diff --git a/doc/Pacemaker_Remote/en-US/Book_Info.xml b/doc/Pacemaker_Remote/en-US/Book_Info.xml
index a2058e9027..a26494e742 100644
--- a/doc/Pacemaker_Remote/en-US/Book_Info.xml
+++ b/doc/Pacemaker_Remote/en-US/Book_Info.xml
@@ -1,68 +1,75 @@
%BOOK_ENTITIES;
]>
Pacemaker Remote
- Extending High Availablity into Virtual Nodes
- 1
+ Scaling High Availablity Clusters
+
+ 4
0
The document exists as both a reference and deployment guide for the Pacemaker Remote service.
The example commands in this document will use:
&DISTRO; &DISTRO_VERSION; as the host operating system
- Pacemaker Remote to perform resource management within virtual nodes
+ Pacemaker Remote to perform resource management within guest nodes and remote nodes
KVM for virtualization
libvirt to manage guest nodes
- Corosync to provide messaging and membership services on the host nodes
+ Corosync to provide messaging and membership services on cluster nodes
- Pacemaker to perform resource management on host nodes
+ Pacemaker to perform resource management on cluster nodes
+
pcs as the cluster configuration toolset
The concepts are the same for other distributions,
virtualization platforms, toolsets, and messaging
layers, and should be easily adaptable.
diff --git a/doc/Pacemaker_Remote/en-US/Ch-Baremetal-Tutorial.txt b/doc/Pacemaker_Remote/en-US/Ch-Baremetal-Tutorial.txt
index 1fdfd9ddf1..e325346f6c 100644
--- a/doc/Pacemaker_Remote/en-US/Ch-Baremetal-Tutorial.txt
+++ b/doc/Pacemaker_Remote/en-US/Ch-Baremetal-Tutorial.txt
@@ -1,263 +1,303 @@
-= Baremetal Walk-through =
+= Remote Node Walk-through =
*What this tutorial is:* An in-depth walk-through of how to get Pacemaker to
integrate a remote node into the cluster as a node capable of running cluster
resources.
*What this tutorial is not:* A realistic deployment scenario. The steps shown
here are meant to get users familiar with the concept of remote nodes as
quickly as possible.
-This tutorial requires three machines. Two machines to act as cluster-nodes and a third to act as the baremetal remote-node.
+This tutorial requires three machines: two to act as cluster nodes, and
+a third to act as the remote node.
+== Configure Remote Node ==
+=== Configure Firewall on Remote Node ===
-== SElinux and Firewall Considerations ==
Allow cluster-related services through the local firewall:
----
# firewall-cmd --permanent --add-service=high-availability
success
# firewall-cmd --reload
success
----
[NOTE]
======
If you are using iptables directly, or some other firewall solution besides
firewalld, simply open the following ports, which can be used by various
clustering components: TCP ports 2224, 3121, and 21064, and UDP port 5405.
If you run into any problems during testing, you might want to disable
the firewall and SELinux entirely until you have everything working.
This may create significant security issues and should not be performed on
machines that will be exposed to the outside world, but may be appropriate
during development and testing on a protected host.
To disable security measures:
----
# setenforce 0
# sed -i.bak "s/SELINUX=enforcing/SELINUX=permissive/g" /etc/selinux/config
# systemctl disable firewalld.service
# systemctl stop firewalld.service
# iptables --flush
----
======
-== Setup Pacemaker Remote on Baremetal remote-node ==
-
-On the baremetal remote-node machine run these commands to generate an authkey and copy it to the /etc/pacemaker folder.
+=== Configure pacemaker_remote on Remote Node ===
+Install the pacemaker_remote daemon on the remote node.
----
-# mkdir /etc/pacemaker
-# dd if=/dev/urandom of=/etc/pacemaker/authkey bs=4096 count=1
+# yum install -y pacemaker-remote resource-agents pcs
----
-Make sure to distribute this key to both of the cluster-nodes as well. All the nodes must have the same /etc/pacemaker/authkey installed for the communication to work correctly.
+Create a location for the shared authentication key:
+----
+# mkdir -p --mode=0750 /etc/pacemaker
+# chgrp haclient /etc/pacemaker
+----
-Now install and start the pacemaker_remote daemon on the baremetal remote-node.
+All nodes (both cluster nodes and remote nodes) must have the same
+authentication key installed for the communication to work correctly.
+If you already have a key on an existing node, copy it to the new
+remote node. Otherwise, create a new key, for example:
+----
+# dd if=/dev/urandom of=/etc/pacemaker/authkey bs=4096 count=1
+----
+Now start and enable the pacemaker_remote daemon on the remote node.
----
-# yum install -y pacemaker-remote resource-agents pcs
# systemctl enable pacemaker_remote.service
# systemctl start pacemaker_remote.service
----
Verify the start is successful.
----
# systemctl status pacemaker_remote
pacemaker_remote.service - Pacemaker Remote Service
Loaded: loaded (/usr/lib/systemd/system/pacemaker_remote.service; enabled)
Active: active (running) since Fri 2015-08-21 15:21:20 CDT; 20s ago
Main PID: 21273 (pacemaker_remot)
CGroup: /system.slice/pacemaker_remote.service
└─21273 /usr/sbin/pacemaker_remoted
Aug 21 15:21:20 remote1 systemd[1]: Starting Pacemaker Remote Service...
Aug 21 15:21:20 remote1 systemd[1]: Started Pacemaker Remote Service.
Aug 21 15:21:20 remote1 pacemaker_remoted[21273]: notice: crm_add_logfile: Additional logging available in /var/log/pacemaker.log
Aug 21 15:21:20 remote1 pacemaker_remoted[21273]: notice: lrmd_init_remote_tls_server: Starting a tls listener on port 3121.
Aug 21 15:21:20 remote1 pacemaker_remoted[21273]: notice: bind_and_listen: Listening on address ::
----
-== Verify cluster-node Connection to baremetal-node ==
+== Verify Connection to Remote Node ==
Before moving forward, it's worth verifying that the cluster nodes
can contact the remote node on port 3121. Here's a trick you can use.
Connect using ssh from each of the cluster nodes. The connection will get
destroyed, but how it is destroyed tells you whether it worked or not.
First, add the remote node's hostname (we're using *remote1* in this tutorial)
-to the cluster-nodes' +/etc/hosts+ files if you haven't already. This
+to the cluster nodes' +/etc/hosts+ files if you haven't already. This
is required unless you have DNS set up in a way where remote1's address can be
discovered.
-Execute the following on each cluster-node, replacing the ip address with the actual ip address of the baremetal remote-node.
+Execute the following on each cluster node, replacing the IP address with the
+actual IP address of the remote node.
----
# cat << END >> /etc/hosts
-192.168.122.10 remote1
+192.168.122.10 remote1
END
----
If running the ssh command on one of the cluster nodes results in this
output before disconnecting, the connection works.
