crm command 编辑文件 shell

admin

CRM shell / text based ( W5 J. n) P" q; F* jThe crm shell provides an "edit" function which will invoke the editor (default VI) with the current cib and allow for modification of any values inside the cib and once saved, will apply to the live cluster configuration.  This will trigger a one time probe of the modified resource to pick up any changes that were made to the primitive. 9 M! V; C# o" l7 O2 h# crm configure edit You may choose to edit the entire cib (all objects) or a set of objects.  To bring up a single primitive in the editor, use the following command.   # crm configure edit <primitive name> You may also choose to edit the xml version of the cib. 6 W$ e; F% M3 t. {* h# crm configure edit xml As you save your edits,  crm shell will run a quick syntax check (crm configure verify)  and prompt if it detects any errors and allow you to make edits before committing.   2 d3 b% O' \5 `Additional Information * `4 @9 q$ \! D5 h' Y- P( f) g3 JA quick text backup can be taken of your cluster configuration using the following command. 1 I' _; F" P  w& `; @- R; F# crm configure show > /root/cib_backup.txt To restore a cib from a backup file previously created. # crm configure load replace /root/cib_backup.txt

admin

To output the usage of crm and its command line options:
5 T$ p1 `8 @) q! X( L
crm --help
4 ^+ V0 g' W- U4 _COPY
) K3 c$ Z# r6 s3 gTo give a list of all available commands:

crm help
6 u+ }* V3 K0 `/ j* G# UCOPY
( Y. J6 H+ n: E! sTo access other help sections, not just the command reference:
& f1 w# V) B  z5 m# M. d2 g
0 _2 R% ~. B" u8 G: m  h6 ?crm help topics
. d- o+ ]. s, ]9 I$ r1 _COPY
To view the extensive help text of the configure subcommand:
- C8 U" t' T# W
crm configure help
& W* ^8 z8 Y/ a! D5 V3 \% WCOPY
9 J; e1 L( p  k2 _% [/ C: `, nTo print the syntax, its usage, and examples of the group subcommand of configure:

crm configure help group
- f& S- L( f% J- u  NCOPY
This is the same:

8 J2 G$ Q# Y, P* c/ K1 r$ kcrm help configure group
8 H% g* z, {7 t6 v* V& i) TCOPY

admin

crm options user hacluster
COPY
Note that you need to set up /etc/sudoers so that sudo does not ask for a password.

7.1 crmsh—Overview
& V- x+ l; y  x5 H; T6 i9 J# s
  d) Y! f7 K( m3 ]* K7 MThe crm command has several subcommands which manage resources, CIBs, nodes, resource agents, and others. It offers a thorough help system with embedded examples. All examples follow a naming convention described in Appendix B.
2 W4 _# ^: `: D) k
TipTip: Interactive crm Prompt
6 @3 D  v0 R# Y$ }( hBy using crm without arguments (or with only one sublevel as argument), the crm shell enters the interactive mode. This mode is indicated by the following prompt:

* Z$ n1 e1 Z5 {6 {' u" F* ICOPY
+ q! n9 o' [5 r- s8 OFor readability reasons, we omit the host name in the interactive crm prompts in our documentation. We only include the host name if you need to run the interactive shell on a specific node, like alice for example:
* p: P, X, V1 m, y9 x; ?
COPY
' a7 `. d5 t; B# V& z7.1.1 Getting Help

Help can be accessed in several ways:
; ^0 Z& d( @1 _" F' r/ C
* L! n6 `# H8 OTo output the usage of crm and its command line options:
$ f2 V8 Z. e( g9 R- W
crm --help
COPY
/ s& v  d9 R( }8 O7 \. N/ BTo give a list of all available commands:
$ ~) k/ }. h# f% w7 g
/ X, g6 j/ k# H0 p3 Ocrm help
2 B  ^6 t5 A& |( b$ q  SCOPY
To access other help sections, not just the command reference:
! R$ y) J6 c4 s$ v
crm help topics
4 i  o  R$ r9 Y$ u5 DCOPY
To view the extensive help text of the configure subcommand:
$ ^1 D% B( x8 n& q
crm configure help
0 z, a% q8 L8 H) b1 t1 {( SCOPY
3 g9 k* @4 b5 e0 O8 D4 C3 rTo print the syntax, its usage, and examples of the group subcommand of configure:
4 x2 d: R5 y+ b' N7 R4 B$ F) {. C
crm configure help group
COPY
This is the same:
* k* |, Z4 Z" U
/ c4 E% d. S" I7 W  I9 ucrm help configure group
COPY
Almost all output of the help subcommand (do not mix it up with the --help option) opens a text viewer. This text viewer allows you to scroll up or down and read the help text more comfortably. To leave the text viewer, press the Q key.
7 I2 Q4 i) ]/ O8 L! C! X
TipTip: Use Tab Completion in Bash and Interactive Shell
5 G. G; Q9 r, C% W# \2 oThe crmsh supports full tab completion in Bash directly, not only for the interactive shell. For example, typing crm help config→| will complete the word like in the interactive shell.
& g( }0 l( z: g( ]4 |
  Z4 f2 ~. B; V* B0 j7.1.2 Executing crmsh's Subcommands
+ K: Z) b  Z/ g% H0 B: u
The crm command itself can be used in the following ways:
. V& v0 }0 e7 |# O* g* E2 {5 a
7 {) O$ A  O; O4 SDirectly: Concatenate all subcommands to crm, press Enter and you see the output immediately. For example, enter crm help ra to get information about the ra subcommand (resource agents).

; r1 ^* d  y7 ^4 \It is possible to abbreviate subcommands as long as they are unique. For example, you can shorten status as st and crmsh will know what you have meant.

$ S+ Q  s4 [# _6 _$ oAnother feature is to shorten parameters. Usually, you add parameters through the params keyword. You can leave out the params section if it is the first and only section. For example, this line:
. I% B. y3 Z0 X; R" @  j7 K! v
; n9 }( R* Y9 d' P; J' Jcrm primitive ipaddr IPaddr2 params ip=192.168.0.55
8 c- g- [- W! ?1 _# LCOPY
' U* H) `; q% \; H2 vis equivalent to this line:
1 F( z6 a* `% g( ?, h. e
  U9 r8 l! y0 u" A' I" p( ]* scrm primitive ipaddr IPaddr2 ip=192.168.0.55
" F. W$ _/ B+ CCOPY
As crm Shell Script: Crm shell scripts contain subcommands of crm. For more information, see Section 7.1.4, “Using crmsh's Shell Scripts”.
$ M9 Z% r. X- w) _! o
  o7 i# D% x6 o- ]& dAs crmsh Cluster Scripts:These are a collection of metadata, references to RPM packages, configuration files, and crmsh subcommands bundled under a single, yet descriptive name. They are managed through the crm script command.

8 o+ ?% K; r. |: G! K2 ^  ~Do not confuse them with crmsh shell scripts: although both share some common objectives, the crm shell scripts only contain subcommands whereas cluster scripts incorporate much more than a simple enumeration of commands. For more information, see Section 7.1.5, “Using crmsh's Cluster Scripts”.
  g- v4 s: O& a/ ]% Y+ c" K4 s
6 E1 T7 v6 g9 n7 E6 PInteractive as Internal Shell: Type crm to enter the internal shell. The prompt changes to crm(live). With help you can get an overview of the available subcommands. As the internal shell has different levels of subcommands, you can “enter” one by typing this subcommand and press Enter.

For example, if you type resource you enter the resource management level. Your prompt changes to crm(live)resource#. If you want to leave the internal shell, use the commands quit, bye, or exit. If you need to go one level back, use back, up, end, or cd.
/ V8 d/ N  e6 h$ O& Y8 S
: Y+ S) k" N; R4 j, iYou can enter the level directly by typing crm and the respective subcommand(s) without any options and press Enter.
- B: u; [+ Y2 S  ~9 S
The internal shell supports also tab completion for subcommands and resources. Type the beginning of a command, press →| and crm completes the respective object.
+ B5 a  H) z- h+ C# o
% b2 V) A1 Q7 K9 Z" k, Q1 PIn addition to previously explained methods, crmsh also supports synchronous command execution. Use the -w option to activate it. If you have started crm without -w, you can enable it later with the user preference's wait set to yes (options wait yes). If this option is enabled, crm waits until the transition is finished. Whenever a transaction is started, dots are printed to indicate progress. Synchronous command execution is only applicable for commands like resource start.

' D1 }( x( F9 f6 eNoteNote: Differentiate Between Management and Configuration Subcommands
) D, n4 X! ~3 b" q" P" f3 gThe crm tool has management capability (the subcommands resource and node) and can be used for configuration (cib, configure).
( t' _$ d1 o& z' |8 `
+ C+ C4 Z' c( CThe following subsections give you an overview of some important aspects of the crm tool.

