Diferencia entre revisiones de «Pacemaker»

De jagfloriano.com
Ir a la navegaciónIr a la búsqueda
Sin resumen de edición
Etiqueta: Reversión manual
 
(No se muestran 76 ediciones intermedias de 2 usuarios)
Línea 1: Línea 1:
== Creación de un clúster Pacemaker ( EN DESARROLLO) ==
== Creación de un clúster Pacemaker ==


=== Introducción ===
=== Introducción ===
Línea 9: Línea 9:


El objetivo es simular el uso de discos compartidos de una cabina de almacenamiento en una infraestructura real.
El objetivo es simular el uso de discos compartidos de una cabina de almacenamiento en una infraestructura real.
---


=== Topología del laboratorio ===
=== Topología del laboratorio ===
==== Máquinas ====


* '''Servidor SAN'''
* '''Servidor SAN'''
Línea 22: Línea 18:
** Nodo1 — <code>192.168.1.81</code>
** Nodo1 — <code>192.168.1.81</code>
** Nodo2 — <code>192.168.1.82</code>
** Nodo2 — <code>192.168.1.82</code>
---


== Configuración del almacenamiento SAN ==
== Configuración del almacenamiento SAN ==
Antes de proceder con la implementación del clúster, es necesario haber configurado el almacenamiento compartido. Este proceso se detalla en la sección dedicada a [[iSCSI|iSCSI]]


Para simular una cabina de almacenamiento se compartirá un disco mediante iSCSI hacia ambos nodos del clúster Pacemaker.
==== Verificación del disco compartido ====


=== Instalación de paquetes requeridos ===
Comprobar que el nuevo disco aparece en ambos nodos:


En el servidor SAN (target):
:Nodo1:
<syntaxhighlight lang="bash">
[root@nodo1 ~]# iscsiadm -m session -o show
tcp: [1] 192.168.1.80:3260,1 iqn.2026-01.icecube:storage.target01 (non-flash)
</syntaxhighlight>


<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
[root@icecube ~]# subscription-manager register
[root@nodo1 ~]# lsblk
Registering to: subscription.rhsm.redhat.com:443/subscription
NAME            MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
Username: $USER
sda              8:0    0 10.5G  0 disk
Password:
├─sda1            8:1    0    1G  0 part /boot
The system has been registered with ID: dddb6e1e-049a-4ea2-8943-403ec63bb06f
└─sda2            8:2    0  9.5G  0 part
The registered system name is: icecube
  ├─centos-root 253:0    0  8.4G  0 lvm  /
 
  └─centos-swap 253:1    0    1G  0 lvm  [SWAP]
sdb              8:16  0    8G  0 disk
sr0              11:0    1 1024M  0 rom
</syntaxhighlight>
:Nodo2:
<syntaxhighlight lang="bash">
[root@nodo2 ~]#  iscsiadm -m session -o show
tcp: [1] 192.168.1.80:3260,1 iqn.2026-01.icecube:storage.target01 (non-flash)
</syntaxhighlight>
</syntaxhighlight>
Activar los repositorios EPEL:
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
[root@icecube ~]# subscription-manager repos --enable codeready-builder-for-rhel-9-$(arch)-rpms
[root@nodo2 ~]# lsblk
Repository 'codeready-builder-for-rhel-9-x86_64-rpms' is enabled for this system.
NAME                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINTS
[root@icecube ~]# dnf install \
sda                  8:0    0  20G  0 disk
https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm
├─sda1                8:1    0    1G  0 part /boot
Updating Subscription Management repositories.
└─sda2                8:2    0  19G  0 part
Red Hat CodeReady Linux Builder for RHEL 9 x86_64 (RPMs)                          24 MB/s |  15 MB    00:00
  ├─rhel-root      253:0    0  17G  0 lvm  /
epel-release-latest-9.noarch.rpm                                                  41 kB/s | 19 kB    00:00
  └─rhel-swap      253:1    0    2G  0 lvm [SWAP]
Dependencies resolved.
sdb                  8:16  0  40G 0 disk
===============================================================================================================================
sr0                  11:0    1 1024M  0 rom
  Package                                        Architecture          Version                      Repository          Size
</syntaxhighlight>
===============================================================================================================================
Installing:
epel-release                                  noarch                9-10.el9                    @commandline        19 k


Transaction Summary
== Pacemaker ==
===============================================================================================================================
=== Instalación ===
Install  1 Package


Total size: 19 k
Installed size: 26 k
Is this ok [y/N]: y
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                              1/1
  Installing      : epel-release-9-10.el9.noarch                                  1/1
  Running scriptlet: epel-release-9-10.el9.noarch                                  1/1
Many EPEL packages require the CodeReady Builder (CRB) repository.
It is recommended that you run /usr/bin/crb enable to enable the CRB repository.


  Verifying        : epel-release-9-10.el9.noarch                                  1/1
PACEMAKER RHEL9
Installed products updated.


Installed:
<syntaxhighlight lang="bash">
   epel-release-9-10.el9.noarch
[root@nodo1 ~]# subscription-manager repos \
   --enable=rhel-9-for-x86_64-highavailability-rpms
Repository 'rhel-9-for-x86_64-highavailability-rpms' is enabled for this system.


Complete!
[root@nodo2 ~]# subscription-manager repos \
  --enable=rhel-9-for-x86_64-highavailability-rpms
Repository 'rhel-9-for-x86_64-highavailability-rpms' is enabled for this system.
</syntaxhighlight>
</syntaxhighlight>


Instalar paquetes requeridos:
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
[root@icecube ~]# dnf --enablerepo=epel* install targetcli
[root@nodo1 ~]# dnf install -y pacemaker pcs fence-agents-all lvm2
Updating Subscription Management repositories.
[root@nodo2 ~]# dnf install -y pacemaker pcs fence-agents-all lvm2
Last metadata expiration check: 0:02:26 ago on Fri 02 Jan 2026 09:50:24 PM CET.
</syntaxhighlight>
Dependencies resolved.
======================================================================================================================================================
Package                                        Architecture          Version                    Repository                            Size
======================================================================================================================================================
Installing:                                                                                 
targetcli                                      noarch                2.1.57-2.el9                rhel-9-for-x86_64-appstream-rpms      79 k
Installing dependencies:                                                                   
python3-configshell                            noarch                1:1.1.30-1.el9              rhel-9-for-x86_64-baseos-rpms        76 k
python3-kmod                                    x86_64                0.9-32.el9                  rhel-9-for-x86_64-baseos-rpms        88 k
python3-pyparsing                              noarch                2.4.7-9.el9                rhel-9-for-x86_64-baseos-rpms        154 k
python3-rtslib                                  noarch                2.1.76-1.el9                rhel-9-for-x86_64-appstream-rpms    104 k
python3-urwid                                  x86_64                2.1.2-4.el9                rhel-9-for-x86_64-baseos-rpms        842 k
target-restore                                  noarch                2.1.76-1.el9                rhel-9-for-x86_64-appstream-rpms      16 k
Transaction Summary                                                                         
======================================================================================================================================================
Install  7 Packages