----
# ssh -p 3121 remote1
ssh_exchange_identification: read: Connection reset by peer
----
If you see this, the connection is not working.
----
# ssh -p 3121 remote1
ssh: connect to host remote1 port 3121: No route to host
----
-Once you can successfully connect to the baremetal remote-node from the both cluster-nodes, move on to setting up pacemaker on the cluster-nodes.
+Once you can successfully connect to the remote node from the both
+cluster nodes, move on to setting up Pacemaker on the cluster nodes.
+
+== Configure Cluster Nodes ==
+
+=== Configure Firewall on Cluster Nodes ===
+
+On each cluster node, allow cluster-related services through the local
+firewall, following the same procedure as in <<_configure_firewall_on_remote_node>>.
-== Install cluster-node Software ==
+=== Install Pacemaker on Cluster Nodes ===
-On the two cluster-nodes install the following packages.
+On the two cluster nodes, install the following packages.
----
# yum install -y pacemaker corosync pcs resource-agents
----
-== Setup Corosync on cluster-nodes ==
+=== Copy Authentication Key to Cluster Nodes ===
-Corosync handles pacemaker's cluster membership and messaging. The corosync config file is located in /etc/corosync/corosync.conf. That config file must be initialized with information about the two cluster-nodes before pacemaker can start.
-
-To initialize the corosync config file, execute the following pcs command on both nodes filling in the information in <> with your nodes' information.
+Create a location for the shared authentication key,
+and copy it from any existing node:
----
-# pcs cluster setup --local mycluster
+# mkdir -p --mode=0750 /etc/pacemaker
+# chgrp haclient /etc/pacemaker
+# scp remote1:/etc/pacemaker/authkey /etc/pacemaker/authkey
----
-A recent syntax change in pcs may cause the above command to fail. If so try this alternative.
+=== Configure Corosync on Cluster Nodes ===
+
+Corosync handles Pacemaker's cluster membership and messaging. The corosync
+config file is located in +/etc/corosync/corosync.conf+. That config file must be
+initialized with information about the two cluster nodes before pacemaker can
+start.
+
+To initialize the corosync config file, execute the following pcs command on
+both nodes, filling in the information in <> with your nodes' information.
----
# pcs cluster setup --force --local --name mycluster
----
-== Start Pacemaker on cluster-nodes ==
+=== Start Pacemaker on Cluster Nodes ===
Start the cluster stack on both cluster nodes using the following command.
----
# pcs cluster start
----
Verify corosync membership
....
# pcs status corosync
Membership information
----------------------
Nodeid Votes Name
1 1 node1 (local)
....
Verify Pacemaker status. At first, the `pcs cluster status` output will look
like this.
----
# pcs status
Cluster name: mycluster
Last updated: Fri Aug 21 16:14:05 2015
Last change: Fri Aug 21 14:02:14 2015
Stack: corosync
Current DC: NONE
Version: 1.1.12-a14efad
1 Nodes configured, unknown expected votes
0 Resources configured
----
-After about a minute you should see your two cluster-nodes come online.
+After about a minute, you should see your two cluster nodes come online.
----
# pcs status
Cluster name: mycluster
Last updated: Fri Aug 21 16:16:32 2015
Last change: Fri Aug 21 14:02:14 2015
Stack: corosync
Current DC: node1 (1) - partition with quorum
Version: 1.1.12-a14efad
2 Nodes configured
0 Resources configured
Online: [ node1 node2 ]
----
For the sake of this tutorial, we are going to disable stonith to avoid having to cover fencing device configuration.
----
# pcs property set stonith-enabled=false
----
-== Integrate Baremetal remote-node into Cluster ==
+== Integrate Remote Node into Cluster ==
Integrating a remote node into the cluster is achieved through the
creation of a remote node connection resource. The remote node connection
resource both establishes the connection to the remote node and defines that
the remote node exists. Note that this resource is actually internal to
Pacemaker's crmd component. A metadata file for this resource can be found in
the +/usr/lib/ocf/resource.d/pacemaker/remote+ file that describes what options
are available, but there is no actual *ocf:pacemaker:remote* resource agent
script that performs any work.
Define the remote node connection resource to our remote node,
*remote1*, using the following command on any cluster node.
----
# pcs resource create remote1 ocf:pacemaker:remote
----
-That's it. After a moment you should see the remote-node come online.
+That's it. After a moment you should see the remote node come online.
----
Cluster name: mycluster
Last updated: Fri Aug 21 17:13:09 2015
Last change: Fri Aug 21 17:02:02 2015
Stack: corosync
Current DC: node1 (1) - partition with quorum
Version: 1.1.12-a14efad
3 Nodes configured
1 Resources configured
Online: [ node1 node2 ]
RemoteOnline: [ remote1 ]
Full list of resources:
remote1 (ocf::pacemaker:remote): Started node1
PCSD Status:
node1: Online
node2: Online
Daemon Status:
corosync: active/disabled
pacemaker: active/disabled
pcsd: active/enabled
----
-== Starting Resources on baremetal remote-node ==
+== Starting Resources on Remote Node ==
-+"Warning: Never involve a remote-node connection resource in a resource group, colocation, or order constraint"+
+Once the remote node is integrated into the cluster, starting resources on a
+remote node is the exact same as on cluster nodes. Refer to the
+http://clusterlabs.org/doc/['Clusters from Scratch'] document for examples of
+resource creation.
-Once the baremetal remote-node is integrated into the cluster, starting resources on a baremetal remote-node is the exact same as the cluster nodes. Refer to the Clusters from Scratch document for examples on resource creation. http://clusterlabs.org/doc/
+[WARNING]
+=========
+Never involve a remote node connection resource in a resource group,
+colocation constraint, or order constraint.
+=========
-== Fencing baremetal remote-nodes ==
+== Fencing Remote Nodes ==
-The cluster understands how to fence baremetal remote-nodes and can use standard fencing devices to do so. No special considerations are required. Note however that remote-nodes can never initiate a fencing action. Only cluster-nodes are capable of actually executing the fencing operation on another node.
+Remote nodes are fenced the same way as cluster nodes. No special
+considerations are required. Configure fencing resources for use with
+remote nodes the same as you would with cluster nodes.
-== Accessing Cluster Tools from a Baremetal remote-node ==
+Note, however, that remote nodes can never 'initiate' a fencing action. Only
+cluster nodes are capable of actually executing a fencing operation against
+another node.
+== Accessing Cluster Tools from a Remote Node ==
Besides allowing the cluster to manage resources on a remote node,
pacemaker_remote has one other trick. The pacemaker_remote daemon allows
nearly all the pacemaker tools (`crm_resource`, `crm_mon`, `crm_attribute`,
`crm_master`, etc.) to work on remote nodes natively.
