AN!Cluster Tutorial 2
| Alteeve Wiki :: How To :: AN!Cluster Tutorial 2 | 
|  | Warning: This updated tutorial is not yet complete. Please do not follow this tutorial until this warning has been removed! | 
|  | Note: This is the second release of the 2-Node Red Hat KVM Cluster Tutorial. | 

This paper has one goal;
- Create an easy to use, fully redundant platform for virtual servers.
What's New?
In the last two years, we've learned a lot about how to make an even more solid high-availability platform. We've created tools to make monitoring and management of the virtual servers and nodes trivially easy. This updated release of our tutorial brings these advances to you!
- Many refinements to the cluster stack that protect against corner cases seen over the last two years.
- Configuration naming convention changes to support the new AN!CDB dashboard.
- Addition of the AN!CM monitoring and alert system.
A Note on Terminology
In this tutorial, we will use the following terms;
- Anvil!: This is our name for the HA platform as a whole.
- Nodes: The physical hardware servers used as members in the cluster and which host the virtual servers.
- Servers: The virtual servers themselves.
- Compute Pack: This describes a pair of nodes that work together to power highly-available servers.
- Foundation Pack: This describes the switches, PDUs and UPSes used to power and connect the nodes.
- Monitor Pack: This describes the equipment used for the AN!CDB management dashboard.
Why Should I Follow This (Lengthy) Tutorial?
Following this tutorial is not the lightest undertaking. It is designed to teach you all the inner details of building an HA platform for VMs. When finished, you will have a detailed and deep understanding of what it takes to build a fully redundant platform for high-availability virtual machines. It's not a light undertaking, but a very worthwhile one if you want to understand high-availability.
If you want to build a VM cluster as quickly and efficiently as possible, AN! provides an installer script which automates most all of the cluster build.
In either case, when finished, you will have the following benefits;
- Totally open source. Everything. This guide and all software used is open!
- You can host virtual servers running almost any operating system.
- The HA platform requires no access to the servers and no special software needs to be installed. Your users may well never know that they're on a virtual machine.
- Your servers will be transparently made highly-available. Most hardware failures will be totally transparent. The most core failures will cause an outage of roughly 30 to 90 seconds.
- Storage is synchronously replicated, guaranteeing that the total destruction of a node will cause no more data loss than a traditional server losing power.
- Storage is replicated without the need for a SAN, reducing cost and providing totally storage redundancy.
- Live-migration of virtual servers enables upgrading and node maintenance without downtime. No more weekend maintenance!
- With the AN! cluster monitoring, total monitoring of the HA stack, from predictive hardware failure detection to simple live migration alerts in a single application.
Ask your local VMWare or Microsoft Hyper-V sales person what they'd charge for all this. :)
High-Level Explanation of How HA Clustering Works
|  | Note: This section is an adaptation of this post to the Linux-HA mailing list. | 
Before digging into the details, it might help to start with a high-level explanation of how HA clustering works.
Corosync uses the totem protocol for "heartbeat"-like monitoring of the other node's health. A token is passed around to each node, the node does some work (like acknowledge old messages, send new ones), and then it passes the token on to the next node. This goes around and around all the time. Should a node note pass it's token on after a short time-out period, the token is declared lost, an error count goes up and a new token is sent. If too many tokens are lost in a row, the node is declared lost.
Once the node is declared lost, the remaining nodes reform a new cluster. If enough nodes are left to form quorum (simple majority), then the new cluster will continue to provide services. In two-node clusters, like the ones we're building here, quorum is disabled so each node can work on it's own.
Corosync itself only cares about cluster membership and message passing. What happens after the cluster reforms is up to the cluster manager, cman, and the cluster resource manager, rgmanager.
The first thing cman does after being notified that a node was lost is initiate a fence against the lost node. This is a process where the lost node is powered off, called power fencing, or cut off from the network/storage, called fabric fencing. In either case, the idea is to make sure that the lost node is in a known state. If this is skipped, the node could recover later and try to provide cluster services, not having realized that it was removed from the cluster. This could cause problems from confusing switches to corrupting data.
When rgmanager is told that membership has changed because a node died, it looks to see what services might have been lost. Once it knows what was lost, it looks at the rules it's been given and decides what to do. These rules are defined in the cluster.conf's <rm> element. We'll go into detail on this later.
In two-node clusters, there is also a chance of a "split-brain". Because quorum has to be disabled, it is possible for both nodes to think the other node is dead and both try to provide the same cluster services. By using fencing, after the nodes break from one another (which could happen with a network failure, for example), neither node will offer services until one of them has fenced the other. The faster node will win and the slower node will shut down (or be isolated). The survivor can then run services safely without risking a split-brain.
Once the dead/slower node has been fenced, rgmanager then decides what to do with the services that had been running on the lost node. Generally, this means "restart the service here that had been running on the dead node". The details of this, though, are decided by you when you configure the resources in rgmanager. As we will see with each node's local storage service, the service is not recovered but instead left stopped.
The Task Ahead
Before we start, let's take a few minutes to discuss clustering and its complexities.
A Note on Patience
When someone wants to become a pilot, they can't jump into a plane and try to take off. It's not that flying is inherently hard, but it requires a foundation of understanding. Clustering is the same in this regard; there are many different pieces that have to work together just to get off the ground.
You must have patience.
Like a pilot on their first flight, seeing a cluster come to life is a fantastic experience. Don't rush it! Do your homework and you'll be on your way before you know it.
Coming back to earth:
Many technologies can be learned by creating a very simple base and then building on it. The classic "Hello, World!" script created when first learning a programming language is an example of this. Unfortunately, there is no real analogue to this in clustering. Even the most basic cluster requires several pieces be in place and working together. If you try to rush by ignoring pieces you think are not important, you will almost certainly waste time. A good example is setting aside fencing, thinking that your test cluster's data isn't important. The cluster software has no concept of "test". It treats everything as critical all the time and will shut down if anything goes wrong.
Take your time, work through these steps, and you will have the foundation cluster sooner than you realize. Clustering is fun because it is a challenge.
Technologies We Will Use
- Red Hat Enterprise Linux 6 (EL6); You can use a derivative like CentOS v6. Specifically, we're using 6.4.
- Red Hat Cluster Services "Stable" version 3. This describes the following core components:
- Corosync; Provides cluster communications using the totem protocol.
- Cluster Manager (cman); Manages the starting, stopping and managing of the cluster.
- Resource Manager (rgmanager); Manages cluster resources and services. Handles service recovery during failures.
- Clustered Logical Volume Manager (clvm); Cluster-aware (disk) volume manager. Backs GFS2 filesystems and KVM virtual machines.
- Global File Systems version 2 (gfs2); Cluster-aware, concurrently mountable file system.
 
- Distributed Redundant Block Device (DRBD); Keeps shared data synchronized across cluster nodes.
- KVM; Hypervisor that controls and supports virtual machines.
- Alteeve's Niche! Cluster DashBoard and Cluster Monitor
A Note on Hardware

Another new change is that Alteeve's Niche!, after years of experimenting with various hardware vendors, has partnered with Fujitsu. We chose them because of the unparalleled quality of their equipment.
This tutorial can be used on any manufacturer's hardware, provided it meets the minimum requirements listed below. That said, we strongly recommend readers give Fujitsu's RX-line of servers a close look. We do not get a discount for this recommendation, we genuinely love the quality of their gear. The only technical argument for using Fujitsu hardware is that we do all our cluster stack monitoring software development on Fujitsu RX200 and RX300 servers. So we can say with confidence that the AN! Software components will work well on their kit.
If you use any other hardware vendor and run into any trouble, please don't hesitate to contact us. We want to make sure that our HA stack works on as many systems as possible and will be happy to help out. Of course, all Alteeve code is open source, so contributions are always welcome, too!
System Requirements
The goal of this tutorial is to help you build an HA platform with zero single points of failure. In order to do this, certain minimum technical requirements must be met.
Bare minimum requirements;
- Two servers with the following;
- CPUs with [hardware-accelerated virtualization].
- Redundant power supplies
- IPMI or vendor-specific out-of-band management, like Fujitsu's iRMC, HP's iLO, Dell's iDRAC, etc.
- Six network interfaces, 1 Gbit or faster (yes, six!)
- 2 GiB of RAM and 44.5 GiB of storage for the host operating system, plus sufficient RAM and storage for your VMs.
 
- Two switched PDUs; APC-brand recommended but any with a supported fence agent is fine.
- Two network switches
Recommended Hardware; A Little More Detail
The previous section covers the bare-minimum system requirements for following this tutorial. If you are looking to production, we need to discuss important considerations for selecting hardware.
The Most Important Consideration - Storage
There is probably no single consideration more important than choosing the storage you will use.
In our years of building Anvil! HA platforms, we've found no single issue more important than storage latency. This is true for all virtualized environments, in fact.
The problem is this:
Multiple servers on shared storage can cause particularly random storage access. Traditional hard drives have disks with mechanical read/write heads on the ends of arms that sweep back and forth across the disk surfaces. These platters are broken up into "tracks" and each track is itself cut up into "sectors". So when a server needs to read or write data, the hard drive needs to sweep the arm over the track it wants and then wait there for the sector it wants to pass underneath.
This time taken to get the read/write head onto the track and then wait for the sector to pass underneath is called "seek latency". How long this latency actually takes depends on a few things;
- How fast are the platters rotating? The faster the platter speed, the less time it takes for a sector to pass under the read/write head.
- How fast the read/write arms can move and how far they have to travel between tracks. Highly random read/write requests can cause a lot of head travel.
- How many read/write requests are backed up in the queue. A problem that arises when the requests coming in are faster than the drive can service existing requests.
When many people think about hard drives, they generally worry about maximum write speeds. For environments with many virtual servers, this is actually far less important than it might seem. Reducing latency to ensure that read/write requests don't back up is far more important. If too many requests back-up in the cache, storage performance can collapse or stall out entirely.
This is particularly problematic when multiple servers try to boot at the same time. If, for example, a node with multiple servers dies, the surviving node will try to start the lost servers at nearly the same time. This causes a sudden dramatic rise in read requests and can cause all servers to hang entirely, a condition called a "boot storm".
Thankfully, this latency problem can be easily dealt with in one of three ways;
- Use solid-state drives. These have no moving parts, so there is no penalty for highly random read/write requests.
- Use fast platter drives and proper RAID controllers with write-back caching.
- Isolate each server onto dedicated platter drives.
Each of these solutions have benefits and downsides;
| Pro | Con | |
|---|---|---|
| Fast drives + Write-back caching | 15,000rpm SAS drives are extremely reliable and the high rotation speeds minimize latency caused by waiting for sectors to pass under the read/write heads. Using multiple drives in RAID level 5 or level 6 breaks up reads and writes into smaller pieces, allowing requests to be serviced quickly and helping keep the read/write buffer empty. Write-caching allows RAM-like write speeds and the ability to re-order disk access to minimize head movement. | The main con is the number of disks needed to get effective performance gains from striping. AN! Always uses a minimum of six disks, and many entry-level servers support a maximum of 4 drives. So you need to account for the number of disks you plan to use when selecting your hardware. | 
| SSDs | No moving parts mean that read and write requests do not have to wait for mechanical movements to happen, drastically reducing latency. The minimum number of drives for SSD-based configuration is two. | Solid state drives use NAND flash, which can only be written to a finite number of times. All drives in our Anvil! will be written to roughly the same amount, so hitting this write-limit could mean that all drives in both nodes would fail at nearly the same time. Avoiding this requires careful monitoring of the drives and replacing them before their write limits are hit. | 
| Isolated Storage | Dedicating hard drives to virtual servers avoids the highly random read/write issues found when multiple servers share the same storage. This allows for the safe use of cheap, inexpensive hard drives. This also means that dedicated hardware RAID controllers with battery-backed cache are not needed. This makes it possible to save a good amount of money in the hardware design. | The obvious down-side to isolated storage is that you significantly limit the number of servers you can host on your Anvil!. If you only need to support one or two servers though, this should not be an issue. | 
The last piece to consider is the interface of the drives used, be they SSDs or traditional HDDs. The two common interface types are SATA and SAS.
- SATA HDD drives generally have a platter speed of 7,200rpm. The SATA interface has limited instruction set and provides minimal health reporting. These are "consumer" grade devices that are far less expensive, and far less reliable, than SAS drives.
- SAS drives are generally aimed at the enterprise environment and are built to much higher quality standards. SAS HDDs have rotational speeds of up to 15,000rpm and can handle far more read/write operations per second. Enterprise SSDs using the SAS interface are also much more reliable than their commercial counterpart. The main downside to SAS drives is their cost.
In all production environments, we strongly, strongly recommend SAS-connected drives. For learning, SATA drives are fine.
RAM - Preparing For Degradation
RAM is a far simpler topic than storage, thankfully. Here, all you need to do is add up how much RAM you plan to assign to servers, add at least 2 GiB for the host, and then install that much memory in your nodes.
In production, there are two technologies you will want to consider;
- ECC, error correction code, provide the ability for RAM to recover from single-bit errors. If you are familiar with how [[1]] in RAID arrays work, ECC in RAM is the same idea. This is often included in server-class hardware by default. It is highly recommended.
- Memory Mirroring is, continuing our storage comparison, RAID level 1 for RAM. All writes to memory go to two different chips. Should one fail, the contents of the RAM can still be read from the surviving module.
Never Over Provision!
"Over-provisioning", also called "This provisioning" is a concept made popular in many "cloud" technologies. It is a concept that has almost no place in HA environments.
A common example is creating virtual disks of a given apparent size, but which only pull space from real storage as needed. So if you created a "thin" virtual disk that was 80 GiB large, but only 20 GiB worth of data was used, only 20 GiB from the real storage would be used.
In essence; Over-provisioning is where you allocate more resources to servers than the nodes can actually provide, banking on the hopes that most servers will not use all of the resource allocated to them. The danger here, and the reason it has no place in HA, is that if the servers collectively use more resources than the nodes can provide, someone is going to crash.
CPU Cores - Possibly Acceptable Over-Provisioning
Over provisioning of RAM and storage is never acceptable in an HA environment, as mentioned. Over-allocating CPU cores is possibly acceptable though.
When selecting which CPUs to use in your nodes, the number of cores and the speed of the cores will determine how much computational horse-power you have to allocate to your servers. The main considerations are;
- Core speed; Any given "thread" can be processed by a single CPU core at a time. The faster the given core is, the faster it can process any given request. Many applications do not support multithreading, meaning that the only way to improve performance is to use faster cores, not more cores.
- Core count; Some applications support breaking up jobs into many threads, and passing them to multiple CPU cores at the same time for simultaneous processing. This way, the application feels faster to users because each CPU has to do less work to get a job done. Another benefit of multiple cores is that if one application consumes the processing power of a single core, other cores remain available for other applications, preventing processor congestion.
In processing, each CPU "core" can handle one program "thread" at a time. Since the earliest days of multitasking, operating systems have been able to handle threads waiting for a CPU resource to free up. So the risk of over-provisioning CPUs is restricted to performance issues only.
If you're building an Anvil! to support multiple servers and it's important that, no matter how busy the other servers are, the performance of each server can not degrade, then you need to be sure you have as many real CPU cores as you plan to assign to servers.
So for example, if you plan to have three servers and you plan to allocate each server four virtual CPU cores, you need a minimum of 13 real CPU cores (3 servers x 4 cores each plus at least one core for the node). In this scenario, you will want to choose servers with dual 8-core CPUs, for a total of 16 available real CPU cores. You may choose to buy two 6-core CPUs, for a total of 12 real cores, but you risk congestion still. If all three servers fully utilize their four cores at the same time, the host OS will be left with no available core for it's software, which manages the HA stack.
In many cases, however, risking a performance loss under periods of high CPU load is acceptable. In these cases, allocating more virtual cores than you have real cores is fine. Should the load of the servers climb to a point where all real cores are under 100% utilization, then some applications will slow down as they wait for their turn in the CPU.
In the end, the decision whether to over-provision CPU cores or not, and if so, by how much to over-provision, is up to you, the reader. Remember to consider balancing out faster cores with the number of cores. If your expected load will be short burst of computationally intense jobs, few-but-faster cores may be the best solution.
A Note on Hyper-Threading
Intel's hyper-threading technology can make a CPU appear to the OS to have twice as many real cores than it actually has. For example, a CPU listed as "4c/8t" (four cores, eight threads) will appear to the node as a simple 8-core CPU. In fact, you only have four cores and the additional four cores are emulated attempts to make more efficient use of the processing of each core.
Simply put, the idea behind this technology is to "slip in" a second thread when the CPU would otherwise be idle. For example, if the CPU core has to wait for memory to be fetched for the currently active thread, instead of sitting idle, a thread in the second core will be worked on.
How much benefit this gives you in the real world is debatable and highly depended on your applications. For the purposes of HA, it's recommended to not count the "HT cores" as real cores. That is to say, when calculating load, treat "4c/8t" CPUs as simple 4-core CPUs.
Six Network Interfaces, Seriously?
Yes, seriously.
Obviously, you can put everything on a single network card and your HA software will work, but it would be highly ill advised.
We will go into the network configuration at length later on. For now, here's an overview;
- Each network needs two links in order to be fault-tolerant. One link will go to the first network switch and the second link will go to the second network switch. This way, the failure of a network cable, port or switch will not interrupt traffic.
- There are three main networks in an Anvil!;
- Back-Channel Network; This is used by the cluster stack and is sensitive to latency. Delaying traffic on this network can cause the nodes the "partition", breaking the cluster stack.
- Storage Network; All disk writes will travel over this network. As such, it is easy to saturate this network. Sharing this traffic with other services would mean that it's very possible to significantly impact network performance under high disk write loads. For this reason, it is isolated.
- Internet-Facing Network; This network carries traffic to and from your servers. By isolating this network, users of your servers will never experience performance loss during storage or cluster high loads. Likewise, if your users place a high load on this network, it will not impact the ability of the Anvil! to function properly. It also isolates untrusted network traffic.
 
So, three networks, each using two links for redundancy, means that we need six network interfaces. Further complicating things, it is strongly recommended that you use three separate dual-port network cards. Using a single network card, as we will discuss in detail later, leaves you vulnerable to losing entire networks should the controller fail.
A Note on Dedicated IPMI Interfaces
Some server manufacturers provide access to IPMI using the same physical interface as one of the on-board network cards. Usually these companies provide optional upgrades to break the IPMI connection out to a dedicated network connector.
Whenever possible, it is recommended that you go with a dedicated IPMI connection.
We've found that it rarely, if ever, is possible for a node to talk to it's own network interface using a shared physical port. This is not strictly a problem, but it can certainly make testing and diagnostics easier when the node can ping and query it's own IPMI interface over the network.
Network Switches
The ideal switches to use in HA clustering are stackable, managed pair of switches. At the very least, a pair of switches that support VLANs is recommended. None of this is strictly required, but here are the reasons they're recommended;
- VLAN allows for totally isolating the BCN, SN and IFN traffic. This adds security and reduces broadcast traffic.
- Manages switches provide a unified interface for configuring both switches at the same time. This drastically simplifies complex configurations, like setting up VLANs that span the physical switches.
- Stacking provides a link between the two switches that effectively makes them work like one. Generally, this bandwidth available in the stack cable is much higher than the bandwidth of individual ports. This provides a high-speed link for all three VLANs in one cable and it allows for multiple links to fail without risking performance degradation. We'll talk more about this later.
Beyond these suggested features, there are a few other things to consider when choosing switches;
| Feature | Consideration | 
|---|---|
| MTU size | # The default packet size on a network if 1500 bytes. If you build your VLANs in software, you need to account for the extra size needed for the VLAN header. If your switch supports "Jumbo Frames", then there should be no problem. However, some cheap switches do not support jumbo frames, requiring you to reduce the MTU size value for the interfaces on your nodes. 
 | 
| Packets Per Second | This is a measure of how many packets can be routed per second, and generally is a reflection of the switch's processing power and memory. Cheaper switches will not have the ability to route a high number of packets at the same time, potentially causing congestion. | 
| Multicast Groups | Some fancy switches, like some Cisco hardware, doesn't maintain multicast groups persistently. The cluster software uses multicast for communication, so if your switch drops a multicast group, it will cause your cluster to partition. If you have a managed switch, ensure that persistent multicast groups are enabled. We'll talk more about this later. | 
| Port speed and count versus Internal Fabric Bandwidth | A switch that has, say, 48 Gbps ports may not be able to route 48 Gbps. This is a problem similar to over-provisioning we discussed above. If an inexpensive 48 port switch has an internal switch fabric of only 20 Gbps, then it can handle only up to 20 saturated ports at a time. Be sure to review the internal fabric capacity and make sure it's high enough to handle all connected interfaces running full speed. Note, of course, that only one link in a given bond will be active at a time. | 
| Uplink speed | If you have a gigabit switch and you simply link the ports between the two switches, the link speed will be limited to 1 gigabit. Normally, all traffic will be kept on one switch, so this is fine in principle. If a single link fails over to the backup switch, then it will bounce up to the main switch at full speed. However, if a second link fails, both will be sharing the single gigabit uplink, so there is a risk of congestion on the link. If you can't get stacked switches, which generally have 10 Gbps speeds or higher, then look for switches with 10 Gbps dedicated uplink ports and use those for uplinks. Keep in mind that using ports for uplinks, instead of a stacking cable, will mean that each uplink port will be restricted to the VLAN it's a member of (or you need to share the uplink across multiple VLANs, breaking the isolation). | 
| Port Trunking | If your existing network supports it, choosing a switch with port trunking provides a backup link from the foundation pack switches to the main network. This extends the network redundancy out to the rest of your network. | 
There are numerous other valid considerations when choosing network switches for your Anvil!. These are the most prescient considerations, though.
Why Switched PDUs?
We will discuss this in detail later on, but in short, when a node stops responding, we can not simply assume that it is dead. To do so would be to risk a "split-brain" condition which can lead to data divergence, data loss and data corruption.
To deal with this, we need a mechanism of putting a node that is in an unknown state into a known state. A process called "fencing". Many people who build HA platforms use the IPMI interface for this purpose, as will we. The idea here is that, when a node stops responding, the surviving node connects to the lost node's IPMI interface and forces the machine to power off. The IPMI BMC is, effectively, a little computer inside the main computer, so it will work regardless of what state the node itself is in.
Once the node has been confirmed to be off, the services that had been running on it can be restarted on the remaining good node, safe in knowing that the lost peer is not also hosting these services. In our case, these "services" are the shared storage and the virtual servers.
There is a problem with this though. Actually, two.
- The IPMI draws it's power from the same power source as the server itself. If the host node loses power entirely, IPMI goes down with the host.
- The IPMI BMC has a single network interface and it is a single device.
Thus, if we relied on IPMI-based fencing alone, we'd have a single point of failure. If the surviving node can not put a lost node into a known state, it will hang, by design. The logic being that as bad as a hung cluster is, it's better than risking production. So what this means is that, with IPMI-based fencing alone, the loss of power to a single node would not be automatically recoverable.
That just will not do!
To make fencing redundant, we will use switched PDUs. Think of these as network-connected power bars.
Imagine now that one of the nodes blew itself up. The surviving node would try to connect to it's IPMI interface and, of course, get no response. Then it would log into both PDUs (one behind either side of the redundant power supplies) and cut the power going to the node. By doing this, we now have a way of putting a lost node into a known state.
So now, no matter how badly things go wrong, we can always recover!
Network Managed UPSes Are Worth It
We have found that a surprising number of issues that effect service availability are power related. A network-connected smart UPS allows you to monitor the power coming from the building mains. Thanks to this, we've been able to detect far more than simple "lost power" events. We've been able to detect failing transformers and regulators, over and under voltage events... Things that, if caught ahead of time, not only avoids full power outages, but also protects the rest of your gear that isn't protected by UPSes.
So strictly speaking, you don't need network managed UPSes. However, we have found them worth their weight in gold and thus strongly recommend them. We will, of course, be using them in this tutorial.
Dashboard Servers
The Anvil! will be managed by AN!CDB - Cluster Dashboard dashboard, a small little dedicated server. This can be a virtual machine on a laptop or desktop, or a dedicated little server. All that matters is that it can run RHEL or CentOS version 6 with a minimal desktop.
Normally, we setup a couple ASUS EeeBox machines, for redundancy of course, hanging off the back of a monitor. Then users can connect to the dashboard using a browser from any device and control the servers and nodes easily from it. It also provides KVM-like access to the servers on the Anvil!, allowing them to work on the servers when they can't connect over the network. For this reason, you will probably want to pair up the dashboard machines with a monitor that offers a decent resolution to make it easy to see the desktop of the hosted servers.
What You Should Know Before Beginning
It is assumed that you are familiar with Linux systems administration, specifically Red Hat Enterprise Linux and its derivatives. You will need to have somewhat advanced networking experience as well. You should be comfortable working in a terminal (directly or over ssh). Familiarity with XML will help, but is not terribly required as its use here is pretty self-evident.
If you feel a little out of depth at times, don't hesitate to set this tutorial aside. Browse over to the components you feel the need to study more, then return and continue on. Finally, and perhaps most importantly, you must have patience! If you have a manager asking you to "go live" with a cluster in a month, tell him or her that it simply won't happen. If you rush, you will skip important points and you will fail.
Patience is vastly more important than any pre-existing skill.
A Word On Complexity
Introducing the Fabimer Principle:
Clustering is not inherently hard, but it is inherently complex. Consider:
- Any given program has N bugs.
- RHCS uses; cman, corosync, dlm, fenced, rgmanager, and many more smaller apps.
- We will be adding DRBD, GFS2, clvmd, libvirtd and KVM.
- Right there, we have N^10 possible bugs. We'll call this A.
 
- A cluster has Y nodes.
- In our case, 2 nodes, each with 3 networks across 6 interfaces bonded into pairs.
- The network infrastructure (Switches, routers, etc). We will be using two managed switches, adding another layer of complexity.
- This gives us another Y^(2*(3*2))+2, the +2 for managed switches. We'll call this B.
 
- Let's add the human factor. Let's say that a person needs roughly 5 years of cluster experience to be considered an proficient. For each year less than this, add a Z "oops" factor, (5-Z)^2. We'll call this C.
- So, finally, add up the complexity, using this tutorial's layout, 0-years of experience and managed switches.
- (N^10) * (Y^(2*(3*2))+2) * ((5-0)^2) == (A * B * C) == an-unknown-but-big-number.
 
This isn't meant to scare you away, but it is meant to be a sobering statement. Obviously, those numbers are somewhat artificial, but the point remains.
Any one piece is easy to understand, thus, clustering is inherently easy. However, given the large number of variables, you must really understand all the pieces and how they work together. DO NOT think that you will have this mastered and working in a month. Certainly don't try to sell clusters as a service without a lot of internal testing.
Clustering is kind of like chess. The rules are pretty straight forward, but the complexity can take some time to master.
Overview of Components
When looking at a cluster, there is a tendency to want to dive right into the configuration file. That is not very useful in clustering.
- When you look at the configuration file, it is quite short.
Clustering isn't like most applications or technologies. Most of us learn by taking something such as a configuration file, and tweaking it to see what happens. I tried that with clustering and learned only what it was like to bang my head against the wall.
- Understanding the parts and how they work together is critical.
You will find that the discussion on the components of clustering, and how those components and concepts interact, will be much longer than the initial configuration. It is true that we could talk very briefly about the actual syntax, but it would be a disservice. Please don't rush through the next section, or worse, skip it and go right to the configuration. You will waste far more time than you will save.
- Clustering is easy, but it has a complex web of inter-connectivity. You must grasp this network if you want to be an effective cluster administrator!
Component; cman
The cman portion of the the cluster is the cluster manager. In the 3.0 series used in EL6, cman acts mainly as a quorum provider. That is, is adds up the votes from the cluster members and decides if there is a simple majority. If there is, the cluster is "quorate" and is allowed to provide cluster services.
The cman service will be used to start and stop all of the components needed to make the cluster operate.
Component; corosync
Corosync is the heart of the cluster. Almost all other cluster compnents operate though this.
In Red Hat clusters, corosync is configured via the central cluster.conf file. It can be configured directly in corosync.conf, but given that we will be building an RHCS cluster, we will only use cluster.conf. That said, almost all corosync.conf options are available in cluster.conf. This is important to note as you will see references to both configuration files when searching the Internet.
Corosync sends messages using multicast messaging by default. Recently, unicast support has been added, but due to network latency, it is only recommended for use with small clusters of two to four nodes. We will be using multicast in this tutorial.
A Little History
There were significant changes between RHCS the old version 2 and version 3 available on EL6, which we are using.
In the RHCS version 2, there was a component called openais which provided totem. The OpenAIS project was designed to be the heart of the cluster and was based around the Service Availability Forum's Application Interface Specification. AIS is an open API designed to provide inter-operable high availability services.
In 2008, it was decided that the AIS specification was overkill for most clustered applications being developed in the open source community. At that point, OpenAIS was split in to two projects: Corosync and OpenAIS. The former, Corosync, provides totem, cluster membership, messaging, and basic APIs for use by clustered applications, while the OpenAIS project became an optional add-on to corosync for users who want the full AIS API.
You will see a lot of references to OpenAIS while searching the web for information on clustering. Understanding its evolution will hopefully help you avoid confusion.
The Future of Corosync
In EL6, corosync is version 1.4. Upstream, however, it's passed version 2. One of the major changes in the 2+ version is that corosync becomes a quorum provider, helping to remove the need for cman. If you experiment with clustering on Fedora, for example, you will find that cman is gone entirely.
Concept; quorum
Quorum is defined as the minimum set of hosts required in order to provide clustered services and is used to prevent split-brain situations.
The quorum algorithm used by the RHCS cluster is called "simple majority quorum", which means that more than half of the hosts must be online and communicating in order to provide service. While simple majority quorum is a very common quorum algorithm, other quorum algorithms exist (grid quorum, YKD Dyanamic Linear Voting, etc.).
The idea behind quorum is that, when a cluster splits into two or more partitions, which ever group of machines has quorum can safely start clustered services knowing that no other lost nodes will try to do the same.
Take this scenario;
- You have a cluster of four nodes, each with one vote.
- The cluster's expected_votes is 4. A clear majority, in this case, is 3 because (4/2)+1, rounded down, is 3.
- Now imagine that there is a failure in the network equipment and one of the nodes disconnects from the rest of the cluster.
- You now have two partitions; One partition contains three machines and the other partition has one.
- The three machines will have quorum, and the other machine will lose quorum.
- The partition with quorum will reconfigure and continue to provide cluster services.
- The partition without quorum will withdraw from the cluster and shut down all cluster services.
 
When the cluster reconfigures and the partition wins quorum, it will fence the node(s) in the partition without quorum. Once the fencing has been confirmed successful, the partition with quorum will begin accessing clustered resources, like shared filesystems.
This also helps explain why an even 50% is not enough to have quorum, a common question for people new to clustering. Using the above scenario, imagine if the split were 2 and 2 nodes. Because either can't be sure what the other would do, neither can safely proceed. If we allowed an even 50% to have quorum, both partition might try to take over the clustered services and disaster would soon follow.
There is one, and only one except to this rule.
In the case of a two node cluster, as we will be building here, any failure results in a 50/50 split. If we enforced quorum in a two-node cluster, there would never be high availability because and failure would cause both nodes to withdraw. The risk with this exception is that we now place the entire safety of the cluster on fencing, a concept we will cover in a second. Fencing is a second line of defense and something we are loath to rely on alone.
Even in a two-node cluster though, proper quorum can be maintained by using a quorum disk, called a qdisk. Unfortunately, qdisk on a DRBD resource comes with its own problems, so we will not be able to use it here.
Concept; Virtual Synchrony
Many cluster operations, like distributed locking and so on, have to occur in the same order across all nodes. This concept is called "virtual synchrony".
This is provided by corosync using "closed process groups", CPG. A closed process group is simply a private group of processes in a cluster. Within this closed group, all messages between members are ordered. Delivery, however, is not guaranteed. If a member misses messages, it is up to the member's application to decide what action to take.
Let's look at two scenarios showing how locks are handled using CPG;
- The cluster starts up cleanly with two members.
- Both members are able to start service:foo.
- Both want to start it, but need a lock from DLM to do so.
- The an-c05n01 member has its totem token, and sends its request for the lock.
- DLM issues a lock for that service to an-c05n01.
- The an-c05n02 member requests a lock for the same service.
- DLM rejects the lock request.
 
- The an-c05n01 member successfully starts service:foo and announces this to the CPG members.
- The an-c05n02 sees that service:foo is now running on an-c05n01 and no longer tries to start the service.
- The two members want to write to a common area of the /shared GFS2 partition.
- The an-c05n02 sends a request for a DLM lock against the FS, gets it.
- The an-c05n01 sends a request for the same lock, but DLM sees that a lock is pending and rejects the request.
- The an-c05n02 member finishes altering the file system, announces the changed over CPG and releases the lock.
- The an-c05n01 member updates its view of the filesystem, requests a lock, receives it and proceeds to update the filesystems.
- It completes the changes, annouces the changes over CPG and releases the lock.
 
Messages can only be sent to the members of the CPG while the node has a totem token from corosync.
Concept; Fencing
|  | Warning: DO NOT BUILD A CLUSTER WITHOUT PROPER, WORKING AND TESTED FENCING. | 

Fencing is a absolutely critical part of clustering. Without fully working fence devices, your cluster will fail.
Sorry, I promise that this will be the only time that I speak so strongly. Fencing really is critical, and explaining the need for fencing is nearly a weekly event.
So then, let's discuss fencing.
When a node stops responding, an internal timeout and counter start ticking away. During this time, no DLM locks are allowed to be issued. Anything using DLM, including rgmanager, clvmd and gfs2, are effectively hung. The hung node is detected using a totem token timeout. That is, if a token is not received from a node within a period of time, it is considered lost and a new token is sent. After a certain number of lost tokens, the cluster declares the node dead. The remaining nodes reconfigure into a new cluster and, if they have quorum (or if quorum is ignored), a fence call against the silent node is made.
The fence daemon will look at the cluster configuration and get the fence devices configured for the dead node. Then, one at a time and in the order that they appear in the configuration, the fence daemon will call those fence devices, via their fence agents, passing to the fence agent any configured arguments like username, password, port number and so on. If the first fence agent returns a failure, the next fence agent will be called. If the second fails, the third will be called, then the forth and so on. Once the last (or perhaps only) fence device fails, the fence daemon will retry again, starting back at the start of the list. It will do this indefinitely until one of the fence devices succeeds.
Here's the flow, in point form:
- The totem token moves around the cluster members. As each member gets the token, it sends sequenced messages to the CPG members.
- The token is passed from one node to the next, in order and continuously during normal operation.
- Suddenly, one node stops responding.
- A timeout starts (~238ms by default), and each time the timeout is hit, and error counter increments and a replacement token is created.
- The silent node responds before the failure counter reaches the limit.
- The failure counter is reset to 0
- The cluster operates normally again.
 
 
- Again, one node stops responding.
- Again, the timeout begins. As each totem token times out, a new packet is sent and the error count increments.
- The error counts exceed the limit (4 errors is the default); Roughly one second has passed (238ms * 4 plus some overhead).
- The node is declared dead.
- The cluster checks which members it still has, and if that provides enough votes for quorum.
- If there are too few votes for quorum, the cluster software freezes and the node(s) withdraw from the cluster.
- If there are enough votes for quorum, the silent node is declared dead.
- corosync calls fenced, telling it to fence the node.
- The fenced daemon notifies DLM and locks are blocked.
- Which fence device(s) to use, that is, what fence_agent to call and what arguments to pass, is gathered.
- For each configured fence device:
- The agent is called and fenced waits for the fence_agent to exit.
- The fence_agent's exit code is examined. If it's a success, recovery starts. If it failed, the next configured fence agent is called.
 
- If all (or the only) configured fence fails, fenced will start over.
- fenced will wait and loop forever until a fence agent succeeds. During this time, the cluster is effectively hung.
 
- Once a fence_agent succeeds, fenced notifies DLM and lost locks are recovered.
- GFS2 partitions recover using their journal.
- Lost cluster resources are recovered as per rgmanager's configuration (including file system recovery as needed).
 
 
 
- Normal cluster operation is restored, minus the lost node.
This skipped a few key things, but the general flow of logic should be there.
This is why fencing is so important. Without a properly configured and tested fence device or devices, the cluster will never successfully fence and the cluster will remain hung until a human can intervene.
Is "Fencing" the same as STONITH?
Yes.
In the old days, there were two distinct open-source HA clustering stacks. The Linux-HA's project used the term "STONITH", an acronym for "Shoot The Other Node In The Head", for fencing. Red Hat's cluster stack used the term "fencing" for the same concept.
We prefer the term "fencing" because the fundamental goal is to put the target node into a state where it can not effect cluster resources or provide clustered services. This can be accomplished by powering it off, called "power fencing", or by disconnecting it from SAN storage and/or network, a process called "fabric fencing".
The term "STONITH", based on it's acronym, implies power fencing. This is not a big deal, but it is the reason this tutorial sticks with the term "fencing".
Component; totem
The totem protocol defines message passing within the cluster and it is used by corosync. A token is passed around all the nodes in the cluster, and nodes can only send messages while they have the token. A node will keep its messages in memory until it gets the token back with no "not ack" messages. This way, if a node missed a message, it can request it be resent when it gets its token. If a node isn't up, it will simply miss the messages.
The totem protocol supports something called 'rrp', Redundant Ring Protocol. Through rrp, you can add a second backup ring on a separate network to take over in the event of a failure in the first ring. In RHCS, these rings are known as "ring 0" and "ring 1". The RRP is being re-introduced in RHCS version 3. Its use is experimental and should only be used with plenty of testing.
Component; rgmanager
When the cluster membership changes, corosync tells the rgmanager that it needs to recheck its services. It will examine what changed and then will start, stop, migrate or recover cluster resources as needed.
Within rgmanager, one or more resources are brought together as a service. This service is then optionally assigned to a failover domain, an subset of nodes that can have preferential ordering.
The rgmanager daemon runs separately from the cluster manager, cman. This means that, to fully start the cluster, we need to start both cman and then rgmanager.
What about Pacemaker?
Pacemaker is also a resource manager, like rgmanager. You can not use both in the same cluster.
Back prior to 2008, there were two distinct open-source cluster projects;
- Red Hat's Cluster Service
- Linux-HA's Heartbeat
Pacemaker was born out of the Linux-HA project as an advanced resource manager that could use either heartbeat or openais for cluster membership and communication. Unlike RHCS and heartbeat, it's sole focus was resource management.
In 2008, plans were made to begin the slow process of merging the two independent stacks into one. As mentioned in the corosync overview, it replaced openais and became the default cluster membership and communication layer for both RHCS and Pacemaker. Development of heartbeat was ended, though Linbit continues to maintain the heartbeat code to this day.
The fence and resource agents, software that acts as a glue between the cluster and the devices and resource they manage, were merged next. You can now use the same set of agents on both pacemaker and RHCS.
Red Hat introduced pacemaker as "Tech Preview" in RHEL 6.0. It has been available beside RHCS ever since, though support is not offered yet*.
Red Hat has a strict policy of not saying what will happen in the future. That said, the speculation is that Pacemaker will become supported soon and will replace rgmanager entirely in RHEL 7, given that cman and rgmanager no longer exist upstream in Fedora.
So why don't we use pacemaker here?
We believe that, no matter how promising software looks, stability is king. Pacemaker on other distributions has been stable and supported for a long time. However, on RHEL, it's a recent addition and the developers have been doing a tremendous amount of work on pacemaker and associated tools. For this reason, we feel that on RHEL 6, pacemaker is too much of a moving target at this time. That said, we do intend to switch to pacemaker some time in the next year or two, depending on how the Red Hat stack evolves.
Component; qdisk
|  | Note: qdisk does not work reliably on a DRBD resource, so we will not be using it in this tutorial. | 
A Quorum disk, known as a qdisk is small partition on SAN storage used to enhance quorum. It generally carries enough votes to allow even a single node to take quorum during a cluster partition. It does this by using configured heuristics, that is custom tests, to decided which node or partition is best suited for providing clustered services during a cluster reconfiguration. These heuristics can be simple, like testing which partition has access to a given router, or they can be as complex as the administrator wishes using custom scripts.
Though we won't be using it here, it is well worth knowing about when you move to a cluster with SAN storage.
Component; DRBD
DRBD; Distributed Replicating Block Device, is a technology that takes raw storage from two nodes and keeps their data synchronized in real time. It is sometimes described as "network RAID Level 1", and that is conceptually accurate. In this tutorial's cluster, DRBD will be used to provide that back-end storage as a cost-effective alternative to a traditional SAN device.
DRBD is, fundamentally, a raw block device. If you've ever used mdadm to create a software RAID array, then you will be familiar with this.
Think of it this way;
With traditional software raid, you would take;
- /dev/sda5 + /dev/sdb5 -> /dev/md0
With DRBD, you have this;
- node1:/dev/sda5 + node2:/dev/sda5 -> both:/dev/drbd0
In both cases, as soon as you create the new md0 or drbd0 device, you pretend like the member devices no longer exist. You format a filesystem onto /dev/md0, use /dev/drbd0 as an LVM physical volume, and so on.
The main difference with DRBD is that the /dev/drbd0 will always be the same on both nodes. If you write something to node 1, it's instantly available on node 2, and vice versa. Of course, this means that what ever you put on top of DRBD has to be "cluster aware". That is to say, the program or file system using the new /dev/drbd0 device has to understand that the contents of the disk might change because of another node.
Component; Clustered LVM
With DRBD providing the raw storage for the cluster, we must next consider partitions. This is where Clustered LVM, known as CLVM, comes into play.
CLVM is ideal in that by using DLM, the distributed lock manager. It won't allow access to cluster members outside of corosync's closed process group, which, in turn, requires quorum.
It is ideal because it can take one or more raw devices, known as "physical volumes", or simple as PVs, and combine their raw space into one or more "volume groups", known as VGs. These volume groups then act just like a typical hard drive and can be "partitioned" into one or more "logical volumes", known as LVs. These LVs are where KVM's virtual machine guests will exist and where we will create our GFS2 clustered file system.
LVM is particularly attractive because of how flexible it is. We can easily add new physical volumes later, and then grow an existing volume group to use the new space. This new space can then be given to existing logical volumes, or entirely new logical volumes can be created. This can all be done while the cluster is online offering an upgrade path with no down time.
Component; GFS2
With DRBD providing the clusters raw storage space, and Clustered LVM providing the logical partitions, we can now look at the clustered file system. This is the role of the Global File System version 2, known simply as GFS2.
It works much like standard filesystem, with user-land tools like mkfs.gfs2, fsck.gfs2 and so on. The major difference is that it and clvmd use the cluster's distributed locking mechanism provided by the dlm_controld daemon. Once formatted, the GFS2-formatted partition can be mounted and used by any node in the cluster's closed process group. All nodes can then safely read from and write to the data on the partition simultaneously.
|  | Note: GFS2 is only supported when run on top of Clustered LVM LVs. This is because, in certain error states, gfs2_controld will call dmsetup to disconnect the GFS2 partition from its storage in certain failure states. | 
Component; DLM
One of the major roles of a cluster is to provide distributed locking for clustered storage and resource management.
Whenever a resource, GFS2 filesystem or clustered LVM LV needs a lock, it sends a request to dlm_controld which runs in userspace. This communicates with DLM in kernel. If the lockspace does not yet exist, DLM will create it and then give the lock to the requester. Should a subsequant lock request come in for the same lockspace, it will be rejected. Once the application using the lock is finished with it, it will release the lock. After this, another node may request and receive a lock for the lockspace.
If a node fails, fenced will alert dlm_controld that a fence is pending and new lock requests will block. After a successful fence, fenced will alert DLM that the node is gone and any locks the victim node held are released. At this time, other nodes may request a lock on the lockspaces the lost node held and can perform recovery, like replaying a GFS2 filesystem journal, prior to resuming normal operation.
Note that DLM locks are not used for actually locking the file system. That job is still handled by plock() calls (POSIX locks).
Component; KVM
Two of the most popular open-source virtualization platforms available in the Linux world today and Xen and KVM. The former is maintained by Citrix and the other by Redhat. It would be difficult to say which is "better", as they're both very good. Xen can be argued to be more mature where KVM is the "official" solution supported by Red Hat in EL6.
We will be using the KVM hypervisor within which our highly-available virtual machine guests will reside. It is a type-1 hypervisor, which means that the host operating system runs directly on the bare hardware. Contrasted against Xen, which is a type-2 hypervisor where even the installed OS is itself just another virtual machine.
Node Installation
This section is going to be intentionally vague, as I don't want to influence too heavily what hardware you buy or how you install your operating systems. However, we need a baseline, a minimum system requirement of sorts. Also, I will refer fairly frequently to my setup, so I will share with you the details of what I bought. Please don't take this as an endorsement though... Every cluster will have its own needs, and you should plan and purchase for your particular needs.
In my case, my goal was to have a low-power consumption setup and I knew that I would never put my cluster into production as it's strictly a research and design cluster. As such, I can afford to be quite modest.
Node Host Names
Before we begin, let
We need to decide what naming convention and IP ranges to use for our nodes and their networks.
The IP addresses and subnets you decide to use are completely up to you. The host names though need to follow a certain standard, if you wish to use the AN!CDB dashboard, as we will do here. Specifically, the node names on your nodes must end in n01 for node #1 and n02 for node #2. The reason for this will be discussed later.
The node host name convention that we've created is this:
- xx-cYYn0{1,2}
- xx is a two or three letter prefix used to denote the company, group or person who owns the Anvil!
- cYY is a simple zero-padded sequence number number.
- n0{1,2} indicated the node in the cluster.
 
In this tutorial, the Anvil! is owned and operated by "Alteeve's Niche!", so the prefix "an" is used. This is the fifth cluster we've got, so the cluster name is an-cluster-05, so the host name's cluster number is c05. Thus, node #1 is named an-c05n01 and node #2 is named an-c05n02.
As we have three distinct networks, we have three network-specific suffixes we apply to these host names which we will map to subnets in /etc/hosts later.
- <hostname>.bcn; Back-Channel Network host name.
- <hostname>.sn; Storage Network hostname.
- <hostname>.ifn; Internet-Facing Network host name.
Again, what you use is entirely up to you. Just remember that the node's host name must end in n01 and n02 for AN!CDB to work.
Foundation Pack Host Names
The foundation pack devices, switches, PDUs and UPSes, can support multiple Anvil! platforms. Likewise, the dashboard servers support multiple Anvil!s as well. For this reason, the cXX portion of the host name does not make sense when choosing host names for these devices.
As always, you are free to choose host names that make sense to you. For this tutorial, the following host names are used;
| Device | Host name | Examples | Note | 
|---|---|---|---|
| Network Switches | xx-sYY | 
 | The xx prefix is the owner's prefix and YY is a simple sequence number. | 
| Switched PDUs | xx-pYY | 
 | The xx prefix is the owner's prefix and YY is a simple sequence number. | 
| Network Managed UPSes | xx-uYY | 
 | The xx prefix is the owner's prefix and YY is a simple sequence number. | 
| Dashboard Servers | xx-mYY | 
 | The xx prefix is the owner's prefix and YY is a simple sequence number. Note that the m letter was chosen for historical reasons. The dashboard used to be called "monitoring servers". For consistency with existing dashboards, m has remained. Note also that the dashboards will connect to both the BCN and SN, so like the nodes, host names with the .bcn and .ifn suffixes will be used. | 
OS Installation
|  | Warning: EL6.1 shipped with a version of corosync that had a token retransmit bug. On slower systems, there would be a form of race condition which would cause totem tokens the be retransmitted and cause significant performance problems. This has been resolved in EL6.2 so please be sure to upgrade. | 
Beyond being based on RHEL 6, there are no requirements for how the operating system is installed. This tutorial is written using "minimal" installs, and as such, installation instructions will be provided that will install all needed packages if they aren't already installed on your nodes.
A few notes about the installation used for this tutorial;
- RHCS stable 3 supports selinux, but it is disabled in this tutorial.
- Both iptables and ip6tables firewalls are disabled.
Obviously, this significantly reduces the security of your nodes. For learning, which is the goal here, this helps keep a focus on the clustering and simplifies debugging when things go wrong. In production clusters though, these steps are ill advised. It is strongly suggested that you enable first the firewall, then when that is working, enabling selinux. Leaving selinux for last is intentional, as it generally takes the most work to get right.
Network Security
When building production clusters, you will want to consider two options with regard to network security.
First, the interfaces connected to an untrusted network, like the Internet, should not have an IP address, though the interfaces themselves will need to be up so that virtual machines can route through them to the outside world. Alternatively, anything inbound from the virtual machines or inbound from the untrusted network should be DROPed by the firewall.
Second, if you can not run the cluster communications or storage traffic on dedicated network connections over isolated subnets, you will need to configure the firewall to block everything except the ports needed by storage and cluster traffic. The default ports are below.
| Component | Protocol | Port | Note | 
|---|---|---|---|
| dlm | TCP | 21064 | |
| drbd | TCP | 7788+ | Each DRBD resource will use an additional port, generally counting up (ie: r0 will use 7788, r1 will use 7789, r2 will use 7790 and so on). | 
| luci | TCP | 8084 | Optional web-based configuration tool, not used in this tutorial. | 
| modclusterd | TCP | 16851 | |
| ricci | TCP | 11111 | Each DRBD resource will use an additional port, generally counting up (ie: r1 will use 7790, r2 will use 7791 and so on). | 
| totem | UDP/multicast | 5404, 5405 | Uses a multicast group for cluster communications | 
|  | Note: As of EL6.2, you can now use unicast for totem communication instead of multicast. This is not advised, and should only be used for clusters of two or three nodes on networks where unresolvable multicast issues exist. If using gfs2, as we do here, using unicast for totem is strongly discouraged. | 
Network
Before we begin, let's take a look at a block diagram of what we're going to build. This will help when trying to see what we'll be talking about.
A Map!
  Nodes                                                                                        \_/                                                                                           
  ____________________________________________________________________________             _____|____              ____________________________________________________________________________ 
 | an-c05n01.alteeve.ca                                                       |  /--------{_Internet_}---------\  |                                                       an-c05n02.alteeve.ca |
 |                                 Network:                                   |  |                             |  |                                   Network:                                 |
 |                                 _________________     _____________________|  |  _________________________  |  |_____________________     _________________                                 |
 |      Servers:                  |      vbr2       |---| bond2               |  | | an-s01         Switch 1 | |  |               bond2 |---|      vbr2       |                  Servers:      |
 |      _______________________   |   10.255.50.1   |   | ____________________|  | |____ Internet-Facing ____| |  |____________________ |   |   10.255.50.2   |  .........................     |
 |     | [ vm01-win2008 ]      |  |_________________|   || eth2               =----=_01_]    Network    [_02_=----=               eth2 ||   |_________________|  :      [ vm01-win2008 ] :     |
 |     |   ____________________|    | : | | : : | |     || 00:1B:21:81:C3:34 ||  | |____________________[_24_=-/  || 00:1B:21:81:C2:EA ||     : : | | : : | :    :____________________   :     |
 |     |  | NIC 1              =----/ : | | : : | |     ||___________________||  | | an-s02         Switch 2 |    ||___________________||     : : | | : : | :----=              NIC 1 |  :     |
 |     |  | 10.255.1.1        ||      : | | : : | |     | ____________________|  | |____                 ____|    |____________________ |     : : | | : : |      :|        10.255.1.1 |  :     |
 |     |  | ..:..:..:..:..:.. ||      : | | : : | |     || eth5               =----=_01_]  VLAN ID 101  [_02_=----=               eth5 ||     : : | | : : |      :| ..:..:..:..:..:.. |  :     |
 |     |  |___________________||      : | | : : | |     || A0:36:9F:02:E0:05 ||  | |____________________[_24_=-\  || A0:36:9F:07:D6:2F ||     : : | | : : |      :|___________________|  :     |
 |     |   ____                |      : | | : : | |     ||___________________||  |                             |  ||___________________||     : : | | : : |      :                ____   :     |
 |  /--=--[_c:_]               |      : | | : : | |     |_____________________|  \-----------------------------/  |_____________________|     : : | | : : |      :               [_c:_]--=--\  |
 |  |  |_______________________|      : | | : : | |      _____________________|                                   |_____________________      : : | | : : |      :.......................:  |  |
 |  |                                 : | | : : | |     | bond1               |     _________________________     |               bond1 |     : : | | : : |                                 |  |
 |  |     .........................   : | | : : | |     | 10.10.50.1          |    | an-s01         Switch 1 |    |          10.10.50.2 |     : : | | : : |    _______________________      |  |
 |  |     : [ vm02-win2012 ]      :   : | | : : | |     | ____________________|    |____     Storage     ____|    |____________________ |     : : | | : : |   |      [ vm02-win2012 ] |     |  |
 |  |     :   ____________________:   : | | : : | |     || eth1               =----=_09_]    Network    [_10_=----=               eth1 ||     : : | | : : |   |____________________   |     |  |
 |  |     :  | NIC 1              =---: | | : : | |     || 00:19:99:9C:9B:9F ||    |_________________________|    || 00:19:99:9C:A0:6D ||     : : | | : : \---=              NIC 1 |  |     |  |
 |  |     :  | 10.255.1.2        |:     | | : : | |     ||___________________||    | an-s02         Switch 2 |    ||___________________||     : : | | : :     ||        10.255.1.2 |  |     |  |
 |  |     :  | ..:..:..:..:..:.. |:     | | : : | |     | ____________________|    |____                 ____|    |____________________ |     : : | | : :     || ..:..:..:..:..:.. |  |     |  |
 |  |     :  |___________________|:     | | : : | |     || eth4               =----=_09_]  VLAN ID 100  [_10_=----=               eth4 ||     : : | | : :     ||___________________|  |     |  |
 |  |     :   ____                :     | | : : | |     || A0:36:9F:02:E0:04 ||    |_________________________|    || A0:36:9F:07:D6:2E ||     : : | | : :     |                ____   |     |  |
 |  |  /--=--[_c:_]               :     | | : : | |     ||___________________||                                   ||___________________||     : : | | : :     |               [_c:_]--=--\  |  |
 |  |  |  :.......................:     | | : : | |  /--|_____________________|                                   |_____________________|--\  : : | | : :     |_______________________|  |  |  |
 |  |  |                                | | : : | |  |   _____________________|                                   |_____________________   |  : : | | : :                                |  |  |
 |  |  |   _______________________      | | : : | |  |  | bond0               |     _________________________     |               bond0 |  |  : : | | : :     .........................  |  |  |
 |  |  |  | [ vm03-win7 ]         |     | | : : | |  |  | 10.20.50.1          |    | an-s01         Switch 1 |    |          10.20.50.2 |  |  : : | | : :     :      [ vm02-win2012 ] :  |  |  |
 |  |  |  |   ____________________|     | | : : | |  |  | ____________________|    |____  Back-Channel   ____|    |____________________ |  |  : : | | : :     :____________________   :  |  |  |
 |  |  |  |  | NIC 1              =-----/ | : : | |  |  || eth0               =----=_13_]    Network    [_14_=----=               eth0 ||  |  : : | | : :-----=              NIC 1 |  :  |  |  |
 |  |  |  |  | 10.255.1.3        ||       | : : | |  |  || 00:19:99:9C:9B:9E ||    |_________________________|    || 00:19:99:9C:A0:6C ||  |  : : | | :       :|        10.255.1.3 |  :  |  |  |
 |  |  |  |  | ..:..:..:..:..:.. ||       | : : | |  |  ||___________________||    | an-s02         Switch 2 |    ||___________________||  |  : : | | :       :| ..:..:..:..:..:.. |  :  |  |  |
 |  |  |  |  |___________________||       | : : | |  |  || eth3               =----=_13_]   VLAN ID 1   [_14_=----=               eth3 ||  |  : : | | :       :|___________________|  :  |  |  |
 |  |  |  |   ____                |       | : : | |  |  || 00:1B:21:81:C3:35 ||    |_________________________|    || 00:1B:21:81:C2:EB ||  |  : : | | :       :                ____   :  |  |  |
 |  +--|-=--[_c:_]                |       | : : | |  |  ||___________________||                                   ||___________________||  |  : : | | :       :               [_c:_]--=--|--+  |
 |  |  |  |_______________________|       | : : | |  |  |_____________________|                                   |_____________________|  |  : : | | :       :.......................:  |  |  |
 |  |  |                                  | : : | |  |                        |                                   |                        |  : : | | :                                  |  |  |
 |  |  |   _______________________        | : : | |  |                        |                                   |                        |  : : | | :       .........................  |  |  |
 |  |  |  | [ vm04-win8 ]         |       | : : | |  \                        |                                   |                       /   : : | | :       :         [ vm04-win8 ] :  |  |  |
 |  |  |  |   ____________________|       | : : | |   \                       |                                   |                      /    : : | | :       :____________________   :  |  |  |
 |  |  |  |  | NIC 1              =-------/ : : | |    |                      |                                   |                      |    : : | | :-------=              NIC 1 |  :  |  |  |
 |  |  |  |  | 10.255.1.4        ||         : : | |    |                      |                                   |                      |    : : | |         :|        10.255.1.4 |  :  |  |  |
 |  |  |  |  | ..:..:..:..:..:.. ||         : : | |    |                      |                                   |                      |    : : | |         :| ..:..:..:..:..:.. |  :  |  |  |
 |  |  |  |  |___________________||         : : | |    |                      |                                   |                      |    : : | |         :|___________________|  :  |  |  |
 |  |  |  |   ____                |         : : | |    |                      |                                   |                      |    : : | |         :                ____   :  |  |  |
 |  +--|-=--[_c:_]                |         : : | |    |                      |                                   |                      |    : : | |         :               [_c:_]--=--|--+  |
 |  |  |  |_______________________|         : : | |    |                      |                                   |                      |    : : | |         :.......................:  |  |  |
 |  |  |                                    : : | |    |                      |                                   |                      |    : : | |                                    |  |  |
 |  |  |  .........................         : : | |    |                      |                                   |                      |    : : | |          _______________________   |  |  |
 |  |  |  : [ vm05-freebsd9 ]     :         : : | |    |                      |                                   |                      |    : : | |         |     [ vm05-freebsd9 ] |  |  |  |
 |  |  |  :   ____________________:         : : | |    |                      |                                   |                      |    : : | |         |____________________   |  |  |  |
 |  |  |  :  | em0                =---------: : | |    |                      |                                   |                      |    : : | \---------=                em0 |  |  |  |  |
 |  |  |  :  | 10.255.1.5        |:           : | |    |                      |                                   |                      |    : : |           ||        10.255.1.5 |  |  |  |  |
 |  |  |  :  | ..:..:..:..:..:.. |:           : | |    |                      |                                   |                      |    : : |           || ..:..:..:..:..:.. |  |  |  |  |
 |  |  |  :  |___________________|:           : | |    |                      |                                   |                      |    : : |           ||___________________|  |  |  |  |
 |  |  |  :   ______              :           : | |    |                      |                                   |                      |    : : |           |              ______   |  |  |  |
 |  |  +--=--[_ada0_]             :           : | |    |                      |                                   |                      |    : : |           |             [_ada0_]--=--+  |  |
 |  |  |  :.......................:           : | |    |                      |                                   |                      |    : : |           |_______________________|  |  |  |
 |  |  |                                      : | |    |                      |                                   |                      |    : : |                                      |  |  |
 |  |  |  .........................           : | |    |                      |                                   |                      |    : : |            _______________________   |  |  |
 |  |  |  : [ vm06-solaris11 ]    :           : | |    |                      |                                   |                      |    : : |           |    [ vm06-solaris11 ] |  |  |  |
 |  |  |  :   ____________________:           : | |    |                      |                                   |                      |    : : |           |____________________   |  |  |  |
 |  |  |  :  | net0               =-----------: | |    |                      |                                   |                      |    : : \-----------=               net0 |  |  |  |  |
 |  |  |  :  | 10.255.1.6        |:             | |    |                      |                                   |                      |    : :             ||        10.255.1.6 |  |  |  |  |
 |  |  |  :  | ..:..:..:..:..:.. |:             | |    |                      |                                   |                      |    : :             || ..:..:..:..:..:.. |  |  |  |  |
 |  |  |  :  |___________________|:             | |    |                      |                                   |                      |    : :             ||___________________|  |  |  |  |
 |  |  |  :   ______              :             | |    |                      |                                   |                      |    : :             |              ______   |  |  |  |
 |  |  +--=--[_c3d0_]             :             | |    |                      |                                   |                      |    : :             |             [_c3d0_]--=--+  |  |
 |  |  |  :.......................:             | |    |                      |                                   |                      |    : :             |_______________________|  |  |  |
 |  |  |                                        | |    |                      |                                   |                      |    : :                                        |  |  |
 |  |  |   _______________________              | |    |                      |                                   |                      |    : :             .........................  |  |  |
 |  |  |  | [ vm07-rhel6 ]        |             | |    |                      |                                   |                      |    : :             :        [ vm07-rhel6 ] :  |  |  |
 |  |  |  |   ____________________|             | |    |                      |                                   |                      |    : :             :____________________   :  |  |  |
 |  |  |  |  | eth0               =-------------/ |    |                      |                                   |                      |    : :-------------=               eth0 |  :  |  |  |
 |  |  |  |  | 10.255.1.7        ||               |    |                      |                                   |                      |    :               :|        10.255.1.7 |  :  |  |  |
 |  |  |  |  | ..:..:..:..:..:.. ||               |    |                      |                                   |                      |    :               :| ..:..:..:..:..:.. |  :  |  |  |
 |  |  |  |  |___________________||               |    |                      |                                   |                      |    :               :|___________________|  :  |  |  |
 |  |  |  |   _____               |               |    |                      |                                   |                      |    :               :               _____   :  |  |  |
 |  +--|--=--[_vda_]              |               |    |                      |                                   |                      |    :               :              [_vda_]--=--|--+  |
 |  |  |  |_______________________|               |    |                      |                                   |                      |    :               :.......................:  |  |  |
 |  |  |                                          |    |                      |                                   |                      |    :                                          |  |  |
 |  |  |   _______________________                |    |                      |                                   |                      |    :               .........................  |  |  |
 |  |  |  | [ vm08-sles11 ]       |               |    |                      |                                   |                      |    :               :       [ vm08-sles11 ] :  |  |  |
 |  |  |  |   ____________________|               |    |                      |                                   |                      |    :               :____________________   :  |  |  |
 |  |  |  |  | eth0               =---------------/    |                      |                                   |                      |    :---------------=               eth0 |  :  |  |  |
 |  |  |  |  | 10.255.1.8        ||                    |                      |                                   |                      |                    :|        10.255.1.8 |  :  |  |  |
 |  |  |  |  | ..:..:..:..:..:.. ||                    |                      |                                   |                      |                    :| ..:..:..:..:..:.. |  :  |  |  |
 |  |  |  |  |___________________||                    |                      |                                   |                      |                    :|___________________|  :  |  |  |
 |  |  |  |   _____               |                    |                      |                                   |                      |                    :               _____   :  |  |  |
 |  +--|--=--[_vda_]              |                    |                      |                                   |                      |                    :              [_vda_]--=--|--+  |
 |  |  |  |_______________________|                    |                      |                                   |                      |                    :.......................:  |  |  |
 |  |  |                                               |                      |                                   |                      |                                               |  |  |
 |  |  |                                               |                      |                                   |                      |                                               |  |  |
 |  |  |                                               |                      |                                   |                      |                                               |  |  |
 |  |  |    Storage:                                   |                      |                                   |                      |                                   Storage:    |  |  |
 |  |  |    __________                                 |                      |                                   |                      |                                 __________    |  |  |
 |  |  |   [_/dev/sda_]                                |                      |                                   |                      |                                [_/dev/sda_]   |  |  |
 |  |  |     |   ___________    _______                |                      |                                   |                      |                _______    ___________   |     |  |  |
 |  |  |     +--[_/dev/sda1_]--[_/boot_]               |                      |                                   |                      |               [_/boot_]--[_/dev/sda1_]--+     |  |  |
 |  |  |     |   ___________    ________               |                      |                                   |                      |               ________    ___________   |     |  |  |
 |  |  |     +--[_/dev/sda2_]--[_<swap>_]              |                      |                                   |                      |              [_<swap>_]--[_/dev/sda2_]--+     |  |  |
 |  |  |     |   ___________    ___                    |                      |                                   |                      |                    ___    ___________   |     |  |  |
 |  |  |     +--[_/dev/sda3_]--[_/_]                   |                      |                                   |                      |                   [_/_]--[_/dev/sda3_]--+     |  |  |
 |  |  |     |   ___________    ____    ____________   |                      |                                   |                      |   ____________    ____    ___________   |     |  |  |
 |  |  |     +--[_/dev/sda5_]--[_r0_]--[_/dev/drbd0_]--+                      |                                   |                      +--[_/dev/drbd0_]--[_r0_]--[_/dev/sda5_]--+     |  |  |
 |  |  |     |                                    |    |                      |                                   |                      |    |                                    |     |  |  |
 |  |  |     |                                    \----|--\                   |                                   |                   /--|----/                                    |     |  |  |
 |  |  |     |   ___________    ____    ____________   |  |                   |                                   |                   |  |   ____________    ____    ___________   |     |  |  |
 |  |  |     \--[_/dev/sda6_]--[_r1_]--[_/dev/drbd1_]--/  |                   |                                   |                   |  \--[_/dev/drbd1_]--[_r1_]--[_/dev/sda6_]--/     |  |  |
 |  |  |                                          |       |                   |                                   |                   |       |                                          |  |  |
 |  |  |   Clustered LVM:                         |       |                   |                                   |                   |       |                      Clustered LVM:      |  |  |
 |  |  |   _________________________________      |       |                   |                                   |                   |       |   _________________________________      |  |  |
 |  |  +--[_/dev/an-c05n01_vg0/vm02-win2012_]-----+       |                   |                                   |                   |       +--[_/dev/an-c05n01_vg0/vm02-win2012_]-----+  |  |
 |  |  |   __________________________________     |       |                   |                                   |                   |       |   __________________________________     |  |  |
 |  |  +--[_/dev/an-c05n01_vg0/vm05-freebsd9_]----+       |                   |                                   |                   |       +--[_/dev/an-c05n01_vg0/vm05-freebsd9_]----+  |  |
 |  |  |   ___________________________________    |       |                   |                                   |                   |       |   ___________________________________    |  |  |
 |  |  \--[_/dev/an-c05n01_vg0/vm06-solaris11_]---/       |                   |                                   |                   |       \--[_/dev/an-c05n01_vg0/vm06-solaris11_]---/  |  |
 |  |                                                     |                   |                                   |                   |                                                     |  |
 |  |      _________________________________              |                   |                                   |                   |           _________________________________         |  |
 |  +-----[_/dev/an-c05n02_vg0/vm01-win2008_]-------------+                   |                                   |                   +----------[_/dev/an-c05n02_vg0/vm01-win2008_]--------+  |
 |  |      ______________________________                 |                   |                                   |                   |           ______________________________            |  |
 |  +-----[_/dev/an-c05n02_vg0/vm03-win7_]----------------+                   |                                   |                   +----------[_/dev/an-c05n02_vg0/vm03-win7_]-----------+  |
 |  |      ______________________________                 |                   |                                   |                   |           ______________________________            |  |
 |  +-----[_/dev/an-c05n02_vg0/vm04-win8_]----------------+                   |                                   |                   +----------[_/dev/an-c05n02_vg0/vm04-win8_]-----------+  |
 |  |      _______________________________                |                   |                                   |                   |           _______________________________           |  |
 |  +-----[_/dev/an-c05n02_vg0/vm07-rhel6_]---------------+                   |                                   |                   +----------[_/dev/an-c05n02_vg0/vm07-rhel6_]----------+  |
 |  |      ________________________________               |                   |                                   |                   |           ________________________________          |  |
 |  \-----[_/dev/an-c05n02_vg0/vm08-sles11_]--------------+                   |                                   |                   +----------[_/dev/an-c05n02_vg0/vm08-sles11_]---------/  |
 |         ___________________________                    |                   |                                   |                   |           ___________________________                  |
 |     /--[_/dev/an-c05n01_vg0/shared_]-------------------/                   |                                   |                   \----------[_/dev/an-c05n01_vg0/shared_]--\              |
 |     |   _________                                                          |     _________________________     |                                                  ________   |              |
 |     \--[_/shared_]                                                         |    | an-s01         Switch 1 |    |                                                 [_shared_]--/              |
 |                                                        ____________________|    |____  Back-Channel   ____|    |____________________                                                        |
 |                                                       | IPMI               =----=_03_]    Network    [_04_=----=               IPMI |                                                       |
 |                                                       | 10.20.51.1        ||    |_________________________|    ||        10.20.51.2 |                                                       |
 |                                  _________    _____   | 00:19:99:9C:9B:9E ||    | an-s02         Switch 2 |    || 00:19:99:9A:D8:E8 |   _____    _________                                  |
 |                                 {_sensors_}--[_BMC_]--|___________________||    |                         |    ||___________________|--[_BMC_]--{_sensors_}                                 |
 |                                                             ______ ______  |    |       VLAN ID 101       |    |  ______ ______                                                             |
 |                                                            | PSU1 | PSU2 | |    |____   ____   ____   ____|    | | PSU1 | PSU2 |                                                            |
 |____________________________________________________________|______|______|_|    |_03_]_[_07_]_[_08_]_[_04_|    |_|______|______|____________________________________________________________|
                                                                   || ||             |      |      |       |             || ||                                                                  
                                       /---------------------------||-||-------------|------/      \-------|-------------||-||---------------------------\                                      
                                       |                           || ||             |                     |             || ||                           |                                      
                        _______________|___                        || ||   __________|________     ________|__________   || ||                        ___|_______________                       
                       |             UPS 1 |                       || ||  |             PDU 1 |   |             PDU 2 |  || ||                       |             UPS 2 |                      
                       | an-u01            |                       || ||  | an-p01            |   | an-p02            |  || ||                       | an-u02            |                      
             _______   | 10.20.3.1         |                       || ||  | 10.20.2.1         |   | 10.20.2.2         |  || ||                       | 10.20.3.1         |   _______            
            {_Mains_}==| 00:C0:B7:58:3A:5A |=======================||=||==| 00:C0:B7:56:2D:AC |   | 00:C0:B7:59:55:7C |==||=||=======================| 00:C0:B7:C8:1C:B4 |=={_Mains_}           
                       |___________________|                       || ||  |___________________|   |___________________|  || ||                       |___________________|                      
                                                                   || ||                 || ||     || ||                 || ||                                                                  
                                                                   || \\===[ Port 1 ]====// ||     || \\====[ Port 2 ]===// ||                                                                  
                                                                   \\======[ Port 1 ]=======||=====//                       ||                                                                  
                                                                                            \\==============[ Port 2 ]======//

Subnets
The cluster will use three separate /16 (255.255.0.0) networks;
|  | Note: There are situations where it is not possible to add additional network cards, blades being a prime example. In these cases it will be up to the admin to decide how to proceed. If there is sufficient bandwidth, you can merge all networks, but it is advised in such cases to isolate IFN traffic from the SN/BCN traffic using VLANs. | 
If you plan to have two or more Anvil! platforms on the same network, then it is recommended that you use the third octal of the IP addresses to identify the cluster. We've found the following works well;
- Third octal is the cluster ID times 10
- Fourth octal is the node ID.
In our case, we're building our fifth cluster, so node #1 will always have the final part of it's IP be x.y.50.1 and node #2 will always have the final part of it's IP be x.y.50.2.
| Purpose | Subnet | Notes | 
|---|---|---|
| Internet-Facing Network (IFN) | 10.255.50.0/16 | 
 | 
| Storage Network (SN) | 10.10.50.x/16 | 
 | 
| Back-Channel Network (BCN) | 10.20.50.0/16 | 
 | 
We will be using six interfaces, bonded into three pairs of two NICs in Active/Passive (mode=1) configuration. Each link of each bond will be on alternate switches. We will also configure affinity by specifying interfaces eth0, eth1 and eth2 as primary for the bond0, bond1 and bond2 interfaces, respectively. This way, when everything is working fine, all traffic is routed through the same switch for maximum performance.
|  | Note: Red Hat supports bonding modes 0 and 2 as of RHEL 6.4. We do not recommend these bonding modes as we've found the most reliable and consistent ability to survive switch failure and recovery with mode 1 only. If you wish to use a different bonding more, please be sure to test various failure modes extensively! | 
If you can not install six interfaces in your server, then four interfaces will do with the SN and BCN networks merged.
|  | Warning: If you wish to merge the SN and BCN onto one interface, test to ensure that the storage traffic will not block cluster communication. Test by forming your cluster and then pushing your storage to maximum read and write performance for an extended period of time (minimum of several seconds). If the cluster partitions, you will need to do some advanced quality-of-service or other network configuration to ensure reliable delivery of cluster network traffic. | 
In this tutorial, we will use two D-Link DGS-3120-24TC/SI, stacked, using three VLANs to isolate the three networks.
- BCN will have VLAN ID of 1, which is the default VLAN.
- SN will have VLAN ID number 100.
- IFN will have VLAN ID number 101.
|  | Note: Switch configuration details. | 
The actual mapping of interfaces to bonds to networks will be:
| Subnet | Cable Colour | VLAN ID | Link 1 | Link 2 | Bond | IP | 
|---|---|---|---|---|---|---|
| BCN | White | 1 | eth0 | eth3 | bond0 | 10.20.x.y/16 | 
| SN | Green | 100 | eth1 | eth4 | bond1 | 10.10.x.y/16 | 
| IFN | Black | 101 | eth2 | eth5 | bond2 | 10.255.x.y/16 | 
Setting Up the Network
|  | Warning: The following steps can easily get confusing, given how many files we need to edit. Losing access to your server's network is a very real possibility! Do not continue without direct access to your servers! If you have out-of-band access via iKVM, console redirection or similar, be sure to test that it is working before proceeding. | 
Planning The Use of Physical Interfaces
In production clusters, I generally intentionally get three separate dual-port controllers (two on-board interfaces plus two separate dual-port PCIe cards). I then ensure that no bond uses two interfaces on the same physical board. Thus, should a card or its bus interface fail, none of the bonds will fail completely.
Lets take a look at an example layout;
 ____________________                            
| [ an-c05n01 ]      |                           
|         ___________|            _______              
|        |     ______|           | bond0 |             
|        | O  | eth0 =-----------=---.---=------{
|        | n  |_____||  /--------=--/    |             
|        | b         |  |        |_______|             
|        | o   ______|  |         _______        
|        | a  | eth1 =--|--\     | bond1 |      
|        | r  |_____||  |   \----=--.----=------{
|        | d         |  |  /-----=--/    |       
|        |___________|  |  |     |_______|       
|         ___________|  |  |      _______        
|        |     ______|  |  |     | bond2 |       
|        | P  | eth2 =--|--|-----=---.---=------{
|        | C  |_____||  |  |  /--=--/    |       
|        | I         |  |  |  |  |_______|       
|        | e   ______|  |  |  |                  
|        |    | eth3 =--/  |  |                  
|        | 1  |_____||     |  |                  
|        |___________|     |  |                  
|         ___________|     |  |                  
|        |     ______|     |  |                  
|        | P  | eth4 =-----/  |                  
|        | C  |_____||        |                  
|        | I         |        |                  
|        | e   ______|        |                  
|        |    | eth5 =--------/                  
|        | 2  |_____||                           
|        |___________|                           
|____________________|
Consider the possible failure scenarios;
- The on-board controllers fail;
- bond0 falls back onto eth3 on the PCIe 1 controller.
- bond1 falls back onto eth4 on the PCIe 2 controller.
- bond2 is unaffected.
 
- The PCIe #1 controller fails
- bond0 remains on eth0 interface but losses its redundancy as eth3 is down.
- bond1 is unaffected.
- bond2 falls back onto eth5 on the PCIe 2 controller.
 
- The PCIe #2 controller fails
- bond0 is unaffected.
- bond1 remains on eth1 interface but losses its redundancy as eth4 is down.
- bond2 remains on eth2 interface but losses its redundancy as eth5 is down.
 
