Active-Passive Disaster Recovery

Active-Passive Disaster Recovery

DR-OLVM安装

参照​​Oracle Linux 7安装​​，进行Oracle Linux 7 minimal安装

参照​​OLVM安装​​，安装Oracle Linux Virtualization Manager

DR-KVM Host安装

参照​​Oracle Linux 7安装​​，进行Oracle Linux 7 minimal安装

参照​​KVM Host安装​​，配置KVM环境

DR群集配置

OLVM添加KVM Host

参照​​添加KVM Host​​，将KVM加入到群集中

网络配置

参照​​创建Logical Network​​，创建逻辑网络

Ansible安装配置

参照​​Oracle Linux 7安装​​，进行Oracle Linux 7 minimal安装

Ansible engine安装

yum groupinstall "Development tools" -y
rpm -ivh https://mirrors.tuna.tsinghua.edu.cn/epel/epel-release-latest-7.noarch.rpm
yum install ansible -y

Ansible 配置定义

修改配置文件，/etc/ansible/ansible.cfg

[defaults]
# some basic default values...
inventory = /etc/ansible/hosts
# library_path = /usr/share/my_modules/
remote_tmp = $HOME/.ansible/tmp
pattern = *
forks = 5
poll_interval = 15
sudo_user = root
#ask_sudo_pass = True
#ask_pass = True
transport = smart
remote_port = 22
module_lang = C
gathering = implicit
host_key_checking = False
log_path = /var/log/ansible.log
system_warnings = False
roles_path = /etc/ansible/roles
# set plugin path directories here, separate with colons
action_plugins = /usr/share/ansible/plugins/action
become_plugins = /usr/share/ansible/plugins/become
cache_plugins = /usr/share/ansible/plugins/cache
callback_plugins = /usr/share/ansible/plugins/callback
connection_plugins = /usr/share/ansible/plugins/connection
lookup_plugins = /usr/share/ansible/plugins/lookup
inventory_plugins = /usr/share/ansible/plugins/inventory
vars_plugins = /usr/share/ansible/plugins/vars
filter_plugins = /usr/share/ansible/plugins/filter
test_plugins = /usr/share/ansible/plugins/test
terminal_plugins = /usr/share/ansible/plugins/terminal
strategy_plugins = /usr/share/ansible/plugins/strategy
fact_caching = memory
[accelerate]
accelerate_port = 5099
accelerate_timeout = 30
accelerate_connect_timeout = 5.0
# The daemon timeout is measured in minutes. This time is measured
# from the last activity to the accelerate daemon.
accelerate_daemon_timeout = 30

安装ovirt角色

ansible-galaxy install oVirt.ovirt-ansible-roles -p /usr/share/ansible/roles/
ansible-galaxy install oVirt.infra -p /usr/share/ansible/roles/

检查安装结果

[root@ansible ansible]# ansible-galaxy list
# /root/.ansible/roles
# /usr/share/ansible/roles
- oVirt.ovirt-ansible-roles, 1.2.3
- ovirt.cluster-upgrade, 1.2.3
- ovirt.disaster-recovery, 1.3.0
- ovirt.engine-setup, 1.2.4
- ovirt.image-template, 1.2.2
- ovirt.infra, 1.2.2
- ovirt.manageiq, 1.2.1
- ovirt.repositories, 1.2.5
- ovirt.vm-infra, 1.2.3
- ovirt.v2v-conversion-host, v1.9.1
- ovirt.hosted_engine_setup, 1.0.34
- ovirt.shutdown_env, 1.1.0
- oVirt.infra, 1.2.2
# /etc/ansible/roles

安装python3等依赖包

yum install python3 libcurl-devel python3-devel libxslt-devel openssl \
python-pip python-devel.x86_64 -y
export PYCURL_SSL_LIBRARY=nss
pip3 install pycurl ovirt-engine-sdk-python pyyaml
pip install ovirt-engine-sdk-python

