Link Search Menu Expand Document

date: 2014-08-29

WAF Conversion to cluster

Please bear in mind that # is the cli prompt and do not include —bof— and —eof— in your configs.

clone off vm and set network to disconnected, then start.

change the hostname with x being the node number

# nano /etc/hostname

                WAFCNx

add under ‘127.0.0.1  localhost’

# nano /etc/hosts

                192.168.10.218        WAFCN1

                192.168.10.219        WAFCN2

# nano /etc/network/interfaces

update the IP.

reboot node, then check settings like IP etc.

enable and connect virtual nic.

at this point it is better to ssh onto the box rather than use vmware console.

nano /etc/apache2/mod-enabled/status.conf

find the line ‘#  allow from 192.0.2.0/24’ and change to ‘ allow from 192.168.10.216/29’

# apt-get install heartbeat pacemaker wget

# nano /etc/cron.daily/clean-archived-logs

-– bof —–

#!/bin/bash

cd /var/log

rm *.gz

-–eof —–

# chmod 777 /etc/cron.daily/clean-archived-logs

# nano /etc/ha.d/ha.cf

-– bof —–

#debugfile             /var/log/ha-debug

logfile                     /var/log/ha-log

logfacility              local0

keepalive               2

deadtime               30

warntime               10

initdead 120

udpport                  694

# IP address of the other node (change it in every node)

ucast                      eth1        172.16.1.21x

#Tell what nodes are in the cluster, must match uname -n

node WAFCN1 WAFCN2

#Enable pacemaker

crm respawn

-— eof —–

# nano /etc/ha.d/authkeys

-–bof—-

auth 1

1 crc

-–eof —-

# chmod 600 /etc/ha.d/authkeys

# service heartbeat restart

only need to run crm commands on a single node once cluster has had time to communicate, check with 

# crm status

# crm configure property stonith-enabled=false

# crm configure property expected-quorum-votes=”2”

# crm configure property no-quorum-policy=ignore

Adding our virtual IP’s here

# crm configure primitive VIP61-www-site1-co-uk ocf:IPaddr2 params ip=192.168.10.61 cidr_netmask=32 nic=eth0 op monitor interval=15s

# crm configure primitive VIP59-wildcard-site2-co-uk ocf:IPaddr2 params ip=192.168.10.59 cidr_netmask=32 nic=eth0 op monitor interval=15s

# crm configure primitive VIP58-www-site3-co-uk ocf:IPaddr2 params ip=192.160.10.58 cidr_netmask=32 nic=eth0 op monitor interval=15s

Adding our service

# crm configure primitive SRV-apache-rproxy-dotDefender lsb::apache2 op monitor interval=15s

Binding our VIP to the Service

# crm configure colocation SRV-apache-rproxy-dotDefender-VIP61 INFINITY: VIP61-www-site1-co-uk SRV-apache-rproxy-dotDefender

# crm configure colocation SRV-apache-rproxy-dotDefender-VIP59 INFINITY: VIP59-wildcard-site2-co-uk SRV-apache-rproxy-dotDefender

# crm configure colocation SRV-apache-rproxy-dotDefender-VIP58 INFINITY: VIP58-www-site3-co-uk SRV-apache-rproxy-dotDefender

Configure service startup order, ensure VIP’s are started first

# crm configure order ip-apache mandatory: VIP58-www-site3-co-uk VIP59-wildcard-site2-co-uk VIP61-www-site1-co-uk SRV-apache-rproxy-dotDefender

setup subversion

# apt-get install subversion

Somescript i wrote using svn, to get stuff into svn run # svn import –username Some.Admin sourceDir  DestinationServer

you then need to checkout the folder before you can commit changes.

cat checkoutApacheConf.sh

#!/bin/bash

svn co –username Some.Admin –force https://vm-svn.somecompany.local/svn/Infrastructure/0WebApplicationFirewall/apache2/@head /etc/apache2/

 cat commitApacheConf.sh

#!/bin/bash

svn commit /etc/apache2/