In all three failure scenarios, no network interruption occurs making for the most robust configuration possible.
Connecting Fence Devices
As we will see soon, each node can be fenced either by calling its IPMI interface or by calling the PDU and cutting the node's power. Each of these methods are inherently single points of failure as each has only one network connection. To work around this concern, we will connect all IPMI interfaces to one switch and the PDUs to the secondary switch. This way, should a switch fail, only one of the two fence devices will fail and fencing in general will still be possible via the alternate fence device.
By convention, we always connect the IPMI interfaces to the primary switch and the PDUs to the second switch.
Let's Build!
We're going to need to install a bunch of programs, and one of those programs is needed before we can reconfigure the network. The bridge-utils has to be installed right away, so now is a good time to just install everything we need.
Red Hat Enterprise Linux Specific Steps
Red Hat's Enterprise Linux is a commercial operating system that includes access to their repositories. This requires purchasing entitlements and then registering machines with their Red Hat Network.
This tutorial uses GFS2, which is provided by their Resilient Storage Add-On. The includes the High-Availability Add-On which provides the rest of the HA cluster stack.
Once you've finished your install, you can quickly register your node with RHN and add the resilient storage add-on with the following two commands.
|  | Note: You need to replace $user and $pass with your RHN account details. You also need to replace $hostname with your node's fully qualified domain name. | 
rhnreg_ks --username "$user" --password "$pass" --force --profilename "$hostname"
rhn-channel --add --user "$user" --password "$pass" --channel=rhel-x86_64-server-rs-6
If you get any errors from the above commands, please contact your support representative. They will be able to help sort out any account or entitlement issues.
Update The OS
Before we begin at all, let's update our OS.
yum update
<lots of yum output>
Installing Required Programs
This will install all the software needed to run the Anvil! and configure IPMI for use as a fence device. This won't cover DRBD or apcupsd which will be covered in dedicated sections below.
yum install cman corosync rgmanager ricci gfs2-utils ntp libvirt lvm2-cluster qemu-kvm qemu-kvm-tools virt-install virt-viewer syslinux wget gpm rsync \
            freeipmi freeipmi-bmc-watchdog freeipmi-ipmidetectd OpenIPMI OpenIPMI-libs OpenIPMI-perl OpenIPMI-tools fence-agents syslinux vim man ccs \
            bridge-utils openssh-clients perl rsync screen dmidecode acpid mlocate
# Optional for SELinux support
yum install policycoreutils-python
<lots of yum output>
Before we go any further, we'll want to destroy the default libvirtd bridge. We're going to be creating our own bridge that gives our servers direct access to the outside network.
cat /dev/null >/etc/libvirt/qemu/networks/default.xml
If you already see virbr0 when you run ifconfig, the the libvirtd bridge has already started. You can stop and disable it with the following commands;
virsh net-destroy default
virsh net-autostart default --disable
virsh net-undefine default
/etc/init.d/iptables stop
Now virbr0 should be gone now and it won't return.
Installing Programs Needed For Monitoring
The alert system will be using is written in perl. Some modules need to be installed from source, which requires the develop environment group and some development libraries to be installed. If you prefer to monitor your nodes another way, then you can skip this section.
yum groupinstall development
<lots of yum output>
yum install perl-CPAN perl-YAML-Tiny perl-Net-SSLeay perl-CGI openssl-devel
<some more yum output>
The next stage installs the perl modules. Specifically, it tells perl to not prompt for input and just do the install. This saves a lot of questions and answers. If you need to do a non-standard CPAN install, skip the first line and you will run interactively.
export PERL_MM_USE_DEFAULT=1
perl -MCPAN -e 'install("YAML")'
perl -MCPAN -e 'install Moose::Role'
perl -MCPAN -e 'install Throwable::Error'
perl -MCPAN -e 'install Email::Sender::Transport::SMTP::TLS'
<a massive amount of CPAN output, test and build messages... go grab a coffee>
Done!
We'll setup the alert system a little later on. Now though, all the dependencies will have been met.
Switch Network Daemons
The new NetworkManager daemon is much more flexible and is perfect for machines like laptops which move around networks a lot. However, it does this by making a lot of decisions for you and changing the network as it sees fit. As good as this is for laptops and the like, it's not appropriate for servers. We will want to use the traditional network service.
yum remove NetworkManager
Now enable network to start with the system.
chkconfig network on
chkconfig --list network
network        	0:off	1:off	2:on	3:on	4:on	5:on	6:off
Altering Which Daemons Start On Boot
Several of the applications we installed above include daemons that either start on boot or stay off on boot. Likewise, some daemons remain stopped after they're installed, and we want to start them now.
As we work on each component, we'll discuss in more detail why we want each to either start or stop on boot. For now, let's just make the changes.
We'll use the chkconfig command to make sure the daemons we want to start on boot do so.
chkconfig network on
chkconfig ntpd on
chkconfig ricci on
chkconfig modclusterd on
chkconfig ipmi on
chkconfig iptables on
Next, we'll tell the system what daemons to leave off on boot.
chkconfig acpid off
chkconfig ip6tables off
chkconfig clvmd off
chkconfig gfs2 off
chkconfig libvirtd off
chkconfig cman off
chkconfig rgmanager off
Now start the daemons we've installed and want running.
/etc/init.d/ntpd start
/etc/init.d/ricci start
/etc/init.d/modclusterd start
/etc/init.d/ipmi start
Lastly, stop the daemons we don't want running.
/etc/init.d/libvirtd stop
/etc/init.d/acpid stop
/etc/init.d/iptables stop
/etc/init.d/ip6tables stop
You can verify that the services you want to start will and the ones you don't want to won't using chkconfig.
chkconfig --list
acpid          	0:off	1:off	2:off	3:off	4:off	5:off	6:off
auditd         	0:off	1:off	2:on	3:on	4:on	5:on	6:off
blk-availability	0:off	1:on	2:on	3:on	4:on	5:on	6:off
bmc-watchdog   	0:off	1:off	2:off	3:off	4:off	5:off	6:off
cgconfig       	0:off	1:off	2:on	3:on	4:on	5:on	6:off
cgred          	0:off	1:off	2:off	3:off	4:off	5:off	6:off
clvmd          	0:off	1:off	2:off	3:off	4:off	5:off	6:off
cman           	0:off	1:off	2:off	3:off	4:off	5:off	6:off
corosync       	0:off	1:off	2:off	3:off	4:off	5:off	6:off
cpglockd       	0:off	1:off	2:off	3:off	4:off	5:off	6:off
crond          	0:off	1:off	2:on	3:on	4:on	5:on	6:off
dnsmasq        	0:off	1:off	2:off	3:off	4:off	5:off	6:off
drbd           	0:off	1:off	2:off	3:off	4:off	5:off	6:off
ebtables       	0:off	1:off	2:off	3:off	4:off	5:off	6:off
gfs2           	0:off	1:off	2:off	3:off	4:off	5:off	6:off
gpm            	0:off	1:off	2:on	3:on	4:on	5:on	6:off
haldaemon      	0:off	1:off	2:off	3:on	4:on	5:on	6:off
ip6tables      	0:off	1:off	2:off	3:off	4:off	5:off	6:off
ipmi           	0:off	1:off	2:on	3:on	4:on	5:on	6:off
ipmidetectd    	0:off	1:off	2:off	3:off	4:off	5:off	6:off
ipmievd        	0:off	1:off	2:off	3:off	4:off	5:off	6:off
iptables       	0:off	1:off	2:on	3:on	4:on	5:on	6:off
iscsi          	0:off	1:off	2:off	3:on	4:on	5:on	6:off
iscsid         	0:off	1:off	2:off	3:on	4:on	5:on	6:off
ksm            	0:off	1:off	2:off	3:on	4:on	5:on	6:off
ksmtuned       	0:off	1:off	2:off	3:on	4:on	5:on	6:off
libvirt-guests 	0:off	1:off	2:on	3:on	4:on	5:on	6:off
libvirtd       	0:off	1:off	2:off	3:off	4:off	5:off	6:off
lvm2-monitor   	0:off	1:on	2:on	3:on	4:on	5:on	6:off
messagebus     	0:off	1:off	2:on	3:on	4:on	5:on	6:off
modclusterd    	0:off	1:off	2:on	3:on	4:on	5:on	6:off
netconsole     	0:off	1:off	2:off	3:off	4:off	5:off	6:off
netfs          	0:off	1:off	2:off	3:on	4:on	5:on	6:off
network        	0:off	1:off	2:on	3:on	4:on	5:on	6:off
nfs            	0:off	1:off	2:off	3:off	4:off	5:off	6:off
nfslock        	0:off	1:off	2:off	3:on	4:on	5:on	6:off
ntpd           	0:off	1:off	2:on	3:on	4:on	5:on	6:off
ntpdate        	0:off	1:off	2:off	3:off	4:off	5:off	6:off
numad          	0:off	1:off	2:off	3:off	4:off	5:off	6:off
oddjobd        	0:off	1:off	2:off	3:off	4:off	5:off	6:off
postfix        	0:off	1:off	2:on	3:on	4:on	5:on	6:off
quota_nld      	0:off	1:off	2:off	3:off	4:off	5:off	6:off
radvd          	0:off	1:off	2:off	3:off	4:off	5:off	6:off
rdisc          	0:off	1:off	2:off	3:off	4:off	5:off	6:off
restorecond    	0:off	1:off	2:off	3:off	4:off	5:off	6:off
rgmanager      	0:off	1:off	2:off	3:off	4:off	5:off	6:off
rhnsd          	0:off	1:off	2:on	3:on	4:on	5:on	6:off
rhsmcertd      	0:off	1:off	2:off	3:on	4:on	5:on	6:off
ricci          	0:off	1:off	2:on	3:on	4:on	5:on	6:off
rpcbind        	0:off	1:off	2:on	3:on	4:on	5:on	6:off
rpcgssd        	0:off	1:off	2:off	3:on	4:on	5:on	6:off
rpcidmapd      	0:off	1:off	2:off	3:on	4:on	5:on	6:off
rpcsvcgssd     	0:off	1:off	2:off	3:off	4:off	5:off	6:off
rsyslog        	0:off	1:off	2:on	3:on	4:on	5:on	6:off
saslauthd      	0:off	1:off	2:off	3:off	4:off	5:off	6:off
sshd           	0:off	1:off	2:on	3:on	4:on	5:on	6:off
svnserve       	0:off	1:off	2:off	3:off	4:off	5:off	6:off
udev-post      	0:off	1:on	2:on	3:on	4:on	5:on	6:off
winbind        	0:off	1:off	2:off	3:off	4:off	5:off	6:off
If you did a minimal OS install, or any install without a graphical interface, you will be booting into run-level 3. If you did install a graphical interface, which is not wise, then your default run-level will either be 3 or 5. You can determine which by looking in /etc/inittab.
Once you know the run-level you're using, look for the daemon you are interested in and the see if it's set to x:on or x:off. That will confirm that the associated daemon is set to start on boot or not, respectively.
Network Security; Configure iptables
The interfaces connected to the IFN are usually connected to an untrusted network, like the Internet. If you do not need access to the IFN from the nodes themselves, you can increase security by not assigning an IP address to the vbr2 interface which we will configure shortly. The vbr2 bridge device will need to be up so that virtual machines can route through it to the outside world, of course.
If you do decide to assign an IP to the nodes' vbr2, you will want to restrict inbound access as much as possible. A good policy is to DROP all traffic inbound from the hosted servers, unless you trust them specifically.
We're going to open ports for both Red Hat's high-availability add-on components and LinBit's DRBD software. You can find details here:
Specifically, we'll be ACCEPTing the ports listed below on both nodes.
| Component | Protocol | Port | Note | 
|---|---|---|---|
| dlm | TCP | 21064 | |
| drbd | TCP | 7788+ | Each DRBD resource will use an additional port, generally counting up (ie: r0 will use 7788, r1 will use 7789, r2 will use 7790 and so on). | 
| luci | TCP | 8084 | Optional web-based configuration tool, not used in this tutorial but documented for reference. | 
| modclusterd | TCP | 16851 | |
| ricci | TCP | 11111 | Each DRBD resource will use an additional port, generally counting up (ie: r1 will use 7790, r2 will use 7791 and so on). | 
| totem | UDP/multicast | 5404, 5405 | Uses a multicast group for cluster communications | 
By default, both iptables and ip6tables are set to start on boot. We don't care about ip6tables because we're not using IPv6 in this tutorial. So we'll disable it from starting on boot.
| an-c05n01 | chkconfig ip6tables off
chkconfig --list ip6tables
ip6tables      	0:off	1:off	2:off	3:off	4:off	5:off	6:off
 | 
|---|---|
| an-c05n02 | chkconfig ip6tables off
chkconfig --list ip6tables
ip6tables      	0:off	1:off	2:off	3:off	4:off	5:off	6:off
 | 
Configuring iptables
|  | Note: Configuring iptables is an entire topic on it's own. There are many good tutorials on the Internet discussing it, including an older introduction to iptasbles tutorial hosted here. If you are unfamiliar with iptables, it is well worth taking a break from this tutorial and getting familiar with it, in concept if nothing else. | 
The first thing we want to do is see what the current firewall policy is. We can do this with iptables-save, a tool designed to backup iptables but also very useful for seeing what configuration is currently in memory.
| an-c05n01 | iptables-save
# Generated by iptables-save v1.4.7 on Wed Nov 13 15:49:17 2013
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [440:262242]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -p icmp -j ACCEPT 
-A INPUT -i lo -j ACCEPT 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT 
-A INPUT -j REJECT --reject-with icmp-host-prohibited 
-A FORWARD -j REJECT --reject-with icmp-host-prohibited 
COMMIT
# Completed on Wed Nov 13 15:49:17 2013
 | 
|---|---|
| an-c05n02 | iptables-save
# Generated by iptables-save v1.4.7 on Wed Nov 13 15:49:51 2013
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [336:129880]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -p icmp -j ACCEPT 
-A INPUT -i lo -j ACCEPT 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT 
-A INPUT -j REJECT --reject-with icmp-host-prohibited 
-A FORWARD -j REJECT --reject-with icmp-host-prohibited 
COMMIT
# Completed on Wed Nov 13 15:49:51 2013
 | 
|  | Note: This tutorial will create two DRBD resources. Each resource will use a different TCP port. By convention, they start at port 7788 and increment up per resource. So we will be opening ports 7788 and 7789. | 
Open ports;
| an-c05n01 | # cman (corosync's totem)
iptables -I INPUT -m state --state NEW -m multiport -p udp -s 10.20.0.0/16 -d 10.20.0.0/16 --dports 5404,5405 -j ACCEPT
iptables -I INPUT -m addrtype --dst-type MULTICAST -m state --state NEW -m multiport -p udp -s 10.20.0.0/16 --dports 5404,5405 -j ACCEPT
# dlm
iptables -I INPUT -m state --state NEW -p tcp -s 10.20.0.0/16 -d 10.20.0.0/16 --dport 21064 -j ACCEPT 
# ricci
iptables -I INPUT -m state --state NEW -p tcp -s 10.20.0.0/16 -d 10.20.0.0/16 --dport 11111 -j ACCEPT
# modclusterd
iptables -I INPUT -m state --state NEW -p tcp -s 10.20.0.0/16 -d 10.20.0.0/16 --dport 16851 -j ACCEPT
# multicast (igmp; Internet group management protocol)
iptables -I INPUT -p igmp -j ACCEPT
# DRBD resource 0 and 1 - on the SN
iptables -I INPUT -m state --state NEW -p tcp -s 10.10.0.0/16 -d 10.10.0.0/16 --dport 7788 -j ACCEPT
iptables -I INPUT -m state --state NEW -p tcp -s 10.10.0.0/16 -d 10.10.0.0/16 --dport 7789 -j ACCEPT
# See the new configuration
iptables-save
# Generated by iptables-save v1.4.7 on Wed Nov 13 17:43:52 2013
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [55:18888]
-A INPUT -s 10.10.0.0/16 -d 10.10.0.0/16 -p tcp -m state --state NEW -m tcp --dport 7789 -j ACCEPT 
-A INPUT -s 10.10.0.0/16 -d 10.10.0.0/16 -p tcp -m state --state NEW -m tcp --dport 7788 -j ACCEPT 
-A INPUT -p igmp -j ACCEPT 
-A INPUT -s 10.20.0.0/16 -d 10.20.0.0/16 -p tcp -m state --state NEW -m tcp --dport 16851 -j ACCEPT 
-A INPUT -s 10.20.0.0/16 -d 10.20.0.0/16 -p tcp -m state --state NEW -m tcp --dport 11111 -j ACCEPT 
-A INPUT -s 10.20.0.0/16 -d 10.20.0.0/16 -p tcp -m state --state NEW -m tcp --dport 21064 -j ACCEPT 
-A INPUT -s 10.20.0.0/16 -p udp -m addrtype --dst-type MULTICAST -m state --state NEW -m multiport --dports 5404,5405 -j ACCEPT 
-A INPUT -s 10.20.0.0/16 -d 10.20.0.0/16 -p udp -m state --state NEW -m multiport --dports 5404,5405 -j ACCEPT 
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -p icmp -j ACCEPT 
-A INPUT -i lo -j ACCEPT 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT 
-A INPUT -j REJECT --reject-with icmp-host-prohibited 
-A FORWARD -j REJECT --reject-with icmp-host-prohibited 
COMMIT
# Completed on Wed Nov 13 17:43:52 2013
 | 
|---|---|
| an-c05n02 | # cman (corosync's totem)
iptables -I INPUT -m state --state NEW -m multiport -p udp -s 10.20.0.0/16 -d 10.20.0.0/16 --dports 5404,5405 -j ACCEPT
iptables -I INPUT -m addrtype --dst-type MULTICAST -m state --state NEW -m multiport -p udp -s 10.20.0.0/16 --dports 5404,5405 -j ACCEPT
# dlm
iptables -I INPUT -m state --state NEW -p tcp -s 10.20.0.0/16 -d 10.20.0.0/16 --dport 21064 -j ACCEPT 
# ricci
iptables -I INPUT -m state --state NEW -p tcp -s 10.20.0.0/16 -d 10.20.0.0/16 --dport 11111 -j ACCEPT
# modclusterd
iptables -I INPUT -m state --state NEW -p tcp -s 10.20.0.0/16 -d 10.20.0.0/16 --dport 16851 -j ACCEPT
# multicast (igmp; Internet group management protocol)
iptables -I INPUT -p igmp -j ACCEPT
# DRBD resource 0 and 1 - on the SN
iptables -I INPUT -m state --state NEW -p tcp -s 10.10.0.0/16 -d 10.10.0.0/16 --dport 7788 -j ACCEPT
iptables -I INPUT -m state --state NEW -p tcp -s 10.10.0.0/16 -d 10.10.0.0/16 --dport 7789 -j ACCEPT
# See the new configuration
iptables-save
# Generated by iptables-save v1.4.7 on Wed Nov 13 17:45:10 2013
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [75:30420]
-A INPUT -s 10.10.0.0/16 -d 10.10.0.0/16 -p tcp -m state --state NEW -m tcp --dport 7789 -j ACCEPT 
-A INPUT -s 10.10.0.0/16 -d 10.10.0.0/16 -p tcp -m state --state NEW -m tcp --dport 7788 -j ACCEPT 
-A INPUT -p igmp -j ACCEPT 
-A INPUT -s 10.20.0.0/16 -d 10.20.0.0/16 -p tcp -m state --state NEW -m tcp --dport 16851 -j ACCEPT 
-A INPUT -s 10.20.0.0/16 -d 10.20.0.0/16 -p tcp -m state --state NEW -m tcp --dport 11111 -j ACCEPT 
-A INPUT -s 10.20.0.0/16 -d 10.20.0.0/16 -p tcp -m state --state NEW -m tcp --dport 21064 -j ACCEPT 
-A INPUT -s 10.20.0.0/16 -p udp -m addrtype --dst-type MULTICAST -m state --state NEW -m multiport --dports 5404,5405 -j ACCEPT 
-A INPUT -s 10.20.0.0/16 -d 10.20.0.0/16 -p udp -m state --state NEW -m multiport --dports 5404,5405 -j ACCEPT 
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -p icmp -j ACCEPT 
-A INPUT -i lo -j ACCEPT 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT 
-A INPUT -j REJECT --reject-with icmp-host-prohibited 
-A FORWARD -j REJECT --reject-with icmp-host-prohibited 
COMMIT
# Completed on Wed Nov 13 17:45:10 2013
 | 
At this point, the cluster stack should work, but we're not done yet. The changes we made above altered packet filtering in memory, but the configuration has not been saved to disk. This configuration is saved in /etc/sysconfig/iptables. You could pipe the output of iptables-save to it, but the iptables initialization script provides a facility to save the configuration, so we will use it instead.
| an-c05n01 | /etc/init.d/iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[  OK  ]
 | 
|---|---|
| an-c05n02 | /etc/init.d/iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[  OK  ]
 | 
Now we're restart iptables and check that the changes stuck.
| an-c05n01 | /etc/init.d/iptables restart
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Unloading modules:                               [  OK  ]
iptables: Applying firewall rules:                         [  OK  ]
iptables-save
# Generated by iptables-save v1.4.7 on Wed Nov 13 17:58:55 2013
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [7:2036]
-A INPUT -s 10.10.0.0/16 -d 10.10.0.0/16 -p tcp -m state --state NEW -m tcp --dport 7789 -j ACCEPT 
-A INPUT -s 10.10.0.0/16 -d 10.10.0.0/16 -p tcp -m state --state NEW -m tcp --dport 7788 -j ACCEPT 
-A INPUT -p igmp -j ACCEPT 
-A INPUT -s 10.20.0.0/16 -d 10.20.0.0/16 -p tcp -m state --state NEW -m tcp --dport 16851 -j ACCEPT 
-A INPUT -s 10.20.0.0/16 -d 10.20.0.0/16 -p tcp -m state --state NEW -m tcp --dport 11111 -j ACCEPT 
-A INPUT -s 10.20.0.0/16 -d 10.20.0.0/16 -p tcp -m state --state NEW -m tcp --dport 21064 -j ACCEPT 
-A INPUT -s 10.20.0.0/16 -p udp -m addrtype --dst-type MULTICAST -m state --state NEW -m multiport --dports 5404,5405 -j ACCEPT 
-A INPUT -s 10.20.0.0/16 -d 10.20.0.0/16 -p udp -m state --state NEW -m multiport --dports 5404,5405 -j ACCEPT 
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -p icmp -j ACCEPT 
-A INPUT -i lo -j ACCEPT 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT 
-A INPUT -j REJECT --reject-with icmp-host-prohibited 
-A FORWARD -j REJECT --reject-with icmp-host-prohibited 
COMMIT
# Completed on Wed Nov 13 17:58:55 2013
 | 
|---|---|
| an-c05n02 | /etc/init.d/iptables restart
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Unloading modules:                               [  OK  ]
iptables: Applying firewall rules:                         [  OK  ]
iptables-save
# Generated by iptables-save v1.4.7 on Wed Nov 13 17:58:56 2013
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [5:1836]
-A INPUT -s 10.10.0.0/16 -d 10.10.0.0/16 -p tcp -m state --state NEW -m tcp --dport 7789 -j ACCEPT 
-A INPUT -s 10.10.0.0/16 -d 10.10.0.0/16 -p tcp -m state --state NEW -m tcp --dport 7788 -j ACCEPT 
-A INPUT -p igmp -j ACCEPT 
-A INPUT -s 10.20.0.0/16 -d 10.20.0.0/16 -p tcp -m state --state NEW -m tcp --dport 16851 -j ACCEPT 
-A INPUT -s 10.20.0.0/16 -d 10.20.0.0/16 -p tcp -m state --state NEW -m tcp --dport 11111 -j ACCEPT 
-A INPUT -s 10.20.0.0/16 -d 10.20.0.0/16 -p tcp -m state --state NEW -m tcp --dport 21064 -j ACCEPT 
-A INPUT -s 10.20.0.0/16 -p udp -m addrtype --dst-type MULTICAST -m state --state NEW -m multiport --dports 5404,5405 -j ACCEPT 
-A INPUT -s 10.20.0.0/16 -d 10.20.0.0/16 -p udp -m state --state NEW -m multiport --dports 5404,5405 -j ACCEPT 
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -p icmp -j ACCEPT 
-A INPUT -i lo -j ACCEPT 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT 
-A INPUT -j REJECT --reject-with icmp-host-prohibited 
-A FORWARD -j REJECT --reject-with icmp-host-prohibited 
COMMIT
# Completed on Wed Nov 13 17:58:56 2013
 | 
Perfect!
If you want to enable any other kind of access or otherwise modify the firewall on each node, please do so now. This way, as you proceed with building the Anvil!, you'll hit firewall problems as soon as they arise.
Mapping Physical Network Interfaces to ethX Device Names

Consistency is the mother of stability.
When you install RHEL, it somewhat randomly assigns an ethX device to each physical network interfaces. Purely technically speaking, this is fine. So long as you know which interface has which device name, you can setup the node's networking.
However!
Consistently assigning the same device names to physical interfaces makes supporting and maintaining nodes a lot easier!
We've got six physical network interfaces, named eth0 through eth5. As you recall from earlier, we want to make sure that each pair of interfaces for each network spans two physical network cards.
Most servers have at least two on-board network cards labelled "1" and "2". These tend to correspond to lights on the front of the server, so we will start by naming these interfaces eth0 and eth1, respectively. After that, you are largely free to assign names to interfaces however you see fit.
What matters most of all is that, whatever order you choose, it's consistent across your Anvil! nodes.
Before we touch anything, let's make a backup of what we have. This way, we have an easy out in case we "oops" a files.
mkdir -p /root/backups/
rsync -av /etc/sysconfig/network-scripts /root/backups/
sending incremental file list
created directory /root/backups
network-scripts/
network-scripts/ifcfg-eth0
network-scripts/ifcfg-eth1
network-scripts/ifcfg-eth2
network-scripts/ifcfg-eth3
network-scripts/ifcfg-eth4
network-scripts/ifcfg-eth5
network-scripts/ifcfg-lo
network-scripts/ifdown -> ../../../sbin/ifdown
network-scripts/ifdown-bnep
network-scripts/ifdown-eth
network-scripts/ifdown-ippp
network-scripts/ifdown-ipv6
network-scripts/ifdown-isdn -> ifdown-ippp
network-scripts/ifdown-post
network-scripts/ifdown-ppp
network-scripts/ifdown-routes
network-scripts/ifdown-sit
network-scripts/ifdown-tunnel
network-scripts/ifup -> ../../../sbin/ifup
network-scripts/ifup-aliases
network-scripts/ifup-bnep
network-scripts/ifup-eth
network-scripts/ifup-ippp
network-scripts/ifup-ipv6
network-scripts/ifup-isdn -> ifup-ippp
network-scripts/ifup-plip
network-scripts/ifup-plusb
network-scripts/ifup-post
network-scripts/ifup-ppp
network-scripts/ifup-routes
network-scripts/ifup-sit
network-scripts/ifup-tunnel
network-scripts/ifup-wireless
network-scripts/init.ipv6-global
network-scripts/net.hotplug
network-scripts/network-functions
network-scripts/network-functions-ipv6
sent 134870 bytes  received 655 bytes  271050.00 bytes/sec
total size is 132706  speedup is 0.98
Making Sure All Network Interfaces are Started
What we're going to do is watch /var/log/messages, unplug each cable and see which interface shows a lost link. This will tell us what current name is given to a particular physical interface. We'll write the current name down beside the name of the interface we want. Once we've done this to all interfaces, we'll now how we have to move names around.
Before we can pull cables though, we have to tell the system to start all of the interfaces. By default, all but one or two interfaces will be disabled on boot.
Run this to see which interfaces are up;
ifconfig
eth4      Link encap:Ethernet  HWaddr 00:19:99:9C:9B:9E  
          inet addr:10.255.0.33  Bcast:10.255.255.255  Mask:255.255.0.0
          inet6 addr: fe80::219:99ff:fe9c:9b9e/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:303118 errors:0 dropped:0 overruns:0 frame:0
          TX packets:152952 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:344900765 (328.9 MiB)  TX bytes:14424290 (13.7 MiB)
          Memory:ce660000-ce680000 
lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:3540 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3540 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:2652436 (2.5 MiB)  TX bytes:2652436 (2.5 MiB)
In this case, only the interface currently named eth4 was started. We'll need to edit the other interface configuration files to tell them to start when the network starts. To do this, we edit the /etc/sysconfig/network-scripts/ifcfg-ethX files and change ONBOOT variable to ONBOOT="yes".
By default, most interfaces will be set to try and acquire an IP address from a DHCP server, We can see that eth4 already has an IP address, so to save time, we're going to tell the other interfaces to start without an IP address at all. If we didn't do this, restarting network would take a long time waiting for DHCP requests to time out.
|  | Note: We skip ifcfg-eth4 in the next step because it's already up. | 
Now we can use sed to edit the files. This is a lot faster and easier than editing each file by hand.
# Change eth0 to start on boot with no IP address.
sed -i 's/ONBOOT=.*/ONBOOT="yes"/'        /etc/sysconfig/network-scripts/ifcfg-eth0
sed -i 's/BOOTPROTO=.*/BOOTPROTO="none"/' /etc/sysconfig/network-scripts/ifcfg-eth0
# Change eth1 to start on boot with no IP address.
sed -i 's/ONBOOT=.*/ONBOOT="yes"/'        /etc/sysconfig/network-scripts/ifcfg-eth1
sed -i 's/BOOTPROTO=.*/BOOTPROTO="none"/' /etc/sysconfig/network-scripts/ifcfg-eth1
# Change eth2 to start on boot with no IP address.
sed -i 's/ONBOOT=.*/ONBOOT="yes"/'        /etc/sysconfig/network-scripts/ifcfg-eth2
sed -i 's/BOOTPROTO=.*/BOOTPROTO="none"/' /etc/sysconfig/network-scripts/ifcfg-eth2
# Change eth3 to start on boot with no IP address.
sed -i 's/ONBOOT=.*/ONBOOT="yes"/'        /etc/sysconfig/network-scripts/ifcfg-eth3
sed -i 's/BOOTPROTO=.*/BOOTPROTO="none"/' /etc/sysconfig/network-scripts/ifcfg-eth3
# Change eth5 to start on boot with no IP address.
sed -i 's/ONBOOT=.*/ONBOOT="yes"/'        /etc/sysconfig/network-scripts/ifcfg-eth5
sed -i 's/BOOTPROTO=.*/BOOTPROTO="none"/' /etc/sysconfig/network-scripts/ifcfg-eth5
You can see how the file was changed by using diff to compare the backed up version against the edited one. Let's look at ifcfg-eth0 to see this;
diff -U0 /root/backups/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0
--- /root/backups/network-scripts/ifcfg-eth0	2013-10-28 12:30:07.000000000 -0400
+++ /etc/sysconfig/network-scripts/ifcfg-eth0	2013-10-28 17:20:38.978458128 -0400
@@ -2 +2 @@
-BOOTPROTO="dhcp"
+BOOTPROTO="none"
@@ -5 +5 @@
-ONBOOT="no"
+ONBOOT="yes"
Excellent. You can check the other files as well to confirm that they were edited as well, if you wish. Once you are happy with the changes, restart the network initialization script.
|  | Note: You may see [FAILED] while stopping some interfaces, this is not a concern. | 
/etc/init.d/network restart
Shutting down interface eth0:                              [  OK  ]
Shutting down interface eth1:                              [  OK  ]
Shutting down interface eth2:                              [  OK  ]
Shutting down interface eth3:                              [  OK  ]
Shutting down interface eth4:                              [  OK  ]
Shutting down interface eth5:                              [  OK  ]
Shutting down loopback interface:                          [  OK  ]
Bringing up loopback interface:                            [  OK  ]
Bringing up interface eth0:                                [  OK  ]
Bringing up interface eth1:                                [  OK  ]
Bringing up interface eth2:                                [  OK  ]
Bringing up interface eth3:                                [  OK  ]
Bringing up interface eth4:  
Determining IP information for eth4... done.
                                                           [  OK  ]
Bringing up interface eth5:                                [  OK  ]
Now if we look at ifconfig again, we'll see all six interfaces have been started!
ifconfig
eth0      Link encap:Ethernet  HWaddr 00:1B:21:81:C3:34  
          inet6 addr: fe80::21b:21ff:fe81:c334/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2433 errors:0 dropped:0 overruns:0 frame:0
          TX packets:31 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:150042 (146.5 KiB)  TX bytes:3066 (2.9 KiB)
          Interrupt:24 Memory:ce240000-ce260000 
eth1      Link encap:Ethernet  HWaddr 00:1B:21:81:C3:35  
          inet6 addr: fe80::21b:21ff:fe81:c335/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2416 errors:0 dropped:0 overruns:0 frame:0
          TX packets:31 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:148176 (144.7 KiB)  TX bytes:3066 (2.9 KiB)
          Interrupt:34 Memory:ce2a0000-ce2c0000 
eth2      Link encap:Ethernet  HWaddr A0:36:9F:02:E0:04  
          inet6 addr: fe80::a236:9fff:fe02:e004/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:3 errors:0 dropped:0 overruns:0 frame:0
          TX packets:36 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1026 (1.0 KiB)  TX bytes:5976 (5.8 KiB)
          Memory:ce400000-ce500000 
eth3      Link encap:Ethernet  HWaddr A0:36:9F:02:E0:05  
          inet6 addr: fe80::a236:9fff:fe02:e005/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1606 errors:0 dropped:0 overruns:0 frame:0
          TX packets:21 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:98242 (95.9 KiB)  TX bytes:2102 (2.0 KiB)
          Memory:ce500000-ce600000 
eth4      Link encap:Ethernet  HWaddr 00:19:99:9C:9B:9E  
          inet addr:10.255.0.33  Bcast:10.255.255.255  Mask:255.255.0.0
          inet6 addr: fe80::219:99ff:fe9c:9b9e/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:308572 errors:0 dropped:0 overruns:0 frame:0
          TX packets:153402 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:345254511 (329.2 MiB)  TX bytes:14520378 (13.8 MiB)
          Memory:ce660000-ce680000 
eth5      Link encap:Ethernet  HWaddr 00:19:99:9C:9B:9F  
          inet6 addr: fe80::219:99ff:fe9c:9b9f/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:6 errors:0 dropped:0 overruns:0 frame:0
          TX packets:23 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:2052 (2.0 KiB)  TX bytes:3114 (3.0 KiB)
          Memory:ce6c0000-ce6e0000 
lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:3540 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3540 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:2652436 (2.5 MiB)  TX bytes:2652436 (2.5 MiB)
Excellent! Now we can start creating the list of what physical interfaces have what current names.
Finding Current Names for Physical Interfaces
Once you know how you want your interfaces, create a little table like this:
| Have | Want | 
|---|---|
| eth0 | |
| eth1 | |
| eth2 | |
| eth3 | |
| eth4 | |
| eth5 | 
Now we want to use a program called tail to watch the system log file /var/log/messages and print to screen messages as they're written to the log. To do this, run;
tail -f -n 0 /var/log/messages
When you run this, the cursor will just sit there and nothing will be printed to screen at first. This is fine, this tells us that tail is waiting for new records. We're now going to methodically unplug each network cable, wait a moment and then plug it back in. Each time we do this, we'll write down the interface name that was reported as going down and then coming back up.
The first cable we're going to unplug is the one in the physical interface we want to make eth0.
Oct 28 17:36:06 an-c05n01 kernel: igb: eth4 NIC Link is Down
Oct 28 17:36:19 an-c05n01 kernel: igb: eth4 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX/TX
Here we see that the physical interface that we want to be eth0 is currently called eth4. So we'll add that to our chart.
| Have | Want | 
|---|---|
| eth4 | eth0 | 
| eth1 | |
| eth2 | |
| eth3 | |
| eth4 | |
| eth5 | 
Now we'll unplug the cable we want to make eth1:
Oct 28 17:38:01 an-c05n01 kernel: igb: eth5 NIC Link is Down
Oct 28 17:38:04 an-c05n01 kernel: igb: eth5 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX/TX
It's currently called eth5, so we'll write that in beside the "Want" column's eth1 entry.
| Have | Want | 
|---|---|
| eth4 | eth0 | 
| eth5 | eth1 | 
| eth2 | |
| eth3 | |
| eth4 | |
| eth5 | 
Keep doing this for the other four cables.
Oct 28 17:39:28 an-c05n01 kernel: e1000e: eth0 NIC Link is Down
Oct 28 17:39:30 an-c05n01 kernel: e1000e: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: Rx/Tx
Oct 28 17:39:35 an-c05n01 kernel: e1000e: eth1 NIC Link is Down
Oct 28 17:39:37 an-c05n01 kernel: e1000e: eth1 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: Rx/Tx
Oct 28 17:39:40 an-c05n01 kernel: igb: eth2 NIC Link is Down
Oct 28 17:39:43 an-c05n01 kernel: igb: eth2 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX/TX
Oct 28 17:39:47 an-c05n01 kernel: igb: eth3 NIC Link is Down
Oct 28 17:39:51 an-c05n01 kernel: igb: eth3 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX/TX
The finished table is this;
| Have | Want | 
|---|---|
| eth4 | eth0 | 
| eth5 | eth1 | 
| eth0 | eth2 | 
| eth1 | eth3 | 
| eth2 | eth4 | 
| eth3 | eth5 | 
Now we know how we want to move the names around!
Building the MAC Address List
Every network interface has a unique MAC address assigned to it when it is built. Think of this sort of like a globally unique serial number. Because it's guaranteed to be unique, it's a convenient way for the operating system to create a persistent map between real interfaces and names. If we didn't use these, then each time you rebooted your node, it would possibly mean that the names get juggled. Not very good.
RHEL uses two files for creating this map;
- /etc/udev/rules.d/70-persistent-net.rules
- /etc/sysconfig/network-scripts/ifcfg-eth*
The 70-persistent-net.rules can be rebuilt by running a command, so we're not going to worry about it. We'll just delete in a little bit and then recreate it.
The files we care about are the six ifcfg-ethX files. Inside each of these is a variable named HWADDR. The value set here will tell the OS what physical network interface the given file is configuring. We know from the list we created how we want to move the files around.
To recap:
- The HWADDR MAC address in eth4 will be moved to eth0.
- The HWADDR MAC address in eth5 will be moved to eth1.
- The HWADDR MAC address in eth0 will be moved to eth3.
- The HWADDR MAC address in eth1 will be moved to eth4.
- The HWADDR MAC address in eth2 will be moved to eth5.
- The HWADDR MAC address in eth3 will be moved to eth6.
So lets create a new table. This one we will use to write down the MAC addresses we want to set for each device.
| Device | New MAC address | 
|---|---|
| eth0 | |
| eth1 | |
| eth2 | |
| eth3 | |
| eth4 | |
| eth5 | 
So we know that the MAC address currently assigned to eth4 is the one we want to move to eth0. We can use ifconfig to show the information for the eth4 interface only.
ifconfig
eth4      Link encap:Ethernet  HWaddr 00:19:99:9C:9B:9E  
          inet addr:10.255.0.33  Bcast:10.255.255.255  Mask:255.255.0.0
          inet6 addr: fe80::219:99ff:fe9c:9b9e/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:315979 errors:0 dropped:0 overruns:0 frame:0
          TX packets:153610 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:345711965 (329.6 MiB)  TX bytes:14555290 (13.8 MiB)
          Memory:ce660000-ce680000
We want the HWaddr value, 00:19:99:9C:9B:9E. This will be moved to eth0, so lets write that down.
| Device | New MAC address | 
|---|---|
| eth0 | 00:19:99:9C:9B:9E | 
| eth1 | |
| eth2 | |
| eth3 | |
| eth4 | |
| eth5 | 
Next up, we want to move eth5 to be the new eth1. We can use ifconfig again, but this time we'll do a little bash-fu to reduce the output to just the MAC address.
ifconfig eth5 | grep HWaddr | awk '{print $5}'
00:19:99:9C:9B:9F
This simply reduced the output to just the line with the HWaddr line in it, then it split the line on spaces and printed just the fifth value, which is the MAC address currently assigned to eth5. We'll write this down beside eth1.
| Device | New MAC address | 
|---|---|
| eth0 | 00:19:99:9C:9B:9E | 
| eth1 | 00:19:99:9C:9B:9F | 
| eth2 | |
| eth3 | |
| eth4 | |
| eth5 | 
Next up, we want to move the current eth0 over to eth2. So lets get the current eth0 MAC address and add it to the list as well.
ifconfig eth0 | grep HWaddr | awk '{print $5}'
00:1B:21:81:C3:34
Now we want to move eth1 to eth3;
ifconfig eth1 | grep HWaddr | awk '{print $5}'
00:1B:21:81:C3:35
Second to last one is eth2, which will move to eth4;
ifconfig eth2 | grep HWaddr | awk '{print $5}'
A0:36:9F:02:E0:04
Finally, eth3 moves to eth5;
ifconfig eth3 | grep HWaddr | awk '{print $5}'
A0:36:9F:02:E0:05
Our complete list of new MAC address is;
| Device | New MAC address | 
|---|---|
| eth0 | 00:19:99:9C:9B:9E | 
| eth1 | 00:19:99:9C:9B:9F | 
| eth2 | 00:1B:21:81:C3:34 | 
| eth3 | 00:1B:21:81:C3:35 | 
| eth4 | A0:36:9F:02:E0:04 | 
| eth5 | A0:36:9F:02:E0:05 | 
Excellent! Now we're ready.
Changing The Interface Device Names
We're about to change which physical interfaces have which device names. If we don't stop the network first, we won't be able to restart them later. If we waited until later, the kernel would see a conflict between what it thinks the MAC-to-name mapping should be compared to what it sees in the configuration. The only way around this is a reboot, which is kind of a waste. So by stopping the network now, we clear the kernel's view of the network and avoid the problem entirely.
So, stop the network.
/etc/init.d/network stop
Shutting down interface eth0:                              [  OK  ]
Shutting down interface eth1:                              [  OK  ]
Shutting down interface eth2:                              [  OK  ]
Shutting down interface eth3:                              [  OK  ]
Shutting down interface eth4:                              [  OK  ]
Shutting down interface eth5:                              [  OK  ]
Shutting down loopback interface:                          [  OK  ]
We can confirm that it's stopped by running ifconfig. It should return nothing at all.
ifconfig
# No output
Good. Next, delete the /etc/udev/rules.d/70-persistent-net.rules file. We'll regenerate it after we're done.
rm /etc/udev/rules.d/70-persistent-net.rules
rm: remove regular file `/etc/udev/rules.d/70-persistent-net.rules'? y
Now we need to edit each of the ifcfg-ethX files and change the HWADDR value to the new addresses we wrote down in our list. Let's start with ifcfg-eth0
vim /etc/sysconfig/network-scripts/ifcfg-eth0
Change the line:
HWADDR="00:1B:21:81:C3:34"
To the new value from our list;
HWADDR="00:19:99:9C:9B:9E"
Save the file and then move on to ifcfg-eth2
vim /etc/sysconfig/network-scripts/ifcfg-eth0
Change the current HWADDR="00:1B:21:81:C3:35" entry to the new MAC address;
HWADDR="00:19:99:9C:9B:9F"
Continue editing the other four ifcfg-eth{2..5} files in the same manner.
Once all the files have been edited, we will regenerate the 70-persistent-net.rules.
start_udev
Starting udev:                                             [  OK  ]
Test The New Network Name Mapping
It's time to start networking again and see if the remapping worked!
/etc/init.d/network start
Bringing up loopback interface:                            [  OK  ]
Bringing up interface eth0:                                [  OK  ]
Bringing up interface eth1:                                [  OK  ]
Bringing up interface eth2:                                [  OK  ]
Bringing up interface eth3:                                [  OK  ]
Bringing up interface eth4:  
Bringing up interface eth4:
Determining IP information for eth4...PING 10.255.255.254 (10.255.255.254) from 10.255.0.33 eth4: 56(84) bytes of data.
--- 10.255.255.254 ping statistics ---
4 packets transmitted, 0 received, +3 errors, 100% packet loss, time 3000ms
pipe 3
 failed.
                                                           [FAILED]
Bringing up interface eth5:                                [  OK  ]
What happened!?
If you recall, the old eth4 device was the interface we moved to eth0. The new eth4 is not plugged into a network with access to our DHCP server, so it failed to get an IP address. To fix this, we'll disable DHCP on the new eth4 and enable it on the new eth0 (which used to be eth4).
sed -i 's/BOOTPROTO.*/BOOTPROTO="none"/' /etc/sysconfig/network-scripts/ifcfg-eth4
sed -i 's/BOOTPROTO.*/BOOTPROTO="dhcp"/' /etc/sysconfig/network-scripts/ifcfg-eth0
Now we'll restart the network and this time we should be good.
/etc/init.d/network restart
Shutting down interface eth0:                              [  OK  ]
Shutting down interface eth1:                              [  OK  ]
Shutting down interface eth2:                              [  OK  ]
Shutting down interface eth3:                              [  OK  ]
Shutting down interface eth4:                              [  OK  ]
Shutting down interface eth5:                              [  OK  ]
Shutting down loopback interface:                          [  OK  ]
Bringing up loopback interface:                            [  OK  ]
Bringing up interface eth0:
Determining IP information for eth0... done.
                                                           [  OK  ]
Bringing up interface eth1:                                [  OK  ]
Bringing up interface eth2:                                [  OK  ]
Bringing up interface eth3:                                [  OK  ]
Bringing up interface eth4:                                [  OK  ]
Bringing up interface eth5:                                [  OK  ]
The last step is to again tail the system log and then unplug and plug-in the cables. If everything went well, they should be in the right order now.
tail -f -n 0 /var/log/messages
Oct 28 18:44:24 an-c05n01 kernel: igb: eth0 NIC Link is Down
Oct 28 18:44:27 an-c05n01 kernel: igb: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX/TX
Oct 28 18:44:31 an-c05n01 kernel: igb: eth1 NIC Link is Down
Oct 28 18:44:34 an-c05n01 kernel: igb: eth1 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX/TX
Oct 28 18:44:35 an-c05n01 kernel: e1000e: eth2 NIC Link is Down
Oct 28 18:44:38 an-c05n01 kernel: e1000e: eth2 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: Rx/Tx
Oct 28 18:44:39 an-c05n01 kernel: e1000e: eth3 NIC Link is Down
Oct 28 18:44:42 an-c05n01 kernel: e1000e: eth3 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: Rx/Tx
Oct 28 18:44:45 an-c05n01 kernel: igb: eth4 NIC Link is Down
Oct 28 18:44:49 an-c05n01 kernel: igb: eth4 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX/TX
Oct 28 18:44:50 an-c05n01 kernel: igb: eth5 NIC Link is Down
Oct 28 18:44:54 an-c05n01 kernel: igb: eth5 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX/TX
Woohoo! Done!
At this point, I like to refresh the backup. We're going to be making more changes later at it would be nice to not have to redo this step again, should something go wrong.
rsync -av /etc/sysconfig/network-scripts /root/backups/
sending incremental file list
network-scripts/
network-scripts/ifcfg-eth0
network-scripts/ifcfg-eth1
network-scripts/ifcfg-eth2
network-scripts/ifcfg-eth3
network-scripts/ifcfg-eth4
network-scripts/ifcfg-eth5
sent 1955 bytes  received 130 bytes  4170.00 bytes/sec
total size is 132711  speedup is 63.65
Repeat this process for the other node. Once both nodes have the matching physical interface to device names, we'll be ready to move on to the next step!
Configuring Our Bridge, Bonds and Interfaces
To setup our network, we will need to edit the ifcfg-ethX, ifcfg-bondX and ifcfg-vbr2 scripts.
The vbr2 device is a bridge, like a virtual network switch, which will be used to route network connections between the virtual machines and the outside world, via the IFN. If you look in the network map, you will see that the vbr2 virtual interface connects to bond2, which links to the outside world, and it connects to all servers. Just like a normal switch does. You will also note that the bridge will have the IP addresses, not the bonded interface bond2. It will instead be slaved to the vbr2 bridge.
The bondX virtual devices work a lot like the network version of RAID level 1 arrays. They take two real links and turn them into one redundant link. In our case, each link in the bond will go to a different switch, protecting our links for interface, cable, port or entire switch failures. Should any of these fail, the bond will switch to the backup link so quickly that the applications on the nodes will not notice anything happened.
We're going to be editing a lot of files. It's best to lay out what we'll be doing in a chart. So our setup will be:
| Node | BCN IP and Device | SN IP and Device | IFN IP and Device | 
|---|---|---|---|
| an-c05n01 | 10.20.50.1 on bond0 | 10.10.50.1 on bond1 | 10.255.50.1 on vbr2 (bond2 slaved) | 
| an-c05n02 | 10.20.50.2 on bond0 | 10.10.50.2 on bond1 | 10.255.50.2 on vbr2 (bond2 slaved) | 
Always Have Backups
If you skipped the previous step, start here by making a backup of the existing network configuration files.
mkdir /root/backups/
rsync -av /etc/sysconfig/network-scripts /root/backups/
sending incremental file list
network-scripts/
network-scripts/ifcfg-eth0
network-scripts/ifcfg-eth1
network-scripts/ifcfg-eth2
network-scripts/ifcfg-eth3
network-scripts/ifcfg-eth4
network-scripts/ifcfg-eth5
network-scripts/ifcfg-lo
network-scripts/ifdown -> ../../../sbin/ifdown
network-scripts/ifdown-bnep
network-scripts/ifdown-eth
network-scripts/ifdown-ippp
network-scripts/ifdown-ipv6
network-scripts/ifdown-isdn -> ifdown-ippp
network-scripts/ifdown-post
network-scripts/ifdown-ppp
network-scripts/ifdown-routes
network-scripts/ifdown-sit
network-scripts/ifdown-tunnel
network-scripts/ifup -> ../../../sbin/ifup
network-scripts/ifup-aliases
network-scripts/ifup-bnep
network-scripts/ifup-eth
network-scripts/ifup-ippp
network-scripts/ifup-ipv6
network-scripts/ifup-isdn -> ifup-ippp
network-scripts/ifup-plip
network-scripts/ifup-plusb
network-scripts/ifup-post
network-scripts/ifup-ppp
network-scripts/ifup-routes
network-scripts/ifup-sit
network-scripts/ifup-tunnel
network-scripts/ifup-wireless
network-scripts/init.ipv6-global
network-scripts/net.hotplug
network-scripts/network-functions
network-scripts/network-functions-ipv6
sent 135156 bytes  received 731 bytes  271774.00 bytes/sec
total size is 132711  speedup is 0.98
Creating New Network Configuration Files
The new bond and bridge devices we want to create do not exist at all yet. So we will start by touching the configuration files we will need.
touch /etc/sysconfig/network-scripts/ifcfg-bond{0,1,2}
touch /etc/sysconfig/network-scripts/ifcfg-vbr2
Configuring The Bridge
We'll start in reverse order, crafting the bridge's script first.
| an-c05n01 IFN Bridge: | vim /etc/sysconfig/network-scripts/ifcfg-vbr2# Internet-Facing Network - Bridge
DEVICE="vbr2"
TYPE="Bridge"
NM_CONTROLLED="no"
BOOTPROTO="static"
IPADDR="10.255.50.1"
NETMASK="255.255.0.0"
GATEWAY="10.255.255.254"
DNS1="8.8.8.8"
DNS2="8.8.4.4"
DEFROUTE="yes" | 
|---|---|
| an-c05n02 IFN Bridge: | vim /etc/sysconfig/network-scripts/ifcfg-vbr2# Internet-Facing Network - Bridge
DEVICE="vbr2"
TYPE="Bridge"
NM_CONTROLLED="no"
BOOTPROTO="none"
IPADDR="10.255.50.2"
NETMASK="255.255.0.0"
GATEWAY="10.255.255.254"
DNS1="8.8.8.8"
DNS2="8.8.4.4"
DEFROUTE="yes" | 
If you have a Red Hat account, you can read up on what the option above mean, and specifics of bridge devices. In case you don't though, here is a summary:
| Variable | Description | 
|---|---|
| DEVICE | This is the actual name given to this device. Generally is matches the file name. In this case, the DEVICE is vbr2 and the file name is ifcfg-vbr2. This matching of file name to device name is by convention and not strictly required. | 
| TYPE | This is either Ethernet, the default, or Bridge, as we use here. Note that these values are case-sensitive! By setting this here, we're telling the OS that we're creating a bridge device. | 
| NM_CONTROLLED | This can be yes, which is the default, or no, as we set here. This tells Network Manager that it is not allowed to manage this device. We've removed the NetworkManager package, so this is not strictly needed, but we'll add it just in case it gets installed in the future. | 
| BOOTPROTO | This can be either none, which we're using here, dhcp or bootp if you want the interface to get an IP from a DHCP or BOOTP server, respectively. We're setting it to static, so we want this set to none. | 
| IPADDR | This is the dotted-decimal IP address we're assigning to this interface. | 
| NETMASK | This is the dotted-decimal subnet mask for this interface. | 
| GATEWAY | This is the IP address the node will contact when we it needs to send traffic to other networks, like the Internet. | 
| DNS1 | This is the IP address of the primary domain name server to use when the node needs to translate a host or domain name into an IP address which wasn't found in the /etc/hosts file. | 
| DNS2 | This is the IP address of the backup domain name server, should the primary DNS server specified above fail. | 
| DEFROUTE | This can be set to yes, as we've set it here, or no. If two or more interfaces has DEFROUTE set, the interface with this variable set to yes will be used. | 
Creating the Bonded Interfaces
Next up, we'll can create the three bonding configuration files. This is where two physical network interfaces are tied together to work like a single, highly available network interface. You can think of a bonded interface as being akin to RAID level 1; A new virtual device is created out of two real devices.
We're going to see a long line called "BONDING_OPTS". Let's look at the meaning of these options before we look at the configuration;
| Variable | Description | 
|---|---|
| mode | This tells the Linux kernel what kind of bond we're creating here. There are seven modes available, each with a numeric value representing them. We're going use the "Active/Passive" mode, known as mode 1 (active-backup). As of RHEL 6.4, modes 0 (balance-rr) and mode 2 (balance-xor) are supported for use with corosync. Given the proven reliability of surviving numerous tested failure and recovery tests though, AN! still strongly recommends mode 1. | 
| miimon | This tells the kernel how often, in milliseconds, to check for unreported link failures. We're using 100 which tells the bonding driver to check if the network cable has been unplugged or plugged in every 100 milliseconds. Most modern drivers will report link state via their driver, so this option is not strictly required, but it is recommended for extra safety. | 
| use_carrier | Setting this to 1 tells the driver to use the driver to maintain the link state. Some drivers don't support that. If you run into trouble where the link shows as up when it's actually down, get a new network card or try changing this to 0. | 
| updelay | Setting this to 120000 tells the driver to delay switching back to the primary interface for 120,000 milliseconds (120 seconds / 2 minutes). This is designed to give the switch connected to the primary interface time to finish booting. Setting this too low may cause the bonding driver to switch back before the network switch is ready to actually move data. Some switches will not provide a link until it is fully booted, so please experiment. | 
| downdelay | Setting this to 0 tells the driver not to wait before changing the state of an interface when the link goes down. That is, when the driver detects a fault, it will switch to the backup interface immediately. This is the default behaviour, but setting this here insures that it is reset when the interface is reset, should the delay be somehow set elsewhere. | 
The first bond we'll configure is for the Back-Channel Network.
| an-c05n01 BCN Bond | vim /etc/sysconfig/network-scripts/ifcfg-bond0# Back-Channel Network - Bond
DEVICE="bond0"
NM_CONTROLLED="no"
BOOTPROTO="none"
ONBOOT="yes"
BONDING_OPTS="mode=1 miimon=100 use_carrier=1 updelay=120000 downdelay=0 primary=eth0"
IPADDR="10.20.50.1"
NETMASK="255.255.0.0" | 
|---|---|
| an-c05n02 BCN Bond | vim /etc/sysconfig/network-scripts/ifcfg-bond0# Back-Channel Network - Bond
DEVICE="bond0"
NM_CONTROLLED="no"
BOOTPROTO="none"
ONBOOT="yes"
BONDING_OPTS="mode=1 miimon=100 use_carrier=1 updelay=120000 downdelay=0 primary=eth0"
IPADDR="10.20.50.2"
NETMASK="255.255.0.0" | 
Next up is the bond for the Storage Network;
| an-c05n01 SN Bond: | vim /etc/sysconfig/network-scripts/ifcfg-bond1# Storage Network - Bond
DEVICE="bond1"
NM_CONTROLLED="no"
BOOTPROTO="none"
ONBOOT="yes"
BONDING_OPTS="mode=1 miimon=100 use_carrier=1 updelay=120000 downdelay=0 primary=eth1"
IPADDR="10.10.50.1"
NETMASK="255.255.0.0" | 
|---|---|
| an-c05n02 SN Bond: | vim /etc/sysconfig/network-scripts/ifcfg-bond1# Storage Network - Bond
DEVICE="bond1"
NM_CONTROLLED="no"
BOOTPROTO="none"
ONBOOT="yes"
BONDING_OPTS="mode=1 miimon=100 use_carrier=1 updelay=120000 downdelay=0 primary=eth1"
IPADDR="10.10.50.2"
NETMASK="255.255.0.0" | 
Finally, we setup the bond for the Internet-Facing Network.
Here we see a new option:
- BRIDGE="vbr2"; This tells the system that this bond is to be connected to the vbr2 bridge when it is started.
| an-c05n01 IFN Bond: | vim /etc/sysconfig/network-scripts/ifcfg-bond2# Internet-Facing Network - Bond
DEVICE="bond2"
BRIDGE="vbr2"
NM_CONTROLLED="no"
BOOTPROTO="none"
ONBOOT="yes"
BONDING_OPTS="mode=1 miimon=100 use_carrier=1 updelay=120000 downdelay=0 primary=eth2" | 
|---|---|
| an-c05n02 IFN Bond: | vim /etc/sysconfig/network-scripts/ifcfg-bond2# Internet-Facing Network - Bond
DEVICE="bond2"
BRIDGE="vbr2"
NM_CONTROLLED="no"
BOOTPROTO="none"
ONBOOT="yes"
BONDING_OPTS="mode=1 miimon=100 use_carrier=1 updelay=120000 downdelay=0 primary=eth2" | 
Done with the bonds!
Alter The Interface Configurations
With the bridge and bonds in place, we can now alter the interface configurations.
We've already edited these back when we were remapping the physical interface to device names. This time, we're going to clean them up, add a comment and slave them to their parent bonds. Note that the only difference between each node's given config file will be the HWADDR variable's value.
- BCN bond0, Link 1;
| an-c05n01's eth0 | vim /etc/sysconfig/network-scripts/ifcfg-eth0# Back-Channel Network - Link 1
HWADDR="00:19:99:9C:9B:9E"
DEVICE="eth0"
NM_CONTROLLED="no"
BOOTPROTO="none"
ONBOOT="yes"
MASTER="bond0"
SLAVE="yes" | 
|---|---|
| an-c05n02's eth0 | vim /etc/sysconfig/network-scripts/ifcfg-eth0# Back-Channel Network - Link 1
HWADDR="00:19:99:9C:A0:6C"
DEVICE="eth0"
NM_CONTROLLED="no"
BOOTPROTO="none"
ONBOOT="yes"
MASTER="bond0"
SLAVE="yes" | 
- SN bond1, Link 1;
| an-c05n01's eth1 | vim /etc/sysconfig/network-scripts/ifcfg-eth1# Storage Network - Link 1
DEVICE="eth1"
HWADDR="00:19:99:9C:9B:9F"
NM_CONTROLLED="no"
BOOTPROTO="none"
ONBOOT="yes"
MASTER="bond1"
SLAVE="yes" | 
|---|---|
| an-c05n02's eth1 | vim /etc/sysconfig/network-scripts/ifcfg-eth1# Storage Network - Link 1
DEVICE="eth1"
HWADDR="00:19:99:9C:A0:6D"
NM_CONTROLLED="no"
BOOTPROTO="none"
ONBOOT="yes"
MASTER="bond1"
SLAVE="yes" | 
- IFN bond2, Link 1;
| an-c05n01's eth2 | vim /etc/sysconfig/network-scripts/ifcfg-eth2# Internet-Facing Network - Link 1
HWADDR="00:1B:21:81:C3:34"
DEVICE="eth2"
NM_CONTROLLED="no"
BOOTPROTO="none"
ONBOOT="yes"
MASTER="bond2"
SLAVE="yes" | 
|---|---|
| an-c05n02's eth2 | vim /etc/sysconfig/network-scripts/ifcfg-eth2# Internet-Facing Network - Link 1
HWADDR="00:1B:21:81:C2:EA"
DEVICE="eth2"
NM_CONTROLLED="no"
BOOTPROTO="none"
ONBOOT="yes"
MASTER="bond2"
SLAVE="yes" | 
- BCN bond0, Link 2;
| an-c05n01's eth3 | vim /etc/sysconfig/network-scripts/ifcfg-eth3# Back-Channel Network - Link 2
HWADDR="00:1B:21:81:C3:35"
DEVICE="eth3"
NM_CONTROLLED="no"
BOOTPROTO="none"
ONBOOT="yes"
MASTER="bond0"
SLAVE="yes" | 
|---|---|
| an-c05n02's eth3 | vim /etc/sysconfig/network-scripts/ifcfg-eth3# Back-Channel Network - Link 2
HWADDR="00:1B:21:81:C2:EB"
DEVICE="eth3"
NM_CONTROLLED="no"
BOOTPROTO="none"
ONBOOT="yes"
MASTER="bond0"
SLAVE="yes" | 
- SN bond1, Link 2;
| an-c05n01's eth4 | vim /etc/sysconfig/network-scripts/ifcfg-eth4# Storage Network - Link 2
HWADDR="A0:36:9F:02:E0:04"
DEVICE="eth4"
NM_CONTROLLED="no"
BOOTPROTO="none"
ONBOOT="yes"
MASTER="bond1"
SLAVE="yes" | 
|---|---|
| an-c05n02's eth4 | vim /etc/sysconfig/network-scripts/ifcfg-eth4# Storage Network - Link 2
HWADDR="A0:36:9F:07:D6:2E"
DEVICE="eth4"
NM_CONTROLLED="no"
BOOTPROTO="none"
ONBOOT="yes"
MASTER="bond1"
SLAVE="yes" | 
- IFN bond2, Link 2;
| an-c05n01's eth5 | vim /etc/sysconfig/network-scripts/ifcfg-eth5# Internet-Facing Network - Link 2
HWADDR="A0:36:9F:02:E0:05"
DEVICE="eth5"
NM_CONTROLLED="no"
BOOTPROTO="none"
ONBOOT="yes"
MASTER="bond2"
SLAVE="yes" | 
|---|---|
| an-c05n02's eth5 | vim /etc/sysconfig/network-scripts/ifcfg-eth5# Internet-Facing Network - Link 2
HWADDR="A0:36:9F:07:D6:2F"
DEVICE="eth5"
NM_CONTROLLED="no"
BOOTPROTO="none"
ONBOOT="yes"
MASTER="bond2"
SLAVE="yes" | 
The order of the variables is not really important, from a technical perspective. However, we've found that having the order consistent as possible between configs and nodes goes a long way to simplifying support and problem solving. It certainly helps reduce human error as well.
If we compare the newly updated configs with one of the backups, we'll see a couple interesting things;
diff -U0 /root/backups/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0--- /root/backups/network-scripts/ifcfg-eth0	2013-10-28 18:39:59.000000000 -0400
+++ /etc/sysconfig/network-scripts/ifcfg-eth0	2013-10-29 13:25:03.443343494 -0400
@@ -1,2 +1 @@
-DEVICE="eth0"
-BOOTPROTO="dhcp"
+# Back-Channel Network - Link 1
@@ -4 +3,3 @@
-NM_CONTROLLED="yes"
+DEVICE="eth0"
+NM_CONTROLLED="no"
+BOOTPROTO="none"
@@ -6,2 +7,2 @@
-TYPE="Ethernet"
-UUID="ea03dc97-019c-4acc-b4d6-bc42d30d9e36"
+MASTER="bond0"
+SLAVE="yes"The notable part is that TYPE and UUID where removed. These are not required, so we generally remove them. If you prefer to keep them, that is fine, too.
Loading The New Network Configuration
Simply restart the network service.
/etc/init.d/network restartShutting down interface eth0:  /etc/sysconfig/network-scripts/ifdown-eth: line 116: /sys/class/net/bond0/bonding/slaves: No such file or directory
                                                           [  OK  ]
Shutting down interface eth1:  /etc/sysconfig/network-scripts/ifdown-eth: line 116: /sys/class/net/bond1/bonding/slaves: No such file or directory
                                                           [  OK  ]
Shutting down interface eth2:  /etc/sysconfig/network-scripts/ifdown-eth: line 116: /sys/class/net/bond2/bonding/slaves: No such file or directory
                                                           [  OK  ]
Shutting down interface eth3:  /etc/sysconfig/network-scripts/ifdown-eth: line 116: /sys/class/net/bond0/bonding/slaves: No such file or directory
                                                           [  OK  ]
Shutting down interface eth4:  /etc/sysconfig/network-scripts/ifdown-eth: line 116: /sys/class/net/bond1/bonding/slaves: No such file or directory
                                                           [  OK  ]
Shutting down interface eth5:  /etc/sysconfig/network-scripts/ifdown-eth: line 116: /sys/class/net/bond2/bonding/slaves: No such file or directory
                                                           [  OK  ]
Shutting down loopback interface:                          [  OK  ]
Bringing up loopback interface:                            [  OK  ]
Bringing up interface bond0:                               [  OK  ]
Bringing up interface bond1:                               [  OK  ]
Bringing up interface bond2:                               [  OK  ]
Bringing up interface vbr2:                                [  OK  ]These errors are normal. They're caused because we changed the ifcfg-ethX configuration files to reference bonded interfaces that, at the time we restarted the network, did not yet exist. If you restart the network again, you will see that the errors no longer appear.
Verifying the New Network Config
The first check to make sure everything works is to simply run ifconfig and make sure everything we expect to be there is, in fact, there.
| an-c05n01 | an-c05n02 | 
|---|---|
| ifconfigbond0     Link encap:Ethernet  HWaddr 00:19:99:9C:9B:9E  
          inet addr:10.20.50.1  Bcast:10.20.255.255  Mask:255.255.0.0
          inet6 addr: fe80::219:99ff:fe9c:9b9e/64 Scope:Link
          UP BROADCAST RUNNING MASTER MULTICAST  MTU:1500  Metric:1
          RX packets:821080 errors:0 dropped:0 overruns:0 frame:0
          TX packets:160713 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:392278922 (374.1 MiB)  TX bytes:15344030 (14.6 MiB)
bond1     Link encap:Ethernet  HWaddr 00:19:99:9C:9B:9F  
          inet addr:10.10.50.1  Bcast:10.10.255.255  Mask:255.255.0.0
          inet6 addr: fe80::219:99ff:fe9c:9b9f/64 Scope:Link
          UP BROADCAST RUNNING MASTER MULTICAST  MTU:1500  Metric:1
          RX packets:29 errors:0 dropped:0 overruns:0 frame:0
          TX packets:100 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:6030 (5.8 KiB)  TX bytes:13752 (13.4 KiB)
bond2     Link encap:Ethernet  HWaddr 00:1B:21:81:C3:34  
          inet6 addr: fe80::21b:21ff:fe81:c334/64 Scope:Link
          UP BROADCAST RUNNING MASTER MULTICAST  MTU:1500  Metric:1
          RX packets:512206 errors:0 dropped:0 overruns:0 frame:0
          TX packets:222 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:34650974 (33.0 MiB)  TX bytes:25375 (24.7 KiB)
eth0      Link encap:Ethernet  HWaddr 00:19:99:9C:9B:9E  
          UP BROADCAST RUNNING SLAVE MULTICAST  MTU:1500  Metric:1
          RX packets:570073 errors:0 dropped:0 overruns:0 frame:0
          TX packets:160669 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:377010981 (359.5 MiB)  TX bytes:15339986 (14.6 MiB)
          Memory:ce660000-ce680000 
eth1      Link encap:Ethernet  HWaddr 00:19:99:9C:9B:9F  
          UP BROADCAST RUNNING SLAVE MULTICAST  MTU:1500  Metric:1
          RX packets:20 errors:0 dropped:0 overruns:0 frame:0
          TX packets:43 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:4644 (4.5 KiB)  TX bytes:4602 (4.4 KiB)
          Memory:ce6c0000-ce6e0000 
eth2      Link encap:Ethernet  HWaddr 00:1B:21:81:C3:34  
          UP BROADCAST RUNNING SLAVE MULTICAST  MTU:1500  Metric:1
          RX packets:262105 errors:0 dropped:0 overruns:0 frame:0
          TX packets:188 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:19438941 (18.5 MiB)  TX bytes:22295 (21.7 KiB)
          Interrupt:24 Memory:ce240000-ce260000 
eth3      Link encap:Ethernet  HWaddr 00:19:99:9C:9B:9E  
          UP BROADCAST RUNNING SLAVE MULTICAST  MTU:1500  Metric:1
          RX packets:251007 errors:0 dropped:0 overruns:0 frame:0
          TX packets:44 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:15267941 (14.5 MiB)  TX bytes:4044 (3.9 KiB)
          Interrupt:34 Memory:ce2a0000-ce2c0000 
eth4      Link encap:Ethernet  HWaddr 00:19:99:9C:9B:9F  
          UP BROADCAST RUNNING SLAVE MULTICAST  MTU:1500  Metric:1
          RX packets:9 errors:0 dropped:0 overruns:0 frame:0
          TX packets:57 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1386 (1.3 KiB)  TX bytes:9150 (8.9 KiB)
          Memory:ce400000-ce500000 
eth5      Link encap:Ethernet  HWaddr 00:1B:21:81:C3:34  
          UP BROADCAST RUNNING SLAVE MULTICAST  MTU:1500  Metric:1
          RX packets:250101 errors:0 dropped:0 overruns:0 frame:0
          TX packets:34 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:15212033 (14.5 MiB)  TX bytes:3080 (3.0 KiB)
          Memory:ce500000-ce600000 
lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:3543 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3543 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:2652772 (2.5 MiB)  TX bytes:2652772 (2.5 MiB)
vbr2      Link encap:Ethernet  HWaddr 00:1B:21:81:C3:34  
          inet addr:10.255.50.1  Bcast:10.255.255.255  Mask:255.255.0.0
          inet6 addr: fe80::21b:21ff:fe81:c334/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4425 errors:0 dropped:0 overruns:0 frame:0
          TX packets:127 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:225580 (220.2 KiB)  TX bytes:17449 (17.0 KiB) | ifconfigbond0     Link encap:Ethernet  HWaddr 00:19:99:9C:A0:6C  
          inet addr:10.20.50.2  Bcast:10.20.255.255  Mask:255.255.0.0
          inet6 addr: fe80::219:99ff:fe9c:a06c/64 Scope:Link
          UP BROADCAST RUNNING MASTER MULTICAST  MTU:1500  Metric:1
          RX packets:485064 errors:0 dropped:0 overruns:0 frame:0
          TX packets:42 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:29542689 (28.1 MiB)  TX bytes:3060 (2.9 KiB)
bond1     Link encap:Ethernet  HWaddr 00:19:99:9C:A0:6D  
          inet addr:10.10.50.2  Bcast:10.10.255.255  Mask:255.255.0.0
          inet6 addr: fe80::219:99ff:fe9c:a06d/64 Scope:Link
          UP BROADCAST RUNNING MASTER MULTICAST  MTU:1500  Metric:1
          RX packets:7 errors:0 dropped:0 overruns:0 frame:0
          TX packets:41 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:420 (420.0 b)  TX bytes:3018 (2.9 KiB)
bond2     Link encap:Ethernet  HWaddr 00:1B:21:81:C2:EA  
          inet6 addr: fe80::21b:21ff:fe81:c2ea/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MASTER MULTICAST  MTU:1500  Metric:1
          RX packets:884093 errors:0 dropped:0 overruns:0 frame:0
          TX packets:161539 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:414267432 (395.0 MiB)  TX bytes:15355495 (14.6 MiB)
eth0      Link encap:Ethernet  HWaddr 00:19:99:9C:A0:6C  
          UP BROADCAST RUNNING SLAVE MULTICAST  MTU:1500  Metric:1
          RX packets:242549 errors:0 dropped:0 overruns:0 frame:0
          TX packets:29 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:14772701 (14.0 MiB)  TX bytes:2082 (2.0 KiB)
          Memory:ce660000-ce680000 
eth1      Link encap:Ethernet  HWaddr 00:19:99:9C:A0:6D  
          UP BROADCAST RUNNING SLAVE MULTICAST  MTU:1500  Metric:1
          RX packets:3 errors:0 dropped:0 overruns:0 frame:0
          TX packets:28 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:180 (180.0 b)  TX bytes:2040 (1.9 KiB)
          Memory:ce6c0000-ce6e0000 
eth2      Link encap:Ethernet  HWaddr 00:1B:21:81:C2:EA  
          UP BROADCAST RUNNING SLAVE MULTICAST  MTU:1500  Metric:1
          RX packets:641600 errors:0 dropped:0 overruns:0 frame:0
          TX packets:161526 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:399497547 (380.9 MiB)  TX bytes:15354517 (14.6 MiB)
          Interrupt:24 Memory:ce240000-ce260000 
eth3      Link encap:Ethernet  HWaddr 00:19:99:9C:A0:6C  
          UP BROADCAST RUNNING SLAVE MULTICAST  MTU:1500  Metric:1
          RX packets:242515 errors:0 dropped:0 overruns:0 frame:0
          TX packets:13 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:14769988 (14.0 MiB)  TX bytes:978 (978.0 b)
          Interrupt:34 Memory:ce2a0000-ce2c0000 
eth4      Link encap:Ethernet  HWaddr 00:19:99:9C:A0:6D  
          UP BROADCAST RUNNING SLAVE MULTICAST  MTU:1500  Metric:1
          RX packets:4 errors:0 dropped:0 overruns:0 frame:0
          TX packets:13 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:240 (240.0 b)  TX bytes:978 (978.0 b)
          Memory:ce400000-ce500000 
eth5      Link encap:Ethernet  HWaddr 00:1B:21:81:C2:EA  
          UP BROADCAST RUNNING SLAVE MULTICAST  MTU:1500  Metric:1
          RX packets:242493 errors:0 dropped:0 overruns:0 frame:0
          TX packets:13 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:14769885 (14.0 MiB)  TX bytes:978 (978.0 b)
          Memory:ce500000-ce600000 
lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:3545 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3545 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:2658626 (2.5 MiB)  TX bytes:2658626 (2.5 MiB)
vbr2      Link encap:Ethernet  HWaddr 00:1B:21:81:C2:EA  
          inet addr:10.255.50.2  Bcast:10.255.255.255  Mask:255.255.0.0
          inet6 addr: fe80::21b:21ff:fe81:c2ea/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:16091 errors:0 dropped:0 overruns:0 frame:0
          TX packets:48 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:777873 (759.6 KiB)  TX bytes:20304 (19.8 KiB) | 
Excellent, everything is there!
Next up is to verify the bonds. To do this, we can examine special files in the /proc virtual file system. These expose the kernel's view of things as if they were tradition files. So by reading these files, we can see how the bonded interfaces are operating in real time.
There are three, one for each bond. Let's start by looking at bond0's /proc/net/bonding/bond0 "file", then we'll look at the other two.
| an-c05n01 | an-c05n02 | 
|---|---|
| cat /proc/net/bonding/bond0Ethernet Channel Bonding Driver: v3.6.0 (September 26, 2009)
Bonding Mode: fault-tolerance (active-backup)
Primary Slave: eth0 (primary_reselect always)
Currently Active Slave: eth0
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 120000
Down Delay (ms): 0
Slave Interface: eth0
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:19:99:9c:9b:9e
Slave queue ID: 0
Slave Interface: eth3
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:1b:21:81:c3:35
Slave queue ID: 0 | cat /proc/net/bonding/bond0Ethernet Channel Bonding Driver: v3.6.0 (September 26, 2009)
Bonding Mode: fault-tolerance (active-backup)
Primary Slave: eth0 (primary_reselect always)
Currently Active Slave: eth0
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 120000
Down Delay (ms): 0
Slave Interface: eth0
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:19:99:9c:a0:6c
Slave queue ID: 0
Slave Interface: eth3
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:1b:21:81:c2:eb
Slave queue ID: 0 | 
Let's look at the variables and values we see for an-c05n01 above:
- Bond variables;
| Variable | Description | 
|---|---|
| Bonding Mode | This tells us which bonding mode is currently active. Here we see fault-tolerance (active-backup), which is exactly what we wanted when we set mode=1 in the bond's configuration file. | 
| Primary Slave | This tells us that the bond will always use eth0 if it is available. Recall that we set a primary interface to ensure that, when everything is working properly, all network traffic goes through the same switch to avoid congestion on the stack/uplink cable. | 
| Currently Active Slave | This tells us which interface is being used at this time. If this shows the secondary interface, then either the primary has failed, or the primary has recovered by the updelay timer hasn't yet expired. | 
| MII Status | This shows the effective link state of the bond. If either one of the slaved interfaces is active, this will be up. | 
| MII Polling Interval (ms) | If you recall, this was set to 100ms, which tells the bond driver to verify the link state of the slaved interfaces. | 
| Up Delay (ms) | This tells us how long the bond driver will wait before switching to the secondary interface. We want immediate fail-over, so we have this set to 0. | 
| Down Delay (ms) | This tells us that the bond will wait for two minutes after a slaved interface comes up before it will consider it ready for use. | 
- Slaved interface variables;
| Variable | eth0 | eth3 | Description | 
|---|---|---|---|
| Slave Interface | eth0 | eth3 | This is the name of the slaved device. The values below this reflect that named interface's state. | 
| MII Status | up | up | This shows the current link state of the interface. Values you will see are: up, down and going back. The first two are obvious. The third is the link state between when the link comes up and before the updelay timer expires. | 
| Speed | 1000 Mbps | 1000 Mbps | This tells you the link speed that the current interface is operating at. If it's ever lower than you expect, look in the switch configuration for statically set speeds. If that's not it, try another network cable. | 
| Duplex | full | full | This tells you whether the given interface can send and receive network traffic at the same time, full, or not, half. All modern devices should support full duplex, so if you see half, examine your switch and cables. | 
| Link Failure Count | 0 | 0 | When the bond driver starts, this is set to 0. Each time the link "fails", which includes an intentional unplugging of the cable, this counter increments. There is no hard in this increasing if the "errors" where intentional or known. It can be useful in detecting flaky connections though, should you find this number to be higher than expected. | 
| Permanent HW addr | 00:19:99:9c:9b:9e | 00:1b:21:81:c3:35 | This is the real MAC address of the slaved interface. Those who are particularly observant will have noticed that, in the ifconfig output above, both eth0 and eth3 showed the same MAC address. This is partly how active-passive bonding is able to fail over so extremely quickly. The MAC address of which ever interface is active will appear in ifconfig as the HWaddr address of both bond members. | 
| Slave queue ID | 0 | 0 | In other bonding modes, this can be used to help direct certain traffic down certain slaved interface links. We won't use this so it should always be 0 | 
Now lets look at bond1;
| an-c05n01 | an-c05n02 | 
|---|---|
| cat /proc/net/bonding/bond1Ethernet Channel Bonding Driver: v3.6.0 (September 26, 2009)
Bonding Mode: fault-tolerance (active-backup)
Primary Slave: eth1 (primary_reselect always)
Currently Active Slave: eth1
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 120000
Down Delay (ms): 0
Slave Interface: eth1
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:19:99:9c:9b:9f
Slave queue ID: 0
Slave Interface: eth4
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: a0:36:9f:02:e0:04
Slave queue ID: 0 | cat /proc/net/bonding/bond1Ethernet Channel Bonding Driver: v3.6.0 (September 26, 2009)
Bonding Mode: fault-tolerance (active-backup)
Primary Slave: eth1 (primary_reselect always)
Currently Active Slave: eth1
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 120000
Down Delay (ms): 0
Slave Interface: eth1
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:19:99:9c:a0:6d
Slave queue ID: 0
Slave Interface: eth4
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: a0:36:9f:07:d6:2e
Slave queue ID: 0 | 
The last bond is bond2;
| an-c05n01 | an-c05n02 | 
|---|---|
| cat /proc/net/bonding/bond2Ethernet Channel Bonding Driver: v3.6.0 (September 26, 2009)
Bonding Mode: fault-tolerance (active-backup)
Primary Slave: eth2 (primary_reselect always)
Currently Active Slave: eth2
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 120000
Down Delay (ms): 0
Slave Interface: eth2
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:1b:21:81:c3:34
Slave queue ID: 0
Slave Interface: eth5
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: a0:36:9f:02:e0:05
Slave queue ID: 0 | cat /proc/net/bonding/bond2Ethernet Channel Bonding Driver: v3.6.0 (September 26, 2009)
Bonding Mode: fault-tolerance (active-backup)
Primary Slave: eth2 (primary_reselect always)
Currently Active Slave: eth2
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 120000
Down Delay (ms): 0
Slave Interface: eth2
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:1b:21:81:c2:ea
Slave queue ID: 0
Slave Interface: eth5
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: a0:36:9f:07:d6:2f
Slave queue ID: 0 | 
That covers the bonds! The last thing to look at are the bridges. We can check them using the brctl (bridge control) tool;
| an-c05n01 | an-c05n02 | 
|---|---|
| brctl showbridge name	bridge id		STP enabled	interfaces
vbr2		8000.001b2181c334	no		bond2 | brctl showbridge name     bridge id               STP enabled     interfaces
vbr2            8000.001b2181c2ea       no              bond2 | 
There are four variables; Let's take a look at them.
| Variable | eth0 | eth3 | Description | 
|---|---|---|---|
| bridge name | vbr2 | vbr2 | This is the device name we set when we created the ifcfg-vbr2 configuration file. | 
| bridge id | 8000.001b2181c334 | 8000.001b2181c2ea | This is an automatically create unique ID for the given bridge. | 
| STP enabled | no | no | This tells us where spanning tree protocol is enabled or not. Default is to be disabled, which is fine. If you enable it, it will help protect against loops that can cause broadcast storms and flood your network. Given how difficult it is to accidentally "plug both ends of a cable into the same switch", it's generally safe to leave off. | 
| interfaces | bond2 | bond2 | This tells us which network interfaces are "plugged into" the bridge. We don't have any servers yet, so only bond2 is plugged in, which is the link that provides a route out to the real world. Later, when we create our servers, a vnetX file will be created for each server's interface. These are the virtual "network cables" providing a link between the servers and the bridge. | 
All done!
Adding Everything to /etc/hosts
If you recall from the AN!Cluster Tutorial 2#Network section, we've got two nodes, each with three networks and an IPMI interface, two network switches, two switched PDUs and two UPSes. We're also going to create two dashboard servers, each of which will have a connection to the BCN and the IFN.
All of these have IP addresses. We want to be able to address them by names, which we can do by adding them to each node's /etc/hosts file. If you prefer to have this centralized, you can always use internal DNS servers instead, but that is outside the scope of this tutorial.
The format of /etc/hosts is <ip_addres> <name>[ <name2> <name...> <nameN>]. We want the short domain and full domain name to resolve to the BCN IP address on the 10.20.0.0/16 network. For this, we'll have multiple names on the BCN entry and then a single name for the SN and IFN entries.
vim /etc/hosts127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
### Nodes 
# an-c05n01
10.20.50.1	an-c05n01.bcn an-c05n01 an-c05n01.alteeve.ca
10.20.51.1	an-c05n01.ipmi
10.10.50.1	an-c05n01.sn
10.255.50.1	an-c05n01.ifn
# an-c05n02
10.20.50.2	an-c05n02.bcn an-c05n02 an-c05n02.alteeve.ca
10.20.51.2	an-c05n02.ipmi
10.10.50.2	an-c05n02.sn
10.255.50.2	an-c05n02.ifn
### Foundation Pack
# Network Switches
10.20.1.1	an-s01 an-s01.alteeve.ca
10.20.1.2	an-s02 an-s02.alteeve.ca	# Only accessible when out of the stack
# Switched PDUs
10.20.2.1	an-p01 an-p01.alteeve.ca
10.20.2.2	an-p02 an-p02.alteeve.ca
# Network-monitored UPSes
10.20.3.1	an-u01 an-u01.alteeve.ca
10.20.3.2	an-u02 an-u02.alteeve.ca
### Monitor Packs
10.20.4.1	an-m01 an-m01.alteeve.ca
10.255.4.1	an-m01.ifn
10.20.4.2	an-m02 an-m02.alteeve.ca
10.255.4.2	an-m02.ifnSave this to both nodes and then you can test that the names resolve properly using gethistip -d $name. Lets look at the names we gave to an-c05n01 and verify they resolve to the desired IP addresses.
gethostip -d an-c05n01.alteeve.ca10.20.50.1gethostip -d an-c05n0110.20.50.1gethostip -d an-c05n01.bcn10.20.50.1gethostip -d an-c05n01.sn10.10.50.1gethostip -d an-c05n01.ifn10.255.50.1gethostip -d an-c05n01.ipmi10.20.51.1Excellent! Test resolution of all names for both nodes, the foundation pack devices and the monitor packs. If they all resolve properly, we're ready to move on.
What is IPMI
IPMI, short for "Intelligent Platform Management Interface", is a standardized network-attched device built in to many servers. It is a stand-alone device which allows external people and devices the ability to log in and check the state of the host server. It can read the various sensor values, press the power and reset switches, report whether the host node is powered on or not and so forth.
Many companies build on the basic IPMI standard by adding advanced features like remote console access over the network, ability to monitor devices plugged into the server like the RAID controller and it's hard drives and so on. Each vendor generally has a name for their implementation of IPMI;
Various other vendors will have different names as well. In most cases though, they will all support the generic IPMI interface and Linux tools. We're going to use these tools to configure each node's IPMI "BMC", Baseboard Management Controller, for use as a fence device.
The idea here is this;
If a node stops responding, the remaining surviving node can't simply assume the peer is off. We'll go into the details of "why not?" later in the fencing section. The remaining node will log into the peer's IPMI BMC and ask it to power off the host. Once off, the surviving node will verify that the power is off, confirming that the peer is certainly no longer alive and offering clustered services. With this known, recovery can safely begin.
We need to assign an IP address to each IPMI BMC and then configure the user name and password to use later when connecting.
We will also use the sensor values reported by the IPMI BMC in our monitoring and alert system. If, for example, a temperate climbs too high or too fast, the alert system will be able to see this and fire off an alert.
Reading IPMI Data
We installed the needed IPMI tools earlier and we set ipmi to start on boot. Verify that it's running now;
/etc/init.d/ipmi statusipmi_msghandler module loaded.
ipmi_si module loaded.
ipmi_devintf module loaded.
/dev/ipmi0 exists.This tells us that the ipmi daemon is running and it was able to talk to the BMC. If this failed, /dev/ipmi0 would not exist. If this is the case for you, please find what make and model of IPMI BMC is used in your server and look for known issues with that chip.
The first thing we'll check is that we can query IPMI's chassis data:
ipmitool chassis statusSystem Power         : on
Power Overload       : false
Power Interlock      : inactive
Main Power Fault     : false
Power Control Fault  : false
Power Restore Policy : previous
Last Power Event     : 
Chassis Intrusion    : inactive
Front-Panel Lockout  : inactive
Drive Fault          : false
Cooling/Fan Fault    : false
Sleep Button Disable : not allowed
Diag Button Disable  : allowed
Reset Button Disable : allowed
Power Button Disable : allowed
Sleep Button Disabled: false
Diag Button Disabled : false
Reset Button Disabled: false
Power Button Disabled: falseExcellent! If you get something like this, you're past 90% of the potential problems.
We can check more information on the hosts using mc to query the management controller.
ipmitool mc infoDevice ID                 : 2
Device Revision           : 2
Firmware Revision         : 1.1
IPMI Version              : 2.0
Manufacturer ID           : 10368
Manufacturer Name         : Fujitsu Siemens
Product ID                : 611 (0x0263)
Product Name              : Unknown (0x263)
Device Available          : yes
Provides Device SDRs      : no
Additional Device Support :
    Sensor Device
    SDR Repository Device
    SEL Device
    FRU Inventory Device
    IPMB Event Receiver
    Bridge
    Chassis Device
Aux Firmware Rev Info     : 
    0x05
    0x08
    0x00
    0x41Some servers will report the details of "field replaceable units"; components than can be swapped out as needed. Every server will report different data here, but you can see what our RX300 S6 returns below.
ipmitool fru printFRU Device Description : Builtin FRU Device (ID 0)
 Device not present (Requested sensor, data, or record not found)
FRU Device Description : Chassis (ID 2)
 Chassis Type			 : Rack Mount Chassis
 Chassis Extra			 : RX300S6R1
 Product Manufacturer  : FUJITSU
 Product Name          : PRIMERGY RX300 S6
 Product Part Number   : ABN:K1344-V101-2204
 Product Version       : GS01
 Product Serial        : YL6T022170
 Product Asset Tag     : 15
 Product Extra         : 25a978
 Product Extra         : 0263
FRU Device Description : MainBoard (ID 3)
 Board Mfg Date        : Wed Dec 22 07:36:00 2010
 Board Mfg             : FUJITSU
 Board Product         : D2619
 Board Serial          : 35183219
 Board Part Number     : S26361-D2619-N15
 Board Extra           : WGS10 GS02
 Board Extra           : 02
FRU Device Description : PSU1 (ID 7)
 Unknown FRU header version 0x02
FRU Device Description : PSU2 (ID 8)
 Unknown FRU header version 0x02We can check all the sensor value using ipmitool as well. This is actually what the cluster monitor we'll install later does.
ipmitool sdr listAmbient          | 27.50 degrees C   | ok
Systemboard      | 43 degrees C      | ok
CPU1             | 34 degrees C      | ok
CPU2             | 37 degrees C      | ok
DIMM-1A          | 29 degrees C      | ok
DIMM-2A          | disabled          | ns
DIMM-3A          | disabled          | ns
DIMM-1B          | 29 degrees C      | ok
DIMM-2B          | disabled          | ns
DIMM-3B          | disabled          | ns
DIMM-1C          | 29 degrees C      | ok
DIMM-2C          | disabled          | ns
DIMM-3C          | disabled          | ns
DIMM-1D          | 33 degrees C      | ok
DIMM-2D          | disabled          | ns
DIMM-3D          | disabled          | ns
DIMM-1E          | 33 degrees C      | ok
DIMM-2E          | disabled          | ns
DIMM-3E          | disabled          | ns
DIMM-1F          | 33 degrees C      | ok
DIMM-2F          | disabled          | ns
DIMM-3F          | disabled          | ns
BATT 3.0V        | 3.13 Volts        | ok
STBY 3.3V        | 3.35 Volts        | ok
iRMC 1.2V STBY   | 1.19 Volts        | ok
iRMC 1.8V STBY   | 1.80 Volts        | ok
LAN 1.0V STBY    | 1.01 Volts        | ok
LAN 1.8V STBY    | 1.81 Volts        | ok
MAIN 12V         | 12 Volts          | ok
MAIN 5.15V       | 5.18 Volts        | ok
MAIN 3.3V        | 3.37 Volts        | ok
IOH 1.1V         | 1.10 Volts        | ok
IOH 1.8V         | 1.80 Volts        | ok
ICH 1.5V         | 1.50 Volts        | ok
IOH 1.1V AUX     | 1.09 Volts        | ok
CPU1 1.8V        | 1.80 Volts        | ok
CPU2 1.8V        | 1.80 Volts        | ok
Total Power      | 190 Watts         | ok
PSU1 Power       | 100 Watts         | ok
PSU2 Power       | 80 Watts          | ok
CPU1 Power       | 5.50 Watts        | ok
CPU2 Power       | 4.40 Watts        | ok
Fan Power        | 15.84 Watts       | ok
Memory Power     | 8 Watts           | ok
HDD Power        | 45 Watts          | ok
FAN1 SYS         | 5340 RPM          | ok
FAN2 SYS         | 5160 RPM          | ok
FAN3 SYS         | 4920 RPM          | ok
FAN4 SYS         | 5160 RPM          | ok
FAN5 SYS         | 5100 RPM          | ok
FAN1 PSU1        | 6360 RPM          | ok
FAN2 PSU1        | 6480 RPM          | ok
FAN1 PSU2        | 6480 RPM          | ok
FAN2 PSU2        | 6240 RPM          | ok
I2C1 error ratio | 0 unspecified     | ok
I2C2 error ratio | 0 unspecified     | ok
I2C3 error ratio | 0 unspecified     | ok
I2C4 error ratio | 0 unspecified     | ok
I2C5 error ratio | 0 unspecified     | ok
I2C6 error ratio | 0 unspecified     | ok
SEL Level        | 0 unspecified     | ok
Ambient          | 0x02              | ok
CPU1             | 0x80              | ok
CPU2             | 0x80              | ok
Power Unit       | 0x01              | ok
PSU              | Not Readable      | ns
PSU1             | 0x02              | ok
PSU2             | 0x02              | ok
Fanboard Row 2   | 0x00              | ok
FAN1 SYS         | 0x01              | ok
FAN2 SYS         | 0x01              | ok
FAN3 SYS         | 0x01              | ok
FAN4 SYS         | 0x01              | ok
FAN5 SYS         | 0x01              | ok
FAN1 PSU1        | 0x01              | ok
FAN2 PSU1        | 0x01              | ok
FAN1 PSU2        | 0x01              | ok
FAN2 PSU2        | 0x01              | ok
FanBoard         | 0x02              | ok
DIMM-1A          | 0x02              | ok
DIMM-1A          | 0x01              | ok
DIMM-2A          | 0x01              | ok
DIMM-2A          | 0x01              | ok
DIMM-3A          | 0x01              | ok
DIMM-3A          | 0x01              | ok
DIMM-1B          | 0x02              | ok
DIMM-1B          | 0x01              | ok
DIMM-2B          | 0x01              | ok
DIMM-2B          | 0x01              | ok
DIMM-3B          | 0x01              | ok
DIMM-3B          | 0x01              | ok
DIMM-1C          | 0x02              | ok
DIMM-1C          | 0x01              | ok
DIMM-2C          | 0x01              | ok
DIMM-2C          | 0x01              | ok
DIMM-3C          | 0x01              | ok
DIMM-3C          | 0x01              | ok
DIMM-1D          | 0x02              | ok
DIMM-1D          | 0x01              | ok
DIMM-2D          | 0x01              | ok
DIMM-2D          | 0x01              | ok
DIMM-3D          | 0x01              | ok
DIMM-3D          | 0x01              | ok
DIMM-1E          | 0x02              | ok
DIMM-1E          | 0x01              | ok
DIMM-2E          | 0x01              | ok
DIMM-2E          | 0x01              | ok
DIMM-3E          | 0x01              | ok
DIMM-3E          | 0x01              | ok
DIMM-1F          | 0x02              | ok
DIMM-1F          | 0x01              | ok
DIMM-2F          | 0x01              | ok
DIMM-2F          | 0x01              | ok
DIMM-3F          | 0x01              | ok
DIMM-3F          | 0x01              | ok
DIMM-3A          | 0x01              | ok
DIMM-3B          | 0x01              | ok
DIMM-3C          | 0x01              | ok
DIMM-3D          | 0x01              | ok
DIMM-3E          | 0x01              | ok
DIMM-3F          | 0x01              | ok
Watchdog         | 0x00              | ok
iRMC request     | 0x00              | ok
I2C1             | 0x02              | ok
I2C2             | 0x02              | ok
I2C3             | 0x02              | ok
I2C4             | 0x02              | ok
I2C5             | 0x02              | ok
I2C6             | 0x02              | ok
Config backup    | 0x00              | ok
Total Power      | 0x01              | ok
PSU1 Power       | 0x01              | ok
PSU2 Power       | 0x01              | ok
CPU1 Power       | 0x01              | ok
CPU2 Power       | 0x01              | ok
Memory Power     | 0x01              | ok
Fan Power        | 0x01              | ok
HDD Power        | 0x01              | ok
Power Level      | 0x01              | ok
Power Level      | 0x08              | ok
CPU detection    | 0x00              | ok
System Mgmt SW   | Not Readable      | ns
NMI              | 0x00              | ok
Local Monitor    | 0x02              | ok
Pwr Btn override | 0x00              | ok
System BIOS      | Not Readable      | ns
iRMC             | Not Readable      | nsYou can narrow that call down to just see temperature, power consumption and what not. That's beyond the scope of this tutorial though. The man page for ipmitool is great for seeing all the neat stuff you can do.
Finding Our IPMI LAN Channel
Before we can configure it though, we need to find our "LAN channel". Different manufacturers will use different channels, so we need to be able to find the one we're using.
To find it, simply call ipmitool lan print X. Increment X, starting at 1, until you get a response.
So first, let's query LAN channel 1.
ipmitool lan print 1Channel 1 is not a LAN channelNo luck; Let's try channel 2.
ipmitool lan print 2Set in Progress         : Set Complete
Auth Type Support       : NONE MD5 PASSWORD 
Auth Type Enable        : Callback : NONE MD5 PASSWORD 
                        : User     : NONE MD5 PASSWORD 
                        : Operator : NONE MD5 PASSWORD 
                        : Admin    : NONE MD5 PASSWORD 
                        : OEM      : NONE MD5 PASSWORD 
IP Address Source       : Static Address
IP Address              : 10.20.51.1
Subnet Mask             : 255.255.0.0
MAC Address             : 00:19:99:9a:d8:e8
SNMP Community String   : public
IP Header               : TTL=0x40 Flags=0x40 Precedence=0x00 TOS=0x10
Default Gateway IP      : 10.20.255.254
802.1q VLAN ID          : Disabled
802.1q VLAN Priority    : 0
RMCP+ Cipher Suites     : 0,1,2,3,6,7,8,17
Cipher Suite Priv Max   : OOOOOOOOXXXXXXX
                        :     X=Cipher Suite Unused
                        :     c=CALLBACK
                        :     u=USER
                        :     o=OPERATOR
                        :     a=ADMIN
                        :     O=OEMFound it! So we know that this server uses LAN channel 2. We'll need to use this for the next steps.
Reading IPMI Data
Now that we can read our IPMI data, it's time to set some values.
We know that we want to set an-c05n01's IPMI interface to have the IP 10.20.51.1/16. We also need to setup a user on the IPMI BMC so that we can log in from other nodes.
First up, let's set the IP address. Remember to use the LAN channel you found on your server. We don't actually have a gateway on the 10.20.0.0/16 network, but some devices insist on a default gateway being set. For this reason, we'll always set 10.255.255.254 as the gateway server. You will want to adjust this (or not use it at all) for your network.
This requires four calls;
- Tell the interface to use a static IP address.
- Set the IP address
- Set the subnet mask
- (optional) Set the default gateway
ipmitool lan set 2 ipsrc static
ipmitool lan set 2 ipaddr 10.20.51.1Setting LAN IP Address to 10.20.51.1ipmitool lan set 2 netmask 255.255.0.0Setting LAN Subnet Mask to 255.255.0.0ipmitool lan set 2 defgw ipaddr 10.20.255.254Setting LAN Default Gateway IP to 10.20.255.254Now we'll again print the LAN channel information and we should see that the IP address has been set.
ipmitool lan print 2Set in Progress         : Set Complete
Auth Type Support       : NONE MD5 PASSWORD 
Auth Type Enable        : Callback : NONE MD5 PASSWORD 
                        : User     : NONE MD5 PASSWORD 
                        : Operator : NONE MD5 PASSWORD 
                        : Admin    : NONE MD5 PASSWORD 
                        : OEM      : NONE MD5 PASSWORD 
IP Address Source       : Static Address
IP Address              : 10.20.51.1
Subnet Mask             : 255.255.0.0
MAC Address             : 00:19:99:9a:d8:e8
SNMP Community String   : public
IP Header               : TTL=0x40 Flags=0x40 Precedence=0x00 TOS=0x10
Default Gateway IP      : 10.20.255.254
802.1q VLAN ID          : Disabled
802.1q VLAN Priority    : 0
RMCP+ Cipher Suites     : 0,1,2,3,6,7,8,17
Cipher Suite Priv Max   : OOOOOOOOXXXXXXX
                        :     X=Cipher Suite Unused
                        :     c=CALLBACK
                        :     u=USER
                        :     o=OPERATOR
                        :     a=ADMIN
                        :     O=OEMExcellent!
Next up is to find the IPMI administrative user name and user ID. We'll record the name for later use in the cluster setup. We'll use the ID to update the user's password.
To see the list of users, run the following.
ipmitool user list 2ID  Name	     Callin  Link Auth	IPMI Msg   Channel Priv Limit
1                    true    true       true       Unknown (0x00)
2   admin            true    true       true       OEM
Get User Access command failed (channel 2, user 3): Unknown (0x32)Note that the error is fine to ignore.
Normally you should see OEM or ADMINISTRATOR under the Channel Priv Limit column. Above we see that the user named admin with ID 2 is OEM, so that is the user we will use.
|  | Note: The 2 in the next argument corresponds to the user ID, not the LAN channel! | 
To set the password to secret, run the following command and then enter the word secret twice.
ipmitool user set password 2Password for user 2: 
Password for user 2:Done!
Testing The IPMI Connection From the Peer
At this point, we've set each node's IPMI BMC network address and admin user's password. Now it's time to make sure it works.
In the example above, we walked through setting up an-c05n01's IPMI BMC. So here, we will log into an-c05n02 and try to connect to an-c05n01.ipmi to make sure everything works.
- From an-c05n02
ipmitool -I lanplus -U admin -P secret -H an-c05n01.ipmi chassis power statusChassis Power is onExcellent! Now let's test from an-c05n01 connecting to an-c05n02.ipmi.
ipmitool -I lanplus -U admin -P secret -H an-c05n02.ipmi chassis power statusChassis Power is onWoohoo!
Setting up SSH
Setting up SSH shared keys will allow your nodes to pass files between one another and execute commands remotely without needing to enter a password. This will be needed later when we want to enable applications like libvirtd and its tools, like virt-manager.
SSH is, on its own, a very big topic. If you are not familiar with SSH, please take some time to learn about it before proceeding. A great first step is the Wikipedia entry on SSH, as well as the SSH man page; man ssh.
SSH can be a bit confusing keeping connections straight in you head. When you connect to a remote machine, you start the connection on your machine as the user you are logged in as. This is the source user. When you call the remote machine, you tell the machine what user you want to log in as. This is the remote user.
Create The RSA Keys
You will need to create an SSH key for the root user on each node. Once created, we will need to copy the "public key" into a special file on both nodes to enable connecting to either node without a password.
Lets start with an-c05n01
# The '4095' is just to screw with brute-forces a bit. :)
ssh-keygen -t rsa -N "" -b 4095 -f ~/.ssh/id_rsaGenerating public/private rsa key pair.
Created directory '/root/.ssh'.
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
1a:cf:8b:69:5e:9b:92:c2:51:0d:49:7f:ce:98:0f:40 root@an-c05n01.alteeve.ca
The key's randomart image is:
+--[ RSA 4095]----+
|     .E.         |
|     .o.         |
|      .o. .      |
|      ...*       |
|     .. S o      |
|    .  = o       |
|   . ...+ .      |
|    o ++ +       |
|     ++.+        |
+-----------------+This will create two files: the private key called ~/.ssh/id_rsa and the public key called ~/.ssh/id_rsa.pub. The private must never be group or world readable! That is, it should be set to mode 0600.
If you look closely when you created the ssh key, the node's fingerprint is show (1a:cf:8b:69:5e:9b:92:c2:51:0d:49:7f:ce:98:0f:40 for an-c05n01 above). Make a note of the fingerprint for each machine, and then compare it to the one presented to you when you ssh to a machine for the first time. If you are presented with a fingerprint that doesn't match, you could be facing a "man in the middle" attack.
To look up a fingerprint in the future, you can run the following;
ssh-keygen -l -f ~/.ssh/id_rsa4095 1a:cf:8b:69:5e:9b:92:c2:51:0d:49:7f:ce:98:0f:40 /root/.ssh/id_rsa.pub (RSA)The two newly generated files should look like;
Private key:
cat ~/.ssh/id_rsa-----BEGIN RSA PRIVATE KEY-----
MIIJIwIBAAKCAgBk3o54tw1f0BJ0UOp/OWpLa5VaKDIKKmwe7Um6kcmDVBO8Itbg
7FxXHxX6Xi/CqoqjPEwvpjSgBVSGF5IkSAcAdyKEmqJ0pM3A4Hg+g1JehQLx3k2v
DPfIcTvsIGEkS63XZiOs6t1sPubgjKw9encpYHq4s2Z26Ux/w85FbIMCR3oNroG2
scU4OJnICosoibsEXheaDzUl8fIpEkIHGVK4iOy2Y2CoxEKw5bE1yBv0KlRKrN9i
jFvoq2eAUG+NtjOxaG9DK3IgITQVd1PDgoBqEvEJK/kdfckGQu47cKGJS8bzgWLD
vXprg9OsXBu/MZSVK1AjvL3pfZEOT/k1B6gWu2ww7hGWVZj2IXnFcRv4TMs+DXg2
xZm7pWTkPLNxFzqtAZH60jXZmbPAFNDNS7M3Qs6oBCFlvUL00vFNu3uoM2NARG0V
bvLT0zb8dhQDpV2KoGsKUFGsDo773rH7AtBBPEzODgxjTk7rH+0Rt38JLN8T5XeO
RUitX9MS5abjis6DZ5agm8Swd3cpAK7g5yeKdxmUA774i+BlkkH1VdsdBT9RImvc
/OfVly208jpNRisCQgP4FTlEFG9YOeQ416euJ6xX5oP+I6z9f0rMzQEprh0WgT5r
/oIKfjwF3v109rquUZLxrLYb8qkomwWnxPD4VL7GPUU0hzgr+h+xRWI0nQIBIwKC
AgBfGvtb38rIDVM6eC2N5a1dDaoTLTZ+nQbbVMHby0j4KrOFf+8r14pDg7Wi6xcW
oMvbvIJYz+h5nqAmqIJ5+sTF7KuEV0i3HwsjkdB1dIDcxo2/edQ3VV6nC62G3LNc
vGIUO7s8ou4G+XqZNC1eiWkJwV3EFtzzxgZMlAugiuHsNMOJPiKHru0mYUCJaQbd
FCVb46/aZhwrF1IJd51XJoExpav8bFPSUqVHs/7a79/XlZ/uov6BfQYzJURUaRi4
0Fyf9MCtC7S/NT+8d9KiZRn9nNSiP2c5EDKQ4AUwuqbvKjCccq2T+8syK9Y0y9+l
o8abRhhcNZ0d+gxslIvhiuBOtTTV7Fy6zYyhSkAOzF33kl+jDDm2nNvxjxFU3Lo1
qSP7n2yedz5QKOvwykmwN/uzn5FWSmKc5GdL/t+yu94zf0eR9pDhkg0u9dXFkim0
Hq8RsW1vH4aD0BBMiBn34EbnaQaotX7lAUxfTjG0iZ9z8T48NIqPf/66evqUk3bx
VoFS79GkW8yWrXQX6B3oUAtm10aeP9Htz+AQIPdatO9pREIzE6UbEnc2kSrzFcJh
4hmarrQgJq7qzFjgRLBgjiOsdEo5SGLTFh17UIh5k/deeTxLsGSFuBbpz5+jr4tt
0s4wcmamTR8ruURGh+4i/Px6F9QsechnIMKGNthWVxhEawKCAQEA2kCH/FL/A7Ib
fCt0PFvCKWeF1V+PhdzEdkIRvS3OusWP9Z+py6agh3kAFWjOZT16WgYPeftMKYaE
3Wiixfx+99ta0eQiKqozYgB3pg5UWdxsXv30jrTyRuhhEBId2lGV6/eHgGYs48s1
oCCrljsVmWd+p4uSAplIBewCv7YPsxl3DZJTV6DFRD9mnuqjrqozSM+UsoMPRTPZ
7AyaDxeb63LiWTq6T/gLHptmu8K0SLvDkzA5LeBWKUNFcMHpWODpzjPj5J4Mtulr
R8oLtEy/2ZyWi7n8JuOt+swTsZDN0Qzcpzw9MU1RWs0sqGvTO91bMjc+FYew7wuZ
CEZxX4VxSQKCAQB2ULaKc4Oersq7Z3fQXIynLNT8lZ/AKQaAH/SdLL7IGKWRZ9eA
VOQNnZnThnKMDbDS8GPOpjzfjPDP8L7Y6NOVgc6ETGEdvoXomZv+sqpwx3BWszNK
18FfV0HhLv0MFHAPfMIqPqhhYUDnDAt/yWFViujIIrllmXjH9JGZDdPgzsupPToZ
FKC5UAYeAZwpaX2AROrfACscn99kNsTE7F8HtMQ//iT+M0rHVTzhVBnm1/e3eY1J
9L6WUbCPzBeiNFNC+y9+0nZk0tkgJk+qUPYdnaQL44TtlZMT1iWKg3C6dgrjbbaG
tFZmwh2/hf0Aovycpn/Fm2PKwxved64FnDy1AoIBABK1Evhe4qiLm/SzRHozwC9v
RfxYpebnCYZ6sRA3IFkm4HQjoNbxBnIDDqK/1y0/yKihbwp0oCDRBBL6VxhI167Y
SZz2TBJJGljbd/hKXwBjWb7/0yIsxE84fVkmH9Dia++ngKSbCyl30WV/JKZ6F8tS
A4q0MRYqZUJWDt07fbBEAuPn+IPalJDSO/7+K0l8TYnl6CyO5A0+9WwBFITzZSLP
VTrZJemY6wKfmxdoddpZPKY3VVu0JKRzevsJToP2BWlyKXn+6yWe+pEf8l/pUkXa
OMol4mm7vnSVJkJrf1sPuyRG/e5IdLAC9TMB7YjJ1J3nelmd6pglkMYx7HXm3dMC
ggEAUSFnOl3WmLJfIWuFW60tP28y9lf4g8RcOpmRytzal9Zi510mDtsgCVYgVogU
CEPm9ws9H/z2iqnJsyi9YYm1qFkCo9yaXYn1bEwTMk6gwlzfUWTv+M51+DvVZzYp
3GXJLzD6K5it+aHGGsZuSP8eLAd7DOScYuzlG2XgLm/hvrmwOYkR5U/5Lp1GBfJ5
tf8xfIcHdFfjDFBeqx49yNyY71dh//66R+ioTivR+ZjBTdXrsQLkinvwZxNxwbCF
PAaffmMZQQVYf6aGQe5ig2q3ZMPeNAm6PIPSkUJi4qNF/DOvseTU7qeLtC1WOi/9
8c7ZGvXT9TdaXya0BkNwA9jZKwKCAQBUDqjJ7Q/nlxLifyOInW1RbwbUFzh7mdfC
w6362II2gIz0JRg7HQHMwfbY5t+ELi9Rsdn90wlPQ08cK42goKW46Nt30g+AoQ/N
0maLzbrn5BffAtI7XM0a4i3dZ/yjS0/NW39km0YnTe49W6CBBf91fChIfm+jvYna
ihA9x/SgyuBUvQ1bCrMzMM024TxhCkvvKI2MDmJNJHOeqovYFAXiHFGPmftunu1K
oDRUPb6j5gTBhxAV1ZPHKCee7EIFwi/jJ/31oMLEJp5RnAdrW+FitPjQ7hcoRStm
VZAoapBJb37xa1kq/7hHYf2bPVdrcO8AeStpjEh6GbtYmy2pWlFy
-----END RSA PRIVATE KEY-----|  | Note: This is line-wrapped to make it easier to read. Real keys should be a single line. | 
Public key (single line, but wrapped here to make it more readable):
cat ~/.ssh/id_rsa.pubssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgBKYiBxI06RGiar5rt121+tO1crpa9MwL+K5qtlx0IrL7QUDxi+hvdXg3sTS6+R/mnLDE8eS
ulgRX4fHweNbM96wnl2N9mOnODLJftWPbPUHFpTc/0bDRcXq4rB+V+NvXG1i74W1si8Fp/R5wnPmF7yo/ZjN2zXLhwesOVY3Cnmur+O19
80O4lT7Zl5Q0mALNkriouhD+FzQZnMky8X2MM4dmnYqctCI54jbgD0vN09uUu8KyGycV9BFW7ScfGBEvow4/+8YW+my4bG0SBjJki7eOK
W3fvr58cybXO+UBqLFO7yMe5jf0fClyz6MFn+PRPR37QQy4GIC+4MCaYaiCx2P/K+K/ZxH621Q8nBE9TdNCw6iVqlt5Si3x2UzxOlrYLZ
nvB1BfzY92Rd/RNP5bz17PapaOMLjkx6iIAEDbp2lL5vzGp+1S30SX956sX/4CYWVTg+MAwok9mUcyj60VU+ldlPDuN7UYUi8Wmoa6Jsu
ozstUNBCsUcKzt5FEBy4vOwOMtyu3cD4rQrn3eGXfZ1a4QpLnR2H9y7EnM4nfGdQ/OVjMecAtHUxx3FDltHgiSkQDEF9R4s3z6NLZ2mda
TU9A5zm+1rMW1ZLhGkfna/h2KV9o8ZNx79WyKMheajL4lgi495D7c6fF4GBgX7u7qrdZyCj2cXgrgT4nGwM2Z81Q== root@an-c05n01.alteeve.caNow do the same thing on an-c05n02 to generate it's key.
ssh-keygen -t rsa -N "" -b 4095 -f ~/.ssh/id_rsaGenerating public/private rsa key pair.
Created directory '/root/.ssh'.
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
68:71:fb:87:88:e3:c2:89:49:ad:d0:55:7d:1c:05:b6 root@an-c05n02.alteeve.ca
The key's randomart image is:
+--[ RSA 4095]----+
|       . .++.    |
|      . ..o.     |
|     .. ..E      |
|    .  + .       |
| . o  o S        |
|. o .. . o .     |
| o = .o . o .    |
|  + +. .   .     |
|     ..          |
+-----------------+Populate known_hosts
Normally, the first time you try to ssh into a computer, you will be asked to verify that the fingerprint reported by the target server is valid. We just created our nodes, so we can trust that we're connecting to the actual target machine we think we are.
Seeing as we're comfortable with this, we can use a nifty program called ssh-keyscan to read the fingerprint of the target machine and copy the resulting key to the ~/.ssh/known_hosts file. We'll need to do this for all variations of the host names for each node. This alone means that we need to add ten fingerprints, five for the five names of each node.
This is somewhat tedious, so we'll do this once on an-c05n01 and then copy the populated ~/.ssh/known_hosts file over to an-c05n02 later.
If you recall from the /etc/hosts section, we've got five possible host names per node. We'll call all of them now.
ssh-keyscan an-c05n01.alteeve.ca >> ~/.ssh/known_hosts# an-c05n01.alteeve.ca SSH-2.0-OpenSSH_5.3If you are not familiar with bash redirections, the >> ~/.ssh/known_hosts file tells the OS, "Take the returned text that would have been printed to screen and instead append it to ~/.ssh/known_hosts". In our case, known_hosts didn't exist yet, so it was created.
Now we'll repeat this, once for each host name for either node.
ssh-keyscan an-c05n01 >> ~/.ssh/known_hosts# an-c05n01 SSH-2.0-OpenSSH_5.3ssh-keyscan an-c05n01.bcn >> ~/.ssh/known_hosts# an-c05n01.bcn SSH-2.0-OpenSSH_5.3ssh-keyscan an-c05n01.sn >> ~/.ssh/known_hosts# an-c05n01.sn SSH-2.0-OpenSSH_5.3ssh-keyscan an-c05n01.ifn >> ~/.ssh/known_hosts# an-c05n01.ifn SSH-2.0-OpenSSH_5.3That's all the host names for an-c05n01. Now we'll repeat the steps for an-c05n02.
ssh-keyscan an-c05n02.alteeve.ca >> ~/.ssh/known_hosts# an-c05n02.alteeve.ca SSH-2.0-OpenSSH_5.3ssh-keyscan an-c05n02 >> ~/.ssh/known_hosts# an-c05n02 SSH-2.0-OpenSSH_5.3ssh-keyscan an-c05n02.bcn >> ~/.ssh/known_hosts# an-c05n02.bcn SSH-2.0-OpenSSH_5.3ssh-keyscan an-c05n02.sn >> ~/.ssh/known_hosts# an-c05n02.sn SSH-2.0-OpenSSH_5.3ssh-keyscan an-c05n02.ifn >> ~/.ssh/known_hosts# an-c05n02.ifn SSH-2.0-OpenSSH_5.3Done!
Now we won't get asked to verify the target machine's RSA fingerprint when we try to connect later. More importantly, if the fingerprint ever changes, it will generate a very noisy alert telling us that something nasty, like a fake target having replaced our peer, might have happened.
The last step is to copy this known_hosts file over to an-c05n02, saving us the hassle of running all those commands a second time.
rsync -av ~/.ssh/known_hosts root@an-c05n02:/root/.ssh/Warning: Permanently added the RSA host key for IP address '10.20.50.2' to the list of known hosts.Don't worry about that warning, it's a one time thing. Enter the password for the root user on an-c05n02 to continue.
root@an-c05n02's password:sending incremental file list
known_hosts
sent 4817 bytes  received 31 bytes  1077.33 bytes/sec
total size is 4738  speedup is 0.98Done!
Copy Public Keys to Enable SSH Without a Password
|  | Note: This only disabled the need for passwords when connecting from one node's root use to the other node's root user. It does not remove the need for passwords from any other machines or users! | 
In order to enable password-less login, we need to create a file called ~/.ssh/authorized_keys and put both nodes' public key in it. We will create the authorized_keys on an-c05n01 and then copy it over to an-c05n02.
First, we'll copy the local id_rsa.pub file. This will create the authorized_keys file and add the local public RSA in one step.
On an-c05n01
cp ~/.ssh/id_rsa.pub ~/.ssh/authorized_keysNow we'll use ssh to print the contents of an-c05n02's public key to screen, but redirect the key to the new authorized_keys file.
ssh root@an-c05n02 "cat /root/.ssh/id_rsa.pub" >> ~/.ssh/authorized_keysEnter the password for the root user on an-c05n02.
root@an-c05n02's password:Done. Now we can verify that both keys have been added to the authorized_keys file.
cat ~/.ssh/authorized_keysI'm truncating the output below to make it more readable.
ssh-rsa <key snipped> root@an-c05n01.alteeve.ca
ssh-rsa <key snipped> root@an-c05n02.alteeve.caExcellent! Now we can copy this to an-c05n02 and, with luck, enter the password one last time.
rsync -av ~/.ssh/authorized_keys root@an-c05n02:/root/.ssh/root@an-c05n02's password:sending incremental file list
authorized_keys
sent 1577 bytes  received 31 bytes  643.20 bytes/sec
total size is 1494  speedup is 0.93Last step is to test connecting from an-c05n01 to an-c05n02. We should not get any prompt at all.
ssh root@an-c05n02Last login: Tue Oct 29 14:02:19 2013 from ...cable.user.start.ca
[root@an-c05n02 ~]#Very nice! Just type exit to return to an-c05n01.
exitlogout
Connection to an-c05n02 closed.
[root@an-c05n01 ~]#You should not be able to use ssh from either node to connect to the other node using any of the host names we set! Note that the physical network you use for the connection will depend on the host name you use. When you used an-c05n02 above, you connect using the BCN. Had you instead used an-c05n02.sn, we would have connected over the SN.
Configuring The Cluster Foundation
We need to configure the cluster in two stages. This is because we have something of a chicken-and-egg problem.
- We need clustered storage for our virtual machines.
- Our clustered storage needs the cluster for fencing.
Conveniently, clustering has two logical parts;
- Cluster communication and membership.
- Cluster resource management.
The first, communication and membership, covers which nodes are part of the cluster and it is responsible for ejecting faulty nodes from the cluster, among other tasks. This is managed by cman. The second part, resource management, is provided by a second tool called rgmanager. It's this second part that we will set aside for later. In short though, it makes sure clustered services, storage and the virtual servers, are always running whenever possible.
Keeping Time In Sync
|  | Note: This section is only relevant to networks that block access to external time sources, called "NTP servers". | 
It is very important that time on both nodes be kept in sync. The way to do this is to setup [[[NTP]], the network time protocol.
Earlier on, we setup ntpd to start on boot. For most people, that is enough and you can skip to the next section.
However, some particularly restrictive networks will block access to external time servers. If you're on one of these networks, ask your admin (if you don't know already) what name or IP to use as a time source. Once you have this, you can enter the following command to add it to the name server configuration. We'll use the example time source ntp.example.ca.
First, add the timeserver to the NTP configuration file by appending the following lines to the end of it.
echo server tntp.example.ca$'\n'restrict ntp.example.ca mask 255.255.255.255 nomodify notrap noquery >> /etc/ntp.confRestart the ntpd daemon and your nodes should shortly update their times.
/etc/init.d/ntpd restartShutting down ntpd:                                        [  OK  ]
Starting ntpd:                                             [  OK  ]Use the date command on both nodes to ensure the times match. If they don't, give it a few minutes. The ntpd daemon sync every few minutes.
Alternate Configuration Methods
In Red Hat Cluster Services, the heart of the cluster is found in the /etc/cluster/cluster.conf XML configuration file.
There are three main ways of editing this file. Two are already well documented, so I won't bother discussing them, beyond introducing them. The third way is by directly hand-crafting the cluster.conf file. We've found that directly editing configuration files is the best way to learn clustering at a deep level. For this reason, it is the method we'll use here.
The two graphical tools are:
- system-config-cluster, older GUI tool run directly from one of the cluster nodes.
- Conga, comprised of the ricci node-side client and the luci web-based server (can be run on machines outside the cluster).
After you've gotten comfortable with HA clustering, you may want to go back and play with these tools. They can certainly be time-savers.
The First cluster.conf Foundation Configuration
The very first stage of building the cluster is to create a configuration file that is as minimal as possible. We're going to do this on an-c05n01 and, when we're done, copy it over to an-c05n02.
Name the Cluster and Set The Configuration Version
The cluster tag is the parent tag for the entire cluster configuration file.
vim /etc/cluster/cluster.conf<?xml version="1.0"?>
<cluster name="an-cluster-05" config_version="1">
</cluster>The cluster element has two attributes that we need to set;
- name=""
- config_version=""
The name="" attribute defines the name of the cluster. It must be unique amongst the clusters on your network. It should be descriptive, but you will not want to make it too long, either. You will see this name in the various cluster tools and you will enter in, for example, when creating a GFS2 partition later on. This tutorial uses the cluster name an-cluster-05.
The config_version="" attribute is an integer indicating the version of the configuration file. Whenever you make a change to the cluster.conf file, you will need to increment. If you don't increment this number, then the cluster tools will not know that the file needs to be reloaded. As this is the first version of this configuration file, it will start with 1. Note that this tutorial will increment the version after every change, regardless of whether it is explicitly pushed out to the other nodes and reloaded. The reason is to help get into the habit of always increasing this value.
Configuring cman Options
We are setting up a special kind of cluster, called a 2-Node cluster.
This is a special case because traditional quorum will not be useful. With only two nodes, each having a vote of 1, the total votes is 2. Quorum needs 50% + 1, which means that a single node failure would shut down the cluster, as the remaining node's vote is 50% exactly. That kind of defeats the purpose to having a cluster at all.
So to account for this special case, there is a special attribute called two_node="1". This tells the cluster manager to continue operating with only one vote. This option requires that the expected_votes="" attribute be set to 1. Normally, expected_votes is set automatically to the total sum of the defined cluster nodes' votes (which itself is a default of 1). This is the other half of the "trick", as a single node's vote of 1 now always provides quorum (that is, 1 meets the 50% + 1 requirement).
In short; this disables quorum.
<?xml version="1.0"?>
<cluster name="an-cluster-05" config_version="2">
	<cman expected_votes="1" two_node="1" />
</cluster>Take note of the self-closing <... /> tag. This is an XML syntax that tells the parser not to look for any child or a closing tags.
Defining Cluster Nodes
This example is a little artificial, please don't load it into your cluster as we will need to add a few child tags, but one thing at a time.
This introduces two tags, the later a child tag of the former;
- clusternodes
- clusternode
 
