DRDB + Corosync + pacemaker avec témoin
De TwisterWiki
Installation des paquets sur chaque serveur
Serveurs DRBD
apt install nfs-kernel-server drbd-utils drbd-doc fence-agents corosync pacemaker crmsh corosync-qdevice pacemaker-doc corosync-doc
Serveur témoin
apt install corosync-qnet
Configuration du DRBD
Ajout d'un second disque sur chaque serveur
Création d'une partition sur le disque ajouté sans la formater
/etc/drbd.d/global_common.conf
global {
usage-count no;
}
common {
net {
protocol C;
}
}
Création du fichier r0.res
resource r0 {
net {
protocol C;
allow-two-primaries no;
after-sb-0pri discard-least-changes;
after-sb-1pri consensus;
after-sb-2pri disconnect;
ping-timeout 5;
connect-int 2;
}
on drbd-primaire {
device /dev/drbd0;
disk /dev/sdb1;
address 192.168.50.220:7788;
meta-disk internal;
}
on drbd-secondaire {
device /dev/drbd0;
disk /dev/sdb1;
address 192.168.50.221:7788;
meta-disk internal;
}
}
- systemctl restart drbd
- Création du volume drbd sur chaque nœud
drbdadm create-md r0
- systemctl restart drbd
- pour supprimer des messages d'avertissement sur chaque nœud
dpkg-statoverride --add --update root haclient 4750 /lib/drbd/drbdsetup-84 dpkg-statoverride --add --update root haclient 4750 /usr/sbin/drbdmeta
- sur le nœud primaire
drbdadm primary r0 --force
- sur le nœud secondaire
drbdadm secondary r0
- sur le noeud primaire
mkfs.ext4 /dev/drbd0
installation corosync + pacemaker
systemctl enable corosync-qdevice
Configuration corosync
- contenu du fichier /etc/corosync/corosync.conf
# Please read the corosync.conf.5 manual page
totem {
version: 2
cluster_name: drbd-lab
transport: knet
crypto_cipher: aes256
crypto_hash: sha256
token: 3000
consensus: 3600
}
nodelist {
node {
ring0_addr: 192.168.50.221
name: drbd-secondaire
nodeid: 2
}
node {
ring0_addr: 192.168.50.220
name: drbd-primaire
nodeid: 1
}
}
quorum {
provider: corosync_votequorum
device {
model: net
votes: 1
net {
algorithm: ffsplit
host: 192.168.50.222
}
}
}
logging {
to_logfile: yes
logfile: /var/log/corosync/corosync.log
to_syslog: yes
timestamp: on
}
- génération de la clé de chiffrement à copier sur tous les membres du cluster
/usr/sbin/corosync-keygen
- redémarrage de corosync sur tous les noeuds du cluster
systemctl restart corosync
installation corosync-qnetd sur le témoin
apt install corosync-qnetd
- suppression de le CA sur le témoin
rm -fr /etc/corosync/qnetd/nssdb
- Sur un des noeuds du cluster
corosync-qdevice-net-certutil -Q -n {cluster_corosync} drbd-temoin drbd-primaire drbd-secondaire
- sur le témoin
cd /etc/corosync/qnetd chgrp coroqnetd nssdb nssdb/cert9.db nssdb/key4.db
configuration corosync-qnetd
- Fichier /etc/default/corosync-qnetd
# Corosync Qdevice Network daemon init script configuration file # COROSYNC_QNETD_OPTIONS specifies options passed to corosync-qnetd command # (default is no options). # See "man corosync-qnetd" for detailed descriptions of the options. COROSYNC_QNETD_OPTIONS="-4df -s off -l 192.168.50.40" # COROSYNC_QNETD_RUNAS specifies user under which qnetd daemon should be running # (not set or empty is default and means "user who executes init script") # Make sure to set correct owner of directories /etc/corosync/qnetd and # /var/run/corosync-qnetd # This has no effect if systemd unit is used (you have to change unit file) COROSYNC_QNETD_RUNAS=""
configuration pacemaker
- création des clés ssh sur tous les nodes
su - hacluster -s /bin/bash ssh-keygen
- via la commande crm configure edit nous pouvons configurer pacemaker. Cette commande ouvre votre éditeur préféré
node 1: drbd-primaire
node 2: drbd-secondaire
primitive r_drbd_disk ocf:linbit:drbd \
params drbd_resource=r0 \
op start interval=0s timeout=180s \
op stop interval=0 timeout=120s \
op monitor interval=17s role=Master timeout=120s \
op monitor interval=16s role=Slave timeout=119s \
op promote interval=0s timeout=180s
primitive r_drbd_fs Filesystem \
params device="/dev/drbd0" directory="/opt/drbd" fstype=ext4 \
op start interval=0s timeout=180s \
op stop interval=0s timeout=180s
primitive r_ip_ipv4 IPaddr2 \
params ip=192.168.50.223 cidr_netmask=24 \
op monitor interval=10s \
op start interval=0s timeout=180s \
op stop interval=0s timeout=180s \
meta failure-timeout=60s
primitive r_nfs systemd:nfs-kernel-server \
op monitor interval=10s start-delay=15s \
op start interval=0s timeout=10s \
op stop interval=0s timeout=10s \
meta target-role=Started
primitive st_drbd-primaire stonith:fence_vbox \
params identity_file="/var/lib/pacemaker/.ssh/id_rsa" ip={virtualbox_hôte} pcmk_host_list=drbd-primaire plug={id virtualbox_de_la_vm} username={username_qui_lance_les_commandes_vbox} \
op monitor timeout=600s interval=60s \
op start timeout=600s interval=0s \
op stop timeout=600s interval=0s
primitive st_drbd-secondaire stonith:fence_vbox \
params identity_file="/var/lib/pacemaker/.ssh/id_rsa" ip={virtualbox_hôte} pcmk_host_list=drbd-secondaire plug={id virtualbox_de_la_vm} username={username_qui_lance_les_commandes_vbox} \
op monitor timeout=600s interval=60s \
op start timeout=600s interval=0s \
op stop timeout=600s interval=0s
group g_nfs r_nfs r_ip_ipv4
clone ms_drbd r_drbd_disk \
meta master-max=1 master-node-max=1 clone-max=2 clone-node-max=1 notify=true promotable=true \
meta failure-timeout=60s
colocation c_drbd_fs inf: r_drbd_fs ms_drbd:Master
colocation c_nfs inf: g_nfs ms_drbd:Master
location location-g_nfs-drbd-primaire-100 g_nfs 100: drbd-primaire
location location-ms_drbd-drbd-primaire-100 ms_drbd 100: drbd-primaire
location location-r_drbd_fs-drbd-primaire-100 r_drbd_fs 100: drbd-primaire
location location-st_drbd-primaire-drbd-primaire-INFINITY st_drbd-primaire inf: drbd-primaire
location location-st_nfs-02-drbd-secondaire-INFINITY st_drbd-secondaire inf: drbd-secondaire
order o_drbd_mount Mandatory: ms_drbd:promote r_drbd_fs:start
order o_nfs_start Mandatory: r_drbd_fs g_nfs
property cib-bootstrap-options: \
have-watchdog=false \
dc-version=2.1.5-a3f44794f94 \
cluster-infrastructure=corosync \
cluster-name=drbd \
stonith-enabled=true \
no-quorum-policy=ignore \
stop-all-resources=false \
last-lrm-refresh=1747170239 \
startup-fencing=false \
cluster-recheck-interval=2min
property rsc_defaults: \
resource-stickiness=100 \
migration-threshold=1
rsc_defaults rsc_defaults-meta_attributes: \
resource-stickiness=50
