Meanwhile I was writing applications for me, I always thinking how I could make my environment more bulletproof and stable. Fact, that I was using single systems, was always a single point of failure. Until now! At least on operating system level, I am beyond this obstacle.
This article is part of a series. Full series:
Make Linux cluster! – Beginning
Make Linux cluster! – Configure resources
Make Linux cluster! – Work and test resources
Make Linux cluster! – Pitfalls and observations
Configure virtual IP
In the Linux, there is a thing called: IP alias. By this feature we can assign another IP next to the real IP address. Pacemaker exploit this functionality. Let’s add an IP which is moved among cluster nodes.
crm(live/atihome)# configure
crm(live/atihome)configure# primitive DnsIP ocf:heartbeat:IPaddr2 paras ip=192.168.50.210 cider_netmask=24 op monitor interval=30s
crm(live/atihome)configure# commit
crm(live/atihome)configure# up
crm(live/atihome)# configure show
node 1: atihome \
attributes maintenance=off
node 2: pihome \
attributes maintenance=off
primitive DnsIP IPaddr2 \
params ip=192.168.50.210 cidr_netmask=24 \
op monitor interval=30s \
meta target-role=Started
property cib-bootstrap-options: \
have-watchdog=false \
dc-version=2.0.5-ba59be7122 \
cluster-infrastructure=corosync \
cluster-name=debian \
stonith-enabled=false \
no-quorum-policy=ignore
Need to specify such IP address which is not assign to nothing, so not used. If and executed status command at the end you can see that it is started somewhere:
crm(live/atihome)# status Cluster Summary: * Stack: corosync * Current DC: atihome (version 2.0.5-ba59be7122) - partition with quorum * Last updated: Sun Dec 5 16:43:58 2021 * Last change: Sun Dec 5 16:00:14 2021 by root via cibadmin on atihome * 2 nodes configured * 2 resource instances configured Node List: * Online: [ atihome pihome ] Full List of Resources: * DnsIP (ocf::heartbeat:IPaddr2): Started atihome
This IP alias is really there, it can be listed by ip addr show command from shell:
2: enp8s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 18:c0:4d:2e:da:b5 brd ff:ff:ff:ff:ff:ff
inet 192.168.50.201/24 brd 192.168.50.255 scope global dynamic enp8s0
valid_lft 75452sec preferred_lft 75452sec
inet 192.168.50.210/24 brd 192.168.50.255 scope global secondary enp8s0
valid_lft forever preferred_lft forever
inet6 fe80::1ac0:4dff:fe2e:dab5/64 scope link
valid_lft forever preferred_lft forever
Promote bind9 to a cluster resource
Before I did it, I stopped and disabled bind9 by systemctl stop named and systemctl disable named commands. When it was done, I went back to crm shell and begin to configure it:
crm(live/atihome)# configure crm(live/atihome)configure# primitive bind9 service:named op start timeout="100s" interval=0 op monitor interval=30s timeout="100s" restart=on-failure crm(live/atihome)configure# colocation DnsWithIP Mandatory: DnsIP bind9 crm(live/atihome)configure# order DnsOrder Mandatory: DnsIP bind9:start crm(live/atihome)configure# location DnsLocation 100: atihome crm(live/atihome)configure# location DnsAltLocation 25: pihome crm(live/atihome)configure# commit crm(live/atihome)configure# up
And now explanation. I have defined bind9 as a service on the system. Cluster will systemd start/stop/reload it. It will also use it for monitor. In pacemaker, there are resource agents. They can be used for these actions (and even more), but I could not use ocf:heartbeat:named, so I stayed with the service. During some previous ocf:heartbeat:nginx worked without any issue, but for bind9, it had some user issue and I choose the easier way.
Command colocation tells that virtual IP and DNS server must always been running on same node. So, either IP or DNS server would move to another move, resource manager will move both.
Command order tells what is the start order of these services. First IP must be establish then DNS server can be started. Else DNS server may failed due to invalid or not existing IP address bind.
With location I tell where it needs to run. Higher value will win: they will run on atihome in default, when atihome fails, it will move to pihome, when atihome available again it will move back. If no location is provided it will run where it can without any move back feature.
Worth to mention migration-threshold property, which belongs ot primitive. If this is threshold is reached (e.g.: cannot start on node), then move will be issue by resource manager.
By displaying configuration it looks like:
crm(live/atihome)# configure show
node 1: atihome \
attributes maintenance=off
node 2: pihome \
attributes maintenance=off
primitive DnsIP IPaddr2 \
params ip=192.168.50.210 cidr_netmask=24 \
op monitor interval=30s \
meta target-role=Started
primitive bind9 service:named \
op start timeout=100s interval=0 \
op monitor interval=30s timeout=100s \
op_params restart=on-failure
location DnsAltLocation DnsIP 25: pihome
location DnsLocation DnsIP 100: atihome
order DnsOrder Mandatory: DnsIP bind9:start
colocation DnsWithIP inf: DnsIP bind9
property cib-bootstrap-options: \
have-watchdog=false \
dc-version=2.0.5-ba59be7122 \
cluster-infrastructure=corosync \
cluster-name=debian \
stonith-enabled=false \
no-quorum-policy=ignore
Status also seems good, resource are started. I validated virtual IP and DNS server with dig and nslookup utility. Everything looked good.
crm(live/atihome)# status Cluster Summary: * Stack: corosync * Current DC: atihome (version 2.0.5-ba59be7122) - partition with quorum * Last updated: Sun Dec 5 17:12:03 2021 * Last change: Sun Dec 5 17:03:15 2021 by root via cibadmin on atihome * 2 nodes configured * 2 resource instances configured Node List: * Online: [ atihome pihome ] Full List of Resources: * DnsIP (ocf::heartbeat:IPaddr2): Started atihome * bind9 (service:named): Started atihome
Final words
In this section, I defined some resources and connect them logically for a normal usage. In the next article, I write about their manipulation.
