated --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Installing: drbd-km-2.6.31.6_162.fc12.x86_64 x86_64 8.3.6-12.fc12 /drbd-km-2.6.31.6_162.fc12.x86_64-8.3.6-12.fc12.x86_64 Arch Version Repository Size ================================================================================
45
4.2 M drbd-pacemaker x86_64 8.3.6-1.fc12 drbd-utils x86_64 8.3.6-1.fc12 /drbd-pacemaker-8.3.6-1.fc12.x86_64 /drbd-utils-8.3.6-1.fc12.x86_64 40 k 580 k
Total size: 4.8 M Downloading Packages: Running rpm_check_debug Running Transaction Test Finished Transaction Test Transaction Test Succeeded Running Transaction Installing Installing Installing Installed: drbd-km-2.6.31.6_162.fc12.x86_64.x86_64 0:8.3.6-12.fc12 drbd-pacemaker.x86_64 0:8.3.6-1.fc12 drbd-utils.x86_64 0:8.3.6-1.fc12 Complete! [root@pcmk-1 x86_64]# ssh pcmk-2 -- chkconfig --del drbd [root@pcmk-1 x86_64]# : drbd-utils-8.3.6-1.fc12.x86_64 : drbd-km-2.6.31.6_162.fc12.x86_64-8.3.6-12.fc12.x86_64 : drbd-pacemaker-8.3.6-1.fc12.x86_64 1/3 2/3 3/3
Congure DRBD
Before we congure DRBD, we need to set aside some disk for it to use.
Repeat this on the second node, be sure to use the same size partition. lvs lvcreate -n drbd-demo -L 1G VolGroup lvs
[root@pcmk-2 ~]# lvs LV VG Attr LSize 7.30G Origin Snap% Move Log Copy% Convert lv_root VolGroup -wi-ao
46
[root@pcmk-2 ~]# lvcreate -n drbd-demo -L 1G VolGroup Logical volume "drbd-demo" created [root@pcmk-2 ~]# lvs LV lv_root lv_swap VG Attr LSize 1.00G 7.30G Origin Snap% Move Log Copy% Convert drbd-demo VolGroup -wi-aVolGroup -wi-ao
Detailed information on the directives used in this conguration (and other alternatives) is available from http:// www.drbd.org/users-guide/ch-congure.html Be sure to use the names and addresses of your nodes if they differ from the ones used in this guide.
global { usage-count yes; } common { protocol C; } resource wwwdata { meta-disk internal; device syncer { verify-alg sha1; } net { allow-two-primaries; } on pcmk-1 { disk address } on pcmk-2 { disk address } } /dev/mapper/VolGroup-drbd--demo; 192.168.122.102:7789; /dev/mapper/VolGroup-drbd--demo; 192.168.122.101:7789; /dev/drbd1;
47
Now load the DRBD kernel module and conrm that everything is sane modprobe drbd drbdadm up wwwdata cat /proc/drbd
[root@pcmk-1 drbd-8.3.6]# modprobe drbd [root@pcmk-1 drbd-8.3.6]# drbdadm up wwwdata [root@pcmk-1 drbd-8.3.6]# cat /proc/drbd version: 8.3.6 (api:88/proto:86-90) GIT-hash: f3606c47cc6fcf6b3f086e425cb34af8b7a81bbf build by root@pcmk-1, 2009-12-08 11:22:57 1: cs:WFConnection ro:Secondary/Unknown ds:Inconsistent/DUnknown C r---ns:0 nr:0 dw:0 dr:0 al:0 bm:0 lo:0 pe:0 ua:0 ap:0 ep:1 wo:b oos:12248 [root@pcmk-1 drbd-8.3.6]#
48
Repeat on the second node drbdadm --force create-md wwwdata modprobe drbd drbdadm up wwwdata cat /proc/drbd
[root@pcmk-2 ~]# drbdadm --force create-md wwwdata Writing meta data... initializing activity log NOT initialized bitmap New drbd meta data block successfully created. success [root@pcmk-2 ~]# modprobe drbd WARNING: Deprecated config file /etc/modprobe.conf, all config files belong into /etc/modprobe.d/. [root@pcmk-2 ~]# drbdadm up wwwdata [root@pcmk-2 ~]# cat /proc/drbd version: 8.3.6 (api:88/proto:86-90) GIT-hash: f3606c47cc6fcf6b3f086e425cb34af8b7a81bbf build by root@pcmk-1, 2009-12-08 11:22:57 1: cs:Connected ro:Secondary/Secondary ds:Inconsistent/Inconsistent C r---ns:0 nr:0 dw:0 dr:0 al:0 bm:0 lo:0 pe:0 ua:0 ap:0 ep:1 wo:b oos:12248
Now we need to tell DRBD which set of data to use. Since both sides contain garbage, we can run the following on pcmk-1: drbdadm -- --overwrite-data-of-peer primary wwwdata cat /proc/drbd
[root@pcmk-1 ~]# drbdadm -- --overwrite-data-of-peer primary wwwdata [root@pcmk-1 ~]# cat /proc/drbd version: 8.3.6 (api:88/proto:86-90) GIT-hash: f3606c47cc6fcf6b3f086e425cb34af8b7a81bbf build by root@pcmk-1, 2009-12-08 11:22:57 1: cs:SyncSource ro:Primary/Secondary ds:UpToDate/Inconsistent C r---ns:2184 nr:0 dw:0 dr:2472 al:0 bm:0 lo:0 pe:0 ua:0 ap:0 ep:1 wo:b oos:10064 [=====>..............] sync'ed: 33.4% (10064/12248)K finish: 0:00:37 speed: 240 (240) K/sec [root@pcmk-1 ~]# cat /proc/drbd version: 8.3.6 (api:88/proto:86-90) GIT-hash: f3606c47cc6fcf6b3f086e425cb34af8b7a81bbf build by root@pcmk-1, 2009-12-08 11:22:57 1: cs:Connected ro:Primary/Secondary ds:UpToDate/UpToDate C r---ns:12248 nr:0 dw:0 dr:12536 al:0 bm:1 lo:0 pe:0 ua:0 ap:0 ep:1 wo:b oos:0
pcmk-1 is now in the Primary state which allows it to be written to. Which means its a good point at which to create a lesystem and populate it with some data to serve up via our WebSite resource.