7.1.3 Displaying Information about OCF Resource Agents
* Z, ]% g+ p5 ]. {/ P$ i0 E" q- u* Y
6 D3 @5 G+ {# K2 C# I' dAs you need to deal with resource agents in your cluster configuration all the time, the crm tool contains the ra command. Use it to show information about resource agents and to manage them (for additional information, see also Section 5.3.2, “Supported Resource Agent Classes”):
# r9 `; t  d7 A1 z& x- c0 K. }% J
crm ra
COPY
The command classes lists all classes and providers:

classes
lsb
ocf / heartbeat linbit lvm2 ocfs2 pacemaker
service
stonith
systemd
5 t" u* R6 P3 I$ T( c! ICOPY
% T9 j9 {( V7 e( w+ qTo get an overview of all available resource agents for a class (and provider) use the list command:
* A8 p/ V6 _( O  F! P! j) A0 V
list ocf
AoEtarget           AudibleAlarm        CTDB                ClusterMon
Delay               Dummy               EvmsSCC             Evmsd
) _" N: [1 h! q6 ^& T( L/ ?: I0 aFilesystem          HealthCPU           HealthSMART         ICP
IPaddr              IPaddr2             IPsrcaddr           IPv6addr
LVM                 LinuxSCSI           MailTo              ManageRAID
3 m4 F% k: B/ e4 kManageVE            Pure-FTPd           Raid1               Route
# X5 Z8 @( i# c- n1 p" tSAPDatabase         SAPInstance         SendArp             ServeRAID
...
% B- w" k* u2 P" }- N5 c( {. ICOPY
; d4 q$ V  b' c" }An overview of a resource agent can be viewed with info:
3 S$ T$ f" h( P/ F  h
' u2 n4 q/ c* P7 e9 K0 D& Qinfo ocf:linbit:drbd
+ ?' n% y* k' S* J3 wThis resource agent manages a DRBD* resource
as a master/slave resource. DRBD is a shared-nothing replicated storage
4 T; L: a1 F4 I7 }device. (ocf:linbit:drbd)

Master/Slave OCF Resource Agent for DRBD
* C- [: l$ j# a& }" d
Parameters (* denotes required, [] the default):

drbd_resource* (string): drbd resource name
    The name of the drbd resource from the drbd.conf file.
; I1 r/ T$ @4 c+ f; ~& v/ v% f
6 h8 ]  a5 K: h7 qdrbdconf (string, [/etc/drbd.conf]): Path to drbd.conf
2 }" z( r8 A$ ]% {    Full path to the drbd.conf file.

Operations' defaults (advisory minimum):
8 m3 m2 T- X7 h3 G- i. `
    start         timeout=240
* ?& D9 g4 \8 J5 u    promote       timeout=90
    demote        timeout=90
" \: U9 @' S* x8 K! v    notify        timeout=90
    stop          timeout=100
    monitor_Slave_0 interval=20 timeout=20 start-delay=1m
" i0 j: a' _; i" @# ]    monitor_Master_0 interval=10 timeout=20 start-delay=1m
# b9 c7 }1 _* `; MCOPY
Leave the viewer by pressing Q.

# A7 E+ |0 B0 LTipTip: Use crm Directly
0 d& _# M3 @$ n$ K8 }/ BIn the former example we used the internal shell of the crm command. However, you do not necessarily need to use it. You get the same results if you add the respective subcommands to crm. For example, you can list all the OCF resource agents by entering crm ra list ocf in your shell.

: R2 {- `% j1 t7 ], M1 U7.1.4 Using crmsh's Shell Scripts

The crmsh shell scripts provide a convenient way to enumerate crmsh subcommands into a file. This makes it easy to comment specific lines or to replay them later. Keep in mind that a crmsh shell script can contain only crmsh subcommands. Any other commands are not allowed.
# b# a- j( ]: J$ I/ U; z
Before you can use a crmsh shell script, create a file with specific commands. For example, the following file prints the status of the cluster and gives a list of all nodes:

EXAMPLE 7.1: A SIMPLE CRMSH SHELL SCRIPT

+ o5 }3 H2 B' Q# A small example file with some crm subcommands
status
, \+ j  j* C% K% N" x6 b. T2 n7 I/ Gnode list
% R6 P' U0 ^' I9 B( {% j* lCOPY
Any line starting with the hash symbol (#) is a comment and is ignored. If a line is too long, insert a backslash (\) at the end and continue in the next line. It is recommended to indent lines that belong to a certain subcommand to improve readability.
7 b& B& ^7 ]/ M# B
To use this script, use one of the following methods:

crm -f example.cli
crm < example.cli
, x- U' R" \, T) YCOPY
8 O/ [2 H% a  r) X& K7.1.5 Using crmsh's Cluster Scripts
4 f: b$ g' n' `
Collecting information from all cluster nodes and deploying any changes is a key cluster administration task. Instead of performing the same procedures manually on different nodes (which is error-prone), you can use the crmsh cluster scripts.

0 L, [( k! y: G; SDo not confuse them with the crmsh shell scripts, which are explained in Section 7.1.4, “Using crmsh's Shell Scripts”.
* o/ D' {8 \4 [* G5 a, m$ g" B
In contrast to crmsh shell scripts, cluster scripts performs additional tasks like:

Installing software that is required for a specific task.

4 M; m, C7 w9 e# H" hCreating or modifying any configuration files.
+ M* R2 V, i4 E, d, S2 ?
  z8 m+ C/ Z1 c5 _. uCollecting information and reporting potential problems with the cluster.
# c9 R. u/ Q0 Z, u; O
$ @4 q# i: |) p; E) O! a; RDeploying the changes to all nodes.
6 f9 ^& }6 I* p" h$ z1 C8 k
crmsh cluster scripts do not replace other tools for managing clusters—they provide an integrated way to perform the above tasks across the cluster. Find detailed information at http://crmsh.github.io/scripts/.

7.1.5.1 Usage

To get a list of all available cluster scripts, run:
$ E' Y, j: S( ?
/ G4 B; H9 I. d2 ^crm script list
COPY
To view the components of a script, use the show command and the name of the cluster script, for example:

crm script show mailto
mailto (Basic)
MailTo
8 o. q0 X3 d2 a7 k9 v- i8 G' P
This is a resource agent for MailTo. It sends email to a sysadmin
whenever  a takeover occurs.

1. Notifies recipients by email in the event of resource takeover
8 E5 W, v% R# ^, |- }1 }2 p
  id (required)  (unique)
! {% j, m& r1 p; y0 @) u  U      Identifier for the cluster resource
  email (required)
" a+ X1 i: A- _0 a      Email address
/ n' V( \3 y8 L: p% e! d  subject
  Y. `) H- @& @) N      Subject
COPY
9 [4 U8 Q. h$ _The output of show contains a title, a short description, and a procedure. Each procedure is divided into a series of steps, performed in the given order.
, D$ H3 V! G1 D# f7 X4 {
" L6 F' G) E, x! j$ CEach step contains a list of required and optional parameters, along with a short description and its default value.

Each cluster script understands a set of common parameters. These parameters can be passed to any script:

6 t2 r& v7 c3 b8 r: Q1 `2 jTABLE 7.1: COMMON PARAMETERS
$ ~; J% a9 D0 i7 s3 t7 b9 p! E
. t  ^: L7 i+ Q3 cParameter        Argument        Description
action        INDEX        If set, only execute a single action (index, as returned by verify)
; b* |4 F6 V6 Cdry_run        BOOL        If set, simulate execution only (default: no)
: a& m# A7 }, g6 S; V) H: Inodes        LIST        List of nodes to execute the script for
# Y, o8 l4 b* ^8 Lport        NUMBER        Port to connect to
statefile        FILE        When single-stepping, the state is saved in the given file
6 @; a  }7 H- ^! V9 u3 Fsudo        BOOL        If set, crm will prompt for a sudo password and use sudo where appropriate (default: no)
* x/ {8 a7 h3 z- l. ztimeout        NUMBER        Execution timeout in seconds (default: 600)
8 o3 Z. z3 V5 H; H1 wuser        USER        Run script as the given user
7.1.5.2 Verifying and Running a Cluster Script
' {1 B" Q: T9 T  \5 c, ?/ f
) R2 v: c; A3 g- m9 aBefore running a cluster script, review the actions that it will perform and verify its parameters to avoid problems. A cluster script can potentially perform a series of actions and may fail for various reasons. Thus, verifying your parameters before running it helps to avoid problems.

For example, the mailto resource agent requires a unique identifier and an e-mail address. To verify these parameters, run:
* F& p$ s3 g( M: T  a8 x
crm script verify mailto id=sysadmin email=tux@example.org
1. Ensure mail package is installed

* N0 i# d6 r  h        mailx
+ e6 I* f( U+ i$ q! N
2. Configure cluster resources
9 c. J$ U4 u- m/ q
        primitive sysadmin MailTo
/ i7 E+ f+ E5 s9 e$ F                email="tux@example.org"
                op start timeout="10"
                op stop timeout="10"
                op monitor interval="10" timeout="10"

        clone c-sysadmin sysadmin
COPY
( x2 _+ g# J* N+ L- ]$ ZThe verify prints the steps and replaces any placeholders with your given parameters. If verify finds any problems, it will report it. If everything is ok, replace the verify command with run:

& ?" L' R* t/ v' l( b% [) Lcrm script run mailto id=sysadmin email=tux@example.org
0 d, c# {: V9 m7 b8 m# w0 }INFO: MailTo
" R3 P9 T7 U1 d9 R4 `& V3 AINFO: Nodes: alice, bob
& s- \; l2 ?1 l4 M/ L$ r( }+ VOK: Ensure mail package is installed
: [$ m1 M% x0 e: dOK: Configure cluster resources
: v8 M- v  |5 h8 @% fCOPY
Check whether your resource is integrated into your cluster with crm status:
' B5 b/ D9 M/ k" T+ T1 [
3 j% s, }. p& xcrm status
0 F1 i% q: |+ [( c  a% c[...]
Clone Set: c-sysadmin [sysadmin]
     Started: [ alice bob ]
) b5 }( v6 y6 g  J; p+ GCOPY
7.1.6 Using Configuration Templates
- i7 a7 _: @3 ^! t% [9 y
- X. _  @: h' v! b: {NoteNote: Deprecation Notice
' t5 J' j4 _; K# l$ g( E, A  z4 uThe use of configuration templates is deprecated and will be removed in the future. Configuration templates will be replaced by cluster scripts, see Section 7.1.5, “Using crmsh's Cluster Scripts”.
. G" V; A7 Q* A) j3 y4 R
! u/ O5 A3 l+ l. T4 GConfiguration templates are ready-made cluster configurations for crmsh. Do not confuse them with the resource templates (as described in Section 7.4.3, “Creating Resource Templates”). Those are templates for the cluster and not for the crm shell.
6 [  T# A2 ~" ^5 D, P
Configuration templates require minimum effort to be tailored to the particular user's needs. Whenever a template creates a configuration, warning messages give hints which can be edited later for further customization.

