- Pacemaker와 Corosync을 사용하여 HA (고가용성) 클러스터를 구성하는 것은 복잡함
- Pacemaker를 사용하여 VIP(가상 IP)와 노드 간 HA 클러스터를 설정
[목차]
- Pacemaker 설치 서버
- Pacemaker와 Corosync 설치
- Coresync 설정
- Pacemaker 클러스터 구성 → pcs를 사용하여 클러스터를 설정
- 클러스터 기본 설정 > STONITH(Fencing) 설정
- 클러스터 기본 설정 > VIP 리소스 생성
1. Pacemaker 설치 서버
| 호스트 이름 | 서버 IP | 운영체제 | 네트워크 |
| VIP | 192.168.100.10 | ||
| server1 | 192.168.100.4 | Ubuntu 22.04.4 LTS | bond0 |
| server2 | 192.168.100.5 | Ubuntu 22.04.4 LTS | bond0 |
| server3 | 192.168.100.6 | Ubuntu 22.04.4 LTS | bond0 |
2. Pacemaker와 Corosync 설치
모든 서버에서 다음 명령어를 실행하여 Pacemaker와 Corosync를 설치
## apt 업데이트 및 pacemaker, corosync 패키지 설치
$ sudo apt update
$ sudo apt install -y pacemaker corosync pcs
## pacemaker 버전 확인
$ pacemakerd --version
Pacemaker 2.1.2
Written by Andrew Beekhof
## corosync 버전 확인
$ corosync -v
Corosync Cluster Engine, version '3.1.6'
Copyright (c) 2006-2021 Red Hat, Inc.
Built-in features: dbus monitoring watchdog augeas systemd xmlconf vqsim nozzle snmp pie relro bindnow
Available crypto models: nss openssl
Available compression models: zlib lz4 lz4hc lzo2 lzma bzip2 zstd
3. Coresync 설정
3.1. authkey 파일 생성 및 권한 변경 → Corosync가 클러스터 노드 간의 통신을 인증하는 데 사용
### authkey 생성
$ sudo corosync-keygen
Corosync Cluster Engine Authentication key generator.
Gathering 2048 bits for key from /dev/urandom.
Writing corosync key to /etc/corosync/authkey.
### 파일 권한 변경
$ sudo chown root:root /etc/corosync/authkey
$ sudo chmod 400 /etc/corosync/authkey
### authkey 파일 권한 변경 확인
$ ls -l /etc/corosync/authkey
-r-------- 1 root root 256 Oct 29 11:21 /etc/corosync/authkey
3.2. 인증키 복사 → 클러스터의 모든 노드에 authkey 파일을 복사 (생성 서버는 192.168.100.4, 복사 서버는 192.168.100.5, 192.168.100.6)
### 192.168.100.4 > 192.168.100.5으로 authkey 파일 복사
$ scp /etc/corosync/authkey root@192.168.100.5:/etc/corosync/authkey
### 192.168.100.4 > 192.168.100.6으로 authkey 파일 복사
$ scp /etc/corosync/authkey root@192.168.100.6:/etc/corosync/authkey
3.3. Corosync 설정 config 파일 수정 → Corosync의 설정 config 파일을 수정하여 클러스터 노드를 정의 (3개 Node에서 동시 실행)
$ cat <<EOF | sudo tee /etc/corosync/corosync.conf
totem {
version: 2
cluster_name: pcs_cluster
transport: knet
crypto_cipher: aes256
crypto_hash: sha256
}
nodelist {
node {
ring0_addr: 192.168.100.4
name: 192.168.100.4
nodeid: 1
}
node {
ring0_addr: 192.168.100.5
name: 192.168.100.5
nodeid: 2
}
node {
ring0_addr: 192.168.100.6
name: 192.168.100.6
nodeid: 3
}
}
quorum {
provider: corosync_votequorum
}
logging {
to_logfile: yes
logfile: /var/log/corosync/corosync.log
to_syslog: yes
timestamp: on
}
EOF
3.4. Corosync 서비스 재시작 및 영구 실행
$ sudo systemctl restart corosync
$ sudo systemctl enable corosync
3.5. 클러스터 상태 확인
$ sudo crm status
Cluster Summary:
* Stack: corosync
* Current DC: 192.168.100.4 (version 2.1.2-ada5c3b36e2) - partition with quorum
* Last updated: Fri Aug 15 13:19:02 2025
* Last change: Thu Aug 14 15:01:54 2025 by root via cibadmin on 192.168.100.4
* 3 nodes configured
* 1 resource instance configured
Node List:
* Online: [ 192.168.100.4 192.168.100.5 192.168.100.6 ]
Full List of Resources:
* vip (ocf:heartbeat:IPaddr2): Stopped (disabled)
4. Pacemaker 클러스터 구성 → pcs를 사용하여 클러스터를 설정 (3개 Node에서 동시 실행)
4.1. pcs 서비스 및 pacemaker 서비스 활성화
$ sudo systemctl --now enable pcsd
$ sudo systemctl --now enable pacemaker
4.2. hacluster 사용자 비밀번호 설정