Try it: Run `crm_mon` or `pcs status` on the remote node after pacemaker has
integrated it into the cluster. These tools just work. These means resource
agents such as master/slave resources which need access to tools like
`crm_master` work seamlessly on the remote nodes.
diff --git a/doc/Pacemaker_Remote/en-US/Ch-Example.txt b/doc/Pacemaker_Remote/en-US/Ch-Example.txt
index b752e08c87..8ee01fcac3 100644
--- a/doc/Pacemaker_Remote/en-US/Ch-Example.txt
+++ b/doc/Pacemaker_Remote/en-US/Ch-Example.txt
@@ -1,106 +1,130 @@
-= KVM Remote-node Quick Example =
+= Guest Node Quick Example =
-If you already know how to use pacemaker, you'll likely be able to grasp this new concept of remote-nodes by reading through this quick example without having to sort through all the detailed walk-through steps. Here are the key configuration ingredients that make this possible using libvirt and KVM virtual guests. These steps strip everything down to the very basics.
+If you already know how to use Pacemaker, you'll likely be able to grasp this
+new concept of guest nodes by reading through this quick example without
+having to sort through all the detailed walk-through steps. Here are the key
+configuration ingredients that make this possible using libvirt and KVM virtual
+guests. These steps strip everything down to the very basics.
+(((guest node)))
+(((node,guest node)))
-== Mile High View of Configuration Steps ==
+== Mile-High View of Configuration Steps ==
-* +Put an authkey with this path, /etc/pacemaker/authkey, on every cluster-node and virtual machine+. This secures remote communication and authentication.
-
-Run this command if you want to make a somewhat random authkey.
+* Give each virtual machine that will be used as a guest node a static network
+ address and unique hostname.
+* Put the same authentication key with the path +/etc/pacemaker/authkey+ on
+ every cluster node and virtual machine. This secures remote communication.
++
+Run this command if you want to make a somewhat random key:
++
----
dd if=/dev/urandom of=/etc/pacemaker/authkey bs=4096 count=1
----
* Install pacemaker_remote on every virtual machine, enabling it to start at
boot, and if a local firewall is used, allow the node to accept connections
on TCP port 3121.
+
----
yum install pacemaker-remote resource-agents
systemctl enable pacemaker_remote
firewall-cmd --add-port 3121/tcp --permanent
----
-
-* +Give each virtual machine a static network address and unique hostname+
-
-* +Tell pacemaker to launch a virtual machine and that the virtual machine is a remote-node capable of running resources by using the "remote-node" meta-attribute.+
-
-with pcs
-
++
+[NOTE]
+======
+If you just want to see this work, you may want to simply disable the local
+firewall and put SELinux in permissive mode while testing. This creates
+security risks and should not be done on a production machine exposed to the
+Internet, but can be appropriate for a protected test machine.
+======
+
+* Create a Pacemaker resource to launch each virtual machine, using the
+ *remote-node* meta-attribute to let Pacemaker know this will be a
+ guest node capable of running resources.
++
----
-# pcs resource create vm-guest1 VirtualDomain hypervisor="qemu:///system" config="vm-guest1.xml" meta +remote-node=guest1+
+# pcs resource create vm-guest1 VirtualDomain hypervisor="qemu:///system" config="vm-guest1.xml" meta remote-node="guest1"
----
-
-raw xml
++
+The above command will create CIB XML similar to the following:
++
[source,XML]
----
----
In the example above, the meta-attribute *remote-node="guest1"* tells Pacemaker
that this resource is a guest node with the hostname *guest1*. The cluster will
attempt to contact the virtual machine's pacemaker_remote service at the
hostname *guest1* after it launches.
-== What those steps just did ==
+[NOTE]
+======
+The ID of the resource creating the virtual machine (*vm-guest1* in the above
+example) 'must' be different from the virtual machine's uname (*guest1* in the
+above example). Pacemaker will create an implicit internal resource for the
+pacemaker_remote connection to the guest, named with the value of *remote-node*,
+so that value cannot be used as the name of any other resource.
+======
-Those steps just told pacemaker to launch a virtual machine called vm-guest1 and integrate that virtual machine as a remote-node called 'guest1'.
+== Using a Guest Node ==
Guest nodes will show up in `crm_mon` output as normal:
.Example `crm_mon` output after *guest1* is integrated into cluster
----
Last updated: Wed Mar 13 13:52:39 2013
Last change: Wed Mar 13 13:25:17 2013 via crmd on node1
Stack: corosync
Current DC: node1 (24815808) - partition with quorum
Version: 1.1.10
2 Nodes configured, unknown expected votes
2 Resources configured.
Online: [ node1 guest1]
vm-guest1 (ocf::heartbeat:VirtualDomain): Started node1
----
Now, you could place a resource, such as a webserver, on *guest1*:
----
# pcs resource create webserver apache params configfile=/etc/httpd/conf/httpd.conf op monitor interval=30s
# pcs constraint webserver prefers guest1
----
Now, the crm_mon output would show:
----
Last updated: Wed Mar 13 13:52:39 2013
Last change: Wed Mar 13 13:25:17 2013 via crmd on node1
Stack: corosync
Current DC: node1 (24815808) - partition with quorum
Version: 1.1.10
2 Nodes configured, unknown expected votes
2 Resources configured.
Online: [ node1 guest1]
vm-guest1 (ocf::heartbeat:VirtualDomain): Started node1
webserver (ocf::heartbeat::apache): Started guest1
----
It is worth noting that after *guest1* is integrated into the cluster, all the
Pacemaker command-line tools immediately become available to the guest node.
This means things like `crm_mon`, `crm_resource`, and `crm_attribute` will work
natively on the guest node, as long as the connection between the guest node
and a cluster node exists. This is particularly important for any master/slave
resources executing on the guest node that need access to `crm_master` to set
transient attributes.
diff --git a/doc/Pacemaker_Remote/en-US/Ch-Intro.txt b/doc/Pacemaker_Remote/en-US/Ch-Intro.txt
index 463f2cd87c..3136856895 100644
--- a/doc/Pacemaker_Remote/en-US/Ch-Intro.txt
+++ b/doc/Pacemaker_Remote/en-US/Ch-Intro.txt
@@ -1,104 +1,192 @@
-= Extending High Availability Cluster into Virtual Nodes =
+= Scaling a Pacemaker Cluster =
== Overview ==
In a basic Pacemaker high-availability
cluster,footnote:[See the http://www.clusterlabs.org/doc/[Pacemaker
documentation], especially 'Clusters From Scratch' and 'Pacemaker Explained',
for basic information about high-availability using Pacemaker]
each node runs the full cluster stack of corosync and all Pacemaker components.
This allows great flexibility but limits scalability to around 16 nodes.
