Hawk is a web-based GUI for managing and monitoring Pacemaker HA clusters. It is generally intended to be run on every node in the cluster, so that you can just point your web browser at any node to access it, e.g.:
Hawk requires users to log in prior to providing access to the
cluster. The same rules apply as for the python GUI; you need to
log in as a user in the haclient
group. The easiest thing to do
is assign a password to the hacluster
user, then log in using
that account. Note that you will need to configure this user
account on every node you want to use Hawk on.
Once logged in, you will see a screen showing the current state of the cluster. Three views are possible (summary, tree and table), selectable with the buttons on the top right of the screen. The navigation bar down the left hand side provides access to the history explorer, setup wizard, cluster properties, resource and constraints configuration. The little tools menu next to the logout link gives you the simulator, cluster diagram and hb_report generation.
Management operations (start, stop, online, standby, etc.) can be performed by clicking the little menu icon to the right of any node or resource on the status screen.
More detailed usage documentation is available in the SUSE Linux Enterprise High Availability Extension documentation
Hawk is a Ruby on Rails app which runs from a standalone instance of lighttpd. It requires:
-
crmsh
-
graphviz
-
graphviz-gd
-
lighttpd
-
pacemaker
-
ruby
-
rubygems
-
rubygem-bundler
-
rubygem-fast_gettext
-
rubygem-gettext_i18n_rails
-
rubygem-rake
-
rubygem-rails >= 3.2
-
rubygem-ruby-fcgi (openSUSE)
-
rubypick (Fedora)
When building Hawk from source, you will also need rubygem-gettext and the pacemaker, glib2, libxml2 and pam devel libraries.
Hawk is included with SLE HA 11 SP1, openSUSE 11.4, and later SUSE releases. Recent versions are also available for download from OBS.
Just install the RPM, then run:
# chkconfig hawk on
# /etc/init.d/hawk start
If you have a SUSE- or Fedora-based system, you can build an RPM easily from the source tree. Just clone this git repo, and run "make rpm".
Once built, install the RPM on your cluster nodes and:
# chkconfig hawk on
# /etc/init.d/hawk start
If the above RPM build doesn’t work for you, you can build and install straight from the source tree, but read the Makefile first to ensure you’ll be happy with the outcome!
# make
# sudo make install
The above will install in /srv/www/hawk
and run from a SUSE-style init
script. To install somewhere else (e.g.: /var/www/hawk
) and/or to
use a Red Hat-style init script, try:
# make WWW_BASE=/var/www INIT_STYLE=redhat
# sudo make WWW_BASE=/var/www INIT_STYLE=redhat install
Grab the SRPM from OBS, for example try the one in http://download.opensuse.org/repositories/network:/ha-clustering:/Stable/Fedora_19/src/ if you’re using Fedora 19, and build that.
The Hawk init script will automatically generate a self-signed SSL
certificate, in /etc/lighttpd/certs/hawk-combined.pem
. If you want
to use your own certificate, replace this file with one of your creation.
Note that this is a combined key and certificate, i.e. you’ll need to
cat key cert > hawk-combined.pem
.
To hack on Hawk we recommend to use the vagrant setup. There is a Vagrantfile attached, maybe you need to change some values to get access to the correct files as the current locations are restricted to SUSE emplyees.
To be prepared for getting our vagrant setup running you need to follow some steps.
-
Install the vagrant package from http://www.vagrantup.com/downloads.html
-
Install
virtualbox
, we assume you know how to do that on your OS. -
If you are working on openSUSE/SLED you need to apply an open pull request:
# cd /opt/vagrant/embedded/gems/gems/vagrant-1.6.5/ # wget -O - https://github.com/mitchellh/vagrant/pull/4492.patch | patch -p1 -f
-
Install the
librarian
plugin for vagrant with the following command:# vagrant plugin install vagrant-librarian-chef
This is all you need to prepare initally to set up the vagrant environment,
now you can simply start the virtual machin with vagrant up
and start
an ssh session with vagrant ssh webui
. If you want to access the source
within the virtual machine you have to switch to the /vagrant
directory.
You can access the Hawk web interface based on the git source through
http://localhost:3000
now. If you want to access the version installed
through packages you can reach it through https://localhost:7630
.
If you need to change something on hawk_chkpwd
, hawk_invoke
or
hawk_monitor
you need to provision the machine again with the command
vagrant provision
to get this scripts compiled and copied to the correct
places, setuid-root and group to haclient in /usr/bin again. You should
end up with something like:
# ls /usr/sbin/hawk_* -l
-rwsr-x--- 1 root haclient 9884 2011-04-14 22:56 /usr/sbin/hawk_chkpwd
-rwsr-x--- 1 root haclient 9928 2011-04-14 22:56 /usr/sbin/hawk_invoke
-rwxr-xr-x 1 root root 9992 2011-04-14 22:56 /usr/sbin/hawk_monitor
hawk_chkpwd
is almost identical to unix2_chkpwd
, except it restricts
acccess to users in the haclient
group, and doesn’t inject any delay
when invoked by the hacluster
user (which is the user Hawk’s lighttpd
instance runs as).
hawk_invoke
allows the hacluster
user to run a small assortment
of Pacemaker CLI tools as another user in order to support Pacemaker’s
ACL feature. It is used by Hawk when performing various management
tasks.
hawk_monitor
is not installed setuid-root. It exists to be polled
by the web browser, to facilitate near-realtime updates of the cluster
status display. It is not used when running Hawk via WEBrick.
Please direct comments, feedback, questions etc. to tserong@suse.com and/or the Pacemaker mailing list.