Configuring an active-passive NFS server in a Red Hat High Availability cluster
Use the following information to configure an active-passive NFS server in a Red Hat High Availability cluster.
Overview
The following information describes the configuration of an active-passive NFS server in a RHEL HA Add-On cluster with Red Hat Enterprise Linux 8 by using virtual server instances in Power Virtual Server as cluster nodes.
The instructions are based on the following Red Hat documentation:
- Configuring an active-passive NFS server in a Red Hat High Availability cluster
- How to configure HA-LVM Cluster by using system_id in RHEL 8
The described setup uses shareable storage volumes that are accessible on both cluster nodes. The file systems for the NFS exports are created on those shareable storage volumes. HA-LVM makes sure that the volume group is active on one node at a time.
In the example setup, one shared volume group nfssharevg contains three logical volumes nfssharelv, sap${SID}lv, and saptranslv. XFS file systems are created on those logical volumes and are
mounted on /nfsshare, /nfshare/export/sap${SID}, /nfsshare/export/saptrans.
Prerequisites
- A Red Hat Customer Portal account.
- An IBM Cloud account.
A virtual hostname and IP address is required for the NFS server. Make sure that the virtual IP address is defined on the network interface, and reachable in the network.
Name resolution and reverse lookup for physical and virtual IP names and addresses must be unique and consistent on all NFS server and client nodes. Details of the NFS clients (subnet, required NFS export options) must be available. You need to enter them during the cluster setup.
Preparing for a highly available NFS server
Use the following information to prepare the environment for a highly available NFS server.
Installing NFS software packages
On both nodes, run the following commands.
dnf install -y nfs-utils
Preparing LVM objects
All cluster nodes need access to the shared storage volumes, but only one node has exclusive read and write access to a volume.
Preparing active-passive HA LVM
On both nodes, edit file /etc/lvm/lvm.conf to include the system ID in the volume group.
vi /etc/lvm/lvm.conf
Search for parameter system_id_source and change its value to "uname".
Sample setting of the system_id_source parameter in /etc/lvm/lvm.conf:
system_id_source = "uname"
Verify that the LVM system ID for the node matches the uname -n output.
lvm systemid
uname -n
Sample output:
# lvm systemid
system ID: cl-nfs-1
# uname -n
cl-nfs-1
Identifying the World Wide Names of shared storage volumes
Identify the World Wide Names (WWN) for all volumes that are used in the shared volume group.
-
Log in to IBM Cloud® and go to the Storage volumes view of Power Virtual Server.
-
Select your workspace.
-
Filter for the volume prefix in the Storage volumes list, and identify all the World Wide Names of the volumes in scope (the World Wide Name is a 32-digit hexadecimal number).
Make sure that the attribute Shareable is On for those volumes.
-
In the Virtual server instances view, go to both virtual server instances of the cluster and verify that in scope volumes are attached to both virtual server instances.
Discovering new SAN volumes on cluster nodes
When you attach a new storage volume to a virtual server instance, you need to rescan the SCSI bus to detect the new volume. Then, update the multipath configuration of the virtual server instance.
On the nodes with new storage volume attachments, run the following command.
rescan-scsi-bus.sh && sleep 10 && multipathd reconfigure
The WWN value of a volume can also be found with the pvs --all command.
Preparing environment variables
To simplify the setup, prepare the following environment variables for user ID root on both nodes. These environment variables are used in subsequent commands in the remainder of this document.
On both nodes, create a file with the environment variables. Then, adapt them to your configuration.
Adapt NFS_vh, NFS_ip, NFS_clientspec, and NFS_options to your environment. For NFS_pvid, use the WWN that you identified previously. In addition to the file system that
is used for the NFS share, the example shows two more file systems that are used for an SAP system landscape with system ID ${SID} and the SAP transport directory. The sample sizes ${NFS_sz1}, ${NFS_sz2},
and ${NFS_sz3} are percentages of the ${NFS_vg} volume group size and need to be modified according to your requirements. The volume group names and mount point names are suggestions and need to be changed to match
your own naming conventions.
