remarque<\/ins>: les actions suivantes sont \u00e0 r\u00e9aliser sur les deux noeuds.<\/p>\n\n\n\n Installer les paquets n\u00e9cessaires :<\/p>\n\n\n\n Autoriser le d\u00e9marrage de CoroSync :<\/p>\n\n\n\n Sauvegarder la configuration par d\u00e9faut de CoroSync :<\/p>\n\n\n\n Modifier le fichier hosts :<\/p>\n\n\n\n G\u00e9n\u00e9rer une paire de cl\u00e9s RSA pour SSH (sans mot de passe) :<\/p>\n\n\n\n Copier la cl\u00e9 publique sur le second noeud :<\/p>\n\n\n\n remarque<\/ins>: les actions suivantes sont \u00e0 r\u00e9aliser sur le premier noeud.<\/p>\n\n\n\n G\u00e9n\u00e9rer des I\/O :<\/p>\n\n\n\n En parall\u00e8le, g\u00e9n\u00e9rer une cl\u00e9 pour Corosync :<\/p>\n\n\n\n Supprimer le fichier temporaire pr\u00e9c\u00e9demment cr\u00e9\u00e9 :<\/p>\n\n\n\n Copier la cl\u00e9 pr\u00e9c\u00e9demment g\u00e9n\u00e9r\u00e9e sur le second noeud :<\/p>\n\n\n\n remarque<\/ins>: les actions suivantes sont \u00e0 r\u00e9aliser sur les deux noeuds.<\/p>\n\n\n\n Modifier le fichier de configuration de Corosync<\/p>\n\n\n\n D\u00e9marrer CoroSync :<\/p>\n\n\n\n V\u00e9rifier l’\u00e9tat du cluster :<\/p>\n\n\n\n Ajouter un agent OCF HTTPCheck :<\/p>\n\n\n\n Corriger l’agent OCF Squid :<\/p>\n\n\n\n remarque: les actions suivantes sont \u00e0 r\u00e9aliser sur le premier noeud. Configurer les ressources du cluster :<\/p>\n\n\n\n Installation et pr\u00e9-configuration de CoroSync remarque: les actions suivantes sont \u00e0 r\u00e9aliser sur les deux noeuds. Installer les paquets n\u00e9cessaires : # aptitude install corosync pacemaker Autoriser le d\u00e9marrage de CoroSync : …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[35,32,8,9,42,34],"class_list":["post-52","post","type-post","status-publish","format-standard","hentry","category-computing","tag-cluster","tag-corosync","tag-debian","tag-linux","tag-ocf","tag-pacemaker"],"_links":{"self":[{"href":"https:\/\/www.n3oxid.fr\/index.php?rest_route=\/wp\/v2\/posts\/52","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.n3oxid.fr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.n3oxid.fr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.n3oxid.fr\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.n3oxid.fr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=52"}],"version-history":[{"count":1,"href":"https:\/\/www.n3oxid.fr\/index.php?rest_route=\/wp\/v2\/posts\/52\/revisions"}],"predecessor-version":[{"id":53,"href":"https:\/\/www.n3oxid.fr\/index.php?rest_route=\/wp\/v2\/posts\/52\/revisions\/53"}],"wp:attachment":[{"href":"https:\/\/www.n3oxid.fr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=52"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.n3oxid.fr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=52"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.n3oxid.fr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=52"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}# aptitude install corosync pacemaker\n<\/pre>\n\n\n\n
