Beruflich Dokumente
Kultur Dokumente
https://confluence.app.alcatel-
lucent.com/display/plateng/CHAS+-+Cluster+HA+Guide
1. Overview
The CHAS asset consists of four components:
1.1.1. Cluster HA
Cluster HA is a base module that can be used to manage a set of nodes and create high availability
clusters. The clustering infrastructure is based on the keepalived package. If quorum based clustering
is desired, a cluster can be configured using etcd based raft leader election. HA clustering supports
plugin health checks that run locally on each node. When a node fails a heartbeat or a health check,
resources such as VIPs can be transitioned to other nodes in the cluster. The HA component provides
the ability for users to create plugins that will be invoked periodically to check the functionality
monitored by the plugin and to provide notification of node state transitions.
This component provides tools to configure keepalived and quorum clusters (including associated
VIPs) and to add health-check plugins.
NOTE: Prior to R17.6 this component only supported OAME and was known as OAMEHA.
1.1.2. Syncer
This component provides automatic synchronization of files from a designated master node to the
rest of the nodes on the system. Typically the files handled by Syncer would be system configuration
files that must be synchronized across the cluster. Syncer will automatically detect when a file has
been changed using Linux interfaces and replicate changed files. This component will provide a
mechanism for configuring the files requiring synchronization which can be used by other
components in the CSF framework. It is not recommended to use Syncer with files that are large or
have a high frequency of updates.
The Syncer SW module could be integrated with Cluster HA module providing an incremental HA
capabilities. The technical details, such as SW installation, configuration, maintenance, artifacts access,
etc. information could be found at Syncer Guide page.
NOTE: Prior to R17.6 this component only supported OAME and was known as OAMESYNC and may
not be compatible with Syncer.
1.1.3. SystemD
SystemD is Red Hat service that provides process/service management functionality. It provides a
sequenced initialization mechanism to manage sets of services/processes corresponding to an
application It supports system initialization with a dependency system for 12 different types of units.
However usage is complex. This component provides tools and information to facilitate usage of
SystemD.
In order to provide sequencing and watchdog support all application processes are grouped into a
SystemD application target, app.target. This allows application processes to be started, stopped and
synchronized as a group. The application target is managed by a new tool, app-service, which can be
used to add, restart, stop, start, enable, disable and remove components from SystemD. The app-
service tool works with a service template that is configured to allow correct initialization sequencing,
process sanity monitoring and process restarts on failures. The services/processes that can run within
this framework must either be built using native SystemD synchronization/heartbeat interfaces
(provided in SystemD library), or, if that is not possible, a third party interface is also provided.
The third party interface does not require native support of SystemD interfaces, instead the module
needs to provide a script that can accept stop, start, check and abort inputs and perform necessary
actions.This domain will provide a proxy process (app-proxy) that will perform necessary handshaking
with SystemD.
This component is infrastructure agnostic and will work equally well in hardware based as well as
virtual environments.
The SystemD SW module could be integrated with Cluster HA module providing an incremental HA
capabilities. The technical details, such as SW installation, configuration, maintenance, artifacts access,
etc. information could be found at SystemD Guide page.
1.1.4. Netmon
This component provides for network connectivity monitoring from a node to an external endpoint (IP
Address). Netmon also provides integration with Cluster HA for escalation purposes of failed critical
networks on an Active node of an HA group, and for plugin check failure notification on failed critical
networks on Standby nodes of an HA group.
2. Installation guide
2.1. Installers
2.1.1. Native
Follow Install via RPM procedure.
2.1.3. Cloud
For standalone install follow Install via RPM procedure.
2.1.4. Container
Not supported.
2.2. Prerequisites
When installing via LCM/CBAM sdc and ipconfig roles must be included as dependencies. For
standalone install the keepalived and ha rpm have all the necessary dependencies included and
should downloaded from standard Red Hat repo.
In order to configure the keepalived cluster it is required that all necessary IP connectivity and VIPs be
provided. This component is built on top of the environment infrastructure.
ha-lcm-<version>.tgz
LCM installation package
Bundles
keepalived- keepalived installation package
<version>.el7.x86_64.rpm
To install HA:
1. Download RPMs
2. Configure keepalived.conf
3. Configure firewalld
Download RPMs
If the appos or oame image is being used, HA is
available by default. If a custom image is used,
download the KeepaliveD and ha rpms provided
in the artifact links as well as the open source
python modules and libraries those rpms
depend on.
Configure keepalived.conf
The ha rpm delivers a basic template for
keepalived configuration in
/etc/keepalived/keepalived.conf.tmpl file. This
file configures keepalived for VIP failover and
plugin support. It should be edited with
installation specific information and used to
replace /etc/keepalived.conf file. Please see
configuration method Configuration via Flat File.
Configure
/usr/libexec/keepalived/matereset
The ha component provides the ability to trigger
a cleanup of the previous ACTIVE node using
/usr/libexec/keepalived/matereset hook. If that
file is present and executable ha will execute it
when transitioning the node to ACTIVE. A simple
template is provided in
/usr/libexec/keepalived/matereset.tmpl which
basically triggers ha restart on the mate node. If
that is all that is desired update the %mate_ip%
with the IP of the mate node and copy
matereset.tmpl to matereset. On bare metal this
hook can be used to also trigger hardware
based resets of the mate if it is not reachable
through ssh. matereset hook is only applicable
to ACTIVE/STANDBY two node configuration, it
will not work if more than two nodes are present
in the HA cluster as the previous ACTIVE node is
not known.
Configure Firewall
Firewall needs to be configured to provide
keepalived advertisement access:
For IPv4:
firewall-cmd --reload
For IPv6:
firewall-cmd --reload
1. Download RPMs
2. Create /etc/ha/clusters.json file
3. Run /usr/libexec/ha/genetcdconf.py
4. Run ha start all
Download RPMs
If the appos or oame image is being used, HA is
available by default. If a custom image is used,
download the etcd and ha rpms provided in the
artifact links as well as the open source python
modules and libraries those rpms depend on.
Run /usr/libexec/ha/genetcdconf.py
3. OAM guide
3.1. Dimensioning
HA clustering supports up to 9 nodes. The most common usage is a two node ACTIVE/STANDBY
configuration. If raft deployment is configured then at least 3 nodes are required to achieve quorum
and have redundancy.
3.2. Configuration
ha role [ cluster_name ]
ha switch [ cluster_name ]
ha rm plugin_name [ cluster_name ]
ha listfull
ha enable option
ha disable option
ha restart [ cluster_name ]
DEVICE=eth1
USERCTL=no
BOOTPROTO=static
ONBOOT=no
IPADDR=192.168.3.14
PREFIX=24
HA_VIP=yes
Raft cluster
CHAS-Alarms_NIDD_v1.0.xlsm
4. Performance guide
Not Applicable.
5. Security guide
(Y, N, N/A)
Y Appendix 2: Security
Security architecture
Architecture Specification
specification available
Security deliverables Answer Artifacts Comments
(Y, N, N/A)
Input
Vulnerability Y
CHAS:
management: 3rd
party SW components Pajerski, Adam (Nokia -
registered in VAMS. US/Naperville)
Hardening Y Hardening_Check_List_HA
specifications
(checklist).
Encryption N/A
6. Integration guide