<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>Hi all,<br>I deployed a 2 nodes (physical) RHCS Pacemaker cluster on CentOS 6.5 x86_64 (fully up-to-date) with:<br><br>cman-3.0.12.1-59.el6_5.2.x86_64<br>pacemaker-1.1.10-14.el6_5.3.x86_64<br>pcs-0.9.90-2.el6.centos.3.noarch<br>qemu-kvm-0.12.1.2-2.415.el6_5.10.x86_64<br>qemu-kvm-tools-0.12.1.2-2.415.el6_5.10.x86_64<br>drbd-utils-8.9.0-1.el6.x86_64<br>drbd-udev-8.9.0-1.el6.x86_64<br>drbd-rgmanager-8.9.0-1.el6.x86_64<br>drbd-bash-completion-8.9.0-1.el6.x86_64<br>drbd-pacemaker-8.9.0-1.el6.x86_64<br>drbd-8.9.0-1.el6.x86_64<br>drbd-km-2.6.32_431.20.3.el6.x86_64-8.4.5-1.x86_64<br>kernel-2.6.32-431.20.3.el6.x86_64<br><br>The aim is to run KVM virtual machines backed by DRBD (8.4.5) in an active/passive mode (no dual primary and so no live migration).<br>Just to err on the side of consistency against HA (and to pave the way for a possible dual-primary live-migration-capable setup), I configured DRBD for resource-and-stonith with rhcs_fence (that's why I installed drbd-rgmanager) as fence-peer handler and stonith devices configured in Pacemaker (pcmk-redirect in cluster.conf).<br><br>The setup "almost" works (all seems ok with: "pcs status", "crm_mon -Arf1", "corosync-cfgtool -s", "corosync-objctl | grep member") , but every time it needs a resource promotion (to Master, i.e. becoming primary) it either fails or fences the other node (the one supposed to become Slave i.e. secondary) and only then succeeds.<br>It happens, for example both on initial resource definition (when attempting first start) and on node entering standby (when trying to automatically move the resources by stopping then starting them).<br><br>I collected a full "pcs cluster report" and I can provide a CIB dump, but I will initially paste here an excerpt from my configuration just in case it happens to be a simple configuration error that someone can spot on the fly ;&gt; (hoping...)<br><br>Keep in mind that the setup has separated redundant network connections for LAN (1 Gib/s LACP to switches), Corosync (1 Gib/s roundrobin back-to-back) and DRBD (10 Gib/s roundrobin back-to-back) and that FQDNs are correctly resolved through /etc/hosts<br><br>DRBD:<br><br>/etc/drbd.d/global_common.conf:<br><br>------------------------------------------------------------------------------------------------------<br><br>global {<br>&nbsp;&nbsp;&nbsp; usage-count no;<br>}<br><br>common {<br>&nbsp;&nbsp;&nbsp; protocol C;<br>&nbsp;&nbsp;&nbsp; disk {<br>&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; on-io-error&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; detach;<br>&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; fencing&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; resource-and-stonith;<br>&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; disk-barrier&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; no;<br>&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; disk-flushes&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; no;<br>&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; al-extents&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; 3389;<br>&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; c-plan-ahead&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; 200;<br>&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; c-fill-target&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; 15M;<br>&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; c-max-rate&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; 100M;<br>&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; c-min-rate&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; 10M;<br>&nbsp;&nbsp;&nbsp; }<br>&nbsp;&nbsp;&nbsp; net {<br>&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; after-sb-0pri&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; discard-zero-changes;<br>&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; after-sb-1pri&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; discard-secondary;<br>&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; after-sb-2pri&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; disconnect;<br>&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; csums-alg&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; sha1;<br>&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; data-integrity-alg&nbsp;&nbsp;&nbsp; sha1;<br>&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; max-buffers&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; 8000;<br>&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; max-epoch-size&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; 8000;<br>&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; unplug-watermark&nbsp;&nbsp;&nbsp; 16;<br>&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; sndbuf-size&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; 0;<br>&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; verify-alg&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; sha1;<br>&nbsp;&nbsp;&nbsp; }<br>&nbsp;&nbsp;&nbsp; startup {<br>&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; wfc-timeout&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; 300;<br>&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; outdated-wfc-timeout&nbsp;&nbsp;&nbsp; 80;<br>&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; degr-wfc-timeout&nbsp;&nbsp;&nbsp; 120;<br>&nbsp;&nbsp;&nbsp; }<br>&nbsp;&nbsp;&nbsp; handlers {<br>&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; fence-peer&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; "/usr/lib/drbd/rhcs_fence";<br>&nbsp;&nbsp;&nbsp; }<br>}<br><br>------------------------------------------------------------------------------------------------------<br><br>Sample DRBD resource (there are others, similar)<br>/etc/drbd.d/dc_vm.res:<br><br>------------------------------------------------------------------------------------------------------<br><br>resource dc_vm {<br>device&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /dev/drbd1;<br>disk&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; /dev/VolGroup00/dc_vm;<br>meta-disk&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; internal;<br>on cluster1.verolengo.privatelan {<br>address ipv4 172.16.200.1:7790;<br>}<br>on cluster2.verolengo.privatelan {<br>address ipv4 172.16.200.2:7790;<br>}<br>}<br><br>------------------------------------------------------------------------------------------------------<br><br>RHCS:<br><br>/etc/cluster/cluster.conf<br><br>------------------------------------------------------------------------------------------------------<br><br>&lt;?xml version="1.0"?&gt;<br>&lt;cluster name="vclu" config_version="14"&gt;<br>&nbsp; &lt;cman two_node="1" expected_votes="1" keyfile="/etc/corosync/authkey" transport="udpu" port="5405"/&gt;<br>&nbsp; &lt;totem consensus="60000" join="6000" token="100000" token_retransmits_before_loss_const="20" rrp_mode="passive" secauth="on"/&gt;<br>&nbsp; &lt;clusternodes&gt;<br>&nbsp;&nbsp;&nbsp; &lt;clusternode name="cluster1.verolengo.privatelan" votes="1" nodeid="1"&gt;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;altname name="clusterlan1.verolengo.privatelan" port="6405"/&gt;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;fence&gt;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;method name="pcmk-redirect"&gt;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;device name="pcmk" port="cluster1.verolengo.privatelan"/&gt;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;/method&gt;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;/fence&gt;<br>&nbsp;&nbsp;&nbsp; &lt;/clusternode&gt;<br>&nbsp;&nbsp;&nbsp; &lt;clusternode name="cluster2.verolengo.privatelan" votes="1" nodeid="2"&gt;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;altname name="clusterlan2.verolengo.privatelan" port="6405"/&gt;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;fence&gt;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;method