Disk Shredding Service

By On · Add Comment

Securely erase the contents of a hard drive.  This is very important if you are donating or recycling old computers to ensure your privacy is protected.

Certain tools which format or erase drives quickly don’t actually remove the data from the disk.  Instead they destroy only parts of the drive that contain partition tables, boot records, or other data required by the operating system or the file system.  Using inexpensive tools, or data recovery services, it may still be possible to read the rest of the disk.

For this reason, the Disk Shredding Service ensures that every portion of your hard drive will be overwritten with random data, which obliterates boot records, partition tables, and all other data.

The service includes a certificate-of-destruction confirming the data has been wiped.

 

 

Computer Tune-Up Service

By On · Add Comment

A simple way to get your PC back to its original glory.  The flat-rate fee includes everything below with a 24-hour turn-around time, and addresses all the common causes of computer clutter and slow-down.

Details

Update

  • BIOS
  • Hardware Drivers
  • Windows / OS
  • Common Applications: Java, Acrobat Reader, Firefox, Chrome, Office, Adobe Flash
  • Anti-Virus definitions

Uninstall

  • Unnecessary tool bars
  • Unwanted add-ons
  • Excessive start-up applications
  • Trial / Expired software
  • Bloatware (factory installed applications you don’t need or want)
  • Malware (programs that contain trojans, back-doors, pop-ups)

Hardware

  • Vacuum and air-dust case, fans, and air-intakes for a cleaner, quieter, cooler computer.
  • Detect and repair hard disk errors.
  • Analyze and defragment (if required) disks.

Clean

  • Windows Registry
  • Cookies
  • Old Profiles
  • Recycle Bin / Downloaded Programs / Temporary Files
  • Viruses / Malware via full system scan

Wipe & Install Service

By On · Add Comment

Sometimes its better to start over or start fresh.  This may be the case if  you:

  • Have bought a second-hand computer or received a hand-me-down
  • Want to switch operating systems (eg. XP to Windows 7, or Win7 Home to Win7 Pro)
  • Are badly infected with viruses, malware, spyware, rootkits, etc.

Details

The Wipe & Install service includes the following:

  • Format hard drive, check and repair errors.
  • Restore or Install operating system from media.
  • Install additional or manufacturer-supplied hardware drivers.
  • Apply latest Windows and application updates.
  • Install commonly used free applications, such as Acrobat Reader, Firefox, Adobe Flash,  and AVG Anti-virus.
  • Install licensed, user-supplied applications.

The service does not include backing up or transferring data from the computer prior to wiping – that is included separately in the Data Transfer service.

Prerequisites

To comply with licensing rules and avoid software piracy, you will need to provide:

  • The factory restore CDs that came with the computer
  • OR a licensed copy of the operating system to be installed
  • AND licensed copies of all applications to be re-installed

If you are missing any components, we can provide assistance obtaining replacement restore media from manufacturers, or purchasing new licenses.

Computer Upcycling Service

By On · Add Comment

The process of Upcycling a PC  gives new value, boosts performance, and extends usable life.  It’s a sustainable choice for planet and pocket-book.

Upcycling can be in the form of:

  1. Frankensteining:  Building a more powerful computer using parts salvaged from others.
  2. Installing a Linux appliance, which performs faster than Windows on the same hardware.

Learn more about upcycling and what to do with your old computer, or schedule a pickup of your old equipment.

Details

PC Upcycling depends on the equipment available and the end-user needs:

  • Requirements / Needs analysis.
  • Current hardware assessment.
  • Hardware mix-and-match and upgrades.
  • Install and configure Linux appliances and/or  hardware, with ongoing support.
  • Responsibly re-use, donate, or re-cycle extra and broken components.

Please request an estimate for this service.

Idea: Portable Hard-Disk Shredder

By On · Add Comment

When getting rid of old computers, it is very important to securely erase the contents.  One way to do that is do physically drill holes in the platters, heads, and case, but that renders the drive useless and it cannot be re-used.   ‘shred’ is a handy linux tool that can be used to wipe drives:

Overwrite  the specified FILE(s) repeatedly, in order to make it harder
for even very expensive hardware probing to recover the data.