Make sure that you set the NFS_pvid environment variable by using lowercase letters in the hexadecimal number.
# virtual hostnames
export NFS_vh=<virtual hostname> # virtual hostname for NFS server
export NFS_ip=<IP address> # virtual IP address for NFS server
# LVM storage for NFS file systems
export NFS_pvid=3<WWN> # WWN of shareable storage volume used for NFS
export NFS_vg="nfssharevg" # volume group name for NFS exported file systems
# NFS share file system
export NFS_lv1="nfssharelv" # logical volume name export #1
export NFS_sz1="5%VG" # logical volume size
export NFS_fs1="/nfsshare" # file system mount point
export NFS_root="${NFS_fs1}/export" # base export directory
# NFS share file system for SAP system ID <SID>
export SID=<SID> # SAP system ID
export NFS_lv2="sap${SID}lv" # logical volume name export #2
export NFS_sz2="40%VG" # logical volume size
export NFS_fs2="${NFS_root}/sap${SID}" # file system mount point
# NFS share file system for SAP transport directory
export NFS_lv3="saptranslv" # logical volume name export #3
export NFS_sz3="40%VG" # logical volume size
export NFS_fs3="${NFS_root}/saptrans" # file system mount point
# NFS client options
export NFS_clientspec="10.111.1.0/24" # client specs (subnet and netmask) for allowed NFS clients
export NFS_options="rw,sync,no_root_squash,no_subtree_check,crossmnt" # options for NFS export
You must source this file before you use the sample commands in the remainder of this document.
For example, if you created a file that is named nfs_envs.sh, run the following command on both nodes to set the environment variables.
source nfs_envs.sh
Every time that you start a new terminal session, you must run the source command. Alternatively, you can add the environment variables file to the /etc/profile.d directory during the cluster configuration. In this
example, the file is sourced automatically each time you log in to the server.
Creating LVM objects
Use the following information to create LVM objects.
Creating physical volumes
On NODE1, run the following command.
pvcreate /dev/mapper/${NFS_pvid}
Sample output:
pvcreate /dev/mapper/${NFS_pvid}
Physical volume "/dev/mapper/360050768108103357000000000002ddc" successfully created.
Creating a volume group
On NODE1, create the volume group for the NFS export.
vgcreate ${NFS_vg} /dev/mapper/${NFS_pvid}
Verify that the System ID is set.
vgs -o+systemid
Sample output:
# vgs -o+systemid
VG #PV #LV #SN Attr VSize VFree System ID
nfssharevg 1 0 0 wz--n- <50.00g <50.00g cl-sap-1
Creating logical volumes
On NODE1, create three logical volumes for the NFS export.
lvcreate -l ${NFS_sz1} -n ${NFS_lv1} ${NFS_vg}
lvcreate -l ${NFS_sz2} -n ${NFS_lv2} ${NFS_vg}
lvcreate -l ${NFS_sz3} -n ${NFS_lv3} ${NFS_vg}
Creating the file systems
On NODE1, create the file systems for NFS exports.
The example uses file system type xfs. Other file system types are possible. Then, the resource definitions need to be changed.
mkfs.xfs /dev/${NFS_vg}/${NFS_lv1}
mkfs.xfs /dev/${NFS_vg}/${NFS_lv2}
mkfs.xfs /dev/${NFS_vg}/${NFS_lv3}
Creating the mount point for the NFS export
On both nodes, run the following command.
mkdir -p ${NFS_fs1}
Making sure that a volume group is not activated on multiple cluster nodes
Volume groups that are managed by Pacemaker must not activate automatically on startup.
For RHEL 8.5 and later, you can disable autoactivation for a volume group when you create the volume group by specifying the --setautoactivation n flag for the vgcreate command.
On both nodes, edit file /etc/lvm/lvm.conf and modify the auto_activation_volume_list entry to limit autoactivation to specific volume groups.
vi /etc/lvm/lvm.conf
Search for parameter auto_activation_volume_list and add the volume groups, other than the volume group that you defined for the NFS cluster, as entries in that list.