To allow for scalability to dozens or even hundreds of nodes, Pacemaker
allows nodes not running the full cluster stack to integrate into the cluster
and have the cluster manage their resources as if they were a cluster node.
== Terms ==
-+cluster-node+ - A node running the High Availability stack (pacemaker + corosync)
-
-+remote-node+ - A node running pacemaker_remote without the rest of the High Availability stack. There are two types of remote-nodes, container and baremetal.
-
-+container+ - A pacemaker resource that contains additional resources. For example, a KVM virtual machine resource that contains a webserver resource.
-
-+container remote-node+ - A virtual guest remote-node running the pacemaker_remote service. This describes a specific remote-node use case where a virtual guest resource managed by the cluster is both started by the cluster and integrated into the cluster as a remote-node.
-
-+baremetal+ - Term used to describe an environment that is not virtualized.
-
-+baremetal remote-node+ - A baremetal hardware node running pacemaker_remote. This describes a specific remote-node use case where a hardware node not running the High Availability stack is integrated into the cluster as a remote-node through the use of pacemaker_remote.
-
-+pacemaker_remote+ - A service daemon capable of performing remote application management within guest nodes (baremetal, kvm, and lxc) in both pacemaker cluster environments and standalone (non-cluster) environments. This service is an enhanced version of pacemaker's local resource manage daemon (LRMD) that is capable of managing and monitoring LSB, OCF, upstart, and systemd resources on a guest remotely. It also allows for most of pacemaker's cli tools (crm_mon, crm_resource, crm_master, crm_attribute, ect..) to work natively on remote-nodes.
+cluster node::
+ A node running the full high-availability stack of corosync and all
+ Pacemaker components. Cluster nodes may run cluster resources, run
+ Pacemaker command-line tools (`crm_mon`, `crm_resource` and so on),
+ execute fencing actions, count toward cluster quorum, and serve as the
+ cluster's Designated Controller (DC).
+(((cluster node)))
+(((node,cluster node)))
+
+pacemaker_remote::
+ A small service daemon that allows a host to be used as a Pacemaker node
+ without running the full cluster stack. Nodes running pacemaker_remote
+ may run cluster resources and command-line tools, but cannot perform the
+ other functions of full cluster nodes such as fencing execution, quorum
+ voting or DC eligibility. The pacemaker_remote daemon is an enhanced
+ version of Pacemaker's local resource management daemon (LRMD).
+(((pacemaker_remote)))
+
+remote node::
+ A physical host running pacemaker_remote. Remote nodes have a special
+ resource that manages communication with the cluster. This is sometimes
+ referred to as the 'baremetal' case.
+(((remote node)))
+(((node,remote node)))
+
+guest node::
+ A virtual host running pacemaker_remote. Guest nodes differ from remote
+ nodes mainly in that the guest node is itself a resource that the cluster
+ manages.
+(((guest node)))
+(((node,guest node)))
+
+[NOTE]
+======
+'Remote' in this document refers to the node not being a part of the underlying
+corosync cluster. It has nothing to do with physical proximity. Remote nodes
+and guest nodes are subject to the same latency requirements as cluster nodes,
+which means they are typically in the same data center.
+======
+
+[NOTE]
+======
+It is important to distinguish the various roles a virtual machine can serve
+in Pacemaker clusters:
+
+* A virtual machine can run the full cluster stack, in which case it is a
+ cluster node and is not itself managed by the cluster.
+* A virtual machine can be managed by the cluster as a resource, without the
+ cluster having any awareness of the services running inside the virtual
+ machine. The virtual machine is 'opaque' to the cluster.
+* A virtual machine can be a cluster resource, and run pacemaker_remote
+ to make it a a guest node, allowing the cluster to manage services
+ inside it. The virtual machine is 'transparent' to the cluster.
+======
== Support in Pacemaker Versions ==
It is recommended to run Pacemaker 1.1.12 or later when using pacemaker_remote
due to important bug fixes. An overview of changes in pacemaker_remote
capability by version:
.1.1.13
* Support for maintenance mode
* Remote nodes can recover without being fenced when the cluster node
hosting their connection fails
* Running pacemaker_remote within LXC environments is deprecated due to
newly added Pacemaker support for isolated resources
* Bug fixes
.1.1.12
* Support for permanent node attributes
* Support for migration
* Bug fixes
.1.1.11
* Support for IPv6
* Support for remote nodes
* Support for transient node attributes
* Support for clusters with mixed endian architectures
* Bug fixes
.1.1.10
* Bug fixes
.1.1.9
* Initial version to include pacemaker_remote
* Limited to guest nodes in KVM/LXC environments using only IPv4;
all nodes' architectures must have same endianness
-== Virtual Machine Use Case ==
-The use of pacemaker_remote in virtual machines solves a deployment scenario that has traditionally been difficult to solve.
-
-+"I want a pacemaker cluster to manage virtual machine resources, but I also want pacemaker to be able to manage the resources that live within those virtual machines."+
-
-In the past, users desiring this deployment had to make a decision. They would either have to sacrifice the ability of monitoring resources residing within virtual guests by running the cluster stack on the baremetal nodes, or run another cluster instance on the virtual guests where they potentially run into corosync scalability issues. There is a third scenario where the virtual guests run the cluster stack and join the same network as the baremetal nodes, but that can quickly hit issues with scalability as well.
-
-With the pacemaker_remote service we have a new option.
-
-* The baremetal cluster-nodes run the cluster stack (pacemaker+corosync).
-* The virtual remote-nodes run the pacemaker_remote service (nearly zero configuration required on the virtual machine side)
-* The cluster stack on the cluster-nodes launch the virtual machines and immediately connect to the pacemaker_remote service, allowing the virtual machines to integrate into the cluster just as if they were a real cluster-node.
-
-The key difference here between the virtual machine remote-nodes and the cluster-nodes is that the remote-nodes are not running the cluster stack. This means the remote nodes will never become the DC, and they do not take place in quorum. On the other hand this also means that remote-nodes are not bound to the scalability limits associated with the cluster stack either. +No 16 node corosync member limits+ to deal with. That isn't to say remote-nodes can scale indefinitely, but it is known that remote-nodes scale horizontally much further than cluster-nodes. Other than the quorum limitation, these remote-nodes behave just like cluster nodes in respects to resource management. The cluster is fully capable of managing and monitoring resources on each remote-node. You can build constraints against remote-nodes, put them in standby, or whatever else you'd expect to be able to do with normal cluster-nodes. They even show up in the crm_mon output as you would expect cluster-nodes to.
-
-To solidify the concept, below is an example deployment that is very similar to an actual deployment we test in our developer environment to verify remote-node scalability.
-
-* 16 cluster-nodes running corosync+pacemaker stack.
