After installing the virtualization software and enabling the
libvirtd service on the cluster nodes, put the same encryption key with the path
/etc/pacemaker/authkey on every cluster node and virtual machine. This secures remote communication and authentication.
Run the following set of commands on every node to create the
authkey directory with secure permissions.
mkdir -p --mode=0750 /etc/pacemaker
chgrp haclient /etc/pacemaker
The following command shows one method to create an encryption key. You should create the key only once and then copy it to all of the nodes.
dd if=/dev/urandom of=/etc/pacemaker/authkey bs=4096 count=1
On every virtual machine, install
pacemaker_remote packages, start the
pacemaker_remote service and enable it to run on startup, and allow TCP port 3121 through the firewall.
yum install pacemaker-remote resource-agents
systemctl start pacemaker_remote.service
systemctl enable pacemaker_remote.service
firewall-cmd --add-port 3121/tcp --permanent
Give each virtual machine a static network address and unique host name, which should be known to all nodes. For information on setting a static IP address for the guest virtual machine, see the Virtualization Deployment and Administration Guide.
To create the
VirtualDomain resource agent for the management of the virtual machine, Pacemaker requires the virtual machine's xml config file to be dumped to a file on disk. For example, if you created a virtual machine named
guest1, dump the xml to a file somewhere on the host. You can use a file name of your choosing; this example uses
virsh dumpxml guest1 > /etc/pacemaker/guest1.xml
If it is running, shut down the guest node. Pacemaker will start the node when it is configured in the cluster.
VirtualDomain resource, configuring the
remote-note resource meta option to indicate that the virtual machine is a guest node capable of running resources.
In the example below, the meta-attribute
remote-node=guest1 tells pacemaker that this resource is a guest node with the host name
guest1 that is capable of being integrated into the cluster. The cluster will attempt to contact the virtual machine’s
pacemaker_remote service at the host name
guest1 after it launches.
From a cluster node, enter the following command.
pcs resource create vm-guest1 VirtualDomain hypervisor="qemu:///system" config="/virtual_machines/vm-guest1.xml" meta remote-node=guest1
After creating the
VirtualDomain resource, you can treat the guest node just as you would treat any other node in the cluster. For example, you can create a resource and place a resource constraint on the resource to run on the guest node as in the following commands, which are run from a cluster node. As of Red Hat Enterprise Linux 6.8, you can include guest nodes in groups, which allows you to group a storage device, file system, and VM.
pcs resource create webserver apache params configfile=/etc/httpd/conf/httpd.conf op monitor interval=30s
pcs constraint location webserver prefers guest1