Red Hat Training

A Red Hat training course is available for RHEL 8

Chapter 9. Getting started with the pcsd Web UI

The pcsd Web UI is a graphical user interface to create and configure Pacemaker/Corosync clusters.

9.1. Installing cluster software

Install the cluster software and configure your system for cluster creation with the following procedure.

Procedure

  1. On each node in the cluster, enable the repository for high availability that corresponds to your system architecture. For example, to enable the high availability repository for an x86_64 system, you can enter the following subscription-manager command:

    # subscription-manager repos --enable=rhel-8-for-x86_64-highavailability-rpms
  2. On each node in the cluster, install the Red Hat High Availability Add-On software packages along with all available fence agents from the High Availability channel.

    # yum install pcs pacemaker fence-agents-all

    Alternatively, you can install the Red Hat High Availability Add-On software packages along with only the fence agent that you require with the following command.

    # yum install pcs pacemaker fence-agents-model

    The following command displays a list of the available fence agents.

    # rpm -q -a | grep fence
    fence-agents-rhevm-4.0.2-3.el7.x86_64
    fence-agents-ilo-mp-4.0.2-3.el7.x86_64
    fence-agents-ipmilan-4.0.2-3.el7.x86_64
    ...
    Warning

    After you install the Red Hat High Availability Add-On packages, you should ensure that your software update preferences are set so that nothing is installed automatically. Installation on a running cluster can cause unexpected behaviors. For more information, see Recommended Practices for Applying Software Updates to a RHEL High Availability or Resilient Storage Cluster.

  3. If you are running the firewalld daemon, execute the following commands to enable the ports that are required by the Red Hat High Availability Add-On.

    Note

    You can determine whether the firewalld daemon is installed on your system with the rpm -q firewalld command. If it is installed, you can determine whether it is running with the firewall-cmd --state command.

    # firewall-cmd --permanent --add-service=high-availability
    # firewall-cmd --add-service=high-availability
    Note

    The ideal firewall configuration for cluster components depends on the local environment, where you may need to take into account such considerations as whether the nodes have multiple network interfaces or whether off-host firewalling is present. The example here, which opens the ports that are generally required by a Pacemaker cluster, should be modified to suit local conditions. Enabling ports for the High Availability Add-On shows the ports to enable for the Red Hat High Availability Add-On and provides an explanation for what each port is used for.

  4. In order to use pcs to configure the cluster and communicate among the nodes, you must set a password on each node for the user ID hacluster, which is the pcs administration account. It is recommended that the password for user hacluster be the same on each node.

    # passwd hacluster
    Changing password for user hacluster.
    New password:
    Retype new password:
    passwd: all authentication tokens updated successfully.
  5. Before the cluster can be configured, the pcsd daemon must be started and enabled to start up on boot on each node. This daemon works with the pcs command to manage configuration across the nodes in the cluster.

    On each node in the cluster, execute the following commands to start the pcsd service and to enable pcsd at system start.

    # systemctl start pcsd.service
    # systemctl enable pcsd.service

9.2. Setting up the pcsd Web UI

Set up your system to use the pcsd Web UI to configure a cluster with the following procedure.

Prerequisites

  • The Pacemaker configuration tools are installed.
  • Your system is set up for cluster configuration.

Procedure

  1. On any system, open a browser to the following URL, specifying one of the nodes of the cluster (note that this uses the https protocol). This brings up the pcsd Web UI login screen.

    https://nodename:2224
  2. Log in as user hacluster. This brings up the Manage Clusters page.

9.3. Creating a cluster with the pcsd Web UI

From the Manage Clusters page, you can create a new cluster, add an existing cluster to the Web UI, or remove a cluster from the Web UI.

  • To create a cluster, click on Create New. Enter the name of the cluster to create and the nodes that constitute the cluster. If you have not previously authenticated the user hacluster for each node in the cluster, you will be asked to authenticate the cluster nodes.
  • When creating the cluster, you can configure advanced cluster options by clicking Go to advanced settings on this screen.
  • To add an existing cluster to the Web UI, click on Add Existing and enter the host name or IP address of a node in the cluster that you would like to manage with the Web UI.