49
Now mount the newly created lesystem so we can create our index le mount /dev/drbd1 /mnt/ cat <<-END >/mnt/index.html <html> <body>My Test Site - drbd</body> </html> END umount /dev/drbd1
[root@pcmk-1 ~]# mount /dev/drbd1 /mnt/ [root@pcmk-1 ~]# cat <<-END >/mnt/index.html > <html> > <body>My Test Site - drbd</body> > </html> > END [root@pcmk-1 ~]# umount /dev/drbd1
And nally, conrm the data is in sync between the two nodes drbdadm verify wwwdata echo $?
[root@pcmk-1 ~]# drbdadmverifywwwdata [root@pcmk-1 ~]# echo $? 0
50
Next we must create a working copy or the current conguration. This is where all our changes will go. The cluster will not see any of them until we say its ok. Notice again how the prompt changes, this time to indicate that were no longer looking at the live cluster. cib new drbd
cib crm(live)# cib new drbd INFO: drbd shadow CIB created crm(drbd)#
Now we can create our DRBD clone and display the revised conguration. configure primitive wwwdrbd ocf:linbit:drbd params drbd_resource=wwwdata op monitor interval=60s configure ms WebData wwwdrbd meta master-max=1 master-node-max=1 \ clone-max=2 clone-node-max=1 notify=true configure show
crm(drbd)# configure primitive ocf:linbit:drbd WebData params drbd_resource=wwwdata op monitor interval=60s crm(drbd)# configure ms WebDataClone WebData meta master-max=1 master-node-max=1 \ clone-max=2 clone-node-max=1 notify=true crm(drbd)# configure show node pcmk-1 node pcmk-2 primitive WebData ocf:linbit:drbd \ params drbd_resource="wwwdata" \ op monitor interval="60s" primitive WebSite ocf:heartbeat:apache \ params configfile="/etc/httpd/conf/httpd.conf" \ op monitor interval="1min" primitive ClusterIP ocf:heartbeat:IPaddr2 \ params ip="192.168.9.101" cidr_netmask="32" \ op monitor interval="30s" ms WebDataClone WebData \ meta master-max="1" master-node-max="1" clone-max="2" clone-node-max="1" notify="true" location prefer-pcmk-1 WebSite 50: pcmk-1 colocation website-with-ip inf: WebSite ClusterIP order apache-after-ip inf: ClusterIP WebSite property $id="cib-bootstrap-options" \ dc-version="1.0.5-462f1569a43740667daf7b0f6b521742e9eb8fa7" \ cluster-infrastructure="openais" \ expected-quorum-votes=2 \ stonith-enabled="false" \ no-quorum-policy="ignore" rsc_defaults $id="rsc-options" \ resource-stickiness=100
51
Once were happy with the changes, we can tell the cluster to start using them and use crm_mon to check everything is functioning. cib commit drbd quit crm_mon
crm(drbd)# cib commit drbd INFO: commited 'drbd' shadow CIB to the cluster crm(drbd)# quit bye [root@pcmk-1 ~]# crm_mon ============ Last updated: Tue Sep Stack: openais Current DC: pcmk-1 - partition with quorum Version: 1.0.5-462f1569a43740667daf7b0f6b521742e9eb8fa7 2 Nodes configured, 2 expected votes 3 Resources configured. ============ Online: [ pcmk-1 pcmk-2 ] ClusterIP (ocf::heartbeat:IPaddr): WebSite (ocf::heartbeat:apache): Master/Slave Set: WebDataClone Masters: [ pcmk-2 ] Slaves: [ pcmk-1 ] Started pcmk-1 Started pcmk-1 1 09:37:13 2009
Now that DRBD is functioning we can congure a Filesystem resource to use it. In addition to the lesystems denition, we also need to tell the cluster where it can be located (only on the DRBD Primary) and when it is allowed to start (after the Primary was promoted). Once again well use the shells interactive mode crm cib new fs configure primitive WebFS ocf:heartbeat:Filesystem \ params device="/dev/mapper/VolGroup-drbd--demo" directory="/var/www/html" fstype="ext4" configure colocation fs_on_drbd inf: WebFS WebDataClone:Master configure order WebFS-after-WebData inf: WebDataClone:promote WebFS:start
[root@pcmk-1 ~]# crm crm(live)# cib new fs INFO: fs shadow CIB created crm(fs)# configure primitive WebFS ocf:heartbeat:Filesystem params device="/dev/mapper/VolGroup-drbd--demo" directory="/var/www/html" fstype="ext4" crm(fs)# configure colocation fs_on_drbd inf: WebFS WebDataClone:Master crm(fs)# configure order WebFS-after-WebData inf: WebDataClone:promote WebFS:start
We also need to tell the cluster that Apache needs to run on the same machine as the lesystem and that it must be active before Apache can start.
