2.4. Configuring a High Availability pcsd Web UI

When you use the pcsd Web UI, you connect to one of the nodes of the cluster to display the cluster management pages. If the node to which you are connecting goes down or becomes unavailable, you can reconnect to the cluster by opening your browser to a URL that specifies a different node of the cluster. It is possible, however, to configure the pcsd Web UI itself for high availability, in which case you can continue to manage the cluster without entering a new URL.
To configure the pcsd Web UI for high availability, perform the following steps.
  1. Ensure that PCSD_SSL_CERT_SYNC_ENABLED is set to true in the /etc/sysconfig/pcsd configuration file, which is the default value in RHEL 7. Enabling certificate syncing causes pcsd to sync the pcsd certificates for the cluster setup and node add commands.
  2. Create an IPaddr2 cluster resource, which is a floating IP address that you will use to connect to the pcsd Web UI. The IP address must not be one already associated with a physical node. If the IPaddr2 resource’s NIC device is not specified, the floating IP must reside on the same network as one of the node’s statically assigned IP addresses, otherwise the NIC device to assign the floating IP address cannot be properly detected.
  3. Create custom SSL certificates for use with pcsd and ensure that they are valid for the addresses of the nodes used to connect to the pcsd Web UI.
    1. To create custom SSL certificates, you can use either wildcard certificates or you can use the Subject Alternative Name certificate extension. For information on the Red Hat Certificate System, see the Red Hat Certificate System Administration Guide.
    2. Install the custom certificates for pcsd with the pcs pcsd certkey command.
    3. Sync the pcsd certificates to all nodes in the cluster with the pcs pcsd sync-certificates command.
  4. Connect to the pcsd Web UI using the floating IP address you configured as a cluster resource.

Note

Even when you configure the pcsd Web UI for high availability, you will be asked to log in again when the node to which you are connecting goes down.