eniocarboni/10-node_configuration.sh

## 10-node_configuration.sh
hacluster_pwd="$1"
hafence_pwd="$2"

HOSTNAME=$(hostname)
HOSTID=$(echo $HOSTNAME | sed 's/.*-//')
eths=$(ip address | grep '^[0-9]' | awk '{print $2}' | uniq | grep -v lo | sed 's/://g' | sed 's/@.*$//')
eth1=$(echo $eths | awk '{print $1}')
eth2=$(echo $eths | awk '{print $2}')
eth3=$(echo $eths | awk '{print $3}')

localectl set-locale LANG=en_US.utf8

echo "updating software via apt-get update"
apt-get -q update >/dev/null 2>&1
#apt dist-upgrade -y -q
echo -e "installing cluster software"
apt install -y -q pacemaker corosync-qdevice pcs apache2 wget >/dev/null 2>&1
pcs cluster destroy --force

echo -e "configuring private cluster network on ${eth2}"

echo -e "\tupdate cluster network in /etc/hosts"
echo -e "192.168.33.11\t cl-u18-node-1" >>/etc/hosts
echo -e "192.168.33.12\t cl-u18-node-2" >>/etc/hosts
echo -e "192.168.33.13\t cl-u18-node-3" >>/etc/hosts

addr=192.168.33.$(($HOSTID + 10))/24
cat <<EOF >/etc/netplan/60-cluster00.yaml
---
network:
  version: 2
  renderer: networkd
  ethernets:
    ${eth2}:
      addresses:
      - ${addr}
EOF
netplan generate
systemctl restart systemd-networkd.service

echo -e "configuring fence cluster network on ${eth3}"

echo -e "192.168.43.11\t cl-u18-nodefence-1" >>/etc/hosts
echo -e "192.168.43.12\t cl-u18-nodefence-2" >>/etc/hosts
echo -e "192.168.43.13\t cl-u18-nodefence-3" >>/etc/hosts

addr=192.168.43.$(($HOSTID + 10))/24
cat <<EOF >/etc/netplan/60-cluster05-fence.yaml
---
network:
  version: 2
  renderer: networkd
  ethernets:
    ${eth3}:
      addresses:
      - ${addr}
EOF
netplan generate
systemctl restart systemd-networkd.service

echo -e "\tDownload fence_ssh from github into /usr/sbin/fence_ssh"
wget -q -O /usr/sbin/fence_ssh https://raw.githubusercontent.com/nannafudge/fence_ssh/master/fence_ssh
chmod +x /usr/sbin/fence_ssh

echo -e "\tcreate user fence with password '$hafence_pwd'"
useradd -c "Fence ssh user" -m -s /bin/bash fence
echo "fence:$hafence_pwd" | chpasswd

cat <<EOF >/etc/sudoers.d/fence
fence ALL = NOPASSWD: /sbin/shutdown
EOF

sed -i 's/^PasswordAuthentication.*/PasswordAuthentication yes/' /etc/ssh/sshd_config
systemctl restart sshd

a2enmod status

systemctl stop apache2 >/dev/null 2>&1
systemctl disable apache2 >/dev/null 2>&1

if [ -e "/var/www/html/index.html" ]; then
  mv /var/www/html/index.html /var/www/html/index.html.orig
  chmod 600 /var/www/html/index.html.orig
fi

cat <<EOF >>/var/www/html/index.html
<!DOCTYPE html>
<html> <head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<style id='linux-text-cluster-inline-quolltech-css' type='text/css'>
  body {margin: 0;}
  #top { position:fixed; top:86px; left:72px; transform:rotate(90deg); transform-origin:0% 0%; background-color: #f94701; background-image: linear-gradient(to right,#a6a6a6,#c9c925,#1e73be,#fe36f9,#0fe22a,#fe4809); text-align:center; padding:5px; border-radius:5px; opacity:0.9;}
  #top div {font-size:14px;}
  h2 { font-size:20px; margin-bottom:10px; margin-top:10px; }
  #test_frame {width:100vw;height:99vh;border:0px hidden;margin:0;padding:0;}
</style> </head>
<body>
<div id="top"> <h2>Linux Cluster Test: Cps, Pacemaker, Corosync</h2> <div>$HOSTNAME - by Quoll Tech</div> </div>
<iframe id="test_frame" src="https://quoll.it/servizi-chiedi-un-preventivo/"></iframe>
<script type="text/javascript">
  function quoll_resize() {el=document.getElementById("top"); el_h=el.offsetHeight; el.style.left = el_h +"px";}
  quoll_resize()
  window.onresize = quoll_resize;
</script>
</body> </html>
EOF