Cluster from Scratch - DRBD, GFS2 and Apache on Fedora 12
52
configure colocation WebSite-with-WebFS inf: WebSite WebFS configure order WebSite-after-WebFS inf: WebFS WebSite configure show
crm(fs)# configure colocation WebSite-with-WebFS inf: WebSite WebFS crm(fs)# configure order WebSite-after-WebFS inf: WebFS WebSite [root@pcmk-1 ~]# crm configure show node pcmk-1 node pcmk-2 primitive WebData ocf:linbit:drbd \ params drbd_resource="wwwdata" \ op monitor interval="60s" primitive WebFS ocf:heartbeat:Filesystem \ params device="/dev/drbd/by-res/wwwdata" directory="/var/www/html" fstype="ext4" primitive WebSite ocf:heartbeat:apache \ params configfile="/etc/httpd/conf/httpd.conf" \ op monitor interval="1min" primitive ClusterIP ocf:heartbeat:IPaddr2 \ params ip="192.168.9.101" cidr_netmask="32" \ op monitor interval="30s" ms WebDataClone WebData \ meta master-max="1" master-node-max="1" clone-max="2" clone-node-max="1" notify="true" location prefer-pcmk-1 WebSite 50: pcmk-1 colocation WebSite-with-WebFS inf: WebSite WebFS colocation fs_on_drbd inf: WebFS WebDataClone:Master colocation website-with-ip inf: WebSite ClusterIP order WebFS-after-WebData inf: WebDataClone:promote WebFS:start order WebSite-after-WebFS inf: WebFS WebSite order apache-after-ip inf: ClusterIP WebSite property $id="cib-bootstrap-options" \ dc-version="1.0.5-462f1569a43740667daf7b0f6b521742e9eb8fa7" \ cluster-infrastructure="openais" \ expected-quorum-votes=2 \ stonith-enabled="false" \ no-quorum-policy="ignore" rsc_defaults $id="rsc-options" \ resource-stickiness=100
53
After reviewing the new conguration, we again upload it and watch the cluster put it into effect. cib commit fs quit crm_mon
crm(fs)# cib commit fs INFO: commited 'fs' shadow CIB to the cluster crm(fs)# quit bye [root@pcmk-1 ~]# crm_mon ============ Last updated: Tue Sep Stack: openais Current DC: pcmk-1 - partition with quorum Version: 1.0.5-462f1569a43740667daf7b0f6b521742e9eb8fa7 2 Nodes configured, 2 expected votes 4 Resources configured. ============ Online: [ pcmk-1 pcmk-2 ] ClusterIP (ocf::heartbeat:IPaddr): WebSite (ocf::heartbeat:apache): Master/Slave Set: WebDataClone Masters: [ pcmk-1 ] Slaves: [ pcmk-2 ] WebFS (ocf::heartbeat:Filesystem): Started pcmk-1 Started pcmk-1 Started pcmk-1 1 10:08:44 2009
54
Testing Migration
We could shut down the active node again, but another way to safely simulate recovery is to put the node into what is called standby mode. Nodes in this state tell the cluster that they are not allowed to run resources. Any resources found active there will be moved elsewhere. This feature can be particularly useful when updating the resources packages. Put the local node into standby mode and observe the cluster move all the resources to the other node. Note also that the nodes status will change to indicate that it can no longer host resources. crm node standby crm_mon
[root@pcmk-1 ~]# crm node standby [root@pcmk-1 ~]# crm_mon ============ Last updated: Tue Sep Stack: openais Current DC: pcmk-1 - partition with quorum Version: 1.0.5-462f1569a43740667daf7b0f6b521742e9eb8fa7 2 Nodes configured, 2 expected votes 4 Resources configured. ============ Node pcmk-1: standby Online: [ pcmk-2 ] ClusterIP (ocf::heartbeat:IPaddr): WebSite (ocf::heartbeat:apache): Master/Slave Set: WebDataClone Masters: [ pcmk-2 ] Stopped: [ WebData:1 ] WebFS (ocf::heartbeat:Filesystem): Started pcmk-2 Started pcmk-2 Started pcmk-2 1 10:09:57 2009
55
Once weve done everything we needed to on pcmk-1 (in this case nothing, we just wanted to see the resources move), we can allow the node to be a full cluster member again. crm node online crm_mon
[root@pcmk-1 ~]# crm node online [root@pcmk-1 ~]# crm_mon ============ Last updated: Tue Sep Stack: openais Current DC: pcmk-1 - partition with quorum Version: 1.0.5-462f1569a43740667daf7b0f6b521742e9eb8fa7 2 Nodes configured, 2 expected votes 4 Resources configured. ============ Online: [ pcmk-1 pcmk-2 ] ClusterIP (ocf::heartbeat:IPaddr): WebSite (ocf::heartbeat:apache): Master/Slave Set: WebDataClone Masters: [ pcmk-2 ] Slaves: [ pcmk-1 ] WebFS (ocf::heartbeat:Filesystem): Started pcmk-2 Started pcmk-2 Started pcmk-2 1 10:13:25 2009
Notice that our resource stickiness settings prevent the services from migrating back to pcmk-1.
56
Conversion to Active/Active
The primary requirement for an Active/Active cluster is that the data required for your services are available, simultaneously, on both machines. Pacemaker makes no requirement on how this is achieved, you could use a SAN if you had one available, however since DRBD supports multiple Primaries, we can also use that. The only hitch is that we need to use a cluster-aware lesystem (and the one we used earlier with DRBD, ext4, is not one of those). Both OCFS2 and GFS2 are supported, however here we will use GFS2 which comes with Fedora 12.
