Hi,
Your setup does not look highly available to me. I am not sure what
happens when your one pacemaker node goes down but it cannot be anything
good. You should have at least two pacemaker nodes so that when one goes
down the other can run the remote resources.
Remote nodes should not be listed in the pcs cluster setup command, only
pacemaker nodes go there.
In your current setup, if you first distribute the pacemaker authkey to
your pacemaker node and then run
pcs cluster setup --name <cluster-name> <your-one-node>
on your one node, pcs will keep your authkey in place and you should be
good. This will work for clusters with more than one node as well.
Regards,
Tomas
Dne 26.2.2018 v 20:00 Faaland, Olaf P. napsal(a):
Hi Tomas,
Thanks for your reply. It was very helpful.
Maybe we don't need "--local". I'll try removing that from our cluster setup
script.
To answer your question, though, here was our reasoning for using it in the
first place.
Only one host in our cluster, the one where we run "pcs setup", runs pacemaker.
The rest run pacemaker_remote.
One reason we use "--local" is that at the time we are configuring the cluster,
the other hosts may not be present, or powered on, or fully configured.
Another reason is that the other hosts are diskless, and their configuration is
stored in the image they boot from (they typically all share one such image),
with some customization at the time the host boots, via a configuration
management tool.
So for us, if pcs were to try to connect to the remote node to copy authkey
into place, it would be lost when the node reboots. We put the key into either
the image or the configuration management tool so is in place on every boot.
Where can I look to understand how pacemaker copes with the chicken-and-egg
problem with distributing authkey?
Olaf P. Faaland
Livermore Computing
________________________________________
From: Users <[email protected]> on behalf of Tomas Jelinek
<[email protected]>
Sent: Friday, February 23, 2018 12:44 AM
To: [email protected]
Subject: Re: [ClusterLabs] pcs cluster setup removes /etc/pacemaker/authkey
Hi,
Since upstream version 0.9.158, pcs takes care of the pacemaker authkey
itself [1] (Pacemaker version doesn't matter in this case).
That means:
* pcs wipes out the authkey on "cluster destroy"
* pcs creates and distributes the authkey on "cluster setup"
* pcs distributes the authkey when adding a node to a cluster
* pcs removes the authkey from a node when removing the node from a cluster
The preferred solution is to let pcs do its job.
pcs cluster setup --name <cluster-name> <node1> <node2> ... <nodeN>
will create and distribute all config files including a pacemaker
authkey to all nodes specified for you. Why are you using the --local
flag anyway?
In RHEL 7.4 the situation is a bit different. RHEL 7.4 pcs packages
contain a patch which makes the "pcs cluster setup" command use an
existing pacemaker authkey. [2] This patch however does not apply when
the --local flag is used in the setup command.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1176018
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1459503
Regards,
Tomas
Dne 22.2.2018 v 20:50 Faaland, Olaf P. napsal(a):
Hi,
I see when I invoke
# pcs cluster setup --force --local --name <cluster-name>
<net-interface-name>
It reports "Removing all cluster configuration files..." and true to its
word, removes /etc/pacemaker/authkey.
My cluster configuration depends on nodes running pacemaker_remote and
so I depend on the authkey to communicate with them. The authkey is
distributed among the nodes by a configuration management tool, in this
case CFEngine, and if the authkey were not deleted, when pacemaker was
started it and the remotes would successfully communicate with each
other immediately.
Is there some other solution to this key distribution problem that is
preferred, and that is not affected by the removal of authkey? Or is
there some way to tell pcs not to remove that file?
I see this behavior on RHEL 7.4 / pacemaker-1.1.16-12.el7.x86_64
Also, is this a recent change? I don't recall this occurring with an
earlier version of RHEL/pacemaker.
thanks,
Olaf P. Faaland
Livermore Computing
_______________________________________________
Users mailing list: [email protected]
https://lists.clusterlabs.org/mailman/listinfo/users
Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org
_______________________________________________
Users mailing list: [email protected]
https://lists.clusterlabs.org/mailman/listinfo/users
Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org
_______________________________________________
Users mailing list: [email protected]
https://lists.clusterlabs.org/mailman/listinfo/users
Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org
_______________________________________________
Users mailing list: [email protected]
https://lists.clusterlabs.org/mailman/listinfo/users
Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org
