OpenStack API section (Keystone) haproxy configuration (i)

Recently sorted out the previously deployed OpenStack HA documentation!

PACEMAKER+COROSYNC+CRMSH Installation

I. Pre-conditions

Node1:

(1) The host names are resolved between each node

Uname-n

>node1.test.com

Vim/etc/hosts

>127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4

>::1 localhost localhost.localdomain localhost6 localhost6.localdomain6

>192.168.18.201 node1.test.com Node1

>192.168.18.202 node2.test.com Node2

Ping Node1

Ping Node2

(2). Time synchronization between nodes

Ntpdate 210.72.145.44

(3). SSH trust between the nodes

Ssh-keygen-t rsa-f ~/.ssh/id_rsa-p "

Ssh-copy-id-i. ssh/id_rsa.pub [Email protected]

Node2:

(1). Host names are parsed between nodes

Uname-n

>node2.test.com

Vim/etc/hosts

>127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4

>::1 localhost localhost.localdomain localhost6 localhost6.localdomain6

>192.168.18.201 node1.test.com Node1

>192.168.18.202 node2.test.com Node2

Ping Node1

Ping Node2

(2). Time synchronization between nodes

Ntpdate 210.72.145.44

(3). SSH trust between the nodes

Ssh-keygen-t rsa-f ~/.ssh/id_rsa-p "

Ssh-copy-id-i. ssh/id_rsa.pub [Email protected]

Configuring the Yum Source (Epel source)

Node1:

wget http://download.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm

RPM-IVH epel-release-5-4.noarch.rpm

RPM--import/etc/pki/rpm-gpg/rpm-gpg-key-centos-5

Yum List

Node2:

wget http://download.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm

RPM-IVH epel-release-5-4.noarch.rpm

RPM--import/etc/pki/rpm-gpg/rpm-gpg-key-centos-5

Yum List

Shutting down firewalls and SELinux

Node1:

Service Iptables Stop

Vim/etc/selinux/config

># This file controls the state of the SELinux on the system.

># selinux= can take one of the these three values:

># Enforcing-selinux security policy is enforced.

># Permissive-selinux prints warnings instead of enforcing.

># Disabled-selinux is fully disabled.

>selinux=disabled

># selinuxtype= type of policy in use. Possible values are:

># targeted-only targeted Network daemons is protected.

># Strict-full SELinux Protection.

>selinuxtype=targeted

Node2:

Service Iptables Stop

Vim/etc/selinux/config

>selinux=disabled

>selinuxtype=targeted

Second, installation Pacemaker+corosync+crmsh

Node1+node2:

Installing Pacemaker+corosync

Yum Install-y corosync*

Yum Install-y pacemaker*

Installing CRMSH

1) CRMSH official website

https://savannah.nongnu.org/forum/forum.php?forum_id=7672

2) Crmsh

http://download.opensuse.org/repositories/network:/ha-clustering:/Stable/

3) Install Crmsh "If the dependency package is missing and install the dependent package"

RPM-IVH crmsh-1.2.6-0.rc2.2.1.x86_64.rpm

4) Verify the configuration:

Crm

Three, Corosync detailed configuration

Node1:

Modifying a configuration file

Vim/etc/corosync/corosync.conf

>>>

Totem {

Version:2

# time (in MS) to wait for a token 1

token:10000

# How many token retransmits before forming a new

# Configuration

Token_retransmits_before_loss_const:10

# Turn off the virtual synchrony filter

Vsftype:none

# Enable Encryption 2

Secauth:on

# How many threads to use for encryption/decryption

threads:0

# This specifies the redundant ring protocol, which could be

# None, active, or passive. 3

Rrp_mode:active

# The following is a two-ring multicast configuration. 4

interface {

Ringnumber:1

bindnetaddr:10.0.42.0# Heart Line Network segment

mcastaddr:239.255.42.2

mcastport:5405

}

}

AMF {

Mode:disabled

}

Service {

# Load The Pacemaker Cluster Resource Manager 5

Ver:1

Name:pacemaker

}

aisexec {

User:root

Group:root

}

Logging {

Fileline:off

To_stderr:yes

To_logfile:yes

To_syslog:yes

LogFile:/var/log/cluster/corosync.log #日志位置

Syslog_facility:daemon

Debug:off

Timestamp:on

Logger_subsys {

Subsys:amf

Debug:off

}

}

>>>

Generate Key File

Note: The Corosync generated key file will call the/dev/random random number device by default, and once the system interrupts the random number of IRQs, there will be a lot of waiting time, so in order to save time, we say random replace the urandom before generating the key, To save time.

Mv/dev/{random,random.bak}

Ln-s/dev/urandom/dev/random

Corosync-keygen

View the generated key file

ll

Total amount of > 24

>-r--------1 root root 128 August 14:16 Authkey

>-rw-r--r--1 root root 521 August 11:11 corosync.conf

>-rw-r--r--1 root root 445 May 05:09 corosync.conf.example

>-rw-r--r--1 root root 1084 May 05:09 Corosync.conf.example.udpu

>drwxr-xr-x 2 root root 4096 May 05:09 SERVICE.D

>drwxr-xr-x 2 root root 4096 May 05:09 Uidgid.d

Copy the key file Authkey with the configuration file corosync.conf to Node2

Scp-p Authkey corosync.conf node2:/etc/corosync/

Check Configuration

Node1+node2:

Corosync-cfgtool-s

Start Corosync

Node1+node2:

Service Corosync Start

Four, Pacemaker detailed configuration

Start pacemaker

Node1+node2:

Service Pacemaker Start

Node1 or Node2:

Configure cluster Basic properties

CRM Configure

> pe-input-series-max= "1000" \

> pe-error-series-max= "1000" \

"Configuration of specific resources is another matter"

OpenStack API section (Keystone) haproxy configuration (i)