### pacemaker ID와 PW : hacluster:haasdf!@09
$ echo -e 'hacluster:haasdf!@09' | sudo chpasswd
4.3. 노드 인증
$ sudo pcs host auth -u hacluster -p 'haasdf!@09' 192.168.100.4 192.168.100.5 192.168.100.6
192.168.100.4: Authorized
192.168.100.5: Authorized
192.168.100.6: Authorized
4.4. 클러스터 생성
$ sudo pcs cluster setup pcs_cluster 192.168.100.4 192.168.100.5 192.168.100.6 --force
### 실행 결과 ###
No addresses specified for host '192.168.100.4', using '192.168.100.4'
No addresses specified for host '192.168.100.5', using '192.168.100.5'
No addresses specified for host '192.168.100.6', using '192.168.100.6'
Warning: 192.168.100.4: The host seems to be in a cluster already as the following service is found to be running: 'corosync'. If the host is not part of a cluster, stop the service and retry
Warning: 192.168.100.4: The host seems to be in a cluster already as cluster configuration files have been found on the host. If the host is not part of a cluster, run 'pcs cluster destroy' on host '192.168.100.4' to remove those configuration files
Warning: 192.168.100.6: The host seems to be in a cluster already as the following service is found to be running: 'corosync'. If the host is not part of a cluster, stop the service and retry
Warning: 192.168.100.6: The host seems to be in a cluster already as cluster configuration files have been found on the host. If the host is not part of a cluster, run 'pcs cluster destroy' on host '192.168.100.6' to remove those configuration files
Warning: 192.168.100.5: The host seems to be in a cluster already as the following service is found to be running: 'corosync'. If the host is not part of a cluster, stop the service and retry
Warning: 192.168.100.5: The host seems to be in a cluster already as cluster configuration files have been found on the host. If the host is not part of a cluster, run 'pcs cluster destroy' on host '192.168.100.5' to remove those configuration files
Destroying cluster on hosts: '192.168.100.4', '192.168.100.5', '192.168.100.6'...
192.168.100.6: Successfully destroyed cluster
192.168.100.5: Successfully destroyed cluster
192.168.100.4: Successfully destroyed cluster
Requesting remove 'pcsd settings' from '192.168.100.4', '192.168.100.5', '192.168.100.6'
192.168.100.6: successful removal of the file 'pcsd settings'
192.168.100.4: successful removal of the file 'pcsd settings'
192.168.100.5: successful removal of the file 'pcsd settings'
Sending 'corosync authkey', 'pacemaker authkey' to '192.168.100.4', '192.168.100.5', '192.168.100.6'
192.168.100.6: successful distribution of the file 'corosync authkey'
192.168.100.6: successful distribution of the file 'pacemaker authkey'
192.168.100.4: successful distribution of the file 'corosync authkey'
192.168.100.4: successful distribution of the file 'pacemaker authkey'
192.168.100.5: successful distribution of the file 'corosync authkey'
192.168.100.5: successful distribution of the file 'pacemaker authkey'
Sending 'corosync.conf' to '192.168.100.4', '192.168.100.5', '192.168.100.6'
192.168.100.6: successful distribution of the file 'corosync.conf'
192.168.100.4: successful distribution of the file 'corosync.conf'
192.168.100.5: successful distribution of the file 'corosync.conf'
Cluster has been successfully set up.
