Red Hat Summit Red Hat SummitSupportConsoleDéveloppeursCommencer un essaiContact

Ce contenu n'est pas disponible dans la langue sélectionnée.

10.3. Preparing to Deploy Geo-replication

This section provides an overview of geo-replication deployment scenarios, lists prerequisites, and describes how to setup the environment for geo-replication session.

10.3.1. Exploring Geo-replication Deployment Scenarios
Copier lien

Geo-replication provides an incremental replication service over Local Area Networks (LANs), Wide Area Network (WANs), and the Internet. This section illustrates the most common deployment scenarios for geo-replication, including the following:
  • Geo-replication over LAN
  • Geo-replication over WAN
  • Geo-replication over the Internet
  • Multi-site cascading geo-replication
Geo-replication over LAN
Geo-replication over LAN
View larger image
Geo-replication over LAN
Geo-replication over WAN
Geo-replication over WAN
View larger image
Geo-replication over WAN
Geo-replication over Internet
Geo-replication over Internet
View larger image
Geo-replication over Internet
Multi-site cascading Geo-replication
Multi-site cascading geo-replication
View larger image
Multi-site cascading geo-replication

10.3.2. Geo-replication Deployment Overview
Copier lien

Deploying geo-replication involves the following steps:
  1. Verify that your environment matches the minimum system requirements. See Section 10.3.3, “Prerequisites”.
  2. Determine the appropriate deployment scenario. See Section 10.3.1, “Exploring Geo-replication Deployment Scenarios”.
  3. Start geo-replication on the master and slave systems. See Section 10.4, “Starting Geo-replication”.

10.3.3. Prerequisites
Copier lien

The following are prerequisites for deploying geo-replication:
Note that these prerequisites only need to be carried out once from one cluster to another cluster, so if you are syncing multiple volumes from the same master cluster to the same slave cluster, you need only perform these prerequisites once.
  • The master and slave volumes must use the same version of Red Hat Gluster Storage.
  • Nodes in the slave volume must not be part of the master volume. Two separate trusted storage pools are required.
  • Disable the performance.quick-read option in the slave volume using the following command: 
    [slave ~]# gluster volume set slavevol performance.quick-read off
    Copy to Clipboard Toggle word wrap
  • Time must be synchronized between all master and slave nodes before geo-replication is configured. Red Hat recommends setting up a network time protocol service to keep time synchronized between bricks and servers, and avoid out-of-time synchronization errors.
    See Network Time Protocol Setup for more information.
  • Add the required port for geo-replication from the ports listed in the Section 3.1.2, “Port Access Requirements”.
  • Key-based SSH authentication without a password is required between one node of the master volume (the node from which the geo-replication create command will be executed), and one node of the slave volume (the node whose IP/hostname will be mentioned in the slave name when running the geo-replication create command).
    Create the public and private keys using ssh-keygen (without passphrase) on the master node: 
    # ssh-keygen
    Copy to Clipboard Toggle word wrap
    Copy the public key to the slave node using the following command: 
    # ssh-copy-id -i identity_file root@slave_node_IPaddress/Hostname
    Copy to Clipboard Toggle word wrap
    If you are setting up a non-root geo-replicaton session, then copy the public key to the respective user location.

    Note

    - Key-based SSH authentication without a password is only required from the master node to the slave node; the slave node does not need this level of access.
    - ssh-copy-id command does not work if ssh authorized_keys file is configured in the custom location. You must copy the contents of .ssh/id_rsa.pub file from the Master and paste it to authorized_keys file in the custom location on the Slave node.
    Gsyncd also requires key-based SSH authentication without a password between every node in the master cluster to every node in the slave cluster. The gluster system:: execute gsec_create command creates secret-pem files on all the nodes in the master, and is used to implement the SSH authentication connection. The push-pem option in the geo-replication create command pushes these keys to all slave nodes.
    For more information on the gluster system::execute gsec_create and push-pem commands, see Section 10.3.4.1, “Setting Up your Environment for Geo-replication Session”.

