manintheit.org

manintheit.org


How to Create Red Hat HA Cluster Part -I

This post will actually consists of couple of parts. At the end of the complete part of the series,  we will have  Red Hat HA Cluster that runs Apache and NFS . In this tutorial I will be using two CentOS6 hosts, named node01 and node02 on the KVM host. Each node has two interfaces one for the giving users access to the services and the other one for the heart-beat.

 Topology: It is depicted in the Figure-1, it is two-node cluster with shared disks and fencing agent. Each node in the cluster has below hosts entry.

192.168.122.100 node01.cls.local
192.168.123.100 node01-hb.cls.local
192.168.122.200 node02.cls.local
192.168.123.200 node02-hb.cls.local

Fencing

In order to proper cluster configuration we also need to configure fencing. Fencing is a disconnection of a node from the shared storage. If communication with a single node in the cluster fails, then other nodes in the cluster must be restrict or release access to resources that the failed cluster node may have access to. This may not possible by connecting failed node as it may be unresponsive, so that it needs to be disconnected external way. It is accomplished by fence agent. A fence device is an external device that can be used by the cluster to restrict access to shared resources by an errant node, or to issue a hard reboot on the cluster node.

In order to configure cluster on the nodes, we need to install some software packages on each node.

yum install rgmanager lvm2-cluster gfs2-utils ccs

#For cman

iptables -I INPUT -p udp -m state --state NEW -m multiport --dports 5404,5405 -j ACCEPT

#For ricci:

iptables -I INPUT -p tcp -m state --state NEW -m multiport --dports 11111 -j ACCEPT

#For modcluster:

iptables -I INPUT -p tcp -m state --state NEW -m multiport --dports 16851 -j ACCEPT

#For gnbd:

iptables -I INPUT -p tcp -m state --state NEW -m multiport --dports 14567 -j ACCEPT

#For luci:

iptables -I INPUT -p tcp -m state --state NEW -m multiport --dports 8084 -j ACCEPT

#For DLM:

iptables -I INPUT -p tcp -m state --state NEW -m multiport --dports 21064 -j ACCEPT

#For ccsd:

iptables -I INPUT -p udp -m state --state NEW -m multiport --dports 50007 -j ACCEPT
iptables -I INPUT -p tcp -m state --state NEW -m multiport --dports 50008 -j ACCEPT


#After apply the rules above, we need to save firewall and restart the firewall service.

service iptables save ; service iptables restart

Firewall service is disabled for this case on each node for the ease of configuration. But it is not acceptable for the production environment. In order for configuring cluster services properly, Cluster services on each node, must be communicate each other properly. Because of this, adding correct firewall rules are vital. You can use the following filtering to allow multicast traffic through the iptables firewall for the various cluster components. For openais, use the following filtering. Port 5405 is used to receive multicast traffic.



Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.