-* 64 pacemaker managed virtual machine resources running pacemaker_remote configured as remote-nodes.
-* 64 pacemaker managed webserver and database resources configured to run on the 64 remote-nodes.
-
-With this deployment you would have 64 webservers and databases running on 64 virtual machines on 16 hardware nodes all of which are managed and monitored by the same pacemaker deployment. It is known that pacemaker_remote can scale to these lengths and possibly much further depending on the specific scenario.
-
-== Baremetal remote-node Use Case ==
-
-+"I want my traditional High Availability cluster to scale beyond the limits imposed by the corosync messaging layer."+
-
-Ultimately the primary advantage of baremetal remote-nodes over traditional nodes running the Corosync+Pacemaker stack is scalability. There are likely some other use cases related to geographically distributed HA clusters that baremetal remote-nodes may serve a purpose in, but those use cases are not well understood at this point. The only limitations baremetal remote-nodes have that cluster-nodes do not is the ability to take place in cluster quorum, and the ability to execute fencing agents via stonith. That is not to say however that fencing of a baremetal node works any differently than that of a normal cluster-node. The Pacemaker policy engine understands how to fence baremetal remote-nodes. As long as a fencing device exists, the cluster is capable of ensuring baremetal nodes are fenced in the exact same way as normal cluster-nodes are fenced.
-
+== Guest Nodes ==
+(((guest node)))
+(((node,guest node)))
+
+*"I want a Pacemaker cluster to manage virtual machine resources, but I also
+want Pacemaker to be able to manage the resources that live within those
+virtual machines."*
+
+Without pacemaker_remote, the possibilities for implementing the above use case
+have significant limitations:
+
+* The cluster stack could be run on the physical hosts only, which loses the
+ ability to monitor resources within the guests.
+* A separate cluster could be on the virtual guests, which quickly hits
+ scalability issues.
+* The cluster stack could be run on the guests using the same cluster as the
+ physical hosts, which also hits scalability issues and complicates fencing.
+
+With pacemaker_remote:
+
+* The physical hosts are cluster nodes (running the full cluster stack).
+* The virtual machines are guest nodes (running the pacemaker_remote service).
+ Nearly zero configuration is required on the virtual machine.
+* The cluster stack on the cluster nodes launches the virtual machines and
+ immediately connects to the pacemaker_remote service on them, allowing the
+ virtual machines to integrate into the cluster.
+
+The key difference here between the guest nodes and the cluster nodes is that
+the guest nodes do not run the cluster stack. This means they will never become
+the DC, and they do not participate in quorum voting.
+
+On the other hand, this also means that they are not bound to the scalability
+limits associated with the cluster stack (no 16-node corosync member limits to
+deal with). That isn't to say that guest nodes can scale indefinitely, but it
+is known that guest nodes scale horizontally much further than cluster nodes.
+
+Other than the quorum limitation, these guest nodes behave just like cluster
+nodes with respect to resource management. The cluster is fully capable of
+managing and monitoring resources on each guest node. You can build constraints
+against guest nodes, put them in standby, or do whatever else you'd expect to
+be able to do with cluster nodes. They even show up in `crm_mon` output as
+nodes.
+
+To solidify the concept, below is an example that is very similar to an actual
+deployment we test in our developer environment to verify guest node scalability:
+
+* 16 cluster nodes running the full corosync + pacemaker stack
+* 64 Pacemaker-managed virtual machine resources running pacemaker_remote configured as guest nodes
+* 64 Pacemaker-managed webserver and database resources configured to run on the 64 guest nodes
+
+With this deployment, you would have 64 webservers and databases running on 64
+virtual machines on 16 hardware nodes, all of which are managed and monitored by
+the same Pacemaker deployment. It is known that pacemaker_remote can scale to
+these lengths and possibly much further depending on the specific scenario.
+
+
+== Remote Nodes ==
+(((remote node)))
+(((node,remote node)))
+
+*"I want my traditional high-availability cluster to scale beyond the limits
+imposed by the corosync messaging layer."*
+
+Ultimately, the primary advantage of remote nodes over cluster nodes is
+scalability. There are likely some other use cases related to geographically
+distributed HA clusters that remote nodes may serve a purpose in, but those use
+cases are not well understood at this point.
+
+The only limitations remote nodes have that cluster nodes do not is the ability
+to take place in cluster quorum, and the ability to execute fencing agents via
+stonith. That is not to say, however, that fencing of a remote node works any
+differently than that of a cluster node. The Pacemaker policy engine
+understands how to fence remote nodes. As long as a fencing device exists, the
+cluster is capable of ensuring remote nodes are fenced in the exact same way as
+cluster nodes.
== Expanding the Cluster Stack ==
-=== Traditional HA Stack ===
-
-image::images/pcmk-ha-cluster-stack.png["The Traditional Pacemaker Corosync HA Stack.",width="17cm",height="9cm",align="center"]
+With pacemaker_remote, the traditional view of the high-availability stack can
+be expanded to include a new layer:
-=== Remote-Node Enabled HA Stack Using Virtual guest nodes ===
+.Traditional HA Stack
+image::images/pcmk-ha-cluster-stack.png["Traditional Pacemaker+Corosync Stack",width="17cm",height="9cm",align="center"]
-image::images/pcmk-ha-remote-stack.png["Placing Pacemaker Remote into the Traditional HA Stack.",width="20cm",height="10cm",align="center"]
+.HA Stack With Guest Nodes
+image::images/pcmk-ha-remote-stack.png["Pacemaker+Corosync Stack With pacemaker_remote",width="20cm",height="10cm",align="center"]
diff --git a/doc/Pacemaker_Remote/en-US/Ch-KVM-Tutorial.txt b/doc/Pacemaker_Remote/en-US/Ch-KVM-Tutorial.txt
index 668bc7eaec..4714225f6d 100644
--- a/doc/Pacemaker_Remote/en-US/Ch-KVM-Tutorial.txt
+++ b/doc/Pacemaker_Remote/en-US/Ch-KVM-Tutorial.txt
@@ -1,475 +1,489 @@
-= KVM Walk-through =
+= Guest Node Walk-through =
*What this tutorial is:* An in-depth walk-through of how to get Pacemaker to
manage a KVM guest instance and integrate that guest into the cluster as a
guest node.
*What this tutorial is not:* A realistic deployment scenario. The steps shown
here are meant to get users familiar with the concept of guest nodes as quickly
as possible.
-== Step 1: Setup the Host ==
+== Configure the Physical Host ==
=== SElinux and Firewall ===
In order to simplify this tutorial, we will disable SELinux and the local
firewall on the host. This may create significant security issues and should
not be performed on machines that will be exposed to the outside world, but may
be appropriate during development and testing on a protected host.
