Using the clufter tool in Red Hat Enterprise Linux

---

Contents

• Overview
• Analyzing a RHEL 6 rgmanager cluster to migrate to a RHEL 7 Pacemaker cluster
• Analyzing a RHEL 6 rgmanager cluster to migrate to a RHEL 6 Pacemaker cluster
• Analyzing a RHEL 6 Pacemaker cluster to migrate to a RHEL 7 Pacemaker cluster
• Generating PCS commands from an existing RHEL 7 Pacemaker configuration
• Obfuscating credentials and IDs in a CMAN-based cluster configuration file

Overview

Red Hat Enterprise Linux releases 6.9 and 7.4 provide full support for clufter, a tool for transforming and analyzing cluster configuration formats. This article provides examples of ways in which you can use the clufter tool.

Applicable environments

• Red Hat Enterprise Linux (RHEL) 6 with the High Availability Add-On (full support in release 6.9)
• Red Hat Enterprise Linux (RHEL) 7 with the High Availability Add-On (technology preview)

Recommended Prior Reading

• RHEL 6
  • Cluster Administration
  • Configuring the Red Hat High Availability Add-On with Pacemaker
• RHEL 7
  • High Availability Add-On Reference

Cautions when using the clufter tool

Note that the output of the clufter tool will usually not in itself provide a full working configuration, and in most cases you will need to modify the output of the command for your deployment. For example, if you plan to deploy the new cluster configuration on different host nodes, you will need to edit the host names. Additionally, the settings for your fence devices will likely need to change.

Additional features of the clufter tool

In addition to the capabilities this article documents, the clufter tool also provides the capability of converting rgmanager cluster configuration files to Pacemaker configuration files for both RHEL 6 and RHEL 7 Pacemaker deployments. For full information on the capabilities of the clufter tool, see the clufter(1) man page or the output of the clufter -h command.

Analyzing a RHEL 6 rgmanager cluster to migrate to a RHEL 7 Pacemaker cluster

The ccs2pcscmd-needle subcommand of the clufter command takes as input a cluster configuration file for a RHEL 6 cluster that is managed with the CMAN cluster manager in conjunction with the rgmanager daemon. It uses this configuration file to generate the PCS commands that will configure the equivalent deployment for a RHEL 7 Pacemaker cluster.

This example uses a cluster configuration for a high availability Apache HTTP server. The configuration includes a virtual IP address and a shared LV partition with filesystem and apache resource. You would need to configure the LV partition and the apache configuration separately on your RHEL 7 system.

Command syntax

The following example shows the syntax for a command that uses the ccs2pcscmd-needle subcommand of the clufter command.

• The command uses a cluster configuration file named RG_rh6-haapache-cluster.conf as input.

• The command generates the PCS commands that you could use to configure the equivalent Pacemaker configuration for RHEL 7.

• By default, commands are written to stdout. In this example, the generated commands are written to the output file pcs-commands-needle.txt.

• By setting the --text-width option to -1, this example switches off command wrapping in the output file.

    [root@z1 examples]# clufter --quiet ccs2pcscmd-needle \
    --input=RG_rh6-haapache-cluster.conf --silent --noguidance \
    --text-width=-1 --output=pcs-commands-needle.txt
  

Sample input

The original RG_rh6-haapache-cluster.conf file is as follows:

<?xml version="1.0"?>
<cluster config_version="2" name="STSRHTS31510">
        <cman two_node="1"/>
        <totem token="3000"/>
        <fence_daemon clean_start="0" post_join_delay="20"/>
        <clusternodes>
                <clusternode name="z1.example.com" nodeid="1" votes="1">
                        <fence>
                                <method name="fence-z1">
                                        <device domain="z1.example.com" name="fence-z1"/>
                                </method>
                        </fence>
                </clusternode>
                <clusternode name="z2.example.com" nodeid="2" votes="1">
                        <fence>
                                <method name="fence-z2">
                                        <device domain="z2.example.com" name="fence-z2"/>
                                </method>
                        </fence>
                </clusternode>
        </clusternodes>
        <fencedevices>
                <fencedevice agent="fence_xvm" auth="sha256" delay="5" hash="sha256" key_file="/etc/cluster/fence_xvm.key" name="fence-z1" timeout="5"/>
                <fencedevice agent="fence_xvm" auth="sha256" hash="sha256" key_file="/etc/cluster/fence_xvm.key" name="z2" timeout="5"/>
        </fencedevices>
        <rm>
                <resources>
                        <ip address="10.34.70.95"/>
                        <lvm name="halvm" vg_name="shared"/>
                        <fs device="/dev/shared/shared0" fstype="ext4" mountpoint="/ha-web" name="fs"/>
                        <apache config_file="/etc/httpd/conf/httpd.conf" name="apache" server_root="/ha-web"/>
                </resources>
                <service name="ha-apache">
                        <ip ref="10.34.70.95"/>
                        <lvm ref="halvm"/>
                        <fs ref="fs"/>
                        <apache ref="apache"/>
                </service>
        </rm>
</cluster>

