Db2

 View Only
Expand all | Collapse all

DB2 HADR Cluster using Pacemaker with Corosync tiebreaker

  • 1.  DB2 HADR Cluster using Pacemaker with Corosync tiebreaker

    Posted Tue March 28, 2023 09:21 AM

    Hi .

    After setting up a HADR 2 node Cluster with pacemaker, I try to create a qdevice using the following command:

    /opt/ibm/db2/V11.5/bin/db2cm -create -qdevice red1

    in this case, red1 is the redhat linux machine wich has also the db2 pacemaker packages installed. After a while the command is running, I get the following error message:

    Error: Could not create qdevice via corosync-qdevice-net-certutil

    Firewalls on all nodes disabled.

    any ideas?

    regards 

    Joerg



    ------------------------------
    Jörg Burdorf
    ------------------------------


  • 2.  RE: DB2 HADR Cluster using Pacemaker with Corosync tiebreaker

    Posted Tue March 28, 2023 02:41 PM

    Is passwordless ssh enabled between both db nodes and quorum device?

    create qdevice connects to both db nodes and generate certificate which gets shared with quorum node for qdevice to work.



    ------------------------------
    Sumit Choudhary
    ------------------------------



  • 3.  RE: DB2 HADR Cluster using Pacemaker with Corosync tiebreaker

    Posted Wed March 29, 2023 03:09 AM

    The logs of db2cm are located in /tmp.
    Hopefully the corresponding log can give more information on why it does not work.



    ------------------------------
    Hans-Juergen Zeltwanger
    ------------------------------



  • 4.  RE: DB2 HADR Cluster using Pacemaker with Corosync tiebreaker

    Posted Thu March 30, 2023 11:03 AM

    HI folks!

    Now it is working. The hint with the logfiles in tmp folder help to see the error. The passwordless ssh connection was only from the 2 db2 node to the quorum node but not from the quorum node to the 2 db2 nodes. Also there was a directory created in :/etc/corosync/qdevice/net/nssdb  on the 2 db2 nodes. When I start the create command again, this message comes up in the logfiles:

    Node sles02 seems to be already initialized. Please delete /etc/corosync/qdevice/net/nssdb

    After deleting this directoriy on the 2 db2 nodes the command runs with success!

    Successfully configured qdevice on nodes sles02 and sles01
    Attempting to start qdevice on red1
    Quorum device red1 added successfully.

    I am very happy!

    Thanks a lot for your help!!!!

    Joerg



    ------------------------------
    Jörg Burdorf
    ------------------------------



  • 5.  RE: DB2 HADR Cluster using Pacemaker with Corosync tiebreaker

    Posted Thu March 30, 2023 11:18 AM
    Edited by Hans-Juergen Zeltwanger Fri March 31, 2023 06:57 AM

    Hi Jörg,
    I am glad it worked now.
    I also experienced this situation in the past, with a half-configured qdevice and no way forth and back. In this case the only solution seems to be to move (or delete) the corresponding config files.

    On Qdevice host:
    /etc/corosync/qnetd # mv nssdb nssdb.old

    On DB hosts:
    /etc/corosync/qdevice # mv net net.old



    ------------------------------
    Hans-Juergen Zeltwanger
    ------------------------------



  • 6.  RE: DB2 HADR Cluster using Pacemaker with Corosync tiebreaker

    Posted Thu October 12, 2023 12:54 PM

    Experienced the same error, as follows, when ran but what I saw in the db2cm logs was different"

    db2cm -create -qdevice <qdevice_host>

    Error: Could not create qdevice via corosync-qdevice-net-certutil

    In the db2cm logs:

    Start corosync-qdevice-tool -s
    corosync-qdevice-tool: Can't connect to QDevice socket (is QDevice running?): Connection refused
    End - Failed

    ...

    Start ssh ip-10-0-35-162 "test -f /etc/corosync/qnetd/nssdb/cluster-<cluster_name>.crt"
     
    End - Failed

    ...

    Start /usr/sbin/corosync-qdevice-net-certutil -Q -n <cluster_name> <qdevice_host> <db2_node1_host> <db2_node2_host>
    root@<db2_node1_host>: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
    root@<db2_node1_host>: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
    Node <db2_node1_host> doesn't have /usr/sbin/corosync-qdevice-net-certutil installed
    End - Failed

    With the last error messages, verified that "/usr/sbin/corosync-qdevice-net-certutil" is on <db2_node1_host>.  Tested passwordless ssh for root between the 2 DB2 nodes and Quorum device.  Specified "PreferredAuthentications publickey" in /etc/ssh/ssh_config.

    Any ideas on what to try to resolve this issue?

    Ronnie Ng



    ------------------------------
    Ronnie Ng
    ------------------------------



  • 7.  RE: DB2 HADR Cluster using Pacemaker with Corosync tiebreaker

    Posted Fri October 13, 2023 01:14 AM

    Hello,

    I would check the SSH server log on the target machine and also compare the configuration with the points mentioned in this article.
    https://phoenixnap.com/kb/ssh-permission-denied-publickey

    How did you copy keys to the target machines? Did you use ssh-copy-id root@<target_machine> ?