As handy as shred may be, it is really only useful to Linux command-line geeks. Here’s an idea-only for building a portable, plug-and-play hard drive shredder.

Description

When a hard drive is attached to the shredding” unit via SATA or IDE cable, the unit automatically detects and begins to “shred” the hard drive contents.  An indicator LED may show status, like SHREDDING and READY on portable units, or a desktop/kiosk unit might use a simple GUI to start/stop/cancel shredding and optionally e-mail shredding reports to the owner.

Uses

  • Bulk hard drive shredding at recycling facilities
  • Offered as a service by volunteer and community computer upcyclers
  • Loaned / rented to individuals/businesses
  • Self-serve kiosk

Equipment

  • Raspberry Pi, other single-board computer, or old laptop.
  • A USB to IDE/SATA adapter (example)
  • For a portable unit: a simple LED status indicator
  • For a desktop unit:  monitor and mouse/keyboard

Software

  • Raspbian or other Linux distro
  • ‘shred’ utility (raspbian/debian/ubuntu: apt-get install shred)
  • udisks-glue or other disk auto-mounter
  • user interface: software to drive LED indicator or on-screen GUI

What to do with Old Computers

By On · Add Comment

In British Columbia, honorable efforts have been made to divert e-waste from landfills.  Through Encorp, locations have been setup province-wide to accept and recycle electronics free of charge (Find a depot near you).  This is an excellent program for recycling broken electronics, but in my opinion it circumvents “The 3 R’s” and emphasizes Recycling over Reduce and Re-Use.  If you have an older computer that still works, here are some alternatives to consider before dumping it off at the nearest Return-It Depot.

Delete

Computers hold so much personal information that they are like the pot of gold at the end of the identity-thief rainbow.

Whatever you do with your old PC, make sure you completely and securely wipe your old hard drive.  I once came across a used hard drive that contained a person’s e-mail, telephone, local address, parent’s address, social insurance number, visa application documents, pictures of his girlfriend in unflattering poses and far more Internet pornography than I’d ever care to see – and that was just on the Desktop!

Find out more about “shredding” old hard drives.

Donate

Consider donating your old, working equipment to local organizations or non-profit groups who make efforts to provide computer training, computer and Internet access, and affordable low-cost computer systems to the community.  Some organizations in the Vancouver / Sea-To-Sky area are:

Remember, simply because your computer as a whole is not working, individual components may still be useful.  Volunteers at these organizations are trained to assess and test components so they can re-use working ones and properly recycle non-working ones.

AngryElectron, while not a community organization, also accepts computer donations.  Find out more about the benefits and how your old equipment is re-used.

UpCycle

To  upcycle a PC is to add value to old computer equipment.  This can be done by:

  • mixing and matching parts from multiple computers to create a better performing machine
  • by installing software that uses fewer resources, in other words, software that can do more with less
  • a combination of both

Here are some examples of  things you can build for free using Linux appliances:

  • Desktop Computers – Linux desktops aren’t that different from Windows ones (Ubuntu Desktop)
  • Servers – web, FTP, file, print, VPN, and more (Ubuntu Server)
  • PVR – personal video recorder (MythTv, video capture card)
  • Security System – inexpensive video surveillance (ZoneMinder, IP cameras)
  • Internet Router – firewall, gateway, router, VPN, and more (Endian Firewall, 2 network cards)
  • Windows Domain Controller – active directory and group policy, file & printer servers (Sernet Samba4)
  • NAS/SAN – network storage for photos, movies, backups, etc. (Openfiler, additional hard drives)
  • PBX/VOIP – networked office phone system for POTS, SIP, and IAX2 trunks (Trixbox, SIP phones)
  • Management & Monitoring server – know about issues before they happen (Zabbix)
  • Enterprise Backup server – unattended backups for Windows, Linux, and Mac (BackupPC)
  • Internet Kiosks – secure, easy to deploy web access for public use (Webconverger)

While upcycled PCs and Linux Appliances are easy to use, free to license, and may only require a minor investment in an add-on card or additional hard drive, they do require some Linux know-how to install and configure.  Find out more about AngryElectron’s upcycling service.