echo "Setting hapassword to '$hacluster_pwd'"
echo "hacluster:$hacluster_pwd" | chpasswd

echo -e "Set $firewall firewall package and rules"
cat <<EOF >/etc/ufw/applications.d/cluster
[cluster]
title=Cluster
description=Cluster linux with Pacemaker and Corosync.
ports=2224/tcp|3121/tcp|5403/tcp|5404/udp|5405/udp|21064/tcp|9929/tcp|9929/udp
EOF
cat <<EOF >/etc/ufw/applications.d/apache
[apache]
title=Apache
description=Apache web server
ports=80/tcp|443/tcp
EOF

echo -e "\tactiving ufw firewall"
ufw --force enable >/dev/null 2>&1

ufw allow OpenSSH
ufw allow cluster
ufw allow apache

echo "Start and enable pcsd service ..."
systemctl start pcsd.service >/dev/null 2>&1
systemctl enable pcsd.service >/dev/null 2>&1

## 90-single-cluster_configuration.sh
hacluster_pwd="$1"
fencecluster_pwd="$2"

cluster_nodes="cl-u18-node-1 cl-u18-node-2 cl-u18-node-3"
echo -e "\tinizializing the cluster on nodes ${cluster_nodes}"
pcs cluster auth ${cluster_nodes} -u hacluster -p "$hacluster_pwd"
pcs cluster setup --start --name "quolltech_cluster" ${cluster_nodes} --force
pcs cluster enable --all
# disable stonith
pcs property set stonith-enabled=false
sleep 5

echo "Check cluster resource"
pcs resource create first_test_ip IPaddr2 ip=192.168.33.31 cidr_netmask=24 --group apachegroup
pcs resource create Web1 apache configfile="/etc/apache2/apache2.conf" statusurl="http://127.0.0.1/server-status" --group apachegroup
pcs resource create second_test_ip IPaddr2 ip=192.168.33.32 cidr_netmask=24 --group group_second_test_ip
pcs resource create last_test_ip IPaddr2 ip=192.168.33.33 cidr_netmask=24 --group group_last_test_ip

echo "fence agents: enable ssh with private key"
apt install -y -q sshpass >/dev/null 2>&1
cd /root
rm -rf .ssh
echo -e "\tgenerating ssh key to auto login in fence user and moving it in /home/fence/.ssh"
ssh-keygen -q -C "fence_agent_key" -f /root/.ssh/id_rsa -N ''
cp -a .ssh/id_rsa.pub .ssh/authorized_keys
cat <<EOF >.ssh/config
Host 192.168.43.* ${pre_node}fence-*
   StrictHostKeyChecking no
EOF
rm -rf /home/fence/.ssh
mv -f .ssh/ /home/fence/
chown -R fence:fence /home/fence/.ssh
cd /home/fence
echo -e "\tcopying fence ssh key (id_rsa,id_rsa.pub,authorized_keys,config) on fence@cl-u18-nodefence-2"
tar cf - .ssh/ | sshpass -p "$fencecluster_pwd" ssh -i /home/fence/.ssh/id_rsa -o StrictHostKeyChecking=no -o LogLevel=ERROR fence@cl-u18-nodefence-2 tar xf - --warning=no-timestamp
echo -e "\tcopying fence ssh key (id_rsa,id_rsa.pub,authorized_keys,config) on fence@cl-u18-nodefence-2"
tar cf - .ssh/ | sshpass -p "$fencecluster_pwd" ssh -i /home/fence/.ssh/id_rsa -o StrictHostKeyChecking=no -o LogLevel=ERROR fence@cl-u18-nodefence-3 tar xf - --warning=no-timestamp