10.3.4. Setting Up your Environment
Copier lien

You can set up your environment for a geo-replication session in the following ways:

Creating Geo-replication Sessions

  1. To create a common pem pub file, run the following command on the master node where the key-based SSH authentication connection is configured: 
    # gluster system:: execute gsec_create
    Copy to Clipboard Toggle word wrap
  2. Create the geo-replication session using the following command. The push-pem option is needed to perform the necessary pem-file setup on the slave nodes. 
    # gluster volume geo-replication MASTER_VOL SLAVE_HOST::SLAVE_VOL create push-pem [force]
    Copy to Clipboard Toggle word wrap
    For example: 
    # gluster volume geo-replication Volume1 storage.backup.com::slave-vol create push-pem
    Copy to Clipboard Toggle word wrap

    Note

    • There must be key-based SSH authentication access between the node from which this command is run, and the slave host specified in the above command. This command performs the slave verification, which includes checking for a valid slave URL, valid slave volume, and available space on the slave. If the verification fails, you can use the force option which will ignore the failed verification and create a geo-replication session.
    • The slave volume is in read-only mode by default. However, in case of a failover-failback situation, the original master is made read-only by default as the session is from the original slave to the original master.
  3. Enable shared storage for master and slave volumes: 
    # gluster volume set all cluster.enable-shared-storage enable
    Copy to Clipboard Toggle word wrap
    For more information on shared storage, see Section 11.12, “Setting up Shared Storage Volume”.
  4. Configure the meta-volume for geo-replication: 
    # gluster volume geo-replication MASTER_VOL SLAVE_HOST::SLAVE_VOL config use_meta_volume true
    Copy to Clipboard Toggle word wrap
    For example: 
    # gluster volume geo-replication Volume1 storage.backup.com::slave-vol config use_meta_volume true
    Copy to Clipboard Toggle word wrap
    For more information on configuring meta-volume, see Section 10.3.5, “Configuring a Meta-Volume”.
  5. Start the geo-replication by running the following command on the master node:
    For example, 
    # gluster volume geo-replication MASTER_VOL SLAVE_HOST::SLAVE_VOL start [force]
    Copy to Clipboard Toggle word wrap
  6. Verify the status of the created session by running the following command: 
    # gluster volume geo-replication MASTER_VOL SLAVE_HOST::SLAVE_VOL status
    Copy to Clipboard Toggle word wrap
Geo-replication supports access to Red Hat Gluster Storage slaves through SSH using an unprivileged account (user account with non-zero UID). This method is more secure and it reduces the master's capabilities over slave to the minimum. This feature relies on mountbroker, an internal service of glusterd which manages the mounts for unprivileged slave accounts. You must perform additional steps to configure glusterd with the appropriate mountbroker's access control directives. The following example demonstrates this process:
Perform the following steps on all the Slave nodes to setup an auxiliary glusterFS mount for the unprivileged account:
  1. In all the slave nodes, create a new group. For example, geogroup.

    Note

    You must not use multiple groups for the mountbroker setup. You can create multiple user accounts but the group should be same for all the non-root users.
  2. In all the slave nodes, create a unprivileged account. For example, geoaccount. Add geoaccount as a member of geogroup group.
  3. On any one of the Slave nodes, run the following command to set up mountbroker root directory and group. 
    # gluster-mountbroker setup <MOUNT ROOT> <GROUP>
    Copy to Clipboard Toggle word wrap
    For example, 
    # gluster-mountbroker setup /var/mountbroker-root geogroup
    Copy to Clipboard Toggle word wrap
  4. On any one of the Slave nodes, run the following commands to add volume and user to the mountbroker service. 
    # gluster-mountbroker add <VOLUME> <USER>
    Copy to Clipboard Toggle word wrap
    For example, 
    # gluster-mountbroker add slavevol geoaccount
    Copy to Clipboard Toggle word wrap
  5. Check the status of the setup by running the following command: 
    # gluster-mountbroker status