57
gfs2-utils clusterlib dlm-pcmk openaislib Transaction Summary x86_64 x86_64 x86_64 x86_64 3.0.5-2.fc12 3.0.5-2.fc12 3.0.5-2.fc12 1.1.0-1.fc12 custom custom custom fedora
Total download size: 541 k Downloading Packages: (1/5): clusterlib-3.0.5-2.fc12.x86_64.rpm (2/5): dlm-pcmk-3.0.5-2.fc12.x86_64.rpm (3/5): gfs-pcmk-3.0.5-2.fc12.x86_64.rpm (4/5): gfs2-utils-3.0.5-2.fc12.x86_64.rpm (5/5): openaislib-1.1.0-1.fc12.x86_64.rpm Total Running rpm_check_debug Running Transaction Test Finished Transaction Test Transaction Test Succeeded Running Transaction Installing Installing Installing Installing Installing Installed: gfs-pcmk.x86_64 0:3.0.5-2.fc12 Dependency Installed: clusterlib.x86_64 0:3.0.5-2.fc12 Complete! [root@pcmk-1 x86_64]# dlm-pcmk.x86_64 0:3.0.5-2.fc12 openaislib.x86_64 0:1.1.0-1.fc12 gfs2-utils.x86_64 0:3.0.5-2.fc12 : clusterlib-3.0.5-2.fc12.x86_64 : openaislib-1.1.0-1.fc12.x86_64 : dlm-pcmk-3.0.5-2.fc12.x86_64 : gfs-pcmk-3.0.5-2.fc12.x86_64 : gfs2-utils-3.0.5-2.fc12.x86_64 1/5 2/5 3/5 4/5 5/5 | | 65 kB 93 kB 00:00 00:00 00:00 00:00 00:00 00:00
| 101 kB | 208 kB | 76 kB
58
crm
cib new stack-glue configure primitive dlm ocf:pacemaker:controld op monitor interval=120s configure clone dlm-clone dlm meta interleave=true configure show
[root@pcmk-1 ~]# crm crm(live)# cib new stack-glue INFO: stack-glue shadow CIB created crm(stack-glue)# configure primitive dlm ocf:pacemaker:controld op monitor interval=120s crm(stack-glue)# configure clone dlm-clone dlm meta interleave=true crm(stack-glue)# configure show xml crm(stack-glue)# configure show node pcmk-1 node pcmk-2 primitive WebData ocf:linbit:drbd \ params drbd_resource="wwwdata" \ op monitor interval="60s" primitive WebFS ocf:heartbeat:Filesystem \ params device="/dev/drbd/by-res/wwwdata" directory="/var/www/html" fstype="ext4" primitive WebSite ocf:heartbeat:apache \ params configfile="/etc/httpd/conf/httpd.conf" \ op monitor interval="1min" primitive ClusterIP ocf:heartbeat:IPaddr2 \ params ip="192.168.9.101" cidr_netmask="32" \ op monitor interval="30s" primitive dlm ocf:pacemaker:controld \ op monitor interval="120s" ms WebDataClone WebData \ meta master-max="1" master-node-max="1" clone-max="2" clone-node-max="1" notify="true" clone dlm-clone dlm \ meta interleave="true" location prefer-pcmk-1 WebSite 50: pcmk-1 colocation WebSite-with-WebFS inf: WebSite WebFS colocation fs_on_drbd inf: WebFS WebDataClone:Master colocation website-with-ip inf: WebSite ClusterIP order WebFS-after-WebData inf: WebDataClone:promote WebFS:start order WebSite-after-WebFS inf: WebFS WebSite order apache-after-ip inf: ClusterIP WebSite property $id="cib-bootstrap-options" \ dc-version="1.0.5-462f1569a43740667daf7b0f6b521742e9eb8fa7" \
16
cluster-infrastructure="openais" \ expected-quorum-votes=2 \ stonith-enabled="false" \ no-quorum-policy="ignore" rsc_defaults $id="rsc-options" \ resource-stickiness=100
Review the conguration before uploading it to the cluster, quitting the shell and watching the clusters response
Use the crm shell to create the gfs-control cluster resource: crm cib new gfs-glue configure primitive gfs-control ocf:pacemaker:controld params daemon=gfs_controld.pcmk args="-g 0" op monitor interval=120s configure clone gfs-clone gfs-control meta interleave=true \ \
[root@pcmk-1 ~]# crm crm(live)# cib new gfs-glue --force INFO: gfs-glue shadow CIB created crm(gfs-glue)# configure primitive gfs-control ocf:pacemaker:controld params daemon=gfs_controld.pcmk args="-g 0" op monitor interval=120s crm(gfs-glue)# configure clone gfs-clone gfs-control meta interleave=true
60
Now ensure Pacemaker only starts the gfs-control service on nodes that also have a copy of the dlm service (created above) already running
Review the conguration before uploading it to the cluster, quitting the shell and watching the clusters response configure show cib commit gfs-glue quit crm_mon
crm(gfs-glue)# configure show node pcmk-1 node pcmk-2 primitive WebData ocf:linbit:drbd \ params drbd_resource="wwwdata" \ op monitor interval="60s" primitive WebFS ocf:heartbeat:Filesystem \ params device="/dev/drbd/by-res/wwwdata" directory="/var/www/html" fstype="ext4" primitive WebSite ocf:heartbeat:apache \ params configfile="/etc/httpd/conf/httpd.conf" \ op monitor interval="1min" primitive ClusterIP ocf:heartbeat:IPaddr2 \ params ip="192.168.9.101" cidr_netmask="32" \ op monitor interval="30s" primitive dlm ocf:pacemaker:controld \ op monitor interval="120s" primitive gfs-control ocf:pacemaker:controld \ params daemon=gfs_controld.pcmk args=-g 0 \ op monitor interval="120s" ms WebDataClone WebData \ meta master-max="1" master-node-max="1" clone-max="2" clone-node-max="1" notify="true" clone dlm-clone dlm \ meta interleave="true" clone gfs-clone gfs-control \ meta interleave="true" location prefer-pcmk-1 WebSite 50: pcmk-1 colocation WebSite-with-WebFS inf: WebSite WebFS colocation fs_on_drbd inf: WebFS WebDataClone:Master colocation gfs-with-dlm inf: gfs-clone dlm-clone colocation website-with-ip inf: WebSite ClusterIP order WebFS-after-WebData inf: WebDataClone:promote WebFS:start order WebSite-after-WebFS inf: WebFS WebSite order apache-after-ip inf: ClusterIP WebSite order start-gfs-after-dlm inf: dlm-clone gfs-clone property $id="cib-bootstrap-options" \ dc-version="1.0.5-462f1569a43740667daf7b0f6b521742e9eb8fa7" \ cluster-infrastructure="openais" \ expected-quorum-votes=2 \ stonith-enabled="false" \
61