The first is the parent clusternodes tag, which takes no attributes of its own. Its sole purpose is to contain the clusternode child tags, of which there will be one per node.
<?xml version="1.0"?>
<cluster name="an-cluster-05" config_version="3">
	<cman expected_votes="1" two_node="1" />
	<clusternodes>
		<clusternode name="an-c05n01.alteeve.ca" nodeid="1" />
		<clusternode name="an-c05n02.alteeve.ca" nodeid="2" />
	</clusternodes>
</cluster>The clusternode tag defines each cluster node. There are many attributes available, but we will look at just the two required ones.
The first is the name="" attribute. The value should match the fully qualified domain name, which you can check by running uname -n on each node. This isn't strictly required, mind you, but for simplicity's sake, this is the name we will use.
The cluster decides which network to use for cluster communication by resolving the name="..." value. It will take the returned IP address and try to match it to one of the IPs on the system. Once it finds a match, that becomes the network the cluster will use. In our case, an-c05n01.alteeve.ca resolves to 10.20.50.1, which is used by bond0.
We can use syslinux with a little bash magic to verify which interface is going to be used for the cluster communication;
ifconfig |grep -B 1 $(gethostip -d $(uname -n)) | grep HWaddr | awk '{ print $1 }'bond0Exactly what we wanted!
Please see the clusternode's name attribute document for details on how name to interface mapping is resolved.
The second attribute is nodeid="". This must be a unique integer amongst the <clusternode ...> elements in the cluster. It is what the cluster itself uses to identify the node.
Defining Fence Devices
Fencing devices are used to forcible eject a node from a cluster if it stops responding. Said another way, fence devices put a node into a known state.
There are many, many devices out there that can be used for fencing. We're going to be using two specific devices;
- IPMI to press and hold the node's power button until the server powers down.
- Switched PDUs to cut the power feeding the node, if the IPMI device fails or can not be contacted.
In the end, any device that can power off or isolate a lost node will do fine for fencing. The setup we will be using here uses very common components and it provides full redundancy, ensuring the ability to fence regardless of what might fail.
In this tutorial, our nodes support IPMI, which we will use as the primary fence device. We also have an APC brand switched PDU which will act as a backup fence device.
|  | Note: Not all brands of switched PDUs are supported as fence devices. Before you purchase a fence device, confirm that it is supported. | 
All fence devices are contained within the parent fencedevices tag, which has no attributes of its own. Within this parent tag are one or more fencedevice child tags.
<?xml version="1.0"?>
<cluster name="an-cluster-05" config_version="4">
	<cman expected_votes="1" two_node="1" />
	<clusternodes>
		<clusternode name="an-c05n01.alteeve.ca" nodeid="1" />
		<clusternode name="an-c05n02.alteeve.ca" nodeid="2" />
	</clusternodes>
	<fencedevices>
		<fencedevice name="ipmi_n01" agent="fence_ipmilan" ipaddr="an-c05n01.ipmi" login="admin" passwd="secret" />
		<fencedevice name="ipmi_n02" agent="fence_ipmilan" ipaddr="an-c05n02.ipmi" login="admin" passwd="secret" />
		<fencedevice agent="fence_apc_snmp" ipaddr="an-p01.alteeve.ca" name="pdu1" />
		<fencedevice agent="fence_apc_snmp" ipaddr="an-p02.alteeve.ca" name="pdu2" />
	</fencedevices>
</cluster>In our cluster, each fence device used will have its own fencedevice tag. If you are using IPMI, this means you will have a fencedevice entry for each node, as each physical IPMI BMC is a unique fence device.
Our nodes have two power supplies each. Each power supply is plugged into a different switched PDU, which in turn in plugged into a dedicated UPS. So we have two physical PDUs, requiring two more <fencedevice... /> entries.
All fencedevice tags share two basic attributes; name="" and agent="".
- The name attribute must be unique among all the fence devices in your cluster. As we will see in the next step, this name will be used within the <clusternode...> tag.
- The agent tag tells the cluster which fence agent to use when the fenced daemon needs to communicate with the physical fence device. A fence agent is simple a shell script that acts as a go-between layer between the fenced daemon and the fence hardware. This agent takes the arguments from the daemon, like what port to act on and what action to take, and performs the requested action against the target node. The agent is responsible for ensuring that the execution succeeded and returning an appropriate success or failure exit code.
For those curious, the full details are described in the FenceAgentAPI. If you have two or more of the same fence device, like IPMI, then you will use the same fence agent value a corresponding number of times.
Beyond these two attributes, each fence agent will have its own subset of attributes. The scope of which is outside this tutorial, though we will see examples for IPMI and a switched PDU. All fence agents have a corresponding man page that will show you what attributes it accepts and how they are used. The two fence agents we will see here have their attributes defines in the following man pages.
- man fence_ipmilan - IPMI fence agent.
- man fence_apc_snmp - APC-brand switched PDU using SNMP.
The example above is what this tutorial will use.
Using the Fence Devices
Now we have nodes and fence devices defined, we will go back and tie them together. This is done by:
- Defining a fence tag containing all fence methods and devices.
Here is how we implement IPMI as the primary fence device with the dual APC switched PDUs as the backup method.
<?xml version="1.0"?>
<cluster name="an-cluster-05" config_version="5">
	<cman expected_votes="1" two_node="1" />
	<clusternodes>
		<clusternode name="an-c05n01.alteeve.ca" nodeid="1">
			<fence>
				<method name="ipmi">
					<device name="ipmi_n01" action="reboot" delay="15" />
				</method>
				<method name="pdu">
					<device name="pdu1" port="1" action="reboot" />
					<device name="pdu2" port="1" action="reboot" />
				</method>
			</fence>
		</clusternode>
		<clusternode name="an-c05n02.alteeve.ca" nodeid="2">
			<fence>
				<method name="ipmi">
					<device name="ipmi_n02" action="reboot" />
				</method>
				<method name="pdu">
					<device name="pdu1" port="2" action="reboot" />
					<device name="pdu2" port="2" action="reboot" />
				</method>
			</fence>
		</clusternode>
	</clusternodes>
	<fencedevices>
		<fencedevice name="ipmi_n01" agent="fence_ipmilan" ipaddr="an-c05n01.ipmi" login="admin" passwd="secret" />
		<fencedevice name="ipmi_n02" agent="fence_ipmilan" ipaddr="an-c05n02.ipmi" login="admin" passwd="secret" />
		<fencedevice agent="fence_apc_snmp" ipaddr="an-p01.alteeve.ca" name="pdu1" />
		<fencedevice agent="fence_apc_snmp" ipaddr="an-p02.alteeve.ca" name="pdu2" />
	</fencedevices>
</cluster>First, notice that the fence tag has no attributes. It's merely a parent for the method(s) child elements.
|  | Warning: This next few paragraphs are very important! Please read it carefully! | 
The second thing you will notice is that one method, an-c05n01's ipmi method has a device with an extra argument. The delay="15" is needed because this is a 2-node cluster so quorum is not available. What this means is that, if the network breaks and both nodes are alive, both nodes will try to fence the other at nearly the same time. IPMI devices, being unique per node, can conceivable mean both nodes initiate a power down before either dies. This condition is called a "dual-fence" and leaves your cluster entirely powered down.
There are two ways of dealing with this. The first is to make sure that acpid is turned off. When the power button is pressed when acpid is running, the system will begin a graceful shutdown. The IPMI BMC will continue to hold down the power button and after four seconds, the node should power off. However, this is four seconds where the fence daemon can initiate a fence against the peer. By disabling the acpid daemon, the system will nearly instantly power off when the power button is pressed, drastically reducing the time between a node's power button being pressed and when the node actually shuts off.
The second way to deal with this is to give one of the nodes a head start. That is what the delay="15" does. When an-c05n01 goes to fence an-c05b02, it will not see a delay and it will initiate the fence action immediately. Meanwhile, an-c05n02 will gather up the information on fencing an-c05n02, see the 15 second delay and wait. After 15 seconds, it will proceed with the fence action as it normally would.
The idea here is that an-c05n01 will have a 15 second head start in fencing it's peer. These configuration changes should help ensure that one node always survives a fence call.
Back to the main fence config!
There are two method elements per node, one for each fence device, named ipmi and pdu. These names are merely descriptive and can be whatever you feel is most appropriate.
Within each method element is one or more device tags. For a given method to succeed, all defined device elements must themselves succeed. This is very useful for grouping calls to separate PDUs when dealing with nodes having redundant power supplies, as we have here.
The actual fence device configuration is the final piece of the puzzle. It is here that you specify per-node configuration options and link these attributes to a given fencedevice. Here, we see the link to the fencedevice via the name, ipmi_n01 in this example.
Note that the PDU definitions needs a port="" attribute where the IPMI fence devices do not. These are the sorts of differences you will find, varying depending on how the fence device agent works. IPMI devices only work on their host, so when you ask an IPMI device to "reboot", it's obvious what the target is. With devices like PDUs, SAN switches and other multi-port devices, this is not the case. Our PDUs have eight ports each, so we need to tell the fence agent which ports we want acted on. In our case, an-c05n01's power supplies are plugged into port #1 on both PDUs. For an-c05n02, they're plugged into each PDU's port #2.
When a fence call is needed, the fence devices will be called in the order they are found here. If both devices fail, the cluster will go back to the start and try again, looping indefinitely until one device succeeds.
Let's step through an example fence call to help show how the per-cluster and fence device attributes are combined during a fence call.
- The cluster manager decides that a node needs to be fenced. Let's say that the victim is an-c05n02.
- The first method in the fence section under an-c05n02 is consulted. Within it there are two method entries, named ipmi and pdu. The IPMI method's device has one attribute while the PDU's device has two attributes;
- port; only found in the PDU method, this tells the cluster that an-c05n02 is connected to switched PDU's outlet number 2.
- action; Found on both devices, this tells the cluster that the fence action to take is reboot. How this action is actually interpreted depends on the fence device in use, though the name certainly implies that the node will be forced off and then restarted.
 
- The cluster searches in fencedevices for a fencedevice matching the name ipmi_n02. This fence device has four attributes;
- agent; This tells the cluster to call the fence_ipmilan fence agent script, as we discussed earlier.
- ipaddr; This tells the fence agent where on the network to find this particular IPMI BMC. This is how multiple fence devices of the same type can be used in the cluster.
- login; This is the login user name to use when authenticating against the fence device.
- passwd; This is the password to supply along with the login name when authenticating against the fence device.
 
- Should the IPMI fence call fail for some reason, the cluster will move on to the second pdu method, repeating the steps above but using the PDU values.
When the cluster calls the fence agent, it does so by initially calling the fence agent script with no arguments.
/usr/sbin/fence_ipmilanThen it will pass to that agent the following arguments:
ipaddr=an-c05n02.ipmi
login=admin
passwd=secret
action=rebootAs you can see then, the first three arguments are from the fencedevice attributes and the last one is from the device attributes under an-c05n02's clusternode's fence tag.
If this method fails, then the PDU will be called in a very similar way, but with an extra argument from the device attributes.
/usr/sbin/fence_apc_snmpThen it will pass to that agent the following arguments:
ipaddr=an-p02.alteeve.ca
port=2
action=rebootShould this fail, the cluster will go back and try the IPMI interface again. It will loop through the fence device methods forever until one of the methods succeeds. Below are snippets from other clusters using different fence device configurations which might help you build your cluster.
Give Nodes More Time To Start and Avoiding "Fence Loops"
Clusters with more than three nodes will have to gain quorum before they can fence other nodes. As we discussed earlier though, this is not the case when using the two_node="1" attribute in the cman element. What this means in practice is that if you start the cluster on one node and then wait too long to start the cluster on the second node, the first will fence the second.
The logic behind this is; When the cluster starts, it will try to talk to its fellow node and then fail. With the special two_node="1" attribute set, the cluster knows that it is allowed to start clustered services, but it has no way to say for sure what state the other node is in. It could well be online and hosting services for all it knows. So it has to proceed on the assumption that the other node is alive and using shared resources. Given that, and given that it can not talk to the other node, its only safe option is to fence the other node. Only then can it be confident that it is safe to start providing clustered services.
<?xml version="1.0"?>
<cluster name="an-cluster-05" config_version="6">
	<cman expected_votes="1" two_node="1" />
	<clusternodes>
		<clusternode name="an-c05n01.alteeve.ca" nodeid="1">
			<fence>
				<method name="ipmi">
					<device name="ipmi_n01" action="reboot" delay="15" />
				</method>
				<method name="pdu">
					<device name="pdu1" port="1" action="reboot" />
					<device name="pdu2" port="1" action="reboot" />
				</method>
			</fence>
		</clusternode>
		<clusternode name="an-c05n02.alteeve.ca" nodeid="2">
			<fence>
				<method name="ipmi">
					<device name="ipmi_n02" action="reboot" />
				</method>
				<method name="pdu">
					<device name="pdu1" port="2" action="reboot" />
					<device name="pdu2" port="2" action="reboot" />
				</method>
			</fence>
		</clusternode>
	</clusternodes>
	<fencedevices>
		<fencedevice name="ipmi_n01" agent="fence_ipmilan" ipaddr="an-c05n01.ipmi" login="admin" passwd="secret" />
		<fencedevice name="ipmi_n02" agent="fence_ipmilan" ipaddr="an-c05n02.ipmi" login="admin" passwd="secret" />
		<fencedevice agent="fence_apc_snmp" ipaddr="an-p01.alteeve.ca" name="pdu1" />
		<fencedevice agent="fence_apc_snmp" ipaddr="an-p02.alteeve.ca" name="pdu2" />
	</fencedevices>
	<fence_daemon post_join_delay="30" />
</cluster>The new tag is fence_daemon, seen near the bottom if the file above. The change is made using the post_join_delay="30" attribute. By default, the cluster will declare the other node dead after just 6 seconds. The reason is that the larger this value, the slower the start-up of the cluster services will be. During testing and development though, I find this value to be far too short and frequently led to unnecessary fencing. Once your cluster is setup and working, it's not a bad idea to reduce this value to the lowest value with which you are comfortable.
Configuring Totem
There are many attributes for the totem element. For now though, we're only going to set two of them. We know that cluster communication will be travelling over our private, secured BCN network, so for the sake of simplicity, we're going to disable encryption. We are also offering network redundancy using the bonding drivers, so we're also going to disable totem's redundant ring protocol.
<?xml version="1.0"?>
<cluster name="an-cluster-05" config_version="7">
	<cman expected_votes="1" two_node="1" />
	<clusternodes>
		<clusternode name="an-c05n01.alteeve.ca" nodeid="1">
			<fence>
				<method name="ipmi">
					<device name="ipmi_n01" action="reboot" delay="15" />
				</method>
				<method name="pdu">
					<device name="pdu1" port="1" action="reboot" />
					<device name="pdu2" port="1" action="reboot" />
				</method>
			</fence>
		</clusternode>
		<clusternode name="an-c05n02.alteeve.ca" nodeid="2">
			<fence>
				<method name="ipmi">
					<device name="ipmi_n02" action="reboot" />
				</method>
				<method name="pdu">
					<device name="pdu1" port="2" action="reboot" />
					<device name="pdu2" port="2" action="reboot" />
				</method>
			</fence>
		</clusternode>
	</clusternodes>
	<fencedevices>
		<fencedevice name="ipmi_n01" agent="fence_ipmilan" ipaddr="an-c05n01.ipmi" login="admin" passwd="secret" />
		<fencedevice name="ipmi_n02" agent="fence_ipmilan" ipaddr="an-c05n02.ipmi" login="admin" passwd="secret" />
		<fencedevice agent="fence_apc_snmp" ipaddr="an-p01.alteeve.ca" name="pdu1" />
		<fencedevice agent="fence_apc_snmp" ipaddr="an-p02.alteeve.ca" name="pdu2" />
	</fencedevices>
	<fence_daemon post_join_delay="30" />
	<totem rrp_mode="none" secauth="off"/>
</cluster>Corosync uses a concept called "token rings" for cluster communication. This is not to be confused with the old token ring network protocol, but the basic concept is the same. A token is passed from node to node, around and around the ring. A node can't send new messages or acknowledge old messages except when it has the token. By default, corosync uses a single "ring". This means that, without network-level fault-tolerance, this ring becomes a single point of failure.
We've got bonded network connections backing our cluster communications, so we inherently have fault-tolerance built in to our network.
For some though, bonded interfaces is not feasible, so starting in RHEL 6.3, "Redundant Ring Protocol" was made available as a supported option. This allows you to setup a second network to use as a backup in case the primary ring fails. We don't need this, so we set rrp_mode="none". If you want to use it, you can now though, but it's outside the scope of this tutorial.
If you wish to explore it further, please take a look at the clusternode element tag called <altname...>. When altname is used though, then the rrp_mode attribute will need to be changed to either active or passive (the details of which are outside the scope of this tutorial).
The second option we're looking at here is the secauth="off" attribute. This controls whether the cluster communications are encrypted or not. We can safely disable this because we're working on a known-private network, which yields two benefits; It's simpler to setup and it's a lot faster. If you must encrypt the cluster communications, then you can do so here. The details of which are also outside the scope of this tutorial though.
Validating and Pushing the /etc/cluster/cluster.conf File
One of the most noticeable changes in RHCS cluster stable 3 is that we no longer have to make a long, cryptic xmllint call to validate our cluster configuration. Now we can simply call ccs_config_validate.
ccs_config_validateConfiguration validatesIf there was a problem, you need to go back and fix it. DO NOT proceed until your configuration validates. Once it does, we're ready to move on!
With it validated, we need to push it to the other node. As the cluster is not running yet, we will push it out using rsync.
rsync -av /etc/cluster/cluster.conf root@an-c05n02:/etc/cluster/sending incremental file list
cluster.conf
sent 1393 bytes  received 43 bytes  2872.00 bytes/sec
total size is 1313  speedup is 0.91This is the first and only time that we'll need to push the configuration file over manually.
Setting Up ricci
Once the cluster is running, we can take advantage of the ricci and modclusterd daemons to push all future updates out automatically. This is why we enabled these two daemons to start on boot earlier on.
This requires setting a password for each node's ricci user first. Setting the password is exactly the same as setting the password on any other system user.
On both nodes, run:
passwd ricciChanging password for user ricci.
New password: 
Retype new password: 
passwd: all authentication tokens updated successfully.Later, when we make the next change to the cluster.conf file, we'll push the changes out using the cman_tool program. The first time this is used on each node, you will need to enter the local and the peer's ricci password. Once entered though, we'll not need to enter the password again.
|  | Note: The dashboard we will install later expects the ricci password to be the same on both nodes. If you plan to use the dashboard, be sure to set the same password and then make note of it for later! | 
Starting the Cluster for the First Time
It's a good idea to open a second terminal on either node and tail the /var/log/messages syslog file. All cluster messages will be recorded here and it will help to debug problems if you can watch the logs. To do this, in the new terminal windows run;
clear; tail -f -n 0 /var/log/messagesThis will clear the screen and start watching for new lines to be written to syslog. When you are done watching syslog, press the <ctrl> + c key combination.
How you lay out your terminal windows is, obviously, up to your own preferences. Below is a configuration I have found very useful.

