RHCS套件web服务集群管理ricci luci

集群中ricci的作用：

ricci是安装在每个后端的每个节点上的，luci管理集群上的各个节点就是通过和节点上的ricci进行通信，ricci监听在11111上

集群中fence的作用:

在HA集群坏境中，备份服务器B通过心跳线来发送数据包来看服务器A是否还活着，主服务器A接收了大量的客户端访问请求，服务器A的CPU负载达到100%响应不过来了，资源已经耗尽，没有办法回复服务器B数据包（回复数据包会延迟），这时服务器B认为服务器A已经挂了，于是备份服务器B把资源夺过来，自己做主服务器，过了一段时间服务器A响应过来了，服务器A觉得自己是老大，服务器B觉得自己也是老大，他们两个就挣着抢夺资源，集群资源被多个节点占有，两个服务器同时向资源写数据，破坏了资源的安全性和一致性，这种情况的发生叫做“脑裂”。服务器A负载过重，响应不过来了，有了Fence机制，Fence会自动的把服务器A给Fence掉，阻止了“脑裂”的发生

FENCE的工作原理是：当意外原因导致主机异常或者宕机时，备机会首先调用FENCE设备，然后通过FENCE设备将异常主机重启或者从网络隔离，当FENCE操作成功执行后，返回信息给备机，备机在接到FENCE成功的信息后，开始接管主机的服务和资源。这样通过FENCE设备，将异常节点占据的资源进行了释放，保证了资源和服务始终运行在一个节点上。

Fence分类：

硬件Fence：电源Fence，通过关掉电源来踢掉坏的服务器

软件Fence：Fence卡（智能卡），通过线缆、软件来踢掉坏的服务器

第二种分法：

内部FENCE：IBM RSAII卡，HP的iLO卡，还有IPMI的设备等

外部FENCE：UPS、SAN SWITCH、NETWORK SWITCH等

实际坏境中，Fence卡连接的都是专线，使用专用的Fence网卡，不会占用数据传输线路，这样，更能保证稳定及可靠性。

Fence卡的IP网络和集群网络是相互依存的

准备工作：

三台主机：

server3：luci ricci 192.168.25.3

server4：ricci 192.168.25.4

server5：fence* 192.168.25.5

server3：

[root@server3 certs]#yum install luci ricci -y
[root@server3 certs]#passwd ricci
Changing password foruser ricci.
New password:
BAD PASSWORD: it istoo short
BAD PASSWORD: is toosimple
Retype new password:
passwd: all authenticationtokens updated successfully.
[root@server3 certs]#chkconfig ricci on
[root@server3 certs]#chkconfig luci on
[root@server3 certs]#service ricci start
Startingoddjobd:                                         [  OK  ]
Starting ricci:
[root@server3 certs]#service luci start
Adding followingauto-detected host IDs (IP addresses/domain names), correspondingto/luci/etc/cacert.config' (you can change them by editing`/var/lib/luci/etc/cacert.corting luci):
(none suitable found, you can still do itmanually as mentioned above)

Generating a 2048 bitRSA private key
writing new privatekey to '/var/lib/luci/certs/host.pem'
Start luci...                                             [  OK  ]
Point your webbrowser to https://server3.com:8084 (or equivalent) to access luci  ##访问地址

这里需要注意一点，用的镜像里面的源是搜不到这两个软件的，需要把镜像里面的其他几个源加进去才可yum install rcci luci，因为我用的是阿里的源，里面包含这些软件，所以我就知己额可以安装。

server4：

[root@server4 ~]# yuminstall ricci -y
Loaded plugins:product-id, refresh-packagekit, security, subscription-manager
This system is notregistered to Red Hat Subscription Management. You can use subscri
redhat6
Setting up InstallProcess
Packagericci-0.16.2-87.el6.x86_64 already installed and latest version
Nothing to do
[root@server4 ~]#chkconfig ricci on
[root@server4 ~]#service ricci start
Starting ricci:
[root@server4 ~]#passwd ricci
Changing password foruser ricci.
New password:
BAD PASSWORD: it istoo short
BAD PASSWORD: is toosimple
Retype new password:
passwd: allauthentication tokens updated successfully.

正常情况下按照提示的地址https://server3.com:8084访问浏览器root用户登录进入设定应该没问题的；



点击创建集群之后，server3和server4会安自动下载装相关软件，然后重启，重启过后luci和ricci自启动，再次打开管理界面，发现两个节点都是红色感叹号，发现提示server cman 无法启动，转到shell

[root@server3 ~]#/etc/init.d/cman start
Starting cluster:
Checking if cluster has been disabled atboot...        [  OK  ]
Checking Network Manager...
Network Manager iseither running or configured to run. Please disable it in the cluster.
[FAILED] #启动失败
Stopping cluster:
Leaving fence domain...                                 [  OK  ]
Stopping gfs_controld...                                [  OK  ]
Stopping dlm_controld...                                [  OK  ]
Stopping fenced...                                      [  OK  ]
Stopping cman...                                        [  OK  ]
Unloading kernel modules...                             [  OK  ]
Unmounting configfs...                                  [  OK  ]

提示中说跟Network Manager有关系，关了它，开机不自启

[root@server3 ~]#chkconfig NetworkManager off  #开机不自启
[root@server3 ~]#/etc/init.d/NetworkManager status
NetworkManager(pid  3802) is running...
[root@server3 ~]#/etc/init.d/NetworkManager stop  #关闭服务
StoppingNetworkManager daemon:                            [  OK  ]
[root@server3 ~]#service luci reload
#重新加载ricci服务，第一次关了上面的服务也起不来cman是因为没有重新加载ricci，加载之后可以启动
Stop luci...                                               [  OK  ]
Start luci...                                             [  OK  ]
Point your webbrowser to https://server3.com:8084 (or equivalent) to access luci
[root@server3 ~]#service ricci reload
[root@server3 ~]#service cman start
Starting cluster:
Checking if cluster has been disabled atboot...        [  OK  ]
Checking Network Manager...                             [  OK  ]
Global setup...                                         [  OK  ]
Loading kernel modules...                               [  OK  ]
Mounting configfs...                                    [  OK  ]
Starting cman...                                        [  OK  ]
Waiting for quorum...                                   [  OK  ]
Starting fenced...                                      [  OK  ]
Starting dlm_controld...                                [  OK  ]
Tuning DLM kernel config...                             [  OK  ]
Starting gfs_controld...                                [ OK  ]
Unfencing self...                                       [  OK  ]
Joining fence domain...                                 [  OK  ]
[root@server3 ~]#clustat
Cluster Status forcluster @ Sun Sep 17 18:04:28 2017
Member Status:Quorate

Member Name                               ID   Status
------ ----                               ---- ------
server3                                       1Online, Local
server4                                       2 Online

可以看到两个节点都上线了，登录到web管理界面，也没有红色感叹号了

server5：

[root@server5 ~]#yum install fence* -y
[root@server5 ~]#fence_virtd -c
Module search path[/usr/lib64/fence-virt]:
Availablebackends:
libvirt 0.1
checkpoint 0.8
Availablelisteners:
serial 0.4
multicast 1.1
Listener modulesare responsible for accepting requests
from fencingclients.
Listener module[multicast]:
....

以上的fence配置按照自己的实际环境去配置，好的话就可以去web管理界面管理fence了

端口1229是fence开放的端口