生成mapping file

生成olvm mapping file

编辑变量文件，/usr/share/ansible/roles/ovirt.disaster-recovery/files/olvm.conf

[log]
log_file=/tmp/ovirt-dr-{}.log
log_level=DEBUG

[generate_vars]
site=https://ol7-olvm/ovirt-engine/api
username=admin@internal
password=P@ss0lvm
ca_file=/etc/pki/ovirt-engine/olvm-ca.pem
output_file=/etc/ansible/olvm/olvm_vars.yml
ansible_play=/usr/share/ansible/roles/ovirt.disaster-recovery/examples/dr_play.yml

添加hosts

cat > /etc/hosts << EOF
192.168.10.51 ol7-olvm
192.168.10.52 dr-ol7-olvm
EOF

拷贝CA证书

mkdir -p /etc/pki/ovirt-engine
rsync -av ol7-olvm:/etc/pki/ovirt-engine/ca.pem /etc/pki/ovirt-engine/olvm-ca.pem
rsync -av dr-ol7-olvm:/etc/pki/ovirt-engine/ca.pem /etc/pki/ovirt-engine/dr-olvm-ca.pem

使用脚本生成mapping file，/usr/share/ansible/roles/ovirt.disaster-recovery/files/ovirt-dr

[root@ansible files]# pwd
/usr/share/ansible/roles/ovirt.disaster-recovery/files
[root@ansible files]# ./ovirt-dr generate --conf-file=olvm.conf

olvm_mapping文件， /etc/ansible/olvm/olvm_vars.yml

---
dr_sites_primary_url: https://ol7-olvm/ovirt-engine/api
dr_sites_primary_username: admin@internal
dr_sites_primary_ca_file: /etc/pki/ovirt-engine/ca.pem

# Please fill in the following properties for the secondary site:
dr_sites_secondary_url: # https://ol7-olvm/ovirt-engine/api
dr_sites_secondary_username: # admin@internal
dr_sites_secondary_ca_file: # /etc/pki/ovirt-engine/ca.pem

dr_import_storages:
- dr_domain_type: iscsi
 dr_wipe_after_delete: False
 dr_backup: False
 dr_critical_space_action_blocker: 5
 dr_storage_domain_type: data
 dr_warning_low_space: 10
 dr_primary_name: data
 dr_primary_master_domain: False
 dr_primary_dc_name: Default
 dr_discard_after_delete: False
 dr_domain_id: bcca8438-810f-4932-bf25-d874babd97b1
 dr_primary_address: 192.168.10.101
 dr_primary_port: 3260
 dr_primary_target: ["iqn.2006-01.com.openfiler:olvm-data"]
 # Fill in the empty properties related to the secondary site
 dr_secondary_name: # data
 dr_secondary_master_domain: # False
 dr_secondary_dc_name: # Default
 dr_secondary_address: # 192.168.10.101
 dr_secondary_port: # 3260
 # target example: ["target1","target2","target3"]
 dr_secondary_target: # ["iqn.2006-01.com.openfiler:olvm-data"]

- dr_domain_type: iscsi
 dr_wipe_after_delete: False
 dr_backup: False
 dr_critical_space_action_blocker: 5
 dr_storage_domain_type: data
 dr_warning_low_space: 10
 dr_primary_name: iso
 dr_primary_master_domain: True
 dr_primary_dc_name: Default
 dr_discard_after_delete: False
 dr_domain_id: 7f193505-6922-467e-aeb7-06ee4d9296b6
 dr_primary_address: 192.168.10.101
 dr_primary_port: 3260
 dr_primary_target: ["iqn.2006-01.com.openfiler:olvm-iso"]
 # Fill in the empty properties related to the secondary site
 dr_secondary_name: # iso
 dr_secondary_master_domain: # True
 dr_secondary_dc_name: # Default
 dr_secondary_address: # 192.168.10.101
 dr_secondary_port: # 3260
 # target example: ["target1","target2","target3"]
 dr_secondary_target: # ["iqn.2006-01.com.openfiler:olvm-iso"]