With the terminals setup, lets start the cluster!
|  | Warning: If you don't start cman on both nodes within 30 seconds, the slower node will be fenced. | 
On both nodes, run:
/etc/init.d/cman startStarting cluster: 
   Checking if cluster has been disabled at boot...        [  OK  ]
   Checking Network Manager...                             [  OK  ]
   Global setup...                                         [  OK  ]
   Loading kernel modules...                               [  OK  ]
   Mounting configfs...                                    [  OK  ]
   Starting cman...                                        [  OK  ]
   Waiting for quorum...                                   [  OK  ]
   Starting fenced...                                      [  OK  ]
   Starting dlm_controld...                                [  OK  ]
   Tuning DLM kernel config...                             [  OK  ]
   Starting gfs_controld...                                [  OK  ]
   Unfencing self...                                       [  OK  ]
   Joining fence domain...                                 [  OK  ]Here is what you should see in syslog (this taken from an-c05n01):
Oct 30 10:46:07 an-c05n01 kernel: DLM (built Sep 14 2013 05:33:35) installed
Oct 30 10:46:07 an-c05n01 corosync[2845]:   [MAIN  ] Corosync Cluster Engine ('1.4.1'): started and ready to provide service.
Oct 30 10:46:07 an-c05n01 corosync[2845]:   [MAIN  ] Corosync built-in features: nss dbus rdma snmp
Oct 30 10:46:07 an-c05n01 corosync[2845]:   [MAIN  ] Successfully read config from /etc/cluster/cluster.conf
Oct 30 10:46:07 an-c05n01 corosync[2845]:   [MAIN  ] Successfully parsed cman config
Oct 30 10:46:07 an-c05n01 corosync[2845]:   [TOTEM ] Initializing transport (UDP/IP Multicast).
Oct 30 10:46:07 an-c05n01 corosync[2845]:   [TOTEM ] Initializing transmit/receive security: libtomcrypt SOBER128/SHA1HMAC (mode 0).
Oct 30 10:46:07 an-c05n01 corosync[2845]:   [TOTEM ] The network interface [10.20.50.1] is now up.
Oct 30 10:46:08 an-c05n01 corosync[2845]:   [QUORUM] Using quorum provider quorum_cman
Oct 30 10:46:08 an-c05n01 corosync[2845]:   [SERV  ] Service engine loaded: corosync cluster quorum service v0.1
Oct 30 10:46:08 an-c05n01 corosync[2845]:   [CMAN  ] CMAN 3.0.12.1 (built Aug 29 2013 07:27:01) started
Oct 30 10:46:08 an-c05n01 corosync[2845]:   [SERV  ] Service engine loaded: corosync CMAN membership service 2.90
Oct 30 10:46:08 an-c05n01 corosync[2845]:   [SERV  ] Service engine loaded: openais checkpoint service B.01.01
Oct 30 10:46:08 an-c05n01 corosync[2845]:   [SERV  ] Service engine loaded: corosync extended virtual synchrony service
Oct 30 10:46:08 an-c05n01 corosync[2845]:   [SERV  ] Service engine loaded: corosync configuration service
Oct 30 10:46:08 an-c05n01 corosync[2845]:   [SERV  ] Service engine loaded: corosync cluster closed process group service v1.01
Oct 30 10:46:08 an-c05n01 corosync[2845]:   [SERV  ] Service engine loaded: corosync cluster config database access v1.01
Oct 30 10:46:08 an-c05n01 corosync[2845]:   [SERV  ] Service engine loaded: corosync profile loading service
Oct 30 10:46:08 an-c05n01 corosync[2845]:   [QUORUM] Using quorum provider quorum_cman
Oct 30 10:46:08 an-c05n01 corosync[2845]:   [SERV  ] Service engine loaded: corosync cluster quorum service v0.1
Oct 30 10:46:08 an-c05n01 corosync[2845]:   [MAIN  ] Compatibility mode set to whitetank.  Using V1 and V2 of the synchronization engine.
Oct 30 10:46:08 an-c05n01 corosync[2845]:   [TOTEM ] A processor joined or left the membership and a new membership was formed.
Oct 30 10:46:08 an-c05n01 corosync[2845]:   [CMAN  ] quorum regained, resuming activity
Oct 30 10:46:08 an-c05n01 corosync[2845]:   [QUORUM] This node is within the primary component and will provide service.
Oct 30 10:46:08 an-c05n01 corosync[2845]:   [QUORUM] Members[1]: 1
Oct 30 10:46:08 an-c05n01 corosync[2845]:   [QUORUM] Members[1]: 1
Oct 30 10:46:08 an-c05n01 corosync[2845]:   [CPG   ] chosen downlist: sender r(0) ip(10.20.50.1) ; members(old:0 left:0)
Oct 30 10:46:08 an-c05n01 corosync[2845]:   [MAIN  ] Completed service synchronization, ready to provide service.
Oct 30 10:46:08 an-c05n01 corosync[2845]:   [TOTEM ] A processor joined or left the membership and a new membership was formed.
Oct 30 10:46:08 an-c05n01 corosync[2845]:   [QUORUM] Members[2]: 1 2
Oct 30 10:46:08 an-c05n01 corosync[2845]:   [QUORUM] Members[2]: 1 2
Oct 30 10:46:08 an-c05n01 corosync[2845]:   [CPG   ] chosen downlist: sender r(0) ip(10.20.50.1) ; members(old:1 left:0)
Oct 30 10:46:08 an-c05n01 corosync[2845]:   [MAIN  ] Completed service synchronization, ready to provide service.
Oct 30 10:46:12 an-c05n01 fenced[2902]: fenced 3.0.12.1 started
Oct 30 10:46:12 an-c05n01 dlm_controld[2927]: dlm_controld 3.0.12.1 started
Oct 30 10:46:13 an-c05n01 gfs_controld[2977]: gfs_controld 3.0.12.1 startedNow to confirm that the cluster is operating properly, we can use cman_tool.
cman_tool statusVersion: 6.2.0
Config Version: 7
Cluster Name: an-cluster-05
Cluster Id: 42881
Cluster Member: Yes
Cluster Generation: 20
Membership state: Cluster-Member
Nodes: 2
Expected votes: 1
Total votes: 2
Node votes: 1
Quorum: 1  
Active subsystems: 7
Flags: 2node 
Ports Bound: 0  
Node name: an-c05n01.alteeve.ca
Node ID: 1
Multicast addresses: 239.192.167.41 
Node addresses: 10.20.50.1We can see that the both nodes are talking because of the Nodes: 2 entry.
If you ever want to see the nitty-gritty configuration, you can run corosync-objctl.
corosync-objctlcluster.name=an-cluster-05
cluster.config_version=7
cluster.cman.expected_votes=1
cluster.cman.two_node=1
cluster.cman.nodename=an-c05n01.alteeve.ca
cluster.cman.cluster_id=42881
cluster.clusternodes.clusternode.name=an-c05n01.alteeve.ca
cluster.clusternodes.clusternode.nodeid=1
cluster.clusternodes.clusternode.fence.method.name=ipmi
cluster.clusternodes.clusternode.fence.method.device.name=ipmi_n01
cluster.clusternodes.clusternode.fence.method.device.action=reboot
cluster.clusternodes.clusternode.fence.method.device.delay=15
cluster.clusternodes.clusternode.fence.method.name=pdu
cluster.clusternodes.clusternode.fence.method.device.name=pdu1
cluster.clusternodes.clusternode.fence.method.device.port=1
cluster.clusternodes.clusternode.fence.method.device.action=reboot
cluster.clusternodes.clusternode.fence.method.device.name=pdu2
cluster.clusternodes.clusternode.fence.method.device.port=1
cluster.clusternodes.clusternode.fence.method.device.action=reboot
cluster.clusternodes.clusternode.name=an-c05n02.alteeve.ca
cluster.clusternodes.clusternode.nodeid=2
cluster.clusternodes.clusternode.fence.method.name=ipmi
cluster.clusternodes.clusternode.fence.method.device.name=ipmi_n02
cluster.clusternodes.clusternode.fence.method.device.action=reboot
cluster.clusternodes.clusternode.fence.method.name=pdu
cluster.clusternodes.clusternode.fence.method.device.name=pdu1
cluster.clusternodes.clusternode.fence.method.device.port=2
cluster.clusternodes.clusternode.fence.method.device.action=reboot
cluster.clusternodes.clusternode.fence.method.device.name=pdu2
cluster.clusternodes.clusternode.fence.method.device.port=2
cluster.clusternodes.clusternode.fence.method.device.action=reboot
cluster.fencedevices.fencedevice.name=ipmi_n01
cluster.fencedevices.fencedevice.agent=fence_ipmilan
cluster.fencedevices.fencedevice.ipaddr=an-c05n01.ipmi
cluster.fencedevices.fencedevice.login=admin
cluster.fencedevices.fencedevice.passwd=secret
cluster.fencedevices.fencedevice.name=ipmi_n02
cluster.fencedevices.fencedevice.agent=fence_ipmilan
cluster.fencedevices.fencedevice.ipaddr=an-c05n02.ipmi
cluster.fencedevices.fencedevice.login=admin
cluster.fencedevices.fencedevice.passwd=secret
cluster.fencedevices.fencedevice.agent=fence_apc_snmp
cluster.fencedevices.fencedevice.ipaddr=an-p01.alteeve.ca
cluster.fencedevices.fencedevice.name=pdu1
cluster.fencedevices.fencedevice.agent=fence_apc_snmp
cluster.fencedevices.fencedevice.ipaddr=an-p02.alteeve.ca
cluster.fencedevices.fencedevice.name=pdu2
cluster.fence_daemon.post_join_delay=30
cluster.totem.rrp_mode=none
cluster.totem.secauth=off
totem.rrp_mode=none
totem.secauth=off
totem.transport=udp
totem.version=2
totem.nodeid=1
totem.vsftype=none
totem.token=10000
totem.join=60
totem.fail_recv_const=2500
totem.consensus=2000
totem.key=an-cluster-05
totem.interface.ringnumber=0
totem.interface.bindnetaddr=10.20.50.1
totem.interface.mcastaddr=239.192.167.41
totem.interface.mcastport=5405
libccs.next_handle=7
libccs.connection.ccs_handle=3
libccs.connection.config_version=7
libccs.connection.fullxpath=0
libccs.connection.ccs_handle=4
libccs.connection.config_version=7
libccs.connection.fullxpath=0
libccs.connection.ccs_handle=5
libccs.connection.config_version=7
libccs.connection.fullxpath=0
logging.timestamp=on
logging.to_logfile=yes
logging.logfile=/var/log/cluster/corosync.log
logging.logfile_priority=info
logging.to_syslog=yes
logging.syslog_facility=local4
logging.syslog_priority=info
aisexec.user=ais
aisexec.group=ais
service.name=corosync_quorum
service.ver=0
service.name=corosync_cman
service.ver=0
quorum.provider=quorum_cman
service.name=openais_ckpt
service.ver=0
runtime.services.quorum.service_id=12
runtime.services.cman.service_id=9
runtime.services.ckpt.service_id=3
runtime.services.ckpt.0.tx=0
runtime.services.ckpt.0.rx=0
runtime.services.ckpt.1.tx=0
runtime.services.ckpt.1.rx=0
runtime.services.ckpt.2.tx=0
runtime.services.ckpt.2.rx=0
runtime.services.ckpt.3.tx=0
runtime.services.ckpt.3.rx=0
runtime.services.ckpt.4.tx=0
runtime.services.ckpt.4.rx=0
runtime.services.ckpt.5.tx=0
runtime.services.ckpt.5.rx=0
runtime.services.ckpt.6.tx=0
runtime.services.ckpt.6.rx=0
runtime.services.ckpt.7.tx=0
runtime.services.ckpt.7.rx=0
runtime.services.ckpt.8.tx=0
runtime.services.ckpt.8.rx=0
runtime.services.ckpt.9.tx=0
runtime.services.ckpt.9.rx=0
runtime.services.ckpt.10.tx=0
runtime.services.ckpt.10.rx=0
runtime.services.ckpt.11.tx=2
runtime.services.ckpt.11.rx=3
runtime.services.ckpt.12.tx=0
runtime.services.ckpt.12.rx=0
runtime.services.ckpt.13.tx=0
runtime.services.ckpt.13.rx=0
runtime.services.evs.service_id=0
runtime.services.evs.0.tx=0
runtime.services.evs.0.rx=0
runtime.services.cfg.service_id=7
runtime.services.cfg.0.tx=0
runtime.services.cfg.0.rx=0
runtime.services.cfg.1.tx=0
runtime.services.cfg.1.rx=0
runtime.services.cfg.2.tx=0
runtime.services.cfg.2.rx=0
runtime.services.cfg.3.tx=0
runtime.services.cfg.3.rx=0
runtime.services.cpg.service_id=8
runtime.services.cpg.0.tx=4
runtime.services.cpg.0.rx=8
runtime.services.cpg.1.tx=0
runtime.services.cpg.1.rx=0
runtime.services.cpg.2.tx=0
runtime.services.cpg.2.rx=0
runtime.services.cpg.3.tx=16
runtime.services.cpg.3.rx=23
runtime.services.cpg.4.tx=0
runtime.services.cpg.4.rx=0
runtime.services.cpg.5.tx=2
runtime.services.cpg.5.rx=3
runtime.services.confdb.service_id=11
runtime.services.pload.service_id=13
runtime.services.pload.0.tx=0
runtime.services.pload.0.rx=0
runtime.services.pload.1.tx=0
runtime.services.pload.1.rx=0
runtime.services.quorum.service_id=12
runtime.connections.active=6
runtime.connections.closed=111
runtime.connections.fenced:CPG:2902:21.service_id=8
runtime.connections.fenced:CPG:2902:21.client_pid=2902
runtime.connections.fenced:CPG:2902:21.responses=5
runtime.connections.fenced:CPG:2902:21.dispatched=9
runtime.connections.fenced:CPG:2902:21.requests=5
runtime.connections.fenced:CPG:2902:21.sem_retry_count=0
runtime.connections.fenced:CPG:2902:21.send_retry_count=0
runtime.connections.fenced:CPG:2902:21.recv_retry_count=0
runtime.connections.fenced:CPG:2902:21.flow_control=0
runtime.connections.fenced:CPG:2902:21.flow_control_count=0
runtime.connections.fenced:CPG:2902:21.queue_size=0
runtime.connections.fenced:CPG:2902:21.invalid_request=0
runtime.connections.fenced:CPG:2902:21.overload=0
runtime.connections.dlm_controld:CPG:2927:24.service_id=8
runtime.connections.dlm_controld:CPG:2927:24.client_pid=2927
runtime.connections.dlm_controld:CPG:2927:24.responses=5
runtime.connections.dlm_controld:CPG:2927:24.dispatched=8
runtime.connections.dlm_controld:CPG:2927:24.requests=5
runtime.connections.dlm_controld:CPG:2927:24.sem_retry_count=0
runtime.connections.dlm_controld:CPG:2927:24.send_retry_count=0
runtime.connections.dlm_controld:CPG:2927:24.recv_retry_count=0
runtime.connections.dlm_controld:CPG:2927:24.flow_control=0
runtime.connections.dlm_controld:CPG:2927:24.flow_control_count=0
runtime.connections.dlm_controld:CPG:2927:24.queue_size=0
runtime.connections.dlm_controld:CPG:2927:24.invalid_request=0
runtime.connections.dlm_controld:CPG:2927:24.overload=0
runtime.connections.dlm_controld:CKPT:2927:25.service_id=3
runtime.connections.dlm_controld:CKPT:2927:25.client_pid=2927
runtime.connections.dlm_controld:CKPT:2927:25.responses=0
runtime.connections.dlm_controld:CKPT:2927:25.dispatched=0
runtime.connections.dlm_controld:CKPT:2927:25.requests=0
runtime.connections.dlm_controld:CKPT:2927:25.sem_retry_count=0
runtime.connections.dlm_controld:CKPT:2927:25.send_retry_count=0
runtime.connections.dlm_controld:CKPT:2927:25.recv_retry_count=0
runtime.connections.dlm_controld:CKPT:2927:25.flow_control=0
runtime.connections.dlm_controld:CKPT:2927:25.flow_control_count=0
runtime.connections.dlm_controld:CKPT:2927:25.queue_size=0
runtime.connections.dlm_controld:CKPT:2927:25.invalid_request=0
runtime.connections.dlm_controld:CKPT:2927:25.overload=0
runtime.connections.gfs_controld:CPG:2977:28.service_id=8
runtime.connections.gfs_controld:CPG:2977:28.client_pid=2977
runtime.connections.gfs_controld:CPG:2977:28.responses=5
runtime.connections.gfs_controld:CPG:2977:28.dispatched=8
runtime.connections.gfs_controld:CPG:2977:28.requests=5
runtime.connections.gfs_controld:CPG:2977:28.sem_retry_count=0
runtime.connections.gfs_controld:CPG:2977:28.send_retry_count=0
runtime.connections.gfs_controld:CPG:2977:28.recv_retry_count=0
runtime.connections.gfs_controld:CPG:2977:28.flow_control=0
runtime.connections.gfs_controld:CPG:2977:28.flow_control_count=0
runtime.connections.gfs_controld:CPG:2977:28.queue_size=0
runtime.connections.gfs_controld:CPG:2977:28.invalid_request=0
runtime.connections.gfs_controld:CPG:2977:28.overload=0
runtime.connections.fenced:CPG:2902:29.service_id=8
runtime.connections.fenced:CPG:2902:29.client_pid=2902
runtime.connections.fenced:CPG:2902:29.responses=5
runtime.connections.fenced:CPG:2902:29.dispatched=8
runtime.connections.fenced:CPG:2902:29.requests=5
runtime.connections.fenced:CPG:2902:29.sem_retry_count=0
runtime.connections.fenced:CPG:2902:29.send_retry_count=0
runtime.connections.fenced:CPG:2902:29.recv_retry_count=0
runtime.connections.fenced:CPG:2902:29.flow_control=0
runtime.connections.fenced:CPG:2902:29.flow_control_count=0
runtime.connections.fenced:CPG:2902:29.queue_size=0
runtime.connections.fenced:CPG:2902:29.invalid_request=0
runtime.connections.fenced:CPG:2902:29.overload=0
runtime.connections.corosync-objctl:CONFDB:3083:30.service_id=11
runtime.connections.corosync-objctl:CONFDB:3083:30.client_pid=3083
runtime.connections.corosync-objctl:CONFDB:3083:30.responses=463
runtime.connections.corosync-objctl:CONFDB:3083:30.dispatched=0
runtime.connections.corosync-objctl:CONFDB:3083:30.requests=466
runtime.connections.corosync-objctl:CONFDB:3083:30.sem_retry_count=0
runtime.connections.corosync-objctl:CONFDB:3083:30.send_retry_count=0
runtime.connections.corosync-objctl:CONFDB:3083:30.recv_retry_count=0
runtime.connections.corosync-objctl:CONFDB:3083:30.flow_control=0
runtime.connections.corosync-objctl:CONFDB:3083:30.flow_control_count=0
runtime.connections.corosync-objctl:CONFDB:3083:30.queue_size=0
runtime.connections.corosync-objctl:CONFDB:3083:30.invalid_request=0
runtime.connections.corosync-objctl:CONFDB:3083:30.overload=0
runtime.totem.pg.msg_reserved=1
runtime.totem.pg.msg_queue_avail=761
runtime.totem.pg.mrp.srp.orf_token_tx=2
runtime.totem.pg.mrp.srp.orf_token_rx=437
runtime.totem.pg.mrp.srp.memb_merge_detect_tx=47
runtime.totem.pg.mrp.srp.memb_merge_detect_rx=47
runtime.totem.pg.mrp.srp.memb_join_tx=3
runtime.totem.pg.mrp.srp.memb_join_rx=5
runtime.totem.pg.mrp.srp.mcast_tx=46
runtime.totem.pg.mrp.srp.mcast_retx=0
runtime.totem.pg.mrp.srp.mcast_rx=57
runtime.totem.pg.mrp.srp.memb_commit_token_tx=4
runtime.totem.pg.mrp.srp.memb_commit_token_rx=4
runtime.totem.pg.mrp.srp.token_hold_cancel_tx=4
runtime.totem.pg.mrp.srp.token_hold_cancel_rx=8
runtime.totem.pg.mrp.srp.operational_entered=2
runtime.totem.pg.mrp.srp.operational_token_lost=0
runtime.totem.pg.mrp.srp.gather_entered=2
runtime.totem.pg.mrp.srp.gather_token_lost=0
runtime.totem.pg.mrp.srp.commit_entered=2
runtime.totem.pg.mrp.srp.commit_token_lost=0
runtime.totem.pg.mrp.srp.recovery_entered=2
runtime.totem.pg.mrp.srp.recovery_token_lost=0
runtime.totem.pg.mrp.srp.consensus_timeouts=0
runtime.totem.pg.mrp.srp.mtt_rx_token=835
runtime.totem.pg.mrp.srp.avg_token_workload=0
runtime.totem.pg.mrp.srp.avg_backlog_calc=0
runtime.totem.pg.mrp.srp.rx_msg_dropped=0
runtime.totem.pg.mrp.srp.continuous_gather=0
runtime.totem.pg.mrp.srp.continuous_sendmsg_failures=0
runtime.totem.pg.mrp.srp.firewall_enabled_or_nic_failure=0
runtime.totem.pg.mrp.srp.members.1.ip=r(0) ip(10.20.50.1) 
runtime.totem.pg.mrp.srp.members.1.join_count=1
runtime.totem.pg.mrp.srp.members.1.status=joined
runtime.totem.pg.mrp.srp.members.2.ip=r(0) ip(10.20.50.2) 
runtime.totem.pg.mrp.srp.members.2.join_count=1
runtime.totem.pg.mrp.srp.members.2.status=joined
runtime.blackbox.dump_flight_data=no
runtime.blackbox.dump_state=no
cman_private.COROSYNC_DEFAULT_CONFIG_IFACE=xmlconfig:cmanpreconfigIf you want to check what DLM lockspaces, you can use dlm_tool ls to list lock spaces. Given that we're not running and resources or clustered filesystems though, there won't be any at this time. We'll look at this again later.
Testing Fencing
We need to thoroughly test our fence configuration and devices before we proceed. Should the cluster call a fence, and if the fence call fails, the cluster will hang until the fence finally succeeds. This effectively hangs the cluster, by design. The rationale is that, as bad as a hung cluster might be, it's better than risking data corruption.
So if we have problems, we need to find them now.
We need to run two tests from each node against the other node for a total of four tests.
- The first test will verify that fence_ipmilan is working. To do this, we will hang the victim node by sending c to the kernel's "magic SysRq" key. We do this by running echo c > /proc/sysrq-trigger which immediately and completely hangs the kernel. This does not effect the IPMI BMC, so if we've configured everything properly, the surviving node should be able to use fence_ipmilan to reboot the crashed node.
- Secondly, we will pull the power on the target node. This removes all power from the node, causing the IPMI BMC to also fail. You should see the other node try to fence the target using fence_ipmilan, see it fail and then try again using the second method, the switched PDUs via fence_apc_snmp. If you watch and listen to the PDUs, you should see the power indicator LED light up and hear the mechanical relays close the circuit when the fence completes.
For the second test, you could just physically unplug the cables from the PDUs. We're going to cheat though and use the actual fence_apc_snmp fence handler to manually turn off the target ports. This will help show that the fence agents are really just shell scripts. Used on their own, they do not talk to the cluster in any way. So despite using them to cut the power, the cluster will not know what state the lost node is in, requiring a fence call still.
| Test | Victim | Pass? | 
|---|---|---|
| echo c > /proc/sysrq-trigger | an-c05n01 | Yes / No | 
| fence_apc_snmp -a an-p01.alteeve.ca -n 1 -o off fence_apc_snmp -a an-p02.alteeve.ca -n 1 -o off | an-c05n01 | Yes / No | 
| echo c > /proc/sysrq-trigger | an-c05n02 | Yes / No | 
| fence_apc_snmp -a an-p01.alteeve.ca -n 2 -o off fence_apc_snmp -a an-p02.alteeve.ca -n 2 -o off | an-c05n02 | Yes / No | 
|  | Note: After the target node powers back up after each test, be sure to restart cman! | 
Using fence_check To Verify Our Fencing Config
In RHEL 6.4, a new tool called fence_check was added to the cluster toolbox. When cman is running, we can call it and it will gather up the data from cluster.conf and then call each defined fence device with the action "status". If everything is configured properly, all fence devices should exit with a return code of 0 (device/port is on) or 2 (device/port is off).
If any fence device's agent exits with any other code, something has gone wrong and we need to fix it before proceeding.
We're going to run this tool from both node. So let's start with an-c05n01.
fence_checkfence_check run at Wed Oct 30 10:56:07 EDT 2013 pid: 3236
Testing an-c05n01.alteeve.ca method 1: success
Testing an-c05n01.alteeve.ca method 2: success
Testing an-c05n02.alteeve.ca method 1: success
Testing an-c05n02.alteeve.ca method 2: successThat is very promising! Now lets run it again on an-c05n02. We want to do this because, for example, if the /etc/hosts file on the second node was bad, a fence may work on the first node but not this node.
fence_checkfence_check run at Wed Oct 30 10:57:27 EDT 2013 pid: 28127
Unable to perform fence_check: node is not fence masterWell then, that's not what we expected.
Actually, it is. When a cluster starts, one of the nodes in the cluster will be chosen to be the node which performs actual fence calls. This node (the one with the lowest node ID) is the only one that, by default, can run fence_check.
If we look at fence_check's man page, we see that we can use the -f switch to override this behaviour, but there is an important note:
man fence_check       -f     Override checks and force execution. DO NOT USE ON PRODUCTION CLUSTERS!The reason for this is that, while fence_check is running, should a node fail, it will not be able to fence until the fence_check finishes. In production, this can cause recovery post-failure to take a bit longer than it otherwise would.
Good thing we're testing now, before the cluster is in production!
So lets try again, this time forcing the issue.
fence_check -ffence_check run at Wed Oct 30 11:02:35 EDT 2013 pid: 28222
Testing an-c05n01.alteeve.ca method 1: success
Testing an-c05n01.alteeve.ca method 2: success
Testing an-c05n02.alteeve.ca method 1: success
Testing an-c05n02.alteeve.ca method 2: successVery nice.
Crashing an-c05n01
|  | Warning: This step will totally crash an-c05n01! If fencing fails for some reason, you may need physical access to the node to recover it. | 
Be sure to tail the /var/log/messages system logs on an-c05n02. Go to an-c05n01's first terminal and run the following command.
On an-c05n01 run:
echo c > /proc/sysrq-triggerOn an-c05n02's syslog terminal, you should see the following entries in the log.
Oct 30 11:05:46 an-c05n02 corosync[27783]:   [TOTEM ] A processor failed, forming new configuration.
Oct 30 11:05:48 an-c05n02 corosync[27783]:   [QUORUM] Members[1]: 2
Oct 30 11:05:48 an-c05n02 corosync[27783]:   [TOTEM ] A processor joined or left the membership and a new membership was formed.
Oct 30 11:05:48 an-c05n02 corosync[27783]:   [CPG   ] chosen downlist: sender r(0) ip(10.20.50.2) ; members(old:2 left:1)
Oct 30 11:05:48 an-c05n02 corosync[27783]:   [MAIN  ] Completed service synchronization, ready to provide service.
Oct 30 11:05:48 an-c05n02 kernel: dlm: closing connection to node 1
Oct 30 11:05:48 an-c05n02 fenced[27840]: fencing node an-c05n01.alteeve.ca
Oct 30 11:06:21 an-c05n02 fenced[27840]: fence an-c05n01.alteeve.ca successExcellent! The IPMI-based fencing worked!
But why did it take 33 seconds?
The current fence_ipmilan version works this way for reboot actions;
- Check status
- Call ipmitool ... chassis power off
- Checks status again until the status shows off
- Call ipmitool ... chassis power on
- Checks the status again
If you tried doing these steps directly, you would find that it takes roughly 18 seconds to run. Add this to the delay="15" we set against an-c05n01 when using the IPMI fence device and you have the 33 seconds we see here.
If you are watching an-c05n01's display, you should now see it starting to boot back up.
Cutting the Power to an-c05n01
|  | Note: Remember to start cman once the node boots back up before running this test. | 
As was discussed earlier, IPMI and other out-of-band management interfaces have a fatal flaw as a fence device. Their BMC draws its power from the same power supply as the node itself. Thus, when the power supply itself fails (for example, if an internal wire shorted against the chassis), fencing via IPMI will fail as well. This makes the power supply a single point of failure, which is what the PDU protects us against.
In case you're wondering how likely failing a redundant PSU is...
|  |  |  | 
- Thanks to my very talented fellow admin, Lisa Seelye, for this object lesson.
So to simulate a failed power supply, we're going to use an-c05n02's fence_apc_snmp fence agent to turn off the power to an-c05n01. Given that the node has two power supplies, one plugged in to each PDU, we'll need to make two calls to cut the power.
Alternatively, you could also just unplug the power cables from the PDUs and the fence would still succeed. Once fence_apc_snmp confirms that the requested ports have no power, the fence action succeeds. Whether the nodes restart after the fence is not at all a factor.
From an-c05n02, pull the power on an-c05n01 with the following two chained calls;
fence_apc_snmp -a an-p01.alteeve.ca -n 1 -o off && fence_apc_snmp -a an-p02.alteeve.ca -n 1 -o offSuccess: Powered OFF
Success: Powered OFF|  | Warning: Verify directly that an-c05n01 lost power! If the power cables are in the wrong port, an-c05n01 will still be powered on, despite the success message! | 
Back on an-c05n02's syslog, we should see the following entries;
Oct 30 13:31:49 an-c05n02 corosync[27783]:   [TOTEM ] A processor failed, forming new configuration.
Oct 30 13:31:51 an-c05n02 corosync[27783]:   [QUORUM] Members[1]: 2
Oct 30 13:31:51 an-c05n02 corosync[27783]:   [TOTEM ] A processor joined or left the membership and a new membership was formed.
Oct 30 13:31:51 an-c05n02 corosync[27783]:   [CPG   ] chosen downlist: sender r(0) ip(10.20.50.2) ; members(old:2 left:1)
Oct 30 13:31:51 an-c05n02 corosync[27783]:   [MAIN  ] Completed service synchronization, ready to provide service.
Oct 30 13:31:51 an-c05n02 kernel: dlm: closing connection to node 1
Oct 30 13:31:51 an-c05n02 fenced[27840]: fencing node an-c05n01.alteeve.ca
Oct 30 13:32:26 an-c05n02 fenced[27840]: fence an-c05n01.alteeve.ca dev 0.0 agent fence_ipmilan result: error from agent
Oct 30 13:32:26 an-c05n02 fenced[27840]: fence an-c05n01.alteeve.ca successHoozah!
Notice that there is an error from the fence_ipmilan? This is exactly what we expected because of the IPMI's BMC lost power and couldn't respond. You will also notice the large delay, despite there not being a delay="15" set for the PDU fence devices for an-c05n01. This was from the initial delay when trying to fence using IPMI. This is why we don't need to specify delay on the PDUs as well.
So now we know that an-c05n01 can be fenced successfully from both fence devices. Now we need to run the same tests against an-c05n02!
Hanging an-c05n02
|  | Note: Remember to start cman once the node boots back up before running this test. | 
Be sure to be tailing the /var/log/messages on an-c05n02. Go to an-c05n01's first terminal and run the following command.
|  | Note: This command will not return and you will lose all ability to talk to this node until it is rebooted. | 
On an-c05n02 run:
echo c > /proc/sysrq-triggerOn an-c05n01's syslog terminal, you should see the following entries in the log.
Oct 30 13:40:29 an-c05n01 corosync[2800]:   [TOTEM ] A processor failed, forming new configuration.
Oct 30 13:40:31 an-c05n01 corosync[2800]:   [QUORUM] Members[1]: 1
Oct 30 13:40:31 an-c05n01 corosync[2800]:   [TOTEM ] A processor joined or left the membership and a new membership was formed.
Oct 30 13:40:31 an-c05n01 corosync[2800]:   [CPG   ] chosen downlist: sender r(0) ip(10.20.50.1) ; members(old:2 left:1)
Oct 30 13:40:31 an-c05n01 corosync[2800]:   [MAIN  ] Completed service synchronization, ready to provide service.
Oct 30 13:40:31 an-c05n01 kernel: dlm: closing connection to node 2
Oct 30 13:40:31 an-c05n01 fenced[2857]: fencing node an-c05n02.alteeve.ca
Oct 30 13:40:48 an-c05n01 fenced[2857]: fence an-c05n02.alteeve.ca successAgain, perfect!
Notice this time that the fence action took 17 seconds, much less that it took to fence an-c01n01. This is because, as you probably guessed, there is no delay set against an-c05n02. So when an-c05n01 went to fence it, it proceeded immediately. This tells us that if both nodes try to fence each other at the same time, an-c05n01 should be left the winner.
Cutting the Power to an-c05n02
|  | Note: Remember to start cman once the node boots back up before running this test. | 
Last fence test! Time to yank the power on an-c05n02 and make sure it's power fencing works.
From an-c05n01, pull the power on an-c05n02 with the following call;
fence_apc_snmp -a an-p01.alteeve.ca -n 2 -o off && fence_apc_snmp -a an-p02.alteeve.ca -n 2 -o offSuccess: Powered OFF
Success: Powered OFF|  | Warning: Verify directly that an-c05n02 lost power! If the power cables are in the wrong port, an-c05n02 will still be powered on, despite the success message! | 
Back on an-c05n01's syslog, we should see the following entries;
Oct 30 13:44:41 an-c05n01 corosync[2800]:   [TOTEM ] A processor failed, forming new configuration.
Oct 30 13:44:43 an-c05n01 corosync[2800]:   [QUORUM] Members[1]: 1
Oct 30 13:44:43 an-c05n01 corosync[2800]:   [TOTEM ] A processor joined or left the membership and a new membership was formed.
Oct 30 13:44:43 an-c05n01 corosync[2800]:   [CPG   ] chosen downlist: sender r(0) ip(10.20.50.1) ; members(old:2 left:1)
Oct 30 13:44:43 an-c05n01 corosync[2800]:   [MAIN  ] Completed service synchronization, ready to provide service.
Oct 30 13:44:43 an-c05n01 kernel: dlm: closing connection to node 2
Oct 30 13:44:43 an-c05n01 fenced[2857]: fencing node an-c05n02.alteeve.ca
Oct 30 13:44:47 an-c05n01 ntpd[2298]: synchronized to 66.96.30.35, stratum 2
Oct 30 13:45:03 an-c05n01 fenced[2857]: fence an-c05n02.alteeve.ca dev 0.0 agent fence_ipmilan result: error from agent
Oct 30 13:45:03 an-c05n01 fenced[2857]: fence an-c05n02.alteeve.ca successWoot!
Only now can we safely say that our fencing is setup and working properly.
Installing DRBD
DRBD is an open-source application for real-time, block-level disk replication created and maintained by Linbit. We will use this to keep the data on our cluster consistent between the two nodes.
To install it, we have three choices;
- Purchase a Red Hat blessed, fully supported copy from Linbit.
- Install from the freely available, community maintained ELRepo repository.
- Install from source files.
We will be using the 8.3.x version of DRBD. This tracts the Red Hat and Linbit supported versions, providing the most tested combination and providing a painless path to move to a fully supported version, should you decide to do so down the road.
Option 1 - Fully Supported by Red Hat and Linbit
Red Hat decided to no longer directly support DRBD in EL6 to narrow down what applications they shipped and focus on improving those components. Given the popularity of DRBD, however, Red Hat struck a deal with Linbit, the authors and maintainers of DRBD. You have the option of purchasing a fully supported version of DRBD that is blessed by Red Hat for use under Red Hat Enterprise Linux 6.
If you are building a fully supported cluster, please contact Linbit to purchase DRBD. Once done, you will get an email with you login information and, most importantly here, the URL hash needed to access the official repositories.
First you will need to add an entry in /etc/yum.repo.d/ for DRBD, but this needs to be hand-crafted as you must specify the URL hash given to you in the email as part of the repo configuration.
- Log into the Linbit portal.
- Click on Account.
- Under Your account details, click on the hash string to the right of URL hash:.
- Click on RHEL 6 (even if you are using CentOS or another EL6 distro.
This will take you to a new page called Instructions for using the DRBD package repository. The details installation instruction are found here.
Lets use the imaginative URL hash of abcdefghijklmnopqrstuvwxyz0123456789ABCD and we're are in fact using x86_64 architecture. Given this, we would create the following repository configuration file.
vim /etc/yum.repos.d/linbit.repo[drbd-8]
name=DRBD 8
baseurl=http://packages.linbit.com/abcdefghijklmnopqrstuvwxyz0123456789ABCD/rhel6/x86_64
gpgcheck=0Once this is saved, you can install DRBD using yum;
yum install drbd kmod-drbdMake sure DRBD doesn't start on boot, as we'll have rgmanager handle it.
chkconfig drbd offDone!
Option 2 - Install From ELRepo
|  | Note: This is the method used for this tutorial. | 
ELRepo is a community-maintained repository of packages for Enterprise Linux; Red Hat Enterprise Linux and its derivatives like CentOS. This is the easiest option for a freely available DRBD package.
The main concern with this option is that you are seceding control of DRBD to a community-controlled project. This is a trusted repo, but there are still undeniable security concerns.
Check for the latest installation RPM and information;
# Install the ELRepo GPG key, add the repo and install DRBD.
rpm --import http://elrepo.org/RPM-GPG-KEY-elrepo.org
rpm -Uvh http://elrepo.org/elrepo-release-6-4.el6.elrepo.noarch.rpmRetrieving http://elrepo.org/elrepo-release-6-4.el6.elrepo.noarch.rpm
error: not an rpm package
Retrieving http://elrepo.org/elrepo-release-6-5.el6.elrepo.noarch.rpm
Preparing...                ########################################### [100%]
   1:elrepo-release         ########################################### [100%]Now we can install the DRBD 8.3 RPMs.
Be warned; the kmod-drbd83 can take some time to install. Please be patient!
yum install drbd83-utils kmod-drbd83Loaded plugins: product-id, rhnplugin, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
This system is receiving updates from RHN Classic or RHN Satellite.
elrepo                                                                            | 2.9 kB     00:00     
elrepo/primary_db                                                                 | 692 kB     00:00     
rhel-x86_64-server-6                                                              | 1.8 kB     00:00     
rhel-x86_64-server-6/primary                                                      |  15 MB     00:14     
rhel-x86_64-server-6                                                                         11066/11066
rhel-x86_64-server-rs-6                                                           | 1.8 kB     00:00     
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package drbd83-utils.x86_64 0:8.3.16-1.el6.elrepo will be installed
---> Package kmod-drbd83.x86_64 0:8.3.16-1.el6.elrepo will be installed
--> Finished Dependency Resolution
Dependencies Resolved
=========================================================================================================
 Package                  Arch               Version                            Repository          Size
=========================================================================================================
Installing:
 drbd83-utils             x86_64             8.3.16-1.el6.elrepo                elrepo             219 k
 kmod-drbd83              x86_64             8.3.16-1.el6.elrepo                elrepo             177 k
Transaction Summary
=========================================================================================================
Install       2 Package(s)
Total download size: 397 k
Installed size: 1.2 MIs this ok [y/N]: yDownloading Packages:
(1/2): drbd83-utils-8.3.16-1.el6.elrepo.x86_64.rpm                                | 219 kB     00:01     
(2/2): kmod-drbd83-8.3.16-1.el6.elrepo.x86_64.rpm                                 | 177 kB     00:00     
---------------------------------------------------------------------------------------------------------
Total                                                                    157 kB/s | 397 kB     00:02     
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Warning: RPMDB altered outside of yum.
  Installing : drbd83-utils-8.3.16-1.el6.elrepo.x86_64                                               1/2 
  Installing : kmod-drbd83-8.3.16-1.el6.elrepo.x86_64                                                2/2 
Working. This may take some time ...
Done.
  Verifying  : drbd83-utils-8.3.16-1.el6.elrepo.x86_64                                               1/2 
  Verifying  : kmod-drbd83-8.3.16-1.el6.elrepo.x86_64                                                2/2 
Installed:
  drbd83-utils.x86_64 0:8.3.16-1.el6.elrepo           kmod-drbd83.x86_64 0:8.3.16-1.el6.elrepo          
Complete!Make sure DRBD doesn't start on boot, as we'll have rgmanager handle it.
chkconfig drbd offDone!
Option 3 - Install From Source
If you do not wish to pay for access to the official DRBD repository and do not feel comfortable adding a public repository, your last option is to install from Linbit's source code. The benefit of this is that you can vet the source before installing it, making it a more secure option. The downside is that you will need to manually install updates and security fixes as they are made available.
On Both nodes run:
# Download, compile and install DRBD
yum install flex gcc make kernel-devel
wget -c http://oss.linbit.com/drbd/8.3/drbd-8.3.16.tar.gz
tar -xvzf drbd-8.3.16.tar.gz
cd drbd-8.3.16
./configure \
   --prefix=/usr \
   --localstatedir=/var \
   --sysconfdir=/etc \
   --with-utils \
   --with-km \
   --with-udev \
   --with-pacemaker \
   --with-rgmanager \
   --with-bashcompletion
make
make install
chkconfig --add drbd
chkconfig drbd offHooking DRBD Into The Cluster's Fencing
|  | Note: In older DRBD 8.3 releases, prior to 8.3.16, we needed to download rhcs_fence from github as the shipped version had a bug. With the release of 8.3.16, this is no longer the case. | 
DRBD is, effectively, a stand-alone application. You can use it on it's own without any other software. For this reason, DRBD has it's own fencing mechanism to avoid split-brains if the DRBD nodes lose contact with each other.
It would be a replication of effort to setup actual fencing devices in DRBD, so instead we will use a "hook" script called rhcs_fence. When DRBD loses contact with it's peer, it will block and then call this script. In turn, this script calls cman and asks it to fence the peer. It then waits for cman to respond with a success or failure.
If the fence succeed, DRBD will resume normal operation, confident that the peer is not doing the same.
If the fence fails, DRBD will continue to block and continue to try and fence the peer indefinitely. Thus, if a fence call fails, DRBD will remain blocked and all disk reads and writes will hang. This is by design as it is better to hang than to risk a split-brain, which can lead to data loss and corruption.
By using this script, if the fence configuration ever changes, you only need to update the configuration in cluster.conf, not also in DRBD as well.
The "Why" of Our Layout - More Safety!
We will be creating two separate DRBD resources. The reason for this is to minimize the chance of data loss in a split-brain event. We've got to fairly great lengths to insure that a split-brain never occurs, but it is still possible. So we want a "last line of defence", just in case.
Consider this scenario;
- You have a two-node cluster running two VMs. One is a mirror for a project and the other is an accounting application. Node 1 hosts the mirror, Node 2 hosts the accounting application.
- A partition occurs and both nodes try to fence the other.
- Network access is lost, so both nodes fall back to fencing using PDUs.
- Both nodes have redundant power supplies, and at some point in time, the power cables on the second PDU got reversed.
- The fence_apc_snmp agent succeeds, because the requested outlets were shut off. However, do to the cabling mistake, neither node actually shut down.
- Both nodes proceed to run independently, thinking they are the only node left.
- During this split-brain, the mirror VM downloads over a gigabyte of updates. Meanwhile, an hour earlier, the accountant updates the books, totalling less than one megabyte of changes.
At this point, you will need to discard the changed on one of the nodes. So now you have to choose;
- Is the node with the most changes more valid?
- Is the node with the most recent changes more valid?
Neither of these are true, as the node with the older data and smallest amount of changed data is the accounting data which is significantly more valuable.
Now imagine that both VMs have equally valuable data. What then? Which side do you discard?
The approach we will use is to create two separate DRBD resources. Then we will assign our servers into two groups;
- VMs normally designed to run on an-c05n01.
- VMs normally designed to run on an-c05n02.
Each of these "pools" of servers will have a dedicate DRBD resource behind it. These pools will be managed by clustered LVM, as that provides a very powerful ability to manage DRBD's raw space.
Now imagine the above scenario, except this time imagine that the servers running on an-c05n01 are on one DRBD resource and the servers running on an-c05n02 are on a different resource. Now we can recover from the split brain safely!
- The DRBD resource hosting an-c05n01's servers can invalidate any changes on an-c05n02.
- The DRBD resource hosting an-c05n02's servers can invalidate any changes on an-c05n01.
This ability to invalidate on both direction allows us to recover without risking data loss, provided all the servers were actually running on the same node at the time of the split-brain event.
To summarize, we're going to create the following three resources;
- We'll create a resource called "r0". This resource will back the VMs designed to primarily run on an-c05n01.
- We'll create a second resource called "r1". This resource will back the VMs designed to primarily run on an-c05n02.
Creating The Partitions For DRBD
It is possible to use LVM on the hosts, and simply create LVs to back our DRBD resources. However, this causes confusion as LVM will see the PV signatures on both the DRBD backing devices and the DRBD device itself. Getting around this requires editing LVM's filter option, which is somewhat complicated and is outside the scope of this tutorial. We're going to use raw partitions and we recommend you do the same.
On our nodes, we created three primary disk partitions;
- /dev/sda1; The /boot partition.
- /dev/sda2; The swap partition.
- /dev/sda3; The root / partition.
We will create a new extended partition. Then within it we will create two new partitions;
- /dev/sda5; a partition big enough to host the VMs that will normally run on an-c05n01 and the /shared clustered file system.
- /dev/sda6; a partition big enough to host the VMs that will normally run on an-c05n02.
Block Alignment
We're going to use a program called parted instead of fdisk. With fdisk, we would have to manually ensure that our partitions fell on 64 KiB boundaries. With parted, we can use the -a opt to tell it to use optimal alignment, saving us a lot of work. This is important for decent performance performance in our servers. This is true for both traditional platter and modern solid-state drives.
For performance reasons, we want to ensure that the file systems created within a VM matches the block alignment of the underlying storage stack, clear down to the base partitions on /dev/sda (or what ever your lowest-level block device is).
For those who are curious though, this is why falling on 64 KiB boundaries are important.
Imagine this misaligned scenario;
Note: Not to scale
                 ________________________________________________________________
VM File system  |~~~~~|_______|_______|_______|_______|_______|_______|_______|__
                |~~~~~|==========================================================
DRBD Partition  |~~~~~|_______|_______|_______|_______|_______|_______|_______|__
64 KiB block    |_______|_______|_______|_______|_______|_______|_______|_______|
512byte sectors |_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|Now, when the guest wants to write one block worth of data, it actually causes two blocks to be written, causing avoidable disk I/O. That effectively doubles the number of IOPS needed, a huge waste of disk resources.
Note: Not to scale
                 ________________________________________________________________
VM File system  |~~~~~~~|_______|_______|_______|_______|_______|_______|_______|
                |~~~~~~~|========================================================
DRBD Partition  |~~~~~~~|_______|_______|_______|_______|_______|_______|_______|
64 KiB block    |_______|_______|_______|_______|_______|_______|_______|_______|
512byte sectors |_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|_|By changing the start cylinder of our partitions to always start on 64 KiB boundaries, we're sure to keep the guest OS's file system in-line with the DRBD backing device's blocks. Thus, all reads and writes in the guest OS effect a matching number of real blocks, maximizing disk I/O efficiency.
|  | Note: You will want to do this with SSD drives, too. It's true that the performance will remain about the same, but SSD drives have a limited number of write cycles, and aligning the blocks will minimize block writes. | 
Special thanks to Pasi Kärkkäinen for his patience in explaining to me the importance of disk alignment. He created two images which I used as templates for the ASCII art images above;
Determining Storage Pool Sizes
Before we can create the DRBD partitions, we first need to know how much space we want to allocate to each node's storage pool.
Before we start though, we need to know how much available storage space we have to play with. Both nodes should have identical storage, but we'll double check now. If they differ, we'll be limited to the size of the smaller one.
| an-c05n01 | an-c05n02 | 
|---|---|
| parted -a opt /dev/sda "print free"Model: LSI RAID 5/6 SAS 6G (scsi)
Disk /dev/sda: 898GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Number  Start   End     Size    Type     File system     Flags
        32.3kB  1049kB  1016kB           Free Space
 1      1049kB  525MB   524MB   primary  ext4            boot
 2      525MB   43.5GB  42.9GB  primary  ext4
 3      43.5GB  47.8GB  4295MB  primary  linux-swap(v1)
        47.8GB  898GB   851GB            Free Space | parted -a opt /dev/sda "print free"Model: LSI RAID 5/6 SAS 6G (scsi)
Disk /dev/sda: 898GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Number  Start   End     Size    Type     File system     Flags
        32.3kB  1049kB  1016kB           Free Space
 1      1049kB  525MB   524MB   primary  ext4            boot
 2      525MB   43.5GB  42.9GB  primary  ext4
 3      43.5GB  47.8GB  4295MB  primary  linux-swap(v1)
        47.8GB  898GB   851GB            Free Space | 
Excellent! Both nodes show the same amount of free space, 851 GB (note, not GiB).
We need to carve this up into three chunks of space:
- Space for the /shared partition. Install ISOs, server definition files and the like will be kept here.
- Space for servers designed to run on an-c05n01.
- Space for servers designed to run on an-c05n02.
We're going to install 8 different operating systems. That means we'll need enough space for at least eight different install ISO images. We'll allocate 40 GB for this. That leaves 811 GB left for servers.
Choose which node will host what servers is largely a question of distributing CPU load. Of course, each node has to be capable of running all of our servers at the same time. With a little planning though, we can split up servers with expected high CPU load and, when both nodes are up, gain a little performance.
So let's create a table showing the servers we plan to build. We'll put them into two columns, one for servers designed to run on an-c05n01 and the others designed to run on an-c05n02. We'll note how much disk space each server will need. Remember, we're trying to split up our servers with the highest expected CPU loads. This, being a tutorial, is going to be a fairly artificial division. You will need to decide for yourself how you want to split up your servers and how much space each needs.
| an-c05n01 | an-c05n02 | 
|---|---|
| vm01-win2008 (150 GB) | |
| vm02-win2012 (150 GB) | |
| vm03-win7 (100 GB) | |
| vm04-win8 (100 GB) | |
| vm05-freebsd9 (50 GB) | |
| vm06-solaris11 (100 GB) | |
| vm07-rhel6 (50 GB) | |
| vm08-sles11 (100 GB) | |
| Total: 500 GB | Total: 300 GB | 
The reason we put /shared on the same DRBD resource (and thus, the same storage pool) as the one that will host an-c05n01's servers is that it changes relatively rarely. So in the already unlikely event that there is a split-brain event, the chances of something important changing in /shared before the split-brain is resolved is extremely low. So low that the overhead of a third resource is not justified.
So then;
- The first DRBD resource, called r0, will need to have 540 GB of space.
- The second DRBD resource, called r1, will need to have 300 GB of space.
This is a total of 840 GB, leaving about 11 GB unused. What you do with the remaining free space is entirely up to you. You can assign it to one of the servers, leave it as free space in one (or partially on both) storage pools, etc.
It's actually a very common setup to build Anvil! systems with more storage than is needed. This free space can then be used later for new servers, growing or adding space to existing servers and so on. In our case, we'll give the left over space to the second storage pool and leave it there unassigned.
Now we're ready to create the partitions on each node that will back our DRBD resources!
Creating the DRBD Partitions
Here I will show you the values I entered to create the three partitions I needed on my nodes.
|  | Note: All of the following commands need to be run on both nodes. It's very important that both nodes have identical partitions when you finish! | 
On both nodes, start the parted shell.
| an-c05n01 | an-c05n01 | 
|---|---|
| parted -a optimal /dev/sdaGNU Parted 2.1
Using /dev/sda
Welcome to GNU Parted! Type 'help' to view a list of commands. | parted -a optimal /dev/sdaGNU Parted 2.1
Using /dev/sda
Welcome to GNU Parted! Type 'help' to view a list of commands. | 
We're now in the parted console. Before we start, let's take another look at the current disk configuration along with the amount of free space available.
| an-c05n01 | an-c05n01 | 
|---|---|
| print freeModel: LSI RAID 5/6 SAS 6G (scsi)
Disk /dev/sda: 898GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Number  Start   End     Size    Type     File system     Flags
        32.3kB  1049kB  1016kB           Free Space
 1      1049kB  525MB   524MB   primary  ext4            boot
 2      525MB   43.5GB  42.9GB  primary  ext4
 3      43.5GB  47.8GB  4295MB  primary  linux-swap(v1)
        47.8GB  898GB   851GB            Free Space | print freeModel: LSI RAID 5/6 SAS 6G (scsi)
Disk /dev/sda: 898GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Number  Start   End     Size    Type     File system     Flags
        32.3kB  1049kB  1016kB           Free Space
 1      1049kB  525MB   524MB   primary  ext4            boot
 2      525MB   43.5GB  42.9GB  primary  ext4
 3      43.5GB  47.8GB  4295MB  primary  linux-swap(v1)
        47.8GB  898GB   851GB            Free Space | 
Before we can create the three DRBD partition, we first need to create an extended partition wherein which we will create the two logical partitions. From the output above, we can see that the free space starts at 47.8GB, and that the drive ends at 898GB. Knowing this, we can now create the extended partition.
| an-c05n01 | mkpart extended 47.8G 898GWarning: WARNING: the kernel failed to re-read the partition table on /dev/sda (Device or resource busy).
As a result, it may not reflect all of your changes until after reboot. | 
|---|---|
| an-c05n01 | mkpart extended 47.8G 898GWarning: WARNING: the kernel failed to re-read the partition table on /dev/sda (Device or resource busy).
As a result, it may not reflect all of your changes until after reboot. | 
Don't worry about that message, we will reboot when we finish.
So now we can confirm that the new extended partition was create by again printing the partition table and the free space.
| an-c05n01 | an-c05n01 | 
|---|---|
| print freeModel: LSI RAID 5/6 SAS 6G (scsi)
Disk /dev/sda: 898GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Number  Start   End     Size    Type      File system     Flags
        32.3kB  1049kB  1016kB            Free Space
 1      1049kB  525MB   524MB   primary   ext4            boot
 2      525MB   43.5GB  42.9GB  primary   ext4
 3      43.5GB  47.8GB  4295MB  primary   linux-swap(v1)
 4      47.8GB  898GB   851GB   extended                  lba
        47.8GB  898GB   851GB             Free Space | print freeModel: LSI RAID 5/6 SAS 6G (scsi)
Disk /dev/sda: 898GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Number  Start   End     Size    Type      File system     Flags
        32.3kB  1049kB  1016kB            Free Space
 1      1049kB  525MB   524MB   primary   ext4            boot
 2      525MB   43.5GB  42.9GB  primary   ext4
 3      43.5GB  47.8GB  4295MB  primary   linux-swap(v1)
 4      47.8GB  898GB   851GB   extended                  lba
        47.8GB  898GB   851GB             Free Space | 
Perfect. So now we're going to create our two logical partitions. We're going to use the same start position as last time, but the end position will be 540 GB further in, rounded up to an even ten gigabytes. You can be more precise, if you wish, but we've got a little wiggle room.
If you recall from the section above, this is how much space we determined we would need for the /shared partition and the five servers that will live on an-c05n01. This means that we're going to create a new logical partition that starts at 47.8G and ends at 590G, for a partition that is roughly 540 GB in size.
| an-c05n01 | mkpart logical 47.8G 590GWarning: WARNING: the kernel failed to re-read the partition table on /dev/sda
(Device or resource busy).  As a result, it may not reflect all of your changes
until after reboot. | 
|---|---|
| an-c05n01 | mkpart logical 47.8G 590GWarning: WARNING: the kernel failed to re-read the partition table on /dev/sda (Device or resource busy).
As a result, it may not reflect all of your changes until after reboot. | 
We'll check again to see the new partition layout.
| an-c05n01 | an-c05n01 | 
|---|---|
| print freeModel: LSI RAID 5/6 SAS 6G (scsi)
Disk /dev/sda: 898GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Number  Start   End     Size    Type      File system     Flags
        32.3kB  1049kB  1016kB            Free Space
 1      1049kB  525MB   524MB   primary   ext4            boot
 2      525MB   43.5GB  42.9GB  primary   ext4
 3      43.5GB  47.8GB  4295MB  primary   linux-swap(v1)
 4      47.8GB  898GB   851GB   extended                  lba
 5      47.8GB  590GB   542GB   logical
        590GB   898GB   308GB             Free Space | print freeModel: LSI RAID 5/6 SAS 6G (scsi)
Disk /dev/sda: 898GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Number  Start   End     Size    Type      File system     Flags
        32.3kB  1049kB  1016kB            Free Space
 1      1049kB  525MB   524MB   primary   ext4            boot
 2      525MB   43.5GB  42.9GB  primary   ext4
 3      43.5GB  47.8GB  4295MB  primary   linux-swap(v1)
 4      47.8GB  898GB   851GB   extended                  lba
 5      47.8GB  590GB   542GB   logical
        590GB   898GB   308GB             Free Space | 
Again, perfect. Now we have a total of 308 GB left free. We need 300 GB, so this is enough, as expected. Lets allocate it all to our final partition.
| an-c05n01 | mkpart logical 590G 898GWarning: WARNING: the kernel failed to re-read the partition table on /dev/sda (Device or resource busy).
As a result, it may not reflect all of your changes until after reboot. | 
|---|---|
| an-c05n01 | mkpart logical 590G 898GWarning: WARNING: the kernel failed to re-read the partition table on /dev/sda (Device or resource busy).
As a result, it may not reflect all of your changes until after reboot. | 
Once again, lets look at the new partition table.
| an-c05n01 | an-c05n01 | 
|---|---|
| print freeModel: LSI RAID 5/6 SAS 6G (scsi)
Disk /dev/sda: 898GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Number  Start   End     Size    Type      File system     Flags
        32.3kB  1049kB  1016kB            Free Space
 1      1049kB  525MB   524MB   primary   ext4            boot
 2      525MB   43.5GB  42.9GB  primary   ext4
 3      43.5GB  47.8GB  4295MB  primary   linux-swap(v1)
 4      47.8GB  898GB   851GB   extended                  lba
 5      47.8GB  590GB   542GB   logical
 6      590GB   898GB   308GB   logical | print freeModel: LSI RAID 5/6 SAS 6G (scsi)
Disk /dev/sda: 898GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Number  Start   End     Size    Type      File system     Flags
        32.3kB  1049kB  1016kB            Free Space
 1      1049kB  525MB   524MB   primary   ext4            boot
 2      525MB   43.5GB  42.9GB  primary   ext4
 3      43.5GB  47.8GB  4295MB  primary   linux-swap(v1)
 4      47.8GB  898GB   851GB   extended                  lba
 5      47.8GB  590GB   542GB   logical
 6      590GB   898GB   308GB   logical | 
Just as we asked for!
Before we finish though, let's be extra careful and do a manual check of our new partitions to ensure that they are, in fact, aligned optimally. There will be no output from the following commands if the partitions are aligned.
| an-c05n01 | an-c05n01 | 
|---|---|
| align-check opt 5
align-check opt 6<no output> | align-check opt 5
align-check opt 6<no output> | 
Excellent, we're done!
| an-c05n01 | an-c05n01 | 
|---|---|
| quitInformation: You may need to update /etc/fstab. | quitInformation: You may need to update /etc/fstab. | 
Now we need to reboot to make the kernel see the new partition table. If cman is running, stop it before rebooting.
| an-c05n01 | an-c05n01 | 
|---|---|
| /etc/init.d/cman stopStopping cluster: 
   Leaving fence domain...                                 [  OK  ]
   Stopping gfs_controld...                                [  OK  ]
   Stopping dlm_controld...                                [  OK  ]
   Stopping fenced...                                      [  OK  ]
   Stopping cman...                                        [  OK  ]
   Waiting for corosync to shutdown:                       [  OK  ]
   Unloading kernel modules...                             [  OK  ]
   Unmounting configfs...                                  [  OK  ]reboot | /etc/init.d/cman stopStopping cluster: 
   Leaving fence domain...                                 [  OK  ]
   Stopping gfs_controld...                                [  OK  ]
   Stopping dlm_controld...                                [  OK  ]
   Stopping fenced...                                      [  OK  ]
   Stopping cman...                                        [  OK  ]
   Waiting for corosync to shutdown:                       [  OK  ]
   Unloading kernel modules...                             [  OK  ]
   Unmounting configfs...                                  [  OK  ]reboot | 
Once the nodes are back online, remember to start cman again.
Configuring DRBD
DRBD is configured in two parts;
- Global and common configuration options
- Resource configurations
We will be creating three separate DRBD resources, so we will create three separate resource configuration files. More on that in a moment.
Configuring DRBD Global and Common Options
As always, we're going to start by making backups. Then we're going to work on an-c05n01. After we finish, we'll copy everything over to an-c05n02.
rsync -av /etc/drbd.d /root/backups/sending incremental file list
drbd.d/
drbd.d/global_common.conf
sent 1722 bytes  received 35 bytes  3514.00 bytes/sec
total size is 1604  speedup is 0.91Now we can begin.
The first file to edit is /etc/drbd.d/global_common.conf. In this file, we will set global configuration options and set default resource configuration options.
We'll talk about the values we're setting here as well as put the explanation of each option in the configuration file itself, as it will be useful to have them should you need to alter the files sometime in the future.
The first addition is in the handlers { } directive. We're going to add the fence-peer option and configure it to use the obliterate-peer.sh script we spoke about earlier in the DRBD section.
vim /etc/drbd.d/global_common.conf	handlers {
		# This script is a wrapper for RHCS's 'fence_node' command line
		# tool. It will call a fence against the other node and return
		# the appropriate exit code to DRBD.
		fence-peer		"/usr/lib/drbd/rhcs_fence";
	}We're going to add three options to the startup { } directive; We're going to tell DRBD to make both nodes "primary" on start, to wait five minutes on start for its peer to connect and, if the peer never connected last time, to wait onto two minutes.
	startup {
		# This tells DRBD to promote both nodes to Primary on start.
		become-primary-on	both;
		# This tells DRBD to wait five minutes for the other node to
		# connect. This should be longer than it takes for cman to
		# timeout and fence the other node *plus* the amount of time it
		# takes the other node to reboot. If you set this too short,
		# you could corrupt your data. If you want to be extra safe, do
		# not use this at all and DRBD will wait for the other node
		# forever.
		wfc-timeout		300;
		# This tells DRBD to wait for the other node for three minutes
		# if the other node was degraded the last time it was seen by
		# this node. This is a way to speed up the boot process when
		# the other node is out of commission for an extended duration.
		degr-wfc-timeout	120;
		
		# Same as above, except this time-out is used if the peer was
		# 'Outdated'.
		outdated-wfc-timeout    120;
	}For the disk { } directive, we're going to configure DRBD's behaviour when a split-brain is detected. By setting fencing to resource-and-stonith, we're telling DRBD to stop all disk access and call a fence against its peer node rather than proceeding.
	disk {
		# This tells DRBD to block IO and fence the remote node (using
		# the 'fence-peer' helper) when connection with the other node
		# is unexpectedly lost. This is what helps prevent split-brain
		# condition and it is incredible important in dual-primary
		# setups!
		fencing			resource-and-stonith;
	}In the net { } directive, we're going to tell DRBD that it is allowed to run in dual-primary mode and we're going to configure how it behaves if a split-brain has occurred, despite our best efforts. The recovery (or lack there of) requires three options; What to do when neither node had been primary (after-sb-0pri), what to do if only one node had been primary (after-sb-1pri) and finally, what to do if both nodes had been primary (after-sb-2pri), as will most likely be the case for us. This last instance will be configured to tell DRBD just to drop the connection, which will require human intervention to correct.
At this point, you might be wondering why we won't simply run Primary/Secondary. The reason is because of live-migration. When we push a VM across to the backup node, there is a short period of time where both nodes need to be writeable.
	net {
		# This tells DRBD to allow two nodes to be Primary at the same
		# time. It is needed when 'become-primary-on both' is set.
		allow-two-primaries;
		# The following three commands tell DRBD how to react should
		# our best efforts fail and a split brain occurs. You can learn
		# more about these options by reading the drbd.conf man page.
		# NOTE! It is not possible to safely recover from a split brain
		# where both nodes were primary. This care requires human
		# intervention, so 'disconnect' is the only safe policy.
		after-sb-0pri		discard-zero-changes;
		after-sb-1pri		discard-secondary;
		after-sb-2pri		disconnect;
	}For the syncer { } directive, we're going to configure how much bandwidth DRBD is allowed to take away from normal replication for use with background synchronization of out-of-sync blocks.
	syncer {
		# This tells DRBD how fast to synchronize out-of-sync blocks.
		# The higher this number, the faster an Inconsistent resource
		# will get back to UpToDate state. However, the faster this is,
		# the more of an impact normal application use of the DRBD
		# resource will suffer. We'll set this to 30 MB/sec.
		rate			30M;
	}Save the changes and exit the text editor. Now let's use diff to see the changes we made.
diff -U0 /root/backups/drbd.d/global_common.conf /etc/drbd.d/global_common.conf--- /root/backups/drbd.d/global_common.conf	2013-09-27 16:38:33.000000000 -0400
+++ /etc/drbd.d/global_common.conf	2013-10-31 01:08:13.733823523 -0400
@@ -22,0 +23,5 @@
+
+		# This script is a wrapper for RHCS's 'fence_node' command line
+		# tool. It will call a fence against the other node and return
+		# the appropriate exit code to DRBD.
+		fence-peer		"/usr/lib/drbd/rhcs_fence";
@@ -26,0 +32,22 @@
+
+		# This tells DRBD to promote both nodes to Primary on start.
+		become-primary-on	both;
+
+		# This tells DRBD to wait five minutes for the other node to
+		# connect. This should be longer than it takes for cman to
+		# timeout and fence the other node *plus* the amount of time it
+		# takes the other node to reboot. If you set this too short,
+		# you could corrupt your data. If you want to be extra safe, do
+		# not use this at all and DRBD will wait for the other node
+		# forever.
+		wfc-timeout		300;
+
+		# This tells DRBD to wait for the other node for three minutes
+		# if the other node was degraded the last time it was seen by
+		# this node. This is a way to speed up the boot process when
+		# the other node is out of commission for an extended duration.
+		degr-wfc-timeout	120;
+
+		# Same as above, except this time-out is used if the peer was
+		# 'Outdated'.
+		outdated-wfc-timeout	120;
@@ -31,0 +59,7 @@
+
+		# This tells DRBD to block IO and fence the remote node (using
+		# the 'fence-peer' helper) when connection with the other node
+		# is unexpectedly lost. This is what helps prevent split-brain
+		# condition and it is incredible important in dual-primary
+		# setups!
+		fencing			resource-and-stonith;
@@ -37,0 +72,14 @@
+
+		# This tells DRBD to allow two nodes to be Primary at the same
+		# time. It is needed when 'become-primary-on both' is set.
+		allow-two-primaries;
+
+		# The following three commands tell DRBD how to react should
+		# our best efforts fail and a split brain occurs. You can learn
+		# more about these options by reading the drbd.conf man page.
+		# NOTE! It is not possible to safely recover from a split brain
+		# where both nodes were primary. This care requires human
+		# intervention, so 'disconnect' is the only safe policy.
+		after-sb-0pri		discard-zero-changes;
+		after-sb-1pri		discard-secondary;
+		after-sb-2pri		disconnect;
@@ -41,0 +90,7 @@
+
+		# This tells DRBD how fast to synchronize out-of-sync blocks.
+		# The higher this number, the faster an Inconsistent resource
+		# will get back to UpToDate state. However, the faster this is,
+		# the more of an impact normal application use of the DRBD
+		# resource will suffer. We'll set this to 30 MB/sec.
+		rate			30M;Done!
Configuring the DRBD Resources
As mentioned earlier, we are going to create two DRBD resources.
- Resource r0, which will create the device /dev/drbd0 and be backed by each node's /dev/sda5 partition. It will provide disk space for VMs that will normally run on an-c05n01 and provide space for the /shared GFS2 partition.
- Resource r1, which will create the device /dev/drbd1 and be backed by each node's /dev/sda6 partition. It will provide disk space for VMs that will normally run on an-c05n02.
Each resource configuration will be in its own file saved as /etc/drbd.d/rX.res. The two of them will be pretty much the same. So let's take a look at the first resource, r0.res, then we'll just look at the changes for r1.res. These files won't exist initially so we start by creating them.
vim /etc/drbd.d/r0.res# This is the resource used for the shared GFS2 partition and host VMs designed 
# to run on an-c05n01.
resource r0 {
	# This is the block device path.
	device		/dev/drbd0;
	# We'll use the normal internal meta-disk. This is where DRBD stores
	# it's state information about the resource. It takes about 32 MB per
	# 1 TB of raw space.
	meta-disk	internal;
	# This is the `uname -n` of the first node
	on an-c05n01.alteeve.ca {
		# The 'address' has to be the IP, not a host name. This is the
		# node's SN (bond1) IP. The port number must be unique amoung
		# resources.
		address		10.10.50.1:7788;
		# This is the block device backing this resource on this node.
		disk		/dev/sda5;
	}
	# Now the same information again for the second node.
	on an-c05n02.alteeve.ca {
		address		10.10.50.2:7788;
		disk		/dev/sda5;
	}
}Now copy this to r1.res and edit for the an-c05n01 VM resource. The main differences are the resource name, r1, the block device, /dev/drbd1, the port, 7790 and the backing block devices, /dev/sda6.
cp /etc/drbd.d/r0.res /etc/drbd.d/r1.res
vim /etc/drbd.d/r1.res# This is the resource used for the VMs designed to run on an-c05n02.
resource r1 {
        # This is the block device path.
        device          /dev/drbd1;
        # We'll use the normal internal meta-disk. This is where DRBD stores
        # it's state information about the resource. It takes about 32 MB per
        # 1 TB of raw space.
        meta-disk       internal;
        # This is the `uname -n` of the first node
        on an-c05n01.alteeve.ca {
                # The 'address' has to be the IP, not a host name. This is the
                # node's SN (bond1) IP. The port number must be unique amoung
                # resources.
                address         10.10.50.1:7789;
                # This is the block device backing this resource on this node.
                disk            /dev/sda6;
        }
        # Now the same information again for the second node.
        on an-c05n02.alteeve.ca {
                address         10.10.50.2:7789;
                disk            /dev/sda6;
        }
}It's easiest to see what changed between r0.res and r1.res if we diff them.
diff -U0 /etc/drbd.d/r0.res /etc/drbd.d/r1.res--- /etc/drbd.d/r0.res	2013-10-30 21:26:31.936680235 -0400
+++ /etc/drbd.d/r1.res	2013-10-30 21:27:42.625006337 -0400
@@ -1,3 +1,2 @@
-# This is the resource used for the shared GFS2 partition and host VMs designed
-# to run on an-c05n01.
-resource r0 {
+# This is the resource used for the VMs designed to run on an-c05n02.
+resource r1 {
@@ -5 +4 @@
-	device		/dev/drbd0;
+	device		/dev/drbd1;
@@ -17 +16 @@
-		address		10.10.50.1:7788;
+		address		10.10.50.1:7789;
@@ -20 +19 @@
-		disk		/dev/sda5;
+		disk		/dev/sda6;
@@ -24,2 +23,2 @@
-		address		10.10.50.2:7788;
-		disk		/dev/sda5;
+		address		10.10.50.2:7789;
+		disk		/dev/sda6;We can see easily that the resource name, device name and backing partitions changed. We can also see that the IP address used for each resource stayed the same. We split up the network traffic by using different TCP ports instead.
Now we will do an initial validation of the configuration. This is done by running the following command;
drbdadm dump# /etc/drbd.conf
common {
    protocol               C;
    net {
        allow-two-primaries;
        after-sb-0pri    discard-zero-changes;
        after-sb-1pri    discard-secondary;
        after-sb-2pri    disconnect;
    }
    disk {
        fencing          resource-and-stonith;
    }
    syncer {
        rate             30M;
    }
    startup {
        wfc-timeout      300;
        degr-wfc-timeout 120;
        outdated-wfc-timeout 120;
        become-primary-on both;
    }
    handlers {
        fence-peer       /usr/lib/drbd/rhcs_fence;
    }
}
# resource r0 on an-c05n01.alteeve.ca: not ignored, not stacked
resource r0 {
    on an-c05n01.alteeve.ca {
        device           /dev/drbd0 minor 0;
        disk             /dev/sda5;
        address          ipv4 10.10.50.1:7788;
        meta-disk        internal;
    }
    on an-c05n02.alteeve.ca {
        device           /dev/drbd0 minor 0;
        disk             /dev/sda5;
        address          ipv4 10.10.50.2:7788;
        meta-disk        internal;
    }
}
# resource r1 on an-c05n01.alteeve.ca: not ignored, not stacked
resource r1 {
    on an-c05n01.alteeve.ca {
        device           /dev/drbd1 minor 1;
        disk             /dev/sda6;
        address          ipv4 10.10.50.1:7789;
        meta-disk        internal;
    }
    on an-c05n02.alteeve.ca {
        device           /dev/drbd1 minor 1;
        disk             /dev/sda6;
        address          ipv4 10.10.50.2:7789;
        meta-disk        internal;
    }
}You'll note that the output is formatted differently from the configuration files we created, but the values themselves are the same. If there had of been errors, you would have seen them printed. Fix any problems before proceeding. Once you get a clean dump, copy the configuration over to the other node.
rsync -av /etc/drbd.d root@an-c05n02:/etc/sending incremental file list
drbd.d/
drbd.d/global_common.conf
drbd.d/r0.res
drbd.d/r1.res
sent 5015 bytes  received 91 bytes  10212.00 bytes/sec
total size is 5479  speedup is 1.07Done!
Initializing The DRBD Resources
Now that we have DRBD configured, we need to initialize the DRBD backing devices and then bring up the resources for the first time.
On both nodes, create the new metadata on the backing devices.
Two notes:
- You may need to type yes to confirm the action if any data is seen.
- If DRBD sees an actual file system, it will error and insist that you clear the partition. You can do this by running; dd if=/dev/zero of=/dev/sdaX bs=4M count=1000, where X is the partition you want to clear. This is called "zeroing out" a partition. The dd program does not print its progress. To check the progress, open a new terminal to the node and run 'kill -USR1 $(pidof dd)'.
Lets create the meta-data!
| an-c05n01 | an-c05n02 | 
|---|---|
| drbdadm create-md r{0,1}Writing meta data...
initializing activity log
NOT initialized bitmap
New drbd meta data block successfully created.
success
Writing meta data...
initializing activity log
NOT initialized bitmap
New drbd meta data block successfully created.
success | drbdadm create-md r{0,1}Writing meta data...
initializing activity log
NOT initialized bitmap
New drbd meta data block successfully created.
success
Writing meta data...
initializing activity log
NOT initialized bitmap
New drbd meta data block successfully created.
success | 
If you get an error like this;
pvs stderr:  Skipping volume group an-c05n01-vg0
pvs stderr:        Freeing VG (null) at 0x16efd20.
pvs stderr:      Unlocking /var/lock/lvm/P_global
pvs stderr:        _undo_flock /var/lock/lvm/P_global
md_offset 542229131264
al_offset 542229098496
bm_offset 542212550656
Found LVM2 physical volume signature
   529504444 kB left usable by current configuration
Could not determine the size of the actually used data area.
Device size would be truncated, which
would corrupt data and result in
'access beyond end of device' errors.
If you want me to do this, you need to zero out the first part
of the device (destroy the content).
You should be very sure that you mean it.
Operation refused.
Command 'drbdmeta 0 v08 /dev/sda5 internal create-md' terminated with exit code 40
drbdadm create-md r0: exited with code 40|  | Warning: The next two commands will irrevocably destroy the data on /dev/sda5 and /dev/sda6! | 
Use dd on the backing device to destroy all existing data.
dd if=/dev/zero of=/dev/sda5 bs=4M count=10001000+0 records in
1000+0 records out
4194304000 bytes (4.2 GB) copied, 9.04352 s, 464 MB/sdd if=/dev/zero of=/dev/sda6 bs=4M count=10001000+0 records in
1000+0 records out
4194304000 bytes (4.2 GB) copied, 9.83831 s, 426 MB/sTry running the create-md commands again, it should work this time.
Loading The drbd Kernel Module
Before we can go any further, we'll need to load the drbd kernel module. Normally you won't normally need to do this because the /etc/init.d/drbd initializations script handles this for us. We can't use this yet though because the DRBD resource we defined are not yet setup.
So to load the drbd kernel module, run;
| an-c05n01 | modprobe drbdLog messages: Oct 30 22:45:45 an-c05n01 kernel: drbd: initialized. Version: 8.3.16 (api:88/proto:86-97)
Oct 30 22:45:45 an-c05n01 kernel: drbd: GIT-hash: a798fa7e274428a357657fb52f0ecf40192c1985 build by phil@Build64R6, 2013-09-27 16:00:43
Oct 30 22:45:45 an-c05n01 kernel: drbd: registered as block device major 147
Oct 30 22:45:45 an-c05n01 kernel: drbd: minor_table @ 0xffff8803374420c0 | 
|---|---|
| an-c05n02 | modprobe drbdLog messages: Oct 30 22:45:51 an-c05n02 kernel: drbd: initialized. Version: 8.3.16 (api:88/proto:86-97)
Oct 30 22:45:51 an-c05n02 kernel: drbd: GIT-hash: a798fa7e274428a357657fb52f0ecf40192c1985 build by phil@Build64R6, 2013-09-27 16:00:43
Oct 30 22:45:51 an-c05n02 kernel: drbd: registered as block device major 147
Oct 30 22:45:51 an-c05n02 kernel: drbd: minor_table @ 0xffff8803387a9ec0 | 
Now go back to the terminal windows we were using to watch the cluster start. Kill the tail, if it's still running. We're going to watch the output of cat /proc/drbd so we can keep tabs on the current state of the DRBD resources. We'll do this by using the watch program, which will refresh the output of the cat call every couple of seconds.
| an-c05n01 | watch cat /proc/drbdversion: 8.3.16 (api:88/proto:86-97)
GIT-hash: a798fa7e274428a357657fb52f0ecf40192c1985 build by phil@Build64R6, 2013-09-27 16:00:43 | 
|---|---|
| an-c05n02 | watch cat /proc/drbdversion: 8.3.16 (api:88/proto:86-97)
GIT-hash: a798fa7e274428a357657fb52f0ecf40192c1985 build by phil@Build64R6, 2013-09-27 16:00:43 | 
Back in the first terminal, we need now to attach each resource's backing device, /dev/sda{5,6}, to their respective DRBD resources, r{0,1}. After running the following command, you will see no output on the first terminal, but the second terminal's /proc/drbd should change.
| an-c05n01 | drbdadm attach r{0,1}Output from /proc/drbd version: 8.3.16 (api:88/proto:86-97)
GIT-hash: a798fa7e274428a357657fb52f0ecf40192c1985 build by phil@Build64R6, 2013-09-27 16:00:43
 0: cs:StandAlone ro:Secondary/Unknown ds:Inconsistent/DUnknown   r----s
    ns:0 nr:0 dw:0 dr:0 al:0 bm:0 lo:0 pe:0 ua:0 ap:0 ep:1 wo:f oos:529504444
 1: cs:StandAlone ro:Secondary/Unknown ds:Inconsistent/DUnknown   r----s
    ns:0 nr:0 dw:0 dr:0 al:0 bm:0 lo:0 pe:0 ua:0 ap:0 ep:1 wo:f oos:301082612 | 
|---|---|
| an-c05n02 | drbdadm attach r{0,1}Output from /proc/drbd version: 8.3.16 (api:88/proto:86-97)
GIT-hash: a798fa7e274428a357657fb52f0ecf40192c1985 build by phil@Build64R6, 2013-09-27 16:00:43
 0: cs:StandAlone ro:Secondary/Unknown ds:Inconsistent/DUnknown   r----s
    ns:0 nr:0 dw:0 dr:0 al:0 bm:0 lo:0 pe:0 ua:0 ap:0 ep:1 wo:f oos:529504444
 1: cs:StandAlone ro:Secondary/Unknown ds:Inconsistent/DUnknown   r----s
    ns:0 nr:0 dw:0 dr:0 al:0 bm:0 lo:0 pe:0 ua:0 ap:0 ep:1 wo:f oos:301082612 | 
Take note of the connection state, cs:StandAlone, the current role, ro:Secondary/Unknown and the disk state, ds:Inconsistent/DUnknown. This tells us that our resources are not talking to one another, are not usable because they are in the Secondary state (you can't even read the /dev/drbdX device) and that the backing device does not have an up to date view of the data.
This all makes sense of course, as the resources are brand new.
So the next step is to connect the two nodes together. As before, we won't see any output from the first terminal, but the second terminal will change.
|  | Note: After running the following command on the first node, its connection state will become cs:WFConnection which means that it is waiting for a connection from the other node. | 
| an-c05n01 | drbdadm connect r{0,1}Output from /proc/drbd version: 8.3.16 (api:88/proto:86-97)
GIT-hash: a798fa7e274428a357657fb52f0ecf40192c1985 build by phil@Build64R6, 2013-09-27 16:00:43
 0: cs:Connected ro:Secondary/Secondary ds:Inconsistent/Inconsistent C r-----
    ns:0 nr:0 dw:0 dr:0 al:0 bm:0 lo:0 pe:0 ua:0 ap:0 ep:1 wo:f oos:529504444
 1: cs:Connected ro:Secondary/Secondary ds:Inconsistent/Inconsistent C r-----
    ns:0 nr:0 dw:0 dr:0 al:0 bm:0 lo:0 pe:0 ua:0 ap:0 ep:1 wo:f oos:301082612 | 
|---|---|
| an-c05n02 | drbdadm connect r{0,1}Output from /proc/drbd GIT-hash: a798fa7e274428a357657fb52f0ecf40192c1985 build by phil@Build64R6, 2013-09-27 16:00:43
 0: cs:Connected ro:Secondary/Secondary ds:Inconsistent/Inconsistent C r-----
    ns:0 nr:0 dw:0 dr:0 al:0 bm:0 lo:0 pe:0 ua:0 ap:0 ep:1 wo:f oos:529504444
 1: cs:Connected ro:Secondary/Secondary ds:Inconsistent/Inconsistent C r-----
    ns:0 nr:0 dw:0 dr:0 al:0 bm:0 lo:0 pe:0 ua:0 ap:0 ep:1 wo:f oos:301082612 | 
We can now see that the two nodes are talking to one another properly as the connection state has changed to cs:Connected. They can see that their peer node is in the same state as they are; Secondary/Inconsistent.
Next step is to synchronize the two nodes. Neither node has any real data, so it's entirely arbitrary which node we choose to use here. We'll use an-c05n01 because, well, why not.
| an-c05n01 | drbdadm -- --overwrite-data-of-peer primary r{0,1}Output from /proc/drbd version: 8.3.16 (api:88/proto:86-97)
GIT-hash: a798fa7e274428a357657fb52f0ecf40192c1985 build by phil@Build64R6, 2013-09-27 16:00:43
 0: cs:SyncSource ro:Primary/Secondary ds:UpToDate/Inconsistent C r-----
    ns:11467520 nr:0 dw:0 dr:11468516 al:0 bm:699 lo:0 pe:0 ua:0 ap:0 ep:1 wo:f oos:518036924
        [>....................] sync'ed:  2.2% (505892/517092)M
        finish: 7:03:30 speed: 20,372 (13,916) K/sec
 1: cs:SyncSource ro:Primary/Secondary ds:UpToDate/Inconsistent C r-----
    ns:10833792 nr:0 dw:0 dr:10834788 al:0 bm:661 lo:0 pe:0 ua:0 ap:0 ep:1 wo:f oos:290248820
        [>....................] sync'ed:  3.6% (283444/294024)M
        finish: 7:31:03 speed: 10,720 (13,144) K/sec | 
|---|---|
| an-c05n02 | # don't run anything here.Output from /proc/drbd version: 8.3.16 (api:88/proto:86-97)
GIT-hash: a798fa7e274428a357657fb52f0ecf40192c1985 build by phil@Build64R6, 2013-09-27 16:00:43
 0: cs:SyncTarget ro:Secondary/Primary ds:Inconsistent/UpToDate C r-----
    ns:0 nr:11467520 dw:11467520 dr:0 al:0 bm:699 lo:0 pe:0 ua:0 ap:0 ep:1 wo:f oos:518036924
        [>....................] sync'ed:  2.2% (505892/517092)M
        finish: 8:42:19 speed: 16,516 (13,796) want: 30,720 K/sec
 1: cs:SyncTarget ro:Secondary/Primary ds:Inconsistent/UpToDate C r-----
    ns:0 nr:11061120 dw:11061120 dr:0 al:0 bm:675 lo:0 pe:0 ua:0 ap:0 ep:1 wo:f oos:290021492
        [>....................] sync'ed:  3.7% (283224/294024)M
        finish: 7:06:46 speed: 11,316 (13,308) want: 30,720 K/sec | 
Excellent! This tells us that the data, as garbage as it is, is being sync'ed over to an-c05n02. DRBD doesn't know about data structures, all it cares about is that whatever is on the first node is identical to what is on the other node. This initial synchronization does this.
A few notes;
- There is a trick to short-circuit this which we used to use in the old tutorial, but we no longer recommend this. If you ever run an online verification of the resource, all the previously unsync'ed blocks will sync. So it's better to do it initially before the cluster is in production.
- If you notice that the sync speed is sitting at 250 K/sec, then DRBD isn't honouring the syncer { rate xxM; } value. Run drbdadm adjust all on one node at the sync speed should start to speed up.
- Sync speed is NOT replication speed! - This is a very common misunderstanding for new DRBD users. The sync speed we see here takes away from the speed available to applications writing to the DRBD resource. The slower this is, the faster your applications can write to DRBD. Conversely, the higher the sync speed, the slower your applications writing to disk will be. So keep this reasonably low. Generally, a good number is about 30% of the storage or network's fastest speed, whichever is slower. If in doubt, 30M is a safe starting value.
- If you manually adjust the syncer speed, it will not immediately change in /proc/drbd. It takes a while to change, be patient.
The good thing about DRBD is that we do not have to wait for the resources to be synchronized. So long as one of the resource is UpToDate, both nodes will work. If the Inconsistent node needs to read data, it will simply read it from it's peer.
It is worth noting though; If the UpToDate node disconnects or disappears, the Inconsistent node will immediately demote to Secondary, making it unusable. This is the biggest reason for making the synchronization speed as high as we did. The cluster can not be considered redundant until both nodes are UpToDate.
So with this understood, let's get back to work. The resources can synchronize in the background.
In order for a DRBD resource to be usable, it has to be "promoted". Be default, DRBD resources start in the Secondary state. This means that it will receive changes from the peer, but no changes can be made. You can't even look at the contents of a Secondary resource. Why this is requires more time to discuss than we can go into here.
So the next step is to promote both resource on both nodes.
| an-c05n01 | drbdadm primary r{0,1}Output from /proc/drbd version: 8.3.16 (api:88/proto:86-97)
GIT-hash: a798fa7e274428a357657fb52f0ecf40192c1985 build by phil@Build64R6, 2013-09-27 16:00:43
 0: cs:SyncSource ro:Primary/Primary ds:UpToDate/Inconsistent C r-----
    ns:20010808 nr:0 dw:0 dr:20011804 al:0 bm:1221 lo:0 pe:0 ua:0 ap:0 ep:1 wo:f oos:509493692
        [>....................] sync'ed:  3.8% (497552/517092)M
        finish: 9:01:50 speed: 15,660 (14,680) K/sec
 1: cs:SyncSource ro:Primary/Primary ds:UpToDate/Inconsistent C r-----
    ns:18860984 nr:0 dw:0 dr:18861980 al:0 bm:1151 lo:0 pe:0 ua:0 ap:0 ep:1 wo:f oos:282221684
        [>...................] sync'ed:  6.3% (275604/294024)M
        finish: 2:31:28 speed: 31,036 (13,836) K/sec | 
|---|---|
| an-c05n02 | drbdadm primary r{0,1}Output from /proc/drbd version: 8.3.16 (api:88/proto:86-97)
GIT-hash: a798fa7e274428a357657fb52f0ecf40192c1985 build by phil@Build64R6, 2013-09-27 16:00:43
 0: cs:SyncTarget ro:Primary/Primary ds:Inconsistent/UpToDate C r-----
    ns:0 nr:20010808 dw:20010752 dr:608 al:0 bm:1221 lo:0 pe:0 ua:0 ap:0 ep:1 wo:f oos:509493692
        [>....................] sync'ed:  3.8% (497552/517092)M
        finish: 11:06:52 speed: 12,724 (14,584) want: 30,720 K/sec
 1: cs:SyncTarget ro:Primary/Primary ds:Inconsistent/UpToDate C r-----
    ns:0 nr:19152824 dw:19152768 dr:608 al:0 bm:1168 lo:0 pe:0 ua:0 ap:0 ep:1 wo:f oos:281929844
        [>...................] sync'ed:  6.4% (275320/294024)M
        finish: 2:27:30 speed: 31,844 (13,956) want: 30,720 K/sec | 
Notice how the roles have changed to ro:Primary/Primary? That tells us that DRBD is now ready to be used on both nodes!
At this point, we're done setting up DRBD!
|  | Note: Stopping DRBD while a synchronization is running is fine. When DRBD starts back up, it will pick up where it left off. | 
Eventually, the next day in the case of our cluster, the synchronization will complete. This is what it looks like once it's finished. After this point, all application writes to the DRBD resources will get all the available performance your storage and network have to offer.
| an-c05n01 | cat /proc/drbdversion: 8.3.16 (api:88/proto:86-97)
GIT-hash: a798fa7e274428a357657fb52f0ecf40192c1985 build by phil@Build64R6, 2013-09-27 16:00:43
 0: cs:Connected ro:Primary/Primary ds:UpToDate/UpToDate C r-----
    ns:413259760 nr:0 dw:20 dr:413261652 al:1 bm:25224 lo:0 pe:0 ua:0 ap:0 ep:1 wo:f oos:0
 1: cs:Connected ro:Primary/Primary ds:UpToDate/UpToDate C r-----
    ns:188464424 nr:0 dw:20 dr:188465928 al:1 bm:11504 lo:0 pe:0 ua:0 ap:0 ep:1 wo:f oos:0 | 
|---|---|
| an-c05n02 | cat /proc/drbdversion: 8.3.16 (api:88/proto:86-97)
GIT-hash: a798fa7e274428a357657fb52f0ecf40192c1985 build by phil@Build64R6, 2013-09-27 16:00:43
 0: cs:Connected ro:Primary/Primary ds:UpToDate/UpToDate C r-----
    ns:0 nr:413259760 dw:413259600 dr:944 al:0 bm:25224 lo:0 pe:0 ua:0 ap:0 ep:1 wo:f oos:0
 1: cs:Connected ro:Primary/Primary ds:UpToDate/UpToDate C r-----
    ns:0 nr:188464424 dw:188464264 dr:876 al:0 bm:11504 lo:0 pe:0 ua:0 ap:0 ep:1 wo:f oos:0 | 
In the next section, we're going to start working on clvmd. You will want to stop watch'ing cat /proc/drbd and go back to tail'ing /var/log/messages now.
Initializing Clustered Storage
Before we can provision the first virtual machine, we must first create the storage that will back them. This will take a few steps;
- Configuring LVM's clustered locking and creating the PVs, VGs and LVs
- Formatting and configuring the shared GFS2 partition.
- Adding storage to the cluster's resource management.
Clustered Logical Volume Management
We will assign all three DRBD resources to be managed by clustered LVM. This isn't strictly needed for the GFS2 partition, as it uses DLM directly. However, the flexibility of LVM is very appealing, and will make later growth of the GFS2 partition quite trivial, should the need arise.
The real reason for clustered LVM in our cluster is to provide DLM-backed locking to the partitions, or logical volumes in LVM, that will be used to back our VMs. Of course, the flexibility of LVM managed storage is enough of a win to justify using LVM for our VMs in itself, and shouldn't be ignored here.
Configuring Clustered LVM Locking
|  | Note: We're going to edit the configuration on an-c05n01. When we're done, we'll copy the configuration files to an-c05n02. | 
Before we create the clustered LVM, we need to first make three changes to the LVM configuration.
- We need to filter out the DRBD backing devices so that LVM doesn't see the same signature a second time on the DRBD resource's backing device.
- Switch from local locking to clustered locking.
- Prevent fall-back to local locking when the cluster is not available.
Start by making a backup of lvm.conf and then begin editing it.
rsync -av /etc/lvm /root/backups/sending incremental file list
lvm/
lvm/lvm.conf
lvm/archive/
lvm/backup/
lvm/cache/
sent 37728 bytes  received 47 bytes  75550.00 bytes/sec
total size is 37554  speedup is 0.99Now we're ready to edit lvm.conf.
vim /etc/lvm/lvm.confThe configuration option to filter out the DRBD backing device is, surprisingly, filter = [ ... ]. By default, it is set to allow everything via the "a/.*/" regular expression. We're only using DRBD in our LVM, so we're going to flip that to reject everything except DRBD by changing the regex to "a|/dev/drbd*|", "r/.*/".
    # We're only using LVM on DRBD resource.
    filter = [ "a|/dev/drbd*|", "r/.*/" ]For the locking, we're going to change the locking_type from 1 (local locking) to 3, (clustered locking). This is what tells LVM to use DLM and gives us the "clustered" in clvm.
    locking_type = 3Lastly, we're also going to disallow fall-back to local locking. Normally, LVM would try to access a clustered LVM VG using local locking if DLM is not available. We want to prevent any access to the clustered LVM volumes except when the DLM is itself running. This is done by changing fallback_to_local_locking to 0.
    fallback_to_local_locking = 0Save the changes, then lets run a diff against our backup to see a summary of the changes.
diff -U0 /root/backups/lvm/lvm.conf /etc/lvm/lvm.conf--- /root/backups/lvm/lvm.conf	2013-10-10 09:40:04.000000000 -0400
+++ /etc/lvm/lvm.conf	2013-10-31 00:21:36.196228144 -0400
@@ -67,2 +67,2 @@
-    # By default we accept every block device:
-    filter = [ "a/.*/" ]
+    # We're only using LVM on DRBD resource.
+    filter = [ "a|/dev/drbd*|", "r/.*/" ]
@@ -408 +408 @@
-    locking_type = 1
+    locking_type = 3
@@ -424 +424 @@
-    fallback_to_local_locking = 1
+    fallback_to_local_locking = 0Perfect! Now copy the modified lvm.conf file to the other node.
rsync -av /etc/lvm/lvm.conf root@an-c05n02:/etc/lvm/sending incremental file list
lvm.conf
sent 2399 bytes  received 355 bytes  5508.00 bytes/sec
total size is 37569  speedup is 13.64Testing the clvmd Daemon
A little later on, we're going to put clustered LVM under the control of rgmanager. Before we can do that though, we need to start it manually so that we can use it to create the LV that will back the GFS2 /shared partition. We will also be adding this partition to rgmanager, once it has been created.
Before we start the clvmd daemon, we'll want to ensure that the cluster is running.
cman_tool nodesNode  Sts   Inc   Joined               Name
   1   M     64   2013-10-30 22:40:07  an-c05n01.alteeve.ca
   2   M     64   2013-10-30 22:40:07  an-c05n02.alteeve.caIt is, and both nodes are members. We can start the clvmd daemon now.
| an-c05n01 | an-c05n02 | 
|---|---|
| /etc/init.d/clvmd startStarting clvmd: 
Activating VG(s):   No volume groups found
                                                           [  OK  ] | /etc/init.d/clvmd startStarting clvmd: 
Activating VG(s):   No volume groups found
                                                           [  OK  ] | 
We've not created any volume groups yet, so that complaint about not finding any is expected.
We can now use dlm_tool to verify that a DLM lock space has been created for clvmd. If it has, we're good to go.
| an-c05n01 | an-c05n02 | 
|---|---|
| dlm_tool lsdlm lockspaces
name          clvmd
id            0x4104eefa
flags         0x00000000 
change        member 2 joined 1 remove 0 failed 0 seq 2,2
members       1 2 | dlm_tool lsdlm lockspaces
name          clvmd
id            0x4104eefa
flags         0x00000000 
change        member 2 joined 1 remove 0 failed 0 seq 1,1
members       1 2 | 
Looking good!
Initialize our DRBD Resource for use as LVM PVs
This is the first time we're actually going to use DRBD and clustered LVM, so we need to make sure that both are started.
First, check drbd.
| an-c05n01 | /etc/init.d/drbd statusdrbd driver loaded OK; device status:
version: 8.3.16 (api:88/proto:86-97)
GIT-hash: a798fa7e274428a357657fb52f0ecf40192c1985 build by phil@Build64R6, 2013-09-27 16:00:43
m:res  cs          ro               ds                     p  mounted  fstype
...    sync'ed:    19.4%            (416880/517092)M
...    sync'ed:    32.4%            (198972/294024)M
0:r0   SyncSource  Primary/Primary  UpToDate/Inconsistent  C
1:r1   SyncSource  Primary/Primary  UpToDate/Inconsistent  C | 
|---|---|
| an-c05n02 | /etc/init.d/drbd statusdrbd driver loaded OK; device status:
version: 8.3.16 (api:88/proto:86-97)
GIT-hash: a798fa7e274428a357657fb52f0ecf40192c1985 build by phil@Build64R6, 2013-09-27 16:00:43
m:res  cs          ro               ds                     p  mounted  fstype
...    sync'ed:    19.4%            (416880/517092)M
...    sync'ed:    32.4%            (198956/294024)M
0:r0   SyncTarget  Primary/Primary  Inconsistent/UpToDate  C
1:r1   SyncTarget  Primary/Primary  Inconsistent/UpToDate  C | 
It's up and both resources are Primary/Primary, so we're ready. If it's not running for you, start DRBD now with:
/etc/init.d/drbd startStarting DRBD resources: [ d(r0) d(r1) s(r0) s(r1) n(r0) n(r1) ].Now to check on clvmd.
| an-c05n01 | /etc/init.d/clvmd statusclvmd (pid  13936) is running...
Clustered Volume Groups: (none)
Active clustered Logical Volumes: (none) | 
|---|---|
| an-c05n02 | /etc/init.d/clvmd statusclvmd (pid  13894) is running...
Clustered Volume Groups: (none)
Active clustered Logical Volumes: (none) | 
It's up and running. As we did earlier, we can also verify with dlm_tool ls if we wish.
If clvmd isn't running yet, start it now with;
/etc/init.d/clvmd startStarting clvmd: 
Activating VG(s):   No volume groups found
                                                           [  OK  ]Before we can use LVM, clustered or otherwise, we need to initialize one or more raw storage devices called "Physical Volumes". This is done using the pvcreate command. We're going to do this on an-c05n01, then run pvscan on an-c05n02. We should see the newly initialized DRBD resources appear.
First, let's verify that, indeed, we have no existing PVs. We'll do this with pvscan, a tool that looks at blocks devices for physical volumes it may not yet have seen.
Running pvscan first, we'll see that no PVs have been created.
| an-c05n01 | pvscan  No matching physical volumes found | 
|---|---|
| an-c05n02 | pvscan  No matching physical volumes found | 
Now we'll run pvcreate on an-c05n01 against both DRBD devices. This will "sign" the devices and tell LVM that it can use the in VGs we'll soon create. On the other node, we'll run pvdisplay. If The "clustered" part of clvmd is working, an-c05n02 should immediately know about the new PVs without needing another pvscan.
| an-c05n01 | pvcreate /dev/drbd{0,1}  Physical volume "/dev/drbd0" successfully created
  Physical volume "/dev/drbd1" successfully created | 
|---|---|
| an-c05n02 | pvdisplay  "/dev/drbd0" is a new physical volume of "504.97 GiB"
  --- NEW Physical volume ---
  PV Name               /dev/drbd0
  VG Name               
  PV Size               504.97 GiB
  Allocatable           NO
  PE Size               0   
  Total PE              0
  Free PE               0
  Allocated PE          0
  PV UUID               w2mbVu-7R3P-6j6t-Jpyd-M3SA-tzZt-kRj6uY
   
  "/dev/drbd1" is a new physical volume of "287.13 GiB"
  --- NEW Physical volume ---
  PV Name               /dev/drbd1
  VG Name               
  PV Size               287.13 GiB
  Allocatable           NO
  PE Size               0   
  Total PE              0
  Free PE               0
  Allocated PE          0
  PV UUID               ELfiwP-ZqPT-OMSy-SD26-Jmt0-CTB3-z3CTmP | 
If this was normal LVM, an-c05n02 would not have seen the new PVs. Because DRBD replicated the changes and clustered LVM alerted the peer though, it immediately knew about the changes.
Pretty neat!
Creating Cluster Volume Groups
As with initializing the DRBD resource above, we will create our volume groups, called VGs, on an-c05n01 only. As with the PVs, we will again be able to see them on both nodes immediately.
Let's verify that no previously-unseen VGs exist using the vgscan command.
| an-c05n01 | vgscan  Reading all physical volumes.  This may take a while...
  No volume groups found | 
|---|---|
| an-c05n02 | vgscan  Reading all physical volumes.  This may take a while...
  No volume groups found | 
Now to create the VGs, we'll use the vgcreate command with the -c y switch, which tells LVM to make the VG a clustered VG. Note that when the clvmd daemon is running, -c y is implied. However, it's best to get into the habit of being extra careful and thorough. If there was a problem, like clvmd not being running for example, it will trigger an error and we avoid hassles later.
|  | Note: If you plan to use the cluster dashboard, it is important that the volume group names match those below. If you do not do this, you may have trouble provisioning new servers via the dashboard's user interface. | 
We're going to use the volume group naming convention of:
- <node>_vgX
- The <node> matches the node that will become home to the servers using this storage pool.
- The vgX is a simple sequence, starting at 0. If you ever need to add space to an existing storage pool, you can create a new DRBD resource, sign it as a PV and either assign it directly to the existing volume group or increment this number and create a second storage pool for the associated node.
 
