= Configuration Basics =
== Configuration Layout ==
The cluster is written using XML notation and divided into two main
sections: configuration and status.
The status section contains the history of each resource on each node
and based on this data, the cluster can construct the complete current
state of the cluster. The authoritative source for the status section
is the local resource manager (lrmd) process on each cluster node and
the cluster will occasionally repopulate the entire section. For this
reason it is never written to disk and administrators are advised
against modifying it in any way.
The configuration section contains the more traditional information
like cluster options, lists of resources and indications of where they
should be placed. The configuration section is the primary focus of
this document.
The configuration section itself is divided into four parts:
* Configuration options (called +crm_config+)
* Nodes
* Resources
* Resource relationships (called +constraints+)
.An empty configuration
[source,XML]
-------
-------
== The Current State of the Cluster ==
Before one starts to configure a cluster, it is worth explaining how
to view the finished product. For this purpose we have created the
pass:[crm_mon] utility that will display the
current state of an active cluster. It can show the cluster status by
node or by resource and can be used in either single-shot or
dynamically-updating mode. There are also modes for displaying a list
of the operations performed (grouped by node and resource) as well as
information about failures.
Using this tool, you can examine the state of the cluster for
irregularities and see how it responds when you cause or simulate
failures.
Details on all the available options can be obtained using the
pass:[crm_mon --help] command.
.Sample output from crm_mon
-------
============
Last updated: Fri Nov 23 15:26:13 2007
Current DC: sles-3 (2298606a-6a8c-499a-9d25-76242f7006ec)
3 Nodes configured.
5 Resources configured.
============
Node: sles-1 (1186dc9a-324d-425a-966e-d757e693dc86): online
192.168.100.181 (heartbeat::ocf:IPaddr): Started sles-1
192.168.100.182 (heartbeat:IPaddr): Started sles-1
192.168.100.183 (heartbeat::ocf:IPaddr): Started sles-1
rsc_sles-1 (heartbeat::ocf:IPaddr): Started sles-1
child_DoFencing:2 (stonith:external/vmware): Started sles-1
Node: sles-2 (02fb99a8-e30e-482f-b3ad-0fb3ce27d088): standby
Node: sles-3 (2298606a-6a8c-499a-9d25-76242f7006ec): online
rsc_sles-2 (heartbeat::ocf:IPaddr): Started sles-3
rsc_sles-3 (heartbeat::ocf:IPaddr): Started sles-3
child_DoFencing:0 (stonith:external/vmware): Started sles-3
-------
.Sample output from crm_mon -n
-------
============
Last updated: Fri Nov 23 15:26:13 2007
Current DC: sles-3 (2298606a-6a8c-499a-9d25-76242f7006ec)
3 Nodes configured.
5 Resources configured.
============
Node: sles-1 (1186dc9a-324d-425a-966e-d757e693dc86): online
Node: sles-2 (02fb99a8-e30e-482f-b3ad-0fb3ce27d088): standby
Node: sles-3 (2298606a-6a8c-499a-9d25-76242f7006ec): online
Resource Group: group-1
192.168.100.181 (heartbeat::ocf:IPaddr): Started sles-1
192.168.100.182 (heartbeat:IPaddr): Started sles-1
192.168.100.183 (heartbeat::ocf:IPaddr): Started sles-1
rsc_sles-1 (heartbeat::ocf:IPaddr): Started sles-1
rsc_sles-2 (heartbeat::ocf:IPaddr): Started sles-3
rsc_sles-3 (heartbeat::ocf:IPaddr): Started sles-3
Clone Set: DoFencing
child_DoFencing:0 (stonith:external/vmware): Started sles-3
child_DoFencing:1 (stonith:external/vmware): Stopped
child_DoFencing:2 (stonith:external/vmware): Started sles-1
-------
The DC (Designated Controller) node is where all the decisions are
made and if the current DC fails a new one is elected from the
remaining cluster nodes. The choice of DC is of no significance to an
administrator beyond the fact that its logs will generally be more
interesting.
== How Should the Configuration be Updated? ==
There are three basic rules for updating the cluster configuration:
* Rule 1 - Never edit the cib.xml file manually. Ever. I'm not making this up.
* Rule 2 - Read Rule 1 again.
* Rule 3 - The cluster will notice if you ignored rules 1 & 2 and refuse to use the configuration.
Now that it is clear how NOT to update the configuration, we can begin
to explain how you should.
The most powerful tool for modifying the configuration is the
+cibadmin+ command which talks to a running cluster. With +cibadmin+,
the user can query, add, remove, update or replace any part of the
configuration; all changes take effect immediately, so there is no
need to perform a reload-like operation.
The simplest way of using cibadmin is to use it to save the current
configuration to a temporary file, edit that file with your favorite
text or XML editor and then upload the revised configuration.
.Safely using an editor to modify the cluster configuration
[source,Bash]
--------
# cibadmin --query > tmp.xml
# vi tmp.xml
# cibadmin --replace --xml-file tmp.xml
--------
Some of the better XML editors can make use of a Relax NG schema to
help make sure any changes you make are valid. The schema describing
the configuration can normally be found in
pass:[/usr/lib/heartbeat/pacemaker.rng] on most
systems.
If you only wanted to modify the resources section, you could instead
do
.Safely using an editor to modify a subsection of the cluster configuration
[source,Bash]
--------
# cibadmin --query --obj_type resources > tmp.xml
# vi tmp.xml]
# cibadmin --replace --obj_type resources --xml-file tmp.xml
--------
to avoid modifying any other part of the configuration.