# sed -i 's\/START=no\/START=yes\/' \/etc\/default\/corosync\n<\/pre>\n\n\n\n
# cp \/etc\/corosync\/corosync.conf \/etc\/corosync\/corosync.conf.original\n<\/pre>\n\n\n\n
# sed -i 's\/^10.20.*$\/10.20.30.1\\tvm-debian1.france.local\\tvm-debian1\\n10.20.30.2\\tvm-debian2.france.local\\tvm-debian2\/' \/etc\/hosts\n<\/pre>\n\n\n\n
# ssh-keygen -b 2048\n<\/pre>\n\n\n\n
# if hostname | grep -q 1; then ssh-copy-id $(hostname | sed 's\/1\/2\/'); else ssh-copy-id $(hostname | sed 's\/2\/1\/'); fi\n<\/pre>\n\n\n\n
# dd if=\/dev\/urandom of=\/tmp\/temp bs=1024 count=1000000&\n<\/pre>\n\n\n\n
# corosync-keygen\n<\/pre>\n\n\n\n
# rm \/tmp\/temp\n<\/pre>\n\n\n\n
# scp \/etc\/corosync\/authkey sfrafilx02:\/etc\/corosync\/authkey\n<\/pre>\n\n\n\n
# vim \/etc\/corosync\/corosync.conf\n<\/pre>\n\n\n\n
# Please read the openais.conf.5 manual page\n\ntotem {\n version: 2\n\n # How long before declaring a token lost (ms)\n token: 3000\n\n # How many token retransmits before forming a new configuration\n token_retransmits_before_loss_const: 10\n\n # How long to wait for join messages in the membership protocol (ms)\n join: 60\n\n # How long to wait for consensus to be achieved before starting a new round of membership configuration (ms)\n consensus: 3600\n\n # Turn off the virtual synchrony filter\n vsftype: none\n\n # Number of messages that may be sent by one processor on receipt of the token\n max_messages: 20\n\n # Limit generated nodeids to 31-bits (positive signed integers)\n clear_node_high_bit: yes\n\n # Disable encryption\n secauth: off\n\n # How many threads to use for encryption\/decryption\n threads: 0\n\n # Optionally assign a fixed node id (integer)\n # nodeid: 1234\n\n # This specifies the mode of redundant ring, which may be none, active, or passive.\n rrp_mode: none\n\n interface {\n # The following values need to be set based on your environment\n ringnumber: 0\n bindnetaddr: 10.20.30.1\n mcastaddr: 226.94.1.1\n mcastport: 5405\n }\n}\n\namf {\n mode: disabled\n}\n\nservice {\n # Load the Pacemaker Cluster Resource Manager\n ver: 0\n name: pacemaker\n use_mgmtd: 1\n}\n\naisexec {\n user: root\n group: root\n}\n\nlogging {\n fileline: off\n to_stderr: yes\n to_logfile: yes\n logfile: \/var\/log\/corosync.log\n logfile_priority: info\n to_syslog: no\n syslog_facility: daemon\n debug: off\n timestamp: on\n logger_subsys {\n subsys: AMF\n debug: off\n tags: enter|leave|trace1|trace2|trace3|trace4|trace6\n }\n}\n<\/pre>\n\n\n\n# \/etc\/init.d\/corosync start\n<\/pre>\n\n\n\n
# crm_mon -1\n<\/pre>\n\n\n\n
Pr\u00e9paration des agents pour l’Open Cluster Framework (OCF)<\/h2>\n\n\n\n
# mkdir \/usr\/lib\/ocf\/resource.d\/myscripts\n# vim \/usr\/lib\/ocf\/resource.d\/myscripts\/HTTPCheck\n<\/pre>\n\n\n\n
#!\/bin\/sh\n#\n#\n# HTTPCheck OCF RA. It checks the accessibility of a Web resource.\n#\n# Copyright (c) 2004 SUSE LINUX AG, Lars Marowsky-Br\u00c3\u00a9\n# All Rights Reserved.\n#\n# This program is free software; you can redistribute it and\/or modify\n# it under the terms of version 2 of the GNU General Public License as\n# published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it would be useful, but\n# WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\n#\n# Further, this software is distributed without any warranty that it is\n# free of the rightful claim of any third person regarding infringement\n# or the like. Any license provided herein, whether implied or\n# otherwise, applies only to this software file. Patent licenses, if\n# any, provided herein do not apply to combinations of this program with\n# other software, or any other product whatsoever.