Earlier, while planning our partition sizes, we decided that /dev/drbd0 would back the servers designed to run on an-c05n01. So we'll create a volume group called an-c05n01_vg0 that uses the /dev/drbd0 physical volume.
Likewise, we decided that /etc/drbd1 would be used for the servers designed to run on an-c05n02. So we'll create a volume group called an-c05n02_vg0.
On an-c05n01, create both of our new VGs!
| an-c05n01 | vgcreate -c y an-c05n01_vg0 /dev/drbd0
vgcreate -c y an-c05n02_vg0 /dev/drbd1  Clustered volume group "an-c05n01_vg0" successfully created
  Clustered volume group "an-c05n02_vg0" successfully created | 
|---|---|
| an-c05n02 | vgdisplay  --- Volume group ---
  VG Name               an-c05n02_vg0
  System ID             
  Format                lvm2
  Metadata Areas        1
  Metadata Sequence No  1
  VG Access             read/write
  VG Status             resizable
  Clustered             yes
  Shared                no
  MAX LV                0
  Cur LV                0
  Open LV               0
  Max PV                0
  Cur PV                1
  Act PV                1
  VG Size               287.13 GiB
  PE Size               4.00 MiB
  Total PE              73506
  Alloc PE / Size       0 / 0   
  Free  PE / Size       73506 / 287.13 GiB
  VG UUID               1h5Gzk-6UX6-xvUo-GWVH-ZMFM-YLop-dYiC7L
   
  --- Volume group ---
  VG Name               an-c05n01_vg0
  System ID             
  Format                lvm2
  Metadata Areas        1
  Metadata Sequence No  1
  VG Access             read/write
  VG Status             resizable
  Clustered             yes
  Shared                no
  MAX LV                0
  Cur LV                0
  Open LV               0
  Max PV                0
  Cur PV                1
  Act PV                1
  VG Size               504.97 GiB
  PE Size               4.00 MiB
  Total PE              129273
  Alloc PE / Size       0 / 0   
  Free  PE / Size       129273 / 504.97 GiB
  VG UUID               TzKBFn-xBVB-e9AP-iL1l-AvQi-mZiV-86KnSF | 
Good! Now as a point of note, let's look again at pvdisplay on an-c05n01 (we know it will be the same on an-c05n02).
| an-c05n01 | pvdisplay  --- Physical volume ---
  PV Name               /dev/drbd1
  VG Name               an-c05n02_vg0
  PV Size               287.13 GiB / not usable 1.99 MiB
  Allocatable           yes 
  PE Size               4.00 MiB
  Total PE              73506
  Free PE               73506
  Allocated PE          0
  PV UUID               ELfiwP-ZqPT-OMSy-SD26-Jmt0-CTB3-z3CTmP
   
  --- Physical volume ---
  PV Name               /dev/drbd0
  VG Name               an-c05n01_vg0
  PV Size               504.97 GiB / not usable 2.18 MiB
  Allocatable           yes 
  PE Size               4.00 MiB
  Total PE              129273
  Free PE               129273
  Allocated PE          0
  PV UUID               w2mbVu-7R3P-6j6t-Jpyd-M3SA-tzZt-kRj6uY | 
|---|
Notice now that VG Name has a value where it didn't before? This shows us that the PV has been allocated to a volume.
That's it for the volume groups!
Creating a Logical Volume
The last LVM step, for now, is to create a "logical volume" carved from the an-c05n01_vg0 volume group. This will be used in the next step as the volume for our /shared GFS2 partition.
Out of thoroughness, let's scan for any previously unseen logical volumes using lvscan.
| an-c05n01 | lvscan<nothing>
# nothing printed | 
|---|---|
| an-c05n02 | lvscan# nothing printed | 
None found, as expected. So let's create our 40 GB logical volume for our /shared GFS2 partition. We'll do this by specifying how large we want the new logical volume to be, what name we want to give it and what volume group to carve the space out of. The resulting logical volume will then be /dev/<vg>/<lv>. Here, we're taking space from an-c05n01 and we'll call this LV shared, so the resulting volume will be /dev/an-c05n01_vg0/shared.
| an-c05n01 | lvcreate -L 40G -n shared an-c05n01_vg0  Logical volume "shared" created | 
|---|---|
| an-c05n02 | lvdisplay  --- Logical volume ---
  LV Path                /dev/an-c05n01_vg0/shared
  LV Name                shared
  VG Name                an-c05n01_vg0
  LV UUID                f0w1J0-6aTz-0Bz0-SX57-pstr-g5qu-SAGGSS
  LV Write Access        read/write
  LV Creation host, time an-c05n01.alteeve.ca, 2013-10-31 17:07:50 -0400
  LV Status              available
  # open                 0
  LV Size                40.00 GiB
  Current LE             10240
  Segments               1
  Allocation             inherit
  Read ahead sectors     auto
  - currently set to     256
  Block device           253:0 | 
Perfect. We can now create our GFS2 partition!
|  | Note: This section assumes that cman, drbd and clvmd are running. | 
The GFS2-formatted /dev/an-c05n01/shared partition will be mounted at /shared on both nodes and it will be used for four main purposes;
- /shared/files; Storing files like ISO images needed when installing server operating systems and mounting "DVDs" into the virtual DVD-ROM drives.
- /shared/provision; Storing short scripts used to call virt-install which handles the creation of new servers.
- /shared/definitions; This is where the XML definition files which define the virtual hardware backing our servers will be kept. This is the most important directory as the cluster and dashboard will look here when starting, migrating and recovering servers.
- /shared/archive; This is used to store old copies of the XML definition files and provision scripts.
Formatting the logical volume is much like formatting a traditional file system on a traditional partition. There are a few extra arguments needed though. Lets look at them first.
The following switches will be used with our mkfs.gfs2 call;
- -p lock_dlm; This tells GFS2 to use DLM for its clustered locking.
- -j 2; This tells GFS2 to create two journals. This must match the number of nodes that will try to mount this partition at any one time.
- -t an-cluster-05:shared; This is the lock space name, which must be in the format <cluste_name>:<file-system_name>. The cluster_name must match the one in cluster.conf. The <file-system_name> has to be unique in the cluster, which is easy for us because we'll only have the one gfs2 file system.
Once we've formatted the partition, we'll use a program called gfs2_tool on an-c05n02 to query the new partition's superblock. We're going to use it shortly in some bash magic to pull out the UUID and feed it into a string formatted for /etc/fstab. More importantly here, it shows us that the second node sees the new file system.
|  | Note: Depending on the size of the new partition, this call could take a while to complete. Please be patient. | 
| an-c05n01 | mkfs.gfs2 -p lock_dlm -j 2 -t an-cluster-05:shared /dev/an-c05n01_vg0/sharedThis will destroy any data on /dev/an-c05n01_vg0/shared.
It appears to contain: symbolic link to `../dm-0'Are you sure you want to proceed? [y/n] yDevice:                    /dev/an-c05n01_vg0/shared
Blocksize:                 4096
Device Size                40.00 GB (10485760 blocks)
Filesystem Size:           40.00 GB (10485758 blocks)
Journals:                  2
Resource Groups:           160
Locking Protocol:          "lock_dlm"
Lock Table:                "an-cluster-05:shared"
UUID:                      774883e8-d0fe-a068-3969-4bb7dc679960 | 
|---|---|
| an-c05n02 | gfs2_tool sb /dev/an-c05n01_vg0/shared all  mh_magic = 0x01161970
  mh_type = 1
  mh_format = 100
  sb_fs_format = 1801
  sb_multihost_format = 1900
  sb_bsize = 4096
  sb_bsize_shift = 12
  no_formal_ino = 2
  no_addr = 23
  no_formal_ino = 1
  no_addr = 22
  sb_lockproto = lock_dlm
  sb_locktable = an-cluster-05:shared
  uuid = 774883e8-d0fe-a068-3969-4bb7dc679960 | 
Very nice.
Now, on both nodes, we need to create a mount point for the new file system and then we'll mount it on both nodes.
| an-c05n01 | mkdir /shared
mount /dev/an-c05n01_vg0/shared /shared/
df -hPFilesystem            Size  Used Avail Use% Mounted on
/dev/sda2              40G  1.7G   36G   5% /
tmpfs                  12G   29M   12G   1% /dev/shm
/dev/sda1             485M   51M  409M  12% /boot
/dev/mapper/an--c05n01_vg0-shared   40G  259M   40G   1% /shared | 
|---|---|
| an-c05n02 | mkdir /shared
mount /dev/an-c05n01_vg0/shared /shared/
df -hPFilesystem            Size  Used Avail Use% Mounted on
/dev/sda2              40G  1.7G   36G   5% /
tmpfs                  12G   26M   12G   1% /dev/shm
/dev/sda1             485M   51M  409M  12% /boot
/dev/mapper/an--c05n01_vg0-shared   40G  259M   40G   1% /shared | 
Note that the path under Filesystem is different from what we used when creating the GFS2 partition. This is an effect of Device Mapper, which is used by LVM to create symlinks to actual block device paths. If we look at our /dev/an-c05n01_vg0/shared device and the device from df, /dev/mapper/an--c05n01_vg0-shared, we'll see that they both point to the same actual block device.
ls -lah /dev/an-c05n01_vg0/shared /dev/mapper/an--c05n01_vg0-sharedlrwxrwxrwx. 1 root root 7 Oct 31 17:07 /dev/an-c05n01_vg0/shared -> ../dm-0
lrwxrwxrwx. 1 root root 7 Oct 31 17:07 /dev/mapper/an--c05n01_vg0-shared -> ../dm-0Note the l at the beginning of the files' mode? That tells us that these are links. The -> ../dm-0 shows where they point to. If we look at /dev/dm-0, we see it's mode line begins with a b, telling us that it is an actual block device.
ls -lah /dev/dm-0brw-rw----. 1 root disk 253, 0 Oct 31 17:27 /dev/dm-0If you're curious, you can use dmsetup to gather more information about the device mapper devices. Let's take a look.
dmsetup infoName:              an--c05n01_vg0-shared
State:             ACTIVE
Read Ahead:        256
Tables present:    LIVE
Open count:        1
Event number:      0
Major, minor:      253, 0
Number of targets: 1
UUID: LVM-TzKBFnxBVBe9APiL1lAvQimZiV86KnSFf0w1J06aTz0Bz0SX57pstrg5quSAGGSSHere we see the link back to the LV.
|  | Warning: We're going to edit /etc/fstab. Breaking this file may leave your system unbootable! As always, practice on unimportant nodes until you are comfortable with this process. | 
In order for the the /etc/init.d/gfs2 initialization script to work, it must be able to find the GFS partition in the file system table, /etc/fstab. The operating system reads this file when it is booting, looking for file systems to mount. As such, this is a critical system file and breaking it can leave a node either unable to boot, or booting into the single user recovery console.
So please proceed carefully.
First up, let's backup /etc/fstab.
| an-c05n01 | rsync -av /etc/fstab /root/backups/sending incremental file list
fstab
sent 878 bytes  received 31 bytes  1818.00 bytes/sec
total size is 805  speedup is 0.89 | 
|---|---|
| an-c05n02 | rsync -av /etc/fstab /root/backups/sending incremental file list
fstab
sent 878 bytes  received 31 bytes  1818.00 bytes/sec
total size is 805  speedup is 0.89 | 
Adding a new entry to the fstab requires a particularly crafted line. You can read about this in detail by typing man fstab. In short though, each line is made up of six space-separated values;
- This is the device (by path or by UUID). We will be using the partition's UUID here.
- This is the mount point for the file system. For this entry, that will be /shared.
- This tells the OS what file system this partition is. For us, we'll set gfs2.
- These are the mount options. Usually this is default which implies a set of option. We're going to add a couple other options to modify this, which we'll discuss shortly.
- This tells the dump program whether to back this file system up or not. It's not usually used except with ext2 or ext3 file systems. Even then, it's rarely used any more. We will set this to 0 which disables this.
- This last field sets the order in which boot-time fsck (file system checks) run. This file system is never available at boot, so the only sensible value here is 0.
With all this, we can now build our fstab entry.
First, we need to query the file system's UUID.
gfs2_tool sb /dev/an-c05n01_vg0/shared uuidcurrent uuid = 774883e8-d0fe-a068-3969-4bb7dc679960We only need the UUID, so let's filter out the parts we don't want by using awk, which splits a line up on spaces.
gfs2_tool sb /dev/an-c05n01_vg0/shared uuid | awk '{ print $4; }'774883e8-d0fe-a068-3969-4bb7dc679960We need to make sure that the UUID is lower-case. It is already, but we can make sure it's always lower case by using sed.
gfs2_tool sb /dev/an-c05n01_vg0/shared uuid | awk '{ print $4; }' | sed -e "s/\(.*\)/\L\1\E/"774883e8-d0fe-a068-3969-4bb7dc679960When specifying a device in /etc/fstab but UUID instead of using a device path, we need to prefix the entry with UUID=. We can expand on our sed call to do this.
gfs2_tool sb /dev/an-c05n01_vg0/shared uuid | awk '{ print $4; }' | sed -e "s/\(.*\)/UUID=\L\1\E/"UUID=774883e8-d0fe-a068-3969-4bb7dc679960Generally, all but the last two values are separated by tabs. We know that the second field is the mount point for this file system, which is /shared in this case. lets expand the sed call to add a tab followed by the mount point.
gfs2_tool sb /dev/an-c05n01_vg0/shared uuid | awk '{ print $4; }' | sed -e "s/\(.*\)/UUID=\L\1\E\t\/shared/"UUID=774883e8-d0fe-a068-3969-4bb7dc679960	/sharedThe third entry is the file system type, gfs2 in our case. Let's add another tab and the gfs2 word.
gfs2_tool sb /dev/an-c05n01_vg0/shared uuid | awk '{ print $4; }' | sed -e "s/\(.*\)/UUID=\L\1\E\t\/shared\tgfs2/"UUID=774883e8-d0fe-a068-3969-4bb7dc679960	/shared	gfs2Next up are the file system options. GFS2, being a clustered file system, requires cluster locking. Cluster locks are, relative to non-clustered internal locks, fairly slow. So we also want to reduce the number of writes that hit the partition. Normally, every time you look at a file or directory, a field called "access time", or "atime" for short, gets updated. This is actually a write, which would in turn require a DLM lock. Few people care about access times, so we're going to disable it for files and directories as well. We're to append a couple of option to help here; defaults,noatime,nodiratime. Let's add them to our growing sed call.
gfs2_tool sb /dev/an-c05n01_vg0/shared uuid | awk '{ print $4; }' | sed -e "s/\(.*\)/UUID=\L\1\E\t\/shared\tgfs2\tdefaults,noatime,nodiratime/"UUID=774883e8-d0fe-a068-3969-4bb7dc679960	/shared	gfs2	defaults,noatime,nodiratimeAll that is left now are the two last options. We're going to separate these with a single space. Let's finish off the fstab with one last addition to our sed.
gfs2_tool sb /dev/an-c05n01_vg0/shared uuid | awk '{ print $4; }' | sed -e "s/\(.*\)/UUID=\L\1\E\t\/shared\tgfs2\tdefaults,noatime,nodiratime\t0 0/"UUID=774883e8-d0fe-a068-3969-4bb7dc679960	/shared	gfs2	defaults,noatime,nodiratime	0 0That's it!
Now, we can add it by simply copy and pasting this line into the file directly. Another bash trick though, as we say in the SSH section, is using bash redirection to append the output of one program onto the end of a file. We'll do a diff immediately after to see that the line was appended properly.
|  | Note: Be sure to use two >> brackets! A single ">" bracket says "overwrite". Two ">>" brackets says "append". | 
| an-c05n01 | gfs2_tool sb /dev/an-c05n01_vg0/shared uuid | awk '/uuid =/ { print $4; }' | sed -e "s/\(.*\)/UUID=\L\1\E \/shared\t\tgfs2\tdefaults,noatime,nodiratime\t0 0/" >> /etc/fstab
diff -u /root/backups/fstab /etc/fstab--- /root/backups/fstab	2013-10-28 12:30:07.000000000 -0400
+++ /etc/fstab	2013-11-01 01:17:33.865210115 -0400
@@ -13,3 +13,4 @@
 devpts                  /dev/pts                devpts  gid=5,mode=620  0 0
 sysfs                   /sys                    sysfs   defaults        0 0
 proc                    /proc                   proc    defaults        0 0
+UUID=774883e8-d0fe-a068-3969-4bb7dc679960 /shared		gfs2	defaults,noatime,nodiratime	0 0 | 
|---|---|
| an-c05n02 | gfs2_tool sb /dev/an-c05n01_vg0/shared uuid | awk '/uuid =/ { print $4; }' | sed -e "s/\(.*\)/UUID=\L\1\E \/shared\t\tgfs2\tdefaults,noatime,nodiratime\t0 0/" >> /etc/fstab
diff -u /root/backups/fstab /etc/fstab--- /root/backups/fstab	2013-10-28 12:18:04.000000000 -0400
+++ /etc/fstab	2013-11-01 01:14:39.035500695 -0400
@@ -13,3 +13,4 @@
 devpts                  /dev/pts                devpts  gid=5,mode=620  0 0
 sysfs                   /sys                    sysfs   defaults        0 0
 proc                    /proc                   proc    defaults        0 0
+UUID=774883e8-d0fe-a068-3969-4bb7dc679960 /shared		gfs2	defaults,noatime,nodiratime	0 0 | 
This looks good. Note that for this diff, we used the -u option. This shows a couple lines on either side of the changes. We see the existing entries above the new one, so we know we didn't accidentally over-write the existing data.
Now we need to make sure that the /etc/init.d/gfs2 daemon can see the new partition. If it can, we know the /etc/fstab entry works properly.
| an-c05n01 | /etc/init.d/gfs2 statusConfigured GFS2 mountpoints: 
/shared
Active GFS2 mountpoints: 
/shared | 
|---|---|
| an-c05n02 | /etc/init.d/gfs2 statusConfigured GFS2 mountpoints: 
/shared
Active GFS2 mountpoints: 
/shared | 
That works.
The last test is to create our sub-directories we talked about earlier. We'll do this on an-c05n01, then we will do a simple ls on an-c05n02. If everything is working properly, we should see the new directories immediately.
| an-c05n01 | mkdir /shared/{definitions,provision,archive,files} | 
|---|---|
| an-c05n02 | ls -lah /shared/total 40K
drwxr-xr-x.  6 root root 3.8K Nov  1 01:23 .
dr-xr-xr-x. 24 root root 4.0K Oct 31 21:02 ..
drwxr-xr-x.  2 root root 3.8K Nov  1 01:23 archive
drwxr-xr-x.  2 root root 3.8K Nov  1 01:23 definitions
drwxr-xr-x.  2 root root 3.8K Nov  1 01:23 files
drwxr-xr-x.  2 root root 3.8K Nov  1 01:23 provision | 
Fantastic!
Our clustered storage is complete. The last thing we need to do is to move the clustered storage to rgmanager now.
Stopping All Clustered Storage Components
In the next step, we're going to put gfs2, clvmd and drbd under the cluster's control. Let's stop these daemons now so we can see them be started by rgmanager shortly.
| an-c05n01 | /etc/init.d/gfs2 stop && /etc/init.d/clvmd stop && /etc/init.d/drbd stopUnmounting GFS2 filesystem (/shared):                      [  OK  ]
Deactivating clustered VG(s):   0 logical volume(s) in volume group "an-c05n02_vg0" now active
  0 logical volume(s) in volume group "an-c05n01_vg0" now active
                                                           [  OK  ]
Signaling clvmd to exit                                    [  OK  ]
clvmd terminated                                           [  OK  ]
Stopping all DRBD resources: . | 
|---|---|
| an-c05n02 | /etc/init.d/gfs2 stop && /etc/init.d/clvmd stop && /etc/init.d/drbd stopUnmounting GFS2 filesystem (/shared):                      [  OK  ]
Deactivating clustered VG(s):   0 logical volume(s) in volume group "an-c05n02_vg0" now active
  clvmd not running on node an-c05n01.alteeve.ca
  0 logical volume(s) in volume group "an-c05n01_vg0" now active
  clvmd not running on node an-c05n01.alteeve.ca
                                                           [  OK  ]
Signaling clvmd to exit                                    [  OK  ]
clvmd terminated                                           [  OK  ]
Stopping all DRBD resources: . | 
Done.
Managing Storage In The Cluster
A little while back, we spoke about how the cluster is split into two components; cluster communication managed by cman and resource management provided by rgmanager. It is the later which we will now begin to configure.
In the cluster.conf, the rgmanager component is contained within the <rm /> element tags. Within this element are three types of child elements. They are:
- Fail-over Domains - <failoverdomains />;
- These are optional constraints which allow for control which nodes, and under what circumstances, services may run. When not used, a service will be allowed to run on any node in the cluster without constraints or ordering.
 
- Resources - <resources />;
- Within this element, available resources are defined. Simply having a resource here will not put it under cluster control. Rather, it makes it available for use in <service /> elements.
 
- Services - <service />;
- This element contains one or more parallel or series child-elements which are themselves references to <resources /> elements. When in parallel, the services will start and stop at the same time. When in series, the services start in order and stop in reverse order. We will also see a specialized type of service that uses the <vm /> element name, as you can probably guess, for creating virtual machine services.
 
We'll look at each of these components in more detail shortly.
A Note On Daemon Starting
There are four daemons we will be putting under cluster control;
- drbd; Replicated storage.
- clvmd; Clustered LVM.
- gfs2; Mounts and Unmounts configured GFS2 partition. We will manage this using the clusterfs resource agent.
- libvirtd; Enables access to the KVM hypervisor via the libvirtd suite of tools.
The reason we do not want to start these daemons with the system is so that we can let the cluster do it. This way, should any fail, the cluster will detect the failure and fail the entire service tree.
For example, lets say that drbd failed to start, rgmanager would fail the storage service and give up, rather than continue trying to start clvmd and the rest.
If we had left these daemons to start on boot, the failure of the drbd would not effect the start-up of clvmd, which would then not find its PVs given that DRBD is down. The system would then try to start the gfs2 daemon which would also fail as the LV backing the partition would not be available.
Defining The Resources
Lets start by first defining our clustered resources.
As stated before, the addition of these resources does not, in itself, put the defined resources under the cluster's management. Instead, it defines services, like init.d scripts. These can then be used by one or more <service /> elements, as we will see shortly. For now, it is enough to know what, until a resource is defined, it can not be used in the cluster.
Given that this is the first component of rgmanager being added to cluster.conf, we will be creating the parent <rm /> elements here as well.
Let's take a look at the new section, then discuss the parts.
<?xml version="1.0"?>
<cluster name="an-cluster-05" config_version="8">
	<cman expected_votes="1" two_node="1" />
	<clusternodes>
		<clusternode name="an-c05n01.alteeve.ca" nodeid="1">
			<fence>
				<method name="ipmi">
					<device name="ipmi_n01" action="reboot" delay="15" />
				</method>
				<method name="pdu">
					<device name="pdu1" port="1" action="reboot" />
					<device name="pdu2" port="1" action="reboot" />
				</method>
			</fence>
		</clusternode>
		<clusternode name="an-c05n02.alteeve.ca" nodeid="2">
			<fence>
				<method name="ipmi">
					<device name="ipmi_n02" action="reboot" />
				</method>
				<method name="pdu">
					<device name="pdu1" port="2" action="reboot" />
					<device name="pdu2" port="2" action="reboot" />
				</method>
			</fence>
		</clusternode>
	</clusternodes>
	<fencedevices>
		<fencedevice name="ipmi_n01" agent="fence_ipmilan" ipaddr="an-c05n01.ipmi" login="admin" passwd="secret" />
		<fencedevice name="ipmi_n02" agent="fence_ipmilan" ipaddr="an-c05n02.ipmi" login="admin" passwd="secret" />
		<fencedevice agent="fence_apc_snmp" ipaddr="an-p01.alteeve.ca" name="pdu1" />
		<fencedevice agent="fence_apc_snmp" ipaddr="an-p02.alteeve.ca" name="pdu2" />
	</fencedevices>
	<fence_daemon post_join_delay="30" />
	<totem rrp_mode="none" secauth="off"/>
	<rm log_level="5">
		<resources>
			<script file="/etc/init.d/drbd" name="drbd"/>
			<script file="/etc/init.d/clvmd" name="clvmd"/>
			<clusterfs device="/dev/an-c05n01_vg0/shared" force_unmount="1" fstype="gfs2" mountpoint="/shared" name="sharedfs" />
			<script file="/etc/init.d/libvirtd" name="libvirtd"/>
		</resources>
	</rm>
</cluster>First and foremost; Note that we've incremented the configuration version to 8. As always, "increment and then edit".
Let's focus on the new section;
	<rm log_level="5">
		<resources>
			<script file="/etc/init.d/drbd" name="drbd"/>
			<script file="/etc/init.d/clvmd" name="clvmd"/>
			<clusterfs device="/dev/an-c05n01_vg0/shared" force_unmount="1" fstype="gfs2" mountpoint="/shared" name="sharedfs" />
			<script file="/etc/init.d/libvirtd" name="libvirtd"/>
		</resources>
	</rm>We've added the attribute log_level="5" to the <rm> element to cut down on the log entries in /var/log/messages. Every 10 seconds, rgmanager calls /etc/init.d/$foo status on all script services. At the default log, these checks are logged. So without this, every ten seconds, four status messages would be printed to the system log. That can make is difficult when tail'ing the logs when testing or debugging.
The <resources>...</resources> element contains our four <script .../> resources. This is a particular type of resource which specifically handles that starting and stopping of init.d style scripts. That is, the script must exit with LSB compliant codes. They must also properly react to being called with the sole argument of start, stop and status.
There are many other types of resources which, with the exception of <vm .../>, we will not be looking at in this tutorial. Should you be interested in them, please look in /usr/share/cluster for the various scripts (executable files that end with .sh).
Each of our four <script ... /> resources have two attributes;
- file="..."; The full path to the script to be managed.
- name="..."; A unique name used to reference this resource later on in the <service /> elements.
Other resources are more involved, but the <script .../> resources are quite simple.
Creating Failover Domains
Fail-over domains are, at their most basic, a collection of one or more nodes in the cluster with a particular set of rules associated with them. Services can then be configured to operate within the context of a given fail-over domain. There are a few key options to be aware of.
Fail-over domains are optional and can be left out of the cluster, generally speaking. However, in our cluster, we will need them for our storage services, as we will later see, so please do not skip this step.
- A fail-over domain can be unordered or prioritized.
- When unordered, a service will start on any node in the domain. Should that node later fail, it will restart to another random node in the domain.
- When prioritized, a service will start on the available node with the highest priority in the domain. Should that node later fail, the service will restart on the available node with the next highest priority.
 
- A fail-over domain can be restricted or unrestricted.
- When restricted, a service is only allowed to start on, or restart on. a nodes in the domain. When no nodes are available, the service will be stopped.
- When unrestricted, a service will try to start on, or restart on, a node in the domain. However, when no domain members are available, the cluster will pick another available node at random to start the service on.
 
- A fail-over domain can have a fail-back policy.
- When a domain allows for fail-back and the domain is ordered, and a node with a higher priority (re)joins the cluster, services within the domain will migrate to that higher-priority node. This allows for automated restoration of services on a failed node when it rejoins the cluster.
- When a domain does not allow for fail-back, but is unrestricted, fail-back of services that fell out of the domain will happen anyway. That is to say, nofailback="1" is ignored if a service was running on a node outside of the fail-over domain and a node within the domain joins the cluster. However, once the service is on a node within the domain, the service will not relocate to a higher-priority node should one join the cluster later.
- When a domain does not allow for fail-back and is restricted, then fail-back of services will never occur.
 
What we need to do at this stage is to create something of a hack. Let me explain;
As discussed earlier, we need to start a set of local daemons on all nodes. These aren't really clustered resources though as they can only ever run on their host node. They will never be relocated or restarted elsewhere in the cluster as as such, are not highly available. So to work around this desire to "cluster the unclusterable", we're going to create a fail-over domain for each node in the cluster. Each of these domains will have only one of the cluster nodes as members of the domain and the domain will be restricted, unordered and have no fail-back. With this configuration, any service group using it will only ever run on the one node in the domain.
In the next step, we will create a service group, then replicate it once for each node in the cluster. The only difference will be the failoverdomain each is set to use. With our configuration of two nodes then, we will have two fail-over domains, one for each node, and we will define the clustered storage service twice, each one using one of the two fail-over domains.
Let's look at the complete updated cluster.conf, then we will focus closer on the new section.
<?xml version="1.0"?>
<cluster name="an-cluster-05" config_version="9">
	<cman expected_votes="1" two_node="1" />
	<clusternodes>
		<clusternode name="an-c05n01.alteeve.ca" nodeid="1">
			<fence>
				<method name="ipmi">
					<device name="ipmi_n01" action="reboot" delay="15" />
				</method>
				<method name="pdu">
					<device name="pdu1" port="1" action="reboot" />
					<device name="pdu2" port="1" action="reboot" />
				</method>
			</fence>
		</clusternode>
		<clusternode name="an-c05n02.alteeve.ca" nodeid="2">
			<fence>
				<method name="ipmi">
					<device name="ipmi_n02" action="reboot" />
				</method>
				<method name="pdu">
					<device name="pdu1" port="2" action="reboot" />
					<device name="pdu2" port="2" action="reboot" />
				</method>
			</fence>
		</clusternode>
	</clusternodes>
	<fencedevices>
		<fencedevice name="ipmi_n01" agent="fence_ipmilan" ipaddr="an-c05n01.ipmi" login="admin" passwd="secret" />
		<fencedevice name="ipmi_n02" agent="fence_ipmilan" ipaddr="an-c05n02.ipmi" login="admin" passwd="secret" />
		<fencedevice agent="fence_apc_snmp" ipaddr="an-p01.alteeve.ca" name="pdu1" />
		<fencedevice agent="fence_apc_snmp" ipaddr="an-p02.alteeve.ca" name="pdu2" />
	</fencedevices>
	<fence_daemon post_join_delay="30" />
	<totem rrp_mode="none" secauth="off"/>
	<rm log_level="5">
		<resources>
			<script file="/etc/init.d/drbd" name="drbd"/>
			<script file="/etc/init.d/clvmd" name="clvmd"/>
			<clusterfs device="/dev/an-c05n01_vg0/shared" force_unmount="1" fstype="gfs2" mountpoint="/shared" name="sharedfs" />
			<script file="/etc/init.d/libvirtd" name="libvirtd"/>
		</resources>
		<failoverdomains>
			<failoverdomain name="only_n01" nofailback="1" ordered="0" restricted="1">
				<failoverdomainnode name="an-c05n01.alteeve.ca"/>
			</failoverdomain>
			<failoverdomain name="only_n02" nofailback="1" ordered="0" restricted="1">
				<failoverdomainnode name="an-c05n02.alteeve.ca"/>
			</failoverdomain>
		</failoverdomains>
	</rm>
</cluster>As always, the version was incremented, this time to 9. We've also added the new <failoverdomains>...</failoverdomains> element. Let's take a closer look at this new element.
		<failoverdomains>
			<failoverdomain name="only_n01" nofailback="1" ordered="0" restricted="1">
				<failoverdomainnode name="an-c05n01.alteeve.ca"/>
			</failoverdomain>
			<failoverdomain name="only_n02" nofailback="1" ordered="0" restricted="1">
				<failoverdomainnode name="an-c05n02.alteeve.ca"/>
			</failoverdomain>
		</failoverdomains>The first thing to node is that there are two <failoverdomain...>...</failoverdomain> child elements.
- The first has the name only_n01 and contains only the node an-c05n01 as a member.
- The second is effectively identical, save that the domain's name is only_n02 and it contains only the node an-c05n02 as a member.
The <failoverdomain ...> element has four attributes;
- The name="..." attribute sets the unique name of the domain which we will later use to bind a service to the domain.
- The nofailback="1" attribute tells the cluster to never "fail back" any services in this domain. This seems redundant, given there is only one node, but when combined with restricted="0", prevents any migration of services.
- The ordered="0" this is also somewhat redundant in that there is only one node defined in the domain, but I don't like to leave attributes undefined so I have it here.
- The restricted="1" attribute is key in that it tells the cluster to not try to restart services within this domain on any other nodes outside of the one defined in the fail-over domain.
Each of the <failoverdomain...> elements has a single <failoverdomainnode .../> child element. This is a very simple element which has, at this time, only one attribute;
- name="..."; The name of the node to include in the fail-over domain. This name must match the corresponding <clusternode name="..." node name.
At this point, we're ready to finally create our clustered storage and libvirtd monitoring services.
Creating Clustered Storage and libvirtd Services
With the resources defined and the fail-over domains created, we can set about creating our services.
Generally speaking, services can have one or more resources within them. When two or more resources exist, then can be put into a dependency tree, they can used in parallel or a combination of parallel and dependent resources.
When you create a service dependency tree, you put each dependent resource as a child element of its parent. The resources are then started in order, starting at the top of the tree and working its way down to the deepest child resource. If at any time one of the resources should fail, the entire service will be declared failed and no attempt will be made to try and start any further child resources. Conversely, stopping the service will cause the deepest child resource to be stopped first. Then the second deepest and on upwards towards the top resource. This is exactly the behaviour we want, as we will see shortly.
When resources are defined in parallel, all defined resources will be started at the same time. Should any one of the resources fail to start, the entire resource will declared failed. Stopping the service will likewise cause a simultaneous call to stop all resources.
As before, let's take a look at the entire updated cluster.conf file, then we'll focus in on the new service section.
<?xml version="1.0"?>
<cluster name="an-cluster-05" config_version="10">
	<cman expected_votes="1" two_node="1" />
	<clusternodes>
		<clusternode name="an-c05n01.alteeve.ca" nodeid="1">
			<fence>
				<method name="ipmi">
					<device name="ipmi_n01" action="reboot" delay="15" />
				</method>
				<method name="pdu">
					<device name="pdu1" port="1" action="reboot" />
					<device name="pdu2" port="1" action="reboot" />
				</method>
			</fence>
		</clusternode>
		<clusternode name="an-c05n02.alteeve.ca" nodeid="2">
			<fence>
				<method name="ipmi">
					<device name="ipmi_n02" action="reboot" />
				</method>
				<method name="pdu">
					<device name="pdu1" port="2" action="reboot" />
					<device name="pdu2" port="2" action="reboot" />
				</method>
			</fence>
		</clusternode>
	</clusternodes>
	<fencedevices>
		<fencedevice name="ipmi_n01" agent="fence_ipmilan" ipaddr="an-c05n01.ipmi" login="admin" passwd="secret" />
		<fencedevice name="ipmi_n02" agent="fence_ipmilan" ipaddr="an-c05n02.ipmi" login="admin" passwd="secret" />
		<fencedevice agent="fence_apc_snmp" ipaddr="an-p01.alteeve.ca" name="pdu1" />
		<fencedevice agent="fence_apc_snmp" ipaddr="an-p02.alteeve.ca" name="pdu2" />
	</fencedevices>
	<fence_daemon post_join_delay="30" />
	<totem rrp_mode="none" secauth="off"/>
	<rm log_level="5">
		<resources>
			<script file="/etc/init.d/drbd" name="drbd"/>
			<script file="/etc/init.d/clvmd" name="clvmd"/>
			<clusterfs device="/dev/an-c05n01_vg0/shared" force_unmount="1" fstype="gfs2" mountpoint="/shared" name="sharedfs" />
			<script file="/etc/init.d/libvirtd" name="libvirtd"/>
		</resources>
		<failoverdomains>
			<failoverdomain name="only_n01" nofailback="1" ordered="0" restricted="1">
				<failoverdomainnode name="an-c05n01.alteeve.ca"/>
			</failoverdomain>
			<failoverdomain name="only_n02" nofailback="1" ordered="0" restricted="1">
				<failoverdomainnode name="an-c05n02.alteeve.ca"/>
			</failoverdomain>
		</failoverdomains>
		<service name="storage_n01" autostart="1" domain="only_n01" exclusive="0" recovery="restart">
			<script ref="drbd">
				<script ref="clvmd">
					<clusterfs ref="sharedfs"/>
				</script>
			</script>
		</service>
		<service name="storage_n02" autostart="1" domain="only_n02" exclusive="0" recovery="restart">
			<script ref="drbd">
				<script ref="clvmd">
					<clusterfs ref="sharedfs"/>
				</script>
			</script>
		</service>
		<service name="libvirtd_n01" autostart="1" domain="only_n01" exclusive="0" recovery="restart">
			<script ref="libvirtd"/>
		</service>
		<service name="libvirtd_n02" autostart="1" domain="only_n02" exclusive="0" recovery="restart">
			<script ref="libvirtd"/>
		</service>
	</rm>
</cluster>With the version now at 10, we have added two <service...>...</service> elements. Each containing a four <script ...> type resources in a service tree configuration. Let's take a closer look.
		<failoverdomains>
			<failoverdomain name="only_n01" nofailback="1" ordered="0" restricted="1">
				<failoverdomainnode name="an-c05n01.alteeve.ca"/>
			</failoverdomain>
			<failoverdomain name="only_n02" nofailback="1" ordered="0" restricted="1">
				<failoverdomainnode name="an-c05n02.alteeve.ca"/>
			</failoverdomain>
		</failoverdomains>
		<service name="storage_n01" autostart="1" domain="only_n01" exclusive="0" recovery="restart">
			<script ref="drbd">
				<script ref="clvmd">
					<clusterfs ref="sharedfs"/>
				</script>
			</script>
		</service>
		<service name="storage_n02" autostart="1" domain="only_n02" exclusive="0" recovery="restart">
			<script ref="drbd">
				<script ref="clvmd">
					<clusterfs ref="sharedfs"/>
				</script>
			</script>
		</service>
		<service name="libvirtd_n01" autostart="1" domain="only_n01" exclusive="0" recovery="restart">
			<script ref="libvirtd"/>
		</service>
		<service name="libvirtd_n02" autostart="1" domain="only_n02" exclusive="0" recovery="restart">
			<script ref="libvirtd"/>
		</service>The <service ...>...</service> elements have five attributes each;
- The name="..." attribute is a unique name that will be used to identify the service, as we will see later.
- The autostart="1" attribute tells the cluster that, when it starts, it should automatically start this service.
- The domain="..." attribute tells the cluster which fail-over domain this service must run within. The two otherwise identical services each point to a different fail-over domain, as we discussed in the previous section.
- The exclusive="0" attribute tells the cluster that a node running this service is allowed to to have other services running as well.
- The recovery="restart" attribute sets the service recovery policy. As the name implies, the cluster will try to restart this service should it fail. Should the service fail multiple times in a row, it will be disabled. The exact number of failures allowed before disabling is configurable using the optional max_restarts and restart_expire_time attributes, which are not covered here.
|  | Warning: It is a fairly common mistake to interpret exclusive to mean that a service is only allowed to run on one node at a time. This is not the case, please do not use this attribute incorrectly. | 
Within each of the two first two <service ...>...</service> attributes are two <script...> type resources and a clusterfs type resource. These are configured as a service tree in the order;
- drbd -> clvmd -> clusterfs.
The other two <service ...>...</service> elements are there to simply monitor the libvirtd daemon on each node. Should it fail for any reason, the cluster will restart the service right away.
Each of these <script ...> elements has just one attribute; ref="..." which points to a corresponding script resource.
The clusterfs element has five attributes;
- name is the name used to reference this resource in the service tree.
- device is the logical volume we formatted as a gfs2 file system.
- force_unmount, when set to 1, tells the system to try and kill any processes that might be holding the mount open. This is useful if, for example, you left a terminal window open where you had browsed into /shared. Without it, the service would fail and restart.
- fstype is the file system type. If you do not specify this, the system will try to determine it automatically. To be safe, we will set it.
- mountpoint is where the device should be mounted.
The logic for the storage resource tree is;
- DRBD needs to start so that the bare clustered storage devices become available.
- Clustered LVM must next start so that the logical volumes used by GFS2 and our VMs become available.
- Finally, the GFS2 partition contains the XML definition files needed to start our servers, host shared files and so on.
From the other direction, we need the stop order to be organized in the reverse order.
- We need the GFS2 partition to unmount first.
- With the GFS2 partition stopped, we can safely say that all LVs are no longer in use and thus clvmd can stop.
- With Clustered LVM now stopped, nothing should be using our DRBD resources any more, so we can safely stop them, too.
All in all, it's a surprisingly simple and effective configuration.
Validating And Pushing The Changes
We've made a big change, so it's all the more important that we validate the config before proceeding.
| an-c05n01 | ccs_config_validateConfiguration validates | 
|---|---|
| an-c05n02 | cman_tool version6.2.0 config 7 | 
Good, no errors and we checked that the current cluster configuration version is 7.
We need to now tell the cluster to use the new configuration file. Unlike last time, we won't use rsync. Now that the cluster is up and running, we can use it to push out the updated configuration file using cman_tool. This is the first time we've used the cluster to push out an updated cluster.conf file, so we will have to enter the password we set earlier for the ricci user on both nodes.
| an-c05n01 | cman_tool version -rYou have not authenticated to the ricci daemon on an-c05n01.alteeve.caPassword:You have not authenticated to the ricci daemon on an-c05n02.alteeve.caPassword: | 
|---|---|
| an-c05n02 | cman_tool version6.2.0 config 10 | 
As confirmed on an-c05n02, the new configuration loaded properly! Note as well that we had to enter the ricci user's password for both nodes. Once done, you will not have to do that again on an-c05n01. Later, if you push an update from an-c05n02, you will need to enter the passwords once again, but not after that. You authenticate from a node only one time.
If you were watching syslog, you will have seen an entries like the ones below.
| an-c05n01 | Nov  1 17:47:48 an-c05n01 ricci[26853]: Executing '/usr/bin/virsh nodeinfo'
Nov  1 17:47:50 an-c05n01 ricci[26856]: Executing '/usr/libexec/ricci/ricci-worker -f /var/lib/ricci/queue/533317550'
Nov  1 17:47:50 an-c05n01 modcluster: Updating cluster.conf
Nov  1 17:47:50 an-c05n01 corosync[6448]:   [QUORUM] Members[2]: 1 2 | 
|---|---|
| an-c05n02 | Nov  1 17:47:50 an-c05n02 ricci[26653]: Executing '/usr/bin/virsh nodeinfo'
Nov  1 17:47:50 an-c05n02 ricci[26656]: Executing '/usr/libexec/ricci/ricci-worker -f /var/lib/ricci/queue/15604613'
Nov  1 17:47:50 an-c05n02 modcluster: Updating cluster.conf
Nov  1 17:47:50 an-c05n02 corosync[6404]:   [QUORUM] Members[2]: 1 2 | 
Checking The Cluster's Status
Now let's look at a new tool; clustat, cluster status. We'll be using clustat extensively from here on out to monitor the status of the cluster members and managed services. It does not manage the cluster in any way, it is simply a status tool.
Let's take a look.
| an-c05n01 | clustatCluster Status for an-cluster-05 @ Fri Nov  1 18:08:20 2013
Member Status: Quorate
 Member Name                                         ID   Status
 ------ ----                                         ---- ------
 an-c05n01.alteeve.ca                                    1 Online, Local
 an-c05n02.alteeve.ca                                    2 Online | 
|---|---|
| an-c05n01 | clustatCluster Status for an-cluster-05 @ Fri Nov  1 18:08:20 2013
Member Status: Quorate
 Member Name                                         ID   Status
 ------ ----                                         ---- ------
 an-c05n01.alteeve.ca                                    1 Online
 an-c05n02.alteeve.ca                                    2 Online, Local | 
At this point, we're only running the foundation of the cluster, so we can only see which nodes are members.
We'll now start rgmanager. It will read the cluster.conf configuration file and parse the <rm> child elements. It will find our four new services and, according to their configuration, start them.
| an-c05n01 | /etc/init.d/rgmanager startStarting Cluster Service Manager:                          [  OK  ] | 
|---|---|
| an-c05n02 | /etc/init.d/rgmanager startStarting Cluster Service Manager:                          [  OK  ] | 
Now let's run clustat again, and see what's new.
| an-c05n01 | clustatCluster Status for an-cluster-05 @ Fri Nov  1 19:04:27 2013
Member Status: Quorate
 Member Name                                         ID   Status
 ------ ----                                         ---- ------
 an-c05n01.alteeve.ca                                    1 Online, Local, rgmanager
 an-c05n02.alteeve.ca                                    2 Online, rgmanager
 Service Name                               Owner (Last)                               State         
 ------- ----                               ----- ------                               -----         
 service:libvirtd_n01                       an-c05n01.alteeve.ca                       started       
 service:libvirtd_n02                       an-c05n02.alteeve.ca                       started       
 service:storage_n01                        an-c05n01.alteeve.ca                       started       
 service:storage_n02                        an-c05n02.alteeve.ca                       started | 
|---|---|
| an-c05n02 | clustatCluster Status for an-cluster-05 @ Fri Nov  1 19:04:27 2013
Member Status: Quorate
 Member Name                                         ID   Status
 ------ ----                                         ---- ------
 an-c05n01.alteeve.ca                                    1 Online, rgmanager
 an-c05n02.alteeve.ca                                    2 Online, Local, rgmanager
 Service Name                               Owner (Last)                               State         
 ------- ----                               ----- ------                               -----         
 service:libvirtd_n01                       an-c05n01.alteeve.ca                       started       
 service:libvirtd_n02                       an-c05n02.alteeve.ca                       started       
 service:storage_n01                        an-c05n01.alteeve.ca                       started       
 service:storage_n02                        an-c05n02.alteeve.ca                       started | 
What we see are two section; The top section shows the cluster members and the lower part covers the managed resources.
We can see that both members, an-c05n01.alteeve.ca and an-c05n02.alteeve.ca are Online, meaning that cman is running and that they've joined the cluster. It also shows us that both members are running rgmanager. You will always see Local beside the name of the node you ran the actual clustat command from.
Under the services, you can see the four new services we created with the service: prefix. We can see that each service is started, meaning that all four of the resources are up and running properly and which node each service is running on.
If we were watching the system log, we will see that, very shortly after starting rgmanager, drbd, then clvmd and then gfs2 starts and mounts. Somewhere in there, libvirtd will start.
Lets take a look.
| an-c05n01 | Nov  1 19:04:07 an-c05n01 kernel: dlm: Using TCP for communications
Nov  1 19:04:08 an-c05n01 kernel: dlm: connecting to 2
Nov  1 19:04:08 an-c05n01 rgmanager[10738]: I am node #1
Nov  1 19:04:08 an-c05n01 rgmanager[10738]: Resource Group Manager Starting
Nov  1 19:04:10 an-c05n01 rgmanager[10738]: Starting stopped service service:storage_n01
Nov  1 19:04:10 an-c05n01 rgmanager[10738]: Marking service:storage_n02 as stopped: Restricted domain unavailable
Nov  1 19:04:10 an-c05n01 kernel: drbd: initialized. Version: 8.3.16 (api:88/proto:86-97)
Nov  1 19:04:10 an-c05n01 kernel: drbd: GIT-hash: a798fa7e274428a357657fb52f0ecf40192c1985 build by phil@Build64R6, 2013-09-27 16:00:43
Nov  1 19:04:10 an-c05n01 kernel: drbd: registered as block device major 147
Nov  1 19:04:10 an-c05n01 kernel: drbd: minor_table @ 0xffff880638752a80
Nov  1 19:04:11 an-c05n01 kernel: block drbd0: Starting worker thread (from cqueue [5069])
Nov  1 19:04:11 an-c05n01 kernel: block drbd0: disk( Diskless -> Attaching ) 
Nov  1 19:04:11 an-c05n01 kernel: block drbd0: Found 4 transactions (126 active extents) in activity log.
Nov  1 19:04:11 an-c05n01 kernel: block drbd0: Method to ensure write ordering: flush
Nov  1 19:04:11 an-c05n01 kernel: block drbd0: max BIO size = 131072
Nov  1 19:04:11 an-c05n01 kernel: block drbd0: drbd_bm_resize called with capacity == 1059008888
Nov  1 19:04:11 an-c05n01 kernel: block drbd0: resync bitmap: bits=132376111 words=2068377 pages=4040
Nov  1 19:04:11 an-c05n01 kernel: block drbd0: size = 505 GB (529504444 KB)
Nov  1 19:04:11 an-c05n01 kernel: block drbd0: bitmap READ of 4040 pages took 9 jiffies
Nov  1 19:04:11 an-c05n01 kernel: block drbd0: recounting of set bits took additional 10 jiffies
Nov  1 19:04:11 an-c05n01 kernel: block drbd0: 0 KB (0 bits) marked out-of-sync by on disk bit-map.
Nov  1 19:04:11 an-c05n01 kernel: block drbd0: disk( Attaching -> UpToDate ) pdsk( DUnknown -> Outdated ) 
Nov  1 19:04:11 an-c05n01 kernel: block drbd0: attached to UUIDs D62CF91BB06F1B41:AB8866B4CD6A5E71:F1BA98C02D0BA9B9:F1B998C02D0BA9B9
Nov  1 19:04:11 an-c05n01 kernel: block drbd1: Starting worker thread (from cqueue [5069])
Nov  1 19:04:11 an-c05n01 kernel: block drbd1: disk( Diskless -> Attaching ) 
Nov  1 19:04:11 an-c05n01 kernel: block drbd1: Found 1 transactions (1 active extents) in activity log.
Nov  1 19:04:11 an-c05n01 kernel: block drbd1: Method to ensure write ordering: flush
Nov  1 19:04:11 an-c05n01 kernel: block drbd1: max BIO size = 131072
Nov  1 19:04:11 an-c05n01 kernel: block drbd1: drbd_bm_resize called with capacity == 602165224
Nov  1 19:04:11 an-c05n01 kernel: block drbd1: resync bitmap: bits=75270653 words=1176104 pages=2298
Nov  1 19:04:11 an-c05n01 kernel: block drbd1: size = 287 GB (301082612 KB)
Nov  1 19:04:11 an-c05n01 kernel: block drbd1: bitmap READ of 2298 pages took 6 jiffies
Nov  1 19:04:11 an-c05n01 kernel: block drbd1: recounting of set bits took additional 6 jiffies
Nov  1 19:04:11 an-c05n01 kernel: block drbd1: 0 KB (0 bits) marked out-of-sync by on disk bit-map.
Nov  1 19:04:11 an-c05n01 kernel: block drbd1: disk( Attaching -> UpToDate ) pdsk( DUnknown -> Outdated ) 
Nov  1 19:04:11 an-c05n01 kernel: block drbd1: attached to UUIDs FF678525C82359F3:CFC177C83C414547:0EC499BF75166A0D:0EC399BF75166A0D
Nov  1 19:04:11 an-c05n01 kernel: block drbd0: conn( StandAlone -> Unconnected ) 
Nov  1 19:04:11 an-c05n01 kernel: block drbd0: Starting receiver thread (from drbd0_worker [12026])
Nov  1 19:04:11 an-c05n01 kernel: block drbd0: receiver (re)started
Nov  1 19:04:11 an-c05n01 kernel: block drbd0: conn( Unconnected -> WFConnection ) 
Nov  1 19:04:11 an-c05n01 kernel: block drbd1: conn( StandAlone -> Unconnected ) 
Nov  1 19:04:11 an-c05n01 kernel: block drbd1: Starting receiver thread (from drbd1_worker [12041])
Nov  1 19:04:11 an-c05n01 kernel: block drbd1: receiver (re)started
Nov  1 19:04:11 an-c05n01 kernel: block drbd1: conn( Unconnected -> WFConnection ) 
Nov  1 19:04:11 an-c05n01 rgmanager[10738]: Starting stopped service service:libvirtd_n01
Nov  1 19:04:11 an-c05n01 rgmanager[10738]: Service service:libvirtd_n01 started
Nov  1 19:04:11 an-c05n01 kernel: lo: Disabled Privacy Extensions
Nov  1 19:04:12 an-c05n01 kernel: block drbd0: Handshake successful: Agreed network protocol version 97
Nov  1 19:04:12 an-c05n01 kernel: block drbd0: conn( WFConnection -> WFReportParams ) 
Nov  1 19:04:12 an-c05n01 kernel: block drbd0: Starting asender thread (from drbd0_receiver [12058])
Nov  1 19:04:12 an-c05n01 kernel: block drbd0: data-integrity-alg: <not-used>
Nov  1 19:04:12 an-c05n01 kernel: block drbd0: drbd_sync_handshake:
Nov  1 19:04:12 an-c05n01 kernel: block drbd0: self D62CF91BB06F1B40:AB8866B4CD6A5E71:F1BA98C02D0BA9B9:F1B998C02D0BA9B9 bits:0 flags:0
Nov  1 19:04:12 an-c05n01 kernel: block drbd0: peer AB8866B4CD6A5E70:0000000000000000:F1BA98C02D0BA9B9:F1B998C02D0BA9B9 bits:0 flags:0
Nov  1 19:04:12 an-c05n01 kernel: block drbd0: uuid_compare()=1 by rule 70
Nov  1 19:04:12 an-c05n01 kernel: block drbd0: peer( Unknown -> Secondary ) conn( WFReportParams -> WFBitMapS ) pdsk( Outdated -> Consistent ) 
Nov  1 19:04:12 an-c05n01 kernel: block drbd1: Handshake successful: Agreed network protocol version 97
Nov  1 19:04:12 an-c05n01 kernel: block drbd1: conn( WFConnection -> WFReportParams ) 
Nov  1 19:04:12 an-c05n01 kernel: block drbd1: Starting asender thread (from drbd1_receiver [12063])
Nov  1 19:04:12 an-c05n01 kernel: block drbd1: data-integrity-alg: <not-used>
Nov  1 19:04:12 an-c05n01 kernel: block drbd1: drbd_sync_handshake:
Nov  1 19:04:12 an-c05n01 kernel: block drbd1: self FF678525C82359F2:CFC177C83C414547:0EC499BF75166A0D:0EC399BF75166A0D bits:0 flags:0
Nov  1 19:04:12 an-c05n01 kernel: block drbd1: peer CFC177C83C414546:0000000000000000:0EC499BF75166A0D:0EC399BF75166A0D bits:0 flags:0
Nov  1 19:04:12 an-c05n01 kernel: block drbd1: uuid_compare()=1 by rule 70
Nov  1 19:04:12 an-c05n01 kernel: block drbd1: peer( Unknown -> Secondary ) conn( WFReportParams -> WFBitMapS ) pdsk( Outdated -> Consistent ) 
Nov  1 19:04:12 an-c05n01 kernel: block drbd0: peer( Secondary -> Primary ) 
Nov  1 19:04:12 an-c05n01 kernel: block drbd1: peer( Secondary -> Primary ) 
Nov  1 19:04:12 an-c05n01 kernel: block drbd1: helper command: /sbin/drbdadm before-resync-source minor-1
Nov  1 19:04:12 an-c05n01 kernel: block drbd0: role( Secondary -> Primary ) 
Nov  1 19:04:12 an-c05n01 kernel: block drbd1: helper command: /sbin/drbdadm before-resync-source minor-1 exit code 0 (0x0)
Nov  1 19:04:12 an-c05n01 kernel: block drbd1: conn( WFBitMapS -> SyncSource ) pdsk( Consistent -> Inconsistent ) 
Nov  1 19:04:12 an-c05n01 kernel: block drbd1: Began resync as SyncSource (will sync 0 KB [0 bits set]).
Nov  1 19:04:12 an-c05n01 kernel: block drbd1: updated sync UUID FF678525C82359F2:CFC277C83C414547:CFC177C83C414547:0EC499BF75166A0D
Nov  1 19:04:12 an-c05n01 kernel: block drbd0: helper command: /sbin/drbdadm before-resync-source minor-0
Nov  1 19:04:12 an-c05n01 kernel: block drbd1: role( Secondary -> Primary ) 
Nov  1 19:04:12 an-c05n01 kernel: block drbd0: helper command: /sbin/drbdadm before-resync-source minor-0 exit code 0 (0x0)
Nov  1 19:04:12 an-c05n01 kernel: block drbd0: conn( WFBitMapS -> SyncSource ) pdsk( Consistent -> Inconsistent ) 
Nov  1 19:04:12 an-c05n01 kernel: block drbd0: Began resync as SyncSource (will sync 0 KB [0 bits set]).
Nov  1 19:04:12 an-c05n01 kernel: block drbd0: updated sync UUID D62CF91BB06F1B41:AB8966B4CD6A5E71:AB8866B4CD6A5E71:F1BA98C02D0BA9B9
Nov  1 19:04:12 an-c05n01 kernel: block drbd1: Resync done (total 1 sec; paused 0 sec; 0 K/sec)
Nov  1 19:04:12 an-c05n01 kernel: block drbd1: updated UUIDs FF678525C82359F3:0000000000000000:CFC277C83C414547:CFC177C83C414547
Nov  1 19:04:12 an-c05n01 kernel: block drbd1: conn( SyncSource -> Connected ) pdsk( Inconsistent -> UpToDate ) 
Nov  1 19:04:12 an-c05n01 kernel: block drbd0: Resync done (total 1 sec; paused 0 sec; 0 K/sec)
Nov  1 19:04:12 an-c05n01 kernel: block drbd0: updated UUIDs D62CF91BB06F1B41:0000000000000000:AB8966B4CD6A5E71:AB8866B4CD6A5E71
Nov  1 19:04:12 an-c05n01 kernel: block drbd0: conn( SyncSource -> Connected ) pdsk( Inconsistent -> UpToDate ) 
Nov  1 19:04:12 an-c05n01 kernel: block drbd1: bitmap WRITE of 2298 pages took 12 jiffies
Nov  1 19:04:12 an-c05n01 kernel: block drbd1: 0 KB (0 bits) marked out-of-sync by on disk bit-map.
Nov  1 19:04:12 an-c05n01 kernel: block drbd0: bitmap WRITE of 4040 pages took 15 jiffies
Nov  1 19:04:12 an-c05n01 kernel: block drbd0: 0 KB (0 bits) marked out-of-sync by on disk bit-map.
Nov  1 19:04:14 an-c05n01 clvmd: Cluster LVM daemon started - connected to CMAN
Nov  1 19:04:14 an-c05n01 kernel: Slow work thread pool: Starting up
Nov  1 19:04:14 an-c05n01 kernel: Slow work thread pool: Ready
Nov  1 19:04:14 an-c05n01 kernel: GFS2 (built Sep 14 2013 05:33:49) installed
Nov  1 19:04:14 an-c05n01 kernel: GFS2: fsid=: Trying to join cluster "lock_dlm", "an-cluster-05:shared"
Nov  1 19:04:14 an-c05n01 kernel: GFS2: fsid=an-cluster-05:shared.1: Joined cluster. Now mounting FS...
Nov  1 19:04:14 an-c05n01 kernel: GFS2: fsid=an-cluster-05:shared.1: jid=1, already locked for use
Nov  1 19:04:14 an-c05n01 kernel: GFS2: fsid=an-cluster-05:shared.1: jid=1: Looking at journal...
Nov  1 19:04:14 an-c05n01 kernel: GFS2: fsid=an-cluster-05:shared.1: jid=1: Done
Nov  1 19:04:14 an-c05n01 rgmanager[10738]: Service service:storage_n01 started | 
|---|---|
| an-c05n02 | Nov  1 19:04:08 an-c05n02 kernel: dlm: Using TCP for communications
Nov  1 19:04:08 an-c05n02 kernel: dlm: got connection from 1
Nov  1 19:04:09 an-c05n02 rgmanager[10547]: I am node #2
Nov  1 19:04:09 an-c05n02 rgmanager[10547]: Resource Group Manager Starting
Nov  1 19:04:11 an-c05n02 rgmanager[10547]: Starting stopped service service:storage_n02
Nov  1 19:04:11 an-c05n02 kernel: drbd: initialized. Version: 8.3.16 (api:88/proto:86-97)
Nov  1 19:04:11 an-c05n02 kernel: drbd: GIT-hash: a798fa7e274428a357657fb52f0ecf40192c1985 build by phil@Build64R6, 2013-09-27 16:00:43
Nov  1 19:04:11 an-c05n02 kernel: drbd: registered as block device major 147
Nov  1 19:04:11 an-c05n02 kernel: drbd: minor_table @ 0xffff880638440280
Nov  1 19:04:11 an-c05n02 kernel: block drbd0: Starting worker thread (from cqueue [5161])
Nov  1 19:04:11 an-c05n02 kernel: block drbd0: disk( Diskless -> Attaching ) 
Nov  1 19:04:11 an-c05n02 kernel: block drbd0: Found 4 transactions (4 active extents) in activity log.
Nov  1 19:04:11 an-c05n02 kernel: block drbd0: Method to ensure write ordering: flush
Nov  1 19:04:11 an-c05n02 kernel: block drbd0: max BIO size = 131072
Nov  1 19:04:11 an-c05n02 kernel: block drbd0: drbd_bm_resize called with capacity == 1059008888
Nov  1 19:04:11 an-c05n02 kernel: block drbd0: resync bitmap: bits=132376111 words=2068377 pages=4040
Nov  1 19:04:11 an-c05n02 kernel: block drbd0: size = 505 GB (529504444 KB)
Nov  1 19:04:11 an-c05n02 kernel: block drbd0: bitmap READ of 4040 pages took 10 jiffies
Nov  1 19:04:11 an-c05n02 kernel: block drbd0: recounting of set bits took additional 10 jiffies
Nov  1 19:04:11 an-c05n02 kernel: block drbd0: 0 KB (0 bits) marked out-of-sync by on disk bit-map.
Nov  1 19:04:11 an-c05n02 kernel: block drbd0: disk( Attaching -> Outdated ) 
Nov  1 19:04:11 an-c05n02 kernel: block drbd0: attached to UUIDs AB8866B4CD6A5E70:0000000000000000:F1BA98C02D0BA9B9:F1B998C02D0BA9B9
Nov  1 19:04:11 an-c05n02 kernel: block drbd1: Starting worker thread (from cqueue [5161])
Nov  1 19:04:11 an-c05n02 kernel: block drbd1: disk( Diskless -> Attaching ) 
Nov  1 19:04:11 an-c05n02 kernel: block drbd1: No usable activity log found.
Nov  1 19:04:11 an-c05n02 kernel: block drbd1: Method to ensure write ordering: flush
Nov  1 19:04:11 an-c05n02 kernel: block drbd1: max BIO size = 131072
Nov  1 19:04:11 an-c05n02 kernel: block drbd1: drbd_bm_resize called with capacity == 602165224
Nov  1 19:04:11 an-c05n02 kernel: block drbd1: resync bitmap: bits=75270653 words=1176104 pages=2298
Nov  1 19:04:11 an-c05n02 kernel: block drbd1: size = 287 GB (301082612 KB)
Nov  1 19:04:11 an-c05n02 kernel: block drbd1: bitmap READ of 2298 pages took 6 jiffies
Nov  1 19:04:11 an-c05n02 kernel: block drbd1: recounting of set bits took additional 6 jiffies
Nov  1 19:04:11 an-c05n02 kernel: block drbd1: 0 KB (0 bits) marked out-of-sync by on disk bit-map.
Nov  1 19:04:11 an-c05n02 kernel: block drbd1: disk( Attaching -> Outdated ) 
Nov  1 19:04:11 an-c05n02 kernel: block drbd1: attached to UUIDs CFC177C83C414546:0000000000000000:0EC499BF75166A0D:0EC399BF75166A0D
Nov  1 19:04:11 an-c05n02 kernel: block drbd0: conn( StandAlone -> Unconnected ) 
Nov  1 19:04:11 an-c05n02 kernel: block drbd0: Starting receiver thread (from drbd0_worker [11833])
Nov  1 19:04:11 an-c05n02 kernel: block drbd0: receiver (re)started
Nov  1 19:04:11 an-c05n02 kernel: block drbd0: conn( Unconnected -> WFConnection ) 
Nov  1 19:04:11 an-c05n02 kernel: block drbd1: conn( StandAlone -> Unconnected ) 
Nov  1 19:04:11 an-c05n02 kernel: block drbd1: Starting receiver thread (from drbd1_worker [11848])
Nov  1 19:04:11 an-c05n02 kernel: block drbd1: receiver (re)started
Nov  1 19:04:11 an-c05n02 kernel: block drbd1: conn( Unconnected -> WFConnection ) 
Nov  1 19:04:11 an-c05n02 rgmanager[10547]: Starting stopped service service:libvirtd_n02
Nov  1 19:04:12 an-c05n02 rgmanager[10547]: Service service:libvirtd_n02 started
Nov  1 19:04:12 an-c05n02 kernel: block drbd0: Handshake successful: Agreed network protocol version 97
Nov  1 19:04:12 an-c05n02 kernel: block drbd0: conn( WFConnection -> WFReportParams ) 
Nov  1 19:04:12 an-c05n02 kernel: block drbd0: Starting asender thread (from drbd0_receiver [11865])
Nov  1 19:04:12 an-c05n02 kernel: block drbd0: data-integrity-alg: <not-used>
Nov  1 19:04:12 an-c05n02 kernel: block drbd0: drbd_sync_handshake:
Nov  1 19:04:12 an-c05n02 kernel: block drbd0: self AB8866B4CD6A5E70:0000000000000000:F1BA98C02D0BA9B9:F1B998C02D0BA9B9 bits:0 flags:0
Nov  1 19:04:12 an-c05n02 kernel: block drbd0: peer D62CF91BB06F1B40:AB8866B4CD6A5E71:F1BA98C02D0BA9B9:F1B998C02D0BA9B9 bits:0 flags:0
Nov  1 19:04:12 an-c05n02 kernel: block drbd0: uuid_compare()=-1 by rule 50
Nov  1 19:04:12 an-c05n02 kernel: block drbd0: peer( Unknown -> Secondary ) conn( WFReportParams -> WFBitMapT ) pdsk( DUnknown -> UpToDate ) 
Nov  1 19:04:12 an-c05n02 kernel: block drbd1: Handshake successful: Agreed network protocol version 97
Nov  1 19:04:12 an-c05n02 kernel: block drbd1: conn( WFConnection -> WFReportParams ) 
Nov  1 19:04:12 an-c05n02 kernel: block drbd1: Starting asender thread (from drbd1_receiver [11869])
Nov  1 19:04:12 an-c05n02 kernel: block drbd1: data-integrity-alg: <not-used>
Nov  1 19:04:12 an-c05n02 kernel: block drbd1: drbd_sync_handshake:
Nov  1 19:04:12 an-c05n02 kernel: block drbd1: self CFC177C83C414546:0000000000000000:0EC499BF75166A0D:0EC399BF75166A0D bits:0 flags:0
Nov  1 19:04:12 an-c05n02 kernel: block drbd1: peer FF678525C82359F2:CFC177C83C414547:0EC499BF75166A0D:0EC399BF75166A0D bits:0 flags:0
Nov  1 19:04:12 an-c05n02 kernel: block drbd1: uuid_compare()=-1 by rule 50
Nov  1 19:04:12 an-c05n02 kernel: block drbd1: peer( Unknown -> Secondary ) conn( WFReportParams -> WFBitMapT ) pdsk( DUnknown -> UpToDate ) 
Nov  1 19:04:12 an-c05n02 kernel: block drbd0: role( Secondary -> Primary ) 
Nov  1 19:04:12 an-c05n02 kernel: block drbd1: role( Secondary -> Primary ) 
Nov  1 19:04:12 an-c05n02 kernel: lo: Disabled Privacy Extensions
Nov  1 19:04:12 an-c05n02 kernel: block drbd1: conn( WFBitMapT -> WFSyncUUID ) 
Nov  1 19:04:12 an-c05n02 kernel: block drbd0: conn( WFBitMapT -> WFSyncUUID ) 
Nov  1 19:04:12 an-c05n02 kernel: block drbd0: peer( Secondary -> Primary ) 
Nov  1 19:04:12 an-c05n02 kernel: block drbd1: updated sync uuid CFC277C83C414547:0000000000000000:0EC499BF75166A0D:0EC399BF75166A0D
Nov  1 19:04:12 an-c05n02 kernel: block drbd1: helper command: /sbin/drbdadm before-resync-target minor-1
Nov  1 19:04:12 an-c05n02 kernel: block drbd1: helper command: /sbin/drbdadm before-resync-target minor-1 exit code 0 (0x0)
Nov  1 19:04:12 an-c05n02 kernel: block drbd1: conn( WFSyncUUID -> SyncTarget ) disk( Outdated -> Inconsistent ) 
Nov  1 19:04:12 an-c05n02 kernel: block drbd1: Began resync as SyncTarget (will sync 0 KB [0 bits set]).
Nov  1 19:04:12 an-c05n02 kernel: block drbd1: peer( Secondary -> Primary ) 
Nov  1 19:04:12 an-c05n02 kernel: block drbd0: updated sync uuid AB8966B4CD6A5E71:0000000000000000:F1BA98C02D0BA9B9:F1B998C02D0BA9B9
Nov  1 19:04:12 an-c05n02 kernel: block drbd0: helper command: /sbin/drbdadm before-resync-target minor-0
Nov  1 19:04:12 an-c05n02 kernel: block drbd1: Resync done (total 1 sec; paused 0 sec; 0 K/sec)
Nov  1 19:04:12 an-c05n02 kernel: block drbd1: updated UUIDs FF678525C82359F3:0000000000000000:CFC277C83C414547:CFC177C83C414547
Nov  1 19:04:12 an-c05n02 kernel: block drbd1: conn( SyncTarget -> Connected ) disk( Inconsistent -> UpToDate ) 
Nov  1 19:04:12 an-c05n02 kernel: block drbd1: helper command: /sbin/drbdadm after-resync-target minor-1
Nov  1 19:04:12 an-c05n02 kernel: block drbd0: helper command: /sbin/drbdadm before-resync-target minor-0 exit code 0 (0x0)
Nov  1 19:04:12 an-c05n02 kernel: block drbd0: conn( WFSyncUUID -> SyncTarget ) disk( Outdated -> Inconsistent ) 
Nov  1 19:04:12 an-c05n02 kernel: block drbd0: Began resync as SyncTarget (will sync 0 KB [0 bits set]).
Nov  1 19:04:12 an-c05n02 kernel: block drbd1: helper command: /sbin/drbdadm after-resync-target minor-1 exit code 0 (0x0)
Nov  1 19:04:12 an-c05n02 kernel: block drbd0: Resync done (total 1 sec; paused 0 sec; 0 K/sec)
Nov  1 19:04:12 an-c05n02 kernel: block drbd0: updated UUIDs D62CF91BB06F1B41:0000000000000000:AB8966B4CD6A5E71:AB8866B4CD6A5E71
Nov  1 19:04:12 an-c05n02 kernel: block drbd0: conn( SyncTarget -> Connected ) disk( Inconsistent -> UpToDate ) 
Nov  1 19:04:12 an-c05n02 kernel: block drbd0: helper command: /sbin/drbdadm after-resync-target minor-0
Nov  1 19:04:12 an-c05n02 kernel: block drbd0: helper command: /sbin/drbdadm after-resync-target minor-0 exit code 0 (0x0)
Nov  1 19:04:12 an-c05n02 kernel: block drbd1: bitmap WRITE of 2298 pages took 14 jiffies
Nov  1 19:04:12 an-c05n02 kernel: block drbd1: 0 KB (0 bits) marked out-of-sync by on disk bit-map.
Nov  1 19:04:12 an-c05n02 kernel: block drbd0: bitmap WRITE of 4040 pages took 15 jiffies
Nov  1 19:04:12 an-c05n02 kernel: block drbd0: 0 KB (0 bits) marked out-of-sync by on disk bit-map.
Nov  1 19:04:13 an-c05n02 clvmd: Cluster LVM daemon started - connected to CMAN
Nov  1 19:04:13 an-c05n02 kernel: Slow work thread pool: Starting up
Nov  1 19:04:13 an-c05n02 kernel: Slow work thread pool: Ready
Nov  1 19:04:13 an-c05n02 kernel: GFS2 (built Sep 14 2013 05:33:49) installed
Nov  1 19:04:13 an-c05n02 kernel: GFS2: fsid=: Trying to join cluster "lock_dlm", "an-cluster-05:shared"
Nov  1 19:04:13 an-c05n02 kernel: GFS2: fsid=an-cluster-05:shared.0: Joined cluster. Now mounting FS...
Nov  1 19:04:13 an-c05n02 kernel: GFS2: fsid=an-cluster-05:shared.0: jid=0, already locked for use
Nov  1 19:04:13 an-c05n02 kernel: GFS2: fsid=an-cluster-05:shared.0: jid=0: Looking at journal...
Nov  1 19:04:13 an-c05n02 kernel: GFS2: fsid=an-cluster-05:shared.0: jid=0: Done
Nov  1 19:04:13 an-c05n02 kernel: GFS2: fsid=an-cluster-05:shared.0: jid=1: Trying to acquire journal lock...
Nov  1 19:04:13 an-c05n02 kernel: GFS2: fsid=an-cluster-05:shared.0: jid=1: Looking at journal...
Nov  1 19:04:13 an-c05n02 kernel: GFS2: fsid=an-cluster-05:shared.0: jid=1: Done
Nov  1 19:04:14 an-c05n02 rgmanager[10547]: Service service:storage_n02 started | 
Sure enough, we can confirm that everything started properly.
DRBD;
| an-c05n01 | /etc/init.d/drbd statusdrbd driver loaded OK; device status:
version: 8.3.16 (api:88/proto:86-97)
GIT-hash: a798fa7e274428a357657fb52f0ecf40192c1985 build by phil@Build64R6, 2013-09-27 16:00:43
m:res  cs         ro               ds                 p  mounted  fstype
0:r0   Connected  Primary/Primary  UpToDate/UpToDate  C
1:r1   Connected  Primary/Primary  UpToDate/UpToDate  C | 
|---|---|
| an-c05n01 | /etc/init.d/drbd statusdrbd driver loaded OK; device status:
version: 8.3.16 (api:88/proto:86-97)
GIT-hash: a798fa7e274428a357657fb52f0ecf40192c1985 build by phil@Build64R6, 2013-09-27 16:00:43
m:res  cs         ro               ds                 p  mounted  fstype
0:r0   Connected  Primary/Primary  UpToDate/UpToDate  C
1:r1   Connected  Primary/Primary  UpToDate/UpToDate  C | 
Looks good. Lets look at clustered LVM;
| an-c05n01 | /etc/init.d/clvmd statusclvmd (pid  29009) is running...
Clustered Volume Groups: an-c05n02_vg0 an-c05n01_vg0
Active clustered Logical Volumes: shared | 
|---|---|
| an-c05n01 | /etc/init.d/clvmd statusclvmd (pid  28801) is running...
Clustered Volume Groups: an-c05n02_vg0 an-c05n01_vg0
Active clustered Logical Volumes: shared | 
Looking good, too. Last service in storage is GFS2;
GFS2;
| an-c05n01 | /etc/init.d/gfs2 statusConfigured GFS2 mountpoints: 
/shared
Active GFS2 mountpoints: 
/shared | 
|---|---|
| an-c05n01 | /etc/init.d/gfs2 statusConfigured GFS2 mountpoints: 
/shared
Active GFS2 mountpoints: 
/shared | 
Finally, our stand-alone service for libvirtd.
| an-c05n01 | /etc/init.d/libvirtd statuslibvirtd (pid  12131) is running... | 
|---|---|
| an-c05n01 | /etc/init.d/libvirtd statuslibvirtd (pid  11939) is running... | 
Nice, eh?
Managing Cluster Resources
Managing services in the cluster is done with a fairly simple tool called clusvcadm.
We're going to look at two commands at this time.
| Command | Desctiption | 
|---|---|
| clusvcadm -e <service> -m <node> | Enable the <service> on the specified <node>. When a <node> is not specified, the local node where the command was run is assumed. | 
| clusvcadm -d <service> | Disable (stop) the <service>. | 
Stopping Clustered Storage - A Preview To Cold-Stopping The Cluster
Let's take a look at how we can use clusvcadm to stop our storage services.
|  | Note: Services with the service: prefix can be called with their name alone. As we will see later, other services will need to have the service type prefix included. | 
Before doing any work on an Anvil!, start by confirming the current state of affairs.
| an-c05n01 | clustatCluster Status for an-cluster-05 @ Fri Nov  1 23:22:44 2013
Member Status: Quorate
 Member Name                                         ID   Status
 ------ ----                                         ---- ------
 an-c05n01.alteeve.ca                                    1 Online, Local, rgmanager
 an-c05n02.alteeve.ca                                    2 Online, rgmanager
 Service Name                               Owner (Last)                               State         
 ------- ----                               ----- ------                               -----         
 service:libvirtd_n01                       an-c05n01.alteeve.ca                       started       
 service:libvirtd_n02                       an-c05n02.alteeve.ca                       started       
 service:storage_n01                        an-c05n01.alteeve.ca                       started       
 service:storage_n02                        an-c05n02.alteeve.ca                       started | 
|---|---|
| an-c05n01 | clustatCluster Status for an-cluster-05 @ Fri Nov  1 23:22:44 2013
Member Status: Quorate
 Member Name                                         ID   Status
 ------ ----                                         ---- ------
 an-c05n01.alteeve.ca                                    1 Online, rgmanager
 an-c05n02.alteeve.ca                                    2 Online, Local, rgmanager
 Service Name                               Owner (Last)                               State         
 ------- ----                               ----- ------                               -----         
 service:libvirtd_n01                       an-c05n01.alteeve.ca                       started       
 service:libvirtd_n02                       an-c05n02.alteeve.ca                       started       
 service:storage_n01                        an-c05n01.alteeve.ca                       started       
 service:storage_n02                        an-c05n02.alteeve.ca                       started | 
Everything is running, as expected. Let's stop an-c05n01's storage_n01 service.
On an-c05n01, run:
| an-c05n01 | clusvcadm -d storage_n01Local machine disabling service:storage_n01...Success | 
|---|
If we now run clustat now, we should see that storage_n01 has stopped.
| an-c05n01 | clustatCluster Status for an-cluster-05 @ Fri Nov  1 23:25:39 2013
Member Status: Quorate
 Member Name                                         ID   Status
 ------ ----                                         ---- ------
 an-c05n01.alteeve.ca                                    1 Online, Local, rgmanager
 an-c05n02.alteeve.ca                                    2 Online, rgmanager
 Service Name                               Owner (Last)                               State         
 ------- ----                               ----- ------                               -----         
 service:libvirtd_n01                       an-c05n01.alteeve.ca                       started       
 service:libvirtd_n02                       an-c05n02.alteeve.ca                       started       
 service:storage_n01                        (an-c05n01.alteeve.ca)                     disabled      
 service:storage_n02                        an-c05n02.alteeve.ca                       started | 
|---|---|
| an-c05n01 | clustatCluster Status for an-cluster-05 @ Fri Nov  1 23:25:40 2013
Member Status: Quorate
 Member Name                                         ID   Status
 ------ ----                                         ---- ------
 an-c05n01.alteeve.ca                                    1 Online, rgmanager
 an-c05n02.alteeve.ca                                    2 Online, Local, rgmanager
 Service Name                               Owner (Last)                               State         
 ------- ----                               ----- ------                               -----         
 service:libvirtd_n01                       an-c05n01.alteeve.ca                       started       
 service:libvirtd_n02                       an-c05n02.alteeve.ca                       started       
 service:storage_n01                        (an-c05n01.alteeve.ca)                     disabled      
 service:storage_n02                        an-c05n02.alteeve.ca                       started | 
Notice how service:storage_n01 is now in the disabled state? If you check the status of drbd now, you will see that an-c05n01 is indeed down.
| an-c05n01 | /etc/init.d/drbd statusdrbd not loaded | 
|---|---|
| an-c05n01 | /etc/init.d/drbd statusdrbd driver loaded OK; device status:
version: 8.3.16 (api:88/proto:86-97)
GIT-hash: a798fa7e274428a357657fb52f0ecf40192c1985 build by phil@Build64R6, 2013-09-27 16:00:43
m:res  cs            ro               ds                 p  mounted  fstype
0:r0   WFConnection  Primary/Unknown  UpToDate/Outdated  C
1:r1   WFConnection  Primary/Unknown  UpToDate/Outdated  C | 
You'll find that clvmd and gfs2 are stopped as well.
Pretty simple!
Starting Clustered Storage
As we saw earlier, the storage and libvirtd services start automatically. It's still important to know how to manually start these services though. So that is what we'll cover here.
The main difference from stopping the service is that we swap the -d switch for the -e, enable, switch. We will also add the target cluster member name using the -m switch. We didn't need to use the member switch while stopping because the cluster could tell where the service was running and, thus, which member to contact to stop the service.
Should you omit the member name, the cluster will try to use the local node as the target member. Note though that a target service will start on the node the command was issued on, regardless of the fail-over domain's ordered policy. That is to say, a service will not start on another node in the cluster when the member option is not specified, despite the fail-over configuration set to prefer another node.
As always, start by verifying the current state of the services.
| an-c05n01 | clustatCluster Status for an-cluster-05 @ Fri Nov  1 23:36:32 2013
Member Status: Quorate
 Member Name                                         ID   Status
 ------ ----                                         ---- ------
 an-c05n01.alteeve.ca                                    1 Online, Local, rgmanager
 an-c05n02.alteeve.ca                                    2 Online, rgmanager
 Service Name                               Owner (Last)                               State         
 ------- ----                               ----- ------                               -----         
 service:libvirtd_n01                       an-c05n01.alteeve.ca                       started       
 service:libvirtd_n02                       an-c05n02.alteeve.ca                       started       
 service:storage_n01                        (an-c05n01.alteeve.ca)                     disabled      
 service:storage_n02                        an-c05n02.alteeve.ca                       started | 
|---|---|
| an-c05n02 | clustatCluster Status for an-cluster-05 @ Fri Nov  1 23:36:32 2013
Member Status: Quorate
 Member Name                                         ID   Status
 ------ ----                                         ---- ------
 an-c05n01.alteeve.ca                                    1 Online, rgmanager
 an-c05n02.alteeve.ca                                    2 Online, Local, rgmanager
 Service Name                               Owner (Last)                               State         
 ------- ----                               ----- ------                               -----         
 service:libvirtd_n01                       an-c05n01.alteeve.ca                       started       
 service:libvirtd_n02                       an-c05n02.alteeve.ca                       started       
 service:storage_n01                        (an-c05n01.alteeve.ca)                     disabled      
 service:storage_n02                        an-c05n02.alteeve.ca                       started | 
As expected, storage_n01 is disabled. Let's start it up.
| an-c05n01 | clusvcadm -e storage_n01 -m an-c05n01.alteeve.caMember an-c05n01.alteeve.ca trying to enable service:storage_n01...Success
service:storage_n01 is now running on an-c05n01.alteeve.ca | 
|---|
Verify with another clustat call.
| an-c05n01 | clustatCluster Status for an-cluster-05 @ Fri Nov  1 23:45:20 2013
Member Status: Quorate
 Member Name                                         ID   Status
 ------ ----                                         ---- ------
 an-c05n01.alteeve.ca                                    1 Online, Local, rgmanager
 an-c05n02.alteeve.ca                                    2 Online, rgmanager
 Service Name                               Owner (Last)                               State         
 ------- ----                               ----- ------                               -----         
 service:libvirtd_n01                       an-c05n01.alteeve.ca                       started       
 service:libvirtd_n02                       an-c05n02.alteeve.ca                       started       
 service:storage_n01                        an-c05n01.alteeve.ca                       started       
 service:storage_n02                        an-c05n02.alteeve.ca                       started | 
|---|---|
| an-c05n02 | clustatCluster Status for an-cluster-05 @ Fri Nov  1 23:45:20 2013
Member Status: Quorate
 Member Name                                         ID   Status
 ------ ----                                         ---- ------
 an-c05n01.alteeve.ca                                    1 Online, rgmanager
 an-c05n02.alteeve.ca                                    2 Online, Local, rgmanager
 Service Name                               Owner (Last)                               State         
 ------- ----                               ----- ------                               -----         
 service:libvirtd_n01                       an-c05n01.alteeve.ca                       started       
 service:libvirtd_n02                       an-c05n02.alteeve.ca                       started       
 service:storage_n01                        an-c05n01.alteeve.ca                       started       
 service:storage_n02                        an-c05n02.alteeve.ca                       started | 
If we look at DRBD now, it will show as being up and running on both nodes.
|  | Note: If the DRBD status shows the resource still stopped on the node, give it a minute and check again. It can sometimes take a few moments before the resources in the service starts. | 
| an-c05n01 | /etc/init.d/drbd statusdrbd driver loaded OK; device status:
version: 8.3.16 (api:88/proto:86-97)
GIT-hash: a798fa7e274428a357657fb52f0ecf40192c1985 build by phil@Build64R6, 2013-09-27 16:00:43
m:res  cs         ro               ds                 p  mounted  fstype
0:r0   Connected  Primary/Primary  UpToDate/UpToDate  C
1:r1   Connected  Primary/Primary  UpToDate/UpToDate  C | 
|---|---|
| an-c05n02 | /etc/init.d/drbd statusdrbd driver loaded OK; device status:
version: 8.3.16 (api:88/proto:86-97)
GIT-hash: a798fa7e274428a357657fb52f0ecf40192c1985 build by phil@Build64R6, 2013-09-27 16:00:43
m:res  cs         ro               ds                 p  mounted  fstype
0:r0   Connected  Primary/Primary  UpToDate/UpToDate  C
1:r1   Connected  Primary/Primary  UpToDate/UpToDate  C | 
Everything is back up and running normally.
Testing Network Redundancy
Before we go any further, it's time to test our network's redundancy. We waited until now because the best test is the one where all services are working. We know that corosync uses the BCN and that DRBD uses the SN, so if anything goes wrong here, one or the other should trigger a fence. If we get though all this testing without that happening, we can say for sure that our network is robust!
We need to test the following;
- Individual port failures
- Failure and recovery of both the primary and secondary switch in the stack.
We're going to do this while the cluster and DRBD is running, so be sure that cman and rgmanager are running and that both storage services have started.
- Make sure that cman has started on both nodes.
First, we'll test all network cables individually, one node and one bonded interface at a time.
- For each network; IFN, SN and BCN;
- On both nodes, start a ping flood against the opposing node specifying the appropriate network name suffix in the first window and starting tailing syslog in the second window.
- watch each bond's /proc/net/bonding/bondX file to see which interfaces are active.
- Pull the currently-active network cable from the bond (either at the switch or at the node).
- Check the state of the bonds again and see that they've switched to their backup interface. If a node gets fenced, you know something went wrong. You should see a handful of lost packets in the ping flood.
- Restore the network cable and wait 2 minutes, then verify that the old primary interface was restored. You will see another handful of lost packets in the flood during the recovery.
- Pull the cable again, then restore it. This time, do not wait 2 minutes. After just a few seconds, pull the backup link and ensure that the bond immediately resumed use of the primary interface.
- Repeat the above steps for all bonds on both nodes. This will take a while, but you need to ensure configuration errors are found now.
 
|  | Warning: Testing the complete primary switch failure and subsequant recovery is very, very important. Please do NOT skip this step! | 
Once all bonds have been tested, we'll do a final test by failing the primary switch.
- Cut the power to the switch.
- Check all bond status files. Confirm that all have switched to their backup links.
- Restore power to the switch and wait 2 minutes.
- Confirm that the bonds did not switch to the primary interfaces before the switch was ready to move data.
If all of these steps pass and the cluster doesn't partition, then you can be confident that your network is configured properly for full redundancy.
Network Testing Terminal Layout
If you have a couple of monitors, particularly one with portrait mode, you might be able to open 16 terminals at once. This is how many are needed to run ping floods, watch the bond status files, tail syslog and watch cman_tool all at the same time. This configuration makes it very easy to keep a near real-time, complete view of all network components.
On the left window, the top-left terminal shows watch cman_tool status and the top-right terminal shows tail -f -n 0 /var/log/messages for an-c05n01. The bottom two terminals show the same for an-c05n02.
On the right, portrait-mode window, the terminal layout used for monitoring the bonded link status and ping floods are shown. There are two columns; an-c05n01 on the left and an-c05n02 on the right. Each column is stacked into six rows, bond0 on the top followed by ping -f an-c05n02.bcn, bond1 in the middle followed by ping -f an-c05n02.sn and bond2 at the bottom followed by ping -f an-c05n02.ifn. The left window shows the standard tail on syslog plus watch cman_tool status.