----
# setenforce 0
# sed -i.bak "s/SELINUX=enforcing/SELINUX=permissive/g" /etc/selinux/config
# systemctl disable firewalld.service
# systemctl stop firewalld.service
# iptables --flush
----
=== Install Cluster Software ===
----
# yum install -y pacemaker corosync pcs resource-agents
----
-=== Setup Corosync ===
+=== Configure Corosync ===
-Corosync handles pacemaker's cluster membership and messaging. The corosync config file is located in /etc/corosync/corosync.conf. That config file must be initialized with information about the cluster-nodes before pacemaker can start.
+Corosync handles pacemaker's cluster membership and messaging. The corosync
+config file is located in /etc/corosync/corosync.conf. That config file must be
+initialized with information about the cluster nodes before pacemaker can
+start.
To initialize the corosync config file, execute the following pcs command on both nodes filling in the information in <> with your nodes' information.
----
# pcs cluster setup --force --local --name mycluster
----
=== Verify Cluster Software ===
Start the cluster
----
# pcs cluster start
----
Verify corosync membership
----
# pcs status corosync
Membership information
Nodeid Votes Name
1795270848 1 example-host (local)
----
Verify pacemaker status. At first, the output will look like this:
----
# pcs status
Last updated: Thu Mar 14 12:26:00 2013
Last change: Thu Mar 14 12:25:55 2013 via crmd on example-host
Stack: corosync
Current DC:
Version: 1.1.10
1 Nodes configured, unknown expected votes
0 Resources configured.
----
After about a minute you should see your host as a single node in the cluster.
----
# pcs status
Last updated: Thu Mar 14 12:28:23 2013
Last change: Thu Mar 14 12:25:55 2013 via crmd on example-host
Stack: corosync
Current DC: example-host (1795270848) - partition WITHOUT quorum
Version: 1.1.8-9b13ea1
1 Nodes configured, unknown expected votes
0 Resources configured.
Online: [ example-host ]
----
Go ahead and stop the cluster for now after verifying everything is in order.
----
# pcs cluster stop
----
=== Install Virtualization Software ===
----
# yum install -y kvm libvirt qemu-system qemu-kvm bridge-utils virt-manager
# systemctl enable libvirtd.service
----
reboot the host
[NOTE]
======
While KVM is used in this example, any virtualization platform with a Pacemaker
resource agent can be used to create a guest node. The resource agent needs
only to support usual commands (start, stop, etc.); Pacemaker implements the
*remote-node* meta-attribute, independent of the agent.
======
-== Step2: Create the KVM guest ==
+== Configure the KVM guest ==
-I am not going to outline the installation steps required to create a kvm guest. There are plenty of tutorials available elsewhere that do that. I recommend using a Fedora 18 or greater distro as your guest as that is what I am testing this tutorial with.
+=== Create Guest ===
-=== Setup Guest Network ===
+I am not going to outline the installation steps required to create a KVM
+guest. There are plenty of tutorials available elsewhere that do that.
+
+=== Configure Guest Network ===
Run the commands below to set up a static ip address (192.168.122.10) and hostname (guest1).
----
export remote_hostname=guest1
export remote_ip=192.168.122.10
export remote_gateway=192.168.122.1
yum remove -y NetworkManager
rm -f /etc/hostname
cat << END >> /etc/hostname
$remote_hostname
END
hostname $remote_hostname
cat << END >> /etc/sysconfig/network
HOSTNAME=$remote_hostname
GATEWAY=$remote_gateway
END
sed -i.bak "s/.*BOOTPROTO=.*/BOOTPROTO=none/g" /etc/sysconfig/network-scripts/ifcfg-eth0
cat << END >> /etc/sysconfig/network-scripts/ifcfg-eth0
IPADDR0=$remote_ip
PREFIX0=24
GATEWAY0=$remote_gateway
DNS1=$remote_gateway
END
systemctl restart network
systemctl enable network.service
systemctl enable sshd
systemctl start sshd
echo "checking connectivity"
ping www.google.com
----
To simplify the tutorial we'll go ahead and disable selinux on the guest. We'll also need to poke a hole through the firewall on port 3121 (the default port for pacemaker_remote) so the host can contact the guest.
----
# setenforce 0
# sed -i.bak "s/SELINUX=enforcing/SELINUX=permissive/g" /etc/selinux/config
# firewall-cmd --add-port 3121/tcp --permanent
----
If you still encounter connection issues, just disable firewalld on the guest
like we did on the host, to guarantee you'll be able to contact the guest from
the host.
At this point you should be able to ssh into the guest from the host.
-=== Setup Pacemaker Remote ===
+=== Configure pacemaker_remote ===
On the 'host' machine, run these commands to generate an authkey and copy it to
the /etc/pacemaker folder on both the host and guest.
----
-# mkdir /etc/pacemaker
+# mkdir -p --mode=0750 /etc/pacemaker
+# chgrp haclient /etc/pacemaker
# dd if=/dev/urandom of=/etc/pacemaker/authkey bs=4096 count=1
# scp -r /etc/pacemaker root@192.168.122.10:/etc/
----
Now on the 'guest', install the pacemaker-remote package, and enable the daemon
to run at startup. In the commands below, you will notice the pacemaker
package is also installed. It is not required; the only reason it is being
installed for this tutorial is because it contains the a Dummy resource agent
that we will use later for testing.
----
# yum install -y pacemaker pacemaker-remote resource-agents
# systemctl enable pacemaker_remote.service
----
Now start pacemaker_remote on the guest and verify the start was successful.
----
# systemctl start pacemaker_remote.service
# systemctl status pacemaker_remote
pacemaker_remote.service - Pacemaker Remote Service
Loaded: loaded (/usr/lib/systemd/system/pacemaker_remote.service; enabled)
Active: active (running) since Thu 2013-03-14 18:24:04 EDT; 2min 8s ago
Main PID: 1233 (pacemaker_remot)
CGroup: name=systemd:/system/pacemaker_remote.service
└─1233 /usr/sbin/pacemaker_remoted
Mar 14 18:24:04 guest1 systemd[1]: Starting Pacemaker Remote Service...
Mar 14 18:24:04 guest1 systemd[1]: Started Pacemaker Remote Service.
Mar 14 18:24:04 guest1 pacemaker_remoted[1233]: notice: lrmd_init_remote_tls_server: Starting a tls listener on port 3121.
----
=== Verify Host Connection to Guest ===
Before moving forward, it's worth verifying that the host can contact the guest
on port 3121. Here's a trick you can use. Connect using ssh from the host. The
connection will get destroyed, but how it is destroyed tells you whether it
worked or not.
First add guest1 to the host machine's /etc/hosts file if you haven't already. This is required unless you have dns setup in a way where guest1's address can be discovered.
----
# cat << END >> /etc/hosts
192.168.122.10 guest1
END
----
If running the ssh command on one of the cluster nodes results in this
output before disconnecting, the connection works.