Once you have created or added a cluster, the cluster name is displayed on the Manage Clusters page. Selecting the cluster displays information about the cluster.

Note

When using the pcsd Web UI to configure a cluster, you can move your mouse over the text describing many of the options to see longer descriptions of those options as a tooltip display.

9.3.1. Configuring advanced cluster configuration options with the pcsd Web UI

When creating a cluster, you can configure additional cluster options by clicking Go to advanced settings on the Create cluster screen. This allows you to modify the configurable settings of the following cluster components:

  • Transport settings: Values for the transport mechanism used for cluster communication
  • Quorum settings: Values for the quorum options of the votequorum service
  • Totem settings: Values for the Totem protocol used by Corosync

Selecting those options displays the settings you can configure. For information about each of the settings, place the mouse pointer over the particular option.

9.3.2. Setting cluster management permissions

There are two sets of cluster permissions that you can grant to users:

  • Permissions for managing the cluster with the Web UI, which also grants permissions to run pcs commands that connect to nodes over a network. You can configure those permissions with the Web UI.
  • Permissions for local users to allow read-only or read-write access to the cluster configuration, using ACLs.

You can grant permission for specific users other than user hacluster to manage the cluster through the Web UI and to run pcs commands that connect to nodes over a network by adding them to the group haclient. You can then configure the permissions set for an individual member of the group haclient by clicking the Permissions tab on the Manage Clusters page and setting the permissions on the resulting screen. From this screen, you can also set permissions for groups.

You can grant the following permissions:

  • Read permissions, to view the cluster settings
  • Write permissions, to modify the cluster settings (except for permissions and ACLs)
  • Grant permissions, to modify the cluster permissions and ACLs
  • Full permissions, for unrestricted access to a cluster, including adding and removing nodes, with access to keys and certificates

9.4. Configuring cluster components with the pcsd Web UI

To configure the components and attributes of a cluster, click on the name of the cluster displayed on the Clusters screen. This brings up the Nodes page.

The Nodes page displays a menu along the top of the page with the following entries:

  • Nodes, as described in "Configuring cluster nodes with the pcsd Web UI".
  • Resources, as described in "Configuring cluster resources with the pcsd Web UI".
  • Fence Devices, as described in "Configuring fence devices with the pcsd Web UI".
  • ACLs, as described in "Configuring ACLs with the pcsd Web UI".
  • Cluster Properties, as described in "Configuring cluster properties with the pcsd Web UI".

9.4.1. Configuring cluster nodes with the pcsd Web UI

Selecting the Nodes option from the menu along the top of the cluster management page displays the currently configured nodes and the status of the currently selected node, including which resources are running on the node and the resource location preferences. This is the default page that is displayed when you select a cluster from the Manage Clusters screen.

From this page, You can add or remove nodes. You can also start, stop, restart, or put a node in standby or maintenance mode. For information about standby mode, see Putting a node into standby mode. For information about maintenance mode, see Putting a cluster in maintenance mode. You can also configure fence devices directly from this page, as described in by selecting Configure Fencing. Configuring fence devices is described in "Configuring fence devices with the pcsd Web UI".

9.4.2. Configuring cluster resources with the pcsd Web UI

Selecting the Resources option from the menu along the top of the cluster management page displays the currently configured resources for the cluster, organized according to resource groups. Selecting a group or a resource displays the attributes of that group or resource.

From this screen, you can add or remove resources, you can edit the configuration of existing resources, and you can create a resource group.

To add a new resource to the cluster:

  • Click Add. This brings up the Add Resource screen.
  • When you select a resource type from the dropdown Type menu, the arguments you must specify for that resource appear in the menu.
  • You can click Optional Arguments to display additional arguments you can specify for the resource you are defining.
  • After entering the parameters for the resource you are creating, click Create Resource.

When configuring the arguments for a resource, a brief description of the argument appears in the menu. If you move the cursor to the field, a longer help description of that argument is displayed.

You can define a resource as a cloned resource, or as a promotable clone resource. For information about these resource types, see Creating cluster resources that are active on multiple nodes (cloned resources).