How to Know if the Tests Passed
Well, the most obvious answer to this question is if the cluster is still working after a switch is powered off.
We can be a little more subtle than that though.
The state of each bond is viewable by looking in the special /proc/net/bonding/bondX files, where X is the bond number. Lets take a look at bond0 on an-c05n01.
cat /proc/net/bonding/bond0Ethernet Channel Bonding Driver: v3.6.0 (September 26, 2009)
Bonding Mode: fault-tolerance (active-backup)
Primary Slave: eth0 (primary_reselect always)
Currently Active Slave: eth0
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 120000
Down Delay (ms): 0
Slave Interface: eth0
MII Status: up
Link Failure Count: 0
Permanent HW addr: 00:e0:81:c7:ec:49
Slave queue ID: 0
Slave Interface: eth3
MII Status: up
Link Failure Count: 0
Permanent HW addr: 00:1b:21:9d:59:fc
Slave queue ID: 0We can see that the currently active interface is eth0. This is the key bit we're going to be watching for these tests. I know that eth0 on an-c05n01 is connected to by first switch. So when I pull the cable to that switch, or when I fail that switch entirely, I should see eth3 take over.
We'll also be watching syslog. If things work right, we should not see any messages from the cluster during failure and recovery.
Failing The First Interface
Let's look at the first test. We'll fail an-c05n01's eth0 interface by pulling its cable.
On an-c05n01's syslog, you will see;
Dec 13 14:03:19 an-c05n01 kernel: e1000e: eth0 NIC Link is Down
Dec 13 14:03:19 an-c05n01 kernel: bonding: bond0: link status definitely down for interface eth0, disabling it
Dec 13 14:03:19 an-c05n01 kernel: bonding: bond0: making interface eth3 the new active one.Looking again at an-c05n01's bond0's status;
cat /proc/net/bonding/bond0Ethernet Channel Bonding Driver: v3.6.0 (September 26, 2009)
Bonding Mode: fault-tolerance (active-backup)
Primary Slave: eth0 (primary_reselect always)
Currently Active Slave: eth3
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 120000
Down Delay (ms): 0
Slave Interface: eth0
MII Status: down
Link Failure Count: 1
Permanent HW addr: 00:e0:81:c7:ec:49
Slave queue ID: 0
Slave Interface: eth3
MII Status: up
Link Failure Count: 0
Permanent HW addr: 00:1b:21:9d:59:fc
Slave queue ID: 0We can see now that eth0 is down and that eth3 has taken over.
If you look at the windows running the ping flood, both an-c05n01 and an-c05n02 should show nearly the same number of lost packets;
PING an-c05n02 (10.20.50.2) 56(84) bytes of data.
........................The failure of the link was successful!
Recovering The First Interface
Surviving failure is only half the test. We also need to test the recovery of the interface. When ready, reconnect an-c05n01's eth0.
The first thing you should notice is in an-c05n01's syslog;
Dec 13 14:06:40 an-c05n01 kernel: e1000e: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: Rx/Tx
Dec 13 14:06:40 an-c05n01 kernel: bonding: bond0: link status up for interface eth0, enabling it in 120000 ms.The bond will still be using eth3, so lets wait two minutes.
After the two minutes, you should see the following addition syslog entries.
Dec 13 14:08:40 an-c05n01 kernel: bond0: link status definitely up for interface eth0, 1000 Mbps full duplex.
Dec 13 14:08:40 an-c05n01 kernel: bonding: bond0: making interface eth0 the new active one.If we go back to the bond status file, we'll see that the eth0 interface has been restored.
cat /proc/net/bonding/bond0Ethernet Channel Bonding Driver: v3.6.0 (September 26, 2009)
Bonding Mode: fault-tolerance (active-backup)
Primary Slave: eth0 (primary_reselect always)
Currently Active Slave: eth0
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 120000
Down Delay (ms): 0
Slave Interface: eth0
MII Status: up
Link Failure Count: 1
Permanent HW addr: 00:e0:81:c7:ec:49
Slave queue ID: 0
Slave Interface: eth3
MII Status: up
Link Failure Count: 0
Permanent HW addr: 00:1b:21:9d:59:fc
Slave queue ID: 0Note that the only difference from before is that eth0's Link Failure Count has been incremented to 1.
The test has passed!
Now repeat the test for the other two bonds, then for all three bonds on an-c05n02. Remember to also repeat each test, but pull the backup interface before the 2 minutes delays has completed. The primary interface should immediately take over again. This will confirm that failover for the backup link is also working properly.
Failing The First Switch
Check that all bonds on both nodes are using their primary interfaces. Confirm your cabling to ensure that these are all routed to the primary switch and that all backup links are cabled into the backup switch. Once done, pull the power to the primary switch. Both nodes should show similar output in their syslog windows;
Dec 13 14:16:17 an-c05n01 kernel: e1000e: eth2 NIC Link is Down
Dec 13 14:16:17 an-c05n01 kernel: e1000e: eth0 NIC Link is Down
Dec 13 14:16:17 an-c05n01 kernel: bonding: bond0: link status definitely down for interface eth0, disabling it
Dec 13 14:16:17 an-c05n01 kernel: bonding: bond0: making interface eth3 the new active one.
Dec 13 14:16:17 an-c05n01 kernel: bonding: bond2: link status definitely down for interface eth2, disabling it
Dec 13 14:16:17 an-c05n01 kernel: bonding: bond2: making interface eth5 the new active one.
Dec 13 14:16:17 an-c05n01 kernel: device eth2 left promiscuous mode
Dec 13 14:16:17 an-c05n01 kernel: device eth5 entered promiscuous mode
Dec 13 14:16:17 an-c05n01 kernel: e1000e: eth1 NIC Link is Down
Dec 13 14:16:18 an-c05n01 kernel: bonding: bond1: link status definitely down for interface eth1, disabling it
Dec 13 14:16:18 an-c05n01 kernel: bonding: bond1: making interface eth4 the new active one.I can look at an-c05n01's /proc/net/bonding/bond0 file and see:
cat /proc/net/bonding/bond0Ethernet Channel Bonding Driver: v3.6.0 (September 26, 2009)
Bonding Mode: fault-tolerance (active-backup)
Primary Slave: eth0 (primary_reselect always)
Currently Active Slave: eth3
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 120000
Down Delay (ms): 0
Slave Interface: eth0
MII Status: down
Link Failure Count: 3
Permanent HW addr: 00:e0:81:c7:ec:49
Slave queue ID: 0
Slave Interface: eth3
MII Status: up
Link Failure Count: 2
Permanent HW addr: 00:1b:21:9d:59:fc
Slave queue ID: 0Notice Currently Active Slave is now eth3? You can also see now that eth0's link is down (MII Status: down).
It should be the same story for all the other bonds on both nodes.
If we check the status of the cluster, we'll see that all is good.
cman_tool statusVersion: 6.2.0
Config Version: 7
Cluster Name: an-cluster-05
Cluster Id: 24561
Cluster Member: Yes
Cluster Generation: 40
Membership state: Cluster-Member
Nodes: 2
Expected votes: 1
Total votes: 2
Node votes: 1
Quorum: 1  
Active subsystems: 7
Flags: 2node 
Ports Bound: 0  
Node name: an-c05n01.alteeve.ca
Node ID: 1
Multicast addresses: 239.192.95.81 
Node addresses: 10.20.50.1Success! We just failed the primary switch without any interruption of clustered services.
We're not out of the woods yet, though...
Restoring The First Switch
Now that we've confirmed all of the bonds are working on the backup switch, lets restore power to the first switch.
|  | Warning: Be sure to wait five minutes after restoring power before declaring the recovery a success! Some configuration faults will take a few minutes to appear. | 
It is very important to wait for a while after restoring power to the switch. Some of the common problems that can break your cluster will not show up immediately. A good example is a misconfiguration of STP. In this case, the switch will come up, a short time will pass and then the switch will trigger an STP reconfiguration. Once this happens, both switches will block traffic for many seconds. This will partition you cluster.
So then, lets power it back up.
Within a few moments, you should see this in your syslog;
Dec 13 14:19:30 an-c05n01 kernel: e1000e: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: Rx/Tx
Dec 13 14:19:30 an-c05n01 kernel: bonding: bond0: link status up for interface eth0, enabling it in 120000 ms.
Dec 13 14:19:30 an-c05n01 kernel: e1000e: eth2 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: Rx/Tx
Dec 13 14:19:30 an-c05n01 kernel: e1000e: eth1 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: Rx/Tx
Dec 13 14:19:30 an-c05n01 kernel: bonding: bond2: link status up for interface eth2, enabling it in 120000 ms.
Dec 13 14:19:30 an-c05n01 kernel: bonding: bond1: link status up for interface eth1, enabling it in 120000 ms.As with the individual link test, the backup interfaces will remain in use for two minutes. This is critical because miimon has detected the connection to the switches, but the switches are still a long way from being able to route traffic. After the two minutes, we'll see the primary interfaces return to active state.
Dec 13 14:20:25 an-c05n01 kernel: e1000e: eth0 NIC Link is Down
Dec 13 14:20:25 an-c05n01 kernel: bonding: bond0: link status down again after 55000 ms for interface eth0.
Dec 13 14:20:26 an-c05n01 kernel: e1000e: eth1 NIC Link is Down
Dec 13 14:20:26 an-c05n01 kernel: bonding: bond1: link status down again after 55800 ms for interface eth1.
Dec 13 14:20:27 an-c05n01 kernel: e1000e: eth2 NIC Link is Down
Dec 13 14:20:27 an-c05n01 kernel: bonding: bond2: link status down again after 56800 ms for interface eth2.
Dec 13 14:20:27 an-c05n01 kernel: e1000e: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: Rx/Tx
Dec 13 14:20:27 an-c05n01 kernel: bonding: bond0: link status up for interface eth0, enabling it in 120000 ms.
Dec 13 14:20:28 an-c05n01 kernel: e1000e: eth1 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: Rx/Tx
Dec 13 14:20:28 an-c05n01 kernel: bonding: bond1: link status up for interface eth1, enabling it in 120000 ms.
Dec 13 14:20:29 an-c05n01 kernel: e1000e: eth2 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: Rx/Tx
Dec 13 14:20:29 an-c05n01 kernel: bonding: bond2: link status up for interface eth2, enabling it in 120000 ms.
Dec 13 14:20:31 an-c05n01 kernel: e1000e: eth0 NIC Link is Down
Dec 13 14:20:31 an-c05n01 kernel: bonding: bond0: link status down again after 3500 ms for interface eth0.
Dec 13 14:20:32 an-c05n01 kernel: e1000e: eth1 NIC Link is Down
Dec 13 14:20:32 an-c05n01 kernel: bonding: bond1: link status down again after 4100 ms for interface eth1.
Dec 13 14:20:32 an-c05n01 kernel: e1000e: eth2 NIC Link is Down
Dec 13 14:20:32 an-c05n01 kernel: bonding: bond2: link status down again after 3500 ms for interface eth2.
Dec 13 14:20:33 an-c05n01 kernel: e1000e: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: Rx/Tx
Dec 13 14:20:33 an-c05n01 kernel: bonding: bond0: link status up for interface eth0, enabling it in 120000 ms.
Dec 13 14:20:34 an-c05n01 kernel: e1000e: eth1 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: Rx/Tx
Dec 13 14:20:34 an-c05n01 kernel: bonding: bond1: link status up for interface eth1, enabling it in 120000 ms.
Dec 13 14:20:35 an-c05n01 kernel: e1000e: eth2 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: Rx/Tx
Dec 13 14:20:35 an-c05n01 kernel: bonding: bond2: link status up for interface eth2, enabling it in 120000 ms.See all that bouncing? That is caused by many switches showing a link (that is the MII status) without actually being able to push traffic. As part of the switches boot sequence, the links will go down and come back up a couple of times. The 2 minute counter will reset with each bounce, so the recovery time is actually quite a bit longer than two minutes. This is fine, no need to rush back to the first switch.
Note that you will not see this bouncing on switches that hold back on MII status until finished booting.
After a few minutes, the old interfaces will actually be restored.
Dec 13 14:22:33 an-c05n01 kernel: bond0: link status definitely up for interface eth0, 1000 Mbps full duplex.
Dec 13 14:22:33 an-c05n01 kernel: bonding: bond0: making interface eth0 the new active one.
Dec 13 14:22:34 an-c05n01 kernel: bond1: link status definitely up for interface eth1, 1000 Mbps full duplex.
Dec 13 14:22:34 an-c05n01 kernel: bonding: bond1: making interface eth1 the new active one.
Dec 13 14:22:35 an-c05n01 kernel: bond2: link status definitely up for interface eth2, 1000 Mbps full duplex.
Dec 13 14:22:35 an-c05n01 kernel: bonding: bond2: making interface eth2 the new active one.
Dec 13 14:22:35 an-c05n01 kernel: device eth5 left promiscuous mode
Dec 13 14:22:35 an-c05n01 kernel: device eth2 entered promiscuous modeComplete success!
Failing The Secondary Switch
Before we can say that everything is perfect, we need to test failing and recovering the secondary switch. The main purpose of this test is to ensure that there are no problems caused when the secondary switch restarts.
To fail the switch, as we did with the primary switch, simply cut its power. We should see the following in both node's syslog;
Dec 13 14:30:57 an-c05n01 kernel: e1000e: eth3 NIC Link is Down
Dec 13 14:30:57 an-c05n01 kernel: bonding: bond0: link status definitely down for interface eth3, disabling it
Dec 13 14:30:58 an-c05n01 kernel: e1000e: eth4 NIC Link is Down
Dec 13 14:30:58 an-c05n01 kernel: e1000e: eth5 NIC Link is Down
Dec 13 14:30:58 an-c05n01 kernel: bonding: bond1: link status definitely down for interface eth4, disabling it
Dec 13 14:30:58 an-c05n01 kernel: bonding: bond2: link status definitely down for interface eth5, disabling itLet's take a look at an-c05n01's bond0 status file.
cat /proc/net/bonding/bond0Ethernet Channel Bonding Driver: v3.6.0 (September 26, 2009)
Bonding Mode: fault-tolerance (active-backup)
Primary Slave: eth0 (primary_reselect always)
Currently Active Slave: eth0
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 120000
Down Delay (ms): 0
Slave Interface: eth0
MII Status: up
Link Failure Count: 3
Permanent HW addr: 00:e0:81:c7:ec:49
Slave queue ID: 0
Slave Interface: eth3
MII Status: down
Link Failure Count: 3
Permanent HW addr: 00:1b:21:9d:59:fc
Slave queue ID: 0Note that the eth3 interface is shown as down. There should have been no dropped packets in the ping-flood window at all.
Restoring The Second Switch
When the power is restored to the switch, we'll see the same "bouncing" as the switch goes through its startup process. Notice that the backup link also remains listed as down for 2 minutes, despite the interface not being used by the bonded interface.
Dec 13 14:33:36 an-c05n01 kernel: e1000e: eth4 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: Rx/Tx
Dec 13 14:33:36 an-c05n01 kernel: e1000e: eth5 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: Rx/Tx
Dec 13 14:33:36 an-c05n01 kernel: bonding: bond1: link status up for interface eth4, enabling it in 120000 ms.
Dec 13 14:33:36 an-c05n01 kernel: bonding: bond2: link status up for interface eth5, enabling it in 120000 ms.
Dec 13 14:33:37 an-c05n01 kernel: e1000e: eth3 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: Rx/Tx
Dec 13 14:33:37 an-c05n01 kernel: bonding: bond0: link status up for interface eth3, enabling it in 120000 ms.
Dec 13 14:34:34 an-c05n01 kernel: e1000e: eth5 NIC Link is Down
Dec 13 14:34:34 an-c05n01 kernel: bonding: bond2: link status down again after 58000 ms for interface eth5.
Dec 13 14:34:36 an-c05n01 kernel: e1000e: eth5 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: Rx/Tx
Dec 13 14:34:36 an-c05n01 kernel: bonding: bond2: link status up for interface eth5, enabling it in 120000 ms.
Dec 13 14:34:38 an-c05n01 kernel: e1000e: eth5 NIC Link is Down
Dec 13 14:34:38 an-c05n01 kernel: bonding: bond2: link status down again after 2000 ms for interface eth5.
Dec 13 14:34:40 an-c05n01 kernel: e1000e: eth5 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
Dec 13 14:34:40 an-c05n01 kernel: bonding: bond2: link status up for interface eth5, enabling it in 120000 ms.After two minutes from the last bound, we'll see the backup interfaces return to up state in the bond's status file.
Dec 13 14:35:36 an-c05n01 kernel: bond1: link status definitely up for interface eth4, 1000 Mbps full duplex.
Dec 13 14:35:37 an-c05n01 kernel: bond0: link status definitely up for interface eth3, 1000 Mbps full duplex.
Dec 13 14:36:40 an-c05n01 kernel: bond2: link status definitely up for interface eth5, 1000 Mbps full duplex.After a full five minutes, the cluster and the network remain stable. We can officially declare our network to be fully highly available!
Provisioning Virtual Machines
Now we're getting to the purpose of our cluster; Provision virtual machines!
We have two steps left;
- Provision our VMs.
- Add the VMs to rgmanager.
"Provisioning" a virtual machine simple means to create it; Assign a collection of emulated hardware, connected to physical devices, to a given virtual machine and begin the process of installing the operating system on it. This tutorial is more about clustering than it is about virtual machine administration, so some experience with managing virtual machines has to be assumed. If you need to brush up, here are some resources;
- KVM project's How-Tos
- KVM project's FAQ
- Red Hat's Hypervisor Guide
- Red Hat's Virtualization Guide
- Red Hat's Virtualization Administration
- Red Hat's Virtualization Host Configuration and Guest Installation Guide
When you feel comfortable, proceed.
Before We Begin - Building a Dashboard

One of the biggest advances since the initial tutorial was created was the creation of the AN!CDB - Cluster Dashboard.
It provides a very easy to use web-based user interface for building, modifying and removing servers on the Anvil! platform.
It also provides a "KVM switch" style access to the servers you create. This gives you direct access to your servers, just as if you have a physical keyboard, mouse and monitor plugged into a physical server. You can watch the server boot from the virtual, boot into recovery consoles or off of repair "DVDs" and so forth.
The link above covers the dashboard and it's use, and includes a link to an installer showing how to setup a dashboard for yourself. Now is a good time to take a break from this tutorial and setup that dashboard.
If you do not wish to build a dashboard, that is fine. It is not required in this tutorial.
If you decide not to though, you will now need to setup "Virtual Machine Manager" on your (Linux) computer in order to get access to the servers we are about to build. You will need this in order to walk through the installation process for your new servers. Of course, once the install is complete, you can switch to another, traditional form of remote access like RDP on windows servers or ssh on *nix servers.
If you want to use "Virtual Machine Manager", look for a package from your distribution package manager with a name like virt-manager. Once it is installed, add the connections to your Anvil! nodes. Once that's done, you're ready to proceed to the next section!
A Note on the Following Server Installations
We wanted to show as many different server installations as possible. Obviously, it's unlikely that you will want or need all of the operating we're about to install. Please feel free to skip over the installation of servers that are not interesting to you.
Provision Planning
|  | Note: We're going to spend a lot of time provisioning vm01-win2008. If you plan to skip it, please be sure to refer back to it if you run into questions on a later install. | 
If you recall, when we were planning out our partitions, we've already chosen which servers will draw from which storage pools and how big their "hard drives" will be. The last thing to consider is RAM allocation. The servers we're using to write this tutorial are a little modest in the RAM department with only 24 GiB of RAM. We need to subtract at least 2 GiB for the host nodes, leaving us with a total of 22 GiB.
That needs to be divided up amongst our eight servers. Now, nothing says you have to use it all, of course. It's perfectly fine to leave some RAM unallocated for future use. This is really up to you and your needs.
Let's put together a table with the RAM we plan to allocate and summarizing the logical volume we're going to create for each server. The LVs will be named after the server they'll be assigned to with the suffix _0. Later, if we add a second "hard drive" to a server, it will have the suffix _1 and so on.
| Server | RAM (GiB) | Storage Pool (VG) | LV name | LV size | 
|---|---|---|---|---|
| vm01-win2008 | 3 | an-c05n01 | vm01-win2008_0 | 150 GB | 
| vm02-win2012 | 4 | an-c05n02 | vm02-win2012_0 | 150 GB | 
| vm03-win7 | 3 | an-c05n01 | vm03-win7_0 | 100 GB | 
| vm04-win8 | 4 | an-c05n01 | vm04-win8_0 | 100 GB | 
| vm05-freebsd9 | 2 | an-c05n02 | vm05-freebsd9_0 | 50 GB | 
| vm06-solaris11 | 2 | an-c05n02 | vm06-solaris11_0 | 100 GB | 
| vm07-rhel6 | 2 | an-c05n01 | vm07-rhel6_0 | 50 GB | 
| vm08-sles11 | 2 | an-c05n01 | vm08-sles11_0 | 100 GB | 
If you plan to set static IP addresses for your servers, now would be a good time to select them, too. It's not needed, of course, but it certainly can make things easier to have all the details in one place.
Provisioning vm01-win2008

Before we can install the OS, we need to copy the installation media and our driver disk, if needed, and put them in the /shared/files.
Windows is licensed software, so you will need to purchase a copy. You can get an evaluation copy from Microsoft's website. In either case, downloading a copy of the installation media is an exercise for you, I am afraid.
As for drivers; We're going to use a special kind of emulated SCSI controller and a special kind of emulated network card for this and our other three windows installs. These are called http://www.linux-kvm.org/page/Virtio devices and they are designed to significantly improve storage and network speeds on KVM guests.
If you have ever installed windows on a newer server, you're probably already familiar with the process of installing drivers in order to see SCSI and RAID controllers during the boot process. If so, then what we're going to do here will be no different. If you have never done this before, don't worry. It's a fairly simple task.
You can create install media from a physical disk or copy install media using the AN!CDB's "Media Connector" function. Of course, you can also copy files to the Anvil! using standard tools like rsync and wget as well. What ever method you prefer,
In my case, I will rsync the Windows install ISO from another machine on our network to /shared/files via an-c05n01.
rsync -av --progress /data0/VMs/files/Windows_Svr_2008_R2_64Bit_SP1.ISO root@10.255.50.1:/shared/files/root@10.255.50.1's password:sending incremental file list
Windows_Svr_2008_R2_64Bit_SP1.ISO
  3166720000 100%   65.53MB/s    0:00:46 (xfer#1, to-check=0/1)
sent 3167106674 bytes  received 31 bytes  59198256.17 bytes/sec
total size is 3166720000  speedup is 1.00For virtio, let's use wget to grab the latest version from their website. At the time of this writing, the "stable" version is 0.1-52 and the "latest" version is 0.1-65.
Being conservative when it comes to servers, my preference is to use the "stable" version.
| an-c05n01 | cd /shared/files/
wget -c https://alt.fedoraproject.org/pub/alt/virtio-win/stable/virtio-win-0.1-52.iso
cd ~--2013-11-02 10:48:14--  https://alt.fedoraproject.org/pub/alt/virtio-win/stable/virtio-win-0.1-52.iso
Resolving alt.fedoraproject.org... 209.132.181.27, 209.132.181.23, 209.132.181.24, ...
Connecting to alt.fedoraproject.org|209.132.181.27|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 58497024 (56M) [application/octet-stream]
Saving to: `virtio-win-0.1-52.iso'
100%[===============================================================>] 58,497,024  1.07M/s   in 94s     
2013-11-02 10:49:49 (609 KB/s) - `virtio-win-0.1-52.iso' saved [58497024/58497024] | 
|---|---|
| an-c05n02 | ls -lah /shared/files/total 3.1G
drwxr-xr-x. 2 root root 3.8K Nov  2 10:48 .
drwxr-xr-x. 6 root root 3.8K Nov  1 01:23 ..
-rw-r--r--. 1 root root  56M Jan 22  2013 virtio-win-0.1-52.iso
-rw-rw-r--. 1 qemu qemu 3.0G Oct 14  2011 Windows_Svr_2008_R2_64Bit_SP1.ISO | 
Ok, we're ready!
Creating vm01-win2008's Storage
|  | Note: Earlier, we used parted to examine our free space and create our DRBD partitions. Unfortunately, parted shows sizes in GB (base 10) where LVM uses GiB (base 2). If we used LVM's "xxG size notation, it will use more space than we expect, relative to our planning in the parted stage. LVM doesn't allow specifying new LV sizes in GB instead of GiB, so here we will specify sizes in MiB to help narrow the differences. You can read more about this issue here. | 
Creating the vm01-win2008's "hard drive" is a simple process. Recall that we want a 150 GB logical volume carved from the an-c05n01_vg0 volume group (the "storage pool" for servers designed to run on an-c05n01). Knowing this, the command to create the new LV is below.
| an-c05n01 | lvcreate -L 150000M -n vm01-win2008_0 /dev/an-c05n01_vg0  Logical volume "vm01-win2008_0" created | 
|---|---|
| an-c05n01 | lvdisplay /dev/an-c05n01_vg0/vm01-win2008_0  --- Logical volume ---
  LV Path                /dev/an-c05n01_vg0/vm01-win2008_0
  LV Name                vm01-win2008_0
  VG Name                an-c05n01_vg0
  LV UUID                bT0zon-H2LN-0jmi-refA-J0QX-zHjT-nEY7YY
  LV Write Access        read/write
  LV Creation host, time an-c05n01.alteeve.ca, 2013-11-02 11:04:44 -0400
  LV Status              available
  # open                 0
  LV Size                146.48 GiB
  Current LE             37500
  Segments               1
  Allocation             inherit
  Read ahead sectors     auto
  - currently set to     256
  Block device           253:1 | 
Notice how we see 146.48 GiB? That is roughly the difference between "150 GB" and "150 GiB".
Creating vm01-win2008's virt-install Call
Now with the storage created, we can craft the virt-install command. we'll put this into a file under the /shared/provision/ directory for future reference. Let's take a look at the command, then we'll discuss what the switches are for.
touch /shared/provision/vm01-win2008.sh
chmod 755 /shared/provision/vm01-win2008.sh 
vim /shared/provision/vm01-win2008.shvirt-install --connect qemu:///system \
  --name vm01-win2008 \
  --ram 3072 \
  --arch x86_64 \
  --vcpus 2 \
  --cdrom /shared/files/Windows_Svr_2008_R2_64Bit_SP1.ISO \
  --disk path=/shared/files/virtio-win-0.1-52.iso,device=cdrom --force\
  --os-variant win2k8 \
  --network bridge=vbr2,model=virtio \
  --disk path=/dev/an-c05n01_vg0/vm01-win2008_0,bus=virtio \
  --graphics spice > /var/log/an-install_vm01-win2008.log &|  | Note: Don't use tabs to indent the lines. | 
Let's break it down;
| Switch | Descriptions | 
|---|---|
| --connect qemu:///system | This tells virt-install to use the QEMU hardware emulator (as opposed to Xen, for example) and to install the server on to local node. | 
| --name vm01-win2008 | This sets the name of the server. It is the name we will use in the cluster configuration and whenever we use the libvirtd tools, like virsh. | 
| --ram 3072 | This sets the amount of RAM, in MiB, to allocate to this server. Here, we're allocating 3 GiB, which is 3,072 MiB. | 
| --arch x86_64 | This sets the emulated CPU's architecture to 64-bit. This can be used even when you plan to install a 32-bit OS, but not the other way around, of course. | 
| --vcpus 2 | This sets the number of CPU cores to allocate to this server. Here, we're allocating two CPUs. | 
| --cdrom /shared/files/Windows_Svr_2008_R2_64Bit_SP1.ISO | This tells the hypervisor to create a cd-rom (dvd-rom) drive and to "insert" the specified ISO as if it was a physical disk. This will be the initial boot device, too. | 
| --disk path=/shared/files/virtio-win-0.1-52.iso,device=cdrom --force | We need to make the virtio drivers available during the install process. This command is similar to the --cdrom above, but crafted as if it was a disk drive with the device=cdrom switch. This helps make sure that the cdrom above is used as the boot drive. Also note the --force option. This is used because, normally, if the ISO was "inserted" into another server's cd-rom, it would refuse to work here. The nature of ISOs ensures they're read-only, so we can safely force two or more servers to use the same ISO at the same time. | 
| --os-variant win2k8 | This tweaks the virt-manager's initial method of running and tunes the hypervisor to try and get the best performance for the server. There are many possible values here for many, many different operating systems. If you run virt-install --os-variant list on your node, you will get a full list of available operating systems. If you can't find your exact operating system, select the one that is the closest match. | 
| --network bridge=vbr2,model=virtio | This tells the hypervisor that we want to create a network card using the virtio "hardware" and that we want it plugged into the vbr2 bridge. We only need one network card, but if you wanted two or more, simply repeat this command. If you create two or more bridges, you can have different network devices connect to different bridges. | 
| --disk path=/dev/an-c05n01_vg0/vm01-win2008_0,bus=virtio | This tells the hypervisor what logical volume to use for the server's "hard drive". It also tells it to use the virtio emulated SCSI controller. | 
| --graphics spice > /var/log/an-install_vm01-win2008.log | Finally, this tells the hypervisor to use the spice emulated video card. It is a bit simplistic to call it simply a "graphics card", but that's close enough for now. Given that this is the last line, we close off the virt-install command with a simple redirection to a log file. Later, if we want to examine the install process, we can review /var/log/an-install_vm01-win2008.log for details on the install process. | 
Initializing vm01-win2008's Install
On your dashboard or workstation, open the "Virtual Machine Manager" and connect to both nodes.
We can install any server from either node. However, we know that each server has a preferred host, so it's sensible to use that host for the installation stage. In the case of vm01-win2008, the preferred host is an-c05n01, so we'll use it to kick off the install.
One the install begins, the new server should appear in "Virtual Machine Manager". Double-click on it and you will see that the new server is booting off of the install cd-rom. We're installing Windows, so that will begin the install process.
Time to start the install!
| an-c05n01 | /shared/provision/vm01-win2008.sh Cannot open display: 
Run 'virt-viewer --help' to see a full list of available command line options | 
|---|
And it's off!

Follow the install process, entering the values you want. When you get to the install target screen, you will see that Windows can't find the hard drive.

This was expected because windows 2008 does not natively support virtio. That's why we used two virtual cd-rom drives and "inserted" the virtio driver disk into the second drive.
Click on "Load Driver" on the bottom right.

Click on "Browse".

The driver disk is in the seconds (virtual) cd-rom drive mounted at drive e:. The drivers for Windows 2008 are the same as for Windows 7, so browse to E:\WIN7\AMD64 (assuming you are installing the 64-bit version of windows) and click on "OK".

|  | Note: If you forget to select the network drivers here, you will have to manually install the drivers for the network card after the install has completed. | 
Press and hold the <control> key and click on both the "Red Hat VirtIO Ethernet Adapter" and the "Red Hat VirtIO SCSI Controller" drivers. By doing this, we won't have to install the network card's drivers later. Click on "Next" and the drivers will be installed.

Now you can finish installing Windows 2008 just as you would do so on a bare iron server!

What you do from here is entirely up to you and your needs.
|  | Note: If you wish, jump to Making vm01-win2008 a Highly Available Services now to immediately add vm01-win2008 to the cluster manager. | 
Provisioning vm02-win2012
|  | Note: This install references steps taken in the vm01-win2008 install. If you skipped it, you may wish to look at it to get a better idea of some of the steps performed here. | 

Before we can install the OS, we need to copy the installation media and our driver disk, if needed, and put them in the /shared/files.
Windows is licensed software, so you will need to purchase a copy. You can get an evaluation copy from Microsoft's website. In either case, downloading a copy of the installation media is an exercise for you, I am afraid.
As for drivers; We're going to use a special kind of emulated SCSI controller and a special kind of emulated network card for this and our other three windows installs. These are called http://www.linux-kvm.org/page/Virtio devices and they are designed to significantly improve storage and network speeds on KVM guests.
If you have ever installed windows on a newer server, you're probably already familiar with the process of installing drivers in order to see SCSI and RAID controllers during the boot process. If so, then what we're going to do here will be no different. If you have never done this before, don't worry. It's a fairly simple task.
You can create install media from a physical disk or copy install media using the AN!CDB's "Media Connector" function. Of course, you can also copy files to the Anvil! using standard tools like rsync and wget as well. What ever method you prefer,
In my case, I will rsync the Windows install ISO from another machine on our network to /shared/files via an-c05n01.
rsync -av --progress /data0/VMs/files/Windows_2012_R2_64-bit_Preview.iso root@10.255.50.1:/shared/files/root@10.255.50.1's password:sending incremental file list
Windows_2012_R2_64-bit_Preview.iso
  4128862208 100%   66.03MB/s    0:00:59 (xfer#1, to-check=0/1)
sent 4129366322 bytes  received 31 bytes  65029391.39 bytes/sec
total size is 4128862208  speedup is 1.00For virtio, we can simply re-use the ISO we uploaded for vm01-2008.
|  | Note: We've planned to run vm02-win2012 on an-c05n02, so we will use that node for the provisioning stage. | 
| an-c05n02 | ls -lah /shared/files/total 6.9G
drwxr-xr-x. 2 root root 3.8K Nov 11 11:28 .
drwxr-xr-x. 6 root root 3.8K Nov  1 01:23 ..
-rw-r--r--. 1 qemu qemu  56M Jan 22  2013 virtio-win-0.1-52.iso
-rw-rw-r--. 1 1000 1000 3.9G Oct  2 22:31 Windows_2012_R2_64-bit_Preview.iso
-rw-rw-r--. 1 qemu qemu 3.0G Oct 14  2011 Windows_Svr_2008_R2_64Bit_SP1.ISO | 
|---|
Ok, we're ready!
Creating vm02-win2012's Storage
|  | Note: Earlier, we used parted to examine our free space and create our DRBD partitions. Unfortunately, parted shows sizes in GB (base 10) where LVM uses GiB (base 2). If we used LVM's "xxG size notation, it will use more space than we expect, relative to our planning in the parted stage. LVM doesn't allow specifying new LV sizes in GB instead of GiB, so here we will specify sizes in MiB to help narrow the differences. You can read more about this issue here. | 
Creating the vm02-win2012's "hard drive" is a simple process. Recall that we want a 150 GB logical volume carved from the an-c05n02_vg0 volume group (the "storage pool" for servers designed to run on an-c05n02). Knowing this, the command to create the new LV is below.
| an-c05n02 | lvcreate -L 150000M -n vm02-win2012_0 /dev/an-c05n02_vg0  Logical volume "vm02-win2012_0" created | 
|---|---|
| an-c05n01 | lvdisplay /dev/an-c05n02_vg0/vm02-win2012_0  --- Logical volume ---
  LV Path                /dev/an-c05n02_vg0/vm02-win2012_0
  LV Name                vm02-win2012_0
  VG Name                an-c05n02_vg0
  LV UUID                Lnyg1f-kNNV-qjfn-P7X3-LxLw-1Uyh-dfNfL0
  LV Write Access        read/write
  LV Creation host, time an-c05n02.alteeve.ca, 2013-11-11 11:30:55 -0500
  LV Status              available
  # open                 0
  LV Size                146.48 GiB
  Current LE             37500
  Segments               1
  Allocation             inherit
  Read ahead sectors     auto
  - currently set to     256
  Block device           253:2 | 
Notice how we see 146.48 GiB? That is roughly the difference between "150 GB" and "150 GiB".
Creating vm02-win2012's virt-install Call
Now with the storage created, we can craft the virt-install command. we'll put this into a file under the /shared/provision/ directory for future reference. Let's take a look at the command, then we'll discuss what the switches are for.
touch /shared/provision/vm02-win2012.sh
chmod 755 /shared/provision/vm02-win2012.sh 
vim /shared/provision/vm02-win2012.shvirt-install --connect qemu:///system \
  --name vm02-win2012 \
  --ram 4096 \
  --arch x86_64 \
  --vcpus 2 \
  --cdrom /shared/files/Windows_2012_R2_64-bit_Preview.iso \
  --disk path=/shared/files/virtio-win-0.1-52.iso,device=cdrom --force\
  --os-variant win2k8 \
  --network bridge=vbr2,model=virtio \
  --disk path=/dev/an-c05n02_vg0/vm02-win2012_0,bus=virtio \
  --graphics spice > /var/log/an-install_vm02-win2012.log &|  | Note: Don't use tabs to indent the lines. | 
Let's look at the differences from vm01-win2008;
| Switch | Descriptions | 
|---|---|
| --name vm02-win2012 | This is the name we're going to use for this server in the cluster and with the libvirtd tools. | 
| --ram 4096 | This sets the amount of RAM, in MiB, to allocate to this server. Here, we're allocating 4 GiB, which is 4,096 MiB. | 
| --cdrom /shared/files/Windows_2012_R2_64-bit_Preview.iso | This tells the hypervisor to create a cd-rom (dvd-rom) drive and to "insert" the specified ISO as if it was a physical disk. This will be the initial boot device, too. | 
| --disk path=/shared/files/virtio-win-0.1-52.iso,device=cdrom --force | This is the same as the vm01-win2008 provision script, but this is where the --force comes in handy. If this ISO was still "mounted" in vm01-2008's cd-rom tray, the install would abort without --force. | 
| --os-variant win2k8 | This is also the same as the vm01-win2008 provision script. At the time of writing, there wasn't an entry for win2012, so we're using the closest match which is win2k8. | 
| --disk path=/dev/an-c05n02_vg0/vm02-win2012_0,bus=virtio | This tells the hypervisor what logical volume to use for the server's "hard drive". It also tells it to use the virtio emulated SCSI controller. | 
| --graphics spice > /var/log/an-install_vm02-win2012.log | We're using a new log file for our bash redirection. Later, if we want to examine the install process, we can review /var/log/an-install_vm02-win2012.log for details on the install process. | 
Initializing vm02-win2012's Install
On your dashboard or workstation, open the "Virtual Machine Manager" and connect to both nodes.
We can install any server from either node. However, we know that each server has a preferred host, so it's sensible to use that host for the installation stage. In the case of vm02-win2012, the preferred host is an-c05n02, so we'll use it to kick off the install.
Once the install begins, the new server should appear in "Virtual Machine Manager". Double-click on it and you will see that the new server is booting off of the install cd-rom. We're installing Windows, so that will begin the install process.
Time to start the install!
| an-c05n02 | /shared/provision/vm02-win2012.sh Cannot open display: 
Run 'virt-viewer --help' to see a full list of available command line options | 
|---|
And it's off!

Follow the install process, entering the values you want. When you get to the install target screen, you will see that Windows can't find the hard drive.

This was expected because windows 2008 does not natively support virtio. That's why we used two virtual cd-rom drives and "inserted" the virtio driver disk into the second drive.
Click on "Load Driver" on the bottom right.

Click on "Browse".

The driver disk is in the seconds (virtual) cd-rom drive mounted at drive e:. The drivers for Windows 2008 are the same as for Windows 7, so browse to E:\WIN8\AMD64 (assuming you are installing the 64-bit version of windows) and click on "OK".

|  | Note: If you forget to select the network drivers here, you will have to manually install the drivers for the network card after the install has completed. | 
Press and hold the <control> key and click on both the "Red Hat VirtIO Ethernet Adapter" and the "Red Hat VirtIO SCSI Controller" drivers. By doing this, we won't have to install the network card's drivers later. Click on "Next" and the drivers will be installed.

Now you can finish installing Windows 2008 just as you would do so on a bare iron server!

What you do from here is entirely up to you and your needs.
|  | Note: If you wish, jump to Making vm02-win2012 a Highly Available Services now to immediately add vm02-win2012 to the cluster manager. | 
Provisioning vm03-win7
|  | Note: This install references steps taken in the vm01-win2008 install. If you skipped it, you may wish to look at it to get a better idea of some of the steps performed here. | 

Before we can install the OS, we need to copy the installation media and our driver disk, if needed, and put them in the /shared/files.
Windows is licensed software, so you will need to purchase a copy. You can get an evaluation copy from Microsoft's website. In either case, downloading a copy of the installation media is an exercise for you, I am afraid.
As we did for the previous two servers, we're going to use a special kind of SCSI controller and a special kind of emulated network card. These are called http://www.linux-kvm.org/page/Virtio devices and they are designed to significantly improve storage and network speeds on KVM guests.
You can create install media from a physical disk or copy install media using the AN!CDB's "Media Connector" function. Of course, you can also copy files to the Anvil! using standard tools like rsync and wget as well. What ever method you prefer,
In my case, I will rsync the Windows install ISO from another machine on our network to /shared/files via an-c05n01.
rsync -av --progress /data0/VMs/files/Windows_7_Pro_SP1_64bit_OEM_English.iso root@10.255.50.1:/shared/files/root@10.255.50.1's password:sending incremental file list
Windows_7_Pro_SP1_64bit_OEM_English.iso
  3321233408 100%   83.97MB/s    0:00:37 (xfer#1, to-check=0/1)
sent 3321638948 bytes  received 31 bytes  80039493.47 bytes/sec
total size is 3321233408  speedup is 1.00For virtio, we can simply re-use the ISO we uploaded for vm01-2008.
|  | Note: We've planned to run vm03-win7 on an-c05n01, so we will use that node for the provisioning stage. | 
| an-c05n01 | ls -lah /shared/files/total 10G
drwxr-xr-x. 2 root root 3.8K Nov 12 11:32 .
drwxr-xr-x. 6 root root 3.8K Nov  1 01:23 ..
-rw-r--r--. 1 qemu qemu  56M Jan 22  2013 virtio-win-0.1-52.iso
-rw-rw-r--. 1 qemu qemu 3.9G Oct  2 22:31 Windows_2012_R2_64-bit_Preview.iso
-rw-rw-rw-. 1 qemu qemu 3.1G Jun  8  2011 Windows_7_Pro_SP1_64bit_OEM_English.iso
-rw-rw-r--. 1 qemu qemu 3.0G Oct 14  2011 Windows_Svr_2008_R2_64Bit_SP1.ISO | 
|---|
Ok, we're ready!
Creating vm03-win7's Storage
|  | Note: Earlier, we used parted to examine our free space and create our DRBD partitions. Unfortunately, parted shows sizes in GB (base 10) where LVM uses GiB (base 2). If we used LVM's "xxG size notation, it will use more space than we expect, relative to our planning in the parted stage. LVM doesn't allow specifying new LV sizes in GB instead of GiB, so here we will specify sizes in MiB to help narrow the differences. You can read more about this issue here. | 
Creating the vm03-win7's "hard drive" is a simple process. Recall that we want a 100 GB logical volume carved from the an-c05n01_vg0 volume group (the "storage pool" for servers designed to run on an-c05n01). Knowing this, the command to create the new LV is below.
| an-c05n01 | lvcreate -L 100000M -n vm03-win7_0 /dev/an-c05n01_vg0  Logical volume "vm03-win7_0" created | 
|---|---|
| an-c05n02 | lvdisplay /dev/an-c05n01_vg0/vm03-win7_0  --- Logical volume ---
  LV Path                /dev/an-c05n01_vg0/vm03-win7_0
  LV Name                vm03-win7_0
  VG Name                an-c05n01_vg0
  LV UUID                vgdtEm-aOsU-hatQ-2PxO-BN1e-sGLM-J7NVcn
  LV Write Access        read/write
  LV Creation host, time an-c05n01.alteeve.ca, 2013-11-12 12:08:52 -0500
  LV Status              available
  # open                 0
  LV Size                97.66 GiB
  Current LE             25000
  Segments               1
  Allocation             inherit
  Read ahead sectors     auto
  - currently set to     256
  Block device           253:3 | 
Notice how we see 97.66 GiB? That is roughly the difference between "100 GB" and "100 GiB".
Creating vm03-win7's virt-install Call
Now with the storage created, we can craft the virt-install command. we'll put this into a file under the /shared/provision/ directory for future reference. Let's take a look at the command, then we'll discuss what the switches are for.
touch /shared/provision/vm03-win7.sh
chmod 755 /shared/provision/vm03-win7.sh 
vim /shared/provision/vm03-win7.shvirt-install --connect qemu:///system \
  --name vm03-win7 \
  --ram 3072 \
  --arch x86_64 \
  --vcpus 2 \
  --cdrom /shared/files/Windows_7_Pro_SP1_64bit_OEM_English.iso \
  --disk path=/shared/files/virtio-win-0.1-52.iso,device=cdrom --force\
  --os-variant win7 \
  --network bridge=vbr2,model=virtio \
  --disk path=/dev/an-c05n01_vg0/vm03-win7_0,bus=virtio \
  --graphics spice > /var/log/an-install_vm03-win7.log &|  | Note: Don't use tabs to indent the lines. | 
Let's look at the differences from vm01-win2008;
| Switch | Descriptions | 
|---|---|
| --name vm03-win7 | This is the name we're going to use for this server in the cluster and with the libvirtd tools. | 
| --ram 3072 | This sets the amount of RAM, in MiB, to allocate to this server. Here, we're allocating 3 GiB, which is 3,072 MiB. | 
| --cdrom /shared/files/Windows_7_Pro_SP1_64bit_OEM_English.iso | This tells the hypervisor to create a cd-rom (dvd-rom) drive and to "insert" the specified ISO as if it was a physical disk. This will be the initial boot device, too. | 
| --disk path=/shared/files/virtio-win-0.1-52.iso,device=cdrom --force | This is the same as the vm01-win2008 provision script, but this is where the --force comes in handy. If this ISO was still "mounted" in vm01-2008's cd-rom tray, the install would abort without --force. | 
| --os-variant win7 | This tells the KVM hypervisor to optimize for running Windows 7. | 
| --disk path=/dev/an-c05n01_vg0/vm03-win7_0,bus=virtio | This tells the hypervisor what logical volume to use for the server's "hard drive". It also tells it to use the virtio emulated SCSI controller. | 
| --graphics spice > /var/log/an-install_vm03-win7.log | We're using a new log file for our bash redirection. Later, if we want to examine the install process, we can review /var/log/an-install_vm03-win7.log for details on the install process. | 
Initializing vm03-win7's Install
On your dashboard or workstation, open the "Virtual Machine Manager" and connect to both nodes.
We can install any server from either node. However, we know that each server has a preferred host, so it's sensible to use that host for the installation stage. In the case of vm03-win7, the preferred host is an-c05n01, so we'll use it to kick off the install.
Once the install begins, the new server should appear in "Virtual Machine Manager". Double-click on it and you will see that the new server is booting off of the install cd-rom. We're installing Windows, so that will begin the install process.
Time to start the install!
| an-c05n01 | /shared/provision/vm03-win7.shCannot open display: 
Run 'virt-viewer --help' to see a full list of available command line options | 
|---|
And it's off!

Follow the install process, entering the values you want. When you get to the install target screen, you will see that Windows can't find the hard drive.

This was expected because windows 2008 does not natively support virtio. That's why we used two virtual cd-rom drives and "inserted" the virtio driver disk into the second drive.
Click on "Load Driver" on the bottom right.

Click on "Browse".

The driver disk is in the seconds (virtual) cd-rom drive mounted at drive e:. The drivers for Windows 2008 are the same as for Windows 7, so browse to E:\WIN8\AMD64 (assuming you are installing the 64-bit version of windows) and click on "OK".

|  | Note: If you forget to select the network drivers here, you will have to manually install the drivers for the network card after the install has completed. | 
Press and hold the <control> key and click on both the "Red Hat VirtIO Ethernet Adapter" and the "Red Hat VirtIO SCSI Controller" drivers. By doing this, we won't have to install the network card's drivers later. Click on "Next" and the drivers will be installed.

Now you can finish installing Windows 2008 just as you would do so on a bare iron server!

What you do from here is entirely up to you and your needs.
|  | Note: If you wish, jump to Making vm03-win7 a Highly Available Services now to immediately add vm03-win7 to the cluster manager. | 
Provisioning vm04-win8
|  | Note: This install references steps taken in the vm01-win2008 install. If you skipped it, you may wish to look at it to get a better idea of some of the steps performed here. | 

Our last Microsoft operating system!
As always, we need to copy the installation media and our driver disk into /shared/files.
Windows is licensed software, so you will need to purchase a copy. You can get an evaluation copy from Microsoft's website. In either case, downloading a copy of the installation media is an exercise for you, I am afraid.
As we did for the previous three servers, we're going to use a special kind of SCSI controller and a special kind of emulated network card. These are called http://www.linux-kvm.org/page/Virtio devices and they are designed to significantly improve storage and network speeds on KVM guests.
You can create install media from a physical disk or copy install media using the AN!CDB's "Media Connector" function. Of course, you can also copy files to the Anvil! using standard tools like rsync and wget as well. What ever method you prefer,
In my case, I will rsync the Windows install ISO from another machine on our network to /shared/files via an-c05n01.
rsync -av --progress /data0/VMs/files/Win8.1_Enterprise_64-bit_eval.iso root@10.255.50.1:/shared/files/root@10.255.50.1's password:sending incremental file list
Win8.1_Enterprise_64-bit_eval.iso
  3797866496 100%   62.02MB/s    0:00:58 (xfer#1, to-check=0/1)
sent 3798330205 bytes  received 31 bytes  60773283.78 bytes/sec
total size is 3797866496  speedup is 1.00For virtio, we can simply re-use the ISO we uploaded for vm01-2008.
|  | Note: We've planned to run vm04-win8 on an-c05n01, so we will use that node for the provisioning stage. | 
| an-c05n01 | ls -lah /shared/files/total 14G
drwxr-xr-x. 2 root root 3.8K Nov 12 18:12 .
drwxr-xr-x. 6 root root 3.8K Nov  1 01:23 ..
-rw-r--r--. 1 qemu qemu  56M Jan 22  2013 virtio-win-0.1-52.iso
-rw-r--r--. 1 qemu qemu 3.6G Oct 31 01:44 Win8.1_Enterprise_64-bit_eval.iso
-rw-rw-r--. 1 qemu qemu 3.9G Oct  2 22:31 Windows_2012_R2_64-bit_Preview.iso
-rw-rw-rw-. 1 qemu qemu 3.1G Jun  8  2011 Windows_7_Pro_SP1_64bit_OEM_English.iso
-rw-rw-r--. 1 qemu qemu 3.0G Oct 14  2011 Windows_Svr_2008_R2_64Bit_SP1.ISO | 
|---|
Ok, we're ready!
Creating vm04-win8's Storage
|  | Note: Earlier, we used parted to examine our free space and create our DRBD partitions. Unfortunately, parted shows sizes in GB (base 10) where LVM uses GiB (base 2). If we used LVM's "xxG size notation, it will use more space than we expect, relative to our planning in the parted stage. LVM doesn't allow specifying new LV sizes in GB instead of GiB, so here we will specify sizes in MiB to help narrow the differences. You can read more about this issue here. | 
Creating the vm04-win8's "hard drive" is a simple process. Recall that we want a 100 GB logical volume carved from the an-c05n01_vg0 volume group (the "storage pool" for servers designed to run on an-c05n01). Knowing this, the command to create the new LV is below.
| an-c05n01 | lvcreate -L 100000M -n vm04-win8_0 /dev/an-c05n01_vg0  Logical volume "vm04-win8_0" created | 
|---|---|
| an-c05n02 | lvdisplay /dev/an-c05n01_vg0/vm04-win8_0  --- Logical volume ---
  LV Path                /dev/an-c05n01_vg0/vm04-win8_0
  LV Name                vm04-win8_0
  VG Name                an-c05n01_vg0
  LV UUID                WZIGmp-xkyZ-Q6Qs-ovMP-qr1k-9xC2-PmbcUD
  LV Write Access        read/write
  LV Creation host, time an-c05n01.alteeve.ca, 2013-11-12 18:13:53 -0500
  LV Status              available
  # open                 0
  LV Size                97.66 GiB
  Current LE             25000
  Segments               1
  Allocation             inherit
  Read ahead sectors     auto
  - currently set to     256
  Block device           253:4 | 
Notice how we see 97.66 GiB? That is roughly the difference between "100 GB" and "100 GiB".
Creating vm04-win8's virt-install Call
Now with the storage created, we can craft the virt-install command. we'll put this into a file under the /shared/provision/ directory for future reference. Let's take a look at the command, then we'll discuss what the switches are for.
touch /shared/provision/vm04-win8.sh
chmod 755 /shared/provision/vm04-win8.sh 
vim /shared/provision/vm04-win8.shvirt-install --connect qemu:///system \
  --name vm04-win8 \
  --ram 4096 \
  --arch x86_64 \
  --vcpus 2 \
  --cdrom /shared/files/Win8.1_Enterprise_64-bit_eval.iso \
  --disk path=/shared/files/virtio-win-0.1-52.iso,device=cdrom --force\
  --os-variant win7 \
  --network bridge=vbr2,model=virtio \
  --disk path=/dev/an-c05n01_vg0/vm04-win8_0,bus=virtio \
  --graphics spice > /var/log/an-install_vm04-win8.log &|  | Note: Don't use tabs to indent the lines. | 
Let's look at the differences from vm01-win2008;
| Switch | Descriptions | 
|---|---|
| --name vm04-win8 | This is the name we're going to use for this server in the cluster and with the libvirtd tools. | 
| --ram 4096 | This sets the amount of RAM, in MiB, to allocate to this server. Here, we're allocating 4 GiB, which is 4,096 MiB. | 
| --cdrom /shared/files/Win8.1_Enterprise_64-bit_eval.iso | This tells the hypervisor to create a cd-rom (dvd-rom) drive and to "insert" the specified ISO as if it was a physical disk. This will be the initial boot device, too. | 
| --disk path=/shared/files/virtio-win-0.1-52.iso,device=cdrom --force | This is the same as the vm01-win2008 provision script, but this is where the --force comes in handy. If this ISO was still "mounted" in vm01-2008's cd-rom tray, the install would abort without --force. | 
| --os-variant win7 | This tells the KVM hypervisor to optimize for running Windows 7. | 
| --disk path=/dev/an-c05n01_vg0/vm04-win8_0,bus=virtio | This tells the hypervisor what logical volume to use for the server's "hard drive". It also tells it to use the virtio emulated SCSI controller. | 
| --graphics spice > /var/log/an-install_vm04-win8.log | We're using a new log file for our bash redirection. Later, if we want to examine the install process, we can review /var/log/an-install_vm04-win8.log for details on the install process. | 
Initializing vm04-win8's Install
On your dashboard or workstation, open the "Virtual Machine Manager" and connect to both nodes.
We can install any server from either node. However, we know that each server has a preferred host, so it's sensible to use that host for the installation stage. In the case of vm04-win8, the preferred host is an-c05n01, so we'll use it to kick off the install.
Once the install begins, the new server should appear in "Virtual Machine Manager". Double-click on it and you will see that the new server is booting off of the install cd-rom. We're installing Windows, so that will begin the install process.
Time to start the install!
| an-c05n01 | /shared/provision/vm04-win8.shCannot open display: 
Run 'virt-viewer --help' to see a full list of available command line options | 
|---|
And it's off!

Follow the install process, entering the values you want. When you get to the install target screen, you will see that Windows can't find the hard drive.

This was expected because windows 2008 does not natively support virtio. That's why we used two virtual cd-rom drives and "inserted" the virtio driver disk into the second drive.
Click on "Load Driver" on the bottom right.

Click on "Browse".

The driver disk is in the seconds (virtual) cd-rom drive mounted at drive e:. The drivers for Windows 2008 are the same as for Windows 7, so browse to E:\WIN8\AMD64 (assuming you are installing the 64-bit version of windows) and click on "OK".

|  | Note: If you forget to select the network drivers here, you will have to manually install the drivers for the network card after the install has completed. | 
Press and hold the <control> key and click on both the "Red Hat VirtIO Ethernet Adapter" and the "Red Hat VirtIO SCSI Controller" drivers. By doing this, we won't have to install the network card's drivers later. Click on "Next" and the drivers will be installed.

Now you can finish installing Windows 2008 just as you would do so on a bare iron server!

