HA Web Konsole (Hawk)
Overview
Hawk is a web-based GUI for managing and monitoring Pacemaker HA clusters. It is generally intended to be run on every node in the cluster, so that you can just point your web browser at any node to access it, e.g.:
Hawk requires users to log in prior to providing access to the
cluster. The same rules apply as for the python GUI; you need to
log in as a user in the haclient
group. The easiest thing to do
is assign a password to the hacluster
user, then log in using
that account. Note that you will need to configure this user
account on every node you want to use Hawk on.
Once logged in, you will see a screen showing the current state of the cluster. Three views are possible (summary, tree and table), selectable with the buttons on the top right of the screen. The navigation bar down the left hand side provides access to the history explorer, setup wizard, cluster properties, resource and constraints configuration. The little tools menu next to the logout link gives you the simulator, cluster diagram and hb_report generation.
Management operations (start, stop, online, standby, etc.) can be performed by clicking the little menu icon to the right of any node or resource on the status screen.
More detailed usage documentation is available in the SUSE Linux Enterprise High Availability Extension documentation
Installation
IMPORTANT NOTE: As of 2013-04-20, the master branch in this repo builds against rails 3.2. This works fine on SUSE Linux, but the below instructions have not yet been tested/verified on other distros. If you run into trouble, you might try the rails-2_3 branch in the meantime.
Dependencies
Hawk is a Ruby on Rails app which runs from a standalone instance of lighttpd. All required Ruby gems are bundled into the Hawk package at build time. Its runtime dependencies are thus:
-
pacemaker
-
lighttpd
-
ruby
When building Hawk from source, you will also need:
-
rubygems
-
rubygem-rake
-
rubygem-rails >= 3.2
-
rubygem-gettext
-
rubygem-gettext_i18n_rails
-
rubygem-fast_gettext
-
ruby-fcgi (openSUSE/SLES only)
-
fdupes (openSUSE/SLES only)
-
pam-devel
-
glib2-devel
-
libxml2-devel
-
libpacemaker-devel (openSUSE/SLES)
-
pacemaker-libs-devel (Fedora)
Installing The Easy Way
Hawk is included with SLE HA 11 SP1, openSUSE 11.4, and later SUSE releases. Just install the RPM, then run:
# chkconfig hawk on
# rchawk start
Installing The Other Easy Way
If you have a SUSE- or Fedora-based system, you can build an RPM easily from the source tree. Just clone this git repo, and run "make rpm". Note that as of 2012-04-27, Hawk expects rails 2.3.x, not rails 3.
Once built, install the RPM on your cluster nodes and:
# chkconfig hawk on
# /etc/init.d/hawk start
The Hard Way
If the above RPM build doesn’t work for you, you can build and install straight from the source tree, but read the Makefile first to ensure you’ll be happy with the outcome!
# make
# sudo make install
The above will install in /srv/www/hawk
and run from a SUSE-style init
script. To install somewhere else (e.g.: /var/www/hawk
) and/or to
use a Red Hat-style init script, try:
# make WWW_BASE=/var/www INIT_STYLE=redhat
# sudo make WWW_BASE=/var/www INIT_STYLE=redhat install
A Note on SSL Certificates
The Hawk init script will automatically generate a self-signed SSL
certificate, in /etc/lighttpd/certs/hawk-combined.pem
. If you want
to use your own certificate, replace this file with one of your creation.
Note that this is a combined key and certificate, i.e. you’ll need to
cat key cert > hawk-combined.pem
.
Hacking Hawk
Hacking an instance of Hawk that was installed from an RPM is annoying,
not least because you have to keep restarting it to have any changed
files reloaded. Instead, it’s easiest to just run it under WEBrick
from within the source tree, but first you need to run make
to build
the hawk_chkpwd
and hawk_invoke
helper binaries, then install them
setuid-root, group=haclient in /usr/sbin. You should end up with
something like:
# ls /usr/sbin/hawk_* -l
-rwsr-x--- 1 root haclient 9884 2011-04-14 22:56 /usr/sbin/hawk_chkpwd
-rwsr-x--- 1 root haclient 9928 2011-04-14 22:56 /usr/sbin/hawk_invoke
-rwxr-xr-x 1 root root 9992 2011-04-14 22:56 /usr/sbin/hawk_monitor
hawk_chkpwd
is almost identical to unix2_chkpwd
, except it restricts
acccess to users in the haclient
group, and doesn’t inject any delay
when invoked by the hacluster
user (which is the user Hawk’s lighttpd
instance runs as).
hawk_invoke
allows the hacluster
user to run a small assortment
of Pacemaker CLI tools as another user in order to support Pacemaker’s
ACL feature. It is used by Hawk when performing various management
tasks.
hawk_monitor
is not installed setuid-root. It exists to be polled
by the web browser, to facilitate near-realtime updates of the cluster
status display. It is not used when running Hawk via WEBrick.
Once you’ve got the above built and installed, run:
# sudo -u hacluster script/rails s
This will give you Hawk running via HTTP (not HTTPS), on port 3000, e.g.:
Note that automatic status updates won’t work in this mode, because
requests for /monitor
aren’t routed to /usr/sbin/hawk_monitor
.
To force a status update every few seconds, try:
Finally, an alternative to running WEBrick as hacluster (which may require fiddling with file permissions in your source directory, depending on how restrictive your defaults are), you can just rsync the source tree to a development cluster node, then and run it as root there.
Questions, Feedback, etc.
Please direct comments, feedback, questions etc. to tserong@suse.com and/or the Pacemaker mailing list.