集群笔记-fence

fence机制: 隔离主机到存储的连接

 

配置fence_xvm步骤 KVM fence

请问物理机器需要真实的fence 设备吗? 否

一、将物理机器(宿主机)f0配置成fence设备

1. 安装fence设备软件包

#yum -y  install fence-virtd-libvirt.x86_64  fence-virtd fence-virtd-multicast.x86_64

 

2. 生成对称的秘钥对

#mkdir /etc/cluster

#dd if=/dev/urandom of=/etc/cluster/fence_xvm.key bs=1k count=4

 

3. 给f0设备的virbr1设置对应的IP地址,如: 192.168.0.99 ,该IP地址必须能与nodea和nodeb的集群网络通讯

 

# cat /etc/libvirt/qemu/nodea.xml

<interface type='bridge'>

      <mac address='52:54:00:02:00:0a'/>

      <source bridge='virbr1'/>

      <model type='virtio'/>

      <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>

</interface>

 

#cat /etc/libvirt/qemu/networks/privnet.xml

<network ipv6='yes'>

  <name>privnet</name>

  <uuid>b2eb5995-3e5b-49ad-bc00-622d38a06ff4</uuid>

  <bridge name='virbr1' stp='on' delay='0'/>

  <mac address='52:54:00:13:83:3f'/>

  <ip address='192.168.0.99' netmask='255.255.255.0'>

  </ip>

</network>

 

#systemctl restart libvirtd

 

or:

#ifconfig virbr1  192.168.0.99

 

4. 在两个集群节点上分别创建/etc/cluster目录

#mkdir /etc/cluster

 

5. 将f0上面的/etc/cluster/fence_xvm.key秘钥分别复制到集群节点的对应目录,目录和文件名必须保持一致

f0#scp /etc/cluster/fence_xvm.key  root@nodea:/etc/cluster

f0#scp /etc/cluster/fence_xvm.key  root@nodeb:/etc/cluster

 

6. 配置f0 fence

#fence_virtd -c

Interface [virbr0]: virbr1

# systemctl enable fence_virtd && systemctl start fence_virtd

 

至此f0配置完成

 

二、在集群节点上配置fence

1. 在所有的集群节点上开启1229端口

[root@nodea ~]#firewall-cmd --permanent --add-port=1229/tcp

[root@nodea~]# firewall-cmd --permanent --add-port=1229/udp

[root@nodea ~]# firewall-cmd –reload

 

[root@nodeb ~]#firewall-cmd --permanent --add-port=1229/tcp

[root@nodeb ~]# firewall-cmd --permanent --add-port=1229/udp

[root@nodeb ~]# firewall-cmd –reload

 

2. 创建fence设备 (在集群任一节点做即可)

#pcs stonith create fence_nodea fence_xvm port='nodea' pcmk_host_list='nodea.private.example.com'

 

#pcs stonith create fence_nodeb fence_xvm port='nodeb' pcmk_host_list='nodeb.private.example.com'

 

[root@nodeb ~]# pcs stonith show

 fence_nodea    (stonith:fence_xvm):  Started

 fence_nodeb    (stonith:fence_xvm):  Started

[root@nodeb ~]# pcs stonith show --full

 Resource: fence_nodea (class=stonith type=fence_xvm)

  Attributes: port=nodea pcmk_host_list=nodea.private.example.com

  Operations: monitor interval=60s (fence_nodea-monitor-interval-60s)

 Resource: fence_nodeb (class=stonith type=fence_xvm)

  Attributes: port=nodeb pcmk_host_list=nodeb.private.example.com

  Operations: monitor interval=60s (fence_nodeb-monitor-interval-60s)

 

 

3. 测试fence

[root@nodeb ~]# pcs stonith fence nodea.private.example.com

 

or

[root@nodeb ~]#ifdown eth1

 

报错分析

[root@nodeb ~]# pcs stonith fence nodea.private.example.com

Error: unable to fence 'nodea.private.example.com'

Command failed: No route to host

这个报错可以通过重启fence解决

[root@foundation0 networks]# systemctl restart fence_virtd.service

上一篇:luoguP2205 [USACO13JAN]Painting the Fence S(差分 扫描线思想)


下一篇:(力扣)面试题 01.03. URL化