Total download size: 1.3 M
=== Configuración Cluster ===
Installed size: 5.0 M
Is this ok [y/N]: y
Downloading Packages:
(1/7): python3-pyparsing-2.4.7-9.el9.noarch.rpm                              1.0 MB/s | 154 kB    00:00
(2/7): python3-kmod-0.9-32.el9.x86_64.rpm                                    347 kB/s |  88 kB    00:00
(3/7): python3-configshell-1.1.30-1.el9.noarch.rpm                            683 kB/s |  76 kB    00:00
(4/7): target-restore-2.1.76-1.el9.noarch.rpm                                145 kB/s |  16 kB    00:00
(5/7): python3-rtslib-2.1.76-1.el9.noarch.rpm                                900 kB/s | 104 kB    00:00
(6/7): targetcli-2.1.57-2.el9.noarch.rpm                                      677 kB/s |  79 kB    00:00
(7/7): python3-urwid-2.1.2-4.el9.x86_64.rpm                                  318 kB/s | 842 kB    00:02
---------------------------------------------------------------------------------------
Total                                                                        513 kB/s | 1.3 MB    00:02
Red Hat Enterprise Linux 9 for x86_64 - BaseOS (RPMs)                        2.7 MB/s | 3.6 kB    00:00
Importing GPG key 0xFD431D51:                                               
Userid    : "Red Hat, Inc. (release key 2) <security@redhat.com>"
Fingerprint: 567E 347A D004 4ADE 55BA 8A5F 199E 2F91 FD43 1D51
From      : /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
Is this ok [y/N]: y
Key imported successfully
Importing GPG key 0x5A6340B3:
Userid    : "Red Hat, Inc. (auxiliary key 3) <security@redhat.com>"
Fingerprint: 7E46 2425 8C40 6535 D56D 6F13 5054 E4A4 5A63 40B3
From      : /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
Is this ok [y/N]: y
Key imported successfully
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                            1/1
  Installing      : python3-urwid-2.1.2-4.el9.x86_64          1/7
  Installing      : python3-pyparsing-2.4.7-9.el9.noarch      2/7
  Installing      : python3-configshell-1:1.1.30-1.el9.noarch  3/7
  Installing      : python3-kmod-0.9-32.el9.x86_64            4/7
  Installing      : python3-rtslib-2.1.76-1.el9.noarch        5/7
  Installing      : target-restore-2.1.76-1.el9.noarch        6/7
  Running scriptlet: target-restore-2.1.76-1.el9.noarch        6/7
  Installing      : targetcli-2.1.57-2.el9.noarch              7/7
  Running scriptlet: targetcli-2.1.57-2.el9.noarch              7/7
  Verifying        : python3-kmod-0.9-32.el9.x86_64            1/7
  Verifying        : python3-pyparsing-2.4.7-9.el9.noarch      2/7
  Verifying        : python3-urwid-2.1.2-4.el9.x86_64          3/7
  Verifying        : python3-configshell-1:1.1.30-1.el9.noarch  4/7
  Verifying        : target-restore-2.1.76-1.el9.noarch        5/7
  Verifying        : python3-rtslib-2.1.76-1.el9.noarch        6/7
  Verifying        : targetcli-2.1.57-2.el9.noarch              7/7
Installed products updated.


Installed:
<syntaxhighlight lang="bash">
  python3-configshell-1:1.1.30-1.el9.noarch      python3-kmod-0.9-32.el9.x86_64      python3-pyparsing-2.4.7-9.el9.noarch      python3-rtslib-2.1.76-1.el9.noarch      python3-urwid-2.1.2-4.el9.x86_64      target-restore-2.1.76-1.el9.noarch      targetcli-2.1.57-2.el9.noarch
[root@nodo1 ~]# systemctl enable --now pcsd
Created symlink /etc/systemd/system/multi-user.target.wants/pcsd.service → /usr/lib/systemd/system/pcsd.service.
[root@nodo1 ~]#


Complete!
[root@nodo2 ~]# systemctl enable --now pcsd
Created symlink /etc/systemd/system/multi-user.target.wants/pcsd.service → /usr/lib/systemd/system/pcsd.service.
[root@nodo2 ~]#
</syntaxhighlight>
</syntaxhighlight>


==== Configuración del iSCSI Target (targetcli) ====
<syntaxhighlight lang="bash">
[root@nodo1 ~]# passwd hacluster
Changing password for user hacluster.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
[root@nodo1 ~]#


Configuraciones previas:
[root@nodo2 ~]# passwd hacluster
<syntaxhighlight lang="bash">
Changing password for user hacluster.
[root@icecube ~]# systemctl enable --now target
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
[root@nodo2 ~]#
</syntaxhighlight>
</syntaxhighlight>
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
root@nodo1 ~]# firewall-cmd --add-service=high-availability --permanent
success
[root@nodo1 ~]# firewall-cmd --reload
success
[root@nodo1 ~]#


[root@icecube ~]# systemctl status target
● target.service - Restore LIO kernel target configuration
    Loaded: loaded (/usr/lib/systemd/system/target.service; enabled; preset: disabled)
    Active: active (exited) since Fri 2026-01-02 23:10:39 CET; 2min 44s ago
  Main PID: 5382 (code=exited, status=0/SUCCESS)
        CPU: 49ms


Jan 02 23:10:39 icecube systemd[1]: Starting Restore LIO kernel target configuration...
[root@nodo2 ~]# firewall-cmd --add-service=high-availability --permanent
Jan 02 23:10:39 icecube systemd[1]: Finished Restore LIO kernel target configuration.
success
[root@icecube ~]#
[root@nodo2 ~]# firewall-cmd --reload
success
</syntaxhighlight>
</syntaxhighlight>


<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
[root@nodo1 ~]# pcs host auth nodo1 nodo2
Username: hacluster
Password:
nodo1: Authorized
nodo2: Authorized
[root@nodo1 ~]#
[root@nodo2 ~]#  pcs host auth nodo1 nodo2
Username: hacluster
Password:
nodo1: Authorized
nodo2: Authorized
[root@nodo2 ~]#
</syntaxhighlight>
</syntaxhighlight>


<syntaxhighlight lang="bash">
[root@nodo2 ~]# pcs cluster setup iscsi-cluster nodo1 nodo2
No addresses specified for host 'nodo1', using 'nodo1'
No addresses specified for host 'nodo2', using 'nodo2'
Destroying cluster on hosts: 'nodo1', 'nodo2'...
nodo1: Successfully destroyed cluster
nodo2: Successfully destroyed cluster
Requesting remove 'pcsd settings' from 'nodo1', 'nodo2'
nodo2: successful removal of the file 'pcsd settings'
nodo1: successful removal of the file 'pcsd settings'
Sending 'corosync authkey', 'pacemaker authkey' to 'nodo1', 'nodo2'
nodo2: successful distribution of the file 'corosync authkey'
nodo2: successful distribution of the file 'pacemaker authkey'
nodo1: successful distribution of the file 'corosync authkey'
nodo1: successful distribution of the file 'pacemaker authkey'
Sending 'corosync.conf' to 'nodo1', 'nodo2'
nodo2: successful distribution of the file 'corosync.conf'
nodo1: successful distribution of the file 'corosync.conf'
Cluster has been successfully set up.
[root@nodo2 ~]#
</syntaxhighlight>


<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
[root@icecube ~]# lsblk /dev/vg_iscsi/lv_storage
[root@nodo2 ~]# pcs status
NAME                MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
Error: error running crm_mon, is pacemaker running?
vg_iscsi-lv_storage 253:2    0  40G  0 lvm
  crm_mon: Connection to cluster failed: Connection refused
[root@icecube ~]# f
</syntaxhighlight>
</syntaxhighlight>


<syntaxhighlight lang="bash">
[root@nodo2 ~]# pcs cluster start --all
nodo1: Starting Cluster...
nodo2: Starting Cluster...
</syntaxhighlight>


Verificar que no existe configuración actualmente en targetcli:
<syntaxhighlight lang="bash">
<syntaxhighlight lang="ini">
[root@nodo2 ~]# pcs cluster enable --all
[root@icecube ~]# targetcli ls
nodo1: Cluster Enabled
o- / ......................................................................................................................... [...]
nodo2: Cluster Enabled
  o- backstores .............................................................................................................. [...]
  | o- block .................................................................................................. [Storage Objects: 0]
  | o- fileio ................................................................................................. [Storage Objects: 0]
  | o- pscsi .................................................................................................. [Storage Objects: 0]
  | o- ramdisk ................................................................................................ [Storage Objects: 0]
  o- iscsi ............................................................................................................ [Targets: 0]
  o- loopback ......................................................................................................... [Targets: 0]
[root@icecube ~]#
</syntaxhighlight>
</syntaxhighlight>


<syntaxhighlight lang="bash">
[root@nodo2 ~]# pcs status
Cluster name: iscsi-cluster


Acceder a la consola de configuración y crear una LUN:
WARNINGS:
No stonith devices and stonith-enabled is not false
error: Resource start-up disabled since no STONITH resources have been defined
error: Either configure some or disable STONITH with the stonith-enabled option
error: NOTE: Clusters with shared data need STONITH to ensure data integrity
warning: Node nodo1 is unclean but cannot be fenced
warning: Node nodo2 is unclean but cannot be fenced
error: CIB did not pass schema validation
Errors found during check: config not valid


