Red Hat SummitAppendix B. Manual Procedure Automated by Ansible Playbooks
The Ansible-based solution provided by this document is designed to automate a manual procedure for configuring Instance HA in a supported manner. For reference, this appendix provides the steps automated by the solution.
Stop and disable the Compute service on each Compute node:
heat-admin@compute-n $ sudo systemctl stop openstack-nova-compute heat-admin@compute-n $ sudo systemctl disable openstack-nova-compute
heat-admin@compute-n $ sudo systemctl stop openstack-nova-compute heat-admin@compute-n $ sudo systemctl disable openstack-nova-computeCopy to Clipboard Copied! Toggle word wrap Toggle overflow Create an authentication key for use with pacemaker-remote. Perform this step on the director node:
stack@director # dd if=/dev/urandom of=~/authkey bs=4096 count=1
stack@director # dd if=/dev/urandom of=~/authkey bs=4096 count=1Copy to Clipboard Copied! Toggle word wrap Toggle overflow Copy this key to the Compute and Controller nodes:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow On each Compute node, enable the pacemaker-remote service and configure the firewall accordingly:
heat-admin@compute-n $ sudo systemctl enable pacemaker_remote heat-admin@compute-n $ sudo systemctl start pacemaker_remote heat-admin@compute-n $ sudo iptables -I INPUT 11 -p tcp --dport 3121 -j ACCEPT ; /sbin/service iptables save
heat-admin@compute-n $ sudo systemctl enable pacemaker_remote heat-admin@compute-n $ sudo systemctl start pacemaker_remote heat-admin@compute-n $ sudo iptables -I INPUT 11 -p tcp --dport 3121 -j ACCEPT ; /sbin/service iptables saveCopy to Clipboard Copied! Toggle word wrap Toggle overflow Confirm that the required versions of the pacemaker (
1.1.12-22.el7_1.4.x86_64) and resource-agents (3.9.5-40.el7_1.5.x86_64) packages are installed on the Controller and Compute nodes:heat-admin@controller-n $ sudo rpm -qa | egrep \'(pacemaker|resource-agents)'
heat-admin@controller-n $ sudo rpm -qa | egrep \'(pacemaker|resource-agents)'Copy to Clipboard Copied! Toggle word wrap Toggle overflow Create a NovaEvacuate active/passive resource using the overcloudrc file to provide the
auth_url,username,tenantandpasswordvalues:stack@director # scp overcloudrc heat-admin@controller-1:~/ heat-admin@controller-1 $ . ~/overcloudrc heat-admin@controller-1 $ sudo pcs resource create nova-evacuate ocf:openstack:NovaEvacuate auth_url=$OS_AUTH_URL username=$OS_USERNAME password=$OS_PASSWORD tenant_name=$OS_TENANT_NAME
stack@director # scp overcloudrc heat-admin@controller-1:~/ heat-admin@controller-1 $ . ~/overcloudrc heat-admin@controller-1 $ sudo pcs resource create nova-evacuate ocf:openstack:NovaEvacuate auth_url=$OS_AUTH_URL username=$OS_USERNAME password=$OS_PASSWORD tenant_name=$OS_TENANT_NAMECopy to Clipboard Copied! Toggle word wrap Toggle overflow NoteIf you are not using shared storage, include the no_shared_storage=1 option. See Section 2.1, “Exceptions for Shared Storage” for more information.
ImportantAs mentioned earlier in Chapter 2, Environment Requirements and Assumptions, the $OS_AUTH_URL must be the reachable by each Compute node. This environment variable should be set to either the overcloud’s authentication service or the internal authentication URL.
