Chapter 8. Getting started with the pcsd Web UI
pcsd Web UI is a graphical user interface to create and configure Pacemaker/Corosync clusters.
8.1. Installing cluster software
The following procedure installs the cluster software and configures your system for cluster creation.
On each node in the cluster, install the Red Hat High Availability Add-On software packages along with all available fence agents from the High Availability channel.
yum install pcs pacemaker fence-agents-all
Alternatively, you can install the Red Hat High Availability Add-On software packages along with only the fence agent that you require with the following command.
yum install pcs pacemaker fence-agents-model
The following command displays a list of the available fence agents.
rpm -q -a | grep fencefence-agents-rhevm-4.0.2-3.el7.x86_64 fence-agents-ilo-mp-4.0.2-3.el7.x86_64 fence-agents-ipmilan-4.0.2-3.el7.x86_64 ...Warning
After you install the Red Hat High Availability Add-On packages, you should ensure that your software update preferences are set so that nothing is installed automatically. Installation on a running cluster can cause unexpected behaviors. For more information, see Recommended Practices for Applying Software Updates to a RHEL High Availability or Resilient Storage Cluster.
If you are running the
firewallddaemon, execute the following commands to enable the ports that are required by the Red Hat High Availability Add-On.Note
You can determine whether the
firewallddaemon is installed on your system with the
rpm -q firewalldcommand. If it is installed, you can determine whether it is running with the
firewall-cmd --permanent --add-service=high-availability#
The ideal firewall configuration for cluster components depends on the local environment, where you may need to take into account such considerations as whether the nodes have multiple network interfaces or whether off-host firewalling is present. The example here, which opens the ports that are generally required by a Pacemaker cluster, should be modified to suit local conditions. Enabling ports for the High Availability Add-On shows the ports to enable for the Red Hat High Availability Add-On and provides an explanation for what each port is used for.
In order to use
pcsto configure the cluster and communicate among the nodes, you must set a password on each node for the user ID
hacluster, which is the
pcsadministration account. It is recommended that the password for user
haclusterbe the same on each node.
passwd haclusterChanging password for user hacluster. New password: Retype new password: passwd: all authentication tokens updated successfully.
Before the cluster can be configured, the
pcsddaemon must be started and enabled to start up on boot on each node. This daemon works with the
pcscommand to manage configuration across the nodes in the cluster.
On each node in the cluster, execute the following commands to start the
pcsdservice and to enable
pcsdat system start.
systemctl start pcsd.service#
systemctl enable pcsd.service
8.2. Setting up the pcsd Web UI
After you have installed the Pacemaker configuration tools and configured your system for cluster configuration, use the following procedure to set up your system to use the
pcsd Web UI to configure a cluster.
On any system, open a browser to the following URL, specifying one of the nodes of the cluster (note that this uses the
httpsprotocol). This brings up the
pcsdWeb UI login screen.
Log in as user
hacluster. This brings up the
Manage Clusterspage as shown in Figure 8.1, “Manage Clusters page”.
Figure 8.1. Manage Clusters page
8.3. Creating a cluster with the pcsd Web UI
From the Manage Clusters page, you can create a new cluster, add an existing cluster to the Web UI, or remove a cluster from the Web UI.
To create a cluster, click on
Create New. Enter the name of the cluster to create and the nodes that constitute the cluster. If you have not previously authenticated the user
haclusterfor each node in the cluster, you will be asked to authenticate the cluster nodes.
When creating the cluster, you can configure advanced cluster options by clicking
Go to advanced settingson this screen. The advanced cluster configurations you can configure are described in Configuring advanced cluster configuration options with the pcsd Web UI.
To add an existing cluster to the Web UI, click on
Add Existingand enter the host name or IP address of a node in the cluster that you would like to manage with the Web UI.
Once you have created or added a cluster, the cluster name is displayed on the Manage Cluster page. Selecting the cluster displays information about the cluster.