Sample output

The generated pcs-commands-needle.txt file is as follows. You will likely need to alter your generated commands so that they use the correct host names on the new system, as well as the correct fence device settings.

# sequence generated on 2016-12-02 16:24:55 with: clufter 0.59.6
# invoked as: ['/usr/bin/clufter', '--quiet', 'ccs2pcscmd-needle', '--input=RG_rh6-haapache-cluster.conf', '--silent', '--noguidance', '--text-width=-1', '--output=pcs-commands-needle.txt']
# targeting system: ('linux', 'redhat', '6.9', 'Santiago')
pcs cluster auth z1.example.com z2.example.com
pcs cluster setup --name STSRHTS31510 z1.example.com z2.example.com --consensus 5000 --token 3000 --join 60
pcs cluster start --all && sleep 60
pcs cluster cib tmp-cib.xml
pcs -f tmp-cib.xml stonith create FENCEDEV-fence-z1 fence_xvm auth=sha256 delay=5 hash=sha256 key_file=/etc/cluster/fence_xvm.key timeout=5 pcmk_host_map=z1.example.com:z1.example.com
pcs -f tmp-cib.xml stonith create FENCEDEV-z2 fence_xvm auth=sha256 hash=sha256 key_file=/etc/cluster/fence_xvm.key timeout=5 pcmk_host_map=z2.example.com:z2.example.com
pcs -f tmp-cib.xml resource create RESOURCE-lvm-halvm ocf:heartbeat:LVM volgrpname=shared exclusive=true op monitor interval=3600s
pcs -f tmp-cib.xml resource create RESOURCE-fs-fs ocf:heartbeat:Filesystem device=/dev/shared/shared0 directory=/ha-web fstype=ext4 force_unmount=safe op monitor interval=60s
 pcs -f tmp-cib.xml resource create RESOURCE-ip-10.34.70.95 ocf:heartbeat:IPaddr2 ip=10.34.70.95 op monitor interval=20s
pcs -f tmp-cib.xml resource create RESOURCE-apache-apache ocf:heartbeat:apache configfile=/etc/httpd/conf/httpd.conf 'options= -Dapache -d "/ha-web"' op monitor interval=60s
pcs -f tmp-cib.xml resource group add SERVICE-ha-apache-GROUP RESOURCE-lvm-halvm RESOURCE-fs-fs RESOURCE-ip-10.34.70.95 RESOURCE-apache-apache
pcs cluster cib-push tmp-cib.xml --config

Analyzing a RHEL 6 rgmanager cluster to migrate to a RHEL 6 Pacemaker cluster

The ccs2pcscmd-flatiron subcommand of the clufter command takes as input a cluster configuration file for a Red Hat Enterprise Linux 6 cluster that is managed with the CMAN cluster manager in conjunction with the rgmanager daemon. It uses this configuration file to generate the PCS commands that will configure the equivalent deployment for a Red Hat Enterprise Linux 6 Pacemaker cluster.

Command syntax

The following example shows the syntax for a command that uses the ccs2pcscmd-flatiron subcommand of the clufter command:

• The command takes as input the cluster configuration file named RG_rh6-haapache-cluster.conf, which is the same configuration file that is used in Migrating a Red Hat Enterprise Linux 6 rgmanager cluster configuration to a Red Hat Enterprise Linux 7 Pacemaker cluster.

• As output, the command generates PCS commands that you can use to configure a Red Hat Enterprise Linux 6 Pacemaker cluster.

• By default, commands are written to stdout. In this example, the generated commands are written to the output file pcs-commands-needle.txt.

