Contents
Abstract
In addition to the crm command line tool and the Pacemaker GUI the High Availability Extension also comes with the HA Web Konsole, a Web-based user interface for management tasks. It allows you to monitor and administer your Linux cluster also from non-Linux machines. Furthermore, it is an ideal solution in case your system does not provide or allow a graphical user interface.
The Web interface is included in the
hawk package. It must be
installed on all cluster nodes you want to connect to with the HA Web Konsole. On
the machine from which you want to access a cluster node using the
HA Web Konsole, you only need a (graphical) Web browser with JavaScript and
cookies enabled to establish the connection.
![[Note]](admon/note.png) | User Authentication |
|---|---|
To log in to the cluster from the HA Web Konsole, the respective user must be a
member of the
Before using the HA Web Konsole, either set a password for the
Do this on every node you will connect to with the HA Web Konsole. | |
Procedure 7.1. Starting the HA Web Konsole
To use HA Web Konsole, the respective Web service must be started on the
node that you want to connect to with the Web interface. For communication,
the standard HTTP(s) protocol and port 7630 is used.
On the node you want to connect to, open a shell and log in as
root.Check the status of the service by entering
rchawk status
If the service is not running, start it with
rchawk start
If you want the HA Web Konsole to start automatically at boot time, execute the following command:
chkconfig hawk on
On any machine, start a Web browser and make sure that JavaScript and cookies are enabled.
Point it at the IP address or hostname of any cluster node, or the address of any
IPaddr(2)resource that you may have configured:https://
IPaddress:7630/Certificate Warning Depending on your browser and browser options, you may get a certificate warning when trying to access the URL for the first time. This is because the HA Web Konsole uses a self-signed certificate that is not considered trustworthy per default.
To proceed anyway, you can add an exception in the browser to bypass the warning. To avoid the warning in the first place, the self-signed certificate can also be replaced with a certificate signed by an official Certificate Authority. For information on how to do so, refer to Replacing the Self-Signed Certificate.
On the HA Web Konsole login screen, enter the and of the
haclusteruser (or of any other user that is member of thehaclientgroup) and click .The screen appears, displaying the status of your cluster nodes and resources similar to the output of the crm_mon.
After logging in, HA Web Konsole displays the most important global cluster parameters and the status of your cluster nodes and resources. The following color code is used for status display:
Green: OK. For example, the resource is running or the node is online.
Red: Bad, unclean. For example, the resource has failed or the node was not shut down cleanly.
Yellow: In transition. For example, the node is currently being shut down.
Grey: Not running, but the cluster expects it to be running. For example, nodes that the administrator has stopped or put into
standbymode. Also nodes that are offline are displayed in grey (if they have been shut down cleanly).
Click the arrow symbols in the and groups to expand and collapse the tree view.
If a resource has failed, a failure message with the details is shown in red at the top of the screen.
Click the wrench icon at the right side of a node or resource to access a
context menu that allows some actions, like starting, stopping or
cleaning up a resource (or putting a node into online
or standby mode or to fence a node).
Currently, the HA Web Konsole only allows basic operator tasks but more functions will be added in the future, for example, the ability to configure resources and nodes.
- HA Web Konsole Log Files
Find the HA Web Konsole log files in
/srv/www/hawk/log. It is useful to check them in case you cannot access the HA Web Konsole at all for some reason.If you have trouble starting or stopping a resource with the HA Web Konsole, check the log files that Pacemaker logs to—by default,
/var/log/messages) .- Authentication Fails
If you cannot log in to HA Web Konsole with a new user you added to the
haclientgroup (or if you experience delays until HA Web Konsole accepts logins from this user), stop thercnscddaemon with rcnscd stop and try again.- Replacing the Self-Signed Certificate
To avoid the warning about the self-signed certificate on first startup of the HA Web Konsole, replace the automatically created certificate with your own certificate or a certificate that was signed by an official Certificate Authority (CA).
The certificate is stored in
/etc/lighttpd/certs/hawk-combined.pemand contains both key and certificate. After you have created or received your new key and certificate, combine them by executing the following command:cat
keyfilecertificationfile> /etc/lighttpd/certs/hawk-combined.pemChange the permissions to make the file only accessible by
root:chown root.root /etc/lighttpd/certs/hawk-combined.pem chmod 600 /etc/lighttpd/certs/hawk-combined.pem