From 06d8aa1d5b5c30b95a0d3d0cd1da2b27ce1728e1 Mon Sep 17 00:00:00 2001 From: Vratislav Podzimek Date: Thu, 4 Mar 2021 15:46:28 +0100 Subject: [PATCH 1/2] Update HA installation instructions to RHEL/CentOS 7 RHEL/CentOS 6 is EOL so we shouldn't encourage users to build their HA setups on it. Ticket: ENT-6825 Changelog: None (cherry picked from commit f8e739748a966ed5f3611e6e2ed1bf2973fa104c) --- .../installation-guide.markdown | 28 +++++++++++++------ 1 file changed, 19 insertions(+), 9 deletions(-) diff --git a/enterprise-cfengine-guide/high-availability/installation-guide.markdown b/enterprise-cfengine-guide/high-availability/installation-guide.markdown index ff55a3d0c..2722efda6 100644 --- a/enterprise-cfengine-guide/high-availability/installation-guide.markdown +++ b/enterprise-cfengine-guide/high-availability/installation-guide.markdown @@ -24,7 +24,7 @@ all your CFEngine clients in case of failover. ### Hardware configuration and OS pre-configuration steps ### -* CFEngine 3.6.2 (or later) hub package for RHEL6 or CentOS6. +* CFEngine 3.15.3 (or later) hub package for RHEL7 or CentOS7. * We recommend selecting dedicated interface used for PostgreSQL replication and optionally one for heartbeat. * We recommend having one shared IP address assigned for interface where MP is accessible (optionally) and one where PostgreSQL replication is configured (mandatory). @@ -155,7 +155,7 @@ HA fencing guide](https://access.redhat.com/documentation/en-us/red_hat_enterpri pcs resource defaults resource-stickiness="INFINITY" pcs resource defaults migration-threshold="1" pcs resource create cfvirtip IPaddr2 ip=192.168.100.100 cidr_netmask=24 --group cfengine - pcs cluster enable --all node{1,2} + pcs cluster enable --all ``` 10. Verify that the cfvirtip resource is properly configured and running. @@ -452,7 +452,17 @@ HA fencing guide](https://access.redhat.com/documentation/en-us/red_hat_enterpri EOF ``` -2. Bootstrap the nodes. +2. Mask the *cf-postgres.service* and make sure it is not required by the + *cf-hub.service* **on both nodes** (PostgreSQL is managed by the cluster + resource, not by the service). + + ``` + sed -ri s/Requires/Wants/ /usr/lib/systemd/system/cf-hub.service + systemctl daemon-reload + systemctl mask cf-postgres.service + ``` + +3. Bootstrap the nodes. Bootstrap the **node1** to itself and make sure the initial policy (`promises.cf`) evaluation is skipped: @@ -469,13 +479,13 @@ HA fencing guide](https://access.redhat.com/documentation/en-us/red_hat_enterpri cf-agent --bootstrap 192.168.100.11 --skip-bootstrap-policy-run ``` -3. Stop CFEngine **on both nodes**. +4. Stop CFEngine **on both nodes**. ``` service cfengine3 stop ``` -4. Create the HA JSON configuration file **on both nodes**. +5. Create the HA JSON configuration file **on both nodes**. ``` cat < /var/cfengine/masterfiles/cfe_internal/enterprise/ha/ha_info.json @@ -503,7 +513,7 @@ HA fencing guide](https://access.redhat.com/documentation/en-us/red_hat_enterpri **IMPORTANT:** Copy over only the hashes, without the `SHA=` prefix. -5. **On both nodes,** modify the */var/cfengine/masterfiles/controls/def.cf* and +6. **On both nodes,** modify the */var/cfengine/masterfiles/controls/def.cf* and */var/cfengine/masterfiles/controls/update_def.cf* files to enable HA by uncommenting the following line: @@ -517,16 +527,16 @@ HA fencing guide](https://access.redhat.com/documentation/en-us/red_hat_enterpri "enable_cfengine_enterprise_hub_ha" expression => "!any";` ``` -6. **On both nodes,** run `cf-agent -Kf update.cf` to make sure that the new policy is copied from +7. **On both nodes,** run `cf-agent -Kf update.cf` to make sure that the new policy is copied from *masterfiles* to *inputs*. -7. Start CFEngine **on both nodes**. +8. Start CFEngine **on both nodes**. ``` service cfengine3 start ``` -8. Check that the CFEngine HA setup is working by logging in to the Mission Portal at the +9. Check that the CFEngine HA setup is working by logging in to the Mission Portal at the https://192.168.100.100 address in your browser. Note that it takes up to 15 minutes for everything to settle and the `OK` HA status being reported in the Mission Portal's header. From 7c98f4bd17497594bf0bf12b4cc7875ba98f7cc3 Mon Sep 17 00:00:00 2001 From: Vratislav Podzimek Date: Thu, 4 Mar 2021 16:23:43 +0100 Subject: [PATCH 2/2] Use augments to enable HA instead of modifying policy We instruct people to use the preffered way of defining custom classes on hosts even when enabling HA. (cherry picked from commit 3ec7939ac3cf970ea1300efda9d7e3e8bedfc2fb) --- .../installation-guide.markdown | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/enterprise-cfengine-guide/high-availability/installation-guide.markdown b/enterprise-cfengine-guide/high-availability/installation-guide.markdown index 2722efda6..7d6c0ec8d 100644 --- a/enterprise-cfengine-guide/high-availability/installation-guide.markdown +++ b/enterprise-cfengine-guide/high-availability/installation-guide.markdown @@ -513,18 +513,15 @@ HA fencing guide](https://access.redhat.com/documentation/en-us/red_hat_enterpri **IMPORTANT:** Copy over only the hashes, without the `SHA=` prefix. -6. **On both nodes,** modify the */var/cfengine/masterfiles/controls/def.cf* and - */var/cfengine/masterfiles/controls/update_def.cf* files to enable HA by uncommenting the - following line: +6. **On both nodes,** add the following class definition to the */var/cfengine/masterfiles/def.json* + file to enable HA: ``` - "enable_cfengine_enterprise_hub_ha" expression => "enterprise_edition"; - ``` - - and commenting or removing the line - - ``` - "enable_cfengine_enterprise_hub_ha" expression => "!any";` + { + "classes": { + "enable_cfengine_enterprise_hub_ha": [ "any::" ] + } + } ``` 7. **On both nodes,** run `cf-agent -Kf update.cf` to make sure that the new policy is copied from