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write the Free Software Foundation,\n# Inc., 59 Temple Place - Suite 330, Boston MA 02111-1307, USA.\n#\n#######################################################################\n# OCF parameters:\n# OCF_RESKEY_url : Web resource URL\n#\n#######################################################################\n# Initialization:\n\n. ${OCF_ROOT}\/resource.d\/heartbeat\/.ocf-shellfuncs\n\n#######################################################################\n\nmeta_data() {\n cat <<END\n<?xml version=\"1.0\"?>\n<!DOCTYPE resource-agent SYSTEM \"ra-api-1.dtd\">\n<resource-agent name=\"HTTPCheck\" version=\"0.9\">\n<version>1.0<\/version>\n\n<longdesc lang=\"en\">\nThis is HTTPCheck Resource Agent.\nIt checks the accessibility of a Web resource using wget binary.\nRemember that you can configure wget options through \/etc\/wgetrc\nconfiguration file.\n<\/longdesc>\n<shortdesc lang=\"en\">HTTPCheck resource agent<\/shortdesc>\n\n<parameters>\n\n<parameter name=\"url\" unique=\"0\" required=\"1\">\n<longdesc lang=\"en\">\nThis is a required parameter. This parameter specifies the Web resource to check.\n<\/longdesc>\n<shortdesc lang=\"en\">Web resource<\/shortdesc>\n<content type=\"string\" default=\"www.debian.org\" \/>\n<\/parameter>\n\n<parameter name=\"state\" unique=\"1\">\n<longdesc lang=\"en\">\nLocation to store the resource state in.\n<\/longdesc>\n<shortdesc lang=\"en\">State file<\/shortdesc>\n<content type=\"string\" default=\"${HA_VARRUN}\/OCF-{OCF_RESOURCE_INSTANCE}.state\" \/>\n<\/parameter>\n\n<\/parameters>\n\n<actions>\n<action name=\"start\" timeout=\"15\" \/>\n<action name=\"stop\" timeout=\"15\" \/>\n<action name=\"monitor\" timeout=\"15\" interval=\"10\" depth=\"0\" start-delay=\"0\" \/>\n<action name=\"meta-data\" timeout=\"5\" \/>\n<action name=\"validate-all\" timeout=\"30\" \/>\n<\/actions>\n<\/resource-agent>\nEND\n}\n\n#######################################################################\n\nhttpcheck_usage() {\n cat <<END\nusage: $0 {start|stop|monitor|validate-all|meta-data}\n\nExpects to have a fully populated OCF RA-compliant environment set.\nEND\n}\n\nhttpcheck_start() {\n httpcheck_monitor\n if [ $? = $OCF_SUCCESS ]; then\n return $OCF_SUCCESS\n fi\n \/usr\/bin\/wget -q -t 1 -T 4 --no-dns-cache --no-cache -4 -O ${OCF_RESKEY_state} $OCF_RESKEY_url\n}\n\nhttpcheck_stop() {\n httpcheck_monitor\n if [ $? != $OCF_NOT_RUNNING ]; then\n rm ${OCF_RESKEY_state}\n fi\n return $OCF_SUCCESS\n}\n\nhttpcheck_monitor() {\n # Monitor _MUST!_ differentiate correctly between running\n # (SUCCESS), failed (ERROR) or _cleanly_ stopped (NOT RUNNING).\n # That is THREE states, not just yes\/no.