Product SiteDocumentation Site

Chapter 8. Replicate Storage Using DRBD

Table of Contents

8.1. Install the DRBD Packages
8.2. Allocate a Disk Volume for DRBD
8.3. Configure DRBD
8.4. Initialize DRBD
8.5. Populate the DRBD Disk
8.6. Configure the Cluster for the DRBD device
8.7. Configure the Cluster for the Filesystem
8.8. Test Cluster Failover
Even if you’re serving up static websites, having to manually synchronize the contents of that website to all the machines in the cluster is not ideal. For dynamic websites, such as a wiki, it’s not even an option. Not everyone care afford network-attached storage, but somehow the data needs to be kept in sync.
Enter DRBD, which can be thought of as network-based RAID-1. [9]

8.1. Install the DRBD Packages

DRBD itself is included in the upstream kernel,[10] but we do need some utilities to use it effectively.
CentOS does not ship these utilities, so we need to enable a third-party repository to get them. Supported packages for many OSes are available from DRBD’s maker LINBIT, but here we’ll use the free ELRepo repository.
On both nodes, import the ELRepo package signing key, and enable the repository:
# rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
# rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm
Retrieving http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm
Preparing...                          ################################# [100%]
Updating / installing...
   1:elrepo-release-7.0-3.el7.elrepo  ################################# [100%]
Now, we can install the DRBD kernel module and utilities:
# yum install -y kmod-drbd84 drbd84-utils
DRBD will not be able to run under the default SELinux security policies. If you are familiar with SELinux, you can modify the policies in a more fine-grained manner, but here we will simply exempt DRBD processes from SELinux control:
# semanage permissive -a drbd_t
We will configure DRBD to use port 7789, so allow that port from each host to the other:
[root@pcmk-1 ~]# firewall-cmd --permanent --add-rich-rule='rule family="ipv4" \
    source address="192.168.122.102" port port="7789" protocol="tcp" accept'
success
[root@pcmk-1 ~]# firewall-cmd --reload
success
[root@pcmk-2 ~]# firewall-cmd --permanent --add-rich-rule='rule family="ipv4" \
    source address="192.168.122.101" port port="7789" protocol="tcp" accept'
success
[root@pcmk-2 ~]# firewall-cmd --reload
success

Note

In this example, we have only two nodes, and all network traffic is on the same LAN. In production, it is recommended to use a dedicated, isolated network for cluster-related traffic, so the firewall configuration would likely be different; one approach would be to add the dedicated network interfaces to the trusted zone.


[9] See http://www.drbd.org/ for details.
[10] Since version 2.6.33