HA cluster configuration for SLES - SAP NetWeaver on Amazon
Cluster installationCluster configurationCorosync configurationUpdate the hacluster passwordStart the cluster
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

HA cluster configuration for SLES

Cluster installation

SLES for SAP images that are sold by Amazon through Amazon Marketplace come with pre-installed SUSE HAE packages. Ensure that you have the latest version of these packages. If required, update them by using the zypper command, as shown in the following example. 

# zypper update
# reboot

If you are using BYOS images, ensure that the following packages are installed:

  • corosync

  • crmsh

  • fence-agents

  • ha-cluster-bootstrap

  • pacemaker

  • patterns-ha-ha_sles

  • resource-agents

  • cluster-glue

  • awscli

Cluster configuration

System logging

SUSE recommends using the rsyslogd daemon for logging in the SUSE cluster. Install the rsyslog package as a root user on all cluster nodes. logd is a subsystem to log additional information coming from the STONITH agent. 

# zypper install rsyslog
# systemctl enable logd
# systemctl start logd

Install SAP cluster connector.

On both the nodes, run the following command.

# zypper install sap-suse-cluster-connector

Add the following lines to the ASCS and ERS profile parameters.

service/halib = $(DIR_CT_RUN)/saphascriptco.so
service/halib_cluster_connector = /usr/bin/sap_suse_cluster_connector

Add the sidadm user to the Linux haclient group.

# usermod -a -G haclient sidadm

Corosync configuration

The cluster services (pacemaker and corosync) should be in a stopped state when performing cluster configuration. Check the status and stop the pacemaker service if it is running.

Check the status

# systemctl status pacemaker

Stop the service

# systemctl stop pacemaker

Create encrypted keys

Run the following command to create a secret key, which is used to encrypt all of the cluster communication.

# corosync-keygen

The new authkey key file is created at /etc/corosync/. Copy this file to the same location on the second cluster node, with the same permissions and ownership. 

hahost01:/etc/corosync # scp -p authkey root@hahost02:/etc/corosync

Create corosync configuration file

All cluster nodes are required to have a local configuration file named /etc/corosync/corosync.conf, as shown in the following example. 

# Read the corosync.conf.5 manual page
totem {
  version: 2
  rrp_mode: passive
  token: 30000
  consensus: 36000
  token_retransmits_before_loss_const: 10
  max_messages: 20
  crypto_cipher: none
  crypto_hash: none
  clear_node_high_bit: yes
  interface {
    ringnumber: 0
    bindnetaddr: x.x.x.x
    mcastport: 5405
    ttl: 1
  }
  transport: udpu
}
 logging {
      fileline: off
      to_logfile: yes
      to_syslog: yes
      logfile: /var/log/cluster/corosync.log
      debug: off
      timestamp: on
      logger_subsys {
         subsys: QUORUM
         debug: off
     }
}
nodelist {
  node {
  ring0_addr: x.x.x.x
  ring1_addr: x.x.x.x
  nodeid: 1
  }
  node {
  ring0_addr: x.x.x.x
  ring1_addr: x.x.x.x
  nodeid: 2
  }
}

quorum {
  # Enable and configure quorum subsystem (default: off)
  # see also corosync.conf.5 and votequorum.5
  provider: corosync_votequorum
  expected_votes: 2
  two_node: 1
}

Replace the values for the following variables with those of your environment:

  • bindnetaddr – IP address of the node where the file is being configured

  • ring0_addr – Primary IP address of cluster node 1

  • ring1_addr – Secondary IP address of cluster node 1

  • ring0_addr – Primary IP address of cluster node 2

  • ring1_addr – Secondary IP address of cluster node 2

The secondary ring corosync configuration provides redundancy. It enables the cluster nodes to communicate with each other in case of a communication issue with the primary IP address.

Update the hacluster password

Change the password for user hacluster on both nodes.

#passwd hacluster

Start the cluster

Start the cluster on both the primary and the secondary node, and then check the status.

Start the cluster by running the following command.

# systemctl start pacemaker

Check the status with the crm_mon-1 command, as shown in the following example. You will see that both nodes are online, and will see a full list of any resources that are available.


# crm_mon -1
Cluster Summary:
  * Stack: corosync
  * Current DC: hahost01 (version 2.0.xxxxxxxxxxx) - partition with quorum
  * Last updated: 
  * Last change:  by hacluster via crmd on hahost01
  * 2 nodes configured
  * 0 resource instances configured

Node List:
  * Online: [ hahost01 hahost02 ]

Active Resources:
  * No active resources

You can find the ring status and the associated IP address of the cluster with the corosync-cfgtool command, as shown in the following example.

# corosync-cfgtool –s
Printing ring status.
Local node ID 1
RING ID 0
        id      = x.x.x.x
        status  = ring 0 active with no faults
RING ID 1
        id      = x.x.x.x
        status  = ring 1 active with no faults