echo "Creating fence resource"
pcs stonith create stonith-ssh-1 fence_ssh user=fence sudo=true private-key="/home/fence/.ssh/id_rsa" hostname="cl-u18-nodefence-1" pcmk_host_list="cl-u18-node-1" --force --disabled >/dev/null 2>&1
pcs stonith create stonith-ssh-2 fence_ssh user=fence sudo=true private-key="/home/fence/.ssh/id_rsa" hostname="cl-u18-nodefence-2" pcmk_host_list="cl-u18-node-2" --force --disabled >/dev/null 2>&1
pcs stonith create stonith-ssh-3 fence_ssh user=fence sudo=true private-key="/home/fence/.ssh/id_rsa" hostname="cl-u18-nodefence-3" pcmk_host_list="cl-u18-node-3" --force --disabled >/dev/null 2>&1

pcs constraint location stonith-ssh-1 avoids cl-u18-node-1
pcs constraint location stonith-ssh-2 avoids cl-u18-node-2
pcs constraint location stonith-ssh-3 avoids cl-u18-node-3

pcs stonith enable stonith-ssh-1
pcs stonith enable stonith-ssh-2
pcs stonith enable stonith-ssh-3

pcs property set stonith-enabled=true

pcs cluster status
pcs status
pcs quorum status

## Vagrantfile
# **
# Linux-cluster-test-minimal-ubuntu-18-04-lts
# Copyright (c) 2020 Enio Carboni (enio.carboni __at__ gmail.com)
# Distributed under the GNU GPL v3. For full terms see https://www.gnu.org/licenses/gpl-3.0.html.
# For complete project see https://github.com/eniocarboni/linux-cluster-test
# **

# random_password method: return a 12 (or length) random characters for user password
$CHARS = ('0'..'9').to_a + ('A'..'Z').to_a + ('a'..'z').to_a + ('#'..'&').to_a + (':'..'?').to_a
def random_password(length=12)
  p=''
  (0..length).each do
    p+=$CHARS[rand($CHARS.size)]
  end
  return p
end
$hacluster_pwd=random_password
$fencecluster_pwd=random_password

Vagrant.configure("2") do |config|
  [2, 3, 1].each do |i|
    config.vm.define "cl-u18-node-#{i}" do |node|
      node.vm.box = "ubuntu/bionic64"
      # Cluster private net for Carousync
      node.vm.network "private_network", ip: "192.168.33.#{i + 10}", auto_config: false
      # private net for fencing (pcs stonith)
      node.vm.network "private_network", ip: "192.168.43.#{i + 10}", auto_config: false
      node.vm.hostname = "cluster-cl-u18-node-#{i}"
      node.vm.synced_folder ".", "/vagrant", disabled: true
      node.vm.provider "virtualbox" do |vb, override|
        vb.name = "cl-u18-node-#{i}"
        vb.memory = "1024"
        vb.customize ["modifyvm", :id, "--groups", "/cluster/ubuntu1804"]
      end
      node.vm.provision "Update software and configure node",
        type: "shell",
        path: "provision_scripts/10-node_configuration.sh",
        args: "'#{$hacluster_pwd}' '#{$fencecluster_pwd}'"
      if i == 1
        node.vm.provision "Configuring Cluster via pcs on all nodes",
          type: "shell",
          path: "provision_scripts/90-single-cluster_configuration.sh",
          args: "'#{$hacluster_pwd}' '#{$fencecluster_pwd}'"
      end
    end
  end
end
	hacluster_pwd="$1"
	hafence_pwd="$2"