# Mapping for cluster
dr_cluster_mappings:
- primary_name: Default
 # Fill the correlated cluster name in the secondary site for cluster 'Default'
 secondary_name: # Default


# Mapping for affinity group
dr_affinity_group_mappings:

# Mapping for affinity label
dr_affinity_label_mappings:

# Mapping for domain
dr_domain_mappings:
- primary_name: internal-authz
 # Fill in the correlated domain in the secondary site for domain 'internal-authz'
 secondary_name: # internal-authz


# Mapping for role
# Fill in any roles which should be mapped between sites.
dr_role_mappings:
- primary_name:
 secondary_name:

dr_network_mappings:
- primary_network_name: ovirtmgmt
# Data Center name is relevant when multiple vnic profiles are maintained.
# please uncomment it in case you have more than one DC.
# primary_network_dc: Default
 primary_profile_name: ovirtmgmt
 primary_profile_id: 0000000a-000a-000a-000a-000000000398
 # Fill in the correlated vnic profile properties in the secondary site for profile 'ovirtmgmt'
 secondary_network_name: # ovirtmgmt
# Data Center name is relevant when multiple vnic profiles are maintained.
# please uncomment it in case you have more than one DC.
# secondary_network_dc: Default
 secondary_profile_name: # ovirtmgmt
 secondary_profile_id: # 0000000a-000a-000a-000a-000000000398

- primary_network_name: vm_public
# Data Center name is relevant when multiple vnic profiles are maintained.
# please uncomment it in case you have more than one DC.
# primary_network_dc: Default
 primary_profile_name: vm_public
 primary_profile_id: a50fa78c-eb82-4f28-89c2-65e1a3c2f190
 # Fill in the correlated vnic profile properties in the secondary site for profile 'vm_public'
 secondary_network_name: # vm_public
# Data Center name is relevant when multiple vnic profiles are maintained.
# please uncomment it in case you have more than one DC.
# secondary_network_dc: Default
 secondary_profile_name: # vm_public
 secondary_profile_id: # a50fa78c-eb82-4f28-89c2-65e1a3c2f190


# Mapping for external LUN disks
dr_lun_mappings:

生成dr-olvm mapping file

编辑变量文件，/usr/share/ansible/roles/ovirt.disaster-recovery/files/dr-olvm.conf

[log]
log_file=/tmp/ovirt-dr-{}.log
log_level=DEBUG

[generate_vars]
site=https://dr-ol7-olvm/ovirt-engine/api
username=admin@internal
password=P@ss0lvm
ca_file=/etc/pki/ovirt-engine/dr-olvm-ca.pem
output_file=/etc/ansible/olvm/dr-olvm_vars.yml
ansible_play=/usr/share/ansible/roles/ovirt.disaster-recovery/examples/dr_play.yml

使用脚本生成mapping file，/usr/share/ansible/roles/ovirt.disaster-recovery/files/ovirt-dr

[root@ansible files]# pwd
/usr/share/ansible/roles/ovirt.disaster-recovery/files
[root@ansible files]# ./ovirt-dr generate --conf-file=dr-olvm.conf

dr-olvm_mapping文件， /etc/ansible/olvm/dr-olvm_vars.yml

---
dr_sites_primary_url: https://dr-ol7-olvm/ovirt-engine/api
dr_sites_primary_username: admin@internal
dr_sites_primary_ca_file: /etc/pki/ovirt-engine/dr-olvm-ca.pem

# Please fill in the following properties for the secondary site:
dr_sites_secondary_url: # https://dr-ol7-olvm/ovirt-engine/api
dr_sites_secondary_username: # admin@internal
dr_sites_secondary_ca_file: # /etc/pki/ovirt-engine/dr-olvm-ca.pem

dr_import_storages:
# Mapping for cluster
dr_cluster_mappings:
- primary_name: Default
 # Fill the correlated cluster name in the secondary site for cluster 'Default'
 secondary_name: # Default