no-quorum-policy="ignore" rsc_defaults $id="rsc-options" \ resource-stickiness=100 crm(gfs-glue)# cib commit gfs-glue INFO: commited 'gfs-glue' shadow CIB to the cluster crm(gfs-glue)# quit bye [root@pcmk-1 ~]# crm_mon ============ Last updated: Thu Sep Stack: openais Current DC: pcmk-2 - partition with quorum Version: 1.0.5-462f1569a43740667daf7b0f6b521742e9eb8fa7 2 Nodes configured, 2 expected votes 6 Resources configured. ============ Online: [ pcmk-1 pcmk-2 ] WebSite (ocf::heartbeat:apache): Master/Slave Set: WebDataClone Masters: [ pcmk-1 ] Slaves: [ pcmk-2 ] ClusterIP (ocf::heartbeat:IPaddr): Clone Set: dlm-clone Started: [ pcmk-2 pcmk-1 ] Clone Set: gfs-clone Started: [ pcmk-2 pcmk-1 ] WebFS (ocf::heartbeat:Filesystem): Started pcmk-1 Started pcmk-2 Started pcmk-2 3 20:49:54 2009
62
63
Do this on each node in the cluster and be sure to restart them before continuing. mkfs.gfs2 -p lock_dlm -j 2 -t pcmk:web /dev/drbd1
[root@pcmk-1 ~]# mkfs.gfs2 -t pcmk:web -p lock_dlm -j 2 /dev/vdb This will destroy any data on /dev/vdb. It appears to contain: data Are you sure you want to proceed? [y/n] y Device: Blocksize: Device Size Filesystem Size: Journals: Resource Groups: Locking Protocol: Lock Table: UUID: [root@pcmk-1 ~]# /dev/vdb 4096 1.00 GB (131072 blocks) 1.00 GB (131070 blocks) 2 2 "lock_dlm" "pcmk:web" 6B776F46-177B-BAF8-2C2B-292C0E078613
Then (re)populate the new lesystem with data (web pages). For now well create another variation on our home page. mount /dev/drbd1 /mnt/ cat <<-END >/mnt/index.html <html> <body>My Test Site - GFS2</body> </html> END umount /dev/drbd1 drbdadm verify wwwdata
Cluster from Scratch - DRBD, GFS2 and Apache on Fedora 12
64
[root@pcmk-1 ~]# cat <<-END >/mnt/index.html > <html> > <body>My Test Site - drbd</body> > </html> > END [root@pcmk-1 ~]#
Now that weve recreated the resource, we also need to recreate all the constraints that used it. This is because the shell will automatically remove any constraints that referenced WebFS. configure colocation WebSite-with-WebFS inf: WebSite WebFS configure colocation fs_on_drbd inf: WebFS WebDataClone:Master configure order WebFS-after-WebData inf: WebDataClone:promote WebFS:start configure order WebSite-after-WebFS inf: WebFS WebSite configure colocation WebFS-with-gfs-control INFINITY: WebFS gfs-clone configure order start-WebFS-after-gfs-control mandatory: gfs-clone WebFS
configure show
crm(GFS2)# configure colocation WebSite-with-WebFS inf: WebSite WebFS crm(GFS2)# configure colocation fs_on_drbd inf: WebFS WebDataClone:Master crm(GFS2)# configure order WebFS-after-WebData inf: WebDataClone:promote WebFS:start crm(GFS2)# configure order WebSite-after-WebFS inf: WebFS WebSite crm(GFS2)# configure colocation WebFS-with-gfs-control INFINITY: WebFS gfs-clone crm(GFS2)# configure order start-WebFS-after-gfs-control mandatory: gfs-clone WebFS crm(GFS2)# configure show node pcmk-1 node pcmk-2 primitive WebData ocf:linbit:drbd \ params drbd_resource="wwwdata" \ op monitor interval="60s" primitive WebFS ocf:heartbeat:Filesystem \ params device="/dev/drbd/by-res/wwwdata" directory="/var/www/html" fstype=gfs2 primitive WebSite ocf:heartbeat:apache \ params configfile="/etc/httpd/conf/httpd.conf" \ op monitor interval="1min" primitive ClusterIP ocf:heartbeat:IPaddr2 \
65
params ip="192.168.9.101" cidr_netmask="32" \ op monitor interval="30s" primitive dlm ocf:pacemaker:controld \ op monitor interval="120s" primitive gfs-control ocf:pacemaker:controld \ params daemon=gfs_controld.pcmk args=-g 0 \ op monitor interval="120s" ms WebDataClone WebData \
meta master-max="1" master-node-max="1" clone-max="2" clone-node-max="1" notify="true" clone dlm-clone dlm \ meta interleave="true" clone gfs-clone gfs-control \ meta interleave="true" colocation WebFS-with-gfs-control inf: WebFS gfs-clone colocation WebSite-with-WebFS inf: WebSite WebFS colocation fs_on_drbd inf: WebFS WebDataClone:Master colocation gfs-with-dlm inf: gfs-clone dlm-clone colocation website-with-ip inf: WebSite ClusterIP order WebFS-after-WebData inf: WebDataClone:promote WebFS:start order WebSite-after-WebFS inf: WebFS WebSite order apache-after-ip inf: ClusterIP WebSite order start-WebFS-after-gfs-control inf: gfs-clone WebFS order start-gfs-after-dlm inf: dlm-clone gfs-clone property $id="cib-bootstrap-options" \ dc-version="1.0.5-462f1569a43740667daf7b0f6b521742e9eb8fa7" \ cluster-infrastructure="openais" \ expected-quorum-votes=2 \ stonith-enabled="false" \ no-quorum-policy="ignore" rsc_defaults $id="rsc-options" \ resource-stickiness=100
Review the conguration before uploading it to the cluster, quitting the shell and watching the clusters response cib commit GFS2 quit crm_mon
crm(GFS2)# cib commit GFS2 INFO: commited 'GFS2' shadow CIB to the cluster crm(GFS2)# quit bye [root@pcmk-1 ~]# crm_mon ============ Last updated: Thu Sep Stack: openais Current DC: pcmk-2 - partition with quorum Version: 1.0.5-462f1569a43740667daf7b0f6b521742e9eb8fa7 2 Nodes configured, 2 expected votes 6 Resources configured. ============ Online: [ pcmk-1 pcmk-2 ] WebSite (ocf::heartbeat:apache): Master/Slave Set: WebDataClone Masters: [ pcmk-1 ] Slaves: [ pcmk-2 ] Started pcmk-2 3 20:49:54 2009
66
ClusterIP (ocf::heartbeat:IPaddr): Clone Set: dlm-clone Started: [ pcmk-2 pcmk-1 ] Clone Set: gfs-clone Started: [ pcmk-2 pcmk-1 ] WebFS (ocf::heartbeat:Filesystem): Started pcmk-1 Started pcmk-2
Now we must tell the ClusterIP how to decide which requests are processed by which hosts. To do this we must specify the clusterip_hash parameter. Open the ClusterIP resource configure edit ClusterIP And add the following to the params line clusterip_hash="sourceip" So that the complete denition looks like:
primitive ClusterIP ocf:heartbeat:IPaddr2 \ params ip="192.168.9.101" cidr_netmask="32" clusterip_hash="sourceip" \ op monitor interval="30s"
67
configure show
[root@pcmk-1 ~]# crm crm(live)# cib new active INFO: active shadow CIB created crm(active)# configure clone WebIP ClusterIP crm(active)# configure show node pcmk-1 node pcmk-2 primitive WebData ocf:linbit:drbd \ params drbd_resource="wwwdata" \ op monitor interval="60s" primitive WebFS ocf:heartbeat:Filesystem \ params device="/dev/drbd/by-res/wwwdata" directory="/var/www/html" fstype=gfs2 primitive WebSite ocf:heartbeat:apache \ params configfile="/etc/httpd/conf/httpd.conf" \ op monitor interval="1min" primitive ClusterIP ocf:heartbeat:IPaddr2 \ params ip=192.168.9.101 cidr_netmask=32 clusterip_hash=sourceip \ op monitor interval="30s" primitive dlm ocf:pacemaker:controld \ op monitor interval="120s" primitive gfs-control ocf:pacemaker:controld \ params daemon=gfs_controld.pcmk args=-g 0 \ op monitor interval="120s" ms WebDataClone WebData \ meta master-max="1" master-node-max="1" clone-max="2" clone-node-max="1" notify="true" clone WebIP ClusterIP clone dlm-clone dlm \ meta interleave="true" clone gfs-clone gfs-control \ meta interleave="true" colocation WebFS-with-gfs-control inf: WebFS gfs-clone colocation WebSite-with-WebFS inf: WebSite WebFS colocation fs_on_drbd inf: WebFS WebDataClone:Master colocation gfs-with-dlm inf: gfs-clone dlm-clone colocation website-with-ip inf: WebSite WebIP order WebFS-after-WebData inf: WebDataClone:promote WebFS:start order WebSite-after-WebFS inf: WebFS WebSite order apache-after-ip inf: WebIP WebSite order start-WebFS-after-gfs-control inf: gfs-clone WebFS order start-gfs-after-dlm inf: dlm-clone gfs-clone property $id="cib-bootstrap-options" \ dc-version="1.0.5-462f1569a43740667daf7b0f6b521742e9eb8fa7" \ cluster-infrastructure="openais" \ expected-quorum-votes=2 \ stonith-enabled="false" \ no-quorum-policy="ignore" rsc_defaults $id="rsc-options" \ resource-stickiness=100 \ meta globally-unique=true clone-max=2 clone-node-max=2 \ meta globally-unique=true clone-max=2 clone-node-max=2
Notice how any constraints that referenced ClusterIP have been updated to use WebIP instead. This is an additional benet of using the crm shell. Next we need to convert the lesystem and Apache resources into clones. Again, the shell will automatically update any relevant constraints.
Cluster from Scratch - DRBD, GFS2 and Apache on Fedora 12
68
configure clone WebFSClone WebFS configure clone WebSiteClone WebSite The last step is to tell the cluster that it is now allowed to promote both instances to be Primary (aka. Master). configure edit WebDataClone Change master-max to 2 configure show
crm(active)# configure clone WebFSClone WebFS crm(active)# configure clone WebSiteClone WebSite crm(active)# configure edit WebDataClone crm(active)# configure show node pcmk-1 node pcmk-2 primitive WebData ocf:linbit:drbd \ params drbd_resource="wwwdata" \ op monitor interval="60s" primitive WebFS ocf:heartbeat:Filesystem \ params device="/dev/drbd/by-res/wwwdata" directory="/var/www/html" fstype=gfs2 primitive WebSite ocf:heartbeat:apache \ params configfile="/etc/httpd/conf/httpd.conf" \ op monitor interval="1min" primitive ClusterIP ocf:heartbeat:IPaddr2 \ params ip=192.168.9.101 cidr_netmask=32 clusterip_hash=sourceip \ op monitor interval="30s" primitive dlm ocf:pacemaker:controld \ op monitor interval="120s" primitive gfs-control ocf:pacemaker:controld \ params daemon=gfs_controld.pcmk args=-g 0 \ op monitor interval="120s" ms WebDataClone WebData \ meta master-max="2" master-node-max="1" clone-max="2" clone-node-max="1" notify="true" clone WebFSClone WebFS clone WebIP ClusterIP \ meta globally-unique=true clone-max=2 clone-node-max=2 clone WebSiteClone WebSite clone dlm-clone dlm \ meta interleave="true" clone gfs-clone gfs-control \ meta interleave="true" colocation WebFS-with-gfs-control inf: WebFSClone gfs-clone colocation WebSite-with-WebFS inf: WebSiteClone WebFSClone colocation fs_on_drbd inf: WebFSClone WebDataClone:Master colocation gfs-with-dlm inf: gfs-clone dlm-clone colocation website-with-ip inf: WebSiteClone WebIP order WebFS-after-WebData inf: WebDataClone:promote WebFSClone:start order WebSite-after-WebFS inf: WebFSClone WebSiteClone order apache-after-ip inf: WebIP WebSiteClone order start-WebFS-after-gfs-control inf: gfs-clone WebFSClone order start-gfs-after-dlm inf: dlm-clone gfs-clone property $id="cib-bootstrap-options" \ dc-version="1.0.5-462f1569a43740667daf7b0f6b521742e9eb8fa7" \ cluster-infrastructure="openais" \ expected-quorum-votes=2 \ stonith-enabled="false" \
69
no-quorum-policy="ignore" rsc_defaults $id="rsc-options" \ resource-stickiness=100
Review the conguration before uploading it to the cluster, quitting the shell and watching the clusters response
Recovery
70
Configure STONITH
Why You Need STONITH
STONITH is an acronym for Shoot-The-Other-Node-In-The-Head and it protects your data from being corrupted by rouge nodes or concurrent access. Just because a node is unresponsive, this doesnt mean it isnt accessing your data. The only way to be 100% sure that your data is safe, is to use STONITH so we can be certain that the node is truly ofine, before allowing the data to be accessed from another node. STONITH also has a role to play in the event that a clustered service cannot be stopped. In this case, the cluster uses STONITH to force the whole node ofine, thereby making it safe to start the service elsewhere.