Why Computers Slow Down

By On · Add Comment

In my experience, I have found these three things to be the biggest cause of sluggish, slow, computers:

  1. Too many anti-virus/security programs.
  2. Unknown, unwanted, and unexpected start-up applications.
  3. Browser add-ons and tool bars.

Generally, these things consume unnecessary system resources (CPU or processing power; RAM or memory; and hard drive reading and writing) and get installed without the user’s informed consent.

Here’s a more detailed explanation of these common problems and what you can do to resolve them.

Anti-Virus Overkill

Anti-virus programs are a necessity for safe browsing, but they can be very resource intensive, stealing your computer’s ‘Power” away from programs you actually want to use.  If you have more than one of:

  • Microsoft Security Essentials
  • Avast
  • Norton Anti-Virus (or security tools)
  • McAfee  Anti-Virus (or security tools)
  • AVG

currently running on your computer, then you are needlessly wasting your computer’s resources by double or triple-scanning each and every file you try to open!  Pick one anti-virus package you trust, make sure  that the program, virus definitions, and subscriptions (Norton, McAfee) are all up to date, and uninstall the other programs.

Start-Up Applications

When your computer boots, certain applications start automatically, and these applications all need to be up and running before you will be allowed to open any new programs. There are a  few different types of start-up applications, some required, some optional, and some that might even be malicious.  Your computer will boot and run faster if you eliminate the unnecessary start-ups.

Required

Bluetooth is one example of a required hardware-related start-up application.    In fact, *most* users don’t use Bluetooth, so it could actually be disabled, but it could also make your Bluetooth keyboard, mouse, headset, etc. stop working if you do.

Other required start-up tasks initialize drivers needed to use your printer, wireless network card, your speakers, or other important system-related things.  Disabling these tasks will speed up your computer, but possibly prevent things from working as expected.

Optional

This category refers to start-up applications that you, the user, actually want to use – things like your Anti-Virus program, Skype or other messaging tools.  Try to avoid having too many optional start-ups, and only keep the ones that you frequently use.  Just because you tell Skype not to start on boot, doesn’t mean you can’t open it anytime you want to make a video call.

There are other optional start-up applications that are intended to give you faster-access to commonly used programs like Acrobat Reader or Microsoft Office.   It’s a lot like leaving your car running in the driveway for a faster getaway – if you’re a bank robber, it makes sense, but otherwise it’s just a form of pollution and a waste of gas.

Optional start-up tasks are also often used to check for software updates.  Java, Google, and Adobe all do this.  These programs aren’t too invasive, as they do a quick check, then show a notification or simply shut down.  Pay attention to any notifications and address them to prevent the updater from running unnecessarily, or disable these start-ups and check for updates manually.

Too Many Tool Bars

toolbars

too many toolbars

I’ve seen too many Firefox and Internet Explorer windows that look like this.  In many cases, users don’t need or want the tool bars, or the associated browser add-ons, but don’t know how they got there, or more importantly, how to get rid of them!

Worse still, these tool bars often have startup or background applications associated with them that can perform hidden, nefarious actions without the user’s consent.

A tool bar or two may make sense for some users, but most people don’t need 15 different ways to search.   These tool bars eat up precious resources and slow things down.  Instead of using search tool bars, simply tell your browser which search engine you prefer (hint:  you *prefer* Google), and search by typing directly into the address bar.

Disable and un-install all toolbars and browser add-ons.  Many users also have multiple web browsers (Internet Explorer, Firefox, Chrome, Safari, etc.) and all need to be cleaned out.

Conclusion

Just like houses need housekeepers and automobiles need mechanics, your computer needs a tune-up from time to time to keep it performing as best it can.  Whether you do it your self or get a professional to help, it’s always a worthwhile investment.

How To Install OCS Inventory Server 2.1

By On · 2 Comments

OCS Inventory tracks and inventories computer assets, and provides automatic package deployment and integration with ticket tracking systems like GLPI.  Here is how to install an OCS Inventory Server 2.1 on Ubuntu 12.04 and setup the Windows agent automatically to deploy automatically to Windows clients using a logon script.