What you do from here is entirely up to you and your needs.
|  | Note: If you wish, jump to Making vm04-win8 a Highly Available Services now to immediately add vm04-win8 to the cluster manager. | 
Making Our VMs Highly Available Cluster Services
We're ready to start the final step; Making our VMs highly available cluster services! This involves two main steps:
- Creating two new, ordered fail-over Domains; One with each node as the highest priority.
- Adding our VMs as services, one is each new fail-over domain.
Creating the Ordered Fail-Over Domains
We have planned for two VMs, vm01-dev and vm02-web to normally run on an-c05n01 while vm03-db and vm04-ms to run on an-c05n02. Of course, should one of the nodes fail, the lost VMs will be restarted on the surviving node. For this, we will use an ordered fail-over domain.
The idea here is that each new fail-over domain will have one node with a higher priority than the other. That is, one will have an-c05n01 with the highest priority and the other will have an-c05n02 as the highest. This way, VMs that we want to normally run on a given node will be added to the matching fail-over domain.
Here are the two new domains we will create in /etc/cluster/cluster.conf;
		<failoverdomains>
			...
			<failoverdomain name="primary_n01" nofailback="1" ordered="1" restricted="1">
				<failoverdomainnode name="an-c05n01.alteeve.ca" priority="1"/>
				<failoverdomainnode name="an-c05n02.alteeve.ca" priority="2"/>
			</failoverdomain>
			<failoverdomain name="primary_n02" nofailback="1" ordered="1" restricted="1">
				<failoverdomainnode name="an-c05n01.alteeve.ca" priority="2"/>
				<failoverdomainnode name="an-c05n02.alteeve.ca" priority="1"/>
			</failoverdomain>
		</failoverdomains>The two major pieces of the puzzle here are the <failoverdomain ...>'s ordered="1" attribute and the <failoverdomainnode ...>'s priority="x" attributes. The former tells the cluster that there is a preference for which node should be used when both are available. The later, which is the difference between the two new domains, tells the cluster which specific node is preferred.
The first of the new fail-over domains is primary_n01. Any service placed in this domain will prefer to run on an-c05n01, as its priority of 1 is higher than an-c05n02's priority of 2. The second of the new domains is primary_n02 which reverses the preference, making an-c05n02 preferred over an-c05n01.
Let's look at the complete cluster.conf with the new domain, and the version updated to 11 of course.
<?xml version="1.0"?>
<cluster name="an-cluster-05" config_version="11">
	<cman expected_votes="1" two_node="1" />
	<clusternodes>
		<clusternode name="an-c05n01.alteeve.ca" nodeid="1">
			<fence>
				<method name="ipmi">
					<device name="ipmi_n01" action="reboot" delay="15" />
				</method>
				<method name="pdu">
					<device name="pdu1" port="1" action="reboot" />
					<device name="pdu2" port="1" action="reboot" />
				</method>
			</fence>
		</clusternode>
		<clusternode name="an-c05n02.alteeve.ca" nodeid="2">
			<fence>
				<method name="ipmi">
					<device name="ipmi_n02" action="reboot" />
				</method>
				<method name="pdu">
					<device name="pdu1" port="2" action="reboot" />
					<device name="pdu2" port="2" action="reboot" />
				</method>
			</fence>
		</clusternode>
	</clusternodes>
	<fencedevices>
		<fencedevice name="ipmi_n01" agent="fence_ipmilan" ipaddr="an-c05n01.ipmi" login="admin" passwd="secret" />
		<fencedevice name="ipmi_n02" agent="fence_ipmilan" ipaddr="an-c05n02.ipmi" login="admin" passwd="secret" />
		<fencedevice agent="fence_apc_snmp" ipaddr="an-p01.alteeve.ca" name="pdu1" />
		<fencedevice agent="fence_apc_snmp" ipaddr="an-p02.alteeve.ca" name="pdu2" />
	</fencedevices>
	<fence_daemon post_join_delay="30" />
	<totem rrp_mode="none" secauth="off"/>
	<rm log_level="5">
		<resources>
			<script file="/etc/init.d/drbd" name="drbd"/>
			<script file="/etc/init.d/clvmd" name="clvmd"/>
			<clusterfs device="/dev/an-c05n01_vg0/shared" force_unmount="1" fstype="gfs2" mountpoint="/shared" name="sharedfs" />
			<script file="/etc/init.d/libvirtd" name="libvirtd"/>
		</resources>
		<failoverdomains>
			<failoverdomain name="only_n01" nofailback="1" ordered="0" restricted="1">
				<failoverdomainnode name="an-c05n01.alteeve.ca"/>
			</failoverdomain>
			<failoverdomain name="only_n02" nofailback="1" ordered="0" restricted="1">
				<failoverdomainnode name="an-c05n02.alteeve.ca"/>
			</failoverdomain>
			<failoverdomain name="primary_n01" nofailback="1" ordered="1" restricted="1">
				<failoverdomainnode name="an-c05n01.alteeve.ca" priority="1"/>
				<failoverdomainnode name="an-c05n02.alteeve.ca" priority="2"/>
			</failoverdomain>
			<failoverdomain name="primary_n02" nofailback="1" ordered="1" restricted="1">
				<failoverdomainnode name="an-c05n01.alteeve.ca" priority="2"/>
				<failoverdomainnode name="an-c05n02.alteeve.ca" priority="1"/>
			</failoverdomain>
		</failoverdomains>
		<service name="storage_n01" autostart="1" domain="only_n01" exclusive="0" recovery="restart">
			<script ref="drbd">
				<script ref="clvmd">
					<clusterfs ref="sharedfs"/>
				</script>
			</script>
		</service>
		<service name="storage_n02" autostart="1" domain="only_n02" exclusive="0" recovery="restart">
			<script ref="drbd">
				<script ref="clvmd">
					<clusterfs ref="sharedfs"/>
				</script>
			</script>
		</service>
		<service name="libvirtd_n01" autostart="1" domain="only_n01" exclusive="0" recovery="restart">
			<script ref="libvirtd"/>
		</service>
		<service name="libvirtd_n02" autostart="1" domain="only_n02" exclusive="0" recovery="restart">
			<script ref="libvirtd"/>
		</service>
	</rm>
</cluster>Let's validate it now, but we won't bother to push it out just yet.
| an-c05n01 | ccs_config_validateConfiguration validatescman_tool version6.2.0 config 10cman_tool version -r
cman_tool version6.2.0 config 11 | 
|---|---|
| an-c05n02 | cman_tool version6.2.0 config 11 | 
Good, now to create the new VM services!
Making vm01-win2008 a Highly Available Services
|  | Note: If you jumped straight here after provisioning the vm01-win2008 server, please jump back and be sure you've created the primary_n01 and primary_n02 fail-over domains. | 
The final piece of the puzzle, and the whole purpose of this exercise is in sight!
We're going to start with vm01-win2008, as it was the first server we provisioned.
There is a special service in rgmanager for virtual machines which uses the vm: prefix. We will need to create one of these services for each server that will be managed by the Anvil! platform.
Dumping the vm01-win2008 XML Definition File
In order for the cluster to manage a server, it must know where to find the "definition" file that describes the virtual machine and it's hardware. When the server was created with virt-install, it saved this definition file in /etc/libvirt/qemu/vm01-win2008.xml. If this was a single-host setup, that would be fine.
In our case though, there are two reasons we need to move this.
- We want both nodes to be able to see the definition file and we want a single place to make updates.
- Normal libvirtd tools are not cluster-aware, so we don't want them to see our server except when it is running.
To address the first issue, we're going to use a program called virsh to write out the definition file for vm01-win2008. We'll use a simple bash redirection to write this to a file on /shared where both nodes will be able to read it. Also, being stored on our GFS2 partition, any change made to the file will immediately be seen by both nodes.
To address the second issue, we will "undefine" the server. This effectively deletes it from libvirtd, so when a server is off (or running elsewhere), tools like "Virtual Machine Manager" will not see it. This helps avoid problems like a user, unaware that the server is running on another node, starting it on the first. The cluster will still be able to start and stop the server just fine, so there is no worry about losing your new server. The cluster tools, being cluster-aware obviously, are smart enough to not try and boot a server on one node when it's already running on another.
So the first step is to dump the server's definition file.
|  | Note: Recall that we provisioned vm01-win2008 on an-c05n01, so we will have to use that node for the next step. | 
First, let's use virsh, a libvirtd tool, to see the server's state.
| an-c05n01 | virsh list --all Id    Name                           State
----------------------------------------------------
 1     vm01-win2008                   running | 
|---|
The --all option is needed to show us servers that are running but off. Normally, virsh list only shows running servers, but it's a good habit to always use --list to be sure you have a complete view of your system.
So we see that vm01-win2008 is running. The Id is a simple integer that increments each time a server boots. It changes frequently and you need not worry about it. It's principal purpose to be unique among running servers.
So before we undefine the server, we first need to record it's definition. We can do that with virsh dumpxml $vm.
| an-c05n01 | virsh dumpxml vm01-win2008<domain type='kvm' id='1'>
  <name>vm01-win2008</name>
  <uuid>d06381fc-8033-9768-3a28-b751bcc00716</uuid>
  <memory unit='KiB'>3145728</memory>
  <currentMemory unit='KiB'>3145728</currentMemory>
  <vcpu placement='static'>2</vcpu>
  <os>
    <type arch='x86_64' machine='rhel6.4.0'>hvm</type>
    <boot dev='hd'/>
  </os>
  <features>
    <acpi/>
    <apic/>
    <pae/>
  </features>
  <clock offset='localtime'>
    <timer name='rtc' tickpolicy='catchup'/>
  </clock>
  <on_poweroff>destroy</on_poweroff>
  <on_reboot>restart</on_reboot>
  <on_crash>restart</on_crash>
  <devices>
    <emulator>/usr/libexec/qemu-kvm</emulator>
    <disk type='file' device='cdrom'>
      <driver name='qemu' type='raw'/>
      <source file='/shared/files/Windows_Svr_2008_R2_64Bit_SP1.ISO'/>
      <target dev='hda' bus='ide'/>
      <readonly/>
      <alias name='ide0-0-0'/>
      <address type='drive' controller='0' bus='0' target='0' unit='0'/>
    </disk>
    <disk type='file' device='cdrom'>
      <driver name='qemu' type='raw'/>
      <source file='/shared/files/virtio-win-0.1-52.iso'/>
      <target dev='hdc' bus='ide'/>
      <readonly/>
      <alias name='ide0-1-0'/>
      <address type='drive' controller='0' bus='1' target='0' unit='0'/>
    </disk>
    <disk type='block' device='disk'>
      <driver name='qemu' type='raw' cache='none' io='native'/>
      <source dev='/dev/an-c05n01_vg0/vm01-win2008_0'/>
      <target dev='vda' bus='virtio'/>
      <alias name='virtio-disk0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
    </disk>
    <controller type='usb' index='0'>
      <alias name='usb0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/>
    </controller>
    <controller type='ide' index='0'>
      <alias name='ide0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/>
    </controller>
    <interface type='bridge'>
      <mac address='52:54:00:8e:67:32'/>
      <source bridge='vbr2'/>
      <target dev='vnet0'/>
      <model type='virtio'/>
      <alias name='net0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
    </interface>
    <serial type='pty'>
      <source path='/dev/pts/2'/>
      <target port='0'/>
      <alias name='serial0'/>
    </serial>
    <console type='pty' tty='/dev/pts/2'>
      <source path='/dev/pts/2'/>
      <target type='serial' port='0'/>
      <alias name='serial0'/>
    </console>
    <input type='tablet' bus='usb'>
      <alias name='input0'/>
    </input>
    <input type='mouse' bus='ps2'/>
    <graphics type='spice' port='5900' autoport='yes' listen='127.0.0.1'>
      <listen type='address' address='127.0.0.1'/>
    </graphics>
    <video>
      <model type='qxl' ram='65536' vram='65536' heads='1'/>
      <alias name='video0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
    </video>
    <memballoon model='virtio'>
      <alias name='balloon0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
    </memballoon>
  </devices>
  <seclabel type='dynamic' model='selinux' relabel='yes'>
    <label>unconfined_u:system_r:svirt_t:s0:c331,c909</label>
    <imagelabel>unconfined_u:object_r:svirt_image_t:s0:c331,c909</imagelabel>
  </seclabel>
</domain> | 
|---|
That is your server's hardware!
Notice how it shows the mounted cd-roms? You can also see the MAC address assigned to the network card, the RAM and CPU cores allocated and other details. Pretty awesome!
So let's re-run the dumpxml file, but this time, we'll use a bash redirection to save the output to a file in our /shared/definition directory.
| an-c05n01 | virsh dumpxml vm01-win2008 > /shared/definitions/vm01-win2008.xml
ls -lah /shared/definitions/vm01-win2008.xml-rw-r--r--. 1 root root 3.3K Nov  4 20:34 /shared/definitions/vm01-win2008.xml | 
|---|
Excellent! Now, as we will see in a moment, the cluster will be able to use this to start, stop, migrate and recover our server.
|  | Warning: Be sure the XML file was written properly! This next step will remove the server from libvirtd. Once done, the /shared/definitions/vm01-win2008.xml will be the only way to boot the server! | 
The last step is to remove vm01-win2008 from libvirtd. This will ensure that tools like "Virtual Machine Manager" will not know about our servers except when they are running on the node.
| an-c05n01 | virsh undefine vm01-win2008Domain vm01-win2008 has been undefined | 
|---|
Done.
Creating The vm:vm01-win2008 Services
We'll create a new service for vm01-win2008 using the vm resource agent. This is a simple, single-element entry. Lets increment the version to 12 and take a look at the new entry.
	<rm log_level="5">
		...
		<vm name="vm01-win2008" domain="primary_n01" autostart="1" depend="service:storage_n01" depend_mode="soft" path="/shared/definitions/" exclusive="0" recovery="restart" max_restarts="2" restart_expire_time="600" />
	</rm>Let's look at each of the attributes now;
| Attribute | Description | 
|---|---|
| name | This must match the name we created the VM with (the --name ... value when we provisioned the VM). In this case, that is vm01-win2008. This is the name that will be passed to the vm.sh resource agent when managing this service, and it will be the <name>.xml used when looking under path=... for the VM's definition file. | 
| domain | This tells the cluster to manage the VM using the given fail-over domain. We built vm01-win2008 using an-c05n01's storage pool, so this server will be assigned to the primary_n01 domain. | 
| path | This tells the cluster where to look for the server's definition file. Do not include the actual file name, just the path. The cluster takes this path, appends the server's name and then appends .xml in order to find the server's definition file. | 
| autostart | This tells the cluster to start the server as soon as the depend service has started. If you want your server to stay off when rgmanager starts, set this to 0. | 
| depend | This tells rgmanager to wait until the named service has started before starting this service. We use this because we can't start the servers until their storage is up and their XML definition file is readable. Note that this has to always match the storage service hosting this server! | 
| depend_mode | This can be either hard or soft. When set to soft, as we have it here, rgmanager only cares about the dependent service on start up. Once the server is running, the failure of the storage service will not trigger a restart of the server, as would normally happen with hard. We want this because, for example, the failure of the gfs2 partition would not itself cause the servers to fail. So we don't want the servers to be effected when a storage issue is recoverable. | 
| exclusive | As we saw with the storage services, we want to ensure that this service is not exclusive. If it were, starting the VM would stop storage/libvirtd and prevent other servers from running on the node. This would be a bad thing™. | 
| recovery | This tells the Anvil! what to do when the service fails. We are setting this to restart, so the cluster will try to restart the server on the same node it was on when it failed. The alternative is relocate, which would instead start the server on another node. More about this next. | 
| max_restarts | When a server fails, it is possible that it is because there is a subtle problem on the host node itself. So this attribute allows us to set a limit on how many times a server will be allowed to restart before giving up and switching to a relocate policy. We're setting this to 2, which means that if a server is restarted twice, the third failure will trigger a relocate. | 
| restart_expire_time | If we let the max_restarts failure count increment indefinitely, than a relocate policy becomes inevitable. To account for this, we use this attribute to tell the Anvil! to "forget" a restart after the defined number of seconds. We're using 600 seconds (ten minutes). So if a server fails, the failure count increments from 0 to 1. After 600 seconds though, the restart is "forgotten" and the failure count returns to 0. Said another way, a server will have to fail three times in ten minutes to trigger the relocate recovery policy. | 
So let's take a look at the final, complete cluster.conf;
<?xml version="1.0"?>
<cluster name="an-cluster-05" config_version="12">
	<cman expected_votes="1" two_node="1" />
	<clusternodes>
		<clusternode name="an-c05n01.alteeve.ca" nodeid="1">
			<fence>
				<method name="ipmi">
					<device name="ipmi_n01" action="reboot" delay="15" />
				</method>
				<method name="pdu">
					<device name="pdu1" port="1" action="reboot" />
					<device name="pdu2" port="1" action="reboot" />
				</method>
			</fence>
		</clusternode>
		<clusternode name="an-c05n02.alteeve.ca" nodeid="2">
			<fence>
				<method name="ipmi">
					<device name="ipmi_n02" action="reboot" />
				</method>
				<method name="pdu">
					<device name="pdu1" port="2" action="reboot" />
					<device name="pdu2" port="2" action="reboot" />
				</method>
			</fence>
		</clusternode>
	</clusternodes>
	<fencedevices>
		<fencedevice name="ipmi_n01" agent="fence_ipmilan" ipaddr="an-c05n01.ipmi" login="admin" passwd="secret" />
		<fencedevice name="ipmi_n02" agent="fence_ipmilan" ipaddr="an-c05n02.ipmi" login="admin" passwd="secret" />
		<fencedevice agent="fence_apc_snmp" ipaddr="an-p01.alteeve.ca" name="pdu1" />
		<fencedevice agent="fence_apc_snmp" ipaddr="an-p02.alteeve.ca" name="pdu2" />
	</fencedevices>
	<fence_daemon post_join_delay="30" />
	<totem rrp_mode="none" secauth="off"/>
	<rm log_level="5">
		<resources>
			<script file="/etc/init.d/drbd" name="drbd"/>
			<script file="/etc/init.d/clvmd" name="clvmd"/>
			<clusterfs device="/dev/an-c05n01_vg0/shared" force_unmount="1" fstype="gfs2" mountpoint="/shared" name="sharedfs" />
			<script file="/etc/init.d/libvirtd" name="libvirtd"/>
		</resources>
		<failoverdomains>
			<failoverdomain name="only_n01" nofailback="1" ordered="0" restricted="1">
				<failoverdomainnode name="an-c05n01.alteeve.ca"/>
			</failoverdomain>
			<failoverdomain name="only_n02" nofailback="1" ordered="0" restricted="1">
				<failoverdomainnode name="an-c05n02.alteeve.ca"/>
			</failoverdomain>
			<failoverdomain name="primary_n01" nofailback="1" ordered="1" restricted="1">
				<failoverdomainnode name="an-c05n01.alteeve.ca" priority="1"/>
				<failoverdomainnode name="an-c05n02.alteeve.ca" priority="2"/>
			</failoverdomain>
			<failoverdomain name="primary_n02" nofailback="1" ordered="1" restricted="1">
				<failoverdomainnode name="an-c05n01.alteeve.ca" priority="2"/>
				<failoverdomainnode name="an-c05n02.alteeve.ca" priority="1"/>
			</failoverdomain>
		</failoverdomains>
		<service name="storage_n01" autostart="1" domain="only_n01" exclusive="0" recovery="restart">
			<script ref="drbd">
				<script ref="clvmd">
					<clusterfs ref="sharedfs"/>
				</script>
			</script>
		</service>
		<service name="storage_n02" autostart="1" domain="only_n02" exclusive="0" recovery="restart">
			<script ref="drbd">
				<script ref="clvmd">
					<clusterfs ref="sharedfs"/>
				</script>
			</script>
		</service>
		<service name="libvirtd_n01" autostart="1" domain="only_n01" exclusive="0" recovery="restart">
			<script ref="libvirtd"/>
		</service>
		<service name="libvirtd_n02" autostart="1" domain="only_n02" exclusive="0" recovery="restart">
			<script ref="libvirtd"/>
		</service>
		<vm name="vm01-win2008" domain="primary_n01" autostart="1" depend="service:storage_n01" depend_mode="soft" path="/shared/definitions/" exclusive="0" recovery="restart" max_restarts="2" restart_expire_time="600" />
	</rm>
</cluster>Before we active the new configuration, we want to verify that the server is running on the preferred node.
| an-c05n01 | virsh list --all Id    Name                           State
----------------------------------------------------
 1     vm01-win2008                   running | 
|---|---|
| an-c05n02 | virsh list --all Id    Name                           State
---------------------------------------------------- | 
Confirmed. Now we can activate the changes.
|  | Note: Whenever possible, it is safest to shut down the server before proceeding. This can be done using the server's own shut down method or by calling virsh shutdown vm01-win2008 from an-c05n01. | 
Now let's activate the new configuration.
| an-c05n01 | ccs_config_validateConfiguration validatescman_tool version6.2.0 config 11cman_tool version -r
cman_tool version6.2.0 config 12 | 
|---|---|
| an-c05n02 | cman_tool version6.2.0 config 12 | 
Let's now take a look at clustat on both nodes.
| an-c05n01 | clustatCluster Status for an-cluster-05 @ Wed Nov 13 23:38:30 2013
Member Status: Quorate
 Member Name                                         ID   Status
 ------ ----                                         ---- ------
 an-c05n01.alteeve.ca                                    1 Online, Local, rgmanager
 an-c05n02.alteeve.ca                                    2 Online, rgmanager
 Service Name                               Owner (Last)                               State         
 ------- ----                               ----- ------                               -----         
 service:libvirtd_n01                       an-c05n01.alteeve.ca                       started       
 service:libvirtd_n02                       an-c05n02.alteeve.ca                       started       
 service:storage_n01                        an-c05n01.alteeve.ca                       started       
 service:storage_n02                        an-c05n02.alteeve.ca                       started       
 vm:vm01-win2008                            an-c05n01.alteeve.ca                       started | 
|---|---|
| an-c05n02 | clustatCluster Status for an-cluster-05 @ Wed Nov 13 23:38:30 2013
Member Status: Quorate
 Member Name                                         ID   Status
 ------ ----                                         ---- ------
 an-c05n01.alteeve.ca                                    1 Online, rgmanager
 an-c05n02.alteeve.ca                                    2 Online, Local, rgmanager
 Service Name                               Owner (Last)                               State         
 ------- ----                               ----- ------                               -----         
 service:libvirtd_n01                       an-c05n01.alteeve.ca                       started       
 service:libvirtd_n02                       an-c05n02.alteeve.ca                       started       
 service:storage_n01                        an-c05n01.alteeve.ca                       started       
 service:storage_n02                        an-c05n02.alteeve.ca                       started       
 vm:vm01-win2008                            an-c05n01.alteeve.ca                       started | 
This is what we've been working so hard for!
Testing vm01-win2008 Management With clusvcadm
The first thing we're going to do is disable (gracefully shut down) the server. To do this, we'll send an ACPI "power button" event to vm01-win2008. Windows 2008 will, like most operating systems, respond to having it's "power button pressed" by beginning a graceful shut down.
As always, start by checking the state of things.
| an-c05n01 | clustatCluster Status for an-cluster-05 @ Mon Nov 11 13:36:17 2013
Member Status: Quorate
 Member Name                                         ID   Status
 ------ ----                                         ---- ------
 an-c05n01.alteeve.ca                                    1 Online, Local, rgmanager
 an-c05n02.alteeve.ca                                    2 Online, rgmanager
 Service Name                               Owner (Last)                               State         
 ------- ----                               ----- ------                               -----         
 service:libvirtd_n01                       an-c05n01.alteeve.ca                       started       
 service:libvirtd_n02                       an-c05n02.alteeve.ca                       started       
 service:storage_n01                        an-c05n01.alteeve.ca                       started       
 service:storage_n02                        an-c05n02.alteeve.ca                       started       
 vm:vm01-win2008                            an-c05n01.alteeve.ca                       started | 
|---|
As we expected. So now, "press the server's power button" using clusvcadm. We have to do it this way because, if the server stops any other way, the cluster will treat it as a failure and boot it right back up.
| an-c05n01 | clusvcadm -d vm:vm01-win2008Local machine disabling vm:vm01-win2008...Success | 
|---|
If we check clustat again, we'll see that the vm:vm01-win2008 service is indeed disabled.
| an-c05n01 | clustatCluster Status for an-cluster-05 @ Mon Nov 11 16:11:30 2013
Member Status: Quorate
 Member Name                                         ID   Status
 ------ ----                                         ---- ------
 an-c05n01.alteeve.ca                                    1 Online, Local, rgmanager
 an-c05n02.alteeve.ca                                    2 Online, rgmanager
 Service Name                               Owner (Last)                               State         
 ------- ----                               ----- ------                               -----         
 service:libvirtd_n01                       an-c05n01.alteeve.ca                       started       
 service:libvirtd_n02                       an-c05n02.alteeve.ca                       started       
 service:storage_n01                        an-c05n01.alteeve.ca                       started       
 service:storage_n02                        an-c05n02.alteeve.ca                       started       
 vm:vm01-win2008                            (an-c05n01.alteeve.ca)                     disabled | 
|---|
Good, it's off. Let's turn it back on now.
Note the -F; That tells rgmanager to start the vm service on the preferred host. It's a nice habit to get into as it will ensure the server always boots on the preferred node, when possible.
| an-c05n01 |  clusvcadm -F -e vm:vm01-win2008Local machine trying to enable vm:vm01-win2008...Failure | 
|---|
What the deuce!?
Solving vm01-win2008 Failure to Enable Error
Let's look at the log file.
| an-c05n01 | tail /var/log/messageNov 11 16:16:43 an-c05n01 rgmanager[2921]: start on vm "vm01-win2008" returned 1 (generic error)
Nov 11 16:16:43 an-c05n01 rgmanager[2921]: #68: Failed to start vm:vm01-win2008; return value: 1
Nov 11 16:16:43 an-c05n01 rgmanager[2921]: Stopping service vm:vm01-win2008
Nov 11 16:16:43 an-c05n01 rgmanager[2921]: Service vm:vm01-win2008 is recovering | 
|---|---|
| an-c05n02 | tail /var/log/messageNov 11 16:16:43 an-c05n02 rgmanager[2864]: Recovering failed service vm:vm01-win2008
Nov 11 16:16:44 an-c05n02 rgmanager[2864]: start on vm "vm01-win2008" returned 1 (generic error)
Nov 11 16:16:44 an-c05n02 rgmanager[2864]: #68: Failed to start vm:vm01-win2008; return value: 1
Nov 11 16:16:44 an-c05n02 rgmanager[2864]: Stopping service vm:vm01-win2008
Nov 11 16:16:44 an-c05n02 rgmanager[2864]: Service vm:vm01-win2008 is recovering | 
If we check clustat, we'll see that the server is stuck in recovery.
| an-c05n01 | clustatCluster Status for an-cluster-05 @ Mon Nov 11 16:16:51 2013
Member Status: Quorate
 Member Name                                         ID   Status
 ------ ----                                         ---- ------
 an-c05n01.alteeve.ca                                    1 Online, Local, rgmanager
 an-c05n02.alteeve.ca                                    2 Online, rgmanager
 Service Name                               Owner (Last)                               State         
 ------- ----                               ----- ------                               -----         
 service:libvirtd_n01                       an-c05n01.alteeve.ca                       started       
 service:libvirtd_n02                       an-c05n02.alteeve.ca                       started       
 service:storage_n01                        an-c05n01.alteeve.ca                       started       
 service:storage_n02                        an-c05n02.alteeve.ca                       started       
 vm:vm01-win2008                            none                                       recovering | 
|---|
This is why we saw the "start on vm "vm01-win2008" returned 1 (generic error)" message on both nodes. The cluster tried to enable it on the preferred host first, because of the -F switch, that failed so it tried to enable it on the second node and that also failed.
The first step to diagnosing the problem is to disable the service in rgmanager and then manually trying to start the server using virsh.
| an-c05n01 | clusvcadm -d vm:vm01-win2008Local machine disabling vm:vm01-win2008...SuccessclustatCluster Status for an-cluster-05 @ Mon Nov 11 16:17:09 2013
Member Status: Quorate
 Member Name                                         ID   Status
 ------ ----                                         ---- ------
 an-c05n01.alteeve.ca                                    1 Online, Local, rgmanager
 an-c05n02.alteeve.ca                                    2 Online, rgmanager
 Service Name                               Owner (Last)                               State         
 ------- ----                               ----- ------                               -----         
 service:libvirtd_n01                       an-c05n01.alteeve.ca                       started       
 service:libvirtd_n02                       an-c05n02.alteeve.ca                       started       
 service:storage_n01                        an-c05n01.alteeve.ca                       started       
 service:storage_n02                        an-c05n02.alteeve.ca                       started       
 vm:vm01-win2008                            (an-c05n02.alteeve.ca)                     disabled | 
|---|
Now the cluster is no longer trying to touch the server. Lets start it manually. As always, verify the state of things. In this case, we'll double-check that the server really didn't start with virsh.
| an-c05n01 | virsh list --all Id    Name                           State
---------------------------------------------------- | 
|---|---|
| an-c05n01 | virsh list --all Id    Name                           State
---------------------------------------------------- | 
It's for sure off, so let's try to start it. As you can see above, the vm01-win2008 server is not shown as shut off because we undefined it. So to start it, we need to use the create option and specify the definition file manually.
| an-c05n01 | virsh createDomain vm01-win2008 created from /shared/definitions/vm01-win2008.xmlvirsh list --all Id    Name                           State
----------------------------------------------------
 10    vm01-win2008                   running | 
|---|
So now we know that the server itself is fine. Let's shut down the server using virsh. Note that it will take a minute for the server to gracefully shut down.
| an-c05n01 | virsh shutdown vm01-win2008Domain vm01-win2008 is being shutdownvirsh list --all Id    Name                           State
---------------------------------------------------- | 
|---|
So a likely cause of problems is an SELinux denial. Let's verify that SELinux is, in fact, enforcing.
| an-c05n01 | sestatusSELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted | 
|---|
It is. So to test, let's temporarily put SELinux into permissive mode and see if clusvcadm starts working.
| an-c05n01 | setenforce 0
sestatusSELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   permissive
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targetedclusvcadm -F -e vm:vm01-win2008Local machine trying to enable vm:vm01-win2008...Success
vm:vm01-win2008 is now running on an-c05n01.alteeve.ca | 
|---|
Bingo! So we've SELinux appears to be the problem.
Let's disable vm:vm01-win2008, re-enable SELinux and then try to debug SELinux.
| an-c05n01 | clusvcadm -d vm:vm01-win2008Local machine disabling vm:vm01-win2008...Successsetenforce 1
sestatusSELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted | 
|---|
Now we're back to where it fails. We will now want to look for errors. SELinux writes log entries to /var/log/audit/audit.log, however, by default, many things are set to not logged (set to dontaudit in SELinux parlance). This includes cluster related issues. So to temporarily enable complete logging, we will use the semodule command to tell it to log all messages.
| an-c05n01 | semodule -DB# no output, but it takes a while to complete | 
|---|
Now we will tail -f /var/log/audit/audit.log and try again to start the server using clusvcadm. We expect it will fail, but the log messages will be useful. Once it fails, we'll immediately disable it again.
| an-c05n01 | clusvcadm -F -e vm:vm01-win2008Local machine trying to enable vm:vm01-win2008...Failureclusvcadm -d vm:vm01-win2008Local machine disabling vm:vm01-win2008...Success | 
|---|
Looking at audit.log, we see;
type=AVC msg=audit(1384209306.795:2768): avc:  denied  { search } for  pid=24850 comm="virsh" name="/" dev=dm-0 ino=22 scontext=unconfined_u:system_r:xm_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=dirIt's complaining about the device dm-0 and specifically about the inode 22. If you recall from when we setup the /shared partition, dm-0 was a "device mapper" device. Let's see what this is.
| an-c05n01 | ls -lah /dev/mapper/ | grep dm-0lrwxrwxrwx.  1 root root      7 Nov  3 12:14 an--c05n01_vg0-shared -> ../dm-0 | 
|---|
This is the device mapper name for the LV we created for /shared. Knowing this, let's search /shared for what is at inode number 22.
| an-c05n01 | find /shared -inum 22/shared | 
|---|
So inode 22 is the /shared directory itself. So lets look at the SELinux context using ls's -Z switch.
| an-c05n01 | ls -laZ /shareddrwxr-xr-x. root root system_u:object_r:file_t:s0      .
dr-xr-xr-x. root root system_u:object_r:root_t:s0      ..
drwxr-xr-x. root root unconfined_u:object_r:virt_etc_t:s0 archive
drwxr-xr-x. root root unconfined_u:object_r:file_t:s0  definitions
drwxr-xr-x. root root unconfined_u:object_r:file_t:s0  files
drwxr-xr-x. root root unconfined_u:object_r:file_t:s0  provision | 
|---|
We can see that the current context on /shared (the . entry above) is system_u:object_r:file_t:s0. This isn't permissive enough, so we need to fix it. The virt_etc_t context should be good enough as it allows reads from files under /shared.
|  | Note: If you use a program other than virsh that tries to manipulate the files in /shared, you may need to use the virt_etc_rw_t context as it allows read/write permissions. | 
We'll need to make this change on both nodes. We'll use semanage to make the change followed by restorecon to make sure the changes remain in case the file system is ever re-labelled.
| an-c05n01 | semanage fcontext -a -t virt_etc_t '/shared(/.*)?' 
restorecon -r /shared
ls -laZ /shareddrwxr-xr-x. root root system_u:object_r:virt_etc_t:s0  .
dr-xr-xr-x. root root system_u:object_r:root_t:s0      ..
drwxr-xr-x. root root unconfined_u:object_r:virt_etc_t:s0 archive
drwxr-xr-x. root root unconfined_u:object_r:virt_etc_t:s0 definitions
drwxr-xr-x. root root unconfined_u:object_r:virt_etc_t:s0 files
drwxr-xr-x. root root unconfined_u:object_r:virt_etc_t:s0 provision | 
|---|---|
| an-c05n02 | semanage fcontext -a -t virt_etc_t '/shared(/.*)?' 
restorecon -r /shared
ls -laZ /shareddrwxr-xr-x. root root system_u:object_r:virt_etc_t:s0  .
dr-xr-xr-x. root root system_u:object_r:root_t:s0      ..
drwxr-xr-x. root root unconfined_u:object_r:virt_etc_t:s0 archive
drwxr-xr-x. root root unconfined_u:object_r:virt_etc_t:s0 definitions
drwxr-xr-x. root root unconfined_u:object_r:virt_etc_t:s0 files
drwxr-xr-x. root root unconfined_u:object_r:virt_etc_t:s0 provision | 
We told SELinux to ignore the dontaudit option earlier. We'll want to undo this so that our logs don't get flooded.
| an-c05n01 | semodule -B# No output, but it will take a while to return | 
|---|
If all went well, we should now be able to use clusvcadmto enable the vm:vm01-win2008 service.
| an-c05n01 | clusvcadm -F -e vm:vm01-win2008Local machine trying to enable vm:vm01-win2008...Success
vm:vm01-win2008 is now running on an-c05n01.alteeve.ca | 
|---|
Excellent!
Making vm02-win2012 a Highly Available Services
|  | Note: If you skipped adding vm01-win2008 to the cluster manager, please jump back and review the steps there. Particularly on creating the new failover domains and SELinux fix. | 
It's time to add vm02-win2012 to the cluster's management.
Dumping the vm02-win2012 XML Definition File
As we did with vm01-win2008, we need to dump vm02-win2012's XML definition out to a file in /shared/definitions.
|  | Note: Recall that we provisioned vm02-win2012 on an-c05n02, so we will have to use that node for the next step. | 
First, let's use virsh, a libvirtd tool, to see the server's state.
| an-c05n02 | virsh list --all Id    Name                           State
----------------------------------------------------
 5     vm02-win2012                   running | 
|---|
So we see that vm02-win2012 is running. Recall that the Id is a simple integer that increments each time a server boots.
Now dump the server's XML.
| an-c05n02 | virsh dumpxml vm02-win2012 > /shared/definitions/vm02-win2012.xml
ls -lah /shared/definitions/vm02-win2012.xml-rw-r--r--. 1 root root 3.3K Nov 11 19:18 /shared/definitions/vm02-win2012.xml | 
|---|
|  | Warning: Be sure the XML file was written properly! This next step will remove the server from libvirtd. Once done, the /shared/definitions/vm02-win2012.xml will be the only way to boot the server! | 
The last step is to remove vm02-win2012 from libvirtd. This will ensure that tools like "Virtual Machine Manager" will not know about our servers except when they are running on the node.
| an-c05n02 | virsh undefine vm02-win2012Domain vm02-win2012 has been undefined | 
|---|
Done.
Creating The vm:vm02-win2012 Services
As we did for vm01-win2008, we will create a vm service entry for vm02-win2012. This time though, because this server is assigned to an-c05n02, we will use the primary_n02 failover domain.
Lets increment the version to 13 and add the new entry.
	<rm log_level="5">
		...
		<vm name="vm02-win2012" domain="primary_n02" autostart="1" depend="service:storage_n02" depend_mode="soft" path="/shared/definitions/" exclusive="0" recovery="restart" max_restarts="2" restart_expire_time="600" />
	</rm><?xml version="1.0"?>
<cluster name="an-cluster-05" config_version="13">
	<cman expected_votes="1" two_node="1" />
	<clusternodes>
		<clusternode name="an-c05n01.alteeve.ca" nodeid="1">
			<fence>
				<method name="ipmi">
					<device name="ipmi_n01" action="reboot" delay="15" />
				</method>
				<method name="pdu">
					<device name="pdu1" port="1" action="reboot" />
					<device name="pdu2" port="1" action="reboot" />
				</method>
			</fence>
		</clusternode>
		<clusternode name="an-c05n02.alteeve.ca" nodeid="2">
			<fence>
				<method name="ipmi">
					<device name="ipmi_n02" action="reboot" />
				</method>
				<method name="pdu">
					<device name="pdu1" port="2" action="reboot" />
					<device name="pdu2" port="2" action="reboot" />
				</method>
			</fence>
		</clusternode>
	</clusternodes>
	<fencedevices>
		<fencedevice name="ipmi_n01" agent="fence_ipmilan" ipaddr="an-c05n01.ipmi" login="admin" passwd="secret" />
		<fencedevice name="ipmi_n02" agent="fence_ipmilan" ipaddr="an-c05n02.ipmi" login="admin" passwd="secret" />
		<fencedevice agent="fence_apc_snmp" ipaddr="an-p01.alteeve.ca" name="pdu1" />
		<fencedevice agent="fence_apc_snmp" ipaddr="an-p02.alteeve.ca" name="pdu2" />
	</fencedevices>
	<fence_daemon post_join_delay="30" />
	<totem rrp_mode="none" secauth="off"/>
	<rm log_level="5">
		<resources>
			<script file="/etc/init.d/drbd" name="drbd"/>
			<script file="/etc/init.d/clvmd" name="clvmd"/>
			<clusterfs device="/dev/an-c05n01_vg0/shared" force_unmount="1" fstype="gfs2" mountpoint="/shared" name="sharedfs" />
			<script file="/etc/init.d/libvirtd" name="libvirtd"/>
		</resources>
		<failoverdomains>
			<failoverdomain name="only_n01" nofailback="1" ordered="0" restricted="1">
				<failoverdomainnode name="an-c05n01.alteeve.ca"/>
			</failoverdomain>
			<failoverdomain name="only_n02" nofailback="1" ordered="0" restricted="1">
				<failoverdomainnode name="an-c05n02.alteeve.ca"/>
			</failoverdomain>
			<failoverdomain name="primary_n01" nofailback="1" ordered="1" restricted="1">
				<failoverdomainnode name="an-c05n01.alteeve.ca" priority="1"/>
				<failoverdomainnode name="an-c05n02.alteeve.ca" priority="2"/>
			</failoverdomain>
			<failoverdomain name="primary_n02" nofailback="1" ordered="1" restricted="1">
				<failoverdomainnode name="an-c05n01.alteeve.ca" priority="2"/>
				<failoverdomainnode name="an-c05n02.alteeve.ca" priority="1"/>
			</failoverdomain>
		</failoverdomains>
		<service name="storage_n01" autostart="1" domain="only_n01" exclusive="0" recovery="restart">
			<script ref="drbd">
				<script ref="clvmd">
					<clusterfs ref="sharedfs"/>
				</script>
			</script>
		</service>
		<service name="storage_n02" autostart="1" domain="only_n02" exclusive="0" recovery="restart">
			<script ref="drbd">
				<script ref="clvmd">
					<clusterfs ref="sharedfs"/>
				</script>
			</script>
		</service>
		<service name="libvirtd_n01" autostart="1" domain="only_n01" exclusive="0" recovery="restart">
			<script ref="libvirtd"/>
		</service>
		<service name="libvirtd_n02" autostart="1" domain="only_n02" exclusive="0" recovery="restart">
			<script ref="libvirtd"/>
		</service>
		<vm name="vm01-win2008" domain="primary_n01" autostart="1" depend="service:storage_n01" depend_mode="soft" path="/shared/definitions/" exclusive="0" recovery="restart" max_restarts="2" restart_expire_time="600" />
		<vm name="vm02-win2012" domain="primary_n02" autostart="1" depend="service:storage_n02" depend_mode="soft" path="/shared/definitions/" exclusive="0" recovery="restart" max_restarts="2" restart_expire_time="600" />
	</rm>
</cluster>Before we active the new configuration, we want to verify that the server is running on the preferred node.
| an-c05n01 | virsh list --all Id    Name                           State
----------------------------------------------------
 1     vm01-win2008                   running | 
|---|---|
| an-c05n02 | virsh list --all Id    Name                           State
----------------------------------------------------
 1     vm02-win2012                   running | 
Confirmed, vm02-win2012 is on an-c05n02. Now we can activate the changes.
|  | Note: Whenever possible, it is safest to shut down the server before proceeding. This can be done using the server's own shut down method or by calling virsh shutdown vm01-win2008 from an-c05n01. | 
Now let's activate the new configuration.
|  | Note: If you've been following along, this will be the first time we've pushed a change to cluster.conf from an-c05n02. So we'll need to enter the ricci user's password on both nodes. | 
| an-c05n02 | ccs_config_validateConfiguration validatescman_tool version6.2.0 config 12cman_tool version -rYou have not authenticated to the ricci daemon on an-c05n02.alteeve.ca
Password:You have not authenticated to the ricci daemon on an-c05n01.alteeve.ca
Password:cman_tool version6.2.0 config 13 | 
|---|---|
| an-c05n01 | cman_tool version6.2.0 config 13 | 
Let's take a look at clustat on both nodes now.
| an-c05n02 | clustatCluster Status for an-cluster-05 @ Thu Nov 14 12:47:29 2013
Member Status: Quorate
 Member Name                                         ID   Status
 ------ ----                                         ---- ------
 an-c05n01.alteeve.ca                                    1 Online, Local, rgmanager
 an-c05n02.alteeve.ca                                    2 Online, rgmanager
 Service Name                               Owner (Last)                               State         
 ------- ----                               ----- ------                               -----         
 service:libvirtd_n01                       an-c05n01.alteeve.ca                       started       
 service:libvirtd_n02                       an-c05n02.alteeve.ca                       started       
 service:storage_n01                        an-c05n01.alteeve.ca                       started       
 service:storage_n02                        an-c05n02.alteeve.ca                       started       
 vm:vm01-win2008                            an-c05n01.alteeve.ca                       started       
 vm:vm02-win2012                            an-c05n02.alteeve.ca                       started | 
|---|---|
| an-c05n01 | clustatCluster Status for an-cluster-05 @ Thu Nov 14 12:47:29 2013
Member Status: Quorate
 Member Name                                         ID   Status
 ------ ----                                         ---- ------
 an-c05n01.alteeve.ca                                    1 Online, rgmanager
 an-c05n02.alteeve.ca                                    2 Online, Local, rgmanager
 Service Name                               Owner (Last)                               State         
 ------- ----                               ----- ------                               -----         
 service:libvirtd_n01                       an-c05n01.alteeve.ca                       started       
 service:libvirtd_n02                       an-c05n02.alteeve.ca                       started       
 service:storage_n01                        an-c05n01.alteeve.ca                       started       
 service:storage_n02                        an-c05n02.alteeve.ca                       started       
 vm:vm01-win2008                            an-c05n01.alteeve.ca                       started       
 vm:vm02-win2012                            an-c05n02.alteeve.ca                       started | 
Done!
Now, should vm02-win2012 fail or if an-c05n01 should fail, the Anvil! will recover it automatically.
Testing vm02-win2012 Management With clusvcadm
The first thing we're going to do is disable (gracefully shut down) the server. To do this, we'll send an ACPI "power button" event to vm02-win2012. Windows 2012 will, like most operating systems, respond to having it's "power button pressed" by beginning a graceful shut down.
As always, start by checking the state of things.
| an-c05n01 | clustatCluster Status for an-cluster-05 @ Mon Nov 11 20:05:57 2013
Member Status: Quorate
 Member Name                                         ID   Status
 ------ ----                                         ---- ------
 an-c05n01.alteeve.ca                                    1 Online, Local, rgmanager
 an-c05n02.alteeve.ca                                    2 Online, rgmanager
 Service Name                               Owner (Last)                               State         
 ------- ----                               ----- ------                               -----         
 service:libvirtd_n01                       an-c05n01.alteeve.ca                       started       
 service:libvirtd_n02                       an-c05n02.alteeve.ca                       started       
 service:storage_n01                        an-c05n01.alteeve.ca                       started       
 service:storage_n02                        an-c05n02.alteeve.ca                       started       
 vm:vm01-win2008                            an-c05n01.alteeve.ca                       started       
 vm:vm02-win2012                            an-c05n02.alteeve.ca                       started | 
|---|
As we expected.
|  | Note: We're flipping to an-c05n02, but we don't have to. The disable command is smart enough to know where the server is running and disable it on the appropriate node. | 
| an-c05n02 | clusvcadm -d vm:vm02-win2012Local machine disabling vm:vm02-win2012...Success | 
|---|
If we check clustat again, we'll see that the vm:vm02-win2012 service is indeed disabled.
| an-c05n02 | clustatCluster Status for an-cluster-05 @ Mon Nov 11 20:08:36 2013
Member Status: Quorate
 Member Name                                         ID   Status
 ------ ----                                         ---- ------
 an-c05n01.alteeve.ca                                    1 Online, rgmanager
 an-c05n02.alteeve.ca                                    2 Online, Local, rgmanager
 Service Name                               Owner (Last)                               State         
 ------- ----                               ----- ------                               -----         
 service:libvirtd_n01                       an-c05n01.alteeve.ca                       started       
 service:libvirtd_n02                       an-c05n02.alteeve.ca                       started       
 service:storage_n01                        an-c05n01.alteeve.ca                       started       
 service:storage_n02                        an-c05n02.alteeve.ca                       started       
 vm:vm01-win2008                            an-c05n01.alteeve.ca                       started       
 vm:vm02-win2012                            (an-c05n02.alteeve.ca)                     disabled | 
|---|
Good, it's off. Let's turn it back on now.
|  | Note: We'll go back to an-c05n01 so that we can see how the -F switch is, in fact, smart enough to start the server on an-c05n02. | 
| an-c05n01 | clusvcadm -F -e vm:vm02-win2012Local machine trying to enable vm:vm02-win2012...Success
vm:vm02-win2012 is now running on an-c05n02.alteeve.ca | 
|---|
Perfect! The SELinux fix from before worked for this server, too. You can verify this by disabling the server and re-running the above command on an-c05n02.
Making vm03-win7 a Highly Available Services
|  | Note: If you skipped adding vm01-win2008 to the cluster manager, please jump back and review the steps there. Particularly on creating the new failover domains and SELinux fix. | 
It's time to add vm03-win7 to the cluster's management.
Dumping the vm03-win7 XML Definition File
As we did with vm01-win2008, we need to dump vm03-win7's XML definition out to a file in /shared/definitions.
|  | Note: Recall that we provisioned vm03-win7 on an-c05n01, so we will have to use that node for the next step. | 
First, let's use virsh, a libvirtd tool, to see the server's state.
| an-c05n01 | virsh list --all Id    Name                           State
----------------------------------------------------
 1     vm01-win2008                   running
 4     vm03-win7                      running | 
|---|
So we see that vm03-win7 is running. Recall that the Id is a simple integer that increments each time a server boots.
Now dump the server's XML.
| an-c05n01 | virsh dumpxml vm03-win7 > /shared/definitions/vm03-win7.xml
ls -lah /shared/definitions/vm03-win7.xml-rw-r--r--. 1 root root 3.3K Nov 12 14:34 /shared/definitions/vm03-win7.xml | 
|---|
|  | Warning: Be sure the XML file was written properly! This next step will remove the server from libvirtd. Once done, the /shared/definitions/vm03-win7.xml will be the only way to boot the server! | 
The last step is to remove vm03-win7 from libvirtd. This will ensure that tools like "Virtual Machine Manager" will not know about our servers except when they are running on the node.
| an-c05n01 | virsh undefine vm03-win7Domain vm03-win7 has been undefined | 
|---|
Done.
Creating The vm:vm03-win7 Services
As we did for vm01-win2008, we will create a vm service entry for vm03-win7. This time though, because this server is assigned to an-c05n02, we will use the primary_n02 failover domain.
Lets increment the version to 14 and add the new entry.
	<rm log_level="5">
		...
		<vm name="vm03-win7" domain="primary_n01" autostart="1" depend="service:storage_n01" depend_mode="soft" path="/shared/definitions/" exclusive="0" recovery="restart" max_restarts="2" restart_expire_time="600" />
	</rm><?xml version="1.0"?>
<cluster config_version="14" name="an-cluster-05">
	<cman expected_votes="1" two_node="1"/>
	<clusternodes>
		<clusternode name="an-c05n01.alteeve.ca" nodeid="1">
			<fence>
				<method name="ipmi">
					<device action="reboot" delay="15" name="ipmi_n01"/>
				</method>
				<method name="pdu">
					<device action="reboot" name="pdu1" port="1"/>
					<device action="reboot" name="pdu2" port="1"/>
				</method>
			</fence>
		</clusternode>
		<clusternode name="an-c05n02.alteeve.ca" nodeid="2">
			<fence>
				<method name="ipmi">
					<device action="reboot" name="ipmi_n02"/>
				</method>
				<method name="pdu">
					<device action="reboot" name="pdu1" port="2"/>
					<device action="reboot" name="pdu2" port="2"/>
				</method>
			</fence>
		</clusternode>
	</clusternodes>
	<fencedevices>
		<fencedevice agent="fence_ipmilan" ipaddr="an-c05n01.ipmi" login="admin" name="ipmi_n01" passwd="secret"/>
		<fencedevice agent="fence_ipmilan" ipaddr="an-c05n02.ipmi" login="admin" name="ipmi_n02" passwd="secret"/>
		<fencedevice agent="fence_apc_snmp" ipaddr="an-p01.alteeve.ca" name="pdu1"/>
		<fencedevice agent="fence_apc_snmp" ipaddr="an-p02.alteeve.ca" name="pdu2"/>
	</fencedevices>
	<fence_daemon post_join_delay="30"/>
	<totem rrp_mode="none" secauth="off"/>
	<rm log_level="5">
		<resources>
			<script file="/etc/init.d/drbd" name="drbd"/>
			<script file="/etc/init.d/clvmd" name="clvmd"/>
			<clusterfs device="/dev/an-c05n01_vg0/shared" force_unmount="1" fstype="gfs2" mountpoint="/shared" name="sharedfs" />
			<script file="/etc/init.d/libvirtd" name="libvirtd"/>
		</resources>
		<failoverdomains>
			<failoverdomain name="only_n01" nofailback="1" ordered="0" restricted="1">
				<failoverdomainnode name="an-c05n01.alteeve.ca"/>
			</failoverdomain>
			<failoverdomain name="only_n02" nofailback="1" ordered="0" restricted="1">
				<failoverdomainnode name="an-c05n02.alteeve.ca"/>
			</failoverdomain>
			<failoverdomain name="primary_n01" nofailback="1" ordered="1" restricted="1">
				<failoverdomainnode name="an-c05n01.alteeve.ca" priority="1"/>
				<failoverdomainnode name="an-c05n02.alteeve.ca" priority="2"/>
			</failoverdomain>
			<failoverdomain name="primary_n02" nofailback="1" ordered="1" restricted="1">
				<failoverdomainnode name="an-c05n01.alteeve.ca" priority="2"/>
				<failoverdomainnode name="an-c05n02.alteeve.ca" priority="1"/>
			</failoverdomain>
		</failoverdomains>
		<service autostart="1" domain="only_n01" exclusive="0" name="storage_n01" recovery="restart">
			<script ref="drbd">
				<script ref="clvmd">
					<clusterfs ref="sharedfs"/>
				</script>
			</script>
		</service>
		<service autostart="1" domain="only_n02" exclusive="0" name="storage_n02" recovery="restart">
			<script ref="drbd">
				<script ref="clvmd">
					<clusterfs ref="sharedfs"/>
				</script>
			</script>
		</service>
		<service autostart="1" domain="only_n01" exclusive="0" name="libvirtd_n01" recovery="restart">
			<script ref="libvirtd"/>
		</service>
		<service autostart="1" domain="only_n02" exclusive="0" name="libvirtd_n02" recovery="restart">
			<script ref="libvirtd"/>
		</service>
		<vm name="vm01-win2008" domain="primary_n01" autostart="1" depend="service:storage_n01" depend_mode="soft" path="/shared/definitions/" exclusive="0" recovery="restart" max_restarts="2" restart_expire_time="600" />
		<vm name="vm02-win2012" domain="primary_n02" autostart="1" depend="service:storage_n02" depend_mode="soft" path="/shared/definitions/" exclusive="0" recovery="restart" max_restarts="2" restart_expire_time="600" />
		<vm name="vm03-win7" domain="primary_n01" autostart="1" depend="service:storage_n01" depend_mode="soft" path="/shared/definitions/" exclusive="0" recovery="restart" max_restarts="2" restart_expire_time="600" />
	</rm>
</cluster>Now let's activate the new configuration.
| an-c05n01 | ccs_config_validateConfiguration validatescman_tool version6.2.0 config 13cman_tool version -r
cman_tool version6.2.0 config 14 | 
|---|---|
| an-c05n02 | cman_tool version6.2.0 config 14 | 
Almost done.
Making vm03-win7 Active in the Anvil!
Let's take a look at virsh list on an-c05n01 and clustat on an-c05n02.
| an-c05n01 | virsh list --all Id    Name                           State
----------------------------------------------------
 1     vm01-win2008                   running
 4     vm03-win7                      running | 
|---|---|
| an-c05n02 | clustatCluster Status for an-cluster-05 @ Tue Nov 12 14:50:15 2013
Member Status: Quorate
 Member Name                                         ID   Status
 ------ ----                                         ---- ------
 an-c05n01.alteeve.ca                                    1 Online, rgmanager
 an-c05n02.alteeve.ca                                    2 Online, Local, rgmanager
 Service Name                               Owner (Last)                               State         
 ------- ----                               ----- ------                               -----         
 service:libvirtd_n01                       an-c05n01.alteeve.ca                       started       
 service:libvirtd_n02                       an-c05n02.alteeve.ca                       started       
 service:storage_n01                        an-c05n01.alteeve.ca                       started       
 service:storage_n02                        an-c05n02.alteeve.ca                       started       
 vm:vm01-win2008                            an-c05n01.alteeve.ca                       started       
 vm:vm02-win2012                            an-c05n02.alteeve.ca                       started       
 vm:vm03-win7                               (none)                                     disabled | 
As before, the server was started before we told the Anvil! that it existed. So we need to tell the Anvil! that the server is already running.
To do that, we will enable the new vm:vm03-win7 service on an-c05n01.alteeve.ca. We know that we want to use an-c05n01.alteeve.ca because it's virsh list showed it as running.
| an-c05n01 | clusvcadm -e vm:vm03-win7 -m an-c05n01.alteeve.caMember an-c05n01.alteeve.ca trying to enable vm:vm03-win7...Success
vm:vm03-win7 is now running on an-c05n01.alteeve.ca | 
|---|---|
| an-c05n02 | clustatCluster Status for an-cluster-05 @ Tue Nov 12 14:51:19 2013
Member Status: Quorate
 Member Name                                         ID   Status
 ------ ----                                         ---- ------
 an-c05n01.alteeve.ca                                    1 Online, rgmanager
 an-c05n02.alteeve.ca                                    2 Online, Local, rgmanager
 Service Name                               Owner (Last)                               State         
 ------- ----                               ----- ------                               -----         
 service:libvirtd_n01                       an-c05n01.alteeve.ca                       started       
 service:libvirtd_n02                       an-c05n02.alteeve.ca                       started       
 service:storage_n01                        an-c05n01.alteeve.ca                       started       
 service:storage_n02                        an-c05n02.alteeve.ca                       started       
 vm:vm01-win2008                            an-c05n01.alteeve.ca                       started       
 vm:vm02-win2012                            an-c05n02.alteeve.ca                       started       
 vm:vm03-win7                               an-c05n01.alteeve.ca                       started | 
Now, should vm03-win7 fail or if an-c05n01 should fail, the Anvil! will recover it automatically.
Testing vm03-win7 Management With clusvcadm
The first thing we're going to do is disable (gracefully shut down) the server. To do this, we'll send an ACPI "power button" event to vm03-win7. Windows 7 will, like most operating systems, respond to having it's "power button pressed" by beginning a graceful shut down.
As always, start by checking the state of things.
| an-c05n01 | clustatCluster Status for an-cluster-05 @ Tue Nov 12 14:51:51 2013
Member Status: Quorate
 Member Name                                         ID   Status
 ------ ----                                         ---- ------
 an-c05n01.alteeve.ca                                    1 Online, Local, rgmanager
 an-c05n02.alteeve.ca                                    2 Online, rgmanager
 Service Name                               Owner (Last)                               State         
 ------- ----                               ----- ------                               -----         
 service:libvirtd_n01                       an-c05n01.alteeve.ca                       started       
 service:libvirtd_n02                       an-c05n02.alteeve.ca                       started       
 service:storage_n01                        an-c05n01.alteeve.ca                       started       
 service:storage_n02                        an-c05n02.alteeve.ca                       started       
 vm:vm01-win2008                            an-c05n01.alteeve.ca                       started       
 vm:vm02-win2012                            an-c05n02.alteeve.ca                       started       
 vm:vm03-win7                               an-c05n01.alteeve.ca                       started | 
|---|
As we expected. Let's disable the vm03-win7 server now.
| an-c05n01 | clusvcadm -d vm:vm03-win7Local machine disabling vm:vm03-win7...Success | 
|---|
If we check clustat again, we'll see that the vm:vm03-win7 service is indeed disabled.
| an-c05n01 | clustatCluster Status for an-cluster-05 @ Tue Nov 12 15:09:39 2013
Member Status: Quorate
 Member Name                                         ID   Status
 ------ ----                                         ---- ------
 an-c05n01.alteeve.ca                                    1 Online, Local, rgmanager
 an-c05n02.alteeve.ca                                    2 Online, rgmanager
 Service Name                               Owner (Last)                               State         
 ------- ----                               ----- ------                               -----         
 service:libvirtd_n01                       an-c05n01.alteeve.ca                       started       
 service:libvirtd_n02                       an-c05n02.alteeve.ca                       started       
 service:storage_n01                        an-c05n01.alteeve.ca                       started       
 service:storage_n02                        an-c05n02.alteeve.ca                       started       
 vm:vm01-win2008                            an-c05n01.alteeve.ca                       started       
 vm:vm02-win2012                            an-c05n02.alteeve.ca                       started       
 vm:vm03-win7                               (an-c05n01.alteeve.ca)                     disabled | 
|---|
Good, it's off. Let's turn it back on now.
| an-c05n01 | clusvcadm -F -e vm:vm03-win7Local machine trying to enable vm:vm03-win7...Success
vm:vm03-win7 is now running on an-c05n01.alteeve.ca | 
|---|
Perfect! The SELinux fix from before worked for this server, too. You can verify this by disabling the server and re-running the above command on an-c05n02.
Making vm04-win8 a Highly Available Services
|  | Note: If you skipped adding vm01-win2008 to the cluster manager, please jump back and review the steps there. Particularly on creating the new failover domains and SELinux fix. | 
It's time to add vm04-win8 to the cluster's management.
Dumping the vm04-win8 XML Definition File
As we did with vm01-win2008, we need to dump vm04-win8's XML definition out to a file in /shared/definitions.
|  | Note: Recall that we provisioned vm04-win8 on an-c05n01, so we will have to use that node for the next step. | 
First, let's use virsh, a libvirtd tool, to see the server's state.
| an-c05n01 | virsh list --all Id    Name                           State
----------------------------------------------------
 1     vm01-win2008                   running
 5     vm03-win7                      running
 8     vm04-win8                      running | 
|---|
So we see that vm04-win8 is running. Recall that the Id is a simple integer that increments each time a server boots.
Now dump the server's XML.
| an-c05n01 | virsh dumpxml vm04-win8 > /shared/definitions/vm04-win8.xml
ls -lah /shared/definitions/vm04-win8.xml-rw-r--r--. 1 root root 3.3K Nov 12 19:36 /shared/definitions/vm04-win8.xml | 
|---|
|  | Warning: Be sure the XML file was written properly! This next step will remove the server from libvirtd. Once done, the /shared/definitions/vm04-win8.xml will be the only way to boot the server! | 
The last step is to remove vm04-win8 from libvirtd. This will ensure that tools like "Virtual Machine Manager" will not know about our servers except when they are running on the node.
| an-c05n01 | virsh undefine vm04-win8Domain vm04-win8 has been undefined | 
|---|
Done.
Creating The vm:vm04-win8 Services
As we did for vm01-win2008, we will create a vm service entry for vm04-win8. This time though, because this server is assigned to an-c05n02, we will use the primary_n02 failover domain.
Lets increment the version to 15 and add the new entry.
	<rm log_level="5">
		...
		<vm name="vm04-win8" domain="primary_n01" autostart="1" depend="service:storage_n01" depend_mode="soft" path="/shared/definitions/" exclusive="0" recovery="restart" max_restarts="2" restart_expire_time="600" />
	</rm><?xml version="1.0"?>
<cluster config_version="15" name="an-cluster-05">
	<cman expected_votes="1" two_node="1"/>
	<clusternodes>
		<clusternode name="an-c05n01.alteeve.ca" nodeid="1">
			<fence>
				<method name="ipmi">
					<device action="reboot" delay="15" name="ipmi_n01"/>
				</method>
				<method name="pdu">
					<device action="reboot" name="pdu1" port="1"/>
					<device action="reboot" name="pdu2" port="1"/>
				</method>
			</fence>
		</clusternode>
		<clusternode name="an-c05n02.alteeve.ca" nodeid="2">
			<fence>
				<method name="ipmi">
					<device action="reboot" name="ipmi_n02"/>
				</method>
				<method name="pdu">
					<device action="reboot" name="pdu1" port="2"/>
					<device action="reboot" name="pdu2" port="2"/>
				</method>
			</fence>
		</clusternode>
	</clusternodes>
	<fencedevices>
		<fencedevice agent="fence_ipmilan" ipaddr="an-c05n01.ipmi" login="admin" name="ipmi_n01" passwd="secret"/>
		<fencedevice agent="fence_ipmilan" ipaddr="an-c05n02.ipmi" login="admin" name="ipmi_n02" passwd="secret"/>
		<fencedevice agent="fence_apc_snmp" ipaddr="an-p01.alteeve.ca" name="pdu1"/>
		<fencedevice agent="fence_apc_snmp" ipaddr="an-p02.alteeve.ca" name="pdu2"/>
	</fencedevices>
	<fence_daemon post_join_delay="30"/>
	<totem rrp_mode="none" secauth="off"/>
	<rm log_level="5">
		<resources>
			<script file="/etc/init.d/drbd" name="drbd"/>
			<script file="/etc/init.d/clvmd" name="clvmd"/>
			<clusterfs device="/dev/an-c05n01_vg0/shared" force_unmount="1" fstype="gfs2" mountpoint="/shared" name="sharedfs" />
			<script file="/etc/init.d/libvirtd" name="libvirtd"/>
		</resources>
		<failoverdomains>
			<failoverdomain name="only_n01" nofailback="1" ordered="0" restricted="1">
				<failoverdomainnode name="an-c05n01.alteeve.ca"/>
			</failoverdomain>
			<failoverdomain name="only_n02" nofailback="1" ordered="0" restricted="1">
				<failoverdomainnode name="an-c05n02.alteeve.ca"/>
			</failoverdomain>
			<failoverdomain name="primary_n01" nofailback="1" ordered="1" restricted="1">
				<failoverdomainnode name="an-c05n01.alteeve.ca" priority="1"/>
				<failoverdomainnode name="an-c05n02.alteeve.ca" priority="2"/>
			</failoverdomain>
			<failoverdomain name="primary_n02" nofailback="1" ordered="1" restricted="1">
				<failoverdomainnode name="an-c05n01.alteeve.ca" priority="2"/>
				<failoverdomainnode name="an-c05n02.alteeve.ca" priority="1"/>
			</failoverdomain>
		</failoverdomains>
		<service autostart="1" domain="only_n01" exclusive="0" name="storage_n01" recovery="restart">
			<script ref="drbd">
				<script ref="clvmd">
					<clusterfs ref="sharedfs"/>
				</script>
			</script>
		</service>
		<service autostart="1" domain="only_n02" exclusive="0" name="storage_n02" recovery="restart">
			<script ref="drbd">
				<script ref="clvmd">
					<clusterfs ref="sharedfs"/>
				</script>
			</script>
		</service>
		<service autostart="1" domain="only_n01" exclusive="0" name="libvirtd_n01" recovery="restart">
			<script ref="libvirtd"/>
		</service>
		<service autostart="1" domain="only_n02" exclusive="0" name="libvirtd_n02" recovery="restart">
			<script ref="libvirtd"/>
		</service>
		<vm name="vm01-win2008" domain="primary_n01" autostart="1" depend="service:storage_n01" depend_mode="soft" path="/shared/definitions/" exclusive="0" recovery="restart" max_restarts="2" restart_expire_time="600" />
		<vm name="vm02-win2012" domain="primary_n02" autostart="1" depend="service:storage_n02" depend_mode="soft" path="/shared/definitions/" exclusive="0" recovery="restart" max_restarts="2" restart_expire_time="600" />
		<vm name="vm03-win7" domain="primary_n01" autostart="1" depend="service:storage_n01" depend_mode="soft" path="/shared/definitions/" exclusive="0" recovery="restart" max_restarts="2" restart_expire_time="600" />
		<vm name="vm04-win8" domain="primary_n01" autostart="1" depend="service:storage_n01" depend_mode="soft" path="/shared/definitions/" exclusive="0" recovery="restart" max_restarts="2" restart_expire_time="600" />
	</rm>
</cluster>Now let's activate the new configuration.
| an-c05n01 | ccs_config_validateConfiguration validatescman_tool version6.2.0 config 14cman_tool version -r
cman_tool version6.2.0 config 15 | 
|---|---|
| an-c05n02 | cman_tool version6.2.0 config 15 | 
Almost done.
Making vm04-win8 Active in the Anvil!
Let's take a look at virsh list on an-c05n01 and clustat on an-c05n02.
| an-c05n01 | virsh list --all Id    Name                           State
----------------------------------------------------
 1     vm01-win2008                   running
 5     vm03-win7                      running
 8     vm04-win8                      running | 
|---|---|
| an-c05n02 | clustatCluster Status for an-cluster-05 @ Tue Nov 12 19:39:08 2013
Member Status: Quorate
 Member Name                                         ID   Status
 ------ ----                                         ---- ------
 an-c05n01.alteeve.ca                                    1 Online, rgmanager
 an-c05n02.alteeve.ca                                    2 Online, Local, rgmanager
 Service Name                               Owner (Last)                               State         
 ------- ----                               ----- ------                               -----         
 service:libvirtd_n01                       an-c05n01.alteeve.ca                       started       
 service:libvirtd_n02                       an-c05n02.alteeve.ca                       started       
 service:storage_n01                        an-c05n01.alteeve.ca                       started       
 service:storage_n02                        an-c05n02.alteeve.ca                       started       
 vm:vm01-win2008                            an-c05n01.alteeve.ca                       started       
 vm:vm02-win2012                            an-c05n02.alteeve.ca                       started       
 vm:vm03-win7                               an-c05n01.alteeve.ca                       started       
 vm:vm04-win8                               (none)                                     disabled | 
As before, the server was started before we told the Anvil! that it existed. So we need to tell the Anvil! that the server is already running.
To do that, we will enable the new vm:vm04-win8 service on an-c05n01.alteeve.ca. We know that we want to use an-c05n01.alteeve.ca because it's virsh list showed it as running.
| an-c05n01 | clusvcadm -e vm:vm04-win8 -m an-c05n01.alteeve.caMember an-c05n01.alteeve.ca trying to enable vm:vm04-win8...Success
vm:vm04-win8 is now running on an-c05n01.alteeve.ca | 
|---|---|
| an-c05n02 | clustatCluster Status for an-cluster-05 @ Tue Nov 12 19:39:38 2013
Member Status: Quorate
 Member Name                                         ID   Status
 ------ ----                                         ---- ------
 an-c05n01.alteeve.ca                                    1 Online, rgmanager
 an-c05n02.alteeve.ca                                    2 Online, Local, rgmanager
 Service Name                               Owner (Last)                               State         
 ------- ----                               ----- ------                               -----         
 service:libvirtd_n01                       an-c05n01.alteeve.ca                       started       
 service:libvirtd_n02                       an-c05n02.alteeve.ca                       started       
 service:storage_n01                        an-c05n01.alteeve.ca                       started       
 service:storage_n02                        an-c05n02.alteeve.ca                       started       
 vm:vm01-win2008                            an-c05n01.alteeve.ca                       started       
 vm:vm02-win2012                            an-c05n02.alteeve.ca                       started       
 vm:vm03-win7                               an-c05n01.alteeve.ca                       started       
 vm:vm04-win8                               an-c05n01.alteeve.ca                       started | 
Now, should vm04-win8 fail or if an-c05n01 should fail, the Anvil! will recover it automatically.
Testing vm04-win8 Management With clusvcadm
The first thing we're going to do is disable (gracefully shut down) the server. To do this, we'll send an ACPI "power button" event to vm04-win8. Windows 7 will, like most operating systems, respond to having it's "power button pressed" by beginning a graceful shut down.
As always, start by checking the state of things.
| an-c05n01 | clustatCluster Status for an-cluster-05 @ Tue Nov 12 19:39:57 2013
Member Status: Quorate
 Member Name                                         ID   Status
 ------ ----                                         ---- ------
 an-c05n01.alteeve.ca                                    1 Online, Local, rgmanager
 an-c05n02.alteeve.ca                                    2 Online, rgmanager
 Service Name                               Owner (Last)                               State         
 ------- ----                               ----- ------                               -----         
 service:libvirtd_n01                       an-c05n01.alteeve.ca                       started       
 service:libvirtd_n02                       an-c05n02.alteeve.ca                       started       
 service:storage_n01                        an-c05n01.alteeve.ca                       started       
 service:storage_n02                        an-c05n02.alteeve.ca                       started       
 vm:vm01-win2008                            an-c05n01.alteeve.ca                       started       
 vm:vm02-win2012                            an-c05n02.alteeve.ca                       started       
 vm:vm03-win7                               an-c05n01.alteeve.ca                       started       
 vm:vm04-win8                               an-c05n01.alteeve.ca                       started | 
|---|
As we expected. Let's disable the vm04-win8 server now.
| an-c05n01 | clusvcadm -d vm:vm04-win8Local machine disabling vm:vm04-win8...Success | 
|---|
If we check clustat again, we'll see that the vm:vm04-win8 service is indeed disabled.
| an-c05n01 | clustatCluster Status for an-cluster-05 @ Tue Nov 12 19:40:31 2013
Member Status: Quorate
 Member Name                                         ID   Status
 ------ ----                                         ---- ------
 an-c05n01.alteeve.ca                                    1 Online, Local, rgmanager
 an-c05n02.alteeve.ca                                    2 Online, rgmanager
 Service Name                               Owner (Last)                               State         
 ------- ----                               ----- ------                               -----         
 service:libvirtd_n01                       an-c05n01.alteeve.ca                       started       
 service:libvirtd_n02                       an-c05n02.alteeve.ca                       started       
 service:storage_n01                        an-c05n01.alteeve.ca                       started       
 service:storage_n02                        an-c05n02.alteeve.ca                       started       
 vm:vm01-win2008                            an-c05n01.alteeve.ca                       started       
 vm:vm02-win2012                            an-c05n02.alteeve.ca                       started       
 vm:vm03-win7                               an-c05n01.alteeve.ca                       started       
 vm:vm04-win8                               (an-c05n01.alteeve.ca)                     disabled | 
|---|
Good, it's off. Let's turn it back on now.
| an-c05n01 | clusvcadm -F -e vm:vm04-win8Local machine trying to enable vm:vm04-win8...Success
vm:vm04-win8 is now running on an-c05n01.alteeve.ca | 
|---|
Perfect! The SELinux fix from before worked for this server, too. You can verify this by disabling the server and re-running the above command on an-c05n02.
We're Done! Or, Are We?
That's it, ladies and gentlemen. Our cluster is completed! In theory now, any failure in the cluster will result in no lost data and, at worst, no more than a minute or two of downtime.
"In theory" just isn't good enough in clustering though. Time to take "theory" and make it a tested, known fact.
Testing; Taking Theory And Putting It Into Practice
You may have thought that we were done. Indeed, the cluster has been built, but we don't know if things actually work.
Enter testing.
In practice, when preparing production clusters for deployment, you should plan to spend at least twice as long in testing as you did in building the cluster. You need to imagine all failure scenarios, trigger those failures and see what happens.
A Note On The Importance Of Fencing
It may be tempting to think that you were careful and don't really need to test you cluster thoroughly.
You are wrong
Baring you being absolutely obsessive with testing every step of the way, you will almost certain make mistakes. Now I make no claims to genius, but I do like to think I am pretty comfortable building 2-node clusters. Despite that, while writing this testing portion of the tutorial, I found the following problems with my cluster;
- RGManager's autostart="1" is not evaluated when a node starts, only when quorum is gained. The mistake had me assuming that the storage services would start when the node restarted, after having manually disabled the service prior to node withdrawal.
- The behaviour of echo c > /proc/sysrq-trigger changed since EL5 and now triggers a core dump with 100% CPU load in EL6 KVM guests. This means that a previous expectation of the cluster recovering from these crashes was wrong.
- I forgot to install the obliterate-peer.sh script for DRBD, which I didn't catch until I tried to fail a node.
You simply can't make assumptions. Test your cluster in every failure mode you can imagine. Until you do, you won't know what you might have missed!
Controlled VM Migration And Node Withdrawal
This testing will ensure that live migration works in both directions, and that each node can be cleanly removed from and then rejoin the cluster.
The test will consist of the following steps;
- Live migrate vm01-dev and vm02-web from an-c05n01 to an-c05n02. This will ensure live migration works and that all VMs will run on a single node.
- Withdraw an-c05n01 from the cluster entirely and reboot it. This will ensure that cold shut-down of the node is successful.
- Once an-c05n01 has rebooted, rejoin it to the cluster. This will ensure that rejoining the cluster works.
- Once an-c05n01 is a member of the cluster, we will wait a few minutes and ensure that vm01-dev and vm02-web automatically live migrate back to an-c05n01. This will ensure that priority is working.
- We will live migrate vm03-db and vm04-ms from an-c05n02 to an-c05n01 to ensure that migration works in the other direction.
- With the VMs all running on an-c05n01, we will withdraw an-c05n02 from the cluster, reboot it, rejoin it to the cluster and then confirm that vm03-db and vm04-ms automatically migrate back to an-c05n02.
With all of these tests completed, we will be able to ensure that order and controlled migration of VM services work as expected.
Live Migration - vm01-dev And vm0002-dev To an-c05n02
First up, we will use the special clusvcadm switch -M, which tells the cluster to use "live migration". This is, the VM will move to the target member without shutting down. Users of the VM should notice, and worst, a brief network interruption when the cut-over occurs, without any adverse effect on their services or dropped connections.
Let's take a quick look at the state of affairs;
On an-c05n02, run;
clustatCluster Status for an-cluster-05 @ Sat Dec 31 13:49:41 2011
Member Status: Quorate
 Member Name                             ID   Status
 ------ ----                             ---- ------
 an-c05n01.alteeve.ca                       1 Online, rgmanager
 an-c05n02.alteeve.ca                       2 Online, Local, rgmanager
 Service Name                   Owner (Last)                   State         
 ------- ----                   ----- ------                   -----         
 service:storage_an01           an-c05n01.alteeve.ca          started       
 service:storage_an02           an-c05n02.alteeve.ca          started       
 vm:vm01-dev                    an-c05n01.alteeve.ca          started       
 vm:vm02-web                    an-c05n01.alteeve.ca          started       
 vm:vm03-db                     an-c05n02.alteeve.ca          started       
 vm:vm04-ms                     an-c05n02.alteeve.ca          startedLets start by live migrating vm01-dev. Before we do though, let's ssh into it and start a ping against a target on the internet. We'll leave this running throughout the live migration.
On vm01-dev;
Now back on an-c05n01, let's migrate vm01-dev over to an-c05n02. This will take a little while as the VM's RAM gets copied across the BCN.
clusvcadm -M vm:vm01-dev -m an-c05n02.alteeve.caTrying to migrate vm:vm01-dev to an-c05n02.alteeve.ca...SuccessOnce complete, check the new status of clustat;
clustatCluster Status for an-cluster-05 @ Sat Dec 31 14:11:43 2011
Member Status: Quorate
 Member Name                             ID   Status
 ------ ----                             ---- ------
 an-c05n01.alteeve.ca                       1 Online, rgmanager
 an-c05n02.alteeve.ca                       2 Online, Local, rgmanager
 Service Name                   Owner (Last)                   State         
 ------- ----                   ----- ------                   -----         
 service:storage_an01           an-c05n01.alteeve.ca          started       
 service:storage_an02           an-c05n02.alteeve.ca          started       
 vm:vm01-dev                  an-c05n02.alteeve.ca          started       
 vm:vm02-web                    an-c05n01.alteeve.ca          started       
 vm:vm03-db                     an-c05n02.alteeve.ca          started       
 vm:vm04-ms                     an-c05n02.alteeve.ca          startedIf we look again at vm01-dev's ping, we'll see that a few packets were dropped but our ssh session remained intact. Any other active TCP session should have survived this just fine as well.
Wonderful! Now let's live migrate vm02-web to an-c05n02.
clusvcadm -M vm:vm02-web -m an-c05n02.alteeve.caTrying to migrate vm:vm02-web to an-c05n02.alteeve.ca...SuccessAgain, check the new status of clustat;
clustatCluster Status for an-cluster-05 @ Sat Dec 31 14:17:35 2011
Member Status: Quorate
 Member Name                             ID   Status
 ------ ----                             ---- ------
 an-c05n01.alteeve.ca                       1 Online, rgmanager
 an-c05n02.alteeve.ca                       2 Online, Local, rgmanager
 Service Name                   Owner (Last)                   State         
 ------- ----                   ----- ------                   -----         
 service:storage_an01           an-c05n01.alteeve.ca          started       
 service:storage_an02           an-c05n02.alteeve.ca          started       
 vm:vm01-dev                  an-c05n02.alteeve.ca          started       
 vm:vm02-web                  an-c05n02.alteeve.ca          started       
 vm:vm03-db                     an-c05n02.alteeve.ca          started       
 vm:vm04-ms                     an-c05n02.alteeve.ca          startedWe can see now that all four VMs are running on an-c05n02! This is possible because of our careful planning of the VM resources earlier. This will mean more load on the host node's CPU, so things might not be as fast as we would like, but all services are on-line!
Withdraw an-c05n01 From The Cluster
So imagine now that we need to do some work on an-c05n01, like replace a bad network card or add some RAM. We've moved the VMs off, so now the only remaining service is service:storage_an01. We don't want to manually disable this service, because if we did, the service would not automatically start when the node rejoined the cluster. So we're going to just stop rgmanager and let it disable the storage_an01 service.
Check the state of the cluster;
clustatCluster Status for an-cluster-05 @ Sun Jan  1 16:11:56 2012
Member Status: Quorate
 Member Name                             ID   Status
 ------ ----                             ---- ------
 an-c05n01.alteeve.ca                       1 Online, Local, rgmanager
 an-c05n02.alteeve.ca                       2 Online, rgmanager
 Service Name                   Owner (Last)                   State         
 ------- ----                   ----- ------                   -----         
 service:storage_an01           an-c05n01.alteeve.ca          started       
 service:storage_an02           an-c05n02.alteeve.ca          started       
 vm:vm01-dev                  an-c05n02.alteeve.ca          started       
 vm:vm02-web                  an-c05n02.alteeve.ca          started       
 vm:vm03-db                     an-c05n02.alteeve.ca          started       
 vm:vm04-ms                     an-c05n02.alteeve.ca          startedJust as we expect, so now we will stop rgmanager, then stop cman.
On an-c05n01;
/etc/init.d/rgmanager stopStopping Cluster Service Manager:                          [  OK  ]/etc/init.d/cman stopStopping cluster: 
   Leaving fence domain...                                 [  OK  ]
   Stopping gfs_controld...                                [  OK  ]
   Stopping dlm_controld...                                [  OK  ]
   Stopping fenced...                                      [  OK  ]
   Stopping cman...                                        [  OK  ]
   Waiting for corosync to shutdown:                       [  OK  ]
   Unloading kernel modules...                             [  OK  ]
