SLES 11 and High Availability Extension (HAE) with DLM, O2CB and SSH stonith | SUSE Communities

SLES 11 and High Availability Extension (HAE) with DLM, O2CB and SSH stonith



In this scenario I will be setting up Novell High Availability Extension (HAE) on SLES 11. I will also demonstrate how to setup dlm, o2cb and SSH stonith.

Some items that I have pre-configured are as follows.

  1. 1 SMT server
  2. 3 server installed with SLES 11 and HAE as a add-on product.

    Please see the following link:

  3. Each SLES 11 HAE server is fully patched with the latest code from my SMT server(2/24/10)
  4. Networking is setup as demonstrated in the following picture.


In this document I assume the reader has some basic knowledge of quorm, fencing, and resource attributes. That said I will show each step with a screen shot during resource configuration. Although this document could be adopted into a production environment; I assume that this document will only be used in a test environment and for learning purposes only.


During resource configuration I setup a ssh-stonith resource. As noted in the documentation this resource should not be used in production. Please also note that Novell will not support the resource except in a test situation where a real stonith resource, such as ilo, DRAC card, external power supply or other such stonith resource is not available.

DRAC card:

ilo card:

Setup of the previous environment:

Edit the /etc/hosts and put entries into the hosts file for each node.

Create a ssh-key for every node.

For example:

#:~> ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
/root/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/
The key fingerprint is:
9e:92:9c:01:9e:fd:fb:12:73:7d:a7:cc:e1:11:ad:7f root@hae1
The key's randomart image is:
+--[ RSA 2048]----+
|                 |
|                 |
|    .          . |
|   . +        . .|
|    o o S  .   o |
|     . *o.. . = .|
|      = ++   = * |
|       ...    = E|
|        .o.     .|

Now copy that key to every node. You will need to repeat this process on each node so that all nodes trust each other.


#:~$ cd .ssh/
#:~/.ssh$ ls
authorized_keys  id_rsa  id_rsa.keystore  id_work  known_hosts

#: scp root@hae2:/root/.ssh/

Now go to HAE2 and type the following:

HAE2 /root/home/.ssh/: cat >> authorized_keys

Repeat this for each node. When you are finished you should be able to ssh to any node from any node without entering a password or pass-phrase.

I will be following these instructions from the HAE documentation:

  1. Open yast > cluster and configure it as the following:

    Communication Channels

    Note: Each node will have its own Node ID: For HAE1 – 1, HAE2 – it will be 2 and HAE3 – 3


    Note: When you enable security you add protection to the cluster. When you generate the Authentication file you will need to copy it over to each node in the cluster.


  2. Copy the /etc/ais/authkey and /etc/ais/openais.conf to the other nodes in the server.

    For example:

    #: scp /etc/ais/openais.conf  root@HAE2:/etc/ais/openais.conf
    #: scp /etc/ais/openais.conf  root@HAE2:/etc/ais/openais.conf

    Note: Do this for each node.

    !Remember: Make sure to edit the openais.conf and match up the node id for the node you are on. For example. HAE1 will be 1 and HAE2 will be 2 and HAE3 will be 3. You can also do this via yast > cluster.

    Your cluster can now be started.

    #: rcopenais start

    Before you login to the cluster you will need to set hacluster’s password on each node.

    #: passwd hacluster
    enter new password:

    Now you are set to login.

    #: crm_gui

Creating a dlm resource:

Under Resources click Add and choose Clone and then Ok.

Once you have passed through to this point you will want to click “ok, ok, apply or ok”. You will now have a dlm resource. We will now configure o2cb and then a stonith resource before starting dlm.

configuring O2CB:

Configuring ssh:

Configuring resource order:

Once you are all done you can apply the changes. You will now want to start you resources starting with your ssh-stonith then dlm and finally O2CB.

Final results:

(Visited 1 times, 1 visits today)


  • darrenjthompson says:

    It seems a silly place to have stopped.

    Why not follow through with the creation and cluster enabling of an OCFS2 file system since you have already done 80% of the job.

    Perhaps you intend to have follow up articles with OCFS2 and XEN VM’s???

  • darrenjthompson says:

    On reading my comment one of my co-workers (George) sent me this, it’s so brilliant that I had to share it & here seems to be the appropriate venue.


    Regarding the comment

    Let ye who can writeth the remaining 20% be the first to cast a stonith!


  • boo03004 says:

    I fully intend on writing several follow up articles on HAE. My next few will be in relation to CLVM OCFS and XEN. My main intent was to make a simple article to dispel many question I run into when speaking with people about HAE. The most common questions are in relation to a stonith resource. I though that by showing a few pictures and configuring one it would address some of the questions a novice would have. If you have further ideas I would be glad to write a article or a how to.

    -Jason B

  • vz65ky says:

    Hi Jason,

    Did you get a chance to write the other articles which you intend to do it. Please let me know…


  • Leave a Reply

    Your email address will not be published.