Building a Highly-Available Apache Cluster on CentOS 7

This article will walk through the steps required to build a highly-available Apache cluster on CentOS 7. In CentOS 7 (as in Red Hat Enterprise Linux 7) the cluster stack has moved to Pacemaker/Corosync, with a new command line tool to manage the cluster (pcs, replacing commands such as ccs and clusvcadm in earlier releases).

The cluster will be a two node cluster comprising nodes centos05 and centos07, and iSCSI shared storage will be presented from node fedora01. There will be a 8GB LUN presented for shared storage, and a 1GB LUN for fencing purposes. I have covered setting up iSCSI storage with SCSI-3 persistent reservations in a previous article. There is no need to use CLVMD in this example as we will be utilising a simple failover filesystem instead.

The first step is to add appropriate entries to /etc/hosts on both nodes for all nodes, including the storage node, to safeguard against DNS failure:

Next, bring both cluster nodes fully up-to-date, and reboot them:

When the systems are back online, install the appropriate packages for cluster setup, the service we’re running (Apache) and iscsi-initiator-utils for iSCSI initiation:

Confirm that the firewall is running under FirewallD control:

Add the high-availability service to the running, and permanent, firewall configuration:

Set a password for the hacluster user. It is advised to set the same password on both nodes:

Start the pcsd.service unit, and set it to be enabled at the appropriate target:

Next, from one node only, authorise both cluster nodes:

 iSCSI Configuration

As previously pointed out, I’ve covered this in depth in a previous article, so I’ll only provide a cursory overview here.

Create the appropriate LVM devices for use as backing stores for the failover filesystem and fence device:

Grab the initiator names from both cluster nodes:

Use targetcli to configure the iSCSI storage LUNs, and add appropriate ACLs:

Now, on each cluster node, discover the newly created target and log in:

Start and enable the iscsi and iscsid services, if they’re not already. Mine were in a strange state, as seen below (iscsid had been started, but wasn’t enabled, and iscsi had been enabled, but wasn’t started).

Use fdisk to confirm that the LUNs are available:

Take note of the devices – here /dev/sdb is our failover filesystem of size 8GB, and /dev/sdc is the fence device of size 1GB. For consistency, however, we won’t use these devices – we’ll use the devices under /dev/disk/by-id, so look up the corresponding devices:

So wwn-0x60014055f0cfae3d6254576932ddc1f7 is the 8G LUN and wwn-0x6001405708e9716ed8644369541e0b80 is the 1G LUN. We will reference these devices where required.

Cluster Configuration

Create and start the cluster. All pcs commands should be executed from a single node unless otherwise noted.

Enable the cluster to start automatically at boot:

If you don’t do this, you’ll have to manually run pcs cluster start after reboot on a node.

Check the cluster status:

As we can see, both nodes are online, and the cluster is quorate. Add a STONITH device – i.e. a fencing device – in our case this is the 1GB LUN presented to both nodes over iSCSI – note the use of the /dev/disk/by-id path to the device:

Next, create a partition on the 8GB LUN – this will house a filesystem to be used as the DocumentRoot for our Apache installation:

Create a filesystem on the new partition:

On the other node, run partprobe so that the new partition is visible without the need to reboot:

Temporarily mount the new filesystem on one node, and sparsely populate the DocumentRoot for testing, remembering to unmount once done:

Create the filesystem cluster resource (fs_res), in a new resource group (apachegroup) which will be used to group the resources together as one unit:

The Apache cluster health check uses the Apache server-status handler, so add the following to your httpd.conf:

Add an IPaddr2 address resource (vip_res) – this will be the floating virtual IP address that will failover between the nodes. This will be added to the same resource group as the filesystem resource we just created:

Finally, create an Apache resource:

Open the firewall on both nodes to allow HTTP access:

The cluster configuration is now complete.

Testing

Browsing to http://<vip_address>/index.html should yield the result “Test”. Checking the cluster status in this case, all resources are online on node centos07:

Fail the resources over by selecting one of the resources in the resource group and issuing a pcs resource move upon it:

We can then shift the resources back to the original node by running a pcs resource clear upon the moved resource:

You can use df or findmnt to confirm filesystem failover, and ip addr show to confirm IP address failover.