Sample setting of the auto_activation_volume_list entry in /etc/lvm/lvm.conf:
auto_activation_volume_list = [ "rhel_root" ]
Rebuild the initramfs boot image to make sure that the boot image does not activate a volume group that is controlled by the cluster.
On both nodes, run the following command.
dracut -H -f /boot/initramfs-$(uname -r).img $(uname -r)
Reboot both nodes.
Installing and setting up the RHEL HA Add-On cluster
Use the following instructions to perform the initial cluster configuration.
- Install and set up the RHEL HA Add-On cluster according to Implementing RHEL HA Add-On cluster on Power Virtual Server.
- Configure and test fencing as described in Create the fencing device.
Sample output of the cluster status at this stage.
# pcs status
Cluster name: SAP_NFS
Cluster Summary:
* Stack: corosync
* Current DC: cl-nfs-1 (version 2.0.5-9.el8_4.5-ba59be7122) - partition with quorum
* Last updated: Fri Mar 10 10:35:42 2023
* Last change: Fri Mar 10 09:52:08 2023 by root via cibadmin on cl-nfs-1
* 2 nodes configured
* 1 resource instance configured
Node List:
* Online: [ cl-nfs-1 cl-nfs-2 ]
Full List of Resources:
* res_fence_ibm_powervs (stonith:fence_ibm_powervs): Started cl-nfs-1
Daemon Status:
corosync: active/disabled
pacemaker: active/disabled
pcsd: active/enabled
Configuring general cluster properties
To prevent the cluster from moving healthy resources to another node (for example when you restart the cluster on a previously failed node), you can set the default value for the resource-stickiness meta attribute to 1.
On NODE1, run the following command.
pcs resource defaults resource-stickiness=1
Configuring NFS resource group and resources
Use the following steps to configure the NFS resources in the cluster.
Creating the LVM-activate resource
To make sure that all NFS resources run on the same node, configure them as part of the resource group nfsgroup.
This resource group is created with the first resource. Resources start in the order in which they are added to the group. The resources stop in reverse order.
On NODE1, run the following command.
pcs resource create nfs_vg ocf:heartbeat:LVM-activate \
vgname=${NFS_vg} \
vg_access_mode=system_id \
--group nfsgroup
To avoid data corruption, don't configure more than one LVM-activate resource that uses the same LVM volume group in an active-passive HA configuration. Don't configure an LVM-activate resource as a clone resource in an active-passive HA configuration.
Check the status of the cluster and verify that resource nfs_vg is active.
On NODE1, run the following command.
pcs resource status
Sample output:
# pcs resource status
* Resource Group: nfsgroup:
* nfs_vg (ocf::heartbeat:LVM-activate): Started cl-nfs-1
The following command configures the xfs file system resources for the nfsgroup resource group. The file systems use LVM volume group ${NFS_vg} and the logical volumes (${NFS_lv1}, ${NFS_lv2},
${NFS_lv3}) that were created before.
On NODE1, run the following command.
pcs resource create nfs_fs1 Filesystem \
device=/dev/${NFS_vg}/${NFS_lv1} \
directory=${NFS_fs1} \
fstype=xfs \
--group nfsgroup
You can specify mount options as part of the resource configuration for a file system resource by using the options=<options> parameter. Run pcs resource describe filesystem for a complete list of configuration
options.
Check the status of the cluster and verify that the resource nfs_fs1 is active.
pcs resource status
Sample output:
# pcs resource status
* Resource Group: nfsgroup:
* nfs_vg (ocf::heartbeat:LVM-activate): Started cl-nfs-1
* nfs_fs1 (ocf::heartbeat:Filesystem): Started cl-nfs-1
On the node with the active resource group nfsgroup, create two subdirectories in ${NFS_fs1}.
${NFS_fs1}/stat is used as nfs_shared_infodir for NFS lock information and ${NFS_fs1}/export is used as NFS root.
mkdir ${NFS_fs1}/stat ${NFS_fs1}/export
Create the mount points for the other exported file systems.