<syntaxhighlight lang="ini">
Cluster Summary:
[root@icecube ~]# targetcli
  * Stack: unknown (Pacemaker is running)
targetcli shell version 2.1.57
  * Current DC: NONE
Copyright 2011-2013 by Datera, Inc and others.
  * Last updated: Sat Jan  3 00:28:04 2026 on nodo2
For help on commands, type 'help'.
  * Last change:  Sat Jan  3 00:27:58 2026 by hacluster via hacluster on nodo2
  * 2 nodes configured
  * 0 resource instances configured


/> /backstores/block create lun01 /dev/vg_iscsi/lv_storage
Node List:
Created block storage object lun01 using /dev/vg_iscsi/lv_storage.
  * Node nodo1: UNCLEAN (offline)
</syntaxhighlight>
  * Node nodo2: UNCLEAN (offline)


Crear el target y el backstore iSCSI:
Full List of Resources:
  * No resources


<syntaxhighlight lang="ini">
Daemon Status:
/> /iscsi create iqn.2026-01.icecube:storage.target01
  corosync: active/enabled
Created target iqn.2026-01.icecube:storage.target01.
  pacemaker: active/enabled
Created TPG 1.
  pcsd: active/enabled
Global pref auto_add_default_portal=true
Created default portal listening on all IPs (0.0.0.0), port 3260.
</syntaxhighlight>
</syntaxhighlight>


<syntaxhighlight lang="ini">
<syntaxhighlight lang="bash">
/> /iscsi/iqn.2026-01.icecube:storage.target01/tpg1/luns create /backstores/block/lun01
[root@nodo2 ~]# pcs property set stonith-enabled=false
Created LUN 0.
</syntaxhighlight>
</syntaxhighlight>
<syntaxhighlight lang="bash">
[root@nodo2 ~]# pcs status
Cluster name: iscsi-cluster
Cluster Summary:
  * Stack: corosync (Pacemaker is running)
  * Current DC: nodo2 (version 2.1.10-1.el9-5693eaeee) - partition with quorum
  * Last updated: Sat Jan  3 00:34:35 2026 on nodo2
  * Last change:  Sat Jan  3 00:34:28 2026 by root via root on nodo2
  * 2 nodes configured
  * 0 resource instances configured


Configurar ACLs y autenticación CHAP:
Node List:
  * Online: [ nodo1 nodo2 ]


<syntaxhighlight lang="ini">
Full List of Resources:
/> /iscsi/iqn.2026-01.icecube:storage.target01/tpg1/acls create iqn.2026-01.icecube:node01.initiator01
  * No resources
Created Node ACL for iqn.2026-01.icecube:node01.initiator01
Created mapped LUN 0.
</syntaxhighlight>


<syntaxhighlight lang="ini">
Daemon Status:
/> /iscsi/iqn.2026-01.icecube:storage.target01/tpg1 set attribute authentication=1
  corosync: active/enabled
Parameter authentication is now '1'.
  pacemaker: active/enabled
  pcsd: active/enabled
[root@nodo2 ~]#
</syntaxhighlight>
</syntaxhighlight>


<syntaxhighlight lang="ini">
=== Configuración LVM ===
/> /iscsi/iqn.2026-01.icecube:storage.target01/tpg1/acls/iqn.2026-01.icecube:node01.initiator01 set auth userid=bonzo
==== Editar /etc/lvm/lvm.conf ====
Parameter userid is now 'bonzo'.
</syntaxhighlight>


<syntaxhighlight lang="ini">
Establecer la misma configuración de <code>/etc/lvm/lvm.conf</code> en todos los nodos del clúster y ejecutar un <code>dracut -f</code> y <code>reboot</code>.
/> /iscsi/iqn.2026-01.icecube:storage.target01/tpg1/acls/iqn.2026-01.icecube:node01.initiator01 set auth password=PASSWORD2020
Parameter password is now 'PASSWORD2020'.
</syntaxhighlight>


Salir y guardar la configuración:
<syntaxhighlight lang="ini">
<syntaxhighlight lang="ini">
/> exit
[root@nodo1 ~]# grep -vE '^\s*#|^\s*$' /etc/lvm/lvm.conf
Global pref auto_save_on_exit=true
config {
Last 10 configs saved in /etc/target/backup/.
}
Configuration saved to /etc/target/saveconfig.json
devices {
}
allocation {
}
log {
}
backup {
}
shell {
}
global {
        system_id_source = "uname"
}
activation {
        auto_activation_volume_list = [ ]
}
report {
}
dmeventd {
}
</syntaxhighlight>
</syntaxhighlight>


Verificación del fichero de configuracion:
<syntaxhighlight lang="bash">
 
[root@nodo1 ~]# dracut -f
 
<syntaxhighlight lang="ini">
[root@icecube ~]# cat /etc/target/saveconfig.json
{
  "fabric_modules": [],
  "storage_objects": [
    {
      "alua_tpgs": [
        {
          "alua_access_state": 0,
          "alua_access_status": 0,
          "alua_access_type": 3,
          "alua_support_active_nonoptimized": 1,
          "alua_support_active_optimized": 1,
          "alua_support_offline": 1,
          "alua_support_standby": 1,
          "alua_support_transitioning": 1,
          "alua_support_unavailable": 1,
          "alua_write_metadata": 0,
          "implicit_trans_secs": 0,
          "name": "default_tg_pt_gp",
          "nonop_delay_msecs": 100,
          "preferred": 0,
          "tg_pt_gp_id": 0,
          "trans_delay_msecs": 0
        }
      ],
      "attributes": {
        "alua_support": 1,
        "block_size": 512,
        "emulate_3pc": 1,
        "emulate_caw": 1,
        "emulate_dpo": 1,
        "emulate_fua_read": 1,
        "emulate_fua_write": 1,
        "emulate_model_alias": 1,
        "emulate_pr": 1,
        "emulate_rest_reord": 0,
        "emulate_rsoc": 1,
        "emulate_tas": 1,
        "emulate_tpu": 0,
        "emulate_tpws": 0,
        "emulate_ua_intlck_ctrl": 0,
        "emulate_write_cache": 0,
        "enforce_pr_isids": 1,
        "force_pr_aptpl": 0,
        "is_nonrot": 0,
        "max_unmap_block_desc_count": 0,
        "max_unmap_lba_count": 0,
        "max_write_same_len": 65535,
        "optimal_sectors": 65528,
        "pgr_support": 1,
        "pi_prot_format": 0,
        "pi_prot_type": 0,
        "pi_prot_verify": 0,
        "queue_depth": 128,
        "submit_type": 0,
        "unmap_granularity": 0,
        "unmap_granularity_alignment": 0,
        "unmap_zeroes_data": 0
      },
      "dev": "/dev/vg_iscsi/lv_storage",
      "name": "lun01",
      "plugin": "block",
      "readonly": false,
      "write_back": false,
      "wwn": "b1e53820-2d0e-4605-a66e-96ed4d4738a9"
    }
  ],
  "targets": [
    {
      "fabric": "iscsi",
      "parameters": {
        "cmd_completion_affinity": "-1"
      },
      "tpgs": [
        {
          "attributes": {
            "authentication": 1,
            "cache_dynamic_acls": 0,
            "default_cmdsn_depth": 64,
            "default_erl": 0,
            "demo_mode_discovery": 1,
            "demo_mode_write_protect": 1,
            "fabric_prot_type": 0,
            "generate_node_acls": 0,
            "login_keys_workaround": 1,
            "login_timeout": 15,
            "prod_mode_write_protect": 0,
            "t10_pi": 0,
            "tpg_enabled_sendtargets": 1
          },
          "enable": true,
          "luns": [
            {
              "alias": "4937399dfd",
              "alua_tg_pt_gp_name": "default_tg_pt_gp",
              "index": 0,
              "storage_object": "/backstores/block/lun01"
            }
          ],
          "node_acls": [
            {
              "attributes": {
                "authentication": -1,
                "dataout_timeout": 3,
                "dataout_timeout_retries": 5,
                "default_erl": 0,
                "nopin_response_timeout": 30,
                "nopin_timeout": 15,
                "random_datain_pdu_offsets": 0,
                "random_datain_seq_offsets": 0,
                "random_r2t_offsets": 0
              },
              "chap_password": "PASSWORD2020",
              "chap_userid": "bonzo",
              "mapped_luns": [
                {
                  "alias": "612d32f2e4",
                  "index": 0,
                  "tpg_lun": 0,
                  "write_protect": false
                }
              ],
              "node_wwn": "iqn.2026-01.icecube:node01.initiator01"
            }
          ],
          "parameters": {
            "AuthMethod": "CHAP",
            "DataDigest": "CRC32C,None",
            "DataPDUInOrder": "Yes",
            "DataSequenceInOrder": "Yes",
            "DefaultTime2Retain": "20",
            "DefaultTime2Wait": "2",
            "ErrorRecoveryLevel": "0",
            "FirstBurstLength": "65536",
            "HeaderDigest": "CRC32C,None",
            "IFMarkInt": "Reject",
            "IFMarker": "No",
            "ImmediateData": "Yes",
            "InitialR2T": "Yes",
            "MaxBurstLength": "262144",
            "MaxConnections": "1",
            "MaxOutstandingR2T": "1",
            "MaxRecvDataSegmentLength": "8192",
            "MaxXmitDataSegmentLength": "262144",
            "OFMarkInt": "Reject",
            "OFMarker": "No",
            "TargetAlias": "LIO Target"
          },
          "portals": [
            {
              "ip_address": "0.0.0.0",
              "iser": false,
              "offload": false,
              "port": 3260
            }
          ],
          "tag": 1
        }
      ],
      "wwn": "iqn.2026-01.icecube:storage.target01"
    }
  ]
}
</syntaxhighlight>
</syntaxhighlight>