• By setting the --text-width option to -1, this example switches off command wrapping in the output file.

    [root@z1 examples]# clufter --quiet ccs2pcscmd-flatiron \
    --input=RG_rh6-haapache-cluster.conf --silent --noguidance \
    --text-width=-1 --output=pcs-commands-flatiron.txt
  

Sample output

The generated pcs-commands-flatiron.txt file is as follows:

# sequence generated on 2016-12-02 15:48:44 with: clufter 0.59.6
# invoked as: ['/usr/bin/clufter', '--quiet', 'ccs2pcscmd-flatiron', '--input=RG_rh6-haapache-cluster.conf', '--silent', '--noguidance', '--text-width=-1', '--output=pcs-commands-flatiron.txt']
# targeting system: ('linux', 'redhat', '6.9', 'Santiago')
pcs cluster auth z1.example.com z2.example.com
pcs cluster setup --name STSRHTS31510 z1.example.com z2.example.com --token 3000
pcs cluster start --all && sleep 60
pcs cluster cib tmp-cib.xml
pcs -f tmp-cib.xml stonith create FENCEDEV-fence-z1 fence_xvm auth=sha256 delay=5 hash=sha256 key_file=/etc/cluster/fence_xvm.key timeout=5 pcmk_host_map=z1.example.com:z1.example.com
pcs -f tmp-cib.xml stonith create FENCEDEV-z2 fence_xvm auth=sha256 hash=sha256 key_file=/etc/cluster/fence_xvm.key timeout=5 pcmk_host_map=z2.example.com:z2.example.com
pcs -f tmp-cib.xml resource create RESOURCE-lvm-halvm ocf:heartbeat:LVM volgrpname=shared exclusive=true op monitor interval=3600s
pcs -f tmp-cib.xml resource create RESOURCE-fs-fs ocf:heartbeat:Filesystem device=/dev/shared/shared0 directory=/ha-web fstype=ext4 force_unmount=safe op monitor interval=60s
pcs -f tmp-cib.xml resource create RESOURCE-ip-10.34.70.95 ocf:heartbeat:IPaddr2 ip=10.34.70.95 op monitor interval=20s
pcs -f tmp-cib.xml resource create RESOURCE-apache-apache ocf:heartbeat:apache configfile=/etc/httpd/conf/httpd.conf 'options= -Dapache -d "/ha-web"' op monitor interval=60s
pcs -f tmp-cib.xml resource group add SERVICE-ha-apache-GROUP RESOURCE-lvm-halvm RESOURCE-fs-fs RESOURCE-ip-10.34.70.95 RESOURCE-apache-apache
pcs cluster cib-push tmp-cib.xml --config

Generating PCS commands from an existing RHEL 6 Pacemaker configuration

When migrating from a Red Hat Enterprise Linux 6 Pacemaker cluster to a Red Hat Enterprise Linux 7 Pacemaker cluster, you can directly import the existing cib configuration file. However, it is likely that when you migrate you will be changing many things, such as the names of your cluster nodes and how you configure your cluster resources. You may find it more convenient to use the pcs2pcscmd-flatiron subcommand of the clufter command to generate PCS commands from an existing Red Hat Enterprise Linux 6 Pacemaker configuration. This way you can alter your configuration on a component by component basis by editing the PCS commands that create an equivalent deployment.

Command syntax

The following command takes as input the cib configuration file CIB_rh6-haapache.xml and the CMAN configuration file PCMK_rh6-haapache-cluster.conf and generates a file named cman_pcmk_pcscmd.txt consisting of the PCS commands that would create this configuration.

[root@z1 examples]# clufter --quiet pcs2pcscmd-flatiron \
--cib=CIB_rh6-haapache.xml --ccs=PCMK_rh6-haapache-cluster.conf \
--silent --noguidance --text-width=-1 --output=cman_pcmk_pcscmd.txt

Sample output

The generated cman_pcmk_pcscmd.txt file is as follows:

