RHCA436-基于CentOS8pacemaker+corosync 集群部署-ansible部署集群
安装部署集群
- 用yum模块安装pcs软件和fence代理软件
- 用firewalld配置防火墙规则
- 用user模块设置hacluster用户的密码
- 用service模块开启pcsd服务,设置开机自启
实验:配置安装集群
1.准备工作
[student@workstation ~]$ lab start auto-ha
2.查看playbook
[student@workstation ~]$ cd labs/auto-ha/ [student@workstation auto-ha]$ cat 01-preparing.yml --- - name: Preparing the nodes for Red Hat High Availability cluster hosts: nodes become: yes gather_facts: no vars_files: - passwords.yml tasks: - name: Ensuring the cluster packages are present yum: state: present name: - pcs - fence-agents-ipmilan - name: Ensuring the required ports are open firewalld: service: high-availability permanent: yes state: enabled immediate: yes - name: Ensuring the password for hacluster is configured user: name: hacluster password: "{{ ha_password | password_hash('sha512') }}" - name: Ensuring the pcsd service is started and enabled service: name: pcsd state: started enabled: yes ...
3.查看密码文件
[student@workstation auto-ha]$ ansible-vault view passwords.yml Vault password: redhat --- ha_password: tbe6W3hz ipmi_login: admin ipmi_password: password
4.安装集群前的准备工作
[student@workstation auto-ha]$ ansible-playbook --ask-vault-pass 01-preparing.yml Vault password: redhat
5.编辑playbook
[student@workstation auto-ha]$ cat 02-deploying.yml --- - name: Deploying a Red Hat High Availability cluster hosts: nodea become: yes gather_facts: no vars_files: - passwords.yml vars: ha_cluster_name: cluster1 ha_nodes: - nodea.private.example.com - nodeb.private.example.com - nodec.private.example.com tasks: - name: Ensuring the cluster nodes are authenticated command: # password of the hacluster user: {{ ha_password }} # space-delimited list of nodes: {{ ha_nodes | join(' ') }} cmd: "pcs host auth -u hacluster -p {{ ha_password }} {{ ha_nodes | join(' ') }}" register: auth_cluster changed_when: "'Authorized' in auth_cluster['stdout']" - name: Checking the cluster configuration stat: path: /etc/corosync/corosync.conf register: cluster_config - name: Ensuring the cluster exists command: # cluster name: {{ ha_cluster_name }} # space-delimited list of nodes: {{ ha_nodes | join(' ') }} cmd: "pcs cluster setup {{ ha_cluster_name }} {{ ha_nodes | join(' ') }}" register: create_cluster changed_when: "'successfully set up' in create_cluster['stdout']" when: not cluster_config['stat']['exists'] #判断文件是否存在 - name: Ensuring the cluster is enabled command: cmd: pcs cluster enable --all register: enable_cluster changed_when: "'Cluster Enabled' in enable_cluster['stdout']" - name: Ensuring the cluster is started command: cmd: pcs cluster start --all --request-timeout=180 --wait=180 register: start_cluster changed_when: "'Starting Cluster' in start_cluster['stdout']" ... 说明: change_when: 当条件成立,则将任务改为change状态 --request-timeout=180: 集群启动超时时间为180s,给予充分的时间启动,集群节点如果180内没有反应,则不再启动 --wait: 等待该命令180s,如果还未完成,则返回错误
6.执行安装
[student@workstation auto-ha]$ ansible-playbook --ask-vault-pass 02-deploying.yml Vault password: redhat
7.测试集群已经启动
[root@nodea ~]# pcs status Cluster name: cluster1
8.配置fence
[student@workstation auto-ha]$ cat 03-stonith.yml --- - name: Configuring fencing hosts: nodea become: yes gather_facts: no vars_files: - passwords.yml vars: stonith_timeout: 180 tasks: - name: Checking if the global STONITH timeout is set command: cmd: pcs property show stonith-timeout register: stonith changed_when: false - name: Ensuring the global STONITH timeout is set command: cmd: "pcs property set stonith-timeout={{ stonith_timeout }}s" when: "('stonith-timeout: ' + stonith_timeout|string + 's') not in stonith['stdout']" # pcs property set stonith-timeout=180s 设置stonith操作(fence)的超时时间是180s - name: Ensuring the STONITH resources exist include_tasks: create_ipmi.yml loop: - id: fence_nodea node: nodea.private.example.com ip: 192.168.0.101 # ipmi_login