==== Comprobación del servicio iSCSI ====
<syntaxhighlight lang="bash">
 
[root@nodo1 ~]# reboot
Ver estado de configuracion de targetcli:
 
<syntaxhighlight lang="ini">
[root@icecube ~]# targetcli ls
o- / ......................................................................................................................... [...]
  o- backstores .............................................................................................................. [...]
  | o- block .................................................................................................. [Storage Objects: 1]
  | | o- lun01 ........................................................... [/dev/vg_iscsi/lv_storage (40.0GiB) write-thru activated]
  | |  o- alua ................................................................................................... [ALUA Groups: 1]
  | |    o- default_tg_pt_gp ....................................................................... [ALUA state: Active/optimized]
  | o- fileio ................................................................................................. [Storage Objects: 0]
  | o- pscsi .................................................................................................. [Storage Objects: 0]
  | o- ramdisk ................................................................................................ [Storage Objects: 0]
  o- iscsi ............................................................................................................ [Targets: 1]
  | o- iqn.2026-01.icecube:storage.target01 .............................................................................. [TPGs: 1]
  |  o- tpg1 .......................................................................................... [no-gen-acls, auth per-acl]
  |    o- acls .......................................................................................................... [ACLs: 1]
  |    | o- iqn.2026-01.icecube:node01.initiator01 ................................................... [1-way auth, Mapped LUNs: 1]
  |    |  o- mapped_lun0 ................................................................................. [lun0 block/lun01 (rw)]
  |    o- luns .......................................................................................................... [LUNs: 1]
  |    | o- lun0 ...................................................... [block/lun01 (/dev/vg_iscsi/lv_storage) (default_tg_pt_gp)]
  |    o- portals .................................................................................................... [Portals: 1]
  |      o- 0.0.0.0:3260 ..................................................................................................... [OK]
  o- loopback ......................................................................................................... [Targets: 0]
</syntaxhighlight>
</syntaxhighlight>


Verificar que el puerto iSCSI está en escucha:
Verificaciones post reinicio:
 
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
[root@nodo1 ~]# uname -n
nodo1


[root@icecube ~]# ss -napt | grep 3260
[root@nodo1 ~]# lvm systemid
LISTEN    0      256          *:3260                    *:*
  system ID: nodo1
[root@icecube ~]#
</syntaxhighlight>
</syntaxhighlight>


==== Crear PV|VG|LV con LUN compartida ====
La creación del VG debe ejecutarse en un solo nodo del clúster:
Crear Phisycal Volume:
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
[root@icecube ~]# firewall-cmd --add-service=iscsi-target --permanent
[root@nodo1 ~]# pvcreate /dev/sdb
success
  Physical volume "/dev/sdb" successfully created.
</syntaxhighlight>
</syntaxhighlight>
Crear Volume Group:
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
[root@icecube ~]# firewall-cmd --reload
[root@nodo1 ~]# vgcreate --setautoactivation n vg_shared /dev/sdb
success
  Volume group "vg_shared" successfully created with system ID nodo1
</syntaxhighlight>
</syntaxhighlight>


=== Configuración alternativa del Target ===
<syntaxhighlight lang="bash">
 
[root@nodo1 ~]# vgs -o+systemid
Ajustar contextos SELinux:
  VG        #PV #LV #SN Attr  VSize  VFree  System ID
  rhel        1  2  0 wz--n- <19.00g    0
  vg_shared  1  0  0 wz--n-  39.96g 39.96g nodo1
[root@nodo1 ~]#
</syntaxhighlight>


Crear Logical Volume:
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
[root@icecube ~]# chcon -R -t tgtd_var_lib_t /var/lib/iscsi_disks
[root@nodo1 ~]# lvcreate -n lv_data -l 100%FREE vg_shared
  Wiping xfs signature on /dev/vg_shared/lv_data.
  Logical volume "lv_data" created.
</syntaxhighlight>
</syntaxhighlight>
Formatear en XFS:
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
[root@icecube ~]# semanage fcontext -a -t tgtd_var_lib_t /var/lib/iscsi_disks
[root@nodo1 ~]# mkfs.xfs /dev/vg_shared/lv_data
meta-data=/dev/vg_shared/lv_data isize=512    agcount=4, agsize=2618880 blks
        =                      sectsz=512  attr=2, projid32bit=1
        =                      crc=1        finobt=1, sparse=1, rmapbt=0
        =                      reflink=1    bigtime=1 inobtcount=1 nrext64=0
data    =                      bsize=4096  blocks=10475520, imaxpct=25
        =                      sunit=0      swidth=0 blks
naming  =version 2              bsize=4096  ascii-ci=0, ftype=1
log      =internal log          bsize=4096  blocks=16384, version=2
        =                      sectsz=512  sunit=0 blks, lazy-count=1
realtime =none                  extsz=4096  blocks=0, rtextents=0
[root@nodo1 ~]#
</syntaxhighlight>
</syntaxhighlight>


=== Configuración del iSCSI Initiator en los nodos ===
=== Configuración Recursos ===
==== Requisitos previos ====


Los siguientes pasos deben ejecutarse en '''todos los nodos del clúster'''.
Hay que desactivar el VG para que lo gestione el cluster y crear el directorio donde montar el FS:
<syntaxhighlight lang="bash">
[root@nodo1 ~]# vgchange -an vg_shared
  0 logical volume(s) in volume group "vg_shared" now active
</syntaxhighlight>


=== Instalación de paquetes ===
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
[root@nodo1 ~]# dnf -y install iscsi-initiator-utils
[root@nodo1 ~]# lvscan
Updating Subscription Management repositories.                                         
  ACTIVE            '/dev/rhel/swap' [2.00 GiB] inherit
Red Hat Enterprise Linux 9 for x86_64 - AppStream (RPMs)                                                                                      43 MB/s |  79 MB    00:01
  ACTIVE            '/dev/rhel/root' [<17.00 GiB] inherit
Red Hat CodeReady Linux Builder for RHEL 9 x86_64 (RPMs)                                                                                      19 MB/s |  15 MB    00:00
   inactive            '/dev/vg_shared/lv_data' [39.96 GiB] inherit
Red Hat Enterprise Linux 9 for x86_64 - BaseOS (RPMs)                                                                                          45 MB/s |  95 MB    00:02
</syntaxhighlight>
Package iscsi-initiator-utils-6.2.1.9-1.gita65a472.el9.x86_64 is already installed.
Dependencies resolved.
=========================================================================================================================================================================
Package                                              Architecture      Version                                Repository                                        Size
=========================================================================================================================================================================
Upgrading:                                                                                                                                           
iscsi-initiator-utils                                x86_64            6.2.1.11-0.git4b3e853.el9              rhel-9-for-x86_64-baseos-rpms                    392 k
iscsi-initiator-utils-iscsiuio                        x86_64            6.2.1.11-0.git4b3e853.el9              rhel-9-for-x86_64-baseos-rpms                      81 k
 