/ I0 o. o% a9 }6 O) M: ]2 MThe following procedure shows how to create a simple yet functional Apache configuration:
8 n0 d9 i) d( p' ?( u
Log in as root and start the crm interactive shell:
6 z3 s8 ^1 f6 d. E
# n0 ^! @9 r' {- z( v5 ?3 Ecrm configure
0 A8 p9 h/ A  P  W' S. W) ACOPY
, l$ x# C  v, p4 m' O* W: F$ PCreate a new configuration from a configuration template:

Switch to the template subcommand:
: u: H9 C. _5 U0 i! o
template
. h& }: N1 s5 V9 x$ qCOPY
# L& [8 s3 Y8 E' DList the available configuration templates:

4 Q! s/ j; w! c' u- a4 T! {list templates
gfs2-base   filesystem  virtual-ip  apache   clvm     ocfs2    gfs2
COPY
Decide which configuration template you need. As we need an Apache configuration, we select the apache template and name it g-intranet:

0 Y2 y0 F7 q0 i& P2 E2 ~5 unew g-intranet apache
$ ~- ?1 @1 k  E- @, j: m; QINFO: pulling in template apache
INFO: pulling in template virtual-ip
) Z' I- l7 F( v: RCOPY
" L( V  Y0 d$ U. B8 `Define your parameters:

1 r4 m( H# C; f; I: }List the configuration you have created:

6 G/ [, g* u; w: v# `  n5 v$ d; Z+ p' Clist
2 Q2 D6 ?# v% W# L! wg-intranet
* z* H$ S" b2 }+ J! BCOPY
  Y* g% L4 s5 g9 k% \& N+ QDisplay the minimum required changes that need to be filled out by you:

7 x# I; k5 T$ q5 |' w- Wshow
ERROR: 23: required parameter ip not set
# [! R: X) h( U* `! n' pERROR: 61: required parameter id not set
/ a* K9 H$ s6 g8 z4 j  I1 ?" NERROR: 65: required parameter configfile not set
" c$ c- M+ x: x. b5 ACOPY
Invoke your preferred text editor and fill out all lines that have been displayed as errors in Step 3.b:

edit
COPY
Show the configuration and check whether it is valid (bold text depends on the configuration you have entered in Step 3.c):

* Z$ {8 X2 C0 ]5 i. r; O% T* vshow
primitive virtual-ip ocf:heartbeat:IPaddr \
    params ip="192.168.1.101"
primitive apache apache \
    params configfile="/etc/apache2/httpd.conf"
) v/ Y* P, C8 C    monitor apache 120s:60s
  Y0 }5 p4 u& M7 K2 hgroup g-intranet \
+ E; d3 A* k% r: r& E4 S9 s' b7 Y    apache virtual-ip
COPY
Apply the configuration:
4 J% T) E+ {! K+ U7 P9 N6 e
apply
cd ..
  x3 Y7 X( u+ P1 G6 o! Eshow
! G  V: Y( w0 j! uCOPY
Submit your changes to the CIB:
! u: K6 `" v6 I! e7 c4 I( u+ t
& I" L$ o3 c; V: Q# X! Ncommit
7 x) d) Q5 x3 V8 ^( V+ oCOPY
* _+ n; ]0 z) r7 P# }  t- u! jIt is possible to simplify the commands even more, if you know the details. The above procedure can be summarized with the following command on the shell:

& G! o; j# Q! l$ s$ Mcrm configure template \
* U) V' D6 ~9 i$ [3 N4 `9 \   new g-intranet apache params \
7 j4 c9 v9 F2 g0 u" h1 u' {   configfile="/etc/apache2/httpd.conf" ip="192.168.1.101"
COPY
If you are inside your internal crm shell, use the following command:
7 n& R1 F% m7 O: s  m
4 \* N; `: F5 z1 Jnew intranet apache params \
   configfile="/etc/apache2/httpd.conf" ip="192.168.1.101"
) R* C; P: F# s: o1 o  gCOPY
! w9 O8 C) q/ ~& l! c, P* gHowever, the previous command only creates its configuration from the configuration template. It does not apply nor commit it to the CIB.

% r* Z9 k4 Q2 x. ^2 M6 m7.1.7 Testing with Shadow Configuration
5 X; [- i  v: L; w/ y
A shadow configuration is used to test different configuration scenarios. If you have created several shadow configurations, you can test them one by one to see the effects of your changes.
# P' a( G- M) n# [1 d
1 H: d. M! x1 P# M9 |The usual process looks like this:

Log in as root and start the crm interactive shell:

# X. P! A0 V) I6 Ucrm configure
. b; d( ^% W) \/ rCOPY
: i; C! R" @& x2 V% MCreate a new shadow configuration:

" \. ]& D  {- a; Z" icib new myNewConfig
" a! x" [8 f% R/ GINFO: myNewConfig shadow CIB created
# K& _# e) T/ u  u! }' dCOPY
) O7 y4 I8 ^" h3 P; UIf you omit the name of the shadow CIB, a temporary name @tmp@ is created.
# _7 z. |! s- A  r8 X5 F9 C
) v" v/ X7 g# p0 I# yIf you want to copy the current live configuration into your shadow configuration, use the following command, otherwise skip this step:
$ d. L; j( a- \2 B
crm(myNewConfig)# cib reset myNewConfig
COPY
The previous command makes it easier to modify any existing resources later.
+ f8 k3 d7 C. g1 ?- W& ?) E- n
  R) ^1 Y% e" s' h& \Make your changes as usual. After you have created the shadow configuration, all changes go there. To save all your changes, use the following command:

crm(myNewConfig)# commit
( ]/ K4 D; t/ _2 BCOPY
4 }- q) w% ?) k, l9 g9 N: VIf you need the live cluster configuration again, switch back with the following command:
* {) m6 f, K) v6 ]; t3 v; |6 A) v
2 W0 q. J: ]" ?, G5 g0 r% ~, _crm(myNewConfig)configure# cib use live
COPY
1 l$ D- \- a% t" y: b& q  n* \7.1.8 Debugging Your Configuration Changes
5 [% X$ q1 u- V
Before loading your configuration changes back into the cluster, it is recommended to review your changes with ptest. The ptest command can show a diagram of actions that will be induced by committing the changes. You need the graphviz package to display the diagrams. The following example is a transcript, adding a monitor operation:
( D% e7 g3 z9 O# [
crm configure
show fence-bob
+ ^4 C8 z* x! v2 b# wprimitive fence-bob stonith:apcsmart \
3 q& e4 X/ Z0 t& m9 v        params hostlist="bob"
monitor fence-bob 120m:60s
show changed
6 A% }" g) r* q: ]primitive fence-bob stonith:apcsmart \
9 p# q' ~2 l$ i9 Q7 u6 C& t        params hostlist="bob" \
        op monitor interval="120m" timeout="60s"
/ A+ U% u0 Q3 U1 @9 _2 ]1 X8 ^1 Iptest
  J" K6 B! X. j: Dcommit
( o0 l8 g+ R8 N2 q+ W, r1 t  f2 `COPY
* c$ y+ n0 {' n+ z9 u7.1.9 Cluster Diagram
. ?4 A. _0 D+ X0 ^& ^! G9 s: x) I
To output a cluster diagram, use the command crm configure graph. It displays the current configuration on its current window, therefore requiring X11.
, f, h$ U% U2 J
0 f' M/ i8 ~2 s& C3 a# rIf you prefer Scalable Vector Graphics (SVG), use the following command:

crm configure graph dot config.svg svg
COPY
7.2 Managing Corosync Configuration
' J9 R+ _7 T6 ~2 C4 {  n( V
Corosync is the underlying messaging layer for most HA clusters. The corosync subcommand provides commands for editing and managing the Corosync configuration.
1 G" L* |  P) u; Y  j' ?; Q" T
, p* B  q! U) s  fFor example, to list the status of the cluster, use status:
6 ]& }2 D8 F) |6 v$ E: W; T0 I" P' u  d
crm corosync status
Printing ring status.
Local node ID 175704363
- [6 r3 A- S; p. nRING ID 0
        id      = 10.121.9.43
1 ~/ P4 q2 @4 ]9 V  g        status  = ring 0 active with no faults
2 Y0 N: [# ~: s; k' O0 k5 @Quorum information
, Q3 y3 f. t4 ?------------------
  Y$ b5 g+ z- S2 _6 C+ ^4 S4 RDate:             Thu May  8 16:41:56 2014
Quorum provider:  corosync_votequorum
Nodes:            2
Node ID:          175704363
) g; A# {. w9 b8 ^Ring ID:          4032
Quorate:          Yes
% }6 ]2 v9 t) {2 ]
9 S* R7 V& @- {; a9 |- IVotequorum information
----------------------
1 w0 q9 o! h  [4 kExpected votes:   2
+ a+ i9 M3 R) ^  OHighest expected: 2
# U5 |3 T4 v' F( c5 w% \0 zTotal votes:      2
Quorum:           2
Flags:            Quorate