Server

Install a clean Ubuntu 12.04 Server.  During the installation, no additional packages are required, however the SSH Server is always handy for remote administration.   Change the hostname now, since changing it later will break the SSL certificate that the installation process will generate.

Ubuntu contains packages to install OCS Inventory Server 2.0.2, which is not the latest version and the agents and packagers compatible with this version do not work well on modern, up-to-date operating systems.  To install the OCS Inventory Server 2.1, along with all required dependencies, use the ocs2-1.sh  script from the angryelectron automate repo on Github.

Installation Notes

  1. You’ll be prompted for a new password for the mysql “root” user (assuming mysql has not been previously installed).  The password can be anything you wish, but remember what it is as you’ll need it later on.
  2. CPAN will prompt: “Would you like to configure as much as possible automatically?”  Yes!  Yes you would!  Simply press enter to accept all the default values.
  3. OCS will prompt:  “Do you wish to continue” – again, press enter to accept the default values (Unless you are upgrading, in which case you are on your own!)
  4. The script will pause and ask you to complete some configuration using the web interface.  Load http://<hostname>/ocsreports, and change the mysql user from “ocs” to “root”, then enter the mysql root password you created earlier.  Hit Submit, then review the next page for errors.  If all looks OK, hit “Submit Query” at the bottom of the page.  Note the default user name and password given.
  5. Return to the shell script and press Enter to continue.
  6. Enter a new password for the OCS database followed by the root mysql password
  7. When the script is complete, login to the web interface and address any errors shown.

The OCS Inventory Server should now be ready for use.

Configuring Server for Package Deployment

  • If you are going to be using OCS to deploy software packages to clients, don’t forget to change Config -> Deployment -> Download to “ON” and possibly change the download settings to smaller values (ie. 1second) so things deploy faster.
  • If deploying large packages (>100M), review the post_max_size and upload_max_size settings in /etc/apache2/conf.d/ocsinventory-reports.conf.
  • Large deployment packages may exceed the maximum amount of memory a PHP script may consume.  You can solve this by adjusting the memory_limit in /etc/php5/apache2/php.ini, or (preferable) deploying your package in smaller fragment sizes.

Windows Agent

The OCS Inventory Agent runs on client machines, checks for packages to be deployed, and gathers and sends inventory data back to the server.  While the OCS Inventory Agent can be installed manually on each machine, deploying it automatically is much more useful.  The process is generally this:

  1. Assemble build tools
  2. Build a deployment package that includes the OCS Windows Agent
  3. Upload the Agent to the deployment server
  4. Using Group Policy, tell the OCS Logon tool to run when a user logs on
  5. Configure OCS Logon to check for a deployed Agent, and deploy it if necessary.
  6. Once the agent has been deployed, it will run as a service and send inventory reports automatically.

This all needs to take place on a Windows machine.

Assemble Build Tools

  1. Create a new, temporary folder called OCS-BUILD which will be used to assemble all the executables and certificates needed.
  2. Copy ‘cacert.pem’ from the server (created in the same directory as ocs.sh) into the OCS-BUILD directory.
  3. Download OCS Packager 2.1.0.3 and extract OcsPackager.exe into the OCS-BUILD directory.  This is not the default version but a version found in the support forums that fixes an issue in which the Packager cannot write the final output without permission errors.
  4. Download OCSNG-Windows-Agent-2.1 and extract OcsLogon.exe and OCS-NG-Windows-Agent-Setup.exe into OCS-BUILD directory.
  5. Download PsTools and extract PSExec.exe into the OCS-BUILD directory.

Build Deployment Package

Assuming you are using the Windows Domain ‘DOMAIN’, I recommend creating a domain user called “ocsinventory” and granting it Administrator rights.   When the package is deployed, this is the user that will run the installation process, so it must have permissions to install programs and start/stop services.