Transaction Summary                                                                                                                                   
=========================================================================================================================================================================
Upgrade  2 Packages
 
Total download size: 473 k
Downloading Packages:
(1/2): iscsi-initiator-utils-6.2.1.11-0.git4b3e853.el9.x86_64.rpm                                                                      1.6 MB/s | 392 kB    00:00
(2/2): iscsi-initiator-utils-iscsiuio-6.2.1.11-0.git4b3e853.el9.x86_64.rpm                                                              330 kB/s |  81 kB    00:00
------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                                  1.9 MB/s | 473 kB    00:00
Red Hat Enterprise Linux 9 for x86_64 - BaseOS (RPMs)                                                                                  3.1 MB/s | 3.6 kB    00:00
Importing GPG key 0xFD431D51:
Userid    : "Red Hat, Inc. (release key 2) <security@redhat.com>"
Fingerprint: 567E 347A D004 4ADE 55BA 8A5F 199E 2F91 FD43 1D51
From      : /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
Key imported successfully
Importing GPG key 0x5A6340B3:
Userid    : "Red Hat, Inc. (auxiliary key 3) <security@redhat.com>"
Fingerprint: 7E46 2425 8C40 6535 D56D 6F13 5054 E4A4 5A63 40B3
From      : /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
Key imported successfully
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
   Preparing        :                                                                                                                1/1
  Upgrading        : iscsi-initiator-utils-iscsiuio-6.2.1.11-0.git4b3e853.el9.x86_64                                                1/4
  Running scriptlet: iscsi-initiator-utils-iscsiuio-6.2.1.11-0.git4b3e853.el9.x86_64                                                1/4
  Upgrading        : iscsi-initiator-utils-6.2.1.11-0.git4b3e853.el9.x86_64                                                          2/4
  Running scriptlet: iscsi-initiator-utils-6.2.1.11-0.git4b3e853.el9.x86_64                                                          2/4
  Running scriptlet: iscsi-initiator-utils-6.2.1.9-1.gita65a472.el9.x86_64                                                          3/4
  Cleanup          : iscsi-initiator-utils-6.2.1.9-1.gita65a472.el9.x86_64                                                          3/4
  Running scriptlet: iscsi-initiator-utils-6.2.1.9-1.gita65a472.el9.x86_64                                                          3/4
  Running scriptlet: iscsi-initiator-utils-iscsiuio-6.2.1.9-1.gita65a472.el9.x86_64                                                  4/4
  Cleanup          : iscsi-initiator-utils-iscsiuio-6.2.1.9-1.gita65a472.el9.x86_64                                                  4/4
  Running scriptlet: iscsi-initiator-utils-iscsiuio-6.2.1.9-1.gita65a472.el9.x86_64                                                  4/4
  Verifying        : iscsi-initiator-utils-6.2.1.11-0.git4b3e853.el9.x86_64                                                          1/4
  Verifying        : iscsi-initiator-utils-6.2.1.9-1.gita65a472.el9.x86_64                                                          2/4
  Verifying        : iscsi-initiator-utils-iscsiuio-6.2.1.11-0.git4b3e853.el9.x86_64                                                3/4
  Verifying        : iscsi-initiator-utils-iscsiuio-6.2.1.9-1.gita65a472.el9.x86_64                4/4
Installed products updated.
 
Upgraded:
  iscsi-initiator-utils-6.2.1.11-0.git4b3e853.el9.x86_64    iscsi-initiator-utils-iscsiuio-6.2.1.11-0.git4b3e853.el9.x86_64
 
Complete!


<syntaxhighlight lang="bash">
[root@nodo1 ~]# mkdir -p /srv/shared
</syntaxhighlight>
</syntaxhighlight>


==== Configuración del Initiator====
==== Crear recursos ====
El orden de creación es importante ya que afecta al orden de arranque:


Comprobar el IQN del Initiator:
Crear recurso que active el VG:
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
[root@nodo1 ~]# cat /etc/iscsi/initiatorname.iscsi
[root@nodo1 ~]# pcs resource create vg_shared ocf:heartbeat:LVM-activate vgname=vg_shared vg_access_mode=system_id --group SHARED
InitiatorName=iqn.2026-01.icecube:node01.initiator01
Deprecation Warning: Using '--group' is deprecated and will be replaced with 'group' in a future release. Specify --future to switch to the future behavior.
</syntaxhighlight>
</syntaxhighlight>
 
Crear recurso que monta el LV:
Editar el archivo de configuración CHAP:
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
[root@nodo1 ~]# vim  /etc/iscsi/iscsid.conf
[root@nodo1 ~]# pcs resource create fs_shared ocf:heartbeat:Filesystem device="/dev/vg_shared/lv_data" directory="/srv/shared"  fstype="xfs" --group SHARED
Deprecation Warning: Using '--group' is deprecated and will be replaced with 'group' in a future release. Specify --future to switch to the future behavior.
</syntaxhighlight>
</syntaxhighlight>
 
Crear recurso que active la IP del recurso:
Verificar parámetros de autenticación:
 
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
[root@nodo1 ~]# grep -i node.session.auth /etc/iscsi/iscsid.conf|grep -v ^#
[root@nodo1 ~]# pcs resource create ip_shared  ocf:heartbeat:IPaddr2  ip=192.168.1.83  cidr_netmask=24  nic=enp0s3  --group SHARED
node.session.auth.authmethod = CHAP
Deprecation Warning: Using '--group' is deprecated and will be replaced with 'group' in a future release. Specify --future to switch to the future behavior.
node.session.auth.username = bonzo
node.session.auth.password = PASSWORD2020
</syntaxhighlight>
</syntaxhighlight>


 
==== Verificación ====
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
[root@nodo1 ~]# systemctl enable --now iscsid
[root@nodo1 ~]# pcs status
</syntaxhighlight>
Cluster name: iscsi-cluster
Cluster Summary:
  * Stack: corosync (Pacemaker is running)
  * Current DC: nodo2 (version 2.1.10-1.el9-5693eaeee) - partition with quorum
  * Last updated: Sat Jan  3 11:02:49 2026 on nodo1
  * Last change:  Sat Jan  3 10:52:08 2026 by root via root on nodo1
  * 2 nodes configured
  * 3 resource instances configured


==== Descubrimiento y conexión al target ====
Node List:
  * Online: [ nodo1 nodo2 ]


Descubrir targets disponibles:
Full List of Resources:
  * Resource Group: SHARED:
    * vg_shared (ocf:heartbeat:LVM-activate):    Started nodo1
    * fs_shared (ocf:heartbeat:Filesystem):      Started nodo1
    * ip_shared (ocf:heartbeat:IPaddr2):        Started nodo1


<syntaxhighlight lang="bash">
Daemon Status:
[root@nodo1 ~]# iscsiadm -m discovery -t sendtargets -p 192.168.0.80
  corosync: active/enabled
192.168.0.80:3260,1 iqn.2027-04.icecube:storage.target00
  pacemaker: active/enabled
  pcsd: active/enabled
[root@nodo1 ~]#
</syntaxhighlight>


Iniciar sesión:
==== Pruebas de movimiento paquetes: ====


Verificamos que los recursos están arrancados en el <code>nodo1</code>y comprobamos que el VG esta activo, el LV montado y la IP arrancada:
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
[root@nodo1 ~]# iscsiadm -m node --login
[root@nodo1 ~]# pcs status
</syntaxhighlight>
Cluster name: iscsi-cluster
Cluster Summary:
  * Stack: corosync (Pacemaker is running)
  * Current DC: nodo2 (version 2.1.10-1.el9-5693eaeee) - partition with quorum
  * Last updated: Sat Jan  3 11:24:14 2026 on nodo1
  * Last change:  Sat Jan  3 10:52:08 2026 by root via root on nodo1
  * 2 nodes configured
  * 3 resource instances configured


Node List:
  * Online: [ nodo1 nodo2 ]


==== Verificación del disco compartido ====
Full List of Resources:
  * Resource Group: SHARED:
    * vg_shared (ocf:heartbeat:LVM-activate):    Started nodo1
    * fs_shared (ocf:heartbeat:Filesystem):      Started nodo1
    * ip_shared (ocf:heartbeat:IPaddr2):        Started nodo1