When using the
pcsd Web UI to configure a cluster, you can move your mouse over the text describing many of the options to see longer descriptions of those options as a
8.3.1. Configuring advanced cluster configuration options with the pcsd Web UI
When creating a cluster, you can configure additional cluster options by clickingon the Create cluster screen. This allows you to modify the configurable settings of the following cluster components:
- Transport settings: Values for the transport mechanism used for cluster communication
Quorum settings: Values for the quorum options of the
- Totem settings: Values for the Totem protocol used by Corosync
Selecting those options displays the settings you can configure. For information on each of the settings, place the mouse pointer over the particular option.
8.3.2. Setting cluster management permissions
There are two sets of cluster permissions that you can grant to users:
Permissions for managing the cluster with the Web UI, which also grants permissions to run
pcscommands that connect to nodes over a network. This section describes how to configure those permissions with the Web UI.
- Permissions for local users to allow read-only or read-write access to the cluster configuration, using ACLs. Configuring ACLs with the Web UI is described in Configuring cluster components with the pcsd Web UI.
You can grant permission for specific users other than user
hacluster to manage the cluster through the Web UI and to run
pcs commands that connect to nodes over a network by adding them to the group
haclient. You can then configure the permissions set for an individual member of the group
haclient by clicking the Permissions tab on the Manage Clusters page and setting the permissions on the resulting screen. From this screen, you can also set permissions for groups.
You can grant the following permissions:
- Read permissions, to view the cluster settings
- Write permissions, to modify the cluster settings (except for permissions and ACLs)
- Grant permissions, to modify the cluster permissions and ACLs
- Full permissions, for unrestricted access to a cluster, including adding and removing nodes, with access to keys and certificates
8.4. Configuring cluster components with the pcsd Web UI
To configure the components and attributes of a cluster, click on the name of the cluster displayed on the
Manage Clusters screen. This brings up the
Nodes page, as described in Section 8.4.1, “Configuring cluster nodes with the pcsd Web UI”. This page displays a menu along the top of the page with the following entries:
- Nodes, as described in Section 8.4.1, “Configuring cluster nodes with the pcsd Web UI”
- Resources, as described in Section 8.4.2, “Configuring cluster resources with the pcsd Web UI”
- Fence Devices, as described in Section 8.4.3, “Configuring fence devices with the pcsd Web UI”
- ACLs, as described in Section 8.4.4, “Configuring ACLs with the pcsd Web UI”
- Cluster Properties, as described in Section 8.4.5, “Configuring cluster properties with the pcsd Web UI”
8.4.1. Configuring cluster nodes with the pcsd Web UI
Nodes option from the menu along the top of the cluster management page displays the currently configured nodes and the status of the currently selected node, including which resources are running on the node and the resource location preferences. This is the default page that is displayed when you select a cluster from the
Manage Clusters screen.
Form this page, You can add or remove nodes. You can also start, stop, restart, or put a node in standby or maintenance mode. For information on standby mode, see Putting a node into standby mode. For information on maintenance mode, see Putting a cluster in maintenance mode.
You can also configure fence devices directly from this page, as described in by selecting
Configure Fencing. Configuring fence devices is described in Section 8.4.3, “Configuring fence devices with the pcsd Web UI”.
8.4.2. Configuring cluster resources with the pcsd Web UI
Resources option from the menu along the top of the cluster management page displays the currently configured resources for the cluster, organized according to resource groups. Selecting a group or a resource displays the attributes of that group or resource.
From this screen, you can add or remove resources, you can edit the configuration of existing resources, and you can create a resource group.
To add a new resource to the cluster:
Add. This brings up the
When you select a resource type from the dropdown
Typemenu, the arguments you must specify for that resource appear in the menu.
You can click
Optional Argumentsto display additional arguments you can specify for the resource you are defining.
After entering the parameters for the resource you are creating, click
When configuring the arguments for a resource, a brief description of the argument appears in the menu. If you move the cursor to the field, a longer help description of that argument is displayed.
