With a limited resource, my setup as follows:
1) One RHEV Hypervisor, local storage : IBM System x3650, 4GB RAM
2) RHEV Manager: A VM on my Windows Desktop
3) A DNS server, I use BIND, it runs on top of rhev manager server.
4) A domain both DNS and AD, called mms.local
5) Red Hat Evaluation subscription
6) Windows 2003 Server (Active Directory) vm running in RHEV
7) Few Centos 6 and WinXP Vms running in RHEV
This setup follows the Red Hat Enterprise Virtualization 3.1 Evaluation Guide
track B for minimal setup.
For RHEV Hypervisor and Manager installation, follow the Evaluation guide. They will not be shown in this entry. Additional task such as installing rhev guest tool onto Windows VMs won't be explained here, you may refer to Red Hat knowledge base.
The objectives are:
RHEV:
installing rhev guest tool onto Centos 6 Vms
adding active directory for rhev users
troubleshooting AD connectivity
user portal preview
using rhev api for managing vms using command line
High Availability Clustering:
high availability cluster using Centos 6:
installing Centos 6 HA components
setting HA services, virtual IP, storage and apache services
setting fence device using fence_rhevm
testing fence from command line
preview on high availability functioning
RHEV's snapshots:
1) RHEVM admin login (https://rhevm.mms.local/webadmin)
2) Listing items in rhevm
3) cluster
4) host
5) storage
6) Virtual Disk
7) Virtual Machines
8) Active Directory user listing
9) Dashboard
10) Events
Adding Active Directory to RHEV
Without external directory, rhev only provides you a single user (admin@internal) to manage the entire system, sometime you may need to allow users to manage their own resources such as creating, stop/start/pause the virtual machine.
Now, you have an Active Directory (2003 and 2008) and you need to add it to your rhev infrastructure.
Prior to that make sure your rhevm host is able to communicate to the AD server.
Below are the configuration files you might need to refer:
1) /etc/resolv.conf
nameserver 127.0.0.1nameserver 8.8.8.8search mms.local
2) dns record for mms.local domain in /var/named
$ttl 38400@ IN SOA rhevm.mms.local. root.mms.local. (132391896210800360060480038400 )@ IN NS rhevmrhevm.mms.local. IN A 172.24.101.31rhevh.mms.local. IN A 172.24.101.32mmssvrad.mms.local. IN A 172.24.101.33_kerberos._udp IN SRV 0 100 88 mmssvrad.mms.local._kerberos._tcp IN SRV 0 100 88 mmssvrad.mms.local._ldap._tcp IN SRV 0 100 389 mmssvrad.mms.local.
3) /etc/ovirt-engine/krb5.conf
Add the domain,[logging]default = FILE:/var/log/krb5libs.logkdc = FILE:/var/log/krb5kdc.logadmin_server = FILE:/var/log/kadmind.log[libdefaults]default_realm = MMS.LOCALdns_lookup_realm = truedns_lookup_kdc = trueticket_lifetime = 24hrenew_lifetime = 7dforwardable = true[realms]MMS.LOCAL = {kdc = mmssvrad.mms.local}[domain_realm]mms.local = MMS.LOCAL
rhevm-manage-domains -action=add -domain=mms.local -provider=ActiveDirectory -user=rhevadmin -interactive -addPermissions
In order to check whether this setup survive after reboot, restart/reboot your rhevm and re validate the configuration
rhevm-manage-domains --help
rhevm-manage-domains -action=list
rhevm-manage-domains -action=validate
You might want to look into the log files for errors in /var/log/ovirt-engine
engine.log
engine-manage-domains.log
User portal
As you add users in the AD, as the rhev admin, you will create permission per user for example to manage vms as below:
Installing rhev guest tool onto Centos 6 Vms
There is no official rhev guest tool for Centos6, you may use from the community. I found one here:This tool will provide information in the rhev admin such as IP address, CPU, RAM and network utilization for the vm.yum -y install wget && wget http://www.dreyou.org/ovirt/ovirt-dre.repo -P /etc/yum.repos.d/ && yum -y install rhev-agent-pam-rhev-cred rhev-agent &&service rhev-agentd start
Using rhev api for managing vms using command line
Sometime you need a simple and powerful interface to manage your rhev such as powering down/up a vm.