name="pcmk-redirect"&gt;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;device name="pcmk" port="cluster2.verolengo.privatelan"/&gt;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;/method&gt;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &lt;/fence&gt;<br>&nbsp;&nbsp;&nbsp; &lt;/clusternode&gt;<br>&nbsp; &lt;/clusternodes&gt;<br>&nbsp; &lt;fencedevices&gt;<br>&nbsp;&nbsp;&nbsp; &lt;fencedevice name="pcmk" agent="fence_pcmk"/&gt;<br>&nbsp; &lt;/fencedevices&gt;<br>&nbsp; &lt;fence_daemon clean_start="0" post_fail_delay="30" post_join_delay="30"/&gt;<br>&nbsp; &lt;logging debug="on"/&gt;<br>&nbsp; &lt;rm disabled="1"&gt;<br>&nbsp;&nbsp;&nbsp; &lt;failoverdomains/&gt;<br>&nbsp;&nbsp;&nbsp; &lt;resources/&gt;<br>&nbsp; &lt;/rm&gt;<br>&lt;/cluster&gt;<br><br>------------------------------------------------------------------------------------------------------<br><br>Pacemaker:<br><br>PROPERTIES:<br><br>pcs property set default-resource-stickiness=100<br>pcs property set no-quorum-policy=ignore<br><br>STONITH:<br><br>pcs stonith create ilocluster1 fence_ilo2 action="off" delay="10" \<br>&nbsp;&nbsp;&nbsp; ipaddr="ilocluster1.verolengo.privatelan" login="cluster2" passwd="test" power_wait="4" \<br>&nbsp;&nbsp;&nbsp; pcmk_host_check="static-list" pcmk_host_list="cluster1.verolengo.privatelan" op monitor interval=60s<br>pcs stonith create ilocluster2 fence_ilo2 action="off" \<br>&nbsp;&nbsp;&nbsp; ipaddr="ilocluster2.verolengo.privatelan" login="cluster1" passwd="test" power_wait="4" \<br>&nbsp;&nbsp;&nbsp; pcmk_host_check="static-list" pcmk_host_list="cluster2.verolengo.privatelan" op monitor interval=60s<br>pcs stonith create pdu1 fence_apc action="off" \<br>&nbsp;&nbsp;&nbsp; ipaddr="pdu1.verolengo.privatelan" login="cluster" passwd="test" \<br>&nbsp;pcmk_host_map="cluster1.verolengo.privatelan:3,cluster1.verolengo.privatelan:4,cluster2.verolengo.privatelan:6,cluster2.verolengo.privatelan:7" \<br>&nbsp;&nbsp;&nbsp; pcmk_host_check="static-list" pcmk_host_list="cluster1.verolengo.privatelan,cluster2.verolengo.privatelan" op monitor interval=60s<br><br>pcs stonith level add 1 cluster1.verolengo.privatelan ilocluster1<br>pcs stonith level add 2 cluster1.verolengo.privatelan pdu1<br>pcs stonith level add 1 cluster2.verolengo.privatelan ilocluster2<br>pcs stonith level add 2 cluster2.verolengo.privatelan pdu1<br><br>pcs property set stonith-enabled=true<br>pcs property set stonith-action=off<br><br>SAMPLE RESOURCE:<br><br>pcs cluster cib dc_cfg<br>pcs -f dc_cfg resource create DCVMDisk ocf:linbit:drbd \<br>&nbsp;&nbsp;&nbsp; drbd_resource=dc_vm op monitor interval="31s" role="Master" \<br>&nbsp;&nbsp;&nbsp; op monitor interval="29s" role="Slave" \<br>&nbsp;&nbsp;&nbsp; op start interval="0" timeout="120s" \<br>&nbsp;&nbsp;&nbsp; op stop interval="0" timeout="180s"<br>pcs -f dc_cfg resource master DCVMDiskClone DCVMDisk \<br>&nbsp;&nbsp;&nbsp; master-max=1 master-node-max=1 clone-max=2 clone-node-max=1 \<br>&nbsp;&nbsp;&nbsp; notify=true target-role=Started is-managed=true<br>pcs -f dc_cfg resource create DCVM ocf:heartbeat:VirtualDomain \<br>&nbsp;&nbsp;&nbsp; config=/etc/libvirt/qemu/dc.xml migration_transport=tcp migration_network_suffix=-10g \<br>&nbsp;&nbsp;&nbsp; hypervisor=qemu:///system meta allow-migrate=false target-role=Started is-managed=true \<br>&nbsp;&nbsp;&nbsp; op start interval="0" timeout="120s" \<br>&nbsp;&nbsp;&nbsp; op stop interval="0" timeout="120s" \<br>&nbsp;&nbsp;&nbsp; op monitor interval="60s" timeout="120s"<br>pcs -f dc_cfg constraint colocation add DCVM DCVMDiskClone INFINITY with-rsc-role=Master<br>pcs -f dc_cfg constraint order promote DCVMDiskClone then start DCVM<br>pcs -f dc_cfg constraint location DCVM prefers cluster2.verolengo.privatelan=50<br>pcs cluster cib-push firewall_cfg<br><br>Since I know that pcs still has some rough edges, I installed crmsh too, but never actually used it.<br><br>Many thanks in advance for your attention.<br><br>Kind regards,<br>Giuseppe Ragusa<br><br>                                               </div></body>
</html>