Run OcsPackager.exe in the OCS-BUILD directory and enter the following:

  • Agent Setup File = OCS-NG_Windows-Agent-Setup.exe
  • Certificate File = cacert.pem
  • Command Line = /S /server:<ip or dns of server> /np /DEBUG
  • User = DOMAIN\username
  • Password = <DOMAIN\username’s password>

When you click “Next”, the tool will create a file called “OcsPackage.exe”.  Rename it to “ocspackage.exe” (case matters) and remember not to confuse it with “OcsPackager.exe”.    You can test your settings at this point by running ocspackage.exe with elevated privileges (Right-Click -> Run As Administrator).

Upload Package

Still on the Windows machine, launch a browser, navigate to http://<ocsserver>/ocsreports, and login.  Then:

  1. Click the Wrench icon
  2. Select “Agent”
  3. Click “Add file”
  4. Browse and select ocspackage.exe which you created in the previous step.
  5. Click “Send”

You now have a deploy-able package on your OCS Inventory server that will install and run the Windows OCS Inventory Agent.  This package also includes the server certificate that is required to deploy other types of packages.  If you want to test your work so far, browse to http://<ocsserver>/ocsinventory/deploy/ocspackage.exe – an executable should download which, when run with elevated privileges, installs the OCS Inventory agent.

Create a Login Script

  1. Launch the Group Policy Management tool (built into your Windows Domain Controller, or installed as part of the Remote Server Admin Tools from Microsoft).
  2. Expand Forest, Domains, <DOMAIN>
  3. Right-Click “Group Policy Objects” and select New.  Give the policy a name (eg. OCS Inventory)
  4. In the new policy, expand User Configuration, Policies, Windows Settings, Scripts
  5. Right-click “Logon” and select properties.
  6. Click “Add”
  7. Enter “ocslogon.exe” as the Script Name
  8. Enter “/SERVER=http://<ip or dns of server>/ocsinventory /PACKAGER /DEPLOY=2.1.0.1 /DEBUG” as the parameters
  9. Click “OK’.
  10. Click “Show Files”, then copy OcsLogon.exe from the OCS-BUILD directory into the Logon folder.
  11. Close the Logon folder and click “OK” in the Logon Properties window.
  12. Close the Group Policy Editor window
  13. Back in the Group Policy Management window, drag and drop the newly created “OCS Inventory” policy onto the <DOMAIN> node (ie. the node below Forest and below Domains.  This will link the new policy to the domain.

Now, whenever a user logs into a domain computer, ocslogon.exe will run.  OcsLogon will check if the OCS Inventory Agent is installed.  If not (or if an older version is found), OcsLogon will automatically contact the OCS server and attempt to deploy the ocspackage.exe package.  When run as part of a logon script, ocspackage.exe will be executed automatically with elevated privileges, unlike earlier during testing when this step had to be done manually.

Troubleshooting

After logging into a domain computer for the first time, the OCS Inventory agent should run and send an inventory report to the server.  Login to the server and verify the computer appears.  If it does not, there are several log files to check which may reveal the problem.

On the Server

  • /var/log/apache2/access.log
  • /var/log/apache2/error.log

Look for perl, permissions, and access errors.

On the Windows Client

  • %temp%/OcsLogon.log – created when ocslogon.exe runs
  • %temp%/ocspackage.log – created when the Agent is deployed
  • %programdata%/OcsInventory NG/Agent/OCSInventory.log – created when the Inventory is created/sent.  There are other log files in the Agent directory that might be useful too.

Ubuntu Agent

To add an Ubuntu computer to OCS Inventory, simply install the agent (sudo apt-get install ocsinventory-agent), then run it (sudo ocsinventory-agent).  The agent will run periodically from a cron job to keep the inventory up to date.  Older Agents (apt-get installs version 2.0.1)  are all compatible with the latest server version.

Samba4 Domain Controller and Management Tools

By On · Add Comment

Background

Sernet has built packages and a pre-built Linux appliance that can be used to quickly build a Windows Domain Controller / Active Directory based on samba4 and Debian Squeeze (32-bit).  The appliance is a quick way to turn a physical machine into a domain controller, but what about a virtual appliance, specifically a Xen (XCP) virtual appliance?