4.5. 클러스터 시작
$ pcs cluster start --all
192.168.100.4: Starting Cluster...
192.168.100.5: Starting Cluster...
192.168.100.6: Starting Cluster...
4.6. 클러스터 상태 확인
$ pcs status
Cluster name: pcs_cluster
Cluster Summary:
* Stack: corosync
* Current DC: 192.168.100.5 (version 2.1.2-ada5c3b36e2) - partition with quorum
* Last updated: Fri Aug 15 13:29:57 2025
* Last change: Thu Aug 14 15:01:54 2025 by root via cibadmin on 192.168.100.4
* 3 nodes configured
* 1 resource instance configured
Node List:
* Online: [ 192.168.100.4 192.168.100.5 192.168.100.6 ]
Full List of Resources:
* No resources
Daemon Status:
corosync: active/disabled
pacemaker: active/disabled
pcsd: active/enabled
5. 클러스터 기본 설정 > STONITH(Fencing) 설정
5.1. STONITH(Fencing) 비활성화 (추천 방법은 아님)
### Fencing 비활성화 > Pacemaker의 Node가 이슈가 있을 때 완전 배제를 위해 Fencing 설정 필요, 우선 Fencing 비활성화
$ sudo pcs property set stonith-enabled=false
### Fencing 활성화 > Fencing 방법도 학습 필요
### sudo pcs property set stonith-enabled=true
5.2. 클러스터 설정 확인
$ sudo pcs property config
Cluster Properties:
cluster-infrastructure: corosync
cluster-name: pcs_cluster
dc-version: 2.1.2-ada5c3b36e2
have-watchdog: false
stonith-enabled: false
6. 클러스터 기본 설정 → VIP 리소스 생성 (3개 노드 중 1개 노드에서만 VIP 실행)
6.1. VIP 리소스를 추가하여 클러스터가 해당 IP를 관리하도록 설정 → VIP는 192.168.100.10
$ sudo crm configure primitive vip IPaddr2 \
params ip=192.168.100.10 cidr_netmask=28 nic=bond0 \
op monitor interval=30s \
meta target-role=Started
6.2. 클러스터 상태 확인
$ sudo pcs status
Cluster name: pcs_cluster
Cluster Summary:
* Stack: corosync
* Current DC: 192.168.100.5 (version 2.1.2-ada5c3b36e2) - partition with quorum
* Last updated: Fri Aug 15 13:43:13 2025
* Last change: Thu Aug 14 15:01:54 2025 by root via cibadmin on 192.168.100.4
* 3 nodes configured
* 1 resource instance configured
Node List:
* Online: [ 192.168.100.4 192.168.100.5 192.168.100.6 ]
Full List of Resources:
* vip (ocf:heartbeat:IPaddr2): Started 192.168.100.4
Daemon Status:
corosync: active/disabled
pacemaker: active/disabled
pcsd: active/enabled
6.3. 리소스 상태 확인
$ sudo pcs resource status
* vip (ocf:heartbeat:IPaddr2): Started 192.168.100.4
6.4. 리소스 구성 검토
$ sudo pcs resource config
Resource: vip (class=ocf provider=heartbeat type=IPaddr2)
Attributes: cidr_netmask=28 ip=192.168.100.10 nic=bond0
Meta Attrs: target-role=Started
Operations: monitor interval=30s (vip-monitor-30s)
6.5. 인터페이스에서 확인
$ ip address show bond0
12: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether e2:9d:8c:ae:16:73 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.4/28 brd 192.168.100.15 scope global bond0
valid_lft forever preferred_lft forever
inet 192.168.100.10/28 brd 192.168.100.15 scope global secondary bond0
valid_lft forever preferred_lft forever
inet6 fe80::e09d:8cff:feae:1673/64 scope link
valid_lft forever preferred_lft forever
※ 참고 자료 : https://www.scbyun.com/1498
우분투에서 Pacemaker와 Corosync를 사용해 고가용성 클러스터를 구성하는 방법
우분투에서 Pacemaker와 Corosync을 사용하여 HA(고가용성) 클러스터를 구성하는 방법Pacemaker와 Corosync을 사용하여 HA (고가용성) 클러스터를 구성하는 것은 복잡한 프로세스일 수 있습니다. Pacemaker를
www.scbyun.com