\n\n if [ ! -f ${OCF_RESKEY_state} ]; then\n return $OCF_NOT_RUNNING\n else\n if \/usr\/bin\/wget -q -t 1 -T 4 --no-dns-cache --no-cache -4 -O ${OCF_RESKEY_state} $OCF_RESKEY_url; then\n return $OCF_SUCCESS\n else\n return $OCF_ERR_GENERIC\n fi\n fi\n}\n\nhttpcheck_validate() {\n\n # Is the state directory writable?\n state_dir=`dirname \"$OCF_RESKEY_state\"`\n touch \"$state_dir\/$$\"\n if [ $? != 0 ]; then\n return $OCF_ERR_ARGS\n fi\n rm \"$state_dir\/$$\"\n\n return $OCF_SUCCESS\n}\n\n: ${OCF_RESKEY_CRM_meta_interval=0}\n: ${OCF_RESKEY_CRM_meta_globally_unique:=\"true\"}\n\nif [ \"x$OCF_RESKEY_state\" = \"x\" ]; then\n if [ ${OCF_RESKEY_CRM_meta_globally_unique} = \"false\" ]; then\n state=\"${HA_VARRUN}\/OCF-${OCF_RESOURCE_INSTANCE}.state\"\n\n # Strip off the trailing clone marker\n OCF_RESKEY_state=`echo $state | sed s\/:[0-9][0-9]*\\.state\/.state\/`\n else\n OCF_RESKEY_state=\"${HA_VARRUN}\/OCF-${OCF_RESOURCE_INSTANCE}.state\"\n fi\nfi\n\nif [ \"x$OCF_RESKEY_url\" = \"x\" ]; then\n OCF_RESKEY_url=\"www.debian.org\"\nfi\n\ncase $__OCF_ACTION in\nmeta-data) meta_data;;\nstart) httpcheck_start;;\nstop) httpcheck_stop;;\nmonitor) httpcheck_monitor;;\nvalidate-all) httpcheck_validate;;\nusage|help) httpcheck_usage\n exit $OCF_SUCCESS\n ;;\n*) httpcheck_usage\n exit $OCF_ERR_UNIMPLEMENTED\n ;;\nesac\nrc=$?\nocf_log debug \"${OCF_RESOURCE_INSTANCE} $__OCF_ACTION : $rc\"\nexit $rc\n<\/pre>\n\n\n\n# chmod +x \/usr\/lib\/ocf\/resource.d\/myscripts\/HTTPCheck\n<\/pre>\n\n\n\n
# cp \/usr\/lib\/ocf\/resource.d\/heartbeat\/Squid \/usr\/lib\/ocf\/resource.d\/heartbeat\/Squid.original\n# vim \/usr\/lib\/ocf\/resource.d\/heartbeat\/Squid\n ligne 198 : awk '\/(tcp.*[0-9]+\\.[0-9]+\\.+[0-9]+\\.[0-9]+:'$SQUID_PORT' |tcp.*:::'$SQUID_PORT' )\/{\n<\/pre>\n\n\n\nConfiguration du cluster Pacemaker (CRM)<\/h2>\n\n\n\n
# crm configure property stonith-enabled=false\n# crm configure property no-quorum-policy=ignore\n# crm configure rsc_defaults resource-stickiness=100\n# crm configure primitive ClusterIP ocf:heartbeat:IPaddr2 \\\n params ip=10.20.30.3 cidr_netmask=24 \\\n op monitor interval=30\n# crm configure primitive Proxy ocf:heartbeat:Squid \\\n params squid_exe=\"\/usr\/sbin\/squid3\" squid_conf=\"\/etc\/squid3\/squid.conf\" squid_pidfile=\"\/var\/run\/squid3.pid\" squid_port=\"3128\" squid_stop_timeout=\"30\" \\\n op start interval=\"0\" timeout=\"60s\" \\\n op stop interval=\"0\" timeout=\"120s\" \\\n op monitor interval=\"20s\" timeout=\"30s\"\n# crm configure primitive HTTPCheck ocf:myscripts:HTTPCheck \\\n params url=\"kb.france.local\" \\\n op monitor interval=\"120s\"\n# crm configure primitive WebSite lsb:apache2 op monitor interval=\"60sec\"\n# crm configure location proxy-prefer-node1 Proxy 50: vm-debian1\n# crm configure location website-prefer-node1 WebSite 50: vm-debian1\n# crm configure colocation proxy-with-clusterip inf: Proxy ClusterIP\n# crm configure colocation website-with-clusterip inf: WebSite ClusterIP\n# crm configure colocation httpcheck-with-proxy inf: HTTPCheck Proxy\n# crm configure order apache-after-clusterip inf: ClusterIP WebSite\n# crm configure order squid-after-clusterip inf: ClusterIP Proxy\n# crm configure order httpcheck-after-proxy inf: Proxy HTTPCheck<\/pre>\n","protected":false},"excerpt":{"rendered":"