and ipmi_password are defined in the Vault protected # passwords.yml file. login: "{{ ipmi_login }}" password: "{{ ipmi_password }}" - id: fence_nodeb node: nodeb.private.example.com ip: 192.168.0.102 login: "{{ ipmi_login }}" password: "{{ ipmi_password }}" - id: fence_nodec node: nodec.private.example.com ip: 192.168.0.103 login: "{{ ipmi_login }}" password: "{{ ipmi_password }}" ... [student@workstation auto-ha]$ cat create_ipmi.yml --- # Task file that creates a fence resource using the fence_ipmilan fencing agent. # # Expected variables: # stonith_timeout # item # # The item variable must be a dictionary with the following entries: # id: name of the fence resource to create or update # node: name of the cluster node # ip: IP address of the IPMI over LAN device # login: User name for accessing the IPMI over LAN device # password: Associated password - name: Checking if the STONITH resource exists command: cmd: "pcs stonith config {{ item['id'] }}" register: result failed_when: false changed_when: false - name: Ensuring the fence resource exists command: cmd: "pcs stonith create {{ item['id'] }} fence_ipmilan pcmk_host_list={{ item['node'] }} ip={{ item['ip'] }} username={{ item['login'] }} password={{ item['password'] }} lanplus=1 power_timeout={{ stonith_timeout }}" when: result['rc'] != 0 - name: Ensuring the fence resource is updated command: cmd: "pcs stonith update {{ item['id'] }} pcmk_host_list={{ item['node'] }} ip={{ item['ip'] }} username={{ item['login'] }} password={{ item['password'] }} lanplus=1 power_timeout={{ stonith_timeout }}" when: result['rc'] == 0 ... #执行安装 [student@workstation auto-ha]$ ansible-playbook --ask-vault-pass 03-stonith.yml
9.查看集群状态
#查看集群状态 [root@nodea ~]# pcs status
10.清理环境
[student@workstation auto-ha]$ lab finish auto-ha
实验:配置集群资源
1.准备工作
[student@workstation ~]$ lab start auto-res
2.查看playbook
[student@workstation auto-res]$ pwd /home/student/labs/auto-res [student@workstation auto-res]$ ls 01-deploy-httpd.yml 03-smoke-test.yml inventory solutions 02-create-resources.yml ansible.cfg resourcegroup.yml
3.安装httpd服务和放行防火墙和selinux
#安装 [student@workstation auto-res]$ ansible-playbook 01-deploy-httpd.yml [student@workstation auto-res]$ cat 01-deploy-httpd.yml --- - name: Deploying Apache HTTP Server on the nodes hosts: nodes become: yes gather_facts: no tasks: - name: Ensuring the httpd package is installed yum: name: httpd state: present - name: Ensuring the required ports are open firewalld: service: http permanent: yes state: enabled immediate: yes - name: Ensuring SELinux allows Apache HTTP Server to access NFS shares seboolean: name: httpd_use_nfs state: yes persistent: yes ...
3.创建资源
[student@workstation auto-res]$ ansible-playbook 02-create-resources.yml [student@workstation auto-res]$ cat 02-create-resources.yml --- - name: Creating the cluster resources to manage Apache HTTP Server hosts: nodes[0] become: yes gather_facts: no tasks: - name: Collecting the existing resources command: cmd: pcs resource config changed_when: false register: resources - name: Ensuring the firstwebfs resource exists command: cmd: > pcs resource create firstwebfs Filesystem device=storage.san01.example.com:/srv/www directory=/var/www fstype=nfs options=ro --group=firstweb --wait=60 when: "'firstwebfs' not in resources['stdout']" - name: Ensuring the firstwebserver resource exists command: cmd: pcs resource create firstwebserver apache --group=firstweb --wait=60 when: "'firstwebserver' not in resources['stdout']" - name: Ensuring the firstwebip resource exists command: cmd: > pcs resource create firstwebip IPaddr2 ip=172.25.250.80 cidr_netmask=24 --group=firstweb --wait=60 when: "'firstwebip' not in resources['stdout']" ... 说明: --wait: 等待该命令180s,如果还未完成,则返回错误
4.测试
[student@workstation auto-res]$ curl 172.25.250.80 Hello, world!