# Mapping for affinity group
dr_affinity_group_mappings:

# Mapping for affinity label
dr_affinity_label_mappings:

# Mapping for domain
dr_domain_mappings:
- primary_name: internal-authz
 # Fill in the correlated domain in the secondary site for domain 'internal-authz'
 secondary_name: # internal-authz


# Mapping for role
# Fill in any roles which should be mapped between sites.
dr_role_mappings:
- primary_name:
 secondary_name:

dr_network_mappings:
- primary_network_name: ovirtmgmt
# Data Center name is relevant when multiple vnic profiles are maintained.
# please uncomment it in case you have more than one DC.
# primary_network_dc: Default
 primary_profile_name: ovirtmgmt
 primary_profile_id: 0000000a-000a-000a-000a-000000000398
 # Fill in the correlated vnic profile properties in the secondary site for profile 'ovirtmgmt'
 secondary_network_name: # ovirtmgmt
# Data Center name is relevant when multiple vnic profiles are maintained.
# please uncomment it in case you have more than one DC.
# secondary_network_dc: Default
 secondary_profile_name: # ovirtmgmt
 secondary_profile_id: # 0000000a-000a-000a-000a-000000000398

- primary_network_name: vm_public
# Data Center name is relevant when multiple vnic profiles are maintained.
# please uncomment it in case you have more than one DC.
# primary_network_dc: Default
 primary_profile_name: vm_public
 primary_profile_id: cacf200a-1e3c-4d0f-ba7c-a7e3f8b8b3ce
 # Fill in the correlated vnic profile properties in the secondary site for profile 'vm_public'
 secondary_network_name: # vm_public
# Data Center name is relevant when multiple vnic profiles are maintained.
# please uncomment it in case you have more than one DC.
# secondary_network_dc: Default
 secondary_profile_name: # vm_public
 secondary_profile_id: # cacf200a-1e3c-4d0f-ba7c-a7e3f8b8b3ce


# Mapping for external LUN disks
dr_lun_mappings:

编辑合并dr_secondary部分

mapping_vars文件， /etc/ansible/olvm/mapping_vars.yml

Note：DR逻辑网络需提前配置，iSCSI应提前建好，并且不添加到domain中

---
dr_sites_primary_url: https://ol7-olvm/ovirt-engine/api
dr_sites_primary_username: admin@internal
dr_sites_primary_ca_file: /etc/pki/ovirt-engine/olvm-ca.pem

# Please fill in the following properties for the secondary site:
dr_sites_secondary_url: https://dr-ol7-olvm/ovirt-engine/api
dr_sites_secondary_username: admin@internal
dr_sites_secondary_ca_file: /etc/pki/ovirt-engine/dr-olvm-ca.pem

dr_import_storages:
- dr_domain_type: iscsi
 dr_wipe_after_delete: False
 dr_backup: False
 dr_critical_space_action_blocker: 5
 dr_storage_domain_type: data
 dr_warning_low_space: 10
 dr_primary_name: data
 dr_primary_master_domain: True
 dr_primary_dc_name: Default
 dr_discard_after_delete: False
 dr_domain_id: bcca8438-810f-4932-bf25-d874babd97b1
 dr_primary_address: 192.168.10.101
 dr_primary_port: 3260
 dr_primary_target: ["iqn.2006-01.com.openfiler:olvm-data"]
 # Fill in the empty properties related to the secondary site
 dr_secondary_name: data
 dr_secondary_master_domain: True
 dr_secondary_dc_name: Default
 dr_secondary_address: 192.168.10.101
 dr_secondary_port: 3260
 # target example: ["target1","target2","target3"]
 dr_secondary_target: ["iqn.2006-01.com.openfiler:dr-olvm-data"]