You need to have the required tools and some configurations:
- install rhevm-cli
- download certificate from rhev manager admin portal if you use https.
wget https://rhevm.mms.local/ca.crt- connect to the rhevm
rhevm-shell -c -l "https://rhevm.mms.local/api" -P 443 -u "admin@internal" -A ca.crt
- once connected, you may use available command
VM High Availability Clustering
I will use 3 Centos 6 hosts without quorum disk. A floating IP address, a shared/floating disk (new feature in rhev 3.1), the floating disk will be shared among 3 hosts, formatted as ext4, auto mounted to /mnt on active host by cluster service and finally a web server (apache) with index.html in the /mnt folder.
On Centos 6, install virtualization packages such as:
Virtualization
Virtualization Platform
Virtualization Tools
Configure your host resolution in /etc/hosts so that each host can connect to each other using name.
127.0.0.1 localhost localhost.localdomain
172.24.101.26 node1.mms.local
172.24.101.27 node2.mms.local
172.24.101.25 node3.mms.local
172.24.101.31 rhevm.mms.local
Enable luci service, you will need this to configure cluster via web interface e.g https://172.24.101.26:8084
All above details can be viewed in just a single file entry in /etc/cluster/cluster.conf
<?xml version="1.0"?>
<cluster config_version="38" name="webha">
<clusternodes>
<clusternode name="node1.mms.local" nodeid="1">
<fence>
<method name="Method">
<device name="rhevmfence" port="centos6N1"/>
</method>
</fence>
</clusternode>
<clusternode name="node2.mms.local" nodeid="2">
<fence>
<method name="Method">
<device name="rhevmfence" port="centos6N2"/>
</method>
</fence>
</clusternode>
<clusternode name="node3.mms.local" nodeid="3">
<fence>
<method name="Method">
<device name="rhevmfence" port="centos6N3"/>
</method>
</fence>
</clusternode>
</clusternodes>
<fencedevices>
<fencedevice agent="fence_rhevm" ipaddr="rhevm.mms.local" ipport="443" login="admin@internal" name="rhevmfence" passwd="redhat" power_wait="3" ssl="on"/>
</fencedevices>
<rm>
<failoverdomains>
<failoverdomain name="fodomain" nofailback="1" ordered="1">
<failoverdomainnode name="node1.mms.local" priority="1"/>
<failoverdomainnode name="node2.mms.local" priority="2"/>
<failoverdomainnode name="node3.mms.local" priority="3"/>
</failoverdomain>
</failoverdomains>
<resources>
<ip address="172.24.101.29" sleeptime="3"/>
<apache config_file="conf/httpd.conf" name="httpd" server_root="/etc/httpd" shutdown_wait="0"/>
<fs device="/dev/vdb" force_fsck="1" force_unmount="1" fsid="56578" mountpoint="/mnt" name="disk" self_fence="1"/>
</resources>
<service domain="fodomain" name="haservice" recovery="relocate">
<ip ref="172.24.101.29"/>
<apache ref="httpd"/>
<fs ref="disk"/>
</service>
</rm>
</cluster>
Get status from running cluster using clustat command
test fence from command line, we will use the command to test the workability of the fence mechanism, in real situation the problematic node will be fenced automatically for example the node is hang.
In my 3 nodes cluster, I can fence the other node from the command line, for example using fence_rhevm I can fence node2.
before that, get the node2 status using fence_rhevm
from the other node (node3) fence node2 (which is currently running the cluster service)
fence_rhevm -o reboot -z -a rhevm.mms.local -u 443 -l 'admin@internal' -p 'redhat' -n centos6N2You will notice node2 being rebooted in rhevm page and also you need to monitor the output from clustat, the service then transferred to the other node. Example below get status within 2 second interval.
clustat -i 2on the fencing workability you might want to see the /var/log/cluster/fenced.log
now cluster service running on node1
That's it.
I hope you readers get something useful from this information.
Very helpful! Thanks!
ReplyDelete