Comprobar que el nuevo disco aparece en el sistema:
Daemon Status:
  corosync: active/enabled
  pacemaker: active/enabled
  pcsd: active/enabled
[root@nodo1 ~]#
</syntaxhighlight>


<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
[root@nodo1 ~]# iscsiadm -m session -o show
[root@nodo1 ~]# lvscan
tcp: [1] 192.168.1.80:3260,1 iqn.2026-01.icecube:storage.target01 (non-flash)
  ACTIVE            '/dev/rhel/swap' [2.00 GiB] inherit
</syntaxhighlight>
  ACTIVE            '/dev/rhel/root' [<17.00 GiB] inherit
  ACTIVE            '/dev/vg_shared/lv_data' [39.96 GiB] inherit
 
[root@nodo1 ~]# df -hT /srv/shared
Filesystem                    Type  Size  Used Avail Use% Mounted on
/dev/mapper/vg_shared-lv_data xfs    40G  318M  40G  1% /srv/shared


<syntaxhighlight lang="bash">
[root@nodo1 ~]# ip a show enp0s3
[root@nodo1 ~]# lsblk
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
NAME            MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
    link/ether 08:00:27:f3:3c:51 brd ff:ff:ff:ff:ff:ff
sda              8:0    0 10.5G  0 disk
    inet 192.168.1.81/24 brd 192.168.1.255 scope global noprefixroute enp0s3
├─sda1            8:1   0    1G  0 part /boot
      valid_lft forever preferred_lft forever
└─sda2            8:2    0  9.5G  0 part
    inet 192.168.1.83/24 brd 192.168.1.255 scope global secondary enp0s3
  ├─centos-root 253:0    0  8.4G  0 lvm  /
      valid_lft forever preferred_lft forever
  └─centos-swap 253:1    0    1G  0 lvm  [SWAP]
    inet6 fe80::a00:27ff:fef3:3c51/64 scope link tentative noprefixroute
sdb              8:16  0    8G  0 disk
      valid_lft forever preferred_lft forever
sr0              11:0    1 1024M  0 rom
</syntaxhighlight>
</syntaxhighlight>


Inicializar el disco como volumen físico:
Procedemos a mover el paquete al nodo2:


<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
[root@nodo1 ~]# pvcreate /dev/sdb
[root@nodo1 ~]# pcs resource move SHARED
  Physical volume "/dev/sdb" successfully created.
Location constraint to move resource 'SHARED' has been created
Waiting for the cluster to apply configuration changes...
Location constraint created to move resource 'SHARED' has been removed
Waiting for the cluster to apply configuration changes...
resource 'SHARED' is running on node 'nodo2'
[root@nodo1 ~]#
</syntaxhighlight>
</syntaxhighlight>
Verificamos que los recursos están arrancados en el <code>nodo2</code> y comprobamos que el VG esta activo, el LV montado y la IP arrancada:
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
[root@nodo1 ~]# vgs
[root@nodo1 ~]# pcs status
   VG   #PV #LV #SN Attr   VSize   VFree
Cluster name: iscsi-cluster
   rhel   1   2   0 wz--n- <19.00g   0
Cluster Summary:
   * Stack: corosync (Pacemaker is running)
   * Current DC: nodo2 (version 2.1.10-1.el9-5693eaeee) - partition with quorum
   * Last updated: Sat Jan  3 11:25:34 2026 on nodo1
   * Last change:  Sat Jan  3 11:24:31 2026 by root via root on nodo1
   * 2 nodes configured
   * 3 resource instances configured
 
Node List:
   * Online: [ nodo1 nodo2 ]
 
Full List of Resources:
   * Resource Group: SHARED:
    * vg_shared (ocf:heartbeat:LVM-activate):   Started nodo2
    * fs_shared (ocf:heartbeat:Filesystem):      Started nodo2
    * ip_shared (ocf:heartbeat:IPaddr2):        Started nodo2
 
Daemon Status:
  corosync: active/enabled
  pacemaker: active/enabled
  pcsd: active/enabled
[root@nodo1 ~]#
 
</syntaxhighlight>
</syntaxhighlight>
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
[root@nodo1 ~]# pvs
 
   PV        VG  Fmt  Attr PSize  PFree
[root@nodo2 ~]# lvscan
   /dev/sda2  rhel lvm2 a--  <19.00g    0
   ACTIVE            '/dev/rhel/swap' [2.00 GiB] inherit
   /dev/sdb        lvm2 ---  39.99g 39.99g
   ACTIVE            '/dev/rhel/root' [<17.00 GiB] inherit
   ACTIVE            '/dev/vg_shared/lv_data' [39.96 GiB] inherit
[root@nodo2 ~]# df -hT /srv/shared
Filesystem                    Type  Size  Used Avail Use% Mounted on
/dev/mapper/vg_shared-lv_data xfs    40G  318M  40G   1% /srv/shared
[root@nodo2 ~]# ip a show enp0s3
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 08:00:27:f3:3c:51 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.82/24 brd 192.168.1.255 scope global noprefixroute enp0s3
      valid_lft forever preferred_lft forever
    inet 192.168.1.83/24 brd 192.168.1.255 scope global secondary enp0s3
      valid_lft forever preferred_lft forever
</syntaxhighlight>
</syntaxhighlight>


== Notas finales ==
== Notas finales ==


* El disco iSCSI queda disponible para ser utilizado como recurso compartido en Pacemaker
* El disco iSCSI queda disponible para ser utilizado como recurso compartido en Pacemaker.
* Todos los nodos deben ver el mismo dispositivo
* Todos los nodos deben ver el mismo dispositivo de bloques.
* A partir de este punto se puede continuar con la configuración del clúster
* El uso de <code>pcs resource move</code> en RHEL 8/9 genera movimientos **temporales**; las constraints de localización se crean y eliminan automáticamente tras el movimiento.
* Para definir afinidad permanente de un recurso a un nodo es necesario crear una constraint explícita.
 
 
== Referencias ==
 
* [[iSCSI]] – Configuración de almacenamiento compartido
* [[LVM]] – Gestión de volúmenes lógicos
 
* [https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html-single/configuring_and_managing_high_availability_clusters/index#con_HA-lvm-shared-volumes-overview-of-high-availability RHEL 9 – Shared LVM volumes in High Availability clusters]
* [https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/configuring_and_managing_high_availability_clusters/assembly_configuring-active-passive-http-server-in-a-cluster-configuring-and-managing-high-availability-clusters RHEL 9 – Configuring an active/passive service in a cluster]
* [https://clusterlabs.org/pacemaker/doc/ Pacemaker Documentation]

Revisión actual - 11:02 3 ene 2026

Creación de un clúster Pacemaker

Introducción

En este laboratorio se configura un clúster Pacemaker utilizando almacenamiento compartido vía iSCSI. Para ello se emplean un mínimo de tres máquinas:

  • Dos nodos que formarán el clúster Pacemaker
  • Una máquina adicional que actuará como servidor de almacenamiento SAN

El objetivo es simular el uso de discos compartidos de una cabina de almacenamiento en una infraestructura real.

Topología del laboratorio

  • Servidor SAN
    • Icecube — 192.168.1.80
  • Nodos Pacemaker
    • Nodo1 — 192.168.1.81
    • Nodo2 — 192.168.1.82

Configuración del almacenamiento SAN

Antes de proceder con la implementación del clúster, es necesario haber configurado el almacenamiento compartido. Este proceso se detalla en la sección dedicada a iSCSI

Verificación del disco compartido

Comprobar que el nuevo disco aparece en ambos nodos:

Nodo1:
[root@nodo1 ~]# iscsiadm -m session -o show
tcp: [1] 192.168.1.80:3260,1 iqn.2026-01.icecube:storage.target01 (non-flash)

[root@nodo1 ~]# lsblk
NAME            MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
sda               8:0    0 10.5G  0 disk
├─sda1            8:1    0    1G  0 part /boot
└─sda2            8:2    0  9.5G  0 part
  ├─centos-root 253:0    0  8.4G  0 lvm  /
  └─centos-swap 253:1    0    1G  0 lvm  [SWAP]
sdb               8:16   0    8G  0 disk
sr0              11:0    1 1024M  0 rom
Nodo2:
[root@nodo2 ~]#  iscsiadm -m session -o show
tcp: [1] 192.168.1.80:3260,1 iqn.2026-01.icecube:storage.target01 (non-flash)

[root@nodo2 ~]# lsblk
NAME                MAJ:MIN RM  SIZE RO TYPE MOUNTPOINTS
sda                   8:0    0   20G  0 disk
├─sda1                8:1    0    1G  0 part /boot
└─sda2                8:2    0   19G  0 part
  ├─rhel-root       253:0    0   17G  0 lvm  /
  └─rhel-swap       253:1    0    2G  0 lvm  [SWAP]
sdb                   8:16   0   40G  0 disk
sr0                  11:0    1 1024M  0 rom

Pacemaker

Instalación

PACEMAKER RHEL9 

[root@nodo1 ~]# subscription-manager repos \
  --enable=rhel-9-for-x86_64-highavailability-rpms
Repository 'rhel-9-for-x86_64-highavailability-rpms' is enabled for this system.