Confirm that nova-evacuate is started after the floating IP resources, and the Image Service (glance), OpenStack Networking (neutron), Compute (nova) services:
heat-admin@controller-1 $ for i in $(sudo pcs status | grep IP | awk \'{ print $1 }\'); do sudo pcs constraint order start $i then nova-evacuate ; doneheat-admin@controller-1 $ for i in $(sudo pcs status | grep IP | awk \'{ print $1 }\'); do sudo pcs constraint order start $i then nova-evacuate ; doneCopy to Clipboard Copied! Toggle word wrap Toggle overflow Create a list of the current Controllers using
cibadmindata:heat-admin@controller-1 $ controllers=$(sudo cibadmin -Q -o nodes | grep uname | sed s/.\*uname..// | awk -F\" \'{print $1}') heat-admin@controller-1 $ echo $controllersheat-admin@controller-1 $ controllers=$(sudo cibadmin -Q -o nodes | grep uname | sed s/.\*uname..// | awk -F\" \'{print $1}') heat-admin@controller-1 $ echo $controllersCopy to Clipboard Copied! Toggle word wrap Toggle overflow Use this list to tag these nodes as Controllers with the
osprole=controllerproperty:heat-admin@controller-1 $ for controller in ${controllers}; do sudo pcs property set --node ${controller} osprole=controller ; done heat-admin@controller-1 $ sudo pcs propertyheat-admin@controller-1 $ for controller in ${controllers}; do sudo pcs property set --node ${controller} osprole=controller ; done heat-admin@controller-1 $ sudo pcs propertyCopy to Clipboard Copied! Toggle word wrap Toggle overflow The newly-assigned roles should be visible under the
Node attributessection.Build a list of stonith devices already present in the environment:
heat-admin@controller-1 $ stonithdevs=$(sudo pcs stonith | awk \'{print $1}') heat-admin@controller-1 $ echo $stonithdevsheat-admin@controller-1 $ stonithdevs=$(sudo pcs stonith | awk \'{print $1}') heat-admin@controller-1 $ echo $stonithdevsCopy to Clipboard Copied! Toggle word wrap Toggle overflow Tag the control plane services to make sure they only run on the Controllers identified above, skipping any stonith devices listed:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Populate the nova-compute resources within pacemaker:
heat-admin@controller-1 $ . /home/heat-admin/overcloudrc heat-admin@controller-1 $ sudo pcs resource create nova-compute-checkevacuate ocf:openstack:nova-compute-wait auth_url=$OS_AUTH_URL username=$OS_USERNAME password=$OS_PASSWORD tenant_name=$OS_TENANT_NAME domain=localdomain op start timeout=300 --clone interleave=true --disabled --force
heat-admin@controller-1 $ . /home/heat-admin/overcloudrc heat-admin@controller-1 $ sudo pcs resource create nova-compute-checkevacuate ocf:openstack:nova-compute-wait auth_url=$OS_AUTH_URL username=$OS_USERNAME password=$OS_PASSWORD tenant_name=$OS_TENANT_NAME domain=localdomain op start timeout=300 --clone interleave=true --disabled --forceCopy to Clipboard Copied! Toggle word wrap Toggle overflow NoteThis command assumes that you are using the default cloud domain name localdomain. If you are using a custom cloud domain name, set it as the value of the domain= parameter.
ImportantAs mentioned earlier in Chapter 2, Environment Requirements and Assumptions, the $OS_AUTH_URL must be the reachable by each Compute node. This environment variable should be set to either the overcloud’s authentication service or the internal authentication URL.
heat-admin@controller-1 $ sudo pcs constraint location nova-compute-checkevacuate-clone rule resource-discovery=exclusive score=0 osprole eq compute heat-admin@controller-1 $ sudo pcs resource create nova-compute systemd:openstack-nova-compute op start timeout=60s --clone interleave=true --disabled --force heat-admin@controller-1 $ sudo pcs constraint location nova-compute-clone rule resource-discovery=exclusive score=0 osprole eq compute heat-admin@controller-1 $ sudo pcs constraint order start nova-compute-checkevacuate-clone then nova-compute-clone require-all=true heat-admin@controller-1 $ sudo pcs constraint order start nova-compute-clone then nova-evacuate require-all=false
heat-admin@controller-1 $ sudo pcs constraint location nova-compute-checkevacuate-clone rule resource-discovery=exclusive score=0 osprole eq compute heat-admin@controller-1 $ sudo pcs resource create nova-compute systemd:openstack-nova-compute op start timeout=60s --clone interleave=true --disabled --force heat-admin@controller-1 $ sudo pcs constraint location nova-compute-clone rule resource-discovery=exclusive score=0 osprole eq compute heat-admin@controller-1 $ sudo pcs constraint order start nova-compute-checkevacuate-clone then nova-compute-clone require-all=true heat-admin@controller-1 $ sudo pcs constraint order start nova-compute-clone then nova-evacuate require-all=falseCopy to Clipboard Copied! Toggle word wrap Toggle overflow Add stonith devices for the Compute nodes. Run the following command for each Compute node:
heat-admin@controller-1 $ sudo pcs stonith create ipmilan-overcloud-compute-N fence_ipmilan pcmk_host_list=overcloud-compute-0 ipaddr=10.35.160.78 login=IPMILANUSER passwd=IPMILANPW lanplus=1 cipher=1 op monitor interval=60s;
heat-admin@controller-1 $ sudo pcs stonith create ipmilan-overcloud-compute-N fence_ipmilan pcmk_host_list=overcloud-compute-0 ipaddr=10.35.160.78 login=IPMILANUSER passwd=IPMILANPW lanplus=1 cipher=1 op monitor interval=60s;Copy to Clipboard Copied! Toggle word wrap Toggle overflow Where:
-
N is the identifying number of each compute node (for example,
ipmilan-overcloud-compute-1,ipmilan-overcloud-compute-2, and so on). - IPMILANUSER and IPMILANPW are the username and password to the IPMI device.
