... | ... | @@ -873,24 +873,24 @@ catastrophic data loss bug in Ganeti or [howto/drbd](howto/drbd). |
|
|
10. run puppet across the ganeti cluster to ensure ipsec tunnels are
|
|
|
up:
|
|
|
|
|
|
cumin -p 0 'C:roles::ganeti::fsn' 'puppet agent -t'
|
|
|
cumin -p 0 'C:roles::ganeti::fsn' 'puppet agent -t'
|
|
|
|
|
|
11. reboot again:
|
|
|
|
|
|
reboot
|
|
|
reboot
|
|
|
|
|
|
12. Then the node is ready to be added to the cluster, by running
|
|
|
this on the master node:
|
|
|
|
|
|
gnt-node add \
|
|
|
gnt-node add \
|
|
|
--secondary-ip 172.30.135.2 \
|
|
|
--no-ssh-key-check \
|
|
|
--no-node-setup \
|
|
|
fsn-node-02.torproject.org
|
|
|
|
|
|
If this is an entirely new cluster, you need a different procedure:
|
|
|
If this is an entirely new cluster, you need a different procedure:
|
|
|
|
|
|
gnt-cluster init \
|
|
|
gnt-cluster init \
|
|
|
--master-netdev vlan-gntbe \
|
|
|
--vg-name vg_ganeti \
|
|
|
--secondary-ip 172.30.135.1 \
|
... | ... | @@ -901,23 +901,23 @@ catastrophic data loss bug in Ganeti or [howto/drbd](howto/drbd). |
|
|
--no-etc-hosts \
|
|
|
fsngnt.torproject.org
|
|
|
|
|
|
The above assumes that `fsngnt` is already in DNS.
|
|
|
The above assumes that `fsngnt` is already in DNS.
|
|
|
|
|
|
13. make sure everything is great in the cluster:
|
|
|
|
|
|
gnt-cluster verify
|
|
|
gnt-cluster verify
|
|
|
|
|
|
If that takes a long time and eventually fails with erors like:
|
|
|
|
|
|
ERROR: node fsn-node-03.torproject.org: ssh communication with node 'fsn-node-06.torproject.org': ssh problem: ssh: connect to host fsn-node-06.torproject.org port 22: Connection timed out\'r\n
|
|
|
ERROR: node fsn-node-03.torproject.org: ssh communication with node 'fsn-node-06.torproject.org': ssh problem: ssh: connect to host fsn-node-06.torproject.org port 22: Connection timed out\'r\n
|
|
|
|
|
|
... that is because the [howto/ipsec](howto/ipsec) tunnels between the nodes are
|
|
|
failing. Make sure Puppet has run across the cluster (step 10
|
|
|
above) and see [howto/ipsec](howto/ipsec) for further diagnostics. For example,
|
|
|
the above would be fixed with:
|
|
|
|
|
|
ssh fsn-node-03.torproject.org "puppet agent -t; service ipsec reload"
|
|
|
ssh fsn-node-06.torproject.org "puppet agent -t; service ipsec reload; ipsec up gnt-fsn-be::fsn-node-03"
|
|
|
ssh fsn-node-03.torproject.org "puppet agent -t; service ipsec reload"
|
|
|
ssh fsn-node-06.torproject.org "puppet agent -t; service ipsec reload; ipsec up gnt-fsn-be::fsn-node-03"
|
|
|
|
|
|
### cluster config
|
|
|
|
... | ... | |