     NODE    NODE STATUS                  MOUNT ROOT         GROUP              USERS
--------------------------------------------------------------------------------------- localhost             UP   /var/mountbroker-root(OK)  geogroup(OK)  geoaccount(slavevol)
    node2             UP   /var/mountbroker-root(OK)  geogroup(OK)  geoaccount(slavevol)
    Copy to Clipboard Toggle word wrap
    The output displays the mountbroker status for every peer node in the slave cluster.
  6. Restart glusterd service on all the Slave nodes. 
    # service glusterd restart
    Copy to Clipboard Toggle word wrap
    After you setup an auxiliary glusterFS mount for the unprivileged account on all the Slave nodes, perform the following steps to setup a non-root geo-replication session.:
  7. Setup key-based SSH authentication from one of the master nodes to the user on one of the slave nodes.
    For example, to setup key-based SSH authentication to the user geoaccount. 
    # ssh-keygen
# ssh-copy-id -i identity_file geoaccount@slave_node_IPaddress/Hostname
    Copy to Clipboard Toggle word wrap
  8. Create a common pem pub file by running the following command on the master nodes, where the key-based SSH authentication connection is configured to the user on the slave nodes: 
    # gluster system:: execute gsec_create
    Copy to Clipboard Toggle word wrap
  9. Create a geo-replication relationship between the master and the slave to the user by running the following command on the master node:
    For example, 
    # gluster volume geo-replication MASTERVOL geoaccount@SLAVENODE::slavevol create push-pem
    Copy to Clipboard Toggle word wrap
    If you have multiple slave volumes and/or multiple accounts, create a geo-replication session with that particular user and volume.
    For example, 
    # gluster volume geo-replication MASTERVOL geoaccount2@SLAVENODE::slavevol2 create push-pem
    Copy to Clipboard Toggle word wrap
  10. On the slave node, which is used to create relationship, run /usr/libexec/glusterfs/set_geo_rep_pem_keys.sh as a root with user name, master volume name, and slave volume names as the arguments.
    For example, 
    # /usr/libexec/glusterfs/set_geo_rep_pem_keys.sh geoaccount MASTERVOL SLAVEVOL_NAME
    Copy to Clipboard Toggle word wrap
  11. Configure the meta-volume for geo-replication: 
    # gluster volume geo-replication MASTER_VOL SLAVE_HOST::SLAVE_VOL config use_meta_volume true
    Copy to Clipboard Toggle word wrap
    For example: 
    # gluster volume geo-replication Volume1 storage.backup.com::slave-vol config use_meta_volume true
    Copy to Clipboard Toggle word wrap
    For more information on configuring meta-volume, see Section 10.3.5, “Configuring a Meta-Volume”.
  12. Start the geo-replication with slave user by running the following command on the master node:
    For example, 
    # gluster volume geo-replication MASTERVOL geoaccount@SLAVENODE::slavevol start
    Copy to Clipboard Toggle word wrap
  13. Verify the status of geo-replication session by running the following command on the master node: 
    # gluster volume geo-replication MASTERVOL geoaccount@SLAVENODE::slavevol status
    Copy to Clipboard Toggle word wrap
Deleting a mountbroker geo-replication options after deleting session

After mountbroker geo-replicaton session is deleted, use the following command to remove volumes per mountbroker user. 

# gluster-mountbroker remove [--volume volume] [--user user]
Copy to Clipboard Toggle word wrap
For example, 
# gluster-mountbroker remove --volume slavevol --user geoaccount
# gluster-mountbroker remove --user geoaccount
# gluster-mountbroker remove --volume slavevol
Copy to Clipboard Toggle word wrap
If the volume to be removed is the last one for the mountbroker user, the user is also removed.

Important

If you have a secured geo-replication setup, you must ensure to prefix the unprivileged user account to the slave volume in the command. For example, to execute a geo-replication status command, run the following: 
# gluster volume geo-replication MASTERVOL geoaccount@SLAVENODE::slavevol status
Copy to Clipboard Toggle word wrap
In this command, geoaccount is the name of the unprivileged user account.

10.3.5. Configuring a Meta-Volume
Copier lien

For effective handling of node fail-overs in Master volume, geo-replication requires a shared storage to be available across all nodes of the cluster. Hence, you must ensure that a gluster volume named gluster_shared_storage is created in the cluster, and is mounted at /var/run/gluster/shared_storage on all the nodes in the cluster. For more information on setting up shared storage volume, see Section 11.12, “Setting up Shared Storage Volume”.
  • Configure the meta-volume for geo-replication: 
    # gluster volume geo-replication MASTER_VOL SLAVE_HOST::SLAVE_VOL config use_meta_volume true
    Copy to Clipboard Toggle word wrap
    For example: 
    # gluster volume geo-replication Volume1 storage.backup.com::slave-vol config use_meta_volume true
    Copy to Clipboard Toggle word wrap
Retour au début
Red Hat logoGithubredditYoutubeTwitter

Apprendre

Essayez, achetez et vendez

Communautés

À propos de la documentation Red Hat

Nous aidons les utilisateurs de Red Hat à innover et à atteindre leurs objectifs grâce à nos produits et services avec un contenu auquel ils peuvent faire confiance. Découvrez nos récentes mises à jour.

Rendre l’open source plus inclusif

Red Hat s'engage à remplacer le langage problématique dans notre code, notre documentation et nos propriétés Web. Pour plus de détails, consultez le Blog Red Hat.

À propos de Red Hat

Nous proposons des solutions renforcées qui facilitent le travail des entreprises sur plusieurs plates-formes et environnements, du centre de données central à la périphérie du réseau.

Theme

© 2025 Red Hat