Conguring STONITH
1. 2. Find the correct driver: stonith -L Since every device is different, the parameters needed to congure it will vary. To nd out the parameters required by the device: stonith -t {type} -n Hopefully the developers chose names that make sense, if not you can query for some additional information by nding an active cluster node and running: lrmadmin -M stonith {type} pacemaker The output should be XML formatted text containing additional parameter descriptions 3. Create a le called stonith.xml containing a primitive resource with a class of stonith, a type of {type} and a parameter for each of the values returned in step 2 4. Create a clone from the primitive resource if the device can shoot more than one node and supports multiple simultaneous connections. 5. Upload it into the CIB using cibadmin: cibadmin -C -o resources --xml-le stonith.xml
71
Example Assuming we have an IBM BladeCenter containing our two nodes and the management interface is active on 192.168.9.31, then we would chose the external/ibmrsa driver in step 2 and obtain the following list of parameters stonith -t external/ibmrsa -n
[root@pcmk-1 ~]# stonith -t external/ibmrsa -n hostname ipaddr userid passwd type
Assuming we know the username and password for the management interface, we would create a STONITH resource with the shell crm cib new active configure primitive rsa-fencing stonith::external/ibmrsa \ params hostname=pcmk-1 pcmk-2" ipaddr=192.168.9.31 userid=mgmt passwd=abc123 type=ibm \ op monitor interval="60s" configure clone Fencing rsa-fencing
[root@pcmk-1 ~]# crm crm(live)# cib new stonith INFO: stonith shadow CIB created crm(stonith)# configure primitive rsa-fencing stonith::external/ibmrsa \ params hostname=pcmk-1 pcmk-2" ipaddr=192.168.9.31 userid=mgmt passwd=abc123 type=ibm \ op monitor interval="60s" crm(stonith)# configure clone Fencing rsa-fencing
And nally, since we disabled it earlier, we need to re-enable STONITH configure property stonith-enabled="true" configure show
crm(stonith)# configure property stonith-enabled="true" crm(stonith)# configure show node pcmk-1 node pcmk-2 primitive WebData ocf:linbit:drbd \ params drbd_resource="wwwdata" \ op monitor interval="60s" primitive WebFS ocf:heartbeat:Filesystem \ params device="/dev/drbd/by-res/wwwdata" directory="/var/www/html" fstype=gfs2 primitive WebSite ocf:heartbeat:apache \ params configfile="/etc/httpd/conf/httpd.conf" \ op monitor interval="1min" primitive ClusterIP ocf:heartbeat:IPaddr2 \ params ip=192.168.9.101 cidr_netmask=32 clusterip_hash=sourceip \ op monitor interval="30s" primitive dlm ocf:pacemaker:controld \ op monitor interval="120s" primitive gfs-control ocf:pacemaker:controld \ params daemon=gfs_controld.pcmk args=-g 0 \ op monitor interval="120s" primitive rsa-fencing stonith::external/ibmrsa \
72
73
Configuration Recap
Final Cluster Conguration
crm configure show
[root@pcmk-1 ~]# crm configure show node pcmk-1 node pcmk-2 primitive WebData ocf:linbit:drbd \ params drbd_resource="wwwdata" \ op monitor interval="60s" primitive WebFS ocf:heartbeat:Filesystem \ params device="/dev/drbd/by-res/wwwdata" directory="/var/www/html" fstype=gfs2 primitive WebSite ocf:heartbeat:apache \ params configfile="/etc/httpd/conf/httpd.conf" \ op monitor interval="1min" primitive ClusterIP ocf:heartbeat:IPaddr2 \ params ip=192.168.9.101 cidr_netmask=32 clusterip_hash=sourceip \ op monitor interval="30s" primitive dlm ocf:pacemaker:controld \ op monitor interval="120s" primitive gfs-control ocf:pacemaker:controld \ params daemon=gfs_controld.pcmk args=-g 0 \ op monitor interval="120s" primitive rsa-fencing stonith::external/ibmrsa \ params hostname=pcmk-1 pcmk-2" ipaddr=192.168.9.31 userid=mgmt passwd=abc123 type=ibm \ op monitor interval="60s" ms WebDataClone WebData \ meta master-max="2" master-node-max="1" clone-max="2" clone-node-max="1" notify="true" clone Fencing rsa-fencing clone WebFSClone WebFS clone WebIP ClusterIP \ meta globally-unique=true clone-max=2 clone-node-max=2 clone WebSiteClone WebSite clone dlm-clone dlm \ meta interleave="true" clone gfs-clone gfs-control \ meta interleave="true" colocation WebFS-with-gfs-control inf: WebFSClone gfs-clone colocation WebSite-with-WebFS inf: WebSiteClone WebFSClone colocation fs_on_drbd inf: WebFSClone WebDataClone:Master colocation gfs-with-dlm inf: gfs-clone dlm-clone colocation website-with-ip inf: WebSiteClone WebIP order WebFS-after-WebData inf: WebDataClone:promote WebFSClone:start order WebSite-after-WebFS inf: WebFSClone WebSiteClone order apache-after-ip inf: WebIP WebSiteClone order start-WebFS-after-gfs-control inf: gfs-clone WebFSClone order start-gfs-after-dlm inf: dlm-clone gfs-clone
74
property $id="cib-bootstrap-options" \ dc-version="1.0.5-462f1569a43740667daf7b0f6b521742e9eb8fa7" \ cluster-infrastructure="openais" \ expected-quorum-votes=2 \ stonith-enabled=true \ no-quorum-policy="ignore" rsc_defaults $id="rsc-options" \ resource-stickiness=100
Node List
The list of cluster nodes is automatically populated by the cluster.