Membership information
6 x& r1 M1 c$ _  `  M7 C& L----------------------
# i! D. J) q% S; V, ~% j    Nodeid      Votes Name
175704363          1 alice.example.com (local)
175704619          1 bob.example.com
- i: `3 C# P( v4 |COPY
* a! ^3 Q( i" wThe diff command is very helpful: It compares the Corosync configuration on all nodes (if not stated otherwise) and prints the difference between:

$ `' p3 s3 v- q7 D+ i( y8 j, e! ^; `crm corosync diff
--- bob
! k, @8 b3 |9 ^! \. q: T. F+++ alice
@@ -46,2 +46,2 @@
- P2 k. Y# Y& O5 S-       expected_votes: 2
# Y8 d( ~4 W3 ?- _. Y-       two_node: 1
7 @" J. r+ Y+ S1 p+       expected_votes: 1
$ d+ B6 e7 K8 p. M4 r% ?$ h+       two_node: 0
9 W3 Q. @& ~% d" RCOPY
0 J, J- H& X( C2 F0 `For more details, see http://crmsh.nongnu.org/crm.8.html#cmdhelp_corosync.

7.3 Configuring Global Cluster Options
* g2 U' l. `) j" a+ a
+ M0 S: D" d3 D( V! B% NGlobal cluster options control how the cluster behaves when confronted with certain situations. The predefined values can usually be kept. However, to make key functions of your cluster work correctly, you need to adjust the following parameters after basic cluster setup:
4 c9 o  q+ c: h. I
# ^6 y+ e: W, m1 {PROCEDURE 7.1: MODIFYING GLOBAL CLUSTER OPTIONS WITH crm
0 S6 d5 k  c- X* x
1 i- i) G0 [! [0 r4 xLog in as root and start the crm tool:

' P" M' S& c) u# q6 t+ o1 Kcrm configure
COPY
Use the following commands to set the options for two-node clusters only:

property no-quorum-policy=stop
property stonith-enabled=true
COPY
* p4 v+ k6 }* c8 u: ?. b9 ]" zImportantImportant: No Support Without STONITH
8 y& u4 r/ `, A! vA cluster without STONITH is not supported.
1 L1 T% }) J+ O2 O& ^' a( M
Show your changes:

show
& U% |5 @8 R  G) S( qproperty $id="cib-bootstrap-options" \
   dc-version="1.1.1-530add2a3721a0ecccb24660a97dbfdaa3e68f51" \
2 C  p$ Y0 E3 j: L- Y   cluster-infrastructure="corosync" \
0 S7 m7 x* T' P0 H( t+ G3 f: V   expected-quorum-votes="2" \
4 m* |7 `# {" x5 j7 N) N* Q   no-quorum-policy="stop" \
   stonith-enabled="true"
COPY
. H: N. @, ?  m! W3 c$ u1 }- ^' ^' HCommit your changes and exit:

commit
3 N5 V- U) `0 q( o6 wexit
COPY
7.4 Configuring Cluster Resources

0 e- t( j6 M* j* ^As a cluster administrator, you need to create cluster resources for every resource or application you run on servers in your cluster. Cluster resources can include Web sites, e-mail servers, databases, file systems, virtual machines, and any other server-based applications or services you want to make available to users at all times.
% J% C0 b) Q$ C& t
. k  u1 `( v- R6 g* L) Q1 mFor an overview of resource types you can create, refer to Section 5.3.3, “Types of Resources”.

; V  ~4 d$ T7 X1 F4 S7.4.1 Loading Cluster Resources from a File

Parts or all of the configuration can be loaded from a local file or a network URL. Three different methods can be defined:
5 k' Z% X2 `: B4 o% v8 D
replace
/ W) U3 A- g+ O5 K3 H4 E& V: eThis option replaces the current configuration with the new source configuration.

7 E  C" G* R7 ]0 P! yupdate
# d8 I9 H; a/ wThis option tries to import the source configuration. It adds new items or updates existing items to the current configuration.

push
3 H" p# w$ N4 z5 ~0 [This option imports the content from the source into the current configuration (same as update). However, it removes objects that are not available in the new configuration.
6 a, e: @0 e; p/ V4 @
& |0 {* s8 a; {, m! |) m% BTo load the new configuration from the file mycluster-config.txt use the following syntax:

' W! K6 F$ j+ w7 w1 {% R1 Ncrm configure load push mycluster-config.txt
* f" q) n2 H9 J% g2 }2 mCOPY
. a! M$ H/ |- v% B0 \: W7.4.2 Creating Cluster Resources

2 Q0 h3 _6 c2 E& bThere are three types of RAs (Resource Agents) available with the cluster (for background information, see Section 5.3.2, “Supported Resource Agent Classes”). To add a new resource to the cluster, proceed as follows:
9 N' j8 |8 m. y7 ?$ P
3 H6 O7 s  T+ C: c9 g: w. Z& r6 w: ?Log in as root and start the crm tool:
& D8 \- y6 B* c9 {1 C5 g8 b0 q8 ^
crm configure
COPY
Configure a primitive IP address:

primitive myIP IPaddr \
     params ip=127.0.0.99 op monitor interval=60s
COPY
! U  G2 S" H! h( N) pThe previous command configures a “primitive” with the name myIP. You need to choose a class (here ocf), provider (heartbeat), and type (IPaddr). Furthermore, this primitive expects other parameters like the IP address. Change the address to your setup.

4 l+ K; ]" e) ]5 J# p2 D3 h6 M( ?Display and review the changes you have made:

6 `# F$ n4 h- Q, k/ G3 w. v+ B8 ushow
$ _( C, B2 B9 D6 i: C+ ]COPY
Commit your changes to take effect:

+ Q! ^% l" H* n: y2 F3 hcommit
- R, W, P. z2 C2 @2 [2 {: i' W7 ]COPY
5 V3 y" O4 I( i) f# E$ m, T7.4.3 Creating Resource Templates

+ r& x5 m9 W8 v0 }9 A0 uIf you want to create several resources with similar configurations, a resource template simplifies the task. See also Section 5.5.3, “Resource Templates and Constraints” for some basic background information. Do not confuse them with the “normal” templates from Section 7.1.6, “Using Configuration Templates”. Use the rsc_template command to get familiar with the syntax:
  w6 V9 l; G( t" ~+ i* j. v* C
crm configure rsc_template
usage: rsc_template <name> [<class>:[<provider>:]]<type>
        [params <param>=<value> [<param>=<value>...]]
        [meta <attribute>=<value> [<attribute>=<value>...]]
        [utilization <attribute>=<value> [<attribute>=<value>...]]
        [operations id_spec
            [op op_type [<attribute>=<value>...] ...]]
5 A* H+ W6 B: s  e1 f4 DCOPY
& Z; o3 `3 k1 {  YFor example, the following command creates a new resource template with the name BigVM derived from the ocf:heartbeat:Xen resource and some default values and operations:

rsc_template BigVM ocf:heartbeat:Xen \
   params allow_mem_management="true" \
   op monitor timeout=60s interval=15s \
2 `* g. y; F4 `# Z) d+ R2 d/ _8 h   op stop timeout=10m \
   op start timeout=10m
: B; J; k: G6 }2 g5 ]" T3 cCOPY
# g5 N& B- K9 j5 yOnce you defined the new resource template, you can use it in primitives or reference it in order, colocation, or rsc_ticket constraints. To reference the resource template, use the @ sign:

primitive MyVM1 @BigVM \
   params xmfile="/etc/xen/shared-vm/MyVM1" name="MyVM1"
COPY
& m- ?( {1 `+ k- GThe new primitive MyVM1 is going to inherit everything from the BigVM resource templates. For example, the equivalent of the above two would be:

primitive MyVM1 Xen \
   params xmfile="/etc/xen/shared-vm/MyVM1" name="MyVM1" \
   params allow_mem_management="true" \
   op monitor timeout=60s interval=15s \
$ M* I8 _! z# y- F! O' T  y2 e   op stop timeout=10m \
   op start timeout=10m
; p1 k, ?0 F9 i" p+ C+ NCOPY
If you want to overwrite some options or operations, add them to your (primitive) definition. For example, the following new primitive MyVM2 doubles the timeout for monitor operations but leaves others untouched:

primitive MyVM2 @BigVM \
9 X% e/ B8 d$ s3 {* K) T8 l& n4 H. p   params xmfile="/etc/xen/shared-vm/MyVM2" name="MyVM2" \
0 |7 [5 F0 e2 ~5 C; o0 \3 n  u. w   op monitor timeout=120s interval=30s
COPY
4 l, ~( z" q7 X1 a# D& `8 @, ]0 eA resource template may be referenced in constraints to stand for all primitives which are derived from that template. This helps to produce a more concise and clear cluster configuration. Resource template references are allowed in all constraints except location constraints. Colocation constraints may not contain more than one template reference.
4 o9 [; p3 A4 u: ?+ T6 Y+ Z
7.4.4 Creating a STONITH Resource
- Y1 i( O$ t( B( W1 i/ v  e
From the crm perspective, a STONITH device is just another resource. To create a STONITH resource, proceed as follows:
! e; y" P  b1 {" E% R. o+ S) k5 l* F
. A" |8 {/ o4 I+ V; jLog in as root and start the crm interactive shell:

