PCS Cluster Installation
Next, PCS Cluster is installed, see Redundancy - Installing PCS Cluster.
Configure virtual IP address (only on one node!)
Then, the virtual IP address of the cluster is configured as a resource:
pcs resource create ClusterIP ocf:heartbeat:IPaddr2 ip=10.4.8.12 cidr_netmask=32 op monitor interval=30s
Check whether the address is started:
pcs status # It may take a few seconds before the resource is started. Run this command more than once... --> Cluster name: portal Stack: corosync Current DC: uk-acd-lb1 (version 1.1.16-12.el7_4.8-94ff4df) - partition with quorum Last updated: Tue Mar 20 11:57:43 2018 Last change: Tue Mar 20 11:57:33 2018 by root via cibadmin on uk-acd-lb1 2 nodes configured 1 resource configured Online: [ uk-acd-lb1 uk-acd-lb2 ] Full list of resources: ClusterIP (ocf::heartbeat:IPaddr2): Started uk-acd-lb1 Daemon Status: corosync: active/enabled pacemaker: active/enabled pcsd: active/enabled
Firewall configuration
Next, the port shares for the mySQL forwarding must be entered in the firewall and saved permanently:
firewall-cmd --zone=public --add-port=3306/tcp --permanent firewall-cmd --zone=public --add-port=3307/tcp --permanent firewall-cmd --zone=public --add-port=3308/tcp --permanent firewall-cmd --reload
haproxy configuration for redundancy (both nodes)
The structure of the configuration file of the haproxy service is quite complex. For this reason it is recommended to use an appropriate template from the central jtel download directory to speed up the configuration work. There are two templates, which differ in whether the services are offered via HTTP or via HTTPS. If provision via HTTPS is desired, a file with a valid certificate and the corresponding private key in PEM-base64-- format must be provided in addition to the configuration file.
Downloading the following configuration template is a good starting point for a system that should be accessible via HTTP:
curl https://cdn.jtel.de/downloads/configs/haproxy.redundant.http.cfg > /etc/haproxy/haproxy.cfg
If, on the other hand, it is desired that HTTP accesses are automatically redirected to HTTPS and all accesses are to take place via HTTPS, the following configuration template must be downloaded:
curl https://cdn.jtel.de/downloads/configs/haproxy.redundant.https.cfg > /etc/haproxy/haproxy.cfg
If the configuration supports HTTPS, the file /etc/haproxy/haproxy.pem
must also be created, which contains the certificate, any secondary certificates and the private key. This file must also be given special permissions so that only the root user has read access, otherwise the haproxy service will not start.
For self-generated certificates see SSL/TLS Certificates - Self-signed certificate.
chmod 400 /etc/haproxy/haproxy.pem