   Unmounting configfs...                                  [  OK  ]Checking on an-c05n02, we can see that all four VMs are running fine and that an-c05n01 is gone.
clustatCluster Status for an-cluster-05 @ Sun Jan  1 16:13:23 2012
Member Status: Quorate
 Member Name                             ID   Status
 ------ ----                             ---- ------
 an-c05n01.alteeve.ca                       1 Offline
 an-c05n02.alteeve.ca                       2 Online, Local, rgmanager
 Service Name                   Owner (Last)                   State         
 ------- ----                   ----- ------                   -----         
 service:storage_an01           (an-c05n01.alteeve.ca)        stopped       
 service:storage_an02           an-c05n02.alteeve.ca          started       
 vm:vm01-dev                  an-c05n02.alteeve.ca          started       
 vm:vm02-web                  an-c05n02.alteeve.ca          started       
 vm:vm03-db                     an-c05n02.alteeve.ca          started       
 vm:vm04-ms                     an-c05n02.alteeve.ca          startedTest passed!
You can now power off and restart an-c05n01.
Rejoining an-c05n01 To The Cluster
If you haven't already, reboot an-c05n01. As we set earlier, cman and rgmanager will start automatically. The easiest thing to do for this test is to watch clustat on an-c05n02. If all goes well, you should see an-c05n01 rejoin the cluster automatically.
Connected to cluster;
Storage coming on-line;
Back in business!
You should be able to log back into an-c05n01 and see that everything is back on-line. DRBD should be UpToDate, or be in the process of synchronizing.
Migrating vm01-dev And vm02-web Back To an-c05n01
If we were putting the cluster back into its normal state, all that would be left to do is to migrate an-c05n01's VMs back. So let's do that.
As always, start with a check of the current cluster status.
clustatCluster Status for an-cluster-05 @ Sun Jan  1 16:31:06 2012
Member Status: Quorate
 Member Name                             ID   Status
 ------ ----                             ---- ------
 an-c05n01.alteeve.ca                       1 Online, Local, rgmanager
 an-c05n02.alteeve.ca                       2 Online, rgmanager
 Service Name                   Owner (Last)                   State         
 ------- ----                   ----- ------                   -----         
 service:storage_an01           an-c05n01.alteeve.ca          started       
 service:storage_an02           an-c05n02.alteeve.ca          started       
 vm:vm01-dev                  an-c05n02.alteeve.ca          started       
 vm:vm02-web                  an-c05n02.alteeve.ca          started       
 vm:vm03-db                     an-c05n02.alteeve.ca          started       
 vm:vm04-ms                     an-c05n02.alteeve.ca          startedNow confirm that the underlying storage is ready. Remember that DRBD resource r1 backs the VMs used by the an-c05n01_vg0 volume groups.
cat /proc/drbdversion: 8.3.12 (api:88/proto:86-96)
GIT-hash: e2a8ef4656be026bbae540305fcb998a5991090f build by dag@Build64R6, 2011-11-20 10:57:03
 0: cs:Connected ro:Primary/Primary ds:UpToDate/UpToDate C r-----
    ns:0 nr:0 dw:0 dr:12552 al:0 bm:0 lo:0 pe:0 ua:0 ap:0 ep:1 wo:b oos:0
 1: cs:Connected ro:Primary/Primary ds:UpToDate/UpToDate C r-----
    ns:0 nr:2428 dw:2428 dr:9776 al:0 bm:4 lo:0 pe:0 ua:0 ap:0 ep:1 wo:f oos:0
 2: cs:Connected ro:Primary/Primary ds:UpToDate/UpToDate C r-----
    ns:0 nr:510 dw:510 dr:9744 al:0 bm:4 lo:0 pe:0 ua:0 ap:0 ep:1 wo:f oos:0All systems ready; Let's migrate vm01-dev and vm02-web now.
clusvcadm -M vm:vm01-dev -m an-c05n01.alteeve.caTrying to migrate vm:vm01-dev to an-c05n01.alteeve.ca...Successclusvcadm -M vm:vm02-web -m an-c05n01.alteeve.caTrying to migrate vm:vm02-web to an-c05n01.alteeve.ca...SuccessCheck the new status;
clustatCluster Status for an-cluster-05 @ Sun Jan  1 16:32:11 2012
Member Status: Quorate
 Member Name                             ID   Status
 ------ ----                             ---- ------
 an-c05n01.alteeve.ca                       1 Online, Local, rgmanager
 an-c05n02.alteeve.ca                       2 Online, rgmanager
 Service Name                   Owner (Last)                   State         
 ------- ----                   ----- ------                   -----         
 service:storage_an01           an-c05n01.alteeve.ca          started       
 service:storage_an02           an-c05n02.alteeve.ca          started       
 vm:vm01-dev                    an-c05n01.alteeve.ca          started       
 vm:vm02-web                    an-c05n01.alteeve.ca          started       
 vm:vm03-db                     an-c05n02.alteeve.ca          started       
 vm:vm04-ms                     an-c05n02.alteeve.ca          startedWith that, the cluster is back in business!
Live Migration - vm03-db And vm04-ms To an-c05n01
Let's start the process of taking an-c05n02 out of the cluster. The first step is to move vm03-db and vm04-ms over to an-c05n01.
clustatCluster Status for an-cluster-05 @ Sun Jan  1 16:42:10 2012
Member Status: Quorate
 Member Name                             ID   Status
 ------ ----                             ---- ------
 an-c05n01.alteeve.ca                       1 Online, Local, rgmanager
 an-c05n02.alteeve.ca                       2 Online, rgmanager
 Service Name                   Owner (Last)                   State         
 ------- ----                   ----- ------                   -----         
 service:storage_an01           an-c05n01.alteeve.ca          started       
 service:storage_an02           an-c05n02.alteeve.ca          started       
 vm:vm01-dev                    an-c05n01.alteeve.ca          started       
 vm:vm02-web                    an-c05n01.alteeve.ca          started       
 vm:vm03-db                     an-c05n02.alteeve.ca          started       
 vm:vm04-ms                     an-c05n02.alteeve.ca          startedReady to migrate.
clusvcadm -M vm:vm03-db -m an-c05n01.alteeve.caTrying to migrate vm:vm03-db to an-c05n01.alteeve.ca...Successclusvcadm -M vm:vm04-ms -m an-c05n01.alteeve.caTrying to migrate vm:vm04-ms to an-c05n01.alteeve.ca...SuccessConfirm;
clustatCluster Status for an-cluster-05 @ Sun Jan  1 16:42:42 2012
Member Status: Quorate
 Member Name                             ID   Status
 ------ ----                             ---- ------
 an-c05n01.alteeve.ca                       1 Online, Local, rgmanager
 an-c05n02.alteeve.ca                       2 Online, rgmanager
 Service Name                   Owner (Last)                   State         
 ------- ----                   ----- ------                   -----         
 service:storage_an01           an-c05n01.alteeve.ca          started       
 service:storage_an02           an-c05n02.alteeve.ca          started       
 vm:vm01-dev                    an-c05n01.alteeve.ca          started       
 vm:vm02-web                    an-c05n01.alteeve.ca          started       
 vm:vm03-db                     an-c05n01.alteeve.ca          started       
 vm:vm04-ms                     an-c05n01.alteeve.ca          startedDone!
Withdraw an-c05n02 From The Cluster
Double-check that all the VMs are off of an-c05n02 prior to withdrawal.
clustatCluster Status for an-cluster-05 @ Sun Jan  1 16:45:30 2012
Member Status: Quorate
 Member Name                             ID   Status
 ------ ----                             ---- ------
 an-c05n01.alteeve.ca                       1 Online, Local, rgmanager
 an-c05n02.alteeve.ca                       2 Online, rgmanager
 Service Name                   Owner (Last)                   State         
 ------- ----                   ----- ------                   -----         
 service:storage_an01           an-c05n01.alteeve.ca          started       
 service:storage_an02           an-c05n02.alteeve.ca          started       
 vm:vm01-dev                    an-c05n01.alteeve.ca          started       
 vm:vm02-web                    an-c05n01.alteeve.ca          started       
 vm:vm03-db                     an-c05n01.alteeve.ca          started       
 vm:vm04-ms                     an-c05n01.alteeve.ca          startedAs before, we will not disable the storage_an02 service. If we did, the service would not automatically restart when the node rejoined the cluster.
So now that an-c05n01 is hosting all of the VMs and is running independently. Now we can stop rgmanager and cman.
On an-c05n02;
/etc/init.d/rgmanager stopStopping Cluster Service Manager:                          [  OK  ]/etc/init.d/cman stopStopping cluster: 
   Leaving fence domain...                                 [  OK  ]
   Stopping gfs_controld...                                [  OK  ]
   Stopping dlm_controld...                                [  OK  ]
   Stopping fenced...                                      [  OK  ]
   Stopping cman...                                        [  OK  ]
   Waiting for corosync to shutdown:                       [  OK  ]
   Unloading kernel modules...                             [  OK  ]
   Unmounting configfs...                                  [  OK  ]Confirm;
clustatCluster Status for an-cluster-05 @ Sun Jan  1 16:49:14 2012
Member Status: Quorate
 Member Name                             ID   Status
 ------ ----                             ---- ------
 an-c05n01.alteeve.ca                       1 Online, Local, rgmanager
 an-c05n02.alteeve.ca                       2 Offline
 Service Name                   Owner (Last)                   State
 ------- ----                   ----- ------                   -----
 service:storage_an01           an-c05n01.alteeve.ca          started
 service:storage_an02           (an-c05n02.alteeve.ca)        stopped
 vm:vm01-dev                    an-c05n01.alteeve.ca          started
 vm:vm02-web                    an-c05n01.alteeve.ca          started
 vm:vm03-db                     an-c05n01.alteeve.ca          started
 vm:vm04-ms                     an-c05n01.alteeve.ca          startedDone! We can now shut down and reboot an-c05n02 entirely.
Rejoining an-c05n02 To The Cluster
Exactly as we did with an-c05n01, we will reboot an-c05n02. The cman and rgmanager services should start automatically, so once again, we will just watch clustat on an-c05n01. If all goes well, you should see an-c05n02 rejoin the cluster automatically.
Connected to cluster;
Storage coming on-line;
Back in business!
You should be able to log back into an-c05n02 and see that everything is back on-line. DRBD should be UpToDate, or be in the process of synchronizing.
Migrating vm03-db And vm04-ms Back To an-c05n02
The last step to restore the cluster to its ideal state is to migrate vm03-db and vm04-ms back to an-c05n02.
As always, start with a check of the current cluster status.
clustatCluster Status for an-cluster-05 @ Sun Jan  1 16:57:19 2012
Member Status: Quorate
 Member Name                             ID   Status
 ------ ----                             ---- ------
 an-c05n01.alteeve.ca                       1 Online, rgmanager
 an-c05n02.alteeve.ca                       2 Online, Local, rgmanager
 Service Name                   Owner (Last)                   State         
 ------- ----                   ----- ------                   -----         
 service:storage_an01           an-c05n01.alteeve.ca          started       
 service:storage_an02           an-c05n02.alteeve.ca          started       
 vm:vm01-dev                    an-c05n01.alteeve.ca          started       
 vm:vm02-web                    an-c05n01.alteeve.ca          started       
 vm:vm03-db                     an-c05n01.alteeve.ca          started       
 vm:vm04-ms                     an-c05n01.alteeve.ca          startedNow confirm that the underlying storage is ready. Remember that DRBD resource r2 backs the VMs used by the an-c05n02_vg0 volume groups.
cat /proc/drbdversion: 8.3.12 (api:88/proto:86-96)
GIT-hash: e2a8ef4656be026bbae540305fcb998a5991090f build by dag@Build64R6, 2011-11-20 10:57:03
 0: cs:Connected ro:Primary/Primary ds:UpToDate/UpToDate C r-----
    ns:0 nr:0 dw:0 dr:8788 al:0 bm:0 lo:0 pe:0 ua:0 ap:0 ep:1 wo:b oos:0
 1: cs:Connected ro:Primary/Primary ds:UpToDate/UpToDate C r-----
    ns:0 nr:376 dw:376 dr:5876 al:0 bm:7 lo:0 pe:0 ua:0 ap:0 ep:1 wo:f oos:0
 2: cs:Connected ro:Primary/Primary ds:UpToDate/UpToDate C r-----
    ns:0 nr:671 dw:671 dr:5844 al:0 bm:16 lo:0 pe:0 ua:0 ap:0 ep:1 wo:f oos:0All systems ready; Let's migrate vm03-db and vm04-ms now.
clusvcadm -M vm:vm03-db -m an-c05n02.alteeve.caTrying to migrate vm:vm03-db to an-c05n02.alteeve.ca...Successclusvcadm -M vm:vm04-ms -m an-c05n02.alteeve.caTrying to migrate vm:vm04-ms to an-c05n02.alteeve.ca...SuccessCheck the new status;
clustatCluster Status for an-cluster-05 @ Sun Jan  1 16:59:22 2012
Member Status: Quorate
 Member Name                             ID   Status
 ------ ----                             ---- ------
 an-c05n01.alteeve.ca                       1 Online, rgmanager
 an-c05n02.alteeve.ca                       2 Online, Local, rgmanager
 Service Name                   Owner (Last)                   State         
 ------- ----                   ----- ------                   -----         
 service:storage_an01           an-c05n01.alteeve.ca          started       
 service:storage_an02           an-c05n02.alteeve.ca          started       
 vm:vm01-dev                    an-c05n01.alteeve.ca          started       
 vm:vm02-web                    an-c05n01.alteeve.ca          started       
 vm:vm03-db                     an-c05n02.alteeve.ca          started       
 vm:vm04-ms                     an-c05n02.alteeve.ca          startedAll controlled migration, withdrawal and re-joining tests completed!
Uncontrolled VM Migration and Node Failure
This test will be more violent than the previous tests. Here we will test failing the VMs and ensuring that the cluster will recover the VMs by restarting them on the hosts. We will repeatedly fail the VMs three times within ten minutes to ensure that the relocate policy kicks in, as we expect it to.
Once we complete the VM failure testing, we will fail and recover both nodes, one at a time of course, and rejoin them to the cluster. This will confirm that the VMs recover on the surviving node.
The tests will be;
- Crash all four VMs three times. The failures will be triggered by using virsh destroy <vm> on the current host node.
- After each crash, we will confirm that the VM came back on-line before crashing it again.
- With all of the VMs tested to recover properly, we will live-migrate them back to their designated host nodes.
- Once the cluster is back into its ideal state, we will crash an-c05n01. Within a few seconds, it should be fenced and the lost VMs should restart on an-c05n02. Once it rejoins the cluster and the VMs return to an-c05n01, we will repeat the test by failing an-c05n02.
Failure Testing vm01-dev
Confirm that vm01-dev is running on an-c05n01.
clustatCluster Status for an-cluster-05 @ Sun Jan  1 18:29:10 2012
Member Status: Quorate
 Member Name                             ID   Status
 ------ ----                             ---- ------
 an-c05n01.alteeve.ca                       1 Online, Local, rgmanager
 an-c05n02.alteeve.ca                       2 Online, rgmanager
 Service Name                   Owner (Last)                   State
 ------- ----                   ----- ------                   -----
 service:storage_an01           an-c05n01.alteeve.ca          started
 service:storage_an02           an-c05n02.alteeve.ca          started
 vm:vm01-dev                    an-c05n01.alteeve.ca          started
 vm:vm02-web                    an-c05n01.alteeve.ca          started
 vm:vm03-db                     an-c05n02.alteeve.ca          started
 vm:vm04-ms                     an-c05n02.alteeve.ca          startedIt is, perfect. Now before I kill a VM, I like to start a ping against it. It acts both as an indication of when the node is back up and acts as a crude method of timing how long it took the VM to fully recover.
|  | Note: If your VMs are isolated, as they are in this tutorial, you may have to run the ping from another VM or from your firewall. | 
ping 10.254.0.1PING 10.254.0.1 (10.254.0.1) 56(84) bytes of data.
64 bytes from 10.254.0.1: icmp_seq=1 ttl=64 time=0.737 ms
64 bytes from 10.254.0.1: icmp_seq=2 ttl=64 time=0.530 ms
64 bytes from 10.254.0.1: icmp_seq=3 ttl=64 time=0.589 msNow, on an-c05n01, forcefully shut down vm01-dev;
virsh destroy vm01-devDomain vm01-dev destroyedWithin a few seconds (10, maximum), the cluster will detect that the VM has failed and will restart it.
We can see in an-c05n01's syslog that the failure was detected and automatically recovered.
Jan  1 18:38:25 an-c05n01 kernel: vbr2: port 2(vnet0) entering disabled state
Jan  1 18:38:25 an-c05n01 kernel: device vnet0 left promiscuous mode
Jan  1 18:38:25 an-c05n01 kernel: vbr2: port 2(vnet0) entering disabled state
Jan  1 18:38:27 an-c05n01 ntpd[2190]: Deleting interface #19 vnet0, fe80::fc54:ff:fe9b:3cf7#123, interface stats: received=0, sent=0, dropped=0, active_time=3058 secs
Jan  1 18:38:35 an-c05n01 rgmanager[2430]: status on vm "vm01-dev" returned 7 (unspecified)
Jan  1 18:38:35 an-c05n01 rgmanager[2430]: Stopping service vm:vm01-dev
Jan  1 18:38:36 an-c05n01 rgmanager[2430]: Service vm:vm01-dev is recovering
Jan  1 18:38:36 an-c05n01 rgmanager[2430]: Recovering failed service vm:vm01-dev
Jan  1 18:38:37 an-c05n01 kernel: device vnet0 entered promiscuous mode
Jan  1 18:38:37 an-c05n01 kernel: vbr2: port 2(vnet0) entering learning state
Jan  1 18:38:37 an-c05n01 rgmanager[2430]: Service vm:vm01-dev started
Jan  1 18:38:39 an-c05n01 ntpd[2190]: Listening on interface #20 vnet0, fe80::fc54:ff:fe9b:3cf7#123 Enabled
Jan  1 18:38:49 an-c05n01 kernel: kvm: 12390: cpu0 unimplemented perfctr wrmsr: 0xc1 data 0xabcd
Jan  1 18:38:52 an-c05n01 kernel: vbr2: port 2(vnet0) entering forwarding stateThe first four entries are related to the VM's network being torn down after it was killed. The fifth through eighth lines show the detection and recovery of the node!
Going back to the ping, we can see that the VM was down for roughly 36 seconds (time between network loss and recovery, add a bit more time for all services to start.
PING 10.254.0.1 (10.254.0.1) 56(84) bytes of data.
64 bytes from 10.254.0.1: icmp_seq=1 ttl=64 time=0.737 ms
64 bytes from 10.254.0.1: icmp_seq=2 ttl=64 time=0.530 ms
64 bytes from 10.254.0.1: icmp_seq=3 ttl=64 time=0.589 ms
64 bytes from 10.254.0.1: icmp_seq=4 ttl=64 time=0.589 ms
64 bytes from 10.254.0.1: icmp_seq=5 ttl=64 time=0.477 ms
64 bytes from 10.254.0.1: icmp_seq=6 ttl=64 time=0.482 ms
64 bytes from 10.254.0.1: icmp_seq=7 ttl=64 time=0.489 ms
64 bytes from 10.254.0.1: icmp_seq=8 ttl=64 time=0.495 ms
64 bytes from 10.254.0.1: icmp_seq=9 ttl=64 time=0.503 ms
64 bytes from 10.254.0.1: icmp_seq=10 ttl=64 time=0.513 ms
64 bytes from 10.254.0.1: icmp_seq=11 ttl=64 time=0.516 ms
64 bytes from 10.254.0.1: icmp_seq=12 ttl=64 time=0.524 ms
64 bytes from 10.254.0.1: icmp_seq=13 ttl=64 time=0.405 ms
64 bytes from 10.254.0.1: icmp_seq=14 ttl=64 time=0.536 ms
64 bytes from 10.254.0.1: icmp_seq=15 ttl=64 time=0.441 ms
64 bytes from 10.254.0.1: icmp_seq=16 ttl=64 time=0.552 ms
# Node died here, 36 pings lost at ~1 ping/sec.
64 bytes from 10.254.0.1: icmp_seq=52 ttl=64 time=0.816 ms
64 bytes from 10.254.0.1: icmp_seq=53 ttl=64 time=0.440 ms
64 bytes from 10.254.0.1: icmp_seq=54 ttl=64 time=0.354 ms
64 bytes from 10.254.0.1: icmp_seq=55 ttl=64 time=0.342 ms
64 bytes from 10.254.0.1: icmp_seq=56 ttl=64 time=0.446 ms
64 bytes from 10.254.0.1: icmp_seq=57 ttl=64 time=0.418 ms
64 bytes from 10.254.0.1: icmp_seq=58 ttl=64 time=0.441 ms
^C
--- 10.254.0.1 ping statistics ---
58 packets transmitted, 23 received, 60% packet loss, time 57949ms
rtt min/avg/max/mdev = 0.342/0.505/0.816/0.109 msNot bad at all!
Now let's kill it two more times and confirm that the third recovery happens on an-c05n02. We'll use the ping as an indicator of when the VM is back on-line before killing it the third time.
Second failure;
virsh destroy vm01-devDomain vm01-dev destroyedChecking syslog again;
Jan  1 18:45:07 an-c05n01 kernel: vbr2: port 2(vnet0) entering disabled state
Jan  1 18:45:07 an-c05n01 kernel: device vnet0 left promiscuous mode
Jan  1 18:45:07 an-c05n01 kernel: vbr2: port 2(vnet0) entering disabled state
Jan  1 18:45:09 an-c05n01 ntpd[2190]: Deleting interface #20 vnet0, fe80::fc54:ff:fe9b:3cf7#123, interface stats: received=0, sent=0, dropped=0, active_time=390 secs
Jan  1 18:45:46 an-c05n01 rgmanager[2430]: status on vm "vm01-dev" returned 7 (unspecified)
Jan  1 18:45:46 an-c05n01 rgmanager[2430]: Stopping service vm:vm01-dev
Jan  1 18:45:46 an-c05n01 rgmanager[2430]: Service vm:vm01-dev is recovering
Jan  1 18:45:47 an-c05n01 rgmanager[2430]: Recovering failed service vm:vm01-dev
Jan  1 18:45:47 an-c05n01 kernel: device vnet0 entered promiscuous mode
Jan  1 18:45:47 an-c05n01 kernel: vbr2: port 2(vnet0) entering learning state
Jan  1 18:45:47 an-c05n01 rgmanager[2430]: Service vm:vm01-dev started
Jan  1 18:45:50 an-c05n01 ntpd[2190]: Listening on interface #21 vnet0, fe80::fc54:ff:fe9b:3cf7#123 Enabled
Jan  1 18:45:59 an-c05n01 kernel: kvm: 17874: cpu0 unimplemented perfctr wrmsr: 0xc1 data 0xabcd
Jan  1 18:46:02 an-c05n01 kernel: vbr2: port 2(vnet0) entering forwarding stateWe can see that the vm01-dev VM is still on an-c05n01;
clustatCluster Status for an-cluster-05 @ Sun Jan  1 18:47:01 2012
Member Status: Quorate
 Member Name                             ID   Status
 ------ ----                             ---- ------
 an-c05n01.alteeve.ca                       1 Online, rgmanager
 an-c05n02.alteeve.ca                       2 Online, Local, rgmanager
 Service Name                   Owner (Last)                   State
 ------- ----                   ----- ------                   -----
 service:storage_an01           an-c05n01.alteeve.ca          started
 service:storage_an02           an-c05n02.alteeve.ca          started
 vm:vm01-dev                    an-c05n01.alteeve.ca          started
 vm:vm02-web                    an-c05n01.alteeve.ca          started
 vm:vm03-db                     an-c05n02.alteeve.ca          started
 vm:vm04-ms                     an-c05n02.alteeve.ca          startedNow the third crash. This time it should come up on an-c05n02.
virsh destroy vm01-devDomain vm01-dev destroyedChecking an-c05n01's syslog again, we'll see something different.
Jan  1 18:47:26 an-c05n01 kernel: vbr2: port 2(vnet0) entering disabled state
Jan  1 18:47:26 an-c05n01 kernel: device vnet0 left promiscuous mode
Jan  1 18:47:26 an-c05n01 kernel: vbr2: port 2(vnet0) entering disabled state
Jan  1 18:47:27 an-c05n01 ntpd[2190]: Deleting interface #21 vnet0, fe80::fc54:ff:fe9b:3cf7#123, interface stats: received=0, sent=0, dropped=0, active_time=97 secs
Jan  1 18:47:46 an-c05n01 rgmanager[2430]: status on vm "vm01-dev" returned 7 (unspecified)
Jan  1 18:47:46 an-c05n01 rgmanager[2430]: Stopping service vm:vm01-dev
Jan  1 18:47:46 an-c05n01 rgmanager[2430]: Service vm:vm01-dev is recovering
Jan  1 18:47:46 an-c05n01 rgmanager[2430]: Restart threshold for vm:vm01-dev exceeded; attempting to relocate
Jan  1 18:47:47 an-c05n01 rgmanager[2430]: Service vm:vm01-dev is now running on member 2The difference is the "Restart threshold for vm:vm01-dev exceeded; attempting to relocate" line. Indeed, if we check clustat, we will in fact see it running on an-c05n02!
clustatCluster Status for an-cluster-05 @ Sun Jan  1 18:49:38 2012
Member Status: Quorate
 Member Name                             ID   Status
 ------ ----                             ---- ------
 an-c05n01.alteeve.ca                       1 Online, rgmanager
 an-c05n02.alteeve.ca                       2 Online, Local, rgmanager
 Service Name                   Owner (Last)                   State
 ------- ----                   ----- ------                   -----
 service:storage_an01           an-c05n01.alteeve.ca          started
 service:storage_an02           an-c05n02.alteeve.ca          started
 vm:vm01-dev                  an-c05n02.alteeve.ca          started
 vm:vm02-web                    an-c05n01.alteeve.ca          started
 vm:vm03-db                     an-c05n02.alteeve.ca          started
 vm:vm04-ms                     an-c05n02.alteeve.ca          startedSuccess!
This test is complete, so we'll finish my migrating the VM back to an-c05n01.
clusvcadm -M vm:vm01-dev -m an-c05n01.alteeve.caTrying to migrate vm:vm01-dev to an-c05n01.alteeve.ca...SuccessAs always, confirm.
clustatCluster Status for an-cluster-05 @ Sun Jan  1 18:51:05 2012
Member Status: Quorate
 Member Name                             ID   Status
 ------ ----                             ---- ------
 an-c05n01.alteeve.ca                       1 Online, rgmanager
 an-c05n02.alteeve.ca                       2 Online, Local, rgmanager
 Service Name                   Owner (Last)                   State
 ------- ----                   ----- ------                   -----
 service:storage_an01           an-c05n01.alteeve.ca          started
 service:storage_an02           an-c05n02.alteeve.ca          started
 vm:vm01-dev                    an-c05n01.alteeve.ca          started
 vm:vm02-web                    an-c05n01.alteeve.ca          started
 vm:vm03-db                     an-c05n02.alteeve.ca          started
 vm:vm04-ms                     an-c05n02.alteeve.ca          startedExcellent.
Failure Testing vm02-web
We'll go through the same process here as we just did with vm01-dev, but we won't cover all the details here as much. After each crash of the VM, we'll check clustat and look at the syslog on an-c05n01. Not shown here is a background ping running to indicate when the VM is back up enough to crash again.
Confirm that vm02-web is on an-c05n01.
clustatCluster Status for an-cluster-05 @ Sun Jan  1 19:06:21 2012
Member Status: Quorate
 Member Name                             ID   Status
 ------ ----                             ---- ------
 an-c05n01.alteeve.ca                       1 Online, rgmanager
 an-c05n02.alteeve.ca                       2 Online, Local, rgmanager
 Service Name                   Owner (Last)                   State
 ------- ----                   ----- ------                   -----
 service:storage_an01           an-c05n01.alteeve.ca          started
 service:storage_an02           an-c05n02.alteeve.ca          started
 vm:vm01-dev                    an-c05n01.alteeve.ca          started
 vm:vm02-web                    an-c05n01.alteeve.ca          started
 vm:vm03-db                     an-c05n02.alteeve.ca          started
 vm:vm04-ms                     an-c05n02.alteeve.ca          startedGood, we're ready. On an-c05n01, kill the VM.
virsh destroy vm02-webDomain vm02-web destroyedAs we expect, an-c05n01 restarts the VM within a few seconds.
Jan  1 19:07:16 an-c05n01 kernel: vbr2: port 3(vnet1) entering disabled state
Jan  1 19:07:16 an-c05n01 kernel: device vnet1 left promiscuous mode
Jan  1 19:07:16 an-c05n01 kernel: vbr2: port 3(vnet1) entering disabled state
Jan  1 19:07:18 an-c05n01 ntpd[2190]: Deleting interface #11 vnet1, fe80::fc54:ff:fe65:3960#123, interface stats: received=0, sent=0, dropped=0, active_time=9315 secs
Jan  1 19:07:27 an-c05n01 rgmanager[2430]: status on vm "vm02-web" returned 7 (unspecified)
Jan  1 19:07:27 an-c05n01 rgmanager[2430]: Stopping service vm:vm02-web
Jan  1 19:07:27 an-c05n01 rgmanager[2430]: Service vm:vm02-web is recovering
Jan  1 19:07:28 an-c05n01 rgmanager[2430]: Recovering failed service vm:vm02-web
Jan  1 19:07:28 an-c05n01 kernel: device vnet1 entered promiscuous mode
Jan  1 19:07:28 an-c05n01 kernel: vbr2: port 3(vnet1) entering learning state
Jan  1 19:07:29 an-c05n01 rgmanager[2430]: Service vm:vm02-web started
Jan  1 19:07:31 an-c05n01 ntpd[2190]: Listening on interface #23 vnet1, fe80::fc54:ff:fe65:3960#123 Enabled
Jan  1 19:07:38 an-c05n01 kernel: kvm: 1994: cpu0 unimplemented perfctr wrmsr: 0xc1 data 0xabcd
Jan  1 19:07:43 an-c05n01 kernel: vbr2: port 3(vnet1) entering forwarding stateChecking clustat, I can see the VM is back on-line.
clustatCluster Status for an-cluster-05 @ Sun Jan  1 19:09:03 2012
Member Status: Quorate
 Member Name                             ID   Status
 ------ ----                             ---- ------
 an-c05n01.alteeve.ca                       1 Online, rgmanager
 an-c05n02.alteeve.ca                       2 Online, Local, rgmanager
 Service Name                   Owner (Last)                   State
 ------- ----                   ----- ------                   -----
 service:storage_an01           an-c05n01.alteeve.ca          started
 service:storage_an02           an-c05n02.alteeve.ca          started
 vm:vm01-dev                    an-c05n01.alteeve.ca          started
 vm:vm02-web                    an-c05n01.alteeve.ca          started
 vm:vm03-db                     an-c05n02.alteeve.ca          started
 vm:vm04-ms                     an-c05n02.alteeve.ca          startedLet's kill it for the second time.
virsh destroy vm02-webDomain vm02-web destroyedWe can again see that an-c05n01 recovered it locally.
Jan  1 19:12:08 an-c05n01 kernel: vbr2: port 3(vnet1) entering disabled state
Jan  1 19:12:08 an-c05n01 kernel: device vnet1 left promiscuous mode
Jan  1 19:12:08 an-c05n01 kernel: vbr2: port 3(vnet1) entering disabled state
Jan  1 19:12:10 an-c05n01 ntpd[2190]: Deleting interface #23 vnet1, fe80::fc54:ff:fe65:3960#123, interface stats: received=0, sent=0, dropped=0, active_time=279 secs
Jan  1 19:12:17 an-c05n01 rgmanager[2430]: status on vm "vm02-web" returned 7 (unspecified)
Jan  1 19:12:17 an-c05n01 rgmanager[2430]: Stopping service vm:vm02-web
Jan  1 19:12:18 an-c05n01 rgmanager[2430]: Service vm:vm02-web is recovering
Jan  1 19:12:18 an-c05n01 rgmanager[2430]: Recovering failed service vm:vm02-web
Jan  1 19:12:19 an-c05n01 kernel: device vnet1 entered promiscuous mode
Jan  1 19:12:19 an-c05n01 kernel: vbr2: port 3(vnet1) entering learning state
Jan  1 19:12:19 an-c05n01 rgmanager[2430]: Service vm:vm02-web started
Jan  1 19:12:22 an-c05n01 ntpd[2190]: Listening on interface #24 vnet1, fe80::fc54:ff:fe65:3960#123 Enabled
Jan  1 19:12:28 an-c05n01 kernel: kvm: 6113: cpu0 unimplemented perfctr wrmsr: 0xc1 data 0xabcd
Jan  1 19:12:34 an-c05n01 kernel: vbr2: port 3(vnet1) entering forwarding stateConfirm with clustat;
clustatCluster Status for an-cluster-05 @ Sun Jan  1 19:13:45 2012
Member Status: Quorate
 Member Name                             ID   Status
 ------ ----                             ---- ------
 an-c05n01.alteeve.ca                       1 Online, rgmanager
 an-c05n02.alteeve.ca                       2 Online, Local, rgmanager
 Service Name                   Owner (Last)                   State
 ------- ----                   ----- ------                   -----
 service:storage_an01           an-c05n01.alteeve.ca          started
 service:storage_an02           an-c05n02.alteeve.ca          started
 vm:vm01-dev                    an-c05n01.alteeve.ca          started
 vm:vm02-web                    an-c05n01.alteeve.ca          started
 vm:vm03-db                     an-c05n02.alteeve.ca          started
 vm:vm04-ms                     an-c05n02.alteeve.ca          startedThis time, it should recover on an-c05n02;
virsh destroy vm02-webDomain vm02-web destroyedLooking in syslog, we can see the counter was tripped.
Jan  1 19:14:26 an-c05n01 kernel: vbr2: port 3(vnet1) entering disabled state
Jan  1 19:14:26 an-c05n01 kernel: device vnet1 left promiscuous mode
Jan  1 19:14:26 an-c05n01 kernel: vbr2: port 3(vnet1) entering disabled state
Jan  1 19:14:27 an-c05n01 rgmanager[2430]: status on vm "vm02-web" returned 7 (unspecified)
Jan  1 19:14:27 an-c05n01 rgmanager[2430]: Stopping service vm:vm02-web
Jan  1 19:14:28 an-c05n01 rgmanager[2430]: Service vm:vm02-web is recovering
Jan  1 19:14:28 an-c05n01 rgmanager[2430]: Restart threshold for vm:vm02-web exceeded; attempting to relocate
Jan  1 19:14:28 an-c05n01 ntpd[2190]: Deleting interface #24 vnet1, fe80::fc54:ff:fe65:3960#123, interface stats: received=0, sent=0, dropped=0, active_time=126 secs
Jan  1 19:14:29 an-c05n01 rgmanager[2430]: Service vm:vm02-web is now running on member 2Indeed, this is confirmed with clustat.
clustatCluster Status for an-cluster-05 @ Sun Jan  1 19:15:57 2012
Member Status: Quorate
 Member Name                             ID   Status
 ------ ----                             ---- ------
 an-c05n01.alteeve.ca                       1 Online, rgmanager
 an-c05n02.alteeve.ca                       2 Online, Local, rgmanager
 Service Name                   Owner (Last)                   State
 ------- ----                   ----- ------                   -----
 service:storage_an01           an-c05n01.alteeve.ca          started
 service:storage_an02           an-c05n02.alteeve.ca          started
 vm:vm01-dev                    an-c05n01.alteeve.ca          started
 vm:vm02-web                  an-c05n02.alteeve.ca          started
 vm:vm03-db                     an-c05n02.alteeve.ca          started
 vm:vm04-ms                     an-c05n02.alteeve.ca          startedExcellent, this test has passed as well! Now migrate the VM back and we'll be ready to test the third VM.
clusvcadm -M vm:vm02-web -m an-c05n01.alteeve.caTrying to migrate vm:vm02-web to an-c05n01.alteeve.ca...SuccessclustatCluster Status for an-cluster-05 @ Sun Jan  1 19:17:41 2012
Member Status: Quorate
 Member Name                             ID   Status
 ------ ----                             ---- ------
 an-c05n01.alteeve.ca                       1 Online, rgmanager
 an-c05n02.alteeve.ca                       2 Online, Local, rgmanager
 Service Name                   Owner (Last)                   State
 ------- ----                   ----- ------                   -----
 service:storage_an01           an-c05n01.alteeve.ca          started
 service:storage_an02           an-c05n02.alteeve.ca          started
 vm:vm01-dev                    an-c05n01.alteeve.ca          started
 vm:vm02-web                    an-c05n01.alteeve.ca          started
 vm:vm03-db                     an-c05n02.alteeve.ca          started
 vm:vm04-ms                     an-c05n02.alteeve.ca          startedDone.
Failure Testing vm03-db
This should be getting familiar now. The main difference is that the VM is now running on an-c05n02, so that is where will will kill the VM from and that is where we will watch syslog.
Confirm that vm03-db is on an-c05n02.
clustatCluster Status for an-cluster-05 @ Sun Jan  1 19:25:55 2012
Member Status: Quorate
 Member Name                             ID   Status
 ------ ----                             ---- ------
 an-c05n01.alteeve.ca                       1 Online, Local, rgmanager
 an-c05n02.alteeve.ca                       2 Online, rgmanager
 Service Name                   Owner (Last)                   State
 ------- ----                   ----- ------                   -----
 service:storage_an01           an-c05n01.alteeve.ca          started
 service:storage_an02           an-c05n02.alteeve.ca          started
 vm:vm01-dev                    an-c05n01.alteeve.ca          started
 vm:vm02-web                    an-c05n01.alteeve.ca          started
 vm:vm03-db                     an-c05n02.alteeve.ca          started
 vm:vm04-ms                     an-c05n02.alteeve.ca          startedGood, we're ready. On an-c05n02, kill the VM.
virsh destroy vm03-dbDomain vm03-db destroyedAs we expect, an-c05n02 restarts the VM within a few seconds.
Jan  1 19:26:21 an-c05n02 kernel: vbr2: port 2(vnet0) entering disabled state
Jan  1 19:26:21 an-c05n02 kernel: device vnet0 left promiscuous mode
Jan  1 19:26:21 an-c05n02 kernel: vbr2: port 2(vnet0) entering disabled state
Jan  1 19:26:22 an-c05n02 ntpd[2200]: Deleting interface #10 vnet0, fe80::fc54:ff:fe44:83ec#123, interface stats: received=0, sent=0, dropped=0, active_time=8863 secs
Jan  1 19:26:35 an-c05n02 rgmanager[2439]: status on vm "vm03-db" returned 7 (unspecified)
Jan  1 19:26:36 an-c05n02 rgmanager[2439]: Stopping service vm:vm03-db
Jan  1 19:26:36 an-c05n02 rgmanager[2439]: Service vm:vm03-db is recovering
Jan  1 19:26:36 an-c05n02 rgmanager[2439]: Recovering failed service vm:vm03-db
Jan  1 19:26:37 an-c05n02 kernel: device vnet0 entered promiscuous mode
Jan  1 19:26:37 an-c05n02 kernel: vbr2: port 2(vnet0) entering learning state
Jan  1 19:26:37 an-c05n02 rgmanager[2439]: Service vm:vm03-db started
Jan  1 19:26:40 an-c05n02 ntpd[2200]: Listening on interface #15 vnet0, fe80::fc54:ff:fe44:83ec#123 EnabledChecking clustat, I can see the VM is back on-line.
clustatCluster Status for an-cluster-05 @ Sun Jan  1 19:27:06 2012
Member Status: Quorate
 Member Name                             ID   Status
 ------ ----                             ---- ------
 an-c05n01.alteeve.ca                       1 Online, Local, rgmanager
 an-c05n02.alteeve.ca                       2 Online, rgmanager
 Service Name                   Owner (Last)                   State
 ------- ----                   ----- ------                   -----
 service:storage_an01           an-c05n01.alteeve.ca          started
 service:storage_an02           an-c05n02.alteeve.ca          started
 vm:vm01-dev                    an-c05n01.alteeve.ca          started
 vm:vm02-web                    an-c05n01.alteeve.ca          started
 vm:vm03-db                     an-c05n02.alteeve.ca          started
 vm:vm04-ms                     an-c05n02.alteeve.ca          startedLet's kill it for the second time.
virsh destroy vm03-dbDomain vm03-db destroyedWe can again see that an-c05n02 recovered it locally.
Jan  1 19:27:40 an-c05n02 kernel: vbr2: port 2(vnet0) entering disabled state
Jan  1 19:27:40 an-c05n02 kernel: device vnet0 left promiscuous mode
Jan  1 19:27:40 an-c05n02 kernel: vbr2: port 2(vnet0) entering disabled state
Jan  1 19:27:41 an-c05n02 ntpd[2200]: Deleting interface #15 vnet0, fe80::fc54:ff:fe44:83ec#123, interface stats: received=0, sent=0, dropped=0, active_time=61 secs
Jan  1 19:27:45 an-c05n02 rgmanager[2439]: status on vm "vm03-db" returned 7 (unspecified)
Jan  1 19:27:46 an-c05n02 rgmanager[2439]: Stopping service vm:vm03-db
Jan  1 19:27:46 an-c05n02 rgmanager[2439]: Service vm:vm03-db is recovering
Jan  1 19:27:46 an-c05n02 rgmanager[2439]: Recovering failed service vm:vm03-db
Jan  1 19:27:47 an-c05n02 kernel: device vnet0 entered promiscuous mode
Jan  1 19:27:47 an-c05n02 kernel: vbr2: port 2(vnet0) entering learning state
Jan  1 19:27:47 an-c05n02 rgmanager[2439]: Service vm:vm03-db started
Jan  1 19:27:50 an-c05n02 ntpd[2200]: Listening on interface #16 vnet0, fe80::fc54:ff:fe44:83ec#123 EnabledConfirm with clustat;
clustatCluster Status for an-cluster-05 @ Sun Jan  1 19:28:21 2012
Member Status: Quorate
 Member Name                             ID   Status
 ------ ----                             ---- ------
 an-c05n01.alteeve.ca                       1 Online, Local, rgmanager
 an-c05n02.alteeve.ca                       2 Online, rgmanager
 Service Name                   Owner (Last)                   State
 ------- ----                   ----- ------                   -----
 service:storage_an01           an-c05n01.alteeve.ca          started
 service:storage_an02           an-c05n02.alteeve.ca          started
 vm:vm01-dev                    an-c05n01.alteeve.ca          started
 vm:vm02-web                    an-c05n01.alteeve.ca          started
 vm:vm03-db                     an-c05n02.alteeve.ca          started
 vm:vm04-ms                     an-c05n02.alteeve.ca          startedThis time, it should recover on an-c05n01;
virsh destroy vm03-dbDomain vm03-db destroyedLooking in syslog, we can see the counter was tripped.
Jan  1 19:28:36 an-c05n02 kernel: vbr2: port 2(vnet0) entering disabled state
Jan  1 19:28:36 an-c05n02 kernel: device vnet0 left promiscuous mode
Jan  1 19:28:36 an-c05n02 kernel: vbr2: port 2(vnet0) entering disabled state
Jan  1 19:28:37 an-c05n02 ntpd[2200]: Deleting interface #16 vnet0, fe80::fc54:ff:fe44:83ec#123, interface stats: received=0, sent=0, dropped=0, active_time=47 secs
Jan  1 19:28:55 an-c05n02 rgmanager[2439]: status on vm "vm03-db" returned 7 (unspecified)
Jan  1 19:28:56 an-c05n02 rgmanager[2439]: Stopping service vm:vm03-db
Jan  1 19:28:56 an-c05n02 rgmanager[2439]: Service vm:vm03-db is recovering
Jan  1 19:28:56 an-c05n02 rgmanager[2439]: Restart threshold for vm:vm03-db exceeded; attempting to relocate
Jan  1 19:28:57 an-c05n02 rgmanager[2439]: Service vm:vm03-db is now running on member 1Again, this is confirmed with clustat.
clustatCluster Status for an-cluster-05 @ Sun Jan  1 19:29:42 2012
Member Status: Quorate
 Member Name                             ID   Status
 ------ ----                             ---- ------
 an-c05n01.alteeve.ca                       1 Online, Local, rgmanager
 an-c05n02.alteeve.ca                       2 Online, rgmanager
 Service Name                   Owner (Last)                   State
 ------- ----                   ----- ------                   -----
 service:storage_an01           an-c05n01.alteeve.ca          started
 service:storage_an02           an-c05n02.alteeve.ca          started
 vm:vm01-dev                    an-c05n01.alteeve.ca          started
 vm:vm02-web                    an-c05n01.alteeve.ca          started
 vm:vm03-db                     an-c05n01.alteeve.ca          started
 vm:vm04-ms                     an-c05n02.alteeve.ca          startedThis test has passed as well! As before, migrate the VM back and we'll be ready to test the last VM.
clusvcadm -M vm:vm03-db -m an-c05n02.alteeve.caTrying to migrate vm:vm03-db to an-c05n02.alteeve.ca...SuccessclustatCluster Status for an-cluster-05 @ Sun Jan  1 19:30:32 2012
Member Status: Quorate
 Member Name                             ID   Status
 ------ ----                             ---- ------
 an-c05n01.alteeve.ca                       1 Online, Local, rgmanager
 an-c05n02.alteeve.ca                       2 Online, rgmanager
 Service Name                   Owner (Last)                   State
 ------- ----                   ----- ------                   -----
 service:storage_an01           an-c05n01.alteeve.ca          started
 service:storage_an02           an-c05n02.alteeve.ca          started
 vm:vm01-dev                    an-c05n01.alteeve.ca          started
 vm:vm02-web                    an-c05n01.alteeve.ca          started
 vm:vm03-db                     an-c05n02.alteeve.ca          started
 vm:vm04-ms                     an-c05n02.alteeve.ca          startedDone.
Failure Testing vm04-ms
This is the last VM to test. This testing is repetitive and boring, but it is also critical. Good on you for sticking it out. Right then, let's get to it.
Confirm that vm04-ms is on an-c05n02.
clustatCluster Status for an-cluster-05 @ Sun Jan  1 19:43:41 2012
Member Status: Quorate
 Member Name                             ID   Status
 ------ ----                             ---- ------
 an-c05n01.alteeve.ca                       1 Online, Local, rgmanager
 an-c05n02.alteeve.ca                       2 Online, rgmanager
 Service Name                   Owner (Last)                   State
 ------- ----                   ----- ------                   -----
 service:storage_an01           an-c05n01.alteeve.ca          started
 service:storage_an02           an-c05n02.alteeve.ca          started
 vm:vm01-dev                    an-c05n01.alteeve.ca          started
 vm:vm02-web                    an-c05n01.alteeve.ca          started
 vm:vm03-db                     an-c05n02.alteeve.ca          started
 vm:vm04-ms                     an-c05n02.alteeve.ca          startedGood, we're ready. On an-c05n02, kill the VM.
virsh destroy vm04-msDomain vm04-ms destroyedAs we expect, an-c05n02 restarts the VM within a few seconds.
Jan  1 19:43:52 an-c05n02 kernel: vbr2: port 3(vnet1) entering disabled state
Jan  1 19:43:52 an-c05n02 kernel: device vnet1 left promiscuous mode
Jan  1 19:43:52 an-c05n02 kernel: vbr2: port 3(vnet1) entering disabled state
Jan  1 19:43:53 an-c05n02 ntpd[2200]: Deleting interface #11 vnet1, fe80::fc54:ff:fe5e:b147#123, interface stats: received=0, sent=0, dropped=0, active_time=9895 secs
Jan  1 19:44:06 an-c05n02 rgmanager[2439]: status on vm "vm04-ms" returned 7 (unspecified)
Jan  1 19:44:07 an-c05n02 rgmanager[2439]: Stopping service vm:vm04-ms
Jan  1 19:44:07 an-c05n02 rgmanager[2439]: Service vm:vm04-ms is recovering
Jan  1 19:44:07 an-c05n02 rgmanager[2439]: Recovering failed service vm:vm04-ms
Jan  1 19:44:08 an-c05n02 kernel: device vnet1 entered promiscuous mode
Jan  1 19:44:08 an-c05n02 kernel: vbr2: port 3(vnet1) entering learning state
Jan  1 19:44:08 an-c05n02 rgmanager[2439]: Service vm:vm04-ms started
Jan  1 19:44:11 an-c05n02 ntpd[2200]: Listening on interface #18 vnet1, fe80::fc54:ff:fe5e:b147#123 Enabled
Jan  1 19:44:23 an-c05n02 kernel: vbr2: port 3(vnet1) entering forwarding stateChecking clustat, I can see the VM is back on-line.
clustatCluster Status for an-cluster-05 @ Sun Jan  1 19:44:38 2012
Member Status: Quorate
 Member Name                             ID   Status
 ------ ----                             ---- ------
 an-c05n01.alteeve.ca                       1 Online, Local, rgmanager
 an-c05n02.alteeve.ca                       2 Online, rgmanager
 Service Name                   Owner (Last)                   State
 ------- ----                   ----- ------                   -----
 service:storage_an01           an-c05n01.alteeve.ca          started
 service:storage_an02           an-c05n02.alteeve.ca          started
 vm:vm01-dev                    an-c05n01.alteeve.ca          started
 vm:vm02-web                    an-c05n01.alteeve.ca          started
 vm:vm03-db                     an-c05n02.alteeve.ca          started
 vm:vm04-ms                     an-c05n02.alteeve.ca          startedLet's kill it for the second time.
virsh destroy vm04-msDomain vm04-ms destroyedWe can again see that an-c05n02 recovered it locally.
Jan  1 19:44:54 an-c05n02 kernel: vbr2: port 3(vnet1) entering disabled state
Jan  1 19:44:54 an-c05n02 kernel: device vnet1 left promiscuous mode
Jan  1 19:44:54 an-c05n02 kernel: vbr2: port 3(vnet1) entering disabled state
Jan  1 19:44:55 an-c05n02 ntpd[2200]: Deleting interface #18 vnet1, fe80::fc54:ff:fe5e:b147#123, interface stats: received=0, sent=0, dropped=0, active_time=44 secs
Jan  1 19:45:16 an-c05n02 rgmanager[2439]: status on vm "vm04-ms" returned 7 (unspecified)
Jan  1 19:45:17 an-c05n02 rgmanager[2439]: Stopping service vm:vm04-ms
Jan  1 19:45:17 an-c05n02 rgmanager[2439]: Service vm:vm04-ms is recovering
Jan  1 19:45:17 an-c05n02 rgmanager[2439]: Recovering failed service vm:vm04-ms
Jan  1 19:45:18 an-c05n02 kernel: device vnet1 entered promiscuous mode
Jan  1 19:45:18 an-c05n02 kernel: vbr2: port 3(vnet1) entering learning state
Jan  1 19:45:18 an-c05n02 rgmanager[2439]: Service vm:vm04-ms started
Jan  1 19:45:21 an-c05n02 ntpd[2200]: Listening on interface #19 vnet1, fe80::fc54:ff:fe5e:b147#123 Enabled
Jan  1 19:45:33 an-c05n02 kernel: vbr2: port 3(vnet1) entering forwarding stateConfirm with clustat;
clustatCluster Status for an-cluster-05 @ Sun Jan  1 19:46:17 2012
Member Status: Quorate
 Member Name                             ID   Status
 ------ ----                             ---- ------
 an-c05n01.alteeve.ca                       1 Online, Local, rgmanager
 an-c05n02.alteeve.ca                       2 Online, rgmanager
 Service Name                   Owner (Last)                   State
 ------- ----                   ----- ------                   -----
 service:storage_an01           an-c05n01.alteeve.ca          started
 service:storage_an02           an-c05n02.alteeve.ca          started
 vm:vm01-dev                    an-c05n01.alteeve.ca          started
 vm:vm02-web                    an-c05n01.alteeve.ca          started
 vm:vm03-db                     an-c05n02.alteeve.ca          started
 vm:vm04-ms                     an-c05n02.alteeve.ca          startedThis time, it should recover on an-c05n01;
virsh destroy vm04-msDomain vm04-ms destroyedLooking in syslog, we can see the counter was tripped.
Jan  1 19:45:33 an-c05n02 kernel: vbr2: port 3(vnet1) entering forwarding state
Jan  1 19:46:30 an-c05n02 kernel: vbr2: port 3(vnet1) entering disabled state
Jan  1 19:46:30 an-c05n02 kernel: device vnet1 left promiscuous mode
Jan  1 19:46:30 an-c05n02 kernel: vbr2: port 3(vnet1) entering disabled state
Jan  1 19:46:32 an-c05n02 ntpd[2200]: Deleting interface #19 vnet1, fe80::fc54:ff:fe5e:b147#123, interface stats: received=0, sent=0, dropped=0, active_time=71 secs
Jan  1 19:46:36 an-c05n02 rgmanager[2439]: status on vm "vm04-ms" returned 7 (unspecified)
Jan  1 19:46:37 an-c05n02 rgmanager[2439]: Stopping service vm:vm04-ms
Jan  1 19:46:37 an-c05n02 rgmanager[2439]: Service vm:vm04-ms is recovering
Jan  1 19:46:37 an-c05n02 rgmanager[2439]: Restart threshold for vm:vm04-ms exceeded; attempting to relocate
Jan  1 19:46:38 an-c05n02 rgmanager[2439]: Service vm:vm04-ms is now running on member 1Indeed, this is confirmed with clustat.
clustatCluster Status for an-cluster-05 @ Sun Jan  1 19:48:23 2012
Member Status: Quorate
 Member Name                             ID   Status
 ------ ----                             ---- ------
 an-c05n01.alteeve.ca                       1 Online, Local, rgmanager
 an-c05n02.alteeve.ca                       2 Online, rgmanager
 Service Name                   Owner (Last)                   State
 ------- ----                   ----- ------                   -----
 service:storage_an01           an-c05n01.alteeve.ca          started
 service:storage_an02           an-c05n02.alteeve.ca          started
 vm:vm01-dev                    an-c05n01.alteeve.ca          started
 vm:vm02-web                    an-c05n01.alteeve.ca          started
 vm:vm03-db                     an-c05n02.alteeve.ca          started
 vm:vm04-ms                     an-c05n01.alteeve.ca          startedWonderful! All four VMs fail and recover as we expected them to. Move the VM back and we're ready to crash the nodes!
clusvcadm -M vm:vm04-ms -m an-c05n02.alteeve.caTrying to migrate vm:vm04-ms to an-c05n02.alteeve.ca...SuccessclustatCluster Status for an-cluster-05 @ Sun Jan  1 19:49:32 2012
Member Status: Quorate
 Member Name                             ID   Status
 ------ ----                             ---- ------
 an-c05n01.alteeve.ca                       1 Online, Local, rgmanager
 an-c05n02.alteeve.ca                       2 Online, rgmanager
 Service Name                   Owner (Last)                   State
 ------- ----                   ----- ------                   -----
 service:storage_an01           an-c05n01.alteeve.ca          started
 service:storage_an02           an-c05n02.alteeve.ca          started
 vm:vm01-dev                    an-c05n01.alteeve.ca          started
 vm:vm02-web                    an-c05n01.alteeve.ca          started
 vm:vm03-db                     an-c05n02.alteeve.ca          started
 vm:vm04-ms                     an-c05n02.alteeve.ca          startedDone and done!
Failing and Recovery of an-c05n01
The final stage of testing is also the most brutal. We're going to hang an-c05n01 in such a way that it stops responding to messages from an-c05n02. Within a few seconds, an-c05n01 should be fenced, then shortly after the two lost VMs should boot up on an-c05n02.
The is a particularly important test for a somewhat non-obvious reason.
We could just shut off an-c05n01, but we tested this earlier when we setup fencing. What we have not yet tested is how the cluster recovers from a hung node. To hang the host, we're going to trigger a special event in the kernel, using magic SysRq triggers. We'll do this by sending the letter c to the /proc/sysrq-trigger file. This will "Reboot kexec and output a crashdump". The node should be fenced before a memory dump can complete, so don't expect to see anything in /var/crashed unless your system is extremely fast.
|  | Warning: If you are skimming, take note! The next command will crash your node! | 
So, on an-c05n01, issue the following command to crash the node.
echo c > /proc/sysrq-triggerThis command will not return. Watching syslog on an-c05n02, we'll see output like this;
Jan  1 21:26:00 an-c05n02 kernel: block drbd1: PingAck did not arrive in time.
Jan  1 21:26:00 an-c05n02 kernel: block drbd1: peer( Primary -> Unknown ) conn( Connected -> NetworkFailure ) pdsk( UpToDate -> DUnknown ) susp( 0 -> 1 ) 
Jan  1 21:26:00 an-c05n02 kernel: block drbd1: asender terminated
Jan  1 21:26:00 an-c05n02 kernel: block drbd1: Terminating asender thread
Jan  1 21:26:00 an-c05n02 kernel: block drbd1: Connection closed
Jan  1 21:26:00 an-c05n02 kernel: block drbd1: conn( NetworkFailure -> Unconnected ) 
Jan  1 21:26:00 an-c05n02 kernel: block drbd1: helper command: /sbin/drbdadm fence-peer minor-1
Jan  1 21:26:00 an-c05n02 kernel: block drbd1: receiver terminated
Jan  1 21:26:00 an-c05n02 kernel: block drbd1: Restarting receiver thread
Jan  1 21:26:00 an-c05n02 kernel: block drbd1: receiver (re)started
Jan  1 21:26:00 an-c05n02 kernel: block drbd1: conn( Unconnected -> WFConnection ) 
Jan  1 21:26:00 an-c05n02 /sbin/obliterate-peer.sh: Local node ID: 2 / Remote node: an-c05n01.alteeve.ca
Jan  1 21:26:01 an-c05n02 kernel: block drbd2: PingAck did not arrive in time.
Jan  1 21:26:01 an-c05n02 kernel: block drbd2: peer( Primary -> Unknown ) conn( Connected -> NetworkFailure ) pdsk( UpToDate -> DUnknown ) susp( 0 -> 1 ) 
Jan  1 21:26:01 an-c05n02 kernel: block drbd2: asender terminated
Jan  1 21:26:01 an-c05n02 kernel: block drbd2: Terminating asender thread
Jan  1 21:26:01 an-c05n02 kernel: block drbd2: Connection closed
Jan  1 21:26:01 an-c05n02 kernel: block drbd2: conn( NetworkFailure -> Unconnected ) 
Jan  1 21:26:01 an-c05n02 kernel: block drbd2: helper command: /sbin/drbdadm fence-peer minor-2
Jan  1 21:26:01 an-c05n02 kernel: block drbd2: receiver terminated
Jan  1 21:26:01 an-c05n02 kernel: block drbd2: Restarting receiver thread
Jan  1 21:26:01 an-c05n02 kernel: block drbd2: receiver (re)started
Jan  1 21:26:01 an-c05n02 kernel: block drbd2: conn( Unconnected -> WFConnection ) 
Jan  1 21:26:01 an-c05n02 /sbin/obliterate-peer.sh: Local node ID: 2 / Remote node: an-c05n01.alteeve.ca
Jan  1 21:26:01 an-c05n02 /sbin/obliterate-peer.sh: kill node failed: Invalid argument
Jan  1 21:26:03 an-c05n02 kernel: block drbd0: PingAck did not arrive in time.
Jan  1 21:26:03 an-c05n02 kernel: block drbd0: peer( Primary -> Unknown ) conn( Connected -> NetworkFailure ) pdsk( UpToDate -> DUnknown ) susp( 0 -> 1 ) 
Jan  1 21:26:03 an-c05n02 kernel: block drbd0: asender terminated
Jan  1 21:26:03 an-c05n02 kernel: block drbd0: Terminating asender thread
Jan  1 21:26:03 an-c05n02 kernel: block drbd0: Connection closed
Jan  1 21:26:03 an-c05n02 kernel: block drbd0: conn( NetworkFailure -> Unconnected ) 
Jan  1 21:26:03 an-c05n02 kernel: block drbd0: helper command: /sbin/drbdadm fence-peer minor-0
Jan  1 21:26:03 an-c05n02 kernel: block drbd0: receiver terminated
Jan  1 21:26:03 an-c05n02 kernel: block drbd0: Restarting receiver thread
Jan  1 21:26:03 an-c05n02 kernel: block drbd0: receiver (re)started
Jan  1 21:26:03 an-c05n02 kernel: block drbd0: conn( Unconnected -> WFConnection ) 
Jan  1 21:26:03 an-c05n02 /sbin/obliterate-peer.sh: Local node ID: 2 / Remote node: an-c05n01.alteeve.ca
Jan  1 21:26:03 an-c05n02 /sbin/obliterate-peer.sh: kill node failed: Invalid argument
Jan  1 21:26:09 an-c05n02 corosync[1963]:   [TOTEM ] A processor failed, forming new configuration.
Jan  1 21:26:11 an-c05n02 corosync[1963]:   [QUORUM] Members[1]: 2
Jan  1 21:26:11 an-c05n02 corosync[1963]:   [TOTEM ] A processor joined or left the membership and a new membership was formed.
Jan  1 21:26:11 an-c05n02 kernel: dlm: closing connection to node 1
Jan  1 21:26:11 an-c05n02 corosync[1963]:   [CPG   ] chosen downlist: sender r(0) ip(10.20.50.2) ; members(old:2 left:1)
Jan  1 21:26:11 an-c05n02 corosync[1963]:   [MAIN  ] Completed service synchronization, ready to provide service.
Jan  1 21:26:11 an-c05n02 fenced[2022]: fencing node an-c05n01.alteeve.ca
Jan  1 21:26:11 an-c05n02 kernel: GFS2: fsid=an-cluster-05:shared.0: jid=1: Trying to acquire journal lock...
Jan  1 21:26:14 an-c05n02 fence_node[15572]: fence an-c05n01.alteeve.ca success
Jan  1 21:26:14 an-c05n02 kernel: block drbd1: helper command: /sbin/drbdadm fence-peer minor-1 exit code 7 (0x700)
Jan  1 21:26:14 an-c05n02 kernel: block drbd1: fence-peer helper returned 7 (peer was stonithed)
Jan  1 21:26:14 an-c05n02 kernel: block drbd1: pdsk( DUnknown -> Outdated ) 
Jan  1 21:26:14 an-c05n02 kernel: block drbd1: new current UUID 6355AAB258658E8F:4642D156D54731A1:5F8A6B05E2FCCE19:165E9B466805EC81
Jan  1 21:26:14 an-c05n02 kernel: block drbd1: susp( 1 -> 0 ) 
Jan  1 21:26:15 an-c05n02 fenced[2022]: fence an-c05n01.alteeve.ca success
Jan  1 21:26:15 an-c05n02 fence_node[15672]: fence an-c05n01.alteeve.ca success
Jan  1 21:26:15 an-c05n02 kernel: block drbd0: helper command: /sbin/drbdadm fence-peer minor-0 exit code 7 (0x700)
Jan  1 21:26:15 an-c05n02 kernel: block drbd0: fence-peer helper returned 7 (peer was stonithed)
Jan  1 21:26:15 an-c05n02 kernel: block drbd0: pdsk( DUnknown -> Outdated ) 
Jan  1 21:26:15 an-c05n02 kernel: block drbd0: new current UUID C1F5EF16EE80E6C1:1B503B46E6650575:234E9A10EE04FDE7:7DBC4288E230DC9B
Jan  1 21:26:15 an-c05n02 kernel: block drbd0: susp( 1 -> 0 ) 
Jan  1 21:26:15 an-c05n02 fence_node[15627]: fence an-c05n01.alteeve.ca success
Jan  1 21:26:15 an-c05n02 kernel: block drbd2: helper command: /sbin/drbdadm fence-peer minor-2 exit code 7 (0x700)
Jan  1 21:26:15 an-c05n02 kernel: block drbd2: fence-peer helper returned 7 (peer was stonithed)
Jan  1 21:26:15 an-c05n02 kernel: block drbd2: pdsk( DUnknown -> Outdated ) 
Jan  1 21:26:15 an-c05n02 kernel: block drbd2: new current UUID 1F79DE480F1E33C1:A674C3CB12017193:76118DDAE165C5FB:871F8081B7D527A9
Jan  1 21:26:15 an-c05n02 kernel: block drbd2: susp( 1 -> 0 ) 
Jan  1 21:26:16 an-c05n02 kernel: GFS2: fsid=an-cluster-05:shared.0: jid=1: Looking at journal...
Jan  1 21:26:16 an-c05n02 kernel: GFS2: fsid=an-cluster-05:shared.0: jid=1: Done
Jan  1 21:26:16 an-c05n02 rgmanager[2514]: Marking service:storage_an01 as stopped: Restricted domain unavailable
Jan  1 21:26:16 an-c05n02 rgmanager[2514]: Taking over service vm:vm01-dev from down member an-c05n01.alteeve.ca
Jan  1 21:26:16 an-c05n02 rgmanager[2514]: Taking over service vm:vm02-web from down member an-c05n01.alteeve.ca
Jan  1 21:26:17 an-c05n02 kernel: device vnet2 entered promiscuous mode
Jan  1 21:26:17 an-c05n02 kernel: vbr2: port 4(vnet2) entering learning state
Jan  1 21:26:17 an-c05n02 rgmanager[2514]: Service vm:vm01-dev started
Jan  1 21:26:17 an-c05n02 kernel: device vnet3 entered promiscuous mode
Jan  1 21:26:17 an-c05n02 kernel: vbr2: port 5(vnet3) entering learning state
Jan  1 21:26:18 an-c05n02 rgmanager[2514]: Service vm:vm02-web started
Jan  1 21:26:20 an-c05n02 ntpd[2275]: Listening on interface #12 vnet2, fe80::fc54:ff:fe9b:3cf7#123 Enabled
Jan  1 21:26:20 an-c05n02 ntpd[2275]: Listening on interface #13 vnet3, fe80::fc54:ff:fe65:3960#123 Enabled
Jan  1 21:26:27 an-c05n02 kernel: kvm: 16177: cpu0 unimplemented perfctr wrmsr: 0xc1 data 0xabcd
Jan  1 21:26:29 an-c05n02 kernel: kvm: 16118: cpu0 unimplemented perfctr wrmsr: 0xc1 data 0xabcd
Jan  1 21:26:32 an-c05n02 kernel: vbr2: port 4(vnet2) entering forwarding state
Jan  1 21:26:32 an-c05n02 kernel: vbr2: port 5(vnet3) entering forwarding stateChecking with clustat, we can confirm that all four VMs are now running on an-c05n02.
clustatCluster Status for an-cluster-05 @ Sun Jan  1 21:28:00 2012
Member Status: Quorate
 Member Name                             ID   Status
 ------ ----                             ---- ------
 an-c05n01.alteeve.ca                       1 Online, rgmanager
 an-c05n02.alteeve.ca                       2 Online, Local, rgmanager
 Service Name                   Owner (Last)                   State
 ------- ----                   ----- ------                   -----
 service:storage_an01           an-c05n01.alteeve.ca          started
 service:storage_an02           an-c05n02.alteeve.ca          started
 vm:vm01-dev                  an-c05n02.alteeve.ca          started
 vm:vm02-web                  an-c05n02.alteeve.ca          started
 vm:vm03-db                     an-c05n02.alteeve.ca          started
 vm:vm04-ms                     an-c05n02.alteeve.ca          startedPerfect! This is exactly why we built the cluster!
If we wait a few minutes, we'll see that the hung node has recovered.
clustatCluster Status for an-cluster-05 @ Sun Jan  1 22:30:04 2012
Member Status: Quorate
 Member Name                             ID   Status
 ------ ----                             ---- ------
 an-c05n01.alteeve.ca                       1 Online, rgmanager
 an-c05n02.alteeve.ca                       2 Online, Local, rgmanager
 Service Name                   Owner (Last)                   State         
 ------- ----                   ----- ------                   -----         
 service:storage_an01           an-c05n01.alteeve.ca          started       
 service:storage_an02           an-c05n02.alteeve.ca          started       
 vm:vm01-dev                  an-c05n02.alteeve.ca          started       
 vm:vm02-web                  an-c05n02.alteeve.ca          started       
 vm:vm03-db                     an-c05n02.alteeve.ca          started       
 vm:vm04-ms                     an-c05n02.alteeve.ca          startedBefore we can push the VMs back though, we must make sure that the underlying DRBD resource has finished synchronizing.
|  | Note: With four VMs, it will most certainly take time for underlying resource to resync. Do not migrate the VMs until this has completed! | 
cat /proc/drbdversion: 8.3.12 (api:88/proto:86-96)
GIT-hash: e2a8ef4656be026bbae540305fcb998a5991090f build by dag@Build64R6, 2011-11-20 10:57:03
 0: cs:Connected ro:Primary/Primary ds:UpToDate/UpToDate C r-----
    ns:1182704 nr:1053880 dw:1052676 dr:1245848 al:0 bm:266 lo:0 pe:0 ua:0 ap:0 ep:1 wo:f oos:0
 1: cs:Connected ro:Primary/Primary ds:UpToDate/UpToDate C r-----
    ns:2087568 nr:362698 dw:366444 dr:2263316 al:9 bm:411 lo:0 pe:0 ua:0 ap:0 ep:1 wo:f oos:0
 2: cs:Connected ro:Primary/Primary ds:UpToDate/UpToDate C r-----
    ns:2098343 nr:1114307 dw:1065375 dr:2340421 al:10 bm:551 lo:0 pe:0 ua:0 ap:0 ep:1 wo:b oos:0We're ready, so lets migrate back vm01-dev and vm02-web.
clusvcadm -M vm:vm01-dev -m an-c05n01.alteeve.caTrying to migrate vm:vm01-dev to an-c05n01.alteeve.ca...Successclusvcadm -M vm:vm02-web -m an-c05n01.alteeve.caTrying to migrate vm:vm02-web to an-c05n01.alteeve.ca...SuccessConfirm;
clustatCluster Status for an-cluster-05 @ Sun Jan  1 22:37:10 2012
Member Status: Quorate
 Member Name                             ID   Status
 ------ ----                             ---- ------
 an-c05n01.alteeve.ca                       1 Online, Local, rgmanager
 an-c05n02.alteeve.ca                       2 Online, rgmanager
 Service Name                   Owner (Last)                   State
 ------- ----                   ----- ------                   -----
 service:storage_an01           an-c05n01.alteeve.ca          started
 service:storage_an02           an-c05n02.alteeve.ca          started
 vm:vm01-dev                    an-c05n01.alteeve.ca          started
 vm:vm02-web                    an-c05n01.alteeve.ca          started
 vm:vm03-db                     an-c05n02.alteeve.ca          started
 vm:vm04-ms                     an-c05n02.alteeve.ca          startedThere we have it. Successful crash and recovery of an-c05n01.
Discussing the syslog Messages
Let's step back and look at the syslog output; There are a few things to discuss.
The first thing we see is that almost immediately after hanging an-c05n01, the first messages are from DRBD, not the cluster. This in turn trigger's DRBD's fence-handler script, obliterate-peer.sh. This is because DRBD is extremely sensitive to interruptions, even more so than the cluster itself. You will notice that DRBD reacted a full 9 seconds faster than the cluster.
The first thing the cluster does, upon realizing it has lost communication with its peer, is call a fence against the lost node. As mentioned, this involves calling obliterate-peer.sh, which is itself a very simple wrapper for cman_tool and fence_node shell calls.
Jan  1 21:26:00 an-c05n02 kernel: block drbd1: helper command: /sbin/drbdadm fence-peer minor-1
Jan  1 21:26:00 an-c05n02 kernel: block drbd1: receiver terminated
Jan  1 21:26:00 an-c05n02 kernel: block drbd1: Restarting receiver thread
Jan  1 21:26:00 an-c05n02 kernel: block drbd1: receiver (re)started
Jan  1 21:26:00 an-c05n02 kernel: block drbd1: conn( Unconnected -> WFConnection ) 
Jan  1 21:26:00 an-c05n02 /sbin/obliterate-peer.sh: Local node ID: 2 / Remote node: an-c05n01.alteeve.caHere we see DRBD calling the handler (first message), shortly after we see a log entry from obliterate-peer.sh (last entry). What you don't see is that right after that last message, obliterate-peer.sh goes into a 10-iteration loop where it calls fence_node against its peer.
Jan  1 21:26:01 an-c05n02 /sbin/obliterate-peer.sh: Local node ID: 2 / Remote node: an-c05n01.alteeve.ca
Jan  1 21:26:01 an-c05n02 /sbin/obliterate-peer.sh: kill node failed: Invalid argumentThe fence_node call runs in the background, so the obliterate-peer.sh script goes into a short sleep before trying again (and again...). These subsequent calls will generate the kill node failed: Invalid argument because the first call is already in the process of fencing the node, and are thus safe to ignore. The important past was that this error message didn't follow the first entry.
Jan  1 21:26:15 an-c05n02 fenced[2022]: fence an-c05n01.alteeve.ca successThis is what matters. Here we see that the fence succeeded and the hung node was indeed fenced.
Failing and Recovery of an-c05n02
With everything back in place, we'll hang an-c05n02 and ensure that its VMs will recover on an-c05n01.
As always, check the current state.
clustatCluster Status for an-cluster-05 @ Sun Jan  1 22:53:43 2012
Member Status: Quorate
 Member Name                             ID   Status
 ------ ----                             ---- ------
 an-c05n01.alteeve.ca                       1 Online, Local, rgmanager
 an-c05n02.alteeve.ca                       2 Online, rgmanager
 Service Name                   Owner (Last)                   State
 ------- ----                   ----- ------                   -----
 service:storage_an01           an-c05n01.alteeve.ca          started
 service:storage_an02           an-c05n02.alteeve.ca          started
 vm:vm01-dev                    an-c05n01.alteeve.ca          started
 vm:vm02-web                    an-c05n01.alteeve.ca          started
 vm:vm03-db                     an-c05n02.alteeve.ca          started
 vm:vm04-ms                     an-c05n02.alteeve.ca          startedNow hang an-c05n02.
echo c > /proc/sysrq-triggerAs before, that command will not return. If we check an-c05n01's syslog though, we should see that the node is fenced and the lost VMs are recovered.
Jan  1 22:56:14 an-c05n01 kernel: block drbd1: PingAck did not arrive in time.
Jan  1 22:56:14 an-c05n01 kernel: block drbd1: peer( Primary -> Unknown ) conn( Connected -> NetworkFailure ) pdsk( UpToDate -> DUnknown ) susp( 0 -> 1 ) 
Jan  1 22:56:15 an-c05n01 kernel: block drbd1: asender terminated
Jan  1 22:56:15 an-c05n01 kernel: block drbd1: Terminating asender thread
Jan  1 22:56:15 an-c05n01 kernel: block drbd1: Connection closed
Jan  1 22:56:15 an-c05n01 kernel: block drbd1: conn( NetworkFailure -> Unconnected ) 
Jan  1 22:56:15 an-c05n01 kernel: block drbd1: helper command: /sbin/drbdadm fence-peer minor-1
Jan  1 22:56:15 an-c05n01 kernel: block drbd1: receiver terminated
Jan  1 22:56:15 an-c05n01 kernel: block drbd1: Restarting receiver thread
Jan  1 22:56:15 an-c05n01 kernel: block drbd1: receiver (re)started
Jan  1 22:56:15 an-c05n01 kernel: block drbd1: conn( Unconnected -> WFConnection ) 
Jan  1 22:56:15 an-c05n01 /sbin/obliterate-peer.sh: Local node ID: 1 / Remote node: an-c05n02.alteeve.ca
Jan  1 22:56:19 an-c05n01 kernel: block drbd0: PingAck did not arrive in time.
Jan  1 22:56:19 an-c05n01 kernel: block drbd0: peer( Primary -> Unknown ) conn( Connected -> NetworkFailure ) pdsk( UpToDate -> DUnknown ) susp( 0 -> 1 ) 
Jan  1 22:56:19 an-c05n01 kernel: block drbd0: asender terminated
Jan  1 22:56:19 an-c05n01 kernel: block drbd0: Terminating asender thread
Jan  1 22:56:19 an-c05n01 kernel: block drbd0: Connection closed
Jan  1 22:56:19 an-c05n01 kernel: block drbd0: conn( NetworkFailure -> Unconnected ) 
Jan  1 22:56:19 an-c05n01 kernel: block drbd0: helper command: /sbin/drbdadm fence-peer minor-0
Jan  1 22:56:19 an-c05n01 kernel: block drbd0: receiver terminated
Jan  1 22:56:19 an-c05n01 kernel: block drbd0: Restarting receiver thread
Jan  1 22:56:19 an-c05n01 kernel: block drbd0: receiver (re)started
Jan  1 22:56:19 an-c05n01 kernel: block drbd0: conn( Unconnected -> WFConnection ) 
Jan  1 22:56:19 an-c05n01 /sbin/obliterate-peer.sh: Local node ID: 1 / Remote node: an-c05n02.alteeve.ca
Jan  1 22:56:19 an-c05n01 /sbin/obliterate-peer.sh: kill node failed: Invalid argument
Jan  1 22:56:21 an-c05n01 kernel: block drbd2: PingAck did not arrive in time.
Jan  1 22:56:21 an-c05n01 kernel: block drbd2: peer( Primary -> Unknown ) conn( Connected -> NetworkFailure ) pdsk( UpToDate -> DUnknown ) susp( 0 -> 1 ) 
Jan  1 22:56:21 an-c05n01 kernel: block drbd2: asender terminated
Jan  1 22:56:21 an-c05n01 kernel: block drbd2: Terminating asender thread
Jan  1 22:56:21 an-c05n01 kernel: block drbd2: Connection closed
Jan  1 22:56:21 an-c05n01 kernel: block drbd2: conn( NetworkFailure -> Unconnected ) 
Jan  1 22:56:21 an-c05n01 kernel: block drbd2: receiver terminated
Jan  1 22:56:21 an-c05n01 kernel: block drbd2: Restarting receiver thread
Jan  1 22:56:21 an-c05n01 kernel: block drbd2: receiver (re)started
Jan  1 22:56:21 an-c05n01 kernel: block drbd2: conn( Unconnected -> WFConnection ) 
Jan  1 22:56:21 an-c05n01 kernel: block drbd2: helper command: /sbin/drbdadm fence-peer minor-2
Jan  1 22:56:21 an-c05n01 /sbin/obliterate-peer.sh: Local node ID: 1 / Remote node: an-c05n02.alteeve.ca
Jan  1 22:56:21 an-c05n01 /sbin/obliterate-peer.sh: kill node failed: Invalid argument
Jan  1 22:56:22 an-c05n01 corosync[1958]:   [TOTEM ] A processor failed, forming new configuration.
Jan  1 22:56:24 an-c05n01 corosync[1958]:   [QUORUM] Members[1]: 1
Jan  1 22:56:24 an-c05n01 corosync[1958]:   [TOTEM ] A processor joined or left the membership and a new membership was formed.
Jan  1 22:56:24 an-c05n01 kernel: dlm: closing connection to node 2
Jan  1 22:56:24 an-c05n01 corosync[1958]:   [CPG   ] chosen downlist: sender r(0) ip(10.20.50.1) ; members(old:2 left:1)
Jan  1 22:56:24 an-c05n01 corosync[1958]:   [MAIN  ] Completed service synchronization, ready to provide service.
Jan  1 22:56:24 an-c05n01 fenced[2014]: fencing node an-c05n02.alteeve.ca
Jan  1 22:56:24 an-c05n01 kernel: GFS2: fsid=an-cluster-05:shared.1: jid=0: Trying to acquire journal lock...
Jan  1 22:56:28 an-c05n01 fenced[2014]: fence an-c05n02.alteeve.ca success
Jan  1 22:56:29 an-c05n01 fence_node[638]: fence an-c05n02.alteeve.ca success
Jan  1 22:56:29 an-c05n01 kernel: block drbd2: helper command: /sbin/drbdadm fence-peer minor-2 exit code 7 (0x700)
Jan  1 22:56:29 an-c05n01 kernel: block drbd2: fence-peer helper returned 7 (peer was stonithed)
Jan  1 22:56:29 an-c05n01 kernel: block drbd2: pdsk( DUnknown -> Outdated ) 
Jan  1 22:56:29 an-c05n01 kernel: block drbd2: new current UUID 207F7C9279067EC1:3EEB0F756A6A289F:FD92DAC355F53A93:FD91DAC355F53A93
Jan  1 22:56:29 an-c05n01 kernel: block drbd2: susp( 1 -> 0 ) 
Jan  1 22:56:29 an-c05n01 fence_node[518]: fence an-c05n02.alteeve.ca success
Jan  1 22:56:29 an-c05n01 kernel: block drbd1: helper command: /sbin/drbdadm fence-peer minor-1 exit code 7 (0x700)
Jan  1 22:56:29 an-c05n01 kernel: block drbd1: fence-peer helper returned 7 (peer was stonithed)
Jan  1 22:56:29 an-c05n01 kernel: block drbd1: pdsk( DUnknown -> Outdated ) 
Jan  1 22:56:29 an-c05n01 kernel: block drbd1: new current UUID C65C044AE682D8C5:67D512BD61B70265:C1947DF86E910F8B:C1937DF86E910F8B
Jan  1 22:56:29 an-c05n01 kernel: block drbd1: susp( 1 -> 0 ) 
Jan  1 22:56:29 an-c05n01 rgmanager[2507]: Marking service:storage_an02 as stopped: Restricted domain unavailable
Jan  1 22:56:29 an-c05n01 fence_node[583]: fence an-c05n02.alteeve.ca success
Jan  1 22:56:29 an-c05n01 kernel: block drbd0: helper command: /sbin/drbdadm fence-peer minor-0 exit code 7 (0x700)
Jan  1 22:56:29 an-c05n01 kernel: block drbd0: fence-peer helper returned 7 (peer was stonithed)
Jan  1 22:56:29 an-c05n01 kernel: block drbd0: pdsk( DUnknown -> Outdated ) 
Jan  1 22:56:29 an-c05n01 kernel: block drbd0: new current UUID 295A00166167B5C3:A3F3889ECF7247F5:30313B4AFFF6F82B:30303B4AFFF6F82B
Jan  1 22:56:29 an-c05n01 kernel: block drbd0: susp( 1 -> 0 ) 
Jan  1 22:56:29 an-c05n01 kernel: GFS2: fsid=an-cluster-05:shared.1: jid=0: Looking at journal...
Jan  1 22:56:30 an-c05n01 kernel: GFS2: fsid=an-cluster-05:shared.1: jid=0: Done
Jan  1 22:56:30 an-c05n01 rgmanager[2507]: Taking over service vm:vm03-db from down member an-c05n02.alteeve.ca
Jan  1 22:56:30 an-c05n01 rgmanager[2507]: Taking over service vm:vm04-ms from down member an-c05n02.alteeve.ca
Jan  1 22:56:30 an-c05n01 kernel: device vnet2 entered promiscuous mode
Jan  1 22:56:30 an-c05n01 kernel: vbr2: port 4(vnet2) entering learning state
Jan  1 22:56:30 an-c05n01 rgmanager[2507]: Service vm:vm03-db started
Jan  1 22:56:31 an-c05n01 kernel: device vnet3 entered promiscuous mode
Jan  1 22:56:31 an-c05n01 kernel: vbr2: port 5(vnet3) entering learning state
Jan  1 22:56:31 an-c05n01 rgmanager[2507]: Service vm:vm04-ms started
Jan  1 22:56:34 an-c05n01 ntpd[2267]: Listening on interface #12 vnet3, fe80::fc54:ff:fe5e:b147#123 Enabled
Jan  1 22:56:34 an-c05n01 ntpd[2267]: Listening on interface #13 vnet2, fe80::fc54:ff:fe44:83ec#123 Enabled
Jan  1 22:56:40 an-c05n01 kernel: kvm: 1074: cpu0 unimplemented perfctr wrmsr: 0xc1 data 0xabcd
Jan  1 22:56:45 an-c05n01 kernel: vbr2: port 4(vnet2) entering forwarding state
Jan  1 22:56:46 an-c05n01 kernel: vbr2: port 5(vnet3) entering forwarding stateChecking clustat;
clustatCluster Status for an-cluster-05 @ Sun Jan  1 22:57:36 2012
Member Status: Quorate
 Member Name                             ID   Status
 ------ ----                             ---- ------
 an-c05n01.alteeve.ca                       1 Online, Local, rgmanager
 an-c05n02.alteeve.ca                       2 Offline
 Service Name                   Owner (Last)                   State
 ------- ----                   ----- ------                   -----
 service:storage_an01           an-c05n01.alteeve.ca          started
 service:storage_an02           (an-c05n02.alteeve.ca)        stopped
 vm:vm01-dev                    an-c05n01.alteeve.ca          started
 vm:vm02-web                    an-c05n01.alteeve.ca          started
 vm:vm03-db                     an-c05n01.alteeve.ca          started
 vm:vm04-ms                     an-c05n01.alteeve.ca          startedAll four VMs are back up and running on an-c05n01!
Within a few moments, we should see see that an-c05n02 has rejoined the cluster.
clustatCluster Status for an-cluster-05 @ Sun Jan  1 23:00:43 2012
Member Status: Quorate
 Member Name                             ID   Status
 ------ ----                             ---- ------
 an-c05n01.alteeve.ca                       1 Online, Local, rgmanager
 an-c05n02.alteeve.ca                       2 Online, rgmanager
 Service Name                   Owner (Last)                   State
 ------- ----                   ----- ------                   -----
 service:storage_an01           an-c05n01.alteeve.ca          started
 service:storage_an02           an-c05n02.alteeve.ca          started
 vm:vm01-dev                    an-c05n01.alteeve.ca          started
 vm:vm02-web                    an-c05n01.alteeve.ca          started
 vm:vm03-db                     an-c05n01.alteeve.ca          started
 vm:vm04-ms                     an-c05n01.alteeve.ca          startedNow we'll wait for the backing DRBD resources to be in sync.
cat /proc/drbdGIT-hash: e2a8ef4656be026bbae540305fcb998a5991090f build by dag@Build64R6, 2011-11-20 10:57:03
 0: cs:SyncTarget ro:Primary/Primary ds:Inconsistent/UpToDate C r-----
    ns:0 nr:272884 dw:271744 dr:5700 al:0 bm:25 lo:0 pe:0 ua:0 ap:0 ep:1 wo:b oos:780928
	[====>...............] sync'ed: 26.4% (780928/1052672)K
	finish: 0:10:02 speed: 1,284 (1,280) want: 250 K/sec
 1: cs:SyncTarget ro:Primary/Primary ds:Inconsistent/UpToDate C r-----
    ns:0 nr:272196 dw:271048 dr:3688 al:0 bm:45 lo:0 pe:0 ua:0 ap:0 ep:1 wo:f oos:122292
	[=============>......] sync'ed: 70.2% (122292/393216)K
	finish: 0:01:31 speed: 1,328 (1,276) want: 250 K/sec
 2: cs:SyncTarget ro:Primary/Primary ds:Inconsistent/UpToDate C r-----
    ns:0 nr:273426 dw:272258 dr:3636 al:0 bm:47 lo:0 pe:0 ua:0 ap:0 ep:1 wo:f oos:781500
	[====>...............] sync'ed: 26.4% (781500/1052760)K
	finish: 0:09:49 speed: 1,308 (1,284) want: 250 K/sec(time passes)
cat /proc/drbdversion: 8.3.12 (api:88/proto:86-96)
GIT-hash: e2a8ef4656be026bbae540305fcb998a5991090f build by dag@Build64R6, 2011-11-20 10:57:03
 0: cs:Connected ro:Primary/Primary ds:UpToDate/UpToDate C r-----
    ns:0 nr:1053812 dw:1052672 dr:6964 al:0 bm:74 lo:0 pe:0 ua:0 ap:0 ep:1 wo:b oos:0
 1: cs:Connected ro:Primary/Primary ds:UpToDate/UpToDate C r-----
    ns:0 nr:394560 dw:393412 dr:4988 al:0 bm:70 lo:0 pe:0 ua:0 ap:0 ep:1 wo:f oos:0
 2: cs:Connected ro:Primary/Primary ds:UpToDate/UpToDate C r-----
    ns:0 nr:1055190 dw:1054022 dr:4936 al:0 bm:167 lo:0 pe:0 ua:0 ap:0 ep:1 wo:f oos:0Now we're ready to migrate vm03-db and vm04-ms back to an-c05n02.
clusvcadm -M vm:vm03-db -m an-c05n02.alteeve.caTrying to migrate vm:vm03-db to an-c05n02.alteeve.ca...Successclusvcadm -M vm:vm04-ms -m an-c05n02.alteeve.caTrying to migrate vm:vm04-ms to an-c05n02.alteeve.ca...SuccessA final check;
clustatCluster Status for an-cluster-05 @ Sun Jan  1 23:08:06 2012
Member Status: Quorate
 Member Name                             ID   Status
 ------ ----                             ---- ------
 an-c05n01.alteeve.ca                       1 Online, Local, rgmanager
 an-c05n02.alteeve.ca                       2 Online, rgmanager
 Service Name                   Owner (Last)                   State
 ------- ----                   ----- ------                   -----
 service:storage_an01           an-c05n01.alteeve.ca          started
 service:storage_an02           an-c05n02.alteeve.ca          started
 vm:vm01-dev                    an-c05n01.alteeve.ca          started
 vm:vm02-web                    an-c05n01.alteeve.ca          started
 vm:vm03-db                     an-c05n02.alteeve.ca          started
 vm:vm04-ms                     an-c05n02.alteeve.ca          startedGood!
Complete Cold Shut Down And Cold Starting The Cluster
The final testing is now complete. There is one final task to cover though; "Cold Shut Down" and "Cold Start" of the cluster. This involves shutting down all VMs, stopping rgmanager and cman on both nodes, then powering off both nodes.
The cold-start process involves simply powering both nodes on within the set post_join_delay, then manually enabling the four VMs.
Stopping All VMs
Check the status as always;
clustatCluster Status for an-cluster-05 @ Sun Jan  1 23:13:24 2012
Member Status: Quorate
 Member Name                             ID   Status
 ------ ----                             ---- ------
 an-c05n01.alteeve.ca                       1 Online, Local, rgmanager
 an-c05n02.alteeve.ca                       2 Online, rgmanager
 Service Name                   Owner (Last)                   State
 ------- ----                   ----- ------                   -----
 service:storage_an01           an-c05n01.alteeve.ca          started
 service:storage_an02           an-c05n02.alteeve.ca          started
 vm:vm01-dev                    an-c05n01.alteeve.ca          started
 vm:vm02-web                    an-c05n01.alteeve.ca          started
 vm:vm03-db                     an-c05n02.alteeve.ca          started
 vm:vm04-ms                     an-c05n02.alteeve.ca          startedAll four VMs are up, so we'll stop all of them.
|  | Note: You might want to get into the habit of stopping the windows machines, then connecting to them over RDP or using virt-manager to ensure that it has started to power down. If it hasn't, shut it down from within the OS. | 
clusvcadm -d vm:vm01-devLocal machine disabling vm:vm01-dev...Successclusvcadm -d vm:vm02-webLocal machine disabling vm:vm02-web...Successclusvcadm -d vm:vm03-dbLocal machine disabling vm:vm03-db...Successclusvcadm -d vm:vm04-msLocal machine disabling vm:vm04-ms...SuccessConfirm;
clustatCluster Status for an-cluster-05 @ Sun Jan  1 23:17:29 2012
Member Status: Quorate
 Member Name                             ID   Status
 ------ ----                             ---- ------
 an-c05n01.alteeve.ca                       1 Online, Local, rgmanager
 an-c05n02.alteeve.ca                       2 Online, rgmanager
 Service Name                   Owner (Last)                   State
 ------- ----                   ----- ------                   -----
 service:storage_an01           an-c05n01.alteeve.ca          started
 service:storage_an02           an-c05n02.alteeve.ca          started
 vm:vm01-dev                  (an-c05n01.alteeve.ca)        disabled
 vm:vm02-web                  (an-c05n01.alteeve.ca)        disabled
 vm:vm03-db                   (an-c05n02.alteeve.ca)        disabled
 vm:vm04-ms                   (an-c05n02.alteeve.ca)        disabledGood, we can now stop rgmanager on both nodes.
Shutting Down The Cluster Entirely
|  | Note: It can sometimes take a minute or two for rgmanager to stop. Please be patient. | 
On an-c05n01;
/etc/init.d/rgmanager stopStopping Cluster Service Manager:                          [  OK  ]On an-c05n02;
/etc/init.d/rgmanager stopStopping Cluster Service Manager:                          [  OK  ]Now stop cman on both nodes.
On an-c05n01;
/etc/init.d/cman stopStopping cluster: 
   Leaving fence domain...                                 [  OK  ]
   Stopping gfs_controld...                                [  OK  ]
   Stopping dlm_controld...                                [  OK  ]
   Stopping fenced...                                      [  OK  ]
   Stopping cman...                                        [  OK  ]
   Waiting for corosync to shutdown:                       [  OK  ]
   Unloading kernel modules...                             [  OK  ]
   Unmounting configfs...                                  [  OK  ]On an-c05n02;
/etc/init.d/cman stopStopping cluster: 
   Leaving fence domain...                                 [  OK  ]
   Stopping gfs_controld...                                [  OK  ]
   Stopping dlm_controld...                                [  OK  ]
   Stopping fenced...                                      [  OK  ]
   Stopping cman...                                        [  OK  ]
   Waiting for corosync to shutdown:                       [  OK  ]
   Unloading kernel modules...                             [  OK  ]
   Unmounting configfs...                                  [  OK  ]We're down, we can safely power off the nodes now.
poweroffBroadcast message from root@an-c05n01.alteeve.ca
	(/dev/pts/0) at 23:22 ...
The system is going down for power off NOW!Cold-Stop achieved!
Cold-Starting The Cluster
|  | Note: It is important to power on both nodes within post_join_delay seconds. Otherwise, the slower node will be fenced and the boot process will take longer than it needs to. | 
Power on both nodes. You can just hit the power button, or if you have a workstation on the BCN with fence-agents installed, you can call fence_ipmilan (or the agent you use in your cluster).
fence_ipmilan -a an-c05n01.ipmi -l root -p secret -o onPowering on machine @ IPMI:an-c05n01.ipmi...Donefence_ipmilan -a an-c05n02.ipmi -l root -p secret -o onPowering on machine @ IPMI:an-c05n02.ipmi...DoneOnce they're up, log into them again and check their status. You will see that the VMs are off-line.
clustatCluster Status for an-cluster-05 @ Sun Jan  1 23:40:16 2012
Member Status: Quorate
 Member Name                             ID   Status
 ------ ----                             ---- ------
 an-c05n01.alteeve.ca                       1 Online, Local, rgmanager
 an-c05n02.alteeve.ca                       2 Online, rgmanager
 Service Name                   Owner (Last)                   State         
 ------- ----                   ----- ------                   -----         
 service:storage_an01           an-c05n01.alteeve.ca          started       
 service:storage_an02           an-c05n02.alteeve.ca          started       
 vm:vm01-dev                  (none)                         disabled      
 vm:vm02-web                  (none)                         disabled      
 vm:vm03-db                   (none)                         disabled      
 vm:vm04-ms                   (none)                         disabledCheck that DRBD is ready;
cat /proc/drbdversion: 8.3.12 (api:88/proto:86-96)
GIT-hash: e2a8ef4656be026bbae540305fcb998a5991090f build by dag@Build64R6, 2011-11-20 10:57:03
 0: cs:Connected ro:Primary/Primary ds:UpToDate/UpToDate C r-----
    ns:4 nr:0 dw:0 dr:8712 al:0 bm:1 lo:0 pe:0 ua:0 ap:0 ep:1 wo:b oos:0
 1: cs:Connected ro:Primary/Primary ds:UpToDate/UpToDate C r-----
    ns:0 nr:0 dw:0 dr:4632 al:0 bm:0 lo:0 pe:0 ua:0 ap:0 ep:1 wo:b oos:0
 2: cs:Connected ro:Primary/Primary ds:UpToDate/UpToDate C r-----
    ns:0 nr:0 dw:0 dr:4648 al:0 bm:0 lo:0 pe:0 ua:0 ap:0 ep:1 wo:b oos:0Golden, let's start the VMs.
clusvcadm -e vm:vm01-dev -m an-c05n01.alteeve.cavm:vm01-dev is now running on an-c05n01.alteeve.caclusvcadm -e vm:vm02-web -m an-c05n01.alteeve.cavm:vm02-web is now running on an-c05n01.alteeve.caclusvcadm -e vm:vm03-db -m an-c05n02.alteeve.cavm:vm03-db is now running on an-c05n02.alteeve.caclusvcadm -e vm:vm04-ms -m an-c05n02.alteeve.cavm:vm04-ms is now running on an-c05n02.alteeve.caCheck the new status;
clustatCluster Status for an-cluster-05 @ Sun Jan  1 23:45:35 2012
Member Status: Quorate
 Member Name                             ID   Status
 ------ ----                             ---- ------
 an-c05n01.alteeve.ca                       1 Online, rgmanager
 an-c05n02.alteeve.ca                       2 Online, Local, rgmanager
 Service Name                   Owner (Last)                   State         
 ------- ----                   ----- ------                   -----         
 service:storage_an01           an-c05n01.alteeve.ca          started       
 service:storage_an02           an-c05n02.alteeve.ca          started       
 vm:vm01-dev                    an-c05n01.alteeve.ca          started       
 vm:vm02-web                    an-c05n01.alteeve.ca          started       
 vm:vm03-db                     an-c05n02.alteeve.ca          started       
 vm:vm04-ms                     an-c05n02.alteeve.ca          startedWe're back up and running!
Done and Done!
That, ladies and gentlemen, is all she wrote!
You should now be safely ready to take your cluster into production at this stage.
Happy Hacking!
Troubleshooting
The troubleshooting section seems to have pushed Media Wiki beyond it's single-article length limit. For this reason, it has been moved to it's own page.
Disabling rsyslog Rate Limiting
Please see;
| Any questions, feedback, advice, complaints or meanderings are welcome. | |||
| Alteeve's Niche! | Alteeve Enterprise Support | Community Support | |
| © 2025 Alteeve. Intelligent Availability® is a registered trademark of Alteeve's Niche! Inc. 1997-2025 | |||
| legal stuff: All info is provided "As-Is". Do not use anything here unless you are willing and able to take responsibility for your own actions. | |||