----
# ssh -p 3121 guest1
ssh_exchange_identification: read: Connection reset by peer
----
If you see this, the connection is not working.
----
# ssh -p 3121 guest1
ssh: connect to host guest1 port 3121: No route to host
----
Once you can successfully connect to the guest from the host, shutdown the guest. Pacemaker will be managing the virtual machine from this point forward.
-== Step3: Integrate KVM guest into Cluster. ==
+== Integrate Guest into Cluster ==
Now the fun part, integrating the virtual machine you've just created into the cluster. It is incredibly simple.
=== Start the Cluster ===
On the host, start pacemaker.
----
# pcs cluster start
----
Wait for the host to become the DC. The output of `pcs status` should look
similar to this after about a minute.
----
Last updated: Thu Mar 14 16:41:22 2013
Last change: Thu Mar 14 16:41:08 2013 via crmd on example-host
Stack: corosync
Current DC: example-host (1795270848) - partition WITHOUT quorum
Version: 1.1.10
1 Nodes configured, unknown expected votes
0 Resources configured.
Online: [ example-host ]
----
-Now enable the cluster to work without quorum or stonith. This is required just for the sake of getting this tutorial to work with a single cluster-node.
+Now enable the cluster to work without quorum or stonith. This is required
+just for the sake of getting this tutorial to work with a single cluster node.
----
# pcs property set stonith-enabled=false
# pcs property set no-quorum-policy=ignore
----
-=== Integrate KVM Guest as remote-node ===
+=== Integrate as Guest Node ===
If you didn't already do this earlier in the verify host to guest connection section, add the KVM guest's ip to the host's /etc/hosts file so we can connect by hostname. The command below will do that if you used the same ip address I used earlier.
----
# cat << END >> /etc/hosts
192.168.122.10 guest1
END
----
We will use the *VirtualDomain* resource agent for the management of the
virtual machine. This agent requires the virtual machine's XML config to be
dumped to a file on disk. To do this, pick out the name of the virtual machine
you just created from the output of this list.
....
# virsh list --all
Id Name State
----------------------------------------------------
- guest1 shut off
....
In my case I named it guest1. Dump the xml to a file somewhere on the host using the following command.
----
# virsh dumpxml guest1 > /root/guest1.xml
----
Now just register the resource with pacemaker and you're set!
----
# pcs resource create vm-guest1 VirtualDomain hypervisor="qemu:///system" config="/root/guest1.xml" meta remote-node=guest1
----
Once the *vm-guest1* resource is started you will see *guest1* appear in the
`pcs status` output as a node. The final `pcs status` output should look
something like this.
----
Last updated: Fri Mar 15 09:30:30 2013
Last change: Thu Mar 14 17:21:35 2013 via cibadmin on example-host
Stack: corosync
Current DC: example-host (1795270848) - partition WITHOUT quorum
Version: 1.1.10
2 Nodes configured, unknown expected votes
2 Resources configured.
Online: [ example-host guest1 ]
Full list of resources:
vm-guest1 (ocf::heartbeat:VirtualDomain): Started example-host
----
=== Starting Resources on KVM Guest ===
-The commands below demonstrate how resources can be executed on both the remote-node and the cluster-node.
+The commands below demonstrate how resources can be executed on both the
+guest node and the cluster node.
Create a few Dummy resources. Dummy resources are real resource agents used just for testing purposes. They actually execute on the host they are assigned to just like an apache server or database would, except their execution just means a file was created. When the resource is stopped, that the file it created is removed.
----
# pcs resource create FAKE1 ocf:pacemaker:Dummy
# pcs resource create FAKE2 ocf:pacemaker:Dummy
# pcs resource create FAKE3 ocf:pacemaker:Dummy
# pcs resource create FAKE4 ocf:pacemaker:Dummy
# pcs resource create FAKE5 ocf:pacemaker:Dummy
----
Now check your `pcs status` output. In the resource section, you should see
something like the following, where some of the resources started on the
cluster node, and some started on the guest node.
----
Full list of resources:
vm-guest1 (ocf::heartbeat:VirtualDomain): Started example-host
FAKE1 (ocf::pacemaker:Dummy): Started guest1
FAKE2 (ocf::pacemaker:Dummy): Started guest1
FAKE3 (ocf::pacemaker:Dummy): Started example-host
FAKE4 (ocf::pacemaker:Dummy): Started guest1
FAKE5 (ocf::pacemaker:Dummy): Started example-host
----
The guest node, *guest1*, reacts just like any other node in the cluster. For
example, pick out a resource that is running on your cluster node. For my
purposes, I am picking FAKE3 from the output above. We can force FAKE3 to run
on *guest1* in the exact same way we would any other node.
----
# pcs constraint FAKE3 prefers guest1
----
Now, looking at the bottom of the `pcs status` output you'll see FAKE3 is on
*guest1*.
----
Full list of resources:
vm-guest1 (ocf::heartbeat:VirtualDomain): Started example-host
FAKE1 (ocf::pacemaker:Dummy): Started guest1
FAKE2 (ocf::pacemaker:Dummy): Started guest1
FAKE3 (ocf::pacemaker:Dummy): Started guest1
FAKE4 (ocf::pacemaker:Dummy): Started example-host
FAKE5 (ocf::pacemaker:Dummy): Started example-host
----
-=== Testing Remote-node Recovery and Fencing ===
+=== Testing Recovery and Fencing ===
-Pacemaker's policy engine is smart enough to know fencing remote-nodes associated with a virtual machine means shutting off/rebooting the virtual machine. No special configuration is necessary to make this happen. If you are interested in testing this functionality out, trying stopping the guest's pacemaker_remote daemon. This would be equivalent of abruptly terminating a cluster-node's corosync membership without properly shutting it down.
+Pacemaker's policy engine is smart enough to know fencing guest nodes
+associated with a virtual machine means shutting off/rebooting the virtual
+machine. No special configuration is necessary to make this happen. If you
+are interested in testing this functionality out, trying stopping the guest's
+pacemaker_remote daemon. This would be equivalent of abruptly terminating a
+cluster node's corosync membership without properly shutting it down.
ssh into the guest and run this command.
----
# kill -9 `pidof pacemaker_remoted`
----
After a few seconds or so, you'll see this in your `pcs status` output. The
*guest1* node will be show as offline as it is being recovered.