# sequence generated on 2016-12-02 16:41:12 with: clufter 0.59.6
# invoked as: ['/usr/bin/clufter', '--quiet', 'pcs2pcscmd-flatiron', '--cib=CIB_rh6-haapache.xml', '--ccs=PCMK_rh6-haapache-cluster.conf', '--silent', '--noguidance', '--text-width=-1', '--output=cman_pcmk_pcscmd.txt']
# targeting system: ('linux', 'redhat', '6.9', 'Santiago')
pcs cluster auth z1.example.com z2.example.co,
pcs cluster setup --name STSRHTS31510 z1.example.com z2.example.com --token 3000
pcs cluster start --all && sleep 60
pcs cluster cib tmp-cib.xml
pcs -f tmp-cib.xml stonith create FENCEDEV-fence-z1 fence_xvm auth=sha256 delay=5 hash=sha256 key_file=/etc/cluster/fence_xvm.key timeout=5 pcmk_host_map=z1.example.com:z1.example.com
pcs -f tmp-cib.xml stonith create FENCEDEV-z2 fence_xvm auth=sha256 hash=sha256 key_file=/etc/cluster/fence_xvm.key timeout=5 pcmk_host_map=z2.example.com:z2.example.com
pcs -f tmp-cib.xml resource create RESOURCE-lvm-halvm ocf:heartbeat:LVM volgrpname=shared exclusive=true op monitor interval=3600s
pcs -f tmp-cib.xml resource create RESOURCE-fs-fs ocf:heartbeat:Filesystem device=/dev/shared/shared0 directory=/ha-web fstype=ext4 force_unmount=safe op monitor interval=60s
pcs -f tmp-cib.xml resource create RESOURCE-ip-10.34.70.95 ocf:heartbeat:IPaddr2 ip=10.34.70.95 op monitor interval=20s
pcs -f tmp-cib.xml resource create RESOURCE-apache-apache ocf:heartbeat:apache configfile=/etc/httpd/conf/httpd.conf 'options= -Dapache -d "/ha-web"' op monitor interval=60s
pcs -f tmp-cib.xml resource group add SERVICE-ha-apache-GROUP RESOURCE-lvm-halvm RESOURCE-fs-fs RESOURCE-ip-10.34.70.95 RESOURCE-apache-apache
pcs cluster cib-push tmp-cib.xml --config

Generating PCS commands from an existing RHEL 7 Pacemaker configuration

You can use the pcs2pcscmd-needle subcommand of the clufter commad to generate PCS commands from an existing Red Had Enterprise Linux 7 Pacemaker configuration that would recreate that configuration. This could be useful if you wanted to configure a similar configuration.

Command syntax

This following command generates PCS commands from a Red Hat Enterprise Linux Pacemaker cluster with a cib configuration file named rh7-haapache-cib.xml and a corosync configuration file named haapache-corosync.conf. The output is sent to the file corosync_pcmk_pcscmd.txt.

[root@z1 examples]# clufter --quiet pcs2pcscmd-needle \
--cib=rh7-haapache-cib.xml --coro=rh7-haapache-corosync.conf --silent \
--noguidance --text-width=-1 --output=corosync_pcmk_pcscmd.txt

Sample output

The generated corosync_pcmk_pcscmd.txt file is as follows:

# sequence generated on 2016-12-02 16:45:19 with: clufter 0.59.6
# invoked as: ['/usr/bin/clufter', '--quiet', 'pcs2pcscmd-needle', '--cib=rh7-haapache-cib.xml', '--coro=rh7-haapache-corosync.conf', '--silent', '--noguidance', '--text-width=-1', '--output=corosync_pcmk_pcscmd.txt']
# targeting system: ('linux', 'redhat', '6.9', 'Santiago')
pcs cluster auth z1.example.com z2.example.com
pcs cluster setup --name STSRHTS31510 z1.example.com z2.example.com --consensus 5000 --join 60 --token 3000
pcs cluster start --all && sleep 60
pcs cluster cib tmp-cib.xml
pcs -f tmp-cib.xml stonith create FENCEDEV-fence-z1 fence_xvm auth=sha256 delay=5 hash=sha256 key_file=/etc/cluster/fence_xvm.key timeout=5  pcmk_host_map=z1/.example.com:z1.example.com
pcs -f tmp-cib.xml stonith create FENCEDEV-z2 fence_xvm auth=sha256 hash=sha256 key_file=/etc/cluster/fence_xvm.key timeout=5 pcmk_host_map=z2.example.com:z2.example.com
pcs -f tmp-cib.xml resource create RESOURCE-lvm-halvm ocf:heartbeat:LVM volgrpname=shared exclusive=true op monitor interval=3600s
pcs -f tmp-cib.xml resource create RESOURCE-fs-fs ocf:heartbeat:Filesystem device=/dev/shared/shared0 directory=/ha-web fstype=ext4 force_unmount=safe op monitor interval=60s
pcs -f tmp-cib.xml resource create RESOURCE-ip-10.34.70.95 ocf:heartbeat:IPaddr2 ip=10.34.70.95 op monitor interval=20s
pcs -f tmp-cib.xml resource create RESOURCE-apache-apache ocf:heartbeat:apache configfile=/etc/httpd/conf/httpd.conf 'options= -Dapache -d "/ha-web"' op monitor interval=60s
pcs -f tmp-cib.xml resource group add SERVICE-ha-apache-GROUP RESOURCE-lvm-halvm RESOURCE-fs-fs RESOURCE-ip-10.34.70.95 RESOURCE-apache-apache
pcs cluster cib-push tmp-cib.xml --config