2 H) a8 X/ Y: n2 mcrm configure
COPY
Get a list of all STONITH types with the following command:

1 {% K  \4 u9 e' lra list stonith
apcmaster                  apcmastersnmp              apcsmart
baytech                    bladehpi                   cyclades
drac3                      external/drac5             external/dracmc-telnet
8 i! S. a0 X6 Q& u1 }external/hetzner           external/hmchttp           external/ibmrsa
external/ibmrsa-telnet     external/ipmi              external/ippower9258
2 @+ ^8 ]" k7 ~; M0 qexternal/kdumpcheck        external/libvirt           external/nut
external/rackpdu           external/riloe             external/sbd
external/vcenter           external/vmware            external/xen0
external/xen0-ha           fence_legacy               ibmhmc
ipmilan                    meatware                   nw_rpc100s
rcd_serial                 rps10                      suicide
wti_mpc                    wti_nps
COPY
9 l7 U$ e/ ^) @7 j0 ]' B8 ?9 J- H6 UChoose a STONITH type from the above list and view the list of possible options. Use the following command:

# s9 O2 X3 W1 V! T2 L7 Rra info stonith:external/ipmi
IPMI STONITH external device (stonith:external/ipmi)
* N; y- c6 S! \+ j1 J- h
% j3 E+ Q" X) X+ m( c/ Lipmitool based power management. Apparently, the power off
; J$ |+ I1 x2 I+ k1 U  Hmethod of ipmitool is intercepted by ACPI which then makes
a regular shutdown. If case of a split brain on a two-node
it may happen that no node survives. For two-node clusters
8 V3 Y# o6 T' O4 muse only the reset method.

, Z7 w( ~% {* l. iParameters (* denotes required, [] the default):

( f/ }. p2 A; V1 Uhostname (string): Hostname
    The name of the host to be managed by this STONITH device.
...
COPY
Create the STONITH resource with the stonith class, the type you have chosen in Step 3, and the respective parameters if needed, for example:

  j& e7 R4 V; j' Y7 aconfigure
8 o( A7 L# L3 \) d% dprimitive my-stonith stonith:external/ipmi \
: q+ x9 L7 R5 ~    params hostname="alice" \
8 c2 W/ \. r9 s9 O0 M4 e4 u5 a    ipaddr="192.168.1.221" \
( A4 O! G6 H. D% _    userid="admin" passwd="secret" \
    op monitor interval=60m timeout=120s
COPY
/ W9 r1 @8 ?# R& `2 q8 v- [6 J7.4.5 Configuring Resource Constraints
! J! o0 c7 }3 d+ U6 B) Y5 L
Having all the resources configured is only one part of the job. Even if the cluster knows all needed resources, it might still not be able to handle them correctly. For example, try not to mount the file system on the slave node of DRBD (in fact, this would fail with DRBD). Define constraints to make these kind of information available to the cluster.

2 T7 [; p: Q: r. l& J& }For more information about constraints, see Section 5.5, “Resource Constraints”.
2 W0 p% j: c* w# [$ ~
) ^, l2 I3 A! \7.4.5.1 Locational Constraints

The location command defines on which nodes a resource may be run, may not be run or is preferred to be run.
2 p3 \$ L% q' s. ~' E9 m
! K2 C( q8 t4 U4 sThis type of constraint may be added multiple times for each resource. All location constraints are evaluated for a given resource. A simple example that expresses a preference to run the resource fs1 on the node with the name alice to 100 would be the following:

location loc-fs1 fs1 100: alice
, V9 C/ X' U8 t. d0 @! k$ eCOPY
* d9 ~7 Z5 @; G  d+ ?- xAnother example is a location with ping:

2 m: `: o* G# R* I8 v& |0 Oprimitive ping ping \
8 C. x$ u# a5 ^( w! }1 ^    params name=ping dampen=5s multiplier=100 host_list="r1 r2"
$ l* N; O$ ^7 M3 A/ }4 m1 _: |clone cl-ping ping meta interleave=true
location loc-node_pref internal_www \
% P# M0 Z5 m5 J    rule 50: #uname eq alice \
    rule ping: defined ping
  w% k# h# s7 L# {  H4 wCOPY
The parameter host_list is a space-separated list of hosts to ping and count. Another use case for location constraints are grouping primitives as a resource set. This can be useful if several resources depend on, for example, a ping attribute for network connectivity. In former times, the -inf/ping rules needed to be duplicated several times in the configuration, making it unnecessarily complex.
; l: y9 A  }9 {: P- U$ `/ o5 W! e
' d9 N$ ]/ v' wThe following example creates a resource set loc-alice, referencing the virtual IP addresses vip1 and vip2:

3 A% K+ U! m8 A3 b0 s% I  Eprimitive vip1 IPaddr2 params ip=192.168.1.5
* u# H- Y% ~( x4 bprimitive vip2 IPaddr2 params ip=192.168.1.6
- N4 n' D8 D4 A8 q/ |& Hlocation loc-alice { vip1 vip2 } inf: alice
COPY
. @+ |" J. T* }# i4 dIn some cases it is much more efficient and convenient to use resource patterns for your location command. A resource pattern is a regular expression between two slashes. For example, the above virtual IP addresses can be all matched with the following:

/ H% B" l5 d, J" m1 s: tlocation  loc-alice /vip.*/ inf: alice
  s/ r. e" ^. S" e1 `COPY
7.4.5.2 Colocational Constraints
* G. K* e' ]# v1 ~, N0 R
% }. c: i6 i- C) Y1 `, MThe colocation command is used to define what resources should run on the same or on different hosts.
  P1 o# B8 T6 N
It is only possible to set a score of either +inf or -inf, defining resources that must always or must never run on the same node. It is also possible to use non-infinite scores. In that case the colocation is called advisory and the cluster may decide not to follow them in favor of not stopping other resources if there is a conflict.

For example, to run the resources with the IDs filesystem_resource and nfs_group always on the same host, use the following constraint:

( Q$ `/ V" y1 `7 u; {; R% zcolocation nfs_on_filesystem inf: nfs_group filesystem_resource
, {) r7 }& S6 w5 V' ICOPY
For a master slave configuration, it is necessary to know if the current node is a master in addition to running the resource locally.
) o) D/ b" d( x% h8 c
+ M3 [; R) z' n, J0 E, p7.4.5.3 Collocating Sets for Resources Without Dependency

Sometimes it is useful to be able to place a group of resources on the same node (defining a colocation constraint), but without having hard dependencies between the resources.
4 @: h$ J+ |6 T, n; [+ _
Use the command weak-bond if you want to place resources on the same node, but without any action if one of them fails.
$ V' z* X; x7 N; |  Q
& {) N( B. g* e0 Z7 h  \crm configure assist weak-bond RES1 RES2
COPY
; a* l2 V6 V6 h+ tThe implementation of weak-bond creates a dummy resource and a colocation constraint with the given resources automatically.
, R& B* |, c: h' n% n1 v
7.4.5.4 Ordering Constraints

+ f9 N5 m: c4 C+ e9 Z1 EThe order command defines a sequence of action.

; e2 B7 z9 K6 _& u# TSometimes it is necessary to provide an order of resource actions or operations. For example, you cannot mount a file system before the device is available to a system. Ordering constraints can be used to start or stop a service right before or after a different resource meets a special condition, such as being started, stopped, or promoted to master.

Use the following command in the crm shell to configure an ordering constraint:
% K: L5 L0 b& r6 ]2 l7 g
7 z' O# @/ y6 z  \order nfs_after_filesystem mandatory: filesystem_resource nfs_group
COPY
( J3 l4 G5 T: R2 _% x$ ?4 u, f7.4.5.5 Constraints for the Example Configuration

" ~7 ^9 q6 M+ HThe example used for this section would not work without additional constraints. It is essential that all resources run on the same machine as the master of the DRBD resource. The DRBD resource must be master before any other resource starts. Trying to mount the DRBD device when it is not the master simply fails. The following constraints must be fulfilled:

' ]% V+ v3 \2 r5 o$ h) EThe file system must always be on the same node as the master of the DRBD resource.
7 r0 t! n; l( n/ k2 e" _8 \& b
; X* _! Q& t4 l8 ^" qcolocation filesystem_on_master inf: \
9 N! ]0 x" P, C- _    filesystem_resource drbd_resource:Master
9 V, k8 l& ^1 ?! o0 hCOPY
The NFS server and the IP address must be on the same node as the file system.