== Quickly Deleting Part of the Configuration ==
Identify the object you wish to delete. Eg. run
.Searching for STONITH related configuration items
[source,Bash]
--------
# cibadmin -Q | grep stonith
--------
Next identify the resource's tag name and id (in this case we'll
choose +primitive+ and +child_DoFencing+). Then simply execute:
pass:[cibadmin --delete --crm_xml ‘<primitive id="child_DoFencing"/>']
== Updating the Configuration Without Using XML ==
Some common tasks can also be performed with one of the higher level
tools that avoid the need to read or edit XML.
To enable stonith for example, one could run:
pass:[crm_attribute --attr-name stonith-enabled --attr-value true]
Or, to see if +somenode+ is allowed to run resources, there is:
pass:[crm_standby --get-value --node-uname somenode]
Or, to find the current location of +my-test-rsc+, one can use:
pass:[crm_resource --locate --resource my-test-rsc]
[[s-config-sandboxes]]
== Making Configuration Changes in a Sandbox ==
Often it is desirable to preview the effects of a series of changes
before updating the configuration atomically. For this purpose we
have created pass:[crm_shadow] which creates a
"shadow" copy of the configuration and arranges for all the command
line tools to use it.
To begin, simply invoke pass:[crm_shadow] and give
it the name of a configuration to create footnote:[Shadow copies are
identified with a name, making it possible to have more than one.] ;
be sure to follow the simple on-screen instructions.
Read the above carefully, failure to do so could result in you
destroying the cluster's active configuration!
.Creating and displaying the active sandbox
[source,Bash]
--------
# crm_shadow --create test
Setting up shadow instance
Type Ctrl-D to exit the crm_shadow shell
shadow[test]:
shadow[test] # crm_shadow --which
test
--------
From this point on, all cluster commands will automatically use the
shadow copy instead of talking to the cluster's active configuration.
Once you have finished experimenting, you can either commit the
changes, or discard them as shown below. Again, be sure to follow the
on-screen instructions carefully.
For a full list of pass:[crm_shadow] options and
commands, invoke it with the --help option.
.Using a sandbox to make multiple changes atomically
[source,Bash]
--------
shadow[test] # crm_failcount -G -r rsc_c001n01
name=fail-count-rsc_c001n01 value=0
shadow[test] # crm_standby -v on -n c001n02
shadow[test] # crm_standby -G -n c001n02
name=c001n02 scope=nodes value=on
shadow[test] # cibadmin --erase --force
shadow[test] # cibadmin --query
shadow[test] # crm_shadow --delete test --force
Now type Ctrl-D to exit the crm_shadow shell
shadow[test] # exit
# crm_shadow --which
No shadow instance provided
# cibadmin -Q
--------
Making changes in a sandbox and verifying the real configuration is untouched
[[s-config-testing-changes]]
== Testing Your Configuration Changes ==
We saw previously how to make a series of changes to a "shadow" copy
of the configuration. Before loading the changes back into the
cluster (eg. pass:[crm_shadow --commit mytest
--force]), it is often advisable to simulate the effect of
the changes with +ptest+, eg.
pass:[ptest --live-check -VVVVV --save-graph tmp.graph --save-dotfile tmp.dot]
The tool uses the same library as the live cluster to show what it
would have done given the supplied input. It's output, in addition to
a significant amount of logging, is stored in two files +tmp.graph+
and +tmp.dot+, both are representations of the same thing -- the
cluster's response to your changes.
In the graph file is stored the complete transition, containing a list
of all the actions, their parameters and their pre-requisites.
Because the transition graph is not terribly easy to read, the tool
also generates a Graphviz dot-file representing the same information.
== Interpreting the Graphviz output ==
* Arrows indicate ordering dependencies
* Dashed-arrows indicate dependencies that are not present in the transition graph
* Actions with a dashed border of any color do not form part of the transition graph
* Actions with a green border form part of the transition graph
* Actions with a red border are ones the cluster would like to execute but cannot run
* Actions with a blue border are ones the cluster does not feel need to be executed
* Actions with orange text are pseudo/pretend actions that the cluster uses to simplify the graph
* Actions with black text are sent to the LRM
* Resource actions have text of the form pass:[rsc]_pass:[action]_pass:[interval] pass:[node]
* Any action depending on an action with a red border will not be able to execute.
* Loops are _really_ bad. Please report them to the development team.
=== Small Cluster Transition ===
image::images/Policy-Engine-small.png["An example transition graph as represented by Graphviz",width="16cm",height="6cm",align="center"]
In the above example, it appears that a new node, +node2+, has come
online and that the cluster is checking to make sure +rsc1+, +rsc2+
and +rsc3+ are not already running there (Indicated by the
+*_monitor_0+ entries). Once it did that, and assuming the resources
were not active there, it would have liked to stop +rsc1+ and +rsc2+
on +node1+ and move them to +node2+. However, there appears to be
some problem and the cluster cannot or is not permitted to perform the
stop actions which implies it also cannot perform the start actions.
For some reason the cluster does not want to start +rsc3+ anywhere.
For information on the options supported by ptest, use
pass:[ptest --help].
=== Complex Cluster Transition ===
image::images/Policy-Engine-big.png["Another, slightly more complex, transition graph that you're not expected to be able to read",width="16cm",height="20cm",align="center"]
== Do I Need to Update the Configuration on all Cluster Nodes? ==
No. Any changes are immediately synchronized to the other active
members of the cluster.
To reduce bandwidth, the cluster only broadcasts the incremental
updates that result from your changes and uses MD5 checksums to ensure
that each copy is completely consistent.