One could:

  1. Install the HVM appliance and convert it to PV.
  2. Install a PV’ed Debian Squeeze and add the sernet/samba4 packages.
  3. Install another PV’ed Linux Distro and re-build the sernet/samba4 packages.

As my goal is to build virtual appliances that are really simple for anyone to install, option (2) is the best approach.  I did attempt (1) but found that after the appliance installation, the VM would not boot due to Grub errors (“Welcome to GRUB”, then nothing!) and I was not really interested at the time in finding out why.

Domain Controller Install

Here is the simplest way I have found to install a Samba4 Domain Controller in a Xen XCP virtual machine:

  1. Install Debian Squeeze 32-bit from the XenCentre template and/or command line.
  2. Get the samba4.sh script from the angryelectron/automate git repo
  3. Make the script executable and run it
  4. When prompted, enter information about the new domain

There are two ways to install the samba4.sh script from the command line.  Both are run as root:

apt-get install git
git clone https://github.com/angryelectron/automate
cd automate
chmod +x samba4.sh
./samba4.sh

or, if you don’t want to install git:

wget https://raw.github.com/angryelectron/automate/master/samba4.sh
chmod +x samba4.sh
./samba4.sh

The samba4.sh script downloads the samba4 and sernet appliance packages, installs the required dependencies, the runs the ‘dcpromo.sh’ script included in the appliance package.

Also included in the ‘automate’ repo are simple scripts for changing the hostname and setting up network interfaces.

Domain Controller Management

samba4 domain controllers can be managed from the command line, however, most system administrators are more familiar and comfortable using Windows management tools.  To effectively manage a samaba4 domain on Windows 7, install the Windows 7 Remote Server Administration ToolsHere is another link showing how to install the tools, including the group policy management snap-in.

In a virtualized environment, a Windows 7 virtual machine can be created just for the purpose of administering the domain.  This is quite handy when most of the other machines run Linux.

Password Policy

Password policies can be changed via gpedit.msc on Windows, or really relaxed via the command line of the samba4 box:

samba-tool domain passwordsettings set --complexity=off
samba-tool domain passwordsettings set --min-pwd-age=0
samba-tool domain passwordsettings set --max-pwd-age=0

 

How to setup Pacemaker/Corosync on Ubuntu 12.04 LTS

By On · 2 Comments

Exisiting Pacemaker How-To Guides, like Highly Available iSCSI Target, use Heartbeat, which is an alternative to Pacemaker.  Unfortunately such documentation does not mention that Heartbeat is no longer preferred.   Ubuntu ClusterStack docs and others use Pacemaker, but are complicated, incomplete, or application-specific.  Clusterlab’s Ubuntu Quickstart is clean and simple, but like other guides, it too lacks a critical bit of information, which is:

Corosync uses the hostname to bind to an interface.  If the local machine’s hostname resolves to 127.0.1.1 (as it should), Corosync will only bind to the loopback interface, and other nodes will be unreachable (OFFLINE).

This may not be a problem in later version of Corosync, but it affects the version installed on Ubuntu 12.04.

Step 1: Setup Network

Perform this step on all nodes in the cluster.

Typically nodes in clusters don’t rely on DHCP or DNS, so configure the network interface of each machine to use a static IP by editing /etc/network/interfaces to look something like this:

auto ethN # where N is the interface number, ie. eth0 on machines with a single interface
iface ethN inet static
address 10.0.0.1 #change this for each node
netmask 255.255.255.0

In a two-node cluster you can connect both nodes directly using a cross-over cable.  If using a switch, make sure it allows multicast.

Step 2: Setup Hosts

Perform this step on all nodes in the cluster.