% X6 ^8 X$ t8 ^' ~/ I' v4 m9 Qcolocation nfs_with_fs inf: \
   nfs_group filesystem_resource
& ~+ y3 }: k- ?( CCOPY
7 s5 N0 Z- @, E2 D0 G# w5 lThe NFS server and the IP address start after the file system is mounted:
* M& K; x# I8 x8 [( \) R0 L1 h
order nfs_second mandatory: \
& {# [" s* Z$ u* Y; C! _, X   filesystem_resource:start nfs_group
COPY
$ y0 @0 I  k+ ?# m' OThe file system must be mounted on a node after the DRBD resource is promoted to master on this node.
  U% L) @$ J. y) L: ]2 d  C
order drbd_first inf: \
0 |0 L! E. J5 o. E' x    drbd_resource:promote filesystem_resource:start
COPY
7.4.6 Specifying Resource Failover Nodes
: s0 T, G$ I% f& X0 s3 W9 E
To determine a resource failover, use the meta attribute migration-threshold. In case failcount exceeds migration-threshold on all nodes, the resource will remain stopped. For example:

& h& s( p7 |" \/ Z0 t$ rlocation rsc1-alice rsc1 100: alice
/ R3 C% P, s$ Q8 \COPY
Normally, rsc1 prefers to run on alice. If it fails there, migration-threshold is checked and compared to the failcount. If failcount >= migration-threshold then it is migrated to the node with the next best preference.
( F" z$ D6 f/ D; }& x' E8 M( n
) Z$ O" l& w% w+ U2 A: nStart failures set the failcount to inf depend on the start-failure-is-fatal option. Stop failures cause fencing. If there is no STONITH defined, the resource will not migrate.
, C. L& E6 c: N- {9 Y. }
3 t. n7 F$ a) Z. @4 MFor an overview, refer to Section 5.5.4, “Failover Nodes”.

7.4.7 Specifying Resource Failback Nodes (Resource Stickiness)
5 l" P& F: [$ T
A resource might fail back to its original node when that node is back online and in the cluster. To prevent a resource from failing back to the node that it was running on, or to specify a different node for the resource to fail back to, change its resource stickiness value. You can either specify resource stickiness when you are creating a resource or afterward.
. x5 s: S# @+ Y3 v6 j. r
7 G3 R; I9 [( t! \/ N( JFor an overview, refer to Section 5.5.5, “Failback Nodes”.

+ w7 T1 ], Z( I! A5 x: O7.4.8 Configuring Placement of Resources Based on Load Impact
+ `# Z1 @- ?! r+ p
3 C7 G4 ^4 |  K' QSome resources may have specific capacity requirements such as minimum amount of memory. Otherwise, they may fail to start completely or run with degraded performance.
: [, e5 [" `% u3 Q" ?
/ r* s5 B' ]) P4 ?To take this into account, SUSE Linux Enterprise High Availability allows you to specify the following parameters:
% I5 H7 A& T# M7 ^
2 d& K1 L: X" W. }The capacity a certain node provides.
, D, F5 i, o% @
- l! h6 w) ~' x; PThe capacity a certain resource requires.
/ A6 y9 R, u8 d. j4 Y7 v% B
An overall strategy for placement of resources.

/ Z, y* R3 V: S, g3 T5 R2 s5 Y, mFor detailed background information about the parameters and a configuration example, refer to Section 5.5.6, “Placing Resources Based on Their Load Impact”.

, ~5 s  B* G9 G( }% d( ]To configure the resource's requirements and the capacity a node provides, use utilization attributes. You can name the utilization attributes according to your preferences and define as many name/value pairs as your configuration needs. In certain cases, some agents update the utilization themselves, for example the VirtualDomain.

5 k2 D& F* t: d2 C* G8 M/ [# zIn the following example, we assume that you already have a basic configuration of cluster nodes and resources. You now additionally want to configure the capacities a certain node provides and the capacity a certain resource requires.
0 N; U# n# E: O9 J
PROCEDURE 7.2: ADDING OR MODIFYING UTILIZATION ATTRIBUTES WITH crm

: a* e* ]1 F* N) GLog in as root and start the crm interactive shell:

crm configure
COPY
2 O9 {# w$ h! s0 `' fTo specify the capacity a node provides, use the following command and replace the placeholder NODE_1 with the name of your node:

node NODE_1 utilization hv_memory=16384 cpu=8
COPY
9 g- i8 z3 h2 e8 o. |With these values, NODE_1 would be assumed to provide 16GB of memory and 8 CPU cores to resources.
2 j0 w" g' [6 {% u1 i+ B, g- b
To specify the capacity a resource requires, use:

8 h' d3 o, k; hprimitive xen1 Xen ... \
$ i. h& L3 I8 j2 A     utilization hv_memory=4096 cpu=4
, F6 u+ `; r3 s% rCOPY
1 \2 W+ C! w* j2 |% DThis would make the resource consume 4096 of those memory units from NODE_1, and 4 of the CPU units.

! \9 U6 v' |/ ^! h8 FConfigure the placement strategy with the property command:

property ...
COPY
( U7 P8 z  E* ?The following values are available:
, v3 w$ ]  V8 G* c: q2 _! k
default (default value)
Utilization values are not considered. Resources are allocated according to location scoring. If scores are equal, resources are evenly distributed across nodes.
4 s5 [; ?3 R! ~1 Z6 `5 d3 K
utilization
Utilization values are considered when deciding if a node has enough free capacity to satisfy a resource's requirements. However, load-balancing is still done based on the number of resources allocated to a node.

$ W5 F! p9 ?6 t# p7 a, W1 L% z/ }minimal
Utilization values are considered when deciding if a node has enough free capacity to satisfy a resource's requirements. An attempt is made to concentrate the resources on as few nodes as possible (to achieve power savings on the remaining nodes).
0 K' o. ^* }+ Y5 y
balanced
8 ^' e2 {$ o9 a0 Z, `' B1 mUtilization values are considered when deciding if a node has enough free capacity to satisfy a resource's requirements. An attempt is made to distribute the resources evenly, thus optimizing resource performance.
' t5 N% K) ^  W3 v
NoteNote: Configuring Resource Priorities
The available placement strategies are best-effort—they do not yet use complex heuristic solvers to always reach optimum allocation results. Ensure that resource priorities are properly set so that your most important resources are scheduled first.
8 o1 d9 f) }$ V$ y! P
Commit your changes before leaving crmsh:

commit
COPY
The following example demonstrates a three node cluster of equal nodes, with 4 virtual machines:
' \2 S- }- \% j7 }* ^
node alice utilization hv_memory="4000"
node bob utilization hv_memory="4000"
node charlie utilization hv_memory="4000"
7 C+ R6 i# O- {! D+ Z  |3 ~primitive xenA Xen \
$ ^& y& I2 P6 g    utilization hv_memory="3500" meta priority="10" \
    params xmfile="/etc/xen/shared-vm/vm1"
primitive xenB Xen \
    utilization hv_memory="2000" meta priority="1" \
    params xmfile="/etc/xen/shared-vm/vm2"
  X3 n# Y/ v$ w2 Eprimitive xenC Xen \
    utilization hv_memory="2000" meta priority="1" \
7 S. a( J# h, a  ]2 z" D  _2 ^+ H# y    params xmfile="/etc/xen/shared-vm/vm3"
primitive xenD Xen \
" v. e) j) P$ d    utilization hv_memory="1000" meta priority="5" \
    params xmfile="/etc/xen/shared-vm/vm4"
property placement-strategy="minimal"
COPY
With all three nodes up, xenA will be placed onto a node first, followed by xenD. xenB and xenC would either be allocated together or one of them with xenD.

If one node failed, too little total memory would be available to host them all. xenA would be ensured to be allocated, as would xenD. However, only one of xenB or xenC could still be placed, and since their priority is equal, the result is not defined yet. To resolve this ambiguity as well, you would need to set a higher priority for either one.
1 S$ Y: J8 ^4 Q8 [* |
; ], ]" b  Z* d6 _- @( C2 O! F7.4.9 Configuring Resource Monitoring

; {7 e# }& ?: t& k1 I# t6 r& qTo monitor a resource, there are two possibilities: either define a monitor operation with the op keyword or use the monitor command. The following example configures an Apache resource and monitors it every 60 seconds with the op keyword:

primitive apache apache \
  params ... \
  op monitor interval=60s timeout=30s
1 \4 c/ }( T5 }COPY
1 j! G! Q9 u8 B' L$ N# U6 UThe same can be done with:

primitive apache apache \
2 A8 S4 A1 k& _& V9 m& h; ^   params ...
' T6 C+ ~: \/ o  Gmonitor apache 60s:30s
COPY
For an overview, refer to Section 5.4, “Resource Monitoring”.
% |/ U* a7 D7 o& Y; N$ v% L/ c
. P) ?. p1 D- C) \& ~8 u7.4.10 Configuring a Cluster Resource Group

) B# ]% F  z8 j: FOne of the most common elements of a cluster is a set of resources that needs to be located together. Start sequentially and stop in the reverse order. To simplify this configuration we support the concept of groups. The following example creates two primitives (an IP address and an e-mail resource):
$ O7 V2 u% e# j
Run the crm command as system administrator. The prompt changes to crm(live).
+ t  Y5 I  |% M# b% i1 I% \2 h7 u
2 S/ {! {3 p/ H, Z1 l) T. W) w6 u! uConfigure the primitives:
3 v: i! r' I8 M0 y% b
. |/ w+ R0 O- ]# b9 kconfigure
primitive Public-IP ocf:heartbeat:IPaddr \
* n$ D, C, Z1 h$ K   params ip=1.2.3.4 id= Public-IP
primitive Email systemd:postfix \
   params id=Email
COPY
/ U0 h+ s8 }8 Y0 p) EGroup the primitives with their relevant identifiers in the correct order:

group g-mailsvc Public-IP Email
$ a" x, Z! g6 c9 WCOPY
To change the order of a group member, use the modgroup command from the configure subcommand. Use the following commands to move the primitive Email before Public-IP. (This is just to demonstrate the feature):

! N& s1 F$ P5 a& q! h- v3 Amodgroup g-mailsvc add Email before Public-IP
; v  u$ R6 X, Q' n% cCOPY
* Q7 E  q( O6 F+ a( n" h, ZTo remove a resource from a group (for example, Email), use this command:

" Y/ H5 h# |5 f9 F1 gmodgroup g-mailsvc remove Email
COPY
For an overview, refer to Section 5.3.5.1, “Groups”.
8 b, p, Q8 c" t- v, s# Q5 \: U
7.4.11 Configuring a Clone Resource

2 h. T5 C9 I# j. R" uClones were initially conceived as a convenient way to start N instances of an IP resource and have them distributed throughout the cluster for load balancing. They have turned out to be useful for several other purposes, including integrating with DLM, the fencing subsystem and OCFS2. You can clone any resource, provided the resource agent supports it.