[root@nodo2 ~]# subscription-manager repos \
  --enable=rhel-9-for-x86_64-highavailability-rpms
Repository 'rhel-9-for-x86_64-highavailability-rpms' is enabled for this system.

[root@nodo1 ~]# dnf install -y pacemaker pcs fence-agents-all lvm2
[root@nodo2 ~]# dnf install -y pacemaker pcs fence-agents-all lvm2

Configuración Cluster

[root@nodo1 ~]# systemctl enable --now pcsd
Created symlink /etc/systemd/system/multi-user.target.wants/pcsd.service  /usr/lib/systemd/system/pcsd.service.
[root@nodo1 ~]#

[root@nodo2 ~]# systemctl enable --now pcsd
Created symlink /etc/systemd/system/multi-user.target.wants/pcsd.service  /usr/lib/systemd/system/pcsd.service.
[root@nodo2 ~]#

[root@nodo1 ~]# passwd hacluster
Changing password for user hacluster.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
[root@nodo1 ~]#

[root@nodo2 ~]# passwd hacluster
Changing password for user hacluster.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
[root@nodo2 ~]#



root@nodo1 ~]# firewall-cmd --add-service=high-availability --permanent
success
[root@nodo1 ~]# firewall-cmd --reload
success
[root@nodo1 ~]#


[root@nodo2 ~]# firewall-cmd --add-service=high-availability --permanent
success
[root@nodo2 ~]# firewall-cmd --reload
success

[root@nodo1 ~]# pcs host auth nodo1 nodo2
Username: hacluster
Password:
nodo1: Authorized
nodo2: Authorized
[root@nodo1 ~]#

[root@nodo2 ~]#  pcs host auth nodo1 nodo2
Username: hacluster
Password:
nodo1: Authorized
nodo2: Authorized
[root@nodo2 ~]#

[root@nodo2 ~]# pcs cluster setup iscsi-cluster nodo1 nodo2
No addresses specified for host 'nodo1', using 'nodo1'
No addresses specified for host 'nodo2', using 'nodo2'
Destroying cluster on hosts: 'nodo1', 'nodo2'...
nodo1: Successfully destroyed cluster
nodo2: Successfully destroyed cluster
Requesting remove 'pcsd settings' from 'nodo1', 'nodo2'
nodo2: successful removal of the file 'pcsd settings'
nodo1: successful removal of the file 'pcsd settings'
Sending 'corosync authkey', 'pacemaker authkey' to 'nodo1', 'nodo2'
nodo2: successful distribution of the file 'corosync authkey'
nodo2: successful distribution of the file 'pacemaker authkey'
nodo1: successful distribution of the file 'corosync authkey'
nodo1: successful distribution of the file 'pacemaker authkey'
Sending 'corosync.conf' to 'nodo1', 'nodo2'
nodo2: successful distribution of the file 'corosync.conf'
nodo1: successful distribution of the file 'corosync.conf'
Cluster has been successfully set up.
[root@nodo2 ~]#

[root@nodo2 ~]# pcs status
Error: error running crm_mon, is pacemaker running?
  crm_mon: Connection to cluster failed: Connection refused

[root@nodo2 ~]# pcs cluster start --all
nodo1: Starting Cluster...
nodo2: Starting Cluster...

[root@nodo2 ~]# pcs cluster enable --all
nodo1: Cluster Enabled
nodo2: Cluster Enabled

[root@nodo2 ~]# pcs status
Cluster name: iscsi-cluster

WARNINGS:
No stonith devices and stonith-enabled is not false
error: Resource start-up disabled since no STONITH resources have been defined
error: Either configure some or disable STONITH with the stonith-enabled option
error: NOTE: Clusters with shared data need STONITH to ensure data integrity
warning: Node nodo1 is unclean but cannot be fenced
warning: Node nodo2 is unclean but cannot be fenced
error: CIB did not pass schema validation
Errors found during check: config not valid

Cluster Summary:
  * Stack: unknown (Pacemaker is running)
  * Current DC: NONE
  * Last updated: Sat Jan  3 00:28:04 2026 on nodo2
  * Last change:  Sat Jan  3 00:27:58 2026 by hacluster via hacluster on nodo2
  * 2 nodes configured
  * 0 resource instances configured

Node List:
  * Node nodo1: UNCLEAN (offline)
  * Node nodo2: UNCLEAN (offline)

Full List of Resources:
  * No resources

Daemon Status:
  corosync: active/enabled
  pacemaker: active/enabled
  pcsd: active/enabled

[root@nodo2 ~]# pcs property set stonith-enabled=false

[root@nodo2 ~]# pcs status
Cluster name: iscsi-cluster
Cluster Summary:
  * Stack: corosync (Pacemaker is running)
  * Current DC: nodo2 (version 2.1.10-1.el9-5693eaeee) - partition with quorum
  * Last updated: Sat Jan  3 00:34:35 2026 on nodo2
  * Last change:  Sat Jan  3 00:34:28 2026 by root via root on nodo2
  * 2 nodes configured
  * 0 resource instances configured

Node List:
  * Online: [ nodo1 nodo2 ]

Full List of Resources:
  * No resources

Daemon Status:
  corosync: active/enabled
  pacemaker: active/enabled
  pcsd: active/enabled
[root@nodo2 ~]#

Configuración LVM

Editar /etc/lvm/lvm.conf

Establecer la misma configuración de /etc/lvm/lvm.conf en todos los nodos del clúster y ejecutar un dracut -f y reboot. 

[root@nodo1 ~]# grep -vE '^\s*#|^\s*$' /etc/lvm/lvm.conf
config {
}
devices {
}
allocation {
}
log {
}
backup {
}
shell {
}
global {
        system_id_source = "uname"
}
activation {
        auto_activation_volume_list = [ ]
}
report {
}
dmeventd {
}

[root@nodo1 ~]# dracut -f

[root@nodo1 ~]# reboot

Verificaciones post reinicio: 

[root@nodo1 ~]# uname -n
nodo1

[root@nodo1 ~]# lvm systemid
  system ID: nodo1

Crear PV|VG|LV con LUN compartida

La creación del VG debe ejecutarse en un solo nodo del clúster: Crear Phisycal Volume: 

[root@nodo1 ~]# pvcreate /dev/sdb
  Physical volume "/dev/sdb" successfully created.

Crear Volume Group: 

[root@nodo1 ~]# vgcreate --setautoactivation n vg_shared /dev/sdb
  Volume group "vg_shared" successfully created with system ID nodo1

[root@nodo1 ~]# vgs -o+systemid
  VG        #PV #LV #SN Attr   VSize   VFree  System ID
  rhel        1   2   0 wz--n- <19.00g     0
  vg_shared   1   0   0 wz--n-  39.96g 39.96g nodo1
[root@nodo1 ~]#

Crear Logical Volume: 

[root@nodo1 ~]# lvcreate -n lv_data -l 100%FREE vg_shared
  Wiping xfs signature on /dev/vg_shared/lv_data.
  Logical volume "lv_data" created.