	HOSTNAME=$(hostname)
	HOSTID=$(echo $HOSTNAME \| sed 's/.*-//')
	eths=$(ip address \| grep '^[0-9]' \| awk '{print $2}' \| uniq \| grep -v lo \| sed 's/://g' \| sed 's/@.*$//')
	eth1=$(echo $eths \| awk '{print $1}')
	eth2=$(echo $eths \| awk '{print $2}')
	eth3=$(echo $eths \| awk '{print $3}')

	localectl set-locale LANG=en_US.utf8

	echo "updating software via apt-get update"
	apt-get -q update >/dev/null 2>&1
	#apt dist-upgrade -y -q
	echo -e "installing cluster software"
	apt install -y -q pacemaker corosync-qdevice pcs apache2 wget >/dev/null 2>&1
	pcs cluster destroy --force

	echo -e "configuring private cluster network on ${eth2}"

	echo -e "\tupdate cluster network in /etc/hosts"
	echo -e "192.168.33.11\t cl-u18-node-1" >>/etc/hosts
	echo -e "192.168.33.12\t cl-u18-node-2" >>/etc/hosts
	echo -e "192.168.33.13\t cl-u18-node-3" >>/etc/hosts

	addr=192.168.33.$(($HOSTID + 10))/24
	cat <<EOF >/etc/netplan/60-cluster00.yaml
	---
	network:
	version: 2
	renderer: networkd
	ethernets:
	${eth2}:
	addresses:
	- ${addr}
	EOF
	netplan generate
	systemctl restart systemd-networkd.service

	echo -e "configuring fence cluster network on ${eth3}"

	echo -e "192.168.43.11\t cl-u18-nodefence-1" >>/etc/hosts
	echo -e "192.168.43.12\t cl-u18-nodefence-2" >>/etc/hosts
	echo -e "192.168.43.13\t cl-u18-nodefence-3" >>/etc/hosts

	addr=192.168.43.$(($HOSTID + 10))/24
	cat <<EOF >/etc/netplan/60-cluster05-fence.yaml
	---
	network:
	version: 2
	renderer: networkd
	ethernets:
	${eth3}:
	addresses:
	- ${addr}
	EOF
	netplan generate
	systemctl restart systemd-networkd.service

	echo -e "\tDownload fence_ssh from github into /usr/sbin/fence_ssh"
	wget -q -O /usr/sbin/fence_ssh https://raw.githubusercontent.com/nannafudge/fence_ssh/master/fence_ssh
	chmod +x /usr/sbin/fence_ssh

	echo -e "\tcreate user fence with password '$hafence_pwd'"
	useradd -c "Fence ssh user" -m -s /bin/bash fence
	echo "fence:$hafence_pwd" \| chpasswd

	cat <<EOF >/etc/sudoers.d/fence
	fence ALL = NOPASSWD: /sbin/shutdown
	EOF

	sed -i 's/^PasswordAuthentication.*/PasswordAuthentication yes/' /etc/ssh/sshd_config
	systemctl restart sshd

	a2enmod status

	systemctl stop apache2 >/dev/null 2>&1
	systemctl disable apache2 >/dev/null 2>&1

	if [ -e "/var/www/html/index.html" ]; then
	mv /var/www/html/index.html /var/www/html/index.html.orig
	chmod 600 /var/www/html/index.html.orig
	fi

	cat <<EOF >>/var/www/html/index.html
	<!DOCTYPE html>
	<html> <head>
	<meta charset="UTF-8">
	<meta name="viewport" content="width=device-width, initial-scale=1">
	<style id='linux-text-cluster-inline-quolltech-css' type='text/css'>
	body {margin: 0;}
	#top { position:fixed; top:86px; left:72px; transform:rotate(90deg); transform-origin:0% 0%; background-color: #f94701; background-image: linear-gradient(to right,#a6a6a6,#c9c925,#1e73be,#fe36f9,#0fe22a,#fe4809); text-align:center; padding:5px; border-radius:5px; opacity:0.9;}
	#top div {font-size:14px;}
	h2 { font-size:20px; margin-bottom:10px; margin-top:10px; }
	#test_frame {width:100vw;height:99vh;border:0px hidden;margin:0;padding:0;}
	</style> </head>
	<body>
	<div id="top"> <h2>Linux Cluster Test: Cps, Pacemaker, Corosync</h2> <div>$HOSTNAME - by Quoll Tech</div> </div>
	<iframe id="test_frame" src="https://quoll.it/servizi-chiedi-un-preventivo/"></iframe>
	<script type="text/javascript">
	function quoll_resize() {el=document.getElementById("top"); el_h=el.offsetHeight; el.style.left = el_h +"px";}
	quoll_resize()
	window.onresize = quoll_resize;
	</script>
	</body> </html>
	EOF