You can define a resource as a cloned resource, or as a promotable clone resource. For information on these resource types, see Creating cluster resources that are active on multiple nodes (cloned resources).
Once you have created at least one resource, you can create a resource group. For general information on resource groups, see Configuring resource groups.
To create a resource group:
Select the resources that will be part of the group from the
Resourcesscreen, then click
Create Group. This displays the
Create Groupscreen, you can rearrange the order of the resources in a resource group by using drag-and-drop to move the list of the resources around.
Enter a group name and click
Create Group. This returns you to the
Resourcesscreen, which now displays the group name and the resources within that group.
After you have created a resource group, you can indicate that group’s name as a resource parameter when you create or modify additional resources.
8.4.3. Configuring fence devices with the pcsd Web UI
Fence Devices option from the menu along the top of the cluster management page displays
Fence Devices screen, showing the currently configured fence devices.
To add a new fence device to the cluster:
Add. This brings up the
Add Fence Devicescreen.
When you select a fence device type from the drop-down
Typemenu, the arguments you must specify for that fence device appear in the menu.
You can click on
Optional Argumentsto display additional arguments you can specify for the fence device you are defining.
After entering the parameters for the new fence device, click
Create Fence Instance.
To configure an SBD fencing device, click on
SBD on the
Fence Devices screen. This calls up a screen that allows you to enable or disable SBD in the cluster.
For more information on fence devices, see Configuring fencing in a Red Hat High Availability cluster.
8.4.4. Configuring ACLs with the pcsd Web UI
ACLS option from the menu along the top of the cluster management page displays a screen from which you can set permissions for local users, allowing read-only or read-write access to the cluster configuration by using access control lists (ACLs).
To assign ACL permissions, you create a role and define the access permissions for that role. Each role can have an unlimited number of permissions (read/write/deny) applied to either an XPath query or the ID of a specific element. After defining the role, you can assign it to an existing user or group.
For more information on assigning permission using ACLs, see Setting local permissions using ACLs.
8.4.5. Configuring cluster properties with the pcsd Web UI
Cluster Properties option from the menu along the top of the cluster management page displays the cluster properties and allows you to modify these properties from their default values. For information on the Pacemaker cluster properties, see Pacemaker cluster properties.
8.5. Configuring a high availability pcsd Web UI
When you use the
pcsd Web UI, you connect to one of the nodes of the cluster to display the cluster management pages. If the node to which you are connecting goes down or becomes unavailable, you can reconnect to the cluster by opening your browser to a URL that specifies a different node of the cluster.
It is possible, however, to configure the
pcsd Web UI itself for high availability, in which case you can continue to manage the cluster without entering a new URL.
To configure the
pcsd Web UI for high availability, perform the following steps.
Ensure that the
pcsdcertificates are synced across the nodes of the cluster by setting
/etc/sysconfig/pcsdconfiguration file. Enabling certificate syncing causes
pcsdto sync the certificates for the cluster setup and node add commands. In RHEL 8,
PCSD_SSL_CERT_SYNC_ENABLEDis set to
IPaddr2cluster resource, which is a floating IP address that you will use to connect to the
pcsdWeb UI. The IP address must not be one already associated with a physical node. If the
IPaddr2resource’s NIC device is not specified, the floating IP must reside on the same network as one of the node’s statically assigned IP addresses, otherwise the NIC device to assign the floating IP address cannot be properly detected.
Create custom SSL certificates for use with
pcsdand ensure that they are valid for the addresses of the nodes used to connect to the
- To create custom SSL certificates, you can use either wildcard certificates or you can use the Subject Alternative Name certificate extension. For information on the Red Hat Certificate System, see the Red Hat Certificate System Administration Guide.
Install the custom certificates for
pcs pcsd certkeycommand.
pcsdcertificates to all nodes in the cluster with the
pcs pcsd sync-certificatescommand.
Connect to the
pcsdWeb UI using the floating IP address you configured as a cluster resource.
Even when you configure the
pcsd Web UI for high availability, you will be asked to log in again when the node to which you are connecting goes down.