SLES 11 and High Availability Extension (HAE) with DLM, O2CB and SSH stonith
In this scenario I will be setting up Novell High Availability Extension (HAE) on SLES 11. I will also demonstrate how to setup dlm, o2cb and SSH stonith.
Some items that I have pre-configured are as follows.
- 1 SMT server
- 3 server installed with SLES 11 and HAE as a add-on product.
Please see the following link:
- Each SLES 11 HAE server is fully patched with the latest code from my SMT server(2/24/10)
- Networking is setup as demonstrated in the following picture.
In this document I assume the reader has some basic knowledge of quorm, fencing, and resource attributes. That said I will show each step with a screen shot during resource configuration. Although this document could be adopted into a production environment; I assume that this document will only be used in a test environment and for learning purposes only.
During resource configuration I setup a ssh-stonith resource. As noted in the documentation this resource should not be used in production. Please also note that Novell will not support the resource except in a test situation where a real stonith resource, such as ilo, DRAC card, external power supply or other such stonith resource is not available.
Setup of the previous environment:
Edit the /etc/hosts and put entries into the hosts file for each node.
Create a ssh-key for every node.
#:~> ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): /root/.ssh/id_rsa already exists. Overwrite (y/n)? y Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: 9e:92:9c:01:9e:fd:fb:12:73:7d:a7:cc:e1:11:ad:7f root@hae1 The key's randomart image is: +--[ RSA 2048]----+ | | | | | . . | | . + . .| | o o S . o | | . *o.. . = .| | = ++ = * | | ... = E| | .o. .| +-----------------+
Now copy that key to every node. You will need to repeat this process on each node so that all nodes trust each other.
#:~$ cd .ssh/ #:~/.ssh$ ls authorized_keys id_rsa id_rsa.keystore id_rsa.pub id_work known_hosts #:~/.ssh$ #: scp id_rsa.pub root@hae2:/root/.ssh/id.rsa.hae1.pub
Now go to HAE2 and type the following:
HAE2 /root/home/.ssh/: cat id.rsa.hae1.pub >> authorized_keys
Repeat this for each node. When you are finished you should be able to ssh to any node from any node without entering a password or pass-phrase.
I will be following these instructions from the HAE documentation:
Open yast > cluster and configure it as the following:
Note: Each node will have its own Node ID: For HAE1 – 1, HAE2 – it will be 2 and HAE3 – 3
Note: When you enable security you add protection to the cluster. When you generate the Authentication file you will need to copy it over to each node in the cluster.
Copy the /etc/ais/authkey and /etc/ais/openais.conf to the other nodes in the server.
#: scp /etc/ais/openais.conf root@HAE2:/etc/ais/openais.conf #: scp /etc/ais/openais.conf root@HAE2:/etc/ais/openais.conf
Note: Do this for each node.
!Remember: Make sure to edit the openais.conf and match up the node id for the node you are on. For example. HAE1 will be 1 and HAE2 will be 2 and HAE3 will be 3. You can also do this via yast > cluster.
Your cluster can now be started.
#: rcopenais start
Before you login to the cluster you will need to set hacluster’s password on each node.
#: passwd hacluster enter new password:
Now you are set to login.
Creating a dlm resource:
Under Resources click Add and choose Clone and then Ok.
Once you have passed through to this point you will want to click “ok, ok, apply or ok”. You will now have a dlm resource. We will now configure o2cb and then a stonith resource before starting dlm.
Configuring resource order:
Once you are all done you can apply the changes. You will now want to start you resources starting with your ssh-stonith then dlm and finally O2CB.