	echo "Setting hapassword to '$hacluster_pwd'"
	echo "hacluster:$hacluster_pwd" \| chpasswd

	echo -e "Set $firewall firewall package and rules"
	cat <<EOF >/etc/ufw/applications.d/cluster
	[cluster]
	title=Cluster
	description=Cluster linux with Pacemaker and Corosync.
	ports=2224/tcp\|3121/tcp\|5403/tcp\|5404/udp\|5405/udp\|21064/tcp\|9929/tcp\|9929/udp
	EOF
	cat <<EOF >/etc/ufw/applications.d/apache
	[apache]
	title=Apache
	description=Apache web server
	ports=80/tcp\|443/tcp
	EOF

	echo -e "\tactiving ufw firewall"
	ufw --force enable >/dev/null 2>&1

	ufw allow OpenSSH
	ufw allow cluster
	ufw allow apache

	echo "Start and enable pcsd service ..."
	systemctl start pcsd.service >/dev/null 2>&1
	systemctl enable pcsd.service >/dev/null 2>&1
	hacluster_pwd="$1"
	fencecluster_pwd="$2"

	cluster_nodes="cl-u18-node-1 cl-u18-node-2 cl-u18-node-3"
	echo -e "\tinizializing the cluster on nodes ${cluster_nodes}"
	pcs cluster auth ${cluster_nodes} -u hacluster -p "$hacluster_pwd"
	pcs cluster setup --start --name "quolltech_cluster" ${cluster_nodes} --force
	pcs cluster enable --all
	# disable stonith
	pcs property set stonith-enabled=false
	sleep 5

	echo "Check cluster resource"
	pcs resource create first_test_ip IPaddr2 ip=192.168.33.31 cidr_netmask=24 --group apachegroup
	pcs resource create Web1 apache configfile="/etc/apache2/apache2.conf" statusurl="http://127.0.0.1/server-status" --group apachegroup
	pcs resource create second_test_ip IPaddr2 ip=192.168.33.32 cidr_netmask=24 --group group_second_test_ip
	pcs resource create last_test_ip IPaddr2 ip=192.168.33.33 cidr_netmask=24 --group group_last_test_ip

	echo "fence agents: enable ssh with private key"
	apt install -y -q sshpass >/dev/null 2>&1
	cd /root
	rm -rf .ssh
	echo -e "\tgenerating ssh key to auto login in fence user and moving it in /home/fence/.ssh"
	ssh-keygen -q -C "fence_agent_key" -f /root/.ssh/id_rsa -N ''
	cp -a .ssh/id_rsa.pub .ssh/authorized_keys
	cat <<EOF >.ssh/config
	Host 192.168.43.* ${pre_node}fence-*
	StrictHostKeyChecking no
	EOF
	rm -rf /home/fence/.ssh
	mv -f .ssh/ /home/fence/
	chown -R fence:fence /home/fence/.ssh
	cd /home/fence
	echo -e "\tcopying fence ssh key (id_rsa,id_rsa.pub,authorized_keys,config) on fence@cl-u18-nodefence-2"
	tar cf - .ssh/ \| sshpass -p "$fencecluster_pwd" ssh -i /home/fence/.ssh/id_rsa -o StrictHostKeyChecking=no -o LogLevel=ERROR fence@cl-u18-nodefence-2 tar xf - --warning=no-timestamp
	echo -e "\tcopying fence ssh key (id_rsa,id_rsa.pub,authorized_keys,config) on fence@cl-u18-nodefence-2"
	tar cf - .ssh/ \| sshpass -p "$fencecluster_pwd" ssh -i /home/fence/.ssh/id_rsa -o StrictHostKeyChecking=no -o LogLevel=ERROR fence@cl-u18-nodefence-3 tar xf - --warning=no-timestamp

