Merge pull request #247 from mihaelablendea/master

Added STONITH sample

Author: mihaelablendea

samples/features/high availability/Linux/Cluster Configuration/STONITH/Tutorial for ilo3 fencing agent.md

@@ -0,0 +1,132 @@
+# Configure STONITH with ilo3 fencing agent
+## Test all the Agents before configuring Stonith
+
+```bash
+sudo fence_ilo3 -a dl380g7-07-ilo -l Administrator -p 'Password!12' --action=status –verbose
+sudo fence_ilo3 -a dl380g7-08-ilo -l Administrator -p 'Password!12' --action=status –verbose
+sudo fence_ilo3 -a dl380g7-09-ilo -l Administrator -p 'Password!12' --action=status –verbose
+```
+
+>[!NOTE]
+>Check whether the password and user name for the device include any special characters that could be misinterpreted by the bash shell. Making sure that you enter passwords and user names surrounded by quotation marks could address this issue.
+
+## Create the Stonith fencing
+
+```bash
+sudo pcs stonith create fence_dl380g7-07 fence_ilo3  ipaddr=dl380g7-07-ilo login="Administrator" passwd='Password!12' pcmk_host_list=dl380g7-07
+sudo pcs stonith create fence_dl380g7-08 fence_ilo3  ipaddr=dl380g7-08-ilo login="Administrator" passwd='Password!12' pcmk_host_list=dl380g7-08
+sudo pcs stonith create fence_dl380g7-09 fence_ilo3  ipaddr=dl380g7-09-ilo login="Administrator" passwd='Password!12' pcmk_host_list=dl380g7-09
+```
+
+## Enable fencing
+
+```bash
+sudo pcs property set stonith-enabled=true
+```
+
+## Check fencing configuration
+
+```bash
+sudo pcs stonith --full
+```
+
+The following shows the output:
+```
+Resource: fence_dl380g7-08 (class=stonith type=fence_ilo3)
+  Attributes: ipaddr=dl380g7-08-ilo login=Administrator passwd=Password!12
+  Operations: monitor interval=60s (fence_dl380g7-08-monitor-interval-60s)
+Resource: fence_dl380g7-09 (class=stonith type=fence_ilo3)
+  Attributes: ipaddr=dl380g7-09-ilo login=Administrator passwd=Password!12 pcmk_host_list=dl380g7-09
+  Operations: monitor interval=60s (fence_dl380g7-09-monitor-interval-60s)
+Resource: fence_dl380g7-07 (class=stonith type=fence_ilo3)
+  Attributes: ipaddr=dl380g7-07-ilo login=Administrator passwd=Password!12 pcmk_host_list=dl380g7-07
+  Operations: monitor interval=60s (fence_dl380g7-07-monitor-interval-60s)
+```
+
+## Test the configuration
+
+1. Fence a node with `pcs stonith fence <nodeName>`
+
+    ```bash
+    pcs stonith fence dl380g7-09
+    ```
+
+    ```bash
+    sudo pcs status
+    ```
+
+    The following shows the output:
+    ```
+    Cluster name: sqlcluster
+    Stack: corosync
+    Current DC: dl380g7-08 (version 1.1.15-11.el7_3.4-e174ec8) - partition with quorum
+    Last updated: Fri May 12 09:46:58 2017          Last change: Fri May 12 09:46:55 2017 by root via cibadmin on dl380g7-08
+
+    3 nodes and 7 resources configured
+
+    Online: [ dl380g7-07 dl380g7-08 ]
+    OFFLINE: [ dl380g7-09 ]
+
+    Full list of resources:
+
+    Master/Slave Set: ag_cluster-master [ag_cluster]
+        Masters: [ dl380g7-08 ]
+        Slaves: [ dl380g7-07 ]
+        Stopped: [ dl380g7-09 ]
+    virtualip      (ocf::heartbeat:IPaddr2):       Started dl380g7-08
+    fence_dl380g7-08       (stonith:fence_ilo3):   Started dl380g7-07
+    fence_dl380g7-09       (stonith:fence_ilo3):   Started dl380g7-07
+    fence_dl380g7-07       (stonith:fence_ilo3):   Started dl380g7-08
+    ```
+
+2. Crash a node using `echo c>>/proc/sysrq-trigger`
+
+    ```bash
+    sudo pcs status
+    ```
+
+    The following shows the output:
+    ```
+    Cluster name: sqlcluster
+    Stack: corosync
+    Current DC: dl380g7-08 (version 1.1.15-11.el7_3.4-e174ec8) - partition with quorum
+    Last updated: Fri May 12 10:00:52 2017          Last change: Fri May 12 09:58:01 2017 by root via cibadmin on dl380g7-08
+
+    3 nodes and 7 resources configured
+
+    Online: [ dl380g7-07 dl380g7-08 ]
+    OFFLINE: [ dl380g7-09 ]
+
+    Full list of resources:
+
+    Master/Slave Set: ag_cluster-master [ag_cluster]
+        Masters: [ dl380g7-08 ]
+        Slaves: [ dl380g7-07 ]
+        Stopped: [ dl380g7-09 ]
+    virtualip      (ocf::heartbeat:IPaddr2):       Started dl380g7-08
+    fence_dl380g7-08       (stonith:fence_ilo3):   Started dl380g7-08
+    fence_dl380g7-09       (stonith:fence_ilo3):   Started dl380g7-07
+    fence_dl380g7-07       (stonith:fence_ilo3):   Started dl380g7-08
+    ```
+
+    ```bash
+    sudo cat /var/log/messages
+    ```
+
+    The following shows the output:
+    ```
+    May 12 09:58:38 dl380g7-08 pengine[30024]: warning: Node dl380g7-09 will be fenced because the node is no longer part of the cluster
+    May 12 09:58:38 dl380g7-08 pengine[30024]: warning: Action fence_dl380g7-09_stop_0 on dl380g7-09 is unrunnable (offline)
+    May 12 09:58:38 dl380g7-08 pengine[30024]:  notice: Move    fence_dl380g7-09#011(Started dl380g7-09 -> dl380g7-07)
+    May 12 09:58:38 dl380g7-08 crmd[30025]:  notice: Initiating start operation fence_dl380g7-09_start_0 on dl380g7-07
+    May 12 09:58:38 dl380g7-08 stonith-ng[30021]:  notice: Client crmd.30025.62ff454d wants to fence (reboot) 'dl380g7-09' with device '(any)'
+    May 12 09:58:39 dl380g7-08 stonith-ng[30021]:  notice: fence_dl380g7-07 can not fence (reboot) dl380g7-09: static-list
+    May 12 09:58:39 dl380g7-08 stonith-ng[30021]:  notice: fence_dl380g7-09 can fence (reboot) dl380g7-09: static-list
+    May 12 09:58:40 dl380g7-08 crmd[30025]:  notice: Initiating monitor operation fence_dl380g7-09_monitor_60000 on dl380g7-07
+    ```
+
+3. Take down the network between nodes and appropriate network cards
+
+    ```bash
+    sudo if down eth0
+    ```