On both nodes, run the following command.
mkdir ${NFS_fs2} ${NFS_fs3}
Create the resources for the other two NFS file systems.
On NODE1, run the following commands.
pcs resource create nfs_fs2 Filesystem \
device=/dev/${NFS_vg}/${NFS_lv2} \
directory=${NFS_fs2} \
fstype=xfs \
--group nfsgroup
pcs resource create nfs_fs3 Filesystem \
device=/dev/${NFS_vg}/${NFS_lv3} \
directory=${NFS_fs3} \
fstype=xfs \
--group nfsgroup
Check the status of the cluster and verify that all three file system resources (nfs_fs1, nfs_fs2, nfs_fs3) are active.
pcs resource status
Sample output:
# pcs resource status
* Resource Group: nfsgroup:
* nfs_vg (ocf::heartbeat:LVM-activate): Started cl-nfs-1
* nfs_fs1 (ocf::heartbeat:Filesystem): Started cl-nfs-1
* nfs_fs2 (ocf::heartbeat:Filesystem): Started cl-nfs-1
* nfs_fs3 (ocf::heartbeat:Filesystem): Started cl-nfs-1
Creating the nfsserver resource
On NODE1, create a resource for managing the NFS server.
pcs resource create nfs_daemon nfsserver \
nfs_shared_infodir=${NFS_fs1}/stat \
nfs_no_notify=true \
--group nfsgroup
The nfs_shared_infodir parameter of the nfsserver resource specifies a directory where the NFS server stores stateful information.
Check the status of the cluster and verify that the NFS server is started.
pcs resource status
Sample output:
# pcs resource status
* Resource Group: nfsgroup:
* nfs_vg (ocf::heartbeat:LVM-activate): Started cl-nfs-1
* nfs_fs1 (ocf::heartbeat:Filesystem): Started cl-nfs-1
* nfs_fs2 (ocf::heartbeat:Filesystem): Started cl-nfs-1
* nfs_fs3 (ocf::heartbeat:Filesystem): Started cl-nfs-1
* nfs_daemon (ocf::heartbeat:nfsserver): Started cl-nfs-1
Creating the exportfs resource
To export the ${NFS_root} directory, add the exportfs resources to the nfsgroup group, which builds a virtual directory for NFSv4 clients. NFSv3 clients can access these exports too.
On NODE1, run the following command.
pcs resource create nfs_export exportfs \
clientspec=${NFS_clientspec} \
options=${NFS_options} \
directory=${NFS_root} \
fsid=0 \
--group nfsgroup
Configuring a floating IP address resource
Review the information in Reserving virtual IP addresses and reserve a virtual IP address for the NFS cluster.
Create a resource for the virtual IP address of the NFS Server. NFS clients access the NFS share by using the floating IP address.
On NODE1, run the following command.
pcs resource create nfs_ip IPaddr2 \
ip=${NFS_ip} \
--group nfsgroup
Configuring a notify resource
The nfsnotify resource sends FSv3 reboot notifications after the entire NFS deployment initializes.
On NODE1, run the following command.
pcs resource create nfs_notify nfsnotify \
source_host=${NFS_ip} \
--group nfsgroup
The NFS cluster setup is now complete.
On NODE1, run the following command to check the status.
pcs resource status
Sample output:
# pcs resource status
* Resource Group: nfsgroup:
* nfs_vg (ocf::heartbeat:LVM-activate): Started cl-nfs-1
* nfs_fs1 (ocf::heartbeat:Filesystem): Started cl-nfs-1
* nfs_fs2 (ocf::heartbeat:Filesystem): Started cl-nfs-1
* nfs_fs3 (ocf::heartbeat:Filesystem): Started cl-nfs-1
* nfs_daemon (ocf::heartbeat:nfsserver): Started cl-nfs-1
* nfs_export (ocf::heartbeat:exportfs): Started cl-nfs-1
* nfs_ip (ocf::heartbeat:IPaddr2): Started cl-nfs-1
* nfs_notify (ocf::heartbeat:nfsnotify): Started cl-nfs-1
Testing the NFS server cluster
You can validate the NFS resource configuration in a high availability cluster by using the following procedures. You can mount the exported file system with either NFSv3 or NFSv4. Run the following tests to verify that the NFS cluster functions.