Since DNS is typically not used, and Corosync relies on host names to communicate between nodes and bind to network interfaces, you’ll need to edit /etc/hosts.  For a server with the hostname ‘node1.test.local’ and IP address 10.0.0.1, /etc/hosts will look like this:

127.0.0.1  localhost
#127.0.1.1 node1.test.local  node1
10.0.0.1   node1.test.local  node1
10.0.0.2   node2.test.local  node2
10.0.0.N   nodeN.test.local  nodeN # add a line for each additional node

You’ll need to comment-out the 127.0.1.1 line, then add the IP address and hostname of all other nodes in the cluster.  Make the changes to /etc/hosts on all nodes in the cluster.  If everything is going well, all nodes will be ‘pingable’ at their IP addresses.  Note that you should see this:

node1:$ping node1
PING node1.test.local (10.0.0.1) 56(84) byes of data
64 bytes from node1.test.local (10.0.0.1): icmp_req=1 ttl=64 time=0.060 ms
...

and not this:

node1:$ping node1
PING node1.test.local (127.0.1.1) 56(84) byes of data
64 bytes from node1.test.local (127.0.1.1): icmp_req=1 ttl=64 time=0.060 ms
...

Step 3: Configure Corosync Binding

Perform this step on all nodes in the cluster.

Install some packages and ensure they start at boot:

sudo apt-get install pacemaker cman fence-agents
update-rc.d -f pacemaker remove
update-rc.d pacemaker start 50 1 2 3 4 5 . stop 01 0 6 .

Then edit /etc/corosync/corosync.conf:

#bindnetaddr: 127.0.0.1
bindnetaddr: 10.0.0.0

Where 10.0.0.0 is the IP address of the cluster’s subnet (it may vary depending on your IP address and netmask).

Step 4: Configure and Start the Cluster

Perform this step on all nodes in the cluster.

Copy the following into /etc/cluster/cluster.conf:

<?xml version="1.0"?>
<cluster config_version="1" name="pacemaker1">
  <logging debug="off"/>
  <clusternodes>
    <clusternode name="node1" nodeid="1">
      <fence>
        <method name="pcmk-redirect">
          <device name="pcmk" port="node1"/>
        </method>
      </fence>
    </clusternode>
    <clusternode name="node2" nodeid="2">
      <fence>
        <method name="pcmk-redirect">
          <device name="pcmk" port="node2"/>
        </method>
      </fence>
    </clusternode>
  </clusternodes>
  <fencedevices>
    <fencedevice name="pcmk" agent="fence_pcmk"/>
  </fencedevices>
</cluster>

Replace all occurances of “node1” and “node2” if using other hostnames, or add additional clusternodes if required.

Next, if using a 2-node cluster, modify /etc/default/cman:

echo "CMAN_QUORUM_TIMEOUT=0" >> /etc/default/cman

Finally, start everything up:

sudo service cman start
sudo service pacemaker start

Step 5: Verify the Cluster

After you have started the cluster on all nodes, run some basic checks to make sure everything is working.  On one of the nodes:

nodeN:$ sudo crm status
============
Last updated: Fri Sep 20 11:48:34 2013
Last change: Thu Sep 19 16:26:46 2013 via crmd on node1
Stack: cman
Current DC: nodeN - partition with quorum
Version: 1.1.6-9971ebba4494012a93c03b40a2c58ec0eb60f50c
2 Nodes configured, unknown expected votes
0 Resources configured.
============

Online: [ node1 node2 ]

nodeN:$ sudo corosync-cfgtool -s
Printing ring status.
Local node ID 1
RIND ID 0
     id = 10.0.0.N
     status = ring 0 active with no faults

If corosync-cfgtool returns 127.0.1.1, or only 1/2 nodes are online, repeat this step on all other nodes and/or review Steps 1 and 2 to ensure the network is correctly configured.

Step 6: Configure and Use the Cluster

This is where things get complicated and implementation-specific, so the following is only a simple example.  If using a two-node cluster, consider adding:

sudo crm configure property no-quorum-policy=ignore
sudo crm configure property stonith-enabled=false

Then add a Dummy resource:

sudo crm configure primitive DummyService ocf:pacemaker:Dummy op monitor interval=60s

Check that the DummyService  is running on one node, but visible to all the others using the “sudo crm status” command.  To transfer the service to another node (nodeN) in the cluster:

sudo crm_resource --resource DummyService --move --node nodeN

At this point, you should have a working, if not pointless high-availability cluster running a useless service!  For more information about configuring Pacemaker, please see Clusters From Scratch, or Cluster Lab’s Example Configurations.