UFM HA supports High-Availability on the host level for UFM products (UFM Enterprise/UFM Appliance/UFM CyberAI) The solution is based on pacemaker to monitor services and DRBD to sync file-system states. The HA package can be used with both bare-metal and Dockerized UFM products.
UFM HA should be installed on two machines, master and standby.
Supported Platforms
Ubuntu
Centos Master
Prerequisites
Pacemaker packages
pacemaker
pcs
corosync
DRBD Package
DRBD utils 8.4 or up.
ufm_ha_cluster usage
ufm_ha_cluster --help
Usage: ufm_ha_cluster [-h|--help] <command> [<options>]
This script manages ufm HA cluster.
OPTIONS:
-h|--help Show this message
COMMANDS:
config Configure HA cluster
set-password Change hacluster password
status Check HA cluster status
failover Master node failover
takeover Standby node takeover
start Start HA services
stop Stop HA services
attach attach new standby node from cluster
detach detach the old standby to cluster
For more help about each command, type:
ufm_ha_cluster <command> --help
Setting HA Cluster Password
HA cluster user is a user used for pacemaker synchronization. the password for the user should be the same on both machines. To set the password, run the following command on both machines (order does not matter).
ufm_ha_cluster set-password -p <new-password>
Configuring Pacemaker and DRBD
ufm_ha_cluster config --help
Usage: ufm_ha_cluster config [<options>]
The config command configures ha add-on for ufm server.
OPTIONS:
-r | --role <node role> Node role (master or standby)
mandatory.
-n | --peer-node <node-hostname> Peer node name.
mandatory.
-s | --peer-sync-ip <ip address> Peer node sync ip adreess
mandatory.
-c | --sync-interface Local interface to be used for drbd sync
mandatory.
-i | --virtual-ip <virtual-ip> Cluster virtual IP.
mandatory.
-f | --ha-config-file <file path> HA configuration file.
default: ufm-ha.conf
-p | --hacluster-pwd <pwd> hacluster user password
default: default password
-h | --help Show this message
You must run configuration script on the standby machine, then on the master machine.
Running config command will not start UFM services, you have to run it directly from the master machine.
Initial file system sync between master and standby may take few minutes, depending on your sync interface speed.
You must wait for the sync process before starting the services. You may use the status command for monitoring the sync.
If you are using high-availability for both UFM Cyber-AI and UFM Enterprise you have to change the following line in ufm-ha.conf file:
systemd_services=ufm-cyberai systemd_services=ufm-cyberai ufm-ha-watcher ufm-enterprise
Stopping UFM Services
You may stop UFM services using the following stop command.
ufm_ha_cluster stop
Takeover Services
Takeover command can be executed on the standby machine so it will be the master.
ufm_ha_cluster takeover
Master Failover
Failover command can be executed on the master machine so it will be the standby.
ufm_ha_cluster failover
Replace HA Node
To replace old standby, detach the old standby, then configure the new standby, and attach it to the cluster.
On the master, run the detach command:
ufm_ha_cluster detach
On the new standby, run the config command, for more information, refer to ufm-cai-jobs.
On the master node, run the attach command:
Ufm_ha_cluster –n <peer_node> -s <peer_sync_ip> -p <hacluster-pwd> -c <sync-interface>