Installation et pré-configuration de CoroSync
remarque: les actions suivantes sont à réaliser sur les deux noeuds.
Installer les paquets nécessaires :
# aptitude install corosync pacemaker
Autoriser le démarrage de CoroSync :
# sed -i 's/START=no/START=yes/' /etc/default/corosync
Sauvegarder la configuration par défaut de CoroSync :
# cp /etc/corosync/corosync.conf /etc/corosync/corosync.conf.original
Modifier le fichier hosts :
# sed -i 's/^10.20.*$/10.20.30.1\tvm-debian1.france.local\tvm-debian1\n10.20.30.2\tvm-debian2.france.local\tvm-debian2/' /etc/hosts
Générer une paire de clés RSA pour SSH (sans mot de passe) :
# ssh-keygen -b 2048
Copier la clé publique sur le second noeud :
# if hostname | grep -q 1; then ssh-copy-id $(hostname | sed 's/1/2/'); else ssh-copy-id $(hostname | sed 's/2/1/'); fi
remarque: les actions suivantes sont à réaliser sur le premier noeud.
Générer des I/O :
# dd if=/dev/urandom of=/tmp/temp bs=1024 count=1000000&
En parallèle, générer une clé pour Corosync :
# corosync-keygen
Supprimer le fichier temporaire précédemment créé :
# rm /tmp/temp
Copier la clé précédemment générée sur le second noeud :
# scp /etc/corosync/authkey sfrafilx02:/etc/corosync/authkey
remarque: les actions suivantes sont à réaliser sur les deux noeuds.
Modifier le fichier de configuration de Corosync
# vim /etc/corosync/corosync.conf
# Please read the openais.conf.5 manual page
totem {
version: 2
# How long before declaring a token lost (ms)
token: 3000
# How many token retransmits before forming a new configuration
token_retransmits_before_loss_const: 10
# How long to wait for join messages in the membership protocol (ms)
join: 60
# How long to wait for consensus to be achieved before starting a new round of membership configuration (ms)
consensus: 3600
# Turn off the virtual synchrony filter
vsftype: none
# Number of messages that may be sent by one processor on receipt of the token
max_messages: 20
# Limit generated nodeids to 31-bits (positive signed integers)
clear_node_high_bit: yes
# Disable encryption
secauth: off
# How many threads to use for encryption/decryption
threads: 0
# Optionally assign a fixed node id (integer)
# nodeid: 1234
# This specifies the mode of redundant ring, which may be none, active, or passive.
rrp_mode: none
interface {
# The following values need to be set based on your environment
ringnumber: 0
bindnetaddr: 10.20.30.1
mcastaddr: 226.94.1.1
mcastport: 5405
}
}
amf {
mode: disabled
}
service {
# Load the Pacemaker Cluster Resource Manager
ver: 0
name: pacemaker
use_mgmtd: 1
}
aisexec {
user: root
group: root
}
logging {
fileline: off
to_stderr: yes
to_logfile: yes
logfile: /var/log/corosync.log
logfile_priority: info
to_syslog: no
syslog_facility: daemon
debug: off
timestamp: on
logger_subsys {
subsys: AMF
debug: off
tags: enter|leave|trace1|trace2|trace3|trace4|trace6
}
}
Démarrer CoroSync :
# /etc/init.d/corosync start
Vérifier l’état du cluster :
# crm_mon -1
Préparation des agents pour l’Open Cluster Framework (OCF)
Ajouter un agent OCF HTTPCheck :
# mkdir /usr/lib/ocf/resource.d/myscripts # vim /usr/lib/ocf/resource.d/myscripts/HTTPCheck
#!/bin/sh
#
#
# HTTPCheck OCF RA. It checks the accessibility of a Web resource.
#
# Copyright (c) 2004 SUSE LINUX AG, Lars Marowsky-Bré
# All Rights Reserved.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of version 2 of the GNU General Public License as
# published by the Free Software Foundation.
#
# This program is distributed in the hope that it would be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
#
# Further, this software is distributed without any warranty that it is
# free of the rightful claim of any third person regarding infringement
# or the like. Any license provided herein, whether implied or
# otherwise, applies only to this software file. Patent licenses, if
# any, provided herein do not apply to combinations of this program with
# other software, or any other product whatsoever.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write the Free Software Foundation,
# Inc., 59 Temple Place - Suite 330, Boston MA 02111-1307, USA.
#
#######################################################################
# OCF parameters:
# OCF_RESKEY_url : Web resource URL
#
#######################################################################
# Initialization:
. ${OCF_ROOT}/resource.d/heartbeat/.ocf-shellfuncs
#######################################################################
meta_data() {
cat <<END
<?xml version="1.0"?>
<!DOCTYPE resource-agent SYSTEM "ra-api-1.dtd">
<resource-agent name="HTTPCheck" version="0.9">
<version>1.0</version>
<longdesc lang="en">
This is HTTPCheck Resource Agent.
It checks the accessibility of a Web resource using wget binary.
Remember that you can configure wget options through /etc/wgetrc
configuration file.
</longdesc>
<shortdesc lang="en">HTTPCheck resource agent</shortdesc>
<parameters>
<parameter name="url" unique="0" required="1">
<longdesc lang="en">
This is a required parameter. This parameter specifies the Web resource to check.
</longdesc>
<shortdesc lang="en">Web resource</shortdesc>
<content type="string" default="www.debian.org" />
</parameter>
<parameter name="state" unique="1">
<longdesc lang="en">
Location to store the resource state in.