Learn more about cloned resources in Section 5.3.5.2, “Clones”.
# Z% G5 a3 l) u+ S  I
% z: f3 X( |- z0 t7.4.11.1 Creating Anonymous Clone Resources
, E( X9 u7 C4 i& Z/ c3 D8 s8 Q
3 N% A: `5 J9 K# m* Y2 r" v& YTo create an anonymous clone resource, first create a primitive resource and then refer to it with the clone command. Do the following:
4 m/ O$ W+ \# P  `
Log in as root and start the crm interactive shell:

/ S" t3 b: |3 Q6 lcrm configure
  h+ j. s4 ]" w% Y( P% ^$ P  @COPY
) M* L( f7 Q; ^' JConfigure the primitive, for example:

, n8 ?6 r% n3 |2 C5 }7 r2 }2 K5 ]primitive Apache apache
& P9 j# Z' v8 v4 p# aCOPY
Clone the primitive:

clone cl-apache Apache
, f! Q* a$ H) ?" l4 S7 i* kCOPY
1 k1 M% D! {0 h9 ]3 [' ~2 D; O7.4.11.2 Creating Stateful/Multi-State Clone Resources
- I& E5 C+ h% Y3 r: q
8 `! E8 _  T& @) B( j7 q: r8 ZMulti-state resources are a specialization of clones. This type allows the instances to be in one of two operating modes, be it active/passive, primary/secondary, or master/slave.

4 T% W) `* ~+ m3 x; \8 @$ w( OTo create a stateful clone resource, first create a primitive resource and then the multi-state resource. The multi-state resource must support at least promote and demote operations.
% ~* E( Y! |. E0 A
Log in as root and start the crm interactive shell:

crm configure
COPY
1 g) L" d8 ^# H. I) @Configure the primitive. Change the intervals if needed:

6 N; d+ v" T! T" t* t7 h& F; dprimitive my-rsc ocf:myCorp:myAppl \
    op monitor interval=60 \
    op monitor interval=61 role=Master
COPY
Create the multi-state resource:

ms ms-rsc my-rsc
COPY
0 x7 U4 D2 R" f5 R( K2 f' d% d4 |7.5 Managing Cluster Resources

Apart from the possibility to configure your cluster resources, the crm tool also allows you to manage existing resources. The following subsections gives you an overview.
$ k6 U5 H7 m+ w8 A
7.5.1 Showing Cluster Resources
9 s: L$ P0 I" W
When administering a cluster the command crm configure show lists the current CIB objects like cluster configuration, global options, primitives, and others:
: L( ?; B6 R4 c( O9 ?
5 c% j1 @! x8 ?. n5 T- c! rcrm configure show
: C4 u5 R  L# y9 h" A1 Xnode 178326192: alice
2 ~* ~( s' E# Qnode 178326448: bob
# `+ ^9 ~0 ^4 ~6 I) B9 oprimitive admin_addr IPaddr2 \
        params ip=192.168.2.1 \
        op monitor interval=10 timeout=20
primitive stonith-sbd stonith:external/sbd \
" L4 C* d. \; I8 ]+ O% |/ F) i6 R        params pcmk_delay_max=30
property cib-bootstrap-options: \
        have-watchdog=true \
        dc-version=1.1.15-17.1-e174ec8 \
        cluster-infrastructure=corosync \
        cluster-name=hacluster \
+ _0 N' G6 e3 @  F        stonith-enabled=true \
7 q; Y1 Y" H- P4 [. c6 |4 m5 o0 ?        placement-strategy=balanced \
  q9 i" @/ D5 F# b        standby-mode=true
rsc_defaults rsc-options: \
        resource-stickiness=1 \
        migration-threshold=3
op_defaults op-options: \
        timeout=600 \
5 L' y. i% }7 d* Q" U" c        record-pending=true
COPY
In case you have lots of resources, the output of show is too verbose. To restrict the output, use the name of the resource. For example, to list the properties of the primitive admin_addr only, append the resource name to show:

4 w5 Q3 d+ `& w4 c$ k1 U9 I: [crm configure show admin_addr
primitive admin_addr IPaddr2 \
        params ip=192.168.2.1 \
- _# ]/ n! r3 B( C7 |9 W        op monitor interval=10 timeout=20
COPY
However, in some cases, you want to limit the output of specific resources even more. This can be achieved with filters. Filters limit the output to specific components. For example, to list the nodes only, use type:node:

2 A! K/ a8 g: i: P8 o5 f7 Zcrm configure show type:node
3 L+ X: l% \6 O/ p1 O& rnode 178326192: alice
9 D, L- \! q3 j( A% hnode 178326448: bob
COPY
In case you are also interested in primitives, use the or operator:
- a/ k' |* x3 h4 ~2 Y
/ \7 K6 A; @7 _2 ?& f3 z7 k* ncrm configure show type:node or type:primitive
( U, U. m8 s: ^8 L1 Anode 178326192: alice
$ o5 e  E( a) Vnode 178326448: bob
6 M) B# R& R3 @primitive admin_addr IPaddr2 \
3 k8 @1 v5 {+ ^  ^0 W5 q9 w( U        params ip=192.168.2.1 \
; R; x  c3 @$ b. A8 U% G        op monitor interval=10 timeout=20
primitive stonith-sbd stonith:external/sbd \
0 ^4 B& C$ q, h  r8 {9 {        params pcmk_delay_max=30
7 L1 W: n$ _6 C4 }$ ~9 u. SCOPY
2 j' q9 Y  v' d# R8 ~% h5 eFurthermore, to search for an object that starts with a certain string, use this notation:

crm configure show type:primitive and and 'admin*'
primitive admin_addr IPaddr2 \
        params ip=192.168.2.1 \
        op monitor interval=10 timeout=20
COPY
To list all available types, enter crm configure show type: and press the →| key. The Bash completion will give you a list of all types.
7 ^0 Y% V/ G  a) {2 F. {6 {1 a
* C8 b) ?( `% W7 u/ v5 |9 a0 h7.5.2 Starting a New Cluster Resource
9 E) E* S2 U: W2 @
To start a new cluster resource you need the respective identifier. Proceed as follows:
0 |/ S8 F8 b+ }+ j, r: z9 ~) l4 c2 v
Log in as root and start the crm interactive shell:

' \+ F" F6 L' K) r2 ?! vcrm
COPY
' b7 F# a6 b( W0 C" d. `9 m1 g- iSwitch to the resource level:

5 s3 \( w% N8 }5 s0 S5 e3 ?resource
COPY
$ E- D& j7 \1 E7 M+ S, KStart the resource with start and press the →| key to show all known resources:
& O+ i( r& y6 J: D
8 W6 r' _1 {& Z7 C$ h% v5 P) Fstart ID
COPY
: |8 `  _$ U3 Q. [" l7.5.3 Stopping a Cluster Resource
- ?/ Q- V4 t" H8 E
To stop one or more existing cluster resources you need the respective identifier(s). Proceed as follows:

Log in as root and start the crm interactive shell:
0 |- w" H$ g5 |0 U; k# s! r+ h
9 p. C) u7 v3 [0 b8 J# i, @" R, ccrm
+ F8 z( k: D! Y; v2 N3 RCOPY
Switch to the resource level:
' l. w' q5 Z* ?& I  d
resource
6 R% h5 J! s& z  x4 H; d5 |COPY
& g1 V& n1 ?8 Q6 GStop the resource with stop and press the →| key to show all known resources:

4 B% J- e) g) b8 z6 Y2 G# |( Gstop ID
COPY
5 w8 u: e' F9 H4 J8 _It's possible to stop multiple resources at once:

stop ID1 ID2 ...
9 f$ S+ Y# G! |5 b, rCOPY
9 a% n3 q) V* k. Z) x8 J  Y, C7.5.4 Cleaning Up Resources
: y* ]* ]; L& i; X( {4 G
A resource will be automatically restarted if it fails, but each failure raises the resource's failcount. If a migration-threshold has been set for that resource, the node will no longer be allowed to run the resource when the number of failures has reached the migration threshold.
) N$ [* Z, Z: C. Z
Open a shell and log in as user root.