Obfuscating credentials and IDs in a CMAN-based cluster configuration file

If you require a copy of a configuration file that does not include sensitive information about login credentials, or if you want a copy of a configuration file in which specific names of the cluster components are not necessary and generic placeholders are sufficient, you can produce this file with the ccs-obfuscate subcommand of the clufter command. This command will obfuscate the credentials and IDs of a CMAN-based cluster configuration file.

This command takes a configuation file as input and substitutes generic names for attributes such as the following:

• cluster name
• cluster node names
• fence method names
• fence device names
• fence device login credentials (login, password)
• service names

By default this command takes the configuration file /etc/cluster/cluster.conf as its input file and generates a name with a unique hash for the output files.

Command syntax

The following command specifies an input file of RG_rh6-haapache-cluster.conf and an output file of OBFUSCATED_RG_rh6-haapache-cluster.conf.

[root@z1 examples]# clufter ccs-obfuscate \
--input=RG_rh6-haapache-cluster.conf \
--output=OBFUSCATED_RG_rh6-haapache-cluster.conf
[ccs-obfuscate-identifiers] output: OBFUSCATED_RG_rh6-haapache-cluster.conf

Sample output

The generated file OBFUSCATED_RG_rh6-haapache-cluster.conf is as following, with the replaced values specified as generic names in uppercase.

<cluster config_version="2" name="CLUSTER-NAME"> 
  <cman two_node="1"/>
  <totem token="3000"/>
  <fence_daemon clean_start="0" post_join_delay="20"/>
  <clusternodes>
    <clusternode name="CLUSTER-NODE-1" nodeid="1" votes="1">
      <fence>
        <method name="REL-FENCE-METHOD-1">
          <device domain="CLUSTER-NODE-1" name="FENCE-DEVICE-1"/>
        </method>
      </fence>
    </clusternode>
    <clusternode name="CLUSTER-NODE-2" nodeid="2" votes="1">
      <fence>
        <method name="REL-FENCE-METHOD-1">
          <device domain="CLUSTER-NODE-2" name="FENCE-DEVICE-2"/>
        </method>
      </fence>
    </clusternode>
  </clusternodes>
  <fencedevices>
    <fencedevice agent="fence_xvm" auth="sha256" delay="5" hash="sha256" key_file="/etc/cluster/fence_xvm.key" name="FENCE-DEVICE-1" timeout="5"/>
    <fencedevice agent="fence_xvm" auth="sha256" hash="sha256" key_file="/etc/cluster/fence_xvm.key" name="FENCE-DEVICE-2" timeout="5"/>
  </fencedevices>
  <rm>
    <resources>
      <ip address="10.34.70.95"/>
      <lvm name="halvm" vg_name="shared"/>
      <fs device="/dev/shared/shared0" fstype="ext4" mountpoint="/ha-web" name="fs"/>
      <apache config_file="/etc/httpd/conf/httpd.conf" name="apache" server_root="/ha-web"/>
    </resources>
    <service name="SERVICE-1">
      <ip ref="10.34.70.95"/>
      <lvm ref="halvm"/>
      <fs ref="fs"/>
      <apache ref="apache"/>
    </service>
  </rm>
</cluster>

Product(s)

• Red Hat Enterprise Linux

Category

• Migrate

Components

• cluster

Article Type

• General