ha proxmox

wo

rksh

op

21.0

5.2

014

/ 1

3.4

0h

/ C

lass

roo

mS07

CENTRE INTEGRAT PBLICDE FORMACI PROFESSIONAL

Departamento de

Informtica y Comunicaciones

CIPFP AUSIS MARCH

Bare-Metal

Hypervisors and

High AvailabilitySystems

J o s R a m n R u i z

Ind

ex

Workshop goals

Type I (bare-metal) hypervisors

An example: Proxmox

Beyond virtualization

Maintenance tasks: MV migration

Setting up a HA environment

Bare-metal Hypervisors & High Availability Systems 2

Wo

rksh

op

go

als

To know how the productionsystems (really) work


Wo

rksh

op

go

als


To know and implement theproduction virtualization: type I (or

bare-metal)


Wo

rksh

op

go

als



bare-metal)

To know a good (and free) virtualization platform: Proxmox


Wo

rksh

op

go

als



bare-metal)

To know a good (and free) virtualization platform: Proxmox

To test this platform setting up anapproach to a production

environment


Wo

rksh

op

go

als

Why?


Wo

rksh

op

go

als

Why? In my opinion most of us have

never worked with this kind of

systems


Wo

rksh

op

go

als



systems

It is important to know how they work in order to provide a valid

systems view to our pupils


Wo

rksh

op

go

als



systems

It is important to know how they work in order to provide a valid

systems view to our pupils

It would be an interesting end-of-year project shared between

different subjects


Type I (bare-metal) hypervisors


Typ

eI (b

are

-me

tal)

hyp

erv

iso

rs Type I hypervisors structure


HARDWARE

HYPERVISOR (really OS+hypervisor)

OS 1 OS 2 OS N

Typ

eI (b

are

-me

tal)

hyp

erv

iso

rs Advantages

Performance

Behaviour (less points of failure)

Production structures allowed

Weak points

Non-obvious configuration

Dedicated server (of course)


Typ

eI (b

are

-me

tal)

hyp

erv

iso

rs Main examples

VMWare ESXi Difficult to configure

Expensive licenses

Proxmox Good balance performance/effort

Free

Microsoft Hyper-V Poor performance

Easy configuration

Parallels Server Bare Metal

Xen Server


Proxmox


Pro

xm

ox OS:

Debian

Virtualization platform:

KVM+Containers

Graphical remote access:

Java required


Pro

xm

ox.

In

sta

llatio

n Downloaded from www.proxmox.org


Inst

alla

tio

n.

Ke

y s

cre

en

s


e.g. ausiasHA

Inst

alla

tio

n.

Ke

y s

cre

en

s


Aft

er

Inst

alla

tio

n.

We

b A

cc

ess


No

de

1


Our first VM


Ou

rFirst

VM

Structure


VM1 VM2 VMn

Ou

rfirs

tV

M. U

plo

ad

an

ISO


Ou

rfirs

tV

M. Se

ttin

gs


Bare-metal Hypervisors & High Availability Systems 28Ou

rfirs

tV

M. Se

ttin

gs

Ou

rfirs

tV

M. Se

ttin

gs


Ou

rfirs

tV

M


Ou

rfirs

tV

M. C

on

sole


Our first CT


Ou

rfirs

tC

T What is a CT?

OpenVZ Container

Instead of trying to run an entire guest OS, container

virtualization isolates the guests,

It doesn't try to virtualize the hardware.

Recommended for running GNU/Linux

Fastest approach


Ou

rfirs

tC

T


Ou

rfirs

tV

M. D

ow

nlo

ad


Ou

rFrist

CT.

Se

ttin

gs


Ou

rFrist

CT


Sta

tist

ics


Ou

rfirs

tC

T. W

ork

ing


Our first cluster


Let

sc

rea

tea

clu

ste

r Update packages

In each node:

aptitude update && aptitude full-upgrade

Create a cluster

Master node: pvecm create NameCluster

Node2: pvecm add IPMaster

Node3: pvecm add IPMaster


Ou

rfirs

tc

lust

er

Structure


Ou

rfirs

tc

lust

er


CT

Mig

ratio

n


CT

Mig

ratio

np

roc

ess


CT

Mig

ratio

n


Hot migration: it keeps working

CT

Mig

ratio

n This is not HA

Too much meatware

HA automates the process


Our first HA cluster


Ou

rfirs

tH

A c

lust

er

Structure


HA cluster

Network Shared storage

Management device

Ou

rfirs

tH

A c

lust

er

Structure


HA cluster

Network Shared storage

Management device

There are several critical points

Imp

lem

en

tin

gH

A Before starting

Remove any previous VM

Add the NAS to the cluster


Ad

din

gth

eN

AS


Fe

nc

ing Fencing?


Fe

nc

ing Fencing


Fe

nc

ing If a node does not respond

after a given time-threshold

non-operational

Two types of fencing

Disabling a node itself,

Disallowing access to resources such as shared disks


Fe

nc

ing If a node does not respond

after a given time-threshold

non-operational

Two types of fencing

Disabling a node itself

Disallowing access to resources such as shared disks


STONITH

Resource Fencing

Fe

nc

ing In every node:

nano /etc/default/redhat-cluster-pve

Uncomment the lineFENCE_JOIN="yes"

Join the fencing domainfence_tool join


Fe

nc

ing

. O

nly

in t

he

Ma

ste

rcp /etc/pve/cluster.conf /etc/pve/cluster.conf.new

nano /etc/pve/cluster.conf.new

Increase the version number

Validate the configurationccs_config_validate -v -f /etc/pve/cluster.conf.new


Fe

nc

ing

. A

ctiva

te


HA

ma

na

ge

dC

T


HA

ma

na

ge

dC

T In each node:

/etc/init.d/rgmanager start


HA

ma

na

ge

dC

T Fencing devices

Managed switches

PS switches

Manual fencing

Scripting+pseudo manual fencing


/etc

/pve

/clu

ste

r.c

on

f.n

ew

Do

es

itw

ork

? Start VM 100 in node1

Poweroff node 1 (or disablethe network)

Go to node2 or node3

Manual fencing: fence_ack_manual node1

Confirm with: absolutely


Do

es

itw

ork

?


Thanks for your attendance

Questions?

Slides available on:

http://bit.ly/JRRuiz-HA


ha proxmox

Documents

valid systems

theproduction virtualization

free virtualization

proxmox os

metalhypervisors type

debian virtualization

os ntypei

os hypervisoros