* {6 m+ i) b3 n" t- W% AGet a list of all your resources:
: \5 S) i* U/ t4 Y+ U. V4 a; D
; N/ I5 J% U  y. q/ f8 Ncrm resource list
  s* F8 }8 P7 `- s  ...
) {/ ?5 S/ Z. D. K( H1 ZResource Group: dlm-clvm:1
' }4 I# q6 B& T. i         dlm:1  (ocf:pacemaker:controld) Started
         clvm:1 (ocf:heartbeat:clvm) Started
COPY
$ ?% e( f* V  Z& ~To clean up the resource dlm, for example:

4 ^  }6 W1 b2 Q3 L, `crm resource cleanup dlm
# {* y% O# M! t" oCOPY
7.5.5 Removing a Cluster Resource
4 c6 q: r- j6 P+ K# b
. P- S6 H/ X) [, i' h8 QProceed as follows to remove a cluster resource:
* _) H1 A* N, J+ y$ z9 v
  f& b# D; U5 P$ {Log in as root and start the crm interactive shell:

+ Y; w( B# ^( V5 tcrm configure
, ?7 o7 e, C1 g# O& V% H" MCOPY
Run the following command to get a list of your resources:

  w" ]: H, V0 F+ A+ D' vresource status
9 z  q0 N' m, Y+ A5 G, z& BCOPY
For example, the output can look like this (whereas myIP is the relevant identifier of your resource):

myIP    (ocf:IPaddr:heartbeat) ...
2 M# o1 j1 z" ^4 W' Y0 HCOPY
Delete the resource with the relevant identifier (which implies a commit too):
+ Z8 M8 r7 e6 A) X) X2 `6 u/ x
$ ~# E5 G8 i8 B& h; u8 d* Jconfigure delete YOUR_ID
COPY
Commit the changes:

/ ~5 j0 d4 i/ _: c' hconfigure commit
0 p  B6 b5 T8 v# _! o# K8 p- c6 u2 XCOPY
; ^. O/ a" Y* z4 P7.5.6 Migrating a Cluster Resource
5 ?; C1 E3 N2 u/ h- N
- K2 D( Y1 D3 E' m0 w5 `! ]Although resources are configured to automatically fail over (or migrate) to other nodes of the cluster if a hardware or software failure occurs, you can also manually move a resource to another node using either Hawk2 or the command line.
$ Y# o1 g, o+ j* q
2 @# U! C4 N5 O) n0 k% b+ O$ d1 [' DUse the migrate command for this task. For example, to migrate the resource ipaddress1 to a cluster node named bob, use these commands:
; }+ D; V  |: c& c8 A
crm resource
migrate ipaddress1 bob
COPY
7.5.7 Grouping/Tagging Resources

* N# `6 N3 H/ J! L, NTags are a way to refer to multiple resources at once, without creating any colocation or ordering relationship between them. This can be useful for grouping conceptually related resources. For example, if you have several resources related to a database, create a tag called databases and add all resources related to the database to this tag:

$ T2 o2 w7 ~! |0 D; Acrm configure tag databases: db1 db2 db3
9 O, }, o; {8 h) ]COPY
This allows you to start them all with a single command:

5 t  c: {" Z( q3 \! }+ b6 @. xcrm resource start databases
COPY
Similarly, you can stop them all too:
, Y2 A) [) a; z1 L( d7 R
crm resource stop databases
COPY
7.5.8 Getting Health Status
% q3 k2 j5 S9 D$ k& H
" }  a; x3 G3 F9 z  c* L3 aThe “health” status of a cluster or node can be displayed with so called scripts. A script can perform different tasks—they are not targeted to health. However, for this subsection, we focus on how to get the health status.

To get all the details about the health command, use describe:
" |4 z' z% X% r0 W8 A, U
crm script describe health
COPY
It shows a description and a list of all parameters and their default values. To execute a script, use run:
( i4 D: l  V1 w- S, A! k) a  _
crm script run health
! f+ n- q1 f5 I# XCOPY
If you prefer to run only one step from the suite, the describe command lists all available steps in the Steps category.
4 @/ C0 `& r+ e' T: n1 e
" ?7 S& |0 I: e/ F4 `9 j( ^For example, the following command executes the first step of the health command. The output is stored in the health.json file for further investigation:
  h: n. h6 A  a+ Z
crm script run health
  D6 ?6 ?( Y0 C  a1 N+ p    statefile='health.json'
. o- Q6 ~. Z+ A1 b! ^9 g& WCOPY
It is also possible to run the above commands with crm cluster health.

For additional information regarding scripts, see http://crmsh.github.io/scripts/.
$ H/ O1 Z, J: h4 E6 o2 F# [
7.6 Setting Passwords Independent of cib.xml
# S% `/ f: I: a8 `% ]8 o( O. T
# D; T: m  W. LIn case your cluster configuration contains sensitive information, such as passwords, it should be stored in local files. That way, these parameters will never be logged or leaked in support reports.
8 g4 m2 T8 K$ ?9 H& v
Before using secret, better run the show command first to get an overview of all your resources:
$ e+ f+ b" H. X
crm configure show
primitive mydb mysql \
5 g  T4 c/ D2 j# V, s" r2 B9 m   params replication_user=admin ...
# h0 z8 ^4 {" M5 y- H1 @COPY
! {3 l9 y, p4 j  uIf you want to set a password for the above mydb resource, use the following commands:

' a& r7 D5 n5 @% K, Z# h/ h5 m1 Tcrm resource secret mydb set passwd linux
INFO: syncing /var/lib/heartbeat/lrm/secrets/mydb/passwd to [your node list]
2 j6 {+ y9 `/ }" b8 j) L' [! ECOPY
4 q* K( g) T8 L' L6 P  g8 @' }You can get the saved password back with:
8 Z1 n. O, `/ i+ q
2 K  I2 c0 [+ k* ?1 ccrm resource secret mydb show passwd
linux
COPY
7 ?- H2 B9 g' p9 o9 v0 }Note that the parameters need to be synchronized between nodes; the crm resource secret command will take care of that. We highly recommend to only use this command to manage secret parameters.
  s: B& A" f+ N7 z. n, Z$ J
. f( L* e( Z6 ^. f4 e7.7 Retrieving History Information

! V# V& T& ?8 Q) h: N2 W# IInvestigating the cluster history is a complex task. To simplify this task, crmsh contains the history command with its subcommands. It is assumed SSH is configured correctly.
3 {/ p( {) Z: }
Each cluster moves states, migrates resources, or starts important processes. All these actions can be retrieved by subcommands of history.
2 V+ Z( ^( @& _
( b3 }- _' c6 I# r& i( sBy default, all history commands look at the events of the last hour. To change this time frame, use the limit subcommand. The syntax is:
0 _3 T/ x9 P8 h' f) ~
8 @# L0 R* S) H: y/ @& Lcrm history
limit FROM_TIME [TO_TIME]
COPY
Some valid examples include:
# Y# `. @. Q! `& k' O
. b" R0 T9 X8 t7 B4 Y/ E2 {- O2 `limit4:00pm , limit16:00
Both commands mean the same, today at 4pm.
, A" e$ w, k7 v
% ]# N/ \9 f8 r3 Ulimit2012/01/12 6pm
. m! V, F5 v4 ?# D- u2 vJanuary 12th 2012 at 6pm
1 c" `  a+ E6 g# w" p+ X& k( Z
/ A, |. g9 I9 I. nlimit"Sun 5 20:46"
In the current year of the current month at Sunday the 5th at 8:46pm

Find more examples and how to create time frames at http://labix.org/python-dateutil.
0 {% r/ H; [) g& J4 F! F6 p3 u5 U
The info subcommand shows all the parameters which are covered by the crm report:
$ v( `% \% u  I
4 u6 L) @3 s2 |& j5 pinfo
Source: live
Period: 2012-01-12 14:10:56 - end
  a4 Z- w+ p7 @5 F9 MNodes: alice
Groups:
/ G' v( J4 L7 Y' N4 ]- V1 y4 lResources:
* F4 m- B& t. |- Z2 oCOPY
5 M- F' E/ G# b4 l0 r2 nTo limit crm report to certain parameters view the available options with the subcommand help.

% C( \8 c( P8 x7 d& {# gTo narrow down the level of detail, use the subcommand detail with a level:
. A" ~  E+ [8 p; m
! d8 G9 k' Y3 ~) U9 adetail 1
COPY
0 q4 |3 p) v+ E: P, XThe higher the number, the more detailed your report will be. Default is 0 (zero).

7 p8 F$ a% R! s- X/ _5 t, I) i) kAfter you have set above parameters, use log to show the log messages.

To display the last transition, use the following command:
3 M% B  w! R8 D4 y& s$ ?3 n& ^
( C! I, _, h! U2 ]2 g% _transition -1
6 S( e: ]* ]9 }( o) U- C0 oINFO: fetching new logs, please wait ...
  m# }, U* J" D" g5 VCOPY
This command fetches the logs and runs dotty (from the graphviz package) to show the transition graph. The shell opens the log file which you can browse with the ↓ and ↑ cursor keys.
1 A: m  Y% o5 x' w  `  j5 _0 q1 j
; }$ M0 v5 `/ g1 [If you do not want to open the transition graph, use the nograph option:
% L$ E- i( C: e+ i* u% z1 ^
5 v1 d0 z' k, t) b+ V  R2 Dtransition -1 nograph
4 k7 |$ R) c$ O: J9 i% Y8 {