Test1 - Testing the NFS export
Use the following information to test the NFS export.
Run all the commands on an NFS client node outside the HA NFS cluster.
Verify the NFS exports.
showmount -e ${NFS_ip}
The showmount command displays information about file systems that are exported by an NFS Server (NFS v3). Verify that the output lists all the exported directories.
Create a temporary directory on the NFS client node. Then, mount the NFS file system and create the directory structure that is required for the SAP installation.
In the first example, only /usr/sap/trans and /sapmnt/${SID} are NFS mounted on the SAP application server instance.
Prepare the mount points that are used for the SAP installation.
mkdir -p /sapmnt/${SID} \
/usr/sap/trans
Change the attributes of the mount points.
chattr +i /sapmnt/${SID} \
/usr/sap/trans
Mount the NFS shares.
mount -t nfs -o vers=4,minorversion=1,sec=sys ${NFS_vh}:/saptrans /usr/sap/trans
mount -t nfs -o vers=4,minorversion=1,sec=sys ${NFS_vh}:/sap${SID} /sapmnt/${SID}
Change the ownership and the permissions.
chown ${sid}adm:sapsys /usr/sap/trans
chmod g+w /usr/sap/trans
chown -R ${sid}adm:sapsys /sapmnt/${SID}
Unmount the file systems.
umount /usr/sap/trans
umount /sapmnt/${SID}
Add the new file systems to /etc/fstab.
cat >> /etc/fstab << EOT
${NFS_vh}:/saptrans /usr/sap/trans nfs vers=4,minorversion=1,sec=sys 0 0
${NFS_vh}:/sap${SID} /sapmnt/${SID} nfs vers=4,minorversion=1,sec=sys 0 0
EOT
Check the updated file.
cat /etc/fstab
In the second example, /usr/sap/trans, /sapmnt/${SID}, and all instance directories are NFS mounted on the SAP application server instances.
Export environment variables for the ASCS and ERS system numbers. Change the following numbers to the system numbers that you used during ASCS and ERS installation.
export ASCS_nr=01
export ERS_nr=02
Prepare the final mount points that are used for the SAP installation.
mkdir -p /sapmnt/${SID} \
/usr/sap/trans \
/usr/sap/${SID}/SYS \
/usr/sap/${SID}/ASCS${ASCS_nr} \
/usr/sap/${SID}/ERS${ERS_nr}
Change the attributes of the mount points.
chattr +i /sapmnt/${SID} \
/usr/sap/trans \
/usr/sap/${SID}/SYS \
/usr/sap/${SID}/ASCS${ASCS_nr} \
/usr/sap/${SID}/ERS${ERS_nr}
Mount the NFS shares to create the required subdirectories, change the ownership, and change the permissions.
mount -t nfs -o vers=4,minorversion=1,sec=sys ${NFS_vh}:/saptrans /mnt
chown ${sid}adm:sapsys /mnt
chmod g+w /mnt
umount /mnt
mount -t nfs -o vers=4,minorversion=1,sec=sys ${NFS_vh}:/sap${SID} /mnt
mkdir -p /mnt/sapmnt \
/mnt/ASCS \
/mnt/ERS \
/mnt/SYS \
/mnt/PAS \
/mnt/AS1
chown -R ${sid}adm:sapsys /mnt
umount /mnt
Add the new file systems to /etc/fstab.
cat >> /etc/fstab < EOT
${NFS_vh}:/saptrans /usr/sap/trans nfs vers=4,minorversion=1,sec=sys 0 0
${NFS_vh}:/sap${SID}/sapmnt /sapmnt/${SID} nfs vers=4,minorversion=1,sec=sys 0 0
${NFS_vh}:/sap${SID}/ASCS /usr/sap/${SID}/ASCS${ASCS_nr} nfs vers=4,minorversion=1,sec=sys 0 0
${NFS_vh}:/sap${SID}/ERS /usr/sap/${SID}/ERS${ERS_nr} nfs vers=4,minorversion=1,sec=sys 0 0
${NFS_vh}:/sap${SID}/SYS /usr/sap/${SID}/SYS nfs vers=4,minorversion=1,sec=sys 0 0
EOT
Check the updated file.
cat /etc/fstab
Test2 - Testing the failover of the NFS server
Use the following information to test the failover of the NFS server.