Once you have created at least one resource, you can create a resource group.

To create a resource group:

  • Select the resources that will be part of the group from the Resources screen, then click Create Group. This displays the Create Group screen.
  • From the Create Group screen, you can rearrange the order of the resources in a resource group by using drag-and-drop to move the list of the resources around.
  • Enter a group name and click Create Group. This returns you to the Resources screen, which now displays the group name and the resources within that group.

After you have created a resource group, you can indicate that group’s name as a resource parameter when you create or modify additional resources.

9.4.3. Configuring fence devices with the pcsd Web UI

Selecting the Fence Devices option from the menu along the top of the cluster management page displays the Fence Devices screen, showing the currently configured fence devices.

To add a new fence device to the cluster:

  • Click Add. This brings up the Add Fence Device screen.
  • When you select a fence device type from the drop-down Type menu, the arguments you must specify for that fence device appear in the menu.
  • You can click on Optional Arguments to display additional arguments you can specify for the fence device you are defining.
  • After entering the parameters for the new fence device, click Create Fence Instance.

To configure an SBD fencing device, click on SBD on the Fence Devices screen. This calls up a screen that allows you to enable or disable SBD in the cluster.

For more information about fence devices, see Configuring fencing in a Red Hat High Availability cluster.

9.4.4. Configuring ACLs with the pcsd Web UI

Selecting the ACLS option from the menu along the top of the cluster management page displays a screen from which you can set permissions for local users, allowing read-only or read-write access to the cluster configuration by using access control lists (ACLs).

To assign ACL permissions, you create a role and define the access permissions for that role. Each role can have an unlimited number of permissions (read/write/deny) applied to either an XPath query or the ID of a specific element. After defining the role, you can assign it to an existing user or group.

For more information about assigning permissions using ACLs, see Setting local permissions using ACLs.

9.4.5. Configuring cluster properties with the pcsd Web UI

Selecting the Cluster Properties option from the menu along the top of the cluster management page displays the cluster properties and allows you to modify these properties from their default values. For information about the Pacemaker cluster properties, see Pacemaker cluster properties.

9.5. Configuring a high availability pcsd Web UI

When you use the pcsd Web UI, you connect to one of the nodes of the cluster to display the cluster management pages. If the node to which you are connecting goes down or becomes unavailable, you can reconnect to the cluster by opening your browser to a URL that specifies a different node of the cluster. It is possible, however, to configure the pcsd Web UI itself for high availability, in which case you can continue to manage the cluster without entering a new URL.

Procedure

To configure the pcsd Web UI for high availability, perform the following steps.

  1. Ensure that the pcsd certificates are synced across the nodes of the cluster by setting PCSD_SSL_CERT_SYNC_ENABLED to true in the /etc/sysconfig/pcsd configuration file. Enabling certificate syncing causes pcsd to sync the certificates for the cluster setup and node add commands. As of RHEL 8, PCSD_SSL_CERT_SYNC_ENABLED is set to false by default.
  2. Create an IPaddr2 cluster resource, which is a floating IP address that you will use to connect to the pcsd Web UI. The IP address must not be one already associated with a physical node. If the IPaddr2 resource’s NIC device is not specified, the floating IP must reside on the same network as one of the node’s statically assigned IP addresses, otherwise the NIC device to assign the floating IP address cannot be properly detected.
  3. Create custom SSL certificates for use with pcsd and ensure that they are valid for the addresses of the nodes used to connect to the pcsd Web UI.

    1. To create custom SSL certificates, you can use either wildcard certificates or you can use the Subject Alternative Name certificate extension. For information about the Red Hat Certificate System, see the Red Hat Certificate System Administration Guide.
    2. Install the custom certificates for pcsd with the pcs pcsd certkey command.
    3. Sync the pcsd certificates to all nodes in the cluster with the pcs pcsd sync-certificates command.
  4. Connect to the pcsd Web UI using the floating IP address you configured as a cluster resource.
Note

Even when you configure the pcsd Web UI for high availability, you will be asked to log in again when the node to which you are connecting goes down.