</longdesc>
<shortdesc lang="en">State file</shortdesc>
<content type="string" default="${HA_VARRUN}/OCF-{OCF_RESOURCE_INSTANCE}.state" />
</parameter>
</parameters>
<actions>
<action name="start" timeout="15" />
<action name="stop" timeout="15" />
<action name="monitor" timeout="15" interval="10" depth="0" start-delay="0" />
<action name="meta-data" timeout="5" />
<action name="validate-all" timeout="30" />
</actions>
</resource-agent>
END
}
#######################################################################
httpcheck_usage() {
cat <<END
usage: $0 {start|stop|monitor|validate-all|meta-data}
Expects to have a fully populated OCF RA-compliant environment set.
END
}
httpcheck_start() {
httpcheck_monitor
if [ $? = $OCF_SUCCESS ]; then
return $OCF_SUCCESS
fi
/usr/bin/wget -q -t 1 -T 4 --no-dns-cache --no-cache -4 -O ${OCF_RESKEY_state} $OCF_RESKEY_url
}
httpcheck_stop() {
httpcheck_monitor
if [ $? != $OCF_NOT_RUNNING ]; then
rm ${OCF_RESKEY_state}
fi
return $OCF_SUCCESS
}
httpcheck_monitor() {
# Monitor _MUST!_ differentiate correctly between running
# (SUCCESS), failed (ERROR) or _cleanly_ stopped (NOT RUNNING).
# That is THREE states, not just yes/no.
if [ ! -f ${OCF_RESKEY_state} ]; then
return $OCF_NOT_RUNNING
else
if /usr/bin/wget -q -t 1 -T 4 --no-dns-cache --no-cache -4 -O ${OCF_RESKEY_state} $OCF_RESKEY_url; then
return $OCF_SUCCESS
else
return $OCF_ERR_GENERIC
fi
fi
}
httpcheck_validate() {
# Is the state directory writable?
state_dir=`dirname "$OCF_RESKEY_state"`
touch "$state_dir/$$"
if [ $? != 0 ]; then
return $OCF_ERR_ARGS
fi
rm "$state_dir/$$"
return $OCF_SUCCESS
}
: ${OCF_RESKEY_CRM_meta_interval=0}
: ${OCF_RESKEY_CRM_meta_globally_unique:="true"}
if [ "x$OCF_RESKEY_state" = "x" ]; then
if [ ${OCF_RESKEY_CRM_meta_globally_unique} = "false" ]; then
state="${HA_VARRUN}/OCF-${OCF_RESOURCE_INSTANCE}.state"
# Strip off the trailing clone marker
OCF_RESKEY_state=`echo $state | sed s/:[0-9][0-9]*\.state/.state/`
else
OCF_RESKEY_state="${HA_VARRUN}/OCF-${OCF_RESOURCE_INSTANCE}.state"
fi
fi
if [ "x$OCF_RESKEY_url" = "x" ]; then
OCF_RESKEY_url="www.debian.org"
fi
case $__OCF_ACTION in
meta-data) meta_data;;
start) httpcheck_start;;
stop) httpcheck_stop;;
monitor) httpcheck_monitor;;
validate-all) httpcheck_validate;;
usage|help) httpcheck_usage
exit $OCF_SUCCESS
;;
*) httpcheck_usage
exit $OCF_ERR_UNIMPLEMENTED
;;
esac
rc=$?
ocf_log debug "${OCF_RESOURCE_INSTANCE} $__OCF_ACTION : $rc"
exit $rc
# chmod +x /usr/lib/ocf/resource.d/myscripts/HTTPCheck
Corriger l’agent OCF Squid :
# cp /usr/lib/ocf/resource.d/heartbeat/Squid /usr/lib/ocf/resource.d/heartbeat/Squid.original
# vim /usr/lib/ocf/resource.d/heartbeat/Squid
ligne 198 : awk '/(tcp.*[0-9]+\.[0-9]+\.+[0-9]+\.[0-9]+:'$SQUID_PORT' |tcp.*:::'$SQUID_PORT' )/{
Configuration du cluster Pacemaker (CRM)
remarque: les actions suivantes sont à réaliser sur le premier noeud. Configurer les ressources du cluster :
# crm configure property stonith-enabled=false
# crm configure property no-quorum-policy=ignore
# crm configure rsc_defaults resource-stickiness=100
# crm configure primitive ClusterIP ocf:heartbeat:IPaddr2 \
params ip=10.20.30.3 cidr_netmask=24 \
op monitor interval=30
# crm configure primitive Proxy ocf:heartbeat:Squid \
params squid_exe="/usr/sbin/squid3" squid_conf="/etc/squid3/squid.conf" squid_pidfile="/var/run/squid3.pid" squid_port="3128" squid_stop_timeout="30" \
op start interval="0" timeout="60s" \
op stop interval="0" timeout="120s" \
op monitor interval="20s" timeout="30s"
# crm configure primitive HTTPCheck ocf:myscripts:HTTPCheck \
params url="kb.france.local" \
op monitor interval="120s"
# crm configure primitive WebSite lsb:apache2 op monitor interval="60sec"
# crm configure location proxy-prefer-node1 Proxy 50: vm-debian1
# crm configure location website-prefer-node1 WebSite 50: vm-debian1
# crm configure colocation proxy-with-clusterip inf: Proxy ClusterIP
# crm configure colocation website-with-clusterip inf: WebSite ClusterIP
# crm configure colocation httpcheck-with-proxy inf: HTTPCheck Proxy
# crm configure order apache-after-clusterip inf: ClusterIP WebSite
# crm configure order squid-after-clusterip inf: ClusterIP Proxy
# crm configure order httpcheck-after-proxy inf: Proxy HTTPCheck