Formatear en XFS: 

[root@nodo1 ~]# mkfs.xfs /dev/vg_shared/lv_data
meta-data=/dev/vg_shared/lv_data isize=512    agcount=4, agsize=2618880 blks
         =                       sectsz=512   attr=2, projid32bit=1
         =                       crc=1        finobt=1, sparse=1, rmapbt=0
         =                       reflink=1    bigtime=1 inobtcount=1 nrext64=0
data     =                       bsize=4096   blocks=10475520, imaxpct=25
         =                       sunit=0      swidth=0 blks
naming   =version 2              bsize=4096   ascii-ci=0, ftype=1
log      =internal log           bsize=4096   blocks=16384, version=2
         =                       sectsz=512   sunit=0 blks, lazy-count=1
realtime =none                   extsz=4096   blocks=0, rtextents=0
[root@nodo1 ~]#

Configuración Recursos

Requisitos previos

Hay que desactivar el VG para que lo gestione el cluster y crear el directorio donde montar el FS: 

[root@nodo1 ~]# vgchange -an vg_shared
  0 logical volume(s) in volume group "vg_shared" now active

[root@nodo1 ~]# lvscan
  ACTIVE            '/dev/rhel/swap' [2.00 GiB] inherit
  ACTIVE            '/dev/rhel/root' [<17.00 GiB] inherit
  inactive            '/dev/vg_shared/lv_data' [39.96 GiB] inherit

[root@nodo1 ~]# mkdir -p /srv/shared

Crear recursos

El orden de creación es importante ya que afecta al orden de arranque:

Crear recurso que active el VG: 

[root@nodo1 ~]# pcs resource create vg_shared ocf:heartbeat:LVM-activate vgname=vg_shared vg_access_mode=system_id --group SHARED
Deprecation Warning: Using '--group' is deprecated and will be replaced with 'group' in a future release. Specify --future to switch to the future behavior.

Crear recurso que monta el LV: 

[root@nodo1 ~]# pcs resource create fs_shared ocf:heartbeat:Filesystem device="/dev/vg_shared/lv_data" directory="/srv/shared"  fstype="xfs" --group SHARED
Deprecation Warning: Using '--group' is deprecated and will be replaced with 'group' in a future release. Specify --future to switch to the future behavior.

Crear recurso que active la IP del recurso: 

[root@nodo1 ~]# pcs resource create ip_shared   ocf:heartbeat:IPaddr2   ip=192.168.1.83   cidr_netmask=24   nic=enp0s3   --group SHARED
Deprecation Warning: Using '--group' is deprecated and will be replaced with 'group' in a future release. Specify --future to switch to the future behavior.

Verificación

[root@nodo1 ~]#  pcs status
Cluster name: iscsi-cluster
Cluster Summary:
  * Stack: corosync (Pacemaker is running)
  * Current DC: nodo2 (version 2.1.10-1.el9-5693eaeee) - partition with quorum
  * Last updated: Sat Jan  3 11:02:49 2026 on nodo1
  * Last change:  Sat Jan  3 10:52:08 2026 by root via root on nodo1
  * 2 nodes configured
  * 3 resource instances configured

Node List:
  * Online: [ nodo1 nodo2 ]

Full List of Resources:
  * Resource Group: SHARED:
    * vg_shared (ocf:heartbeat:LVM-activate):    Started nodo1
    * fs_shared (ocf:heartbeat:Filesystem):      Started nodo1
    * ip_shared (ocf:heartbeat:IPaddr2):         Started nodo1

Daemon Status:
  corosync: active/enabled
  pacemaker: active/enabled
  pcsd: active/enabled
[root@nodo1 ~]#

Pruebas de movimiento paquetes:

Verificamos que los recursos están arrancados en el nodo1y comprobamos que el VG esta activo, el LV montado y la IP arrancada: 

[root@nodo1 ~]# pcs status
Cluster name: iscsi-cluster
Cluster Summary:
  * Stack: corosync (Pacemaker is running)
  * Current DC: nodo2 (version 2.1.10-1.el9-5693eaeee) - partition with quorum
  * Last updated: Sat Jan  3 11:24:14 2026 on nodo1
  * Last change:  Sat Jan  3 10:52:08 2026 by root via root on nodo1
  * 2 nodes configured
  * 3 resource instances configured

Node List:
  * Online: [ nodo1 nodo2 ]

Full List of Resources:
  * Resource Group: SHARED:
    * vg_shared (ocf:heartbeat:LVM-activate):    Started nodo1
    * fs_shared (ocf:heartbeat:Filesystem):      Started nodo1
    * ip_shared (ocf:heartbeat:IPaddr2):         Started nodo1

Daemon Status:
  corosync: active/enabled
  pacemaker: active/enabled
  pcsd: active/enabled
[root@nodo1 ~]#

[root@nodo1 ~]# lvscan
  ACTIVE            '/dev/rhel/swap' [2.00 GiB] inherit
  ACTIVE            '/dev/rhel/root' [<17.00 GiB] inherit
  ACTIVE            '/dev/vg_shared/lv_data' [39.96 GiB] inherit

[root@nodo1 ~]# df -hT /srv/shared
Filesystem                    Type  Size  Used Avail Use% Mounted on
/dev/mapper/vg_shared-lv_data xfs    40G  318M   40G   1% /srv/shared

[root@nodo1 ~]# ip a show enp0s3
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 08:00:27:f3:3c:51 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.81/24 brd 192.168.1.255 scope global noprefixroute enp0s3
       valid_lft forever preferred_lft forever
    inet 192.168.1.83/24 brd 192.168.1.255 scope global secondary enp0s3
       valid_lft forever preferred_lft forever
    inet6 fe80::a00:27ff:fef3:3c51/64 scope link tentative noprefixroute
       valid_lft forever preferred_lft forever

Procedemos a mover el paquete al nodo2: 

[root@nodo1 ~]# pcs resource move SHARED
Location constraint to move resource 'SHARED' has been created
Waiting for the cluster to apply configuration changes...
Location constraint created to move resource 'SHARED' has been removed
Waiting for the cluster to apply configuration changes...
resource 'SHARED' is running on node 'nodo2'
[root@nodo1 ~]#

Verificamos que los recursos están arrancados en el nodo2 y comprobamos que el VG esta activo, el LV montado y la IP arrancada: 

[root@nodo1 ~]# pcs status
Cluster name: iscsi-cluster
Cluster Summary:
  * Stack: corosync (Pacemaker is running)
  * Current DC: nodo2 (version 2.1.10-1.el9-5693eaeee) - partition with quorum
  * Last updated: Sat Jan  3 11:25:34 2026 on nodo1
  * Last change:  Sat Jan  3 11:24:31 2026 by root via root on nodo1
  * 2 nodes configured
  * 3 resource instances configured

Node List:
  * Online: [ nodo1 nodo2 ]

Full List of Resources:
  * Resource Group: SHARED:
    * vg_shared (ocf:heartbeat:LVM-activate):    Started nodo2
    * fs_shared (ocf:heartbeat:Filesystem):      Started nodo2
    * ip_shared (ocf:heartbeat:IPaddr2):         Started nodo2

Daemon Status:
  corosync: active/enabled
  pacemaker: active/enabled
  pcsd: active/enabled
[root@nodo1 ~]#

[root@nodo2 ~]# lvscan
  ACTIVE            '/dev/rhel/swap' [2.00 GiB] inherit
  ACTIVE            '/dev/rhel/root' [<17.00 GiB] inherit
  ACTIVE            '/dev/vg_shared/lv_data' [39.96 GiB] inherit
[root@nodo2 ~]# df -hT /srv/shared
Filesystem                    Type  Size  Used Avail Use% Mounted on
/dev/mapper/vg_shared-lv_data xfs    40G  318M   40G   1% /srv/shared
[root@nodo2 ~]# ip a show enp0s3
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 08:00:27:f3:3c:51 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.82/24 brd 192.168.1.255 scope global noprefixroute enp0s3
       valid_lft forever preferred_lft forever
    inet 192.168.1.83/24 brd 192.168.1.255 scope global secondary enp0s3
       valid_lft forever preferred_lft forever

Notas finales

  • El disco iSCSI queda disponible para ser utilizado como recurso compartido en Pacemaker.
  • Todos los nodos deben ver el mismo dispositivo de bloques.
  • El uso de pcs resource move en RHEL 8/9 genera movimientos **temporales**; las constraints de localización se crean y eliminan automáticamente tras el movimiento.
  • Para definir afinidad permanente de un recurso a un nodo es necesario crear una constraint explícita.


Referencias

  • iSCSI – Configuración de almacenamiento compartido
  • LVM – Gestión de volúmenes lógicos
Obtenido de «http://wiki.jagfloriano.com/index.php?title=Pacemaker&oldid=351»