	echo "Creating fence resource"
	pcs stonith create stonith-ssh-1 fence_ssh user=fence sudo=true private-key="/home/fence/.ssh/id_rsa" hostname="cl-u18-nodefence-1" pcmk_host_list="cl-u18-node-1" --force --disabled >/dev/null 2>&1
	pcs stonith create stonith-ssh-2 fence_ssh user=fence sudo=true private-key="/home/fence/.ssh/id_rsa" hostname="cl-u18-nodefence-2" pcmk_host_list="cl-u18-node-2" --force --disabled >/dev/null 2>&1
	pcs stonith create stonith-ssh-3 fence_ssh user=fence sudo=true private-key="/home/fence/.ssh/id_rsa" hostname="cl-u18-nodefence-3" pcmk_host_list="cl-u18-node-3" --force --disabled >/dev/null 2>&1

	pcs constraint location stonith-ssh-1 avoids cl-u18-node-1
	pcs constraint location stonith-ssh-2 avoids cl-u18-node-2
	pcs constraint location stonith-ssh-3 avoids cl-u18-node-3

	pcs stonith enable stonith-ssh-1
	pcs stonith enable stonith-ssh-2
	pcs stonith enable stonith-ssh-3

	pcs property set stonith-enabled=true

	pcs cluster status
	pcs status
	pcs quorum status
	# **
	# Linux-cluster-test-minimal-ubuntu-18-04-lts
	# Copyright (c) 2020 Enio Carboni (enio.carboni __at__ gmail.com)
	# Distributed under the GNU GPL v3. For full terms see https://www.gnu.org/licenses/gpl-3.0.html.
	# For complete project see https://github.com/eniocarboni/linux-cluster-test
	# **

	# random_password method: return a 12 (or length) random characters for user password
	$CHARS = ('0'..'9').to_a + ('A'..'Z').to_a + ('a'..'z').to_a + ('#'..'&').to_a + (':'..'?').to_a
	def random_password(length=12)
	p=''
	(0..length).each do
	p+=$CHARS[rand($CHARS.size)]
	end
	return p
	end
	$hacluster_pwd=random_password
	$fencecluster_pwd=random_password

	Vagrant.configure("2") do \|config\|
	[2, 3, 1].each do \|i\|
	config.vm.define "cl-u18-node-#{i}" do \|node\|
	node.vm.box = "ubuntu/bionic64"
	# Cluster private net for Carousync
	node.vm.network "private_network", ip: "192.168.33.#{i + 10}", auto_config: false
	# private net for fencing (pcs stonith)
	node.vm.network "private_network", ip: "192.168.43.#{i + 10}", auto_config: false
	node.vm.hostname = "cluster-cl-u18-node-#{i}"
	node.vm.synced_folder ".", "/vagrant", disabled: true
	node.vm.provider "virtualbox" do \|vb, override\|
	vb.name = "cl-u18-node-#{i}"
	vb.memory = "1024"
	vb.customize ["modifyvm", :id, "--groups", "/cluster/ubuntu1804"]
	end
	node.vm.provision "Update software and configure node",
	type: "shell",
	path: "provision_scripts/10-node_configuration.sh",
	args: "'#{$hacluster_pwd}' '#{$fencecluster_pwd}'"
	if i == 1
	node.vm.provision "Configuring Cluster via pcs on all nodes",
	type: "shell",
	path: "provision_scripts/90-single-cluster_configuration.sh",
	args: "'#{$hacluster_pwd}' '#{$fencecluster_pwd}'"
	end
	end
	end
	end