----
Last updated: Fri Mar 15 11:00:31 2013
Last change: Fri Mar 15 09:54:16 2013 via cibadmin on example-host
Stack: corosync
Current DC: example-host (1795270848) - partition WITHOUT quorum
Version: 1.1.10
2 Nodes configured, unknown expected votes
7 Resources configured.
Online: [ example-host ]
OFFLINE: [ guest1 ]
Full list of resources:
vm-guest1 (ocf::heartbeat:VirtualDomain): Started example-host
FAKE1 (ocf::pacemaker:Dummy): Stopped
FAKE2 (ocf::pacemaker:Dummy): Stopped
FAKE3 (ocf::pacemaker:Dummy): Stopped
FAKE4 (ocf::pacemaker:Dummy): Started example-host
FAKE5 (ocf::pacemaker:Dummy): Started example-host
Failed actions:
guest1_monitor_30000 (node=example-host, call=3, rc=7, status=complete): not running
----
Once recovery of the guest is complete, you'll see it automatically get
re-integrated into the cluster. The final `pcs status` output should look
something like this.
----
Last updated: Fri Mar 15 11:03:17 2013
Last change: Fri Mar 15 09:54:16 2013 via cibadmin on example-host
Stack: corosync
Current DC: example-host (1795270848) - partition WITHOUT quorum
Version: 1.1.10
2 Nodes configured, unknown expected votes
7 Resources configured.
Online: [ example-host guest1 ]
Full list of resources:
vm-guest1 (ocf::heartbeat:VirtualDomain): Started example-host
FAKE1 (ocf::pacemaker:Dummy): Started guest1
FAKE2 (ocf::pacemaker:Dummy): Started guest1
FAKE3 (ocf::pacemaker:Dummy): Started guest1
FAKE4 (ocf::pacemaker:Dummy): Started example-host
FAKE5 (ocf::pacemaker:Dummy): Started example-host
Failed actions:
guest1_monitor_30000 (node=example-host, call=3, rc=7, status=complete): not running
----
-=== Accessing Cluster Tools from Remote-node ===
+=== Accessing Cluster Tools from Guest Node ===
Besides allowing the cluster to manage resources on a guest node,
pacemaker_remote has one other trick. The pacemaker_remote daemon allows
nearly all the pacemaker tools (`crm_resource`, `crm_mon`, `crm_attribute`,
`crm_master`, etc.) to work on guest nodes natively.
Try it: Run `crm_mon` or `pcs status` on the guest after pacemaker has
integrated the guest node into the cluster. These tools just work. This
means resource agents such as master/slave resources which need access to tools
like `crm_master` work seamlessly on the guest nodes.
[NOTE]
======
It is possible to run `pacemaker_remote` inside an LXC container instead of
a virtual machine, following a similar process. This approach is deprecated
since Pacemaker now has built-in support for managing containers and services
inside containers.
It can still be a useful alternative however, especially in testing scenarios,
to simulate a large number of guest nodes. The *pacemaker-cts* packages includes
a helpful script, +/usr/share/pacemaker/tests/cts/lxc_autogen.sh+, for generating
libvirt XML files for LXC containers. The configuration is otherwise very similar
to guest nodes; the *VirtualDomain* resource for a container will need the options
*force_stop="true" hypervisor="lxc:///"*.
======
diff --git a/doc/Pacemaker_Remote/en-US/Ch-Options.txt b/doc/Pacemaker_Remote/en-US/Ch-Options.txt
index 862c91b2e7..b82971c247 100644
--- a/doc/Pacemaker_Remote/en-US/Ch-Options.txt
+++ b/doc/Pacemaker_Remote/en-US/Ch-Options.txt
@@ -1,93 +1,98 @@
= Configuration Explained =
-The walk-through examples use some of these options, but don't explain exactly what they mean or do. This section is meant to be the go-to resource for all the options available for configuring remote-nodes.
+The walk-through examples use some of these options, but don't explain exactly
+what they mean or do. This section is meant to be the go-to resource for all
+the options available for configuring pacemaker_remote-based nodes.
+(((configuration)))
== Resource Meta-Attributes for Guest Nodes ==
When configuring a virtual machine to use as a guest node, these are the
metadata options available to enable the resource as a guest node and
define its connection parameters.
.Meta-attributes for configuring VM resources as guest nodes
[width="95%",cols="2m,1,4<",options="header",align="center"]
|=========================================================
|Option
|Default
|Description
|remote-node
|'none'
|The node name of the guest node this resource defines. This both enables the
resource as a guest node and defines the unique name used to identify the
guest node. If no other parameters are set, this value will also be assumed as
the hostname to use when connecting to pacemaker_remote on the VM. This value
*must not* overlap with any resource or node IDs.
|remote-port
|3121
-|Configure a custom port to use for the guest connection to pacemaker_remote.
+|The port on the virtual machine that the cluster will use to connect to
+pacemaker_remote.
|remote-addr
|'value of' +remote-node+
|The IP address or hostname to use when connecting to pacemaker_remote on the VM.
|remote-connect-timeout
|60s
|How long before a pending guest connection will time out.
|=========================================================
-== Baremetal remote-node Options ==
+== Connection Resources for Remote Nodes ==
-Baremetal remote-nodes are defined by a connection resource. That connection resource has the following instance attributes that define where the baremetal remote-node is located on the network and how to communicate with that remote-node. Descriptions of these options can be retrieved using the following pcs command.
+A remote node is defined by a connection resource. That connection resource
+has instance attributes that define where the remote node is located on the
+network and how to communicate with it.
+Descriptions of these instance attributes can be retrieved using the following
+`pcs` command:
----
# pcs resource describe remote
ocf:pacemaker:remote -
Resource options:
server: Server location to connect to. This can be an ip address or hostname.
port: tcp port to connect to.
----
When defining a remote node's connection resource, it is common and recommended
to name the connection resource the same as the remote node's hostname. By
default, if no *server* option is provided, the cluster will attempt to contact
the remote node using the resource name as the hostname.
Example defining a remote node with the hostname *remote1*:
----
# pcs resource create remote1 remote
----
-Example, defining a baremetal remote-node to connect to a specific ip and port.
+Example defining a remote node to connect to a specific IP address and port:
----
# pcs resource create remote1 remote server=192.168.122.200 port=8938
----
-== Host and Guest Authentication ==
+== Secure Communication ==
Authentication and encryption of the connection between cluster nodes
and nodes running pacemaker_remote is achieved using
with https://en.wikipedia.org/wiki/TLS-PSK[TLS-PSK] encryption/authentication
over TCP (port 3121 by default). This means that both the cluster node and
remote node must share the same private key. By default, this
key is placed at +/etc/pacemaker/authkey+ on each node.
-== Pacemaker and pacemaker_remote Options ==
-
You can change the default port and/or key location for Pacemaker and
pacemaker_remote via environment variables. These environment variables can be
enabled by placing them in the +/etc/sysconfig/pacemaker+ file.
----
#==#==# Pacemaker Remote
# Use a custom directory for finding the authkey.
PCMK_authkey_location=/etc/pacemaker/authkey
#
# Specify a custom port for Pacemaker Remote connections
PCMK_remote_port=3121
----
-