node pcmk-1 node pcmk-2
Cluster Options
This is where the cluster automatically stores some information about the cluster
dc-version - the version (including upstream source-code hash) of Pacemaker used on the DC cluster-infrastructure - the cluster infrastructure being used (heartbeat or openais) expected-quorum-votes - the maximum number of nodes expected to be part of the cluster
and where the admin can set options that control the way the cluster operates
stonith-enabled=true - Make use of STONITH no-quorum-policy=ignore - Ignore loss of quorum and continue to host resources.
property $id="cib-bootstrap-options" \ dc-version="1.0.5-462f1569a43740667daf7b0f6b521742e9eb8fa7" \ cluster-infrastructure="openais" \ expected-quorum-votes=2 \ stonith-enabled=true \ no-quorum-policy="ignore"
Resources
Default Options Here we congure cluster options that apply to every resource.
resource-stickiness - Specify the aversion to moving resources to other machines
rsc_defaults $id="rsc-options" \ resource-stickiness=100
Fencing
primitive rsa-fencing stonith::external/ibmrsa \ params hostname=pcmk-1 pcmk-2" ipaddr=192.168.9.31 userid=mgmt passwd=abc123 type=ibm \ op monitor interval="60s" clone Fencing rsa-fencing
75
Service Address Users of the services provided by the cluster require an unchanging address with which to access it. Additionally, we cloned the address so it will be active on both nodes. An iptables rule (created as part of the resource agent) is used to ensure that each request only processed by one of the two clone instances. The additional meta options tell the cluster that we want two instances of the clone (one request bucket for each node) and that if one node fails, then the remaining node should hold both.
primitive ClusterIP ocf:heartbeat:IPaddr2 \ params ip=192.168.9.101 cidr_netmask=32 clusterip_hash=sourceip \ op monitor interval="30s" clone WebIP ClusterIP \ meta globally-unique=true clone-max=2 clone-node-max=2
Distributed lock manager Cluster lesystems like GFS2 require a lock manager. This service starts the daemon that provides user-space applications (such as the GFS2 daemon) with access to the in-kernel lock manager. Since we need it to be available on all nodes in the cluster, we have it cloned.
primitive dlm ocf:pacemaker:controld \ op monitor interval="120s" clone dlm-clone dlm \ meta interleave="true"
Oracle control daemon GFS2 also needs a user-space/kernel bridge that runs on every node. So here we have another clone, however this time we must also specify that it can only run on machines that are also running the DLM (colocation constraint) and that it can only be started after the DLM is running (order constraint). Additionally, the gfs-control clone should only care about the DLM instances it is paired with, so we need to set the interleave option.
primitive gfs-control ocf:pacemaker:controld \ params daemon=gfs_controld.pcmk args=-g 0 \ op monitor interval="120s" clone gfs-clone gfs-control \ meta interleave="true" colocation gfs-with-dlm inf: gfs-clone dlm-clone order start-gfs-after-dlm inf: dlm-clone gfs-clone
DRBD - Shared Storage Here we dene the DRBD service and specify which DRBD resource (from drbd.conf) it should manage. We make it a master/slave resource and, in order to have an active/active setup, allow both instances to be promoted by specifying master-max=2. We also set the notify option so that the cluster will tell DRBD agent when its peer changes state.
primitive WebData ocf:linbit:drbd \ params drbd_resource="wwwdata" \ op monitor interval="60s" ms WebDataClone WebData \ meta master-max="2" master-node-max="1" clone-max="2" clone-node-max="1" notify="true"
Cluster Filesystem The cluster lesystem ensures that les are read and written correctly. We need to specify the block device (provided by DRBD), where we want it mounted and that we are using GFS2. Again it is a clone because it is intended to be active on both nodes. The additional constraints ensure that it can only be started on nodes with active gfs-control and drbd instances.
Cluster from Scratch - DRBD, GFS2 and Apache on Fedora 12
76
primitive WebFS ocf:heartbeat:Filesystem \ params device="/dev/drbd/by-res/wwwdata" directory="/var/www/html" fstype=gfs2 clone WebFSClone WebFS colocation WebFS-with-gfs-control inf: WebFSClone gfs-clone colocation fs_on_drbd inf: WebFSClone WebDataClone:Master order WebFS-after-WebData inf: WebDataClone:promote WebFSClone:start order start-WebFS-after-gfs-control inf: gfs-clone WebFSClone
Apache Lastly we have the actual service, Apache. We need only tell the cluster where to nd its main conguration le and restrict it to running on nodes that have the required lesystem mounted and the IP address active.
primitive WebSite ocf:heartbeat:apache \ params configfile="/etc/httpd/conf/httpd.conf" \ op monitor interval="1min" clone WebSiteClone WebSite colocation WebSite-with-WebFS inf: WebSiteClone WebFSClone colocation website-with-ip inf: WebSiteClone WebIP order apache-after-ip inf: WebIP WebSiteClone order WebSite-after-WebFS inf: WebFSClone WebSiteClone
77
78
# Please read the openais.conf.5 manual page compatibility: whitetank aisexec { # Run as root - this is necessary to be able to manage resources with Pacemaker user: } service { # Load the Pacemaker Cluster Resource Manager ver: name: use_logd: } totem { version: 2 # How long before declaring a token lost (ms) token: 5000 0 pacemaker yes root group: root
use_mgmtd: yes
# How many token retransmits before forming a new configuration token_retransmits_before_loss_const: 10 # How long to wait for join messages in the membership protocol (ms) join: 1000
# How long to wait for consensus to be achieved before starting a new round of membership configuration (ms) consensus: 2500
# Number of messages that may be sent by one processor on receipt of the token max_messages: 20
# Stagger sending the node join messages by 1..send_join ms send_join: 45 # Limit generated nodeids to 31-bits (positive signed integers) clear_node_high_bit: yes
79
# Optionally assign a fixed node id (integer) # nodeid: interface { ringnumber: 0 # The following values need to be set based on your environment bindnetaddr: 192.168.9.0 mcastaddr: 226.94.1.1 mcastport: 4000 } } logging { debug: off fileline: off to_syslog: yes to_stderr: off syslog_facility: daemon timestamp: on } amf { mode: disabled } 1234
80
81