samples/features/high availability/Linux/Cluster Configuration/STONITH/readme.md

@@ -0,0 +1,29 @@
+# Samples for STONITH Configuration in a Pacemaker Cluster
+
+Pacemaker cluster vendors require STONITH to be enabled and a fencing device configured for a supported cluster setup. When the cluster resource manager cannot determine the state of a node or of a resource on a node, fencing is used to bring the cluster to a known state again. Resource level fencing ensures mainly that there is no data corruption in case of an outage by configuring a resource. You can use resource level fencing, for instance, with DRBD (Distributed Replicated Block Device) to mark the disk on a node as outdated when the communication link goes down. Node level fencing ensures that a node does not run any resources. This is done by resetting the node and the Pacemaker implementation of it is called STONITH (which stands for "shoot the other node in the head"). Pacemaker supports a great variety of fencing devices, e.g. an uninterruptible power supply or management interface cards for servers. For more details, see [Pacemaker Clusters from Scratch](http://clusterlabs.org/doc/en-US/Pacemaker/1.1-plugin/html/Clusters_from_Scratch/ch05.html), [Fencing and Stonith](http://clusterlabs.org/doc/crm_fencing.html), [Red Hat High Availability Add-On with Pacemaker: Fencing](http://access.redhat.com/documentation/Red_Hat_Enterprise_Linux/6/html/Configuring_the_Red_Hat_High_Availability_Add-On_with_Pacemaker/ch-fencing-HAAR.html) and [Fencing in a Red Hat High Availability Cluster](https://access.redhat.com/solutions/15575).
+
+##  Other considerations
+
+*  Disabling STONITH is just for testing purposes. If you plan to use Pacemaker in a production environment, you should plan a STONITH implementation depending on your environment and keep it enabled.
+* Type of fence depends on the machine ( baremetal) or VM type.
+* RHEL does not provide fencing agents for any cloud environments (including Azure) or Hyper-V. Consequentially, the cluster vendor does not offer support for running production clusters in these environments.
+*  All fencing agents are shell scripts in /usr/sbin, so you can go through them and figure out what they are doing.
+* Shell scripts often point to /usr/share/fence which have few python scripts
+* Fencing should be tested from command line BEFORE you actually create a stonith fence with PCS.
+
+* On many baremetal recommended seems to be ilo ( ilo/ilo2/ilo3/ilo4 which go over ipmi )  or second option is the ssh equivalents ( ilo3_ssh/ilo4_ssh)
+    * Have to find out what version of ilo machine supports
+    * For _ssh agents, have to add public key/auth to ilo  under the Administration—security to enable passwordless auth 
+
+
+## Other fencing configurations
+
+[How do I configure a stonith device using agent fence_vmware_soap in a RHEL 6 or 7 High Availability cluster with pacemaker](https://access.redhat.com/solutions/917813)
+
+[What are the requirements for using the fence agent fence_vmware_soap](https://access.redhat.com/solutions/306233)
+
+[How can I diagnose fence_vmware_soap failures in RHEL 5, 6, or 7?](https://access.redhat.com/solutions/473603)
+
+[How to configure stonith agent fence_xvm in pacemaker cluster when cluster nodes are KVM guests and are on different KVM hosts](https://access.redhat.com/solutions/2386421)
+
+[How to configure fence agent fence_xvm in RHEL cluster](https://access.redhat.com/solutions/917833)

samples/features/high availability/Linux/Cluster Configuration/readme.md

@@ -0,0 +1 @@
+# Cluster Configuration Samples for SQL Server on Linux HA Solutions

samples/features/high availability/Linux/readme.md

@@ -0,0 +1 @@
+# Samples for High Availability solutions for SQL Server on Linux

samples/features/high availability/readme.md

@@ -0,0 +1,7 @@
+# Samples for High Availability solutions for SQL Server
+
+Go to the documentation tutorials to learn more about:
+
+[HADR Solutions on Linux](https://docs.microsoft.com/en-us/sql/linux/sql-server-linux-business-continuity-dr) 
+
+[Availability Groups](https://docs.microsoft.com/en-us/sql/database-engine/availability-groups/windows/always-on-availability-groups-sql-server)