Setup distributed replicated highly available nfs server with drbd and pacemaker on centos7

-
-------- Setup DRBD two node cluster ----------
Importelrepo gpgkey

rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org

Install elrepo

rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm

--Task to perform on both node
Install drbd pkg

yum install -y kmod-drbd84 drbd84-utils

enable iptable rules

firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.122.102" port port="7789" protocol="tcp" accept'
firewall-cmd --reload

Take backup of original config file

mv /etc/drbd.d/global_common.conf /etc/drbd.d/global_common.conf.orig

create new file with your configuration

vim /etc/drbd.d/global_common.conf

--place bellow content in file

global {
 usage-count  yes;
}
common {
 net {
  protocol C;
  sndbuf-size 0;
 }
}
disk {
  fencing resource-only;
  }
handlers {
  fence-peer “/usr/lib/drbd/crm-fence-peer.sh”;
  after-resync-target “/usr/lib/drbd/crm-unfence-peer.sh”;
  }

save file and exit
create drbd disk and device definition file

vi /etc/drbd.d/test.res

--place bellow content

resource test {
        on drbd1.mylab.local {
                device /dev/drbd0;
                disk /dev/vdb1;
                        meta-disk internal;
                        address 192.168.1.43:7789;
        }
        on drbd2.mylab.local  {
                device /dev/drbd0;
                disk /dev/vdb1;
                        meta-disk internal;
                        address 192.168.1.44:7789;
        }
}

save and exit
where in file /dev/drbd0 is drbd replicated disk. /de/vdb1 is physical attached disk in both server. drbd resource name is given as test you can take your own.
create drbd resource as defined in config file 'test'

drbdadm create-md test
drbdadm up test

check drbd status

drbdadm status test

make any node as master ( task to perform on any one node )
drbdadm primary --force test
drbdadm primary test

make other node as secondary

drbdadm secondary test

check replication status at any time for drbd

cat /proc/drbd

mark drbd daemon to start during system boot

systemctl enable drbd

-------Setup Pacemaker HA cluster----------

yum install pcs fence-agents-all -y
firewall-cmd --permanent --add-service=high-availability
firewall-cmd --add-service=high-availability

passwd hacluster
systemctl start pcsd
systemctl enable pcsd
pcs cluster auth drbd1.mylab.local drbd2.mylab.local
pcs cluster setup --start --name drbdcluster drbd1.mylab.local drbd2.mylab.local
-----bellow setup is not recomended in production
pcs property set stonith-enabled=false
pcs property set no-quorum-policy=ignore
-------
pcs property set default-resource-stickiness="INFINITY"
pcs resource create VirtIP ocf:heartbeat:IPaddr2 ip=192.168.1.45 cidr_netmask=32 op monitor interval=30s
---drbd config
pcs cluster cib drbd_cfg
pcs -f drbd_cfg resource create DrbdData ocf:linbit:drbd drbd_resource=test op monitor interval=60s
pcs -f drbd_cfg resource master DrbdDataClone DrbdData master-max=1 master-node-max=1 clone-max=2 clone-node-max=1 notify=true
pcs -f drbd_cfg constraint colocation add DrbdDataClone with VirtIP INFINITY
pcs -f drbd_cfg constraint order VirtIP then DrbdDataClone
pcs cluster cib-push drbd_cfg
---drbdfs resource
pcs cluster cib fs_cfg
pcs  -f fs_cfg resource create DrbdFS Filesystem device="/dev/drbd0" directory="/data" fstype="xfs"
pcs  -f fs_cfg constraint colocation add DrbdFS with DrbdDataClone INFINITY with-rsc-role=Master
pcs  -f fs_cfg constraint order promote DrbdDataClone then start DrbdFS
---nfs server resource
pcs -f fs_cfg resource create nfssrv systemd:nfs-server op monitor interval=30s
pcs -f fs_cfg constraint colocation add nfssrv with DrbdFS INFINITY
pcs -f fs_cfg constraint order DrbdFS then nfssrv
pcs cluster cib-push fs_cfg


firewall-cmd --permanent --add-service=nfs
firewall-cmd --permanent --add-service=mountd
firewall-cmd --permanent --add-service=rpc-bind
firewall-cmd --reload
---bellow is essensial in nfs HA environment
systemctl stop nfs-lock &&  systemctl disable nfs-lock