Test2 - Description
Simulate a crash of the cluster node that has the NFS resources.
Test2 - Prerequisites
- A functional two-node RHEL HA Add-On cluster for an NFS HA server.
- Cluster is started on both nodes.
- The file systems are mounted on an NFS client node outside the cluster and the applications can access the content.
Test2 - Test procedure
Crash the cluster node by sending a shutoff system request.
First, check the cluster status and identify the node where the nfsgroup resource group is running.
On NODE1, run the following command.
pcs status
Then, log in to the identified cluster node and send a shutoff system request.
sync; echo o > /proc/sysrq-trigger
Test2 - Expected behavior
- The node with the active nfsgroup resource group shuts down.
- The cluster detects the failed node and starts a fencing action.
- The fencing operation sets the state of the fenced node to offline.
- The cluster acquires the NFS Server resources on the failover node.
Check that all the resources started on the failover node.
pcs resource status
Sample output:
# pcs resource status
* Resource Group: nfsgroup:
* nfs_vg (ocf::heartbeat:LVM-activate): Started cl-nfs-2
* nfs_fs1 (ocf::heartbeat:Filesystem): Started cl-nfs-2
* nfs_fs2 (ocf::heartbeat:Filesystem): Started cl-nfs-2
* nfs_fs3 (ocf::heartbeat:Filesystem): Started cl-nfs-2
* nfs_daemon (ocf::heartbeat:nfsserver): Started cl-nfs-2
* nfs_export (ocf::heartbeat:exportfs): Started cl-nfs-2
* nfs_ip (ocf::heartbeat:IPaddr2): Started cl-nfs-2
* nfs_notify (ocf::heartbeat:nfsnotify): Started cl-nfs-2
Verify that the file system is still mounted on the NFS client node, and that the applications can still access the content.
Test2 - Recovery procedure
Log in to the IBM Cloud® Console and start the stopped instance. Wait until the cluster node is available again, then restart the cluster framework.
On the cluster node, run the following command.
pcs cluster start
Check the cluster status.
pcs status
Sample output:
# pcs status
Cluster name: SAP_NFS
Cluster Summary:
* Stack: corosync
* Current DC: cl-nfs-1 (version 2.0.5-9.el8_4.5-ba59be7122) - partition with quorum
* Last updated: Mon Mar 20 08:11:28 2023
* Last change: Mon Mar 20 07:56:25 2023 by hacluster via crmd on cl-nfs-1
* 2 nodes configured
* 9 resource instances configured
Node List:
* Online: [ cl-nfs-1 cl-nfs-2 ]
Full List of Resources:
* res_fence_ibm_powervs (stonith:fence_ibm_powervs): Started cl-nfs-1
* Resource Group: nfsgroup:
* nfs_vg (ocf::heartbeat:LVM-activate): Started cl-nfs-2
* nfs_fs1 (ocf::heartbeat:Filesystem): Started cl-nfs-2
* nfs_fs2 (ocf::heartbeat:Filesystem): Started cl-nfs-2
* nfs_fs3 (ocf::heartbeat:Filesystem): Started cl-nfs-2
* nfs_daemon (ocf::heartbeat:nfsserver): Started cl-nfs-2
* nfs_export (ocf::heartbeat:exportfs): Started cl-nfs-2
* nfs_ip (ocf::heartbeat:IPaddr2): Started cl-nfs-2
* nfs_notify (ocf::heartbeat:nfsnotify): Started cl-nfs-2
Daemon Status:
corosync: active/disabled
pacemaker: active/disabled
pcsd: active/enabled