    ------------------------------
    Ondřej Žižka
    ------------------------------



  • 8.  RE: DB2 HADR Cluster using Pacemaker with Corosync tiebreaker

    Posted Sun November 19, 2023 10:43 PM

    You need to add passwordless ssh for the root user on the <db2_node1_host>. The root user should be able to authenticate itself.

    root@db2_node1_host:> ssh root@db2_node1_host  (should be successful)



    ------------------------------
    Divaker Goel
    ------------------------------



  • 9.  RE: DB2 HADR Cluster using Pacemaker with Corosync tiebreaker

    Posted Sun October 15, 2023 05:04 AM

    Corosync Pacemaker cluster is still unavailable on AIX, is that right?



    ------------------------------
    Jeremy Rickard
    ------------------------------



  • 10.  RE: DB2 HADR Cluster using Pacemaker with Corosync tiebreaker

    Posted Mon October 16, 2023 12:52 AM

    Jeremy

    There has been no announced date for pacemaker support on AIX, however it is on the Db2 development roadmap.



    ------------------------------
    Dale McInnis
    ------------------------------



  • 11.  RE: DB2 HADR Cluster using Pacemaker with Corosync tiebreaker

    Posted Sat October 21, 2023 05:31 AM

    Hi Dale,

    Yes I know. Feels like a long time coming though...

    Thanks,

    Jeremy



    ------------------------------
    Jeremy Rickard
    ------------------------------



  • 12.  RE: DB2 HADR Cluster using Pacemaker with Corosync tiebreaker

    Posted Wed October 25, 2023 09:37 AM

    Hi Jeremy, another option is to switch to POWER Linux - Pacemaker is supported there.



    ------------------------------
    ALAN LEE
    ------------------------------



  • 13.  RE: DB2 HADR Cluster using Pacemaker with Corosync tiebreaker

    IBM Champion
    Posted Tue December 05, 2023 04:30 PM
    Edited by Jan Nelken Wed December 06, 2023 06:08 AM

    Hi Dale!

    May I ask a silly question -

    What is best way to deal with Software Police objections: they sniffed that PaceMaker is based on Open Source and request full approval of use of Open Software component in production environment?

    1. License information were communicated;
    2. Non-IBM-licence.rtf was communicated;

    What else can be done?

    When security sniffing gets into way - it makes situation less secure - in my opinion.


    License terms for using Pacemaker integrated with IBM Db2 server

    Ibm remove preview
    License terms for using Pacemaker integrated with IBM Db2 server
    Pacemaker has GPL and LGPL licenses included with the Db2 License. Users need to read and agree to the license terms prior to installation or upgrading.
    View this on Ibm >





    ------------------------------
    Jan Nelken
    ------------------------------



  • 14.  RE: DB2 HADR Cluster using Pacemaker with Corosync tiebreaker

    Posted Wed December 06, 2023 04:34 PM
     We include a lot of open source packages with Db2 and Pacemaker is one of them. All open source is scanned and cleared using IBM processes.  We also include this in our notices.txt and non-ibm-license.txt file that is shipped with product.

    Dale McInnis
    (416) 432-3874





  • 15.  RE: DB2 HADR Cluster using Pacemaker with Corosync tiebreaker

    IBM Champion
    Posted Thu December 07, 2023 12:54 AM

    Hi Jan,

    tell them, their sniffer works incorrect and finds false positives! ;-)

    The GPL and LGPL mentioned above are just a hint, that there are some components from other sources than IBM. SEE ALSO https://en.wikipedia.org/wiki/GNU_Lesser_General_Public_License

    And the second hint is, PaceMaker is included in the full installer of Db2. You cannot "exclude" it while downloading the Db2 image from IBM Passport Advantage. You don't have to download it separately from "some other" site.
    Plus it is a special build within Db2 and get's full support by IBM. The PD version is not supported from IBM.

    If the security team would look closer, they would not be able to run successfully any Linux server, if they exclude all software having a GPL or LGPL.



    ------------------------------
    Roland Schock
    IBM Champion and IBM Gold Consultant
    ------------------------------



  • 16.  RE: DB2 HADR Cluster using Pacemaker with Corosync tiebreaker

    Posted Tue November 21, 2023 04:17 PM

    Absolutely crucial details, Sumit! It's like ensuring all players on the field are in sync.

    Just as passwordless SSH is the playbook for smooth communication between DB nodes, creating a solid connection with the quorum device is like having a reliable team captain. It ensures everyone is on the same page, working towards a common goal.

    The creation of the device and the certificate exchange is like establishing trust among teammates. It's the backbone of a high-performing team, be it in database clustering or sports.



    ------------------------------
    Idrees khan
    ------------------------------