Red Hat Summit 红帽全球峰会支持控制台(Console)开发人员开始试用联系人

11.12. Configuring a high availability cluster with SBD node fencing by using the ha_cluster variable

You can use the ha_cluster RHEL system role to configure high availability clusters with STONITH Block Device (SBD) fencing in an automated fashion.

You must configure a Red Hat high availability cluster with at least one fencing device to ensure the cluster-provided services remain available when a node in the cluster encounters a problem. If your environment does not allow for a remotely accessible power switch to fence a cluster node, you can configure fencing by using a SBD. This device provides a node fencing mechanism for Pacemaker-based clusters through the exchange of messages by means of shared block storage. SBD integrates with Pacemaker, a watchdog device and, optionally, shared storage to arrange for nodes to reliably self-terminate when fencing is required.

With ha_cluster, you can configure watchdog and SBD devices on a node-to-node basis by using one of two variables:

  • ha_cluster_node_options: This is a single variable you define in a playbook file. It is a list of dictionaries where each dictionary defines options for one node.
  • ha_cluster: A dictionary that defines options for one node only. You configure the ha_cluster variable in an inventory file. To set different values for each node, you define the variable separately for each node.

If both the ha_cluster_node_options and ha_cluster variables contain SBD options, those in ha_cluster_node_options have precedence.

If both the ha_cluster_node_options and ha_cluster variables contain SBD options, those in ha_cluster_node_options have precedence.`

The following example procedure uses the ha_cluster system role to create a high availability cluster with SBD fencing. This example procedure uses the ha_cluster variable in an inventory file to configure node addresses and SBD options on a per-node basis. For an example procedure that uses the ha_cluster_node_options variable in a playbook file, see Configuring a high availability cluster with SBD node fencing by using the ha_cluster_nodes_options variable.

警告

The ha_cluster system role replaces any existing cluster configuration on the specified nodes. Any settings not specified in the playbook will be lost.

Prerequisites

Procedure

  1. Create an inventory file for your cluster that configures watchdog and SBD devices for each node by using the ha_cluster variable, as in the following exampla;e 

    all:
  hosts:
    node1:
      ha_cluster:
        sbd_watchdog_modules:
          - iTCO_wdt
        sbd_watchdog_modules_blocklist:
          - ipmi_watchdog
        sbd_watchdog: /dev/watchdog1
        sbd_devices:
          - /dev/disk/by-id/000001
          - /dev/disk/by-id/000001
          - /dev/disk/by-id/000003
    node2:
      ha_cluster:
        sbd_watchdog_modules:
          - iTCO_wdt
        sbd_watchdog_modules_blocklist:
          - ipmi_watchdog
        sbd_watchdog: /dev/watchdog1
        sbd_devices:
          - /dev/disk/by-id/000001
          - /dev/disk/by-id/000002
          - /dev/disk/by-id/000003

    The SBD and watchdog settings specified in the example inventory include the following:

    sbd_watchdog_modules
    Watchdog kernel modules to be loaded, which create /dev/watchdog* devices.
    sbd_watchdog_modules_blocklist
    Watchdog kernel modules to be unloaded and blocked.
    sbd_watchdog
    Watchdog device to be used by SBD.
    sbd_devices
    Devices to use for exchanging SBD messages and for monitoring. Always refer to the devices using the long, stable device name (/dev/disk/by-id/).

    For general information about creating an inventory file, see Preparing a control node on RHEL 10.

  2. Store your sensitive variables in an encrypted file:

    1. Create the vault: 

      $ ansible-vault create ~/vault.yml
New Vault password: <vault_password>
Confirm New Vault password: <vault_password>

    2. After the ansible-vault create command opens an editor, enter the sensitive data in the <key>: <value> format: 

      cluster_password: <cluster_password>
    3. Save the changes, and close the editor. Ansible encrypts the data in the vault.

  3. Create a playbook file, for example, ~/playbook.yml, as in the following example. Since you have specified the SBD and watchog variables in an inventory, you do not need to include them in the playbook. 

    ---
- name: Create a high availability cluster
  hosts: node1 node2
  vars_files:
    - ~/vault.yml
  tasks:
    - name: Configure a cluster with sbd fencing devices configured in an inventory file
      ansible.builtin.include_role:
        name: redhat.rhel_system_roles.ha_cluster
      vars:
          ha_cluster_cluster_name: my-new-cluster
          ha_cluster_hacluster_password: "{{ cluster_password }}"
          ha_cluster_manage_firewall: true
          ha_cluster_manage_selinux: true
          ha_cluster_sbd_enabled: true
          ha_cluster_sbd_options:
            - name: delay-start
              value: 'no'
            - name: startmode
              value: always
            - name: timeout-action
              value: 'flush,reboot'
            - name: watchdog-timeout
              value: 30
          # Best practice for setting SBD timeouts:
          # watchdog-timeout * 2 = msgwait-timeout (set automatically)
          # msgwait-timeout * 1.2 = stonith-timeout
          ha_cluster_cluster_properties:
            - attrs:
                - name: stonith-timeout
                  value: 72
          ha_cluster_resource_primitives:
            - id: fence_sbd
              agent: 'stonith:fence_sbd'
              instance_attrs:
                - attrs:
                    # taken from host_vars
                    # this only works if all nodes have the same sbd_devices
                    - name: devices
                      value: "{{ ha_cluster.sbd_devices | join(',') }}"
                    - name: pcmk_delay_base
                      value: 30

    The settings specified in the example playbook include the following:

    ha_cluster_cluster_name: cluster_name
    The name of the cluster you are creating.
    ha_cluster_hacluster_password: password
    The password of the hacluster user. The hacluster user has full access to a cluster.
    ha_cluster_manage_firewall: true
    A variable that determines whether the ha_cluster RHEL system role manages the firewall.
    ha_cluster_manage_selinux: true
    A variable that determines whether the ha_cluster RHEL system role manages the ports of the firewall high availability service using the selinux RHEL system role.
    ha_cluster_sbd_enabled: true
    A variable that determines whether the cluster can use the SBD node fencing mechanism.
    ha_cluster_sbd_options: sbd options
    A list of name-value dictionaries specifying SBD options. For information about these options, see the Configuration via environment section of the sbd(8) man page on your system.
    ha_cluster_cluster_properties: cluster properties
    A list of sets of cluster properties for Pacemaker cluster-wide configuration.
    ha_cluster_resource_primitives: cluster resources
    A list of resource definitions for the Pacemaker resources configured by the ha_cluster RHEL system role, including fencing resources.

    For details about all variables used in the playbook, see the /usr/share/ansible/roles/rhel-system-roles.ha_cluster/README.md file on the control node.

  4. Validate the playbook syntax: 

    $ ansible-playbook --syntax-check --ask-vault-pass ~/playbook.yml

    Note that this command only validates the syntax and does not protect against a wrong but valid configuration.

  5. Run the playbook: 

    $ ansible-playbook --ask-vault-pass ~/playbook.yml
Red Hat logoGithubredditYoutubeTwitter

学习

尝试、购买和销售

社区

关于红帽文档

通过我们的产品和服务,以及可以信赖的内容,帮助红帽用户创新并实现他们的目标。 了解我们当前的更新.

让开源更具包容性

红帽致力于替换我们的代码、文档和 Web 属性中存在问题的语言。欲了解更多详情,请参阅红帽博客.

關於紅帽

我们提供强化的解决方案,使企业能够更轻松地跨平台和环境(从核心数据中心到网络边缘)工作。

Theme

© 2026 Red Hat返回顶部