-
N is the identifying number of each compute node (for example,
Create a separate fence-nova stonith device:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow NoteThis command assumes that you are using the default cloud domain name localdomain. If you are using a custom cloud domain name, set it as the value of the domain= parameter.
If you are not using shared storage, include the no_shared_storage=1 option. See Section 2.1, “Exceptions for Shared Storage” for more information.
Configure the required constraints for fence-nova:
heat-admin@controller-1 $ sudo pcs constraint location fence-nova rule resource-discovery=never score=0 osprole eq controller heat-admin@controller-1 $ sudo pcs constraint order promote galera-master then fence-nova require-all=false heat-admin@controller-1 $ sudo pcs constraint order start fence-nova then nova-compute-clone
heat-admin@controller-1 $ sudo pcs constraint location fence-nova rule resource-discovery=never score=0 osprole eq controller heat-admin@controller-1 $ sudo pcs constraint order promote galera-master then fence-nova require-all=false heat-admin@controller-1 $ sudo pcs constraint order start fence-nova then nova-compute-cloneCopy to Clipboard Copied! Toggle word wrap Toggle overflow Make certain the Compute nodes are able to recover after fencing:
heat-admin@controller-1 $ sudo pcs property set cluster-recheck-interval=1min
heat-admin@controller-1 $ sudo pcs property set cluster-recheck-interval=1minCopy to Clipboard Copied! Toggle word wrap Toggle overflow Create Compute node resources and set the stonith level 1 to include both the nodes’s physical fence device and fence-nova. To do so, run the following for each Compute node:
heat-admin@controller-1 $ sudo pcs resource create overcloud-compute-N ocf:pacemaker:remote reconnect_interval=60 op monitor interval=20 heat-admin@controller-1 $ sudo pcs property set --node overcloud-compute-N osprole=compute heat-admin@controller-1 $ sudo pcs stonith level add 1 overcloud-compute-N ipmilan-overcloud-compute-N,fence-nova heat-admin@controller-1 $ sudo pcs stonith
heat-admin@controller-1 $ sudo pcs resource create overcloud-compute-N ocf:pacemaker:remote reconnect_interval=60 op monitor interval=20 heat-admin@controller-1 $ sudo pcs property set --node overcloud-compute-N osprole=compute heat-admin@controller-1 $ sudo pcs stonith level add 1 overcloud-compute-N ipmilan-overcloud-compute-N,fence-nova heat-admin@controller-1 $ sudo pcs stonithCopy to Clipboard Copied! Toggle word wrap Toggle overflow Replace N with the identifying number of each compute node (for example,
overcloud-compute-1,overcloud-compute-2, and so on). Use these identifying numbers to match each Compute nodes with the stonith devices created earlier (for example,overcloud-compute-1andipmilan-overcloud-compute-1).
Allow some time for the environment to settle before cleaning up any failed resources:
heat-admin@controller-1 $ sleep 60 heat-admin@controller-1 $ sudo pcs resource cleanup heat-admin@controller-1 $ sudo pcs status heat-admin@controller-1 $ sudo pcs property set stonith-enabled=true
heat-admin@controller-1 $ sleep 60
heat-admin@controller-1 $ sudo pcs resource cleanup
heat-admin@controller-1 $ sudo pcs status
heat-admin@controller-1 $ sudo pcs property set stonith-enabled=true
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}