[ClusterLabs] Add SSH as a resource on pacemaker cluster - RHEL 7.4

Ken Gaillot kgaillot at redhat.com
Tue Dec 19 10:19:06 EST 2017

On Tue, 2017-12-19 at 15:27 +1100, Sreenath Reddy wrote:
> Hi There,
> I am trying to add SSH as a resource within pacemaker cluster running
> on RHEL 7.4 systems.
> This is a 2 node cluster (Active/Passive) with simple FTP resources
> and a cluster IP.
> We have 2 SSH daemons. Admins are using a different SSH port (22220)
> for remote access (ssh-admin is the service).
> I want to add "default SSH service (sshd.service) running on port 22"
> to be started as part of pacemaker cluster. And this service will be
> constrained to clusterIP (floating IP).. In other words, SSH service
> will be active only on the active node (in active on second node) and
> if the cluster failover happens, SSH service will be started on the
> second node and stopped on the first node. This way SSH will act as a
> probing service which helps in keeping the floating IP active on the
> node which has cluster IP assigned. Our SDN probes on port22 and
> activates the cluster IP.
> I want to use nginx for doing this probing but client wants to use
> default SSH.
> When I tried to add SSH resource using standard pcs resource create
> command, it failed. Error below
> pcs resource create SSHservice ocf:heartbeat:sshd
> configfile=/etc/ssh/sshd_config op monitor interval=30s
> Error: Agent ' ocf : heartbeat :ssh' is not installed or does not
> provide valid metadata: Metadata query for ocf:heartbeat:ssh failed:
> -5 use --force or override
> Appreciate your help in configuring this issue.
> Thanks in advance!
> -- 
> Regards
> Sreenath

Pacemaker supports several different resource types.

The OCF standard is a cluster-specific script API (similar to old init
scripts with some extensions). The standard OCF agents come with the
resource-agents package. As far as I know, there is no OCF agent for
sshd, which is why you get that message.

Pacemaker also supports OS-launched services, which is probably what
you want. For example, if you're using systemd, you can run "systemctl
disable --now sshd" on all your nodes, and add a systemd:sshd resource
to your cluster.
Ken Gaillot <kgaillot at redhat.com>

More information about the Users mailing list