---- if rhev fencing to be used in production dont set stonith as false and use bellow cmd to create rhev stonith

pcs stonith create rhevfence fence_rhevm stonith-timeout=120 pcmk_host_list="node1 node2" pcmk_host_map="node1:rhev-node1 node2:rhev-node2" ipaddr=10.10.100.200 ssl=1 ssl_insecure=1 [email protected] passwd=xxx port="rhev-node1 rhev-node2" shell_timeout=20 power_wait=25 action=reboot

Comments

Post a Comment

Popular posts from this blog

Running web ssh client on port 443 /80 with nginx as reverse proxy

-
Package used         : shellinabox , nginx Repository used        : epel-release Linux distro used    : Centos 7.6 nginx reverse proxy server ip : 192.168.1.65 shellinabox web ssh server ip : 192.168.1.111 login to web ssh server first install epel-repo # yum install epel-release -y install shellinabox package # yum -y install shellinabox start and enable shellinaboxd service # systemctl enable shellinaboxd && systemctl start shellinaboxd By default shellinaboxd service starts with ssl port 4200 for us to run this in a reverse proxy environment need to make this as insecure hence the encryption will be done by nginx to end user. edit file /etc/sysconfig/shellinabox  like bellow- USER=shellinabox GROUP=shellinabox CERTDIR=/var/lib/shellinabox PORT=4200 OPTS="--disable-ssl-menu -s /:LOGIN" OPTS="-t -s /:SSH:192.168.1.111" save file exit and restart service # systemctl restart shellinaboxd Now open firewall for listening port 4200 from nginx proxy server only #
Read more

Running cockpit behind nginx reverse proxy with nginx ssl and cockpit non ssl

-
Domain for web access to cockpit : cockpit.mylab.local cockpit server ip : 192.168.1.61 nginx server ip   : 192.168.1.65 Linux distro using is Centos 7.6 Login to cockpit server Create a file [root@repo ~]# vim /etc/cockpit/cockpit.conf content will be like [WebService] Origins = https://cockpit.mylab.local wss://cockpit.mylab.local ProtocolHeader = X-Forwarded-Proto AllowUnencrypted = true save and restart cockpit # systemctl restart cockpit now  login to your nginx webserver and install nginx # yum install nginx -y create a new file vim /etc/nginx/conf.d/cockpit.conf paste content as bellow server {     listen         80;     listen         443 ssl http2;     server_name    cockpit.mylab.local;     ssl_certificate /etc/ssl/certs/cockpit-selfsigned.crt;     ssl_certificate_key  /etc/ssl/private/cockpit-selfsigned.key;     location / {         proxy_pass http://192.168.1.61:9090;         proxy_set_header Host $host;         proxy_http_version 1.1;
Read more

Setup VOD streaming server with nginx using RTMP on Ubuntu 18.04

-
Install required packages for source code nginx build # apt-get install -y build-essential ca-certificates wget curl libpcre3 libpcre3-dev autoconf unzip automake libtool tar git libssl-dev zlib1g-dev uuid-dev lsb-release vim htop sysstat ufw fail2ban makepasswd libgd-dev libgeoip-dev -y create a directory # mkdir /usr/local/src/nginx/ # cd /usr/local/src/nginx/ download and extract nginx tar # wget -qO- http://nginx.org/download/nginx-1.14.2.tar.gz | tar zxf - clone nginx rtmp module # git clone https://github.com/arut/nginx-rtmp-module Download other modules - PCRE version 8.42 # wget https://ftp.pcre.org/pub/pcre/pcre-8.42.tar.gz && tar xzvf pcre-8.42.tar.gz - zlib version 1.2.11 # wget https://www.zlib.net/zlib-1.2.11.tar.gz && tar xzvf zlib-1.2.11.tar.gz - OpenSSL version 1.1.0h # wget https://www.openssl.org/source/openssl-1.1.0h.tar.gz && tar xzvf openssl-1.1.0h.tar.gz # cd nginx-1.14.2/ configure  nginx with modules and options # ./configure --add-modu
Read more