#- dr_domain_type: iscsi
# dr_wipe_after_delete: False
# dr_backup: False
# dr_critical_space_action_blocker: 5
# dr_storage_domain_type: data
# dr_warning_low_space: 10
# dr_primary_name: iso
# dr_primary_master_domain: False
# dr_primary_dc_name: Default
# dr_discard_after_delete: False
# dr_domain_id: 7f193505-6922-467e-aeb7-06ee4d9296b6
# dr_primary_address: 192.168.10.101
# dr_primary_port: 3260
# dr_primary_target: ["iqn.2006-01.com.openfiler:olvm-iso"]
# # Fill in the empty properties related to the secondary site
# dr_secondary_name: # iso
# dr_secondary_master_domain: # False
# dr_secondary_dc_name: # Default
# dr_secondary_address: # 192.168.10.101
# dr_secondary_port: # 3260
# # target example: ["target1","target2","target3"]
# dr_secondary_target: # ["iqn.2006-01.com.openfiler:olvm-iso"]

# Mapping for cluster
dr_cluster_mappings:
- primary_name: Default
 # Fill the correlated cluster name in the secondary site for cluster 'Default'
 secondary_name: Default


# Mapping for affinity group
dr_affinity_group_mappings:

# Mapping for affinity label
dr_affinity_label_mappings:

# Mapping for domain
dr_domain_mappings:
- primary_name: internal-authz
 # Fill in the correlated domain in the secondary site for domain 'internal-authz'
 secondary_name: internal-authz


# Mapping for role
# Fill in any roles which should be mapped between sites.
dr_role_mappings:
- primary_name:
 secondary_name:

dr_network_mappings:
- primary_network_name: ovirtmgmt
# Data Center name is relevant when multiple vnic profiles are maintained.
# please uncomment it in case you have more than one DC.
# primary_network_dc: Default
 primary_profile_name: ovirtmgmt
 primary_profile_id: 0000000a-000a-000a-000a-000000000398
 # Fill in the correlated vnic profile properties in the secondary site for profile 'ovirtmgmt'
 secondary_network_name: ovirtmgmt
# Data Center name is relevant when multiple vnic profiles are maintained.
# please uncomment it in case you have more than one DC.
# secondary_network_dc: Default
 secondary_profile_name: ovirtmgmt
 secondary_profile_id: 0000000a-000a-000a-000a-000000000398

- primary_network_name: vm_public
# Data Center name is relevant when multiple vnic profiles are maintained.
# please uncomment it in case you have more than one DC.
# primary_network_dc: Default
 primary_profile_name: vm_public
 primary_profile_id: a50fa78c-eb82-4f28-89c2-65e1a3c2f190
 # Fill in the correlated vnic profile properties in the secondary site for profile 'vm_public'
 secondary_network_name: vm_public
# Data Center name is relevant when multiple vnic profiles are maintained.
# please uncomment it in case you have more than one DC.
# secondary_network_dc: Default
 secondary_profile_name: vm_public
 secondary_profile_id: cacf200a-1e3c-4d0f-ba7c-a7e3f8b8b3ce


# Mapping for external LUN disks
dr_lun_mappings:

Failover测试

前提准备

新建密码文件，/etc/ansible/ovirt_password.yml

---
dr_sites_primary_password: P@ss0lvm
dr_sites_secondary_password: P@ss0lvm

加密密码文件

[root@ansible ansible]# ansible-vault encrypt ovirt_password.yml
New Vault password:
Confirm New Vault password:
Encryption successful

新建failover playbook，/etc/ansible/olvm-failback.yml

---
- name: Failback OLVM
 hosts: localhost
 connection: local
 vars:
 dr_target_host: secondary
 dr_source_map: primary
 vars_files:
 - mapping_vars.yml
 - ovirt_passwords.yml
 roles:
 - ovirt.disaster-recovery

Dr-Primary操作

配置进入维护模式，仿真故障情况

Ansible主机操作

ansible-playbook olvm-failback.yml --tags "fail_over"

检查执行情况

Dr-Secondary检查

相关VM已同步

开机测试，正常运行

Failback测试

Dr-Primary恢复服务

Dr-Secondary操作

配置进入维护模式，确保数据只读

Ansible主机操作

ansible-playbook olvm-failback.yml --tags "fail_back"

检查执行情况

Dr-Primary检查

Dr-Secondary写入的数据，已同步到Dr-Primary主机vm中