Overview
The witness is an arbitrator entity residing in a 3rd site (separate from the two InfiniBox systems involved in Active-Active replication), that acts as quorum in case of failure. It is a lightweight stateless software deployed as a VM.
When a replication failure occurs, the decision which system remains active is based on the witness' connectivity to the systems and each replica properties. As long as both systems can communicate with the witness, it will make the take-over decisions. For more information about the witness role in Active-Active replication, see Active-Active replication.
This guide will go through the deployment and setup of the witness VM.
Downloading the witness VM
Download the witness latest OVA package from https://repo.infinidat.com/home/main-stable.
The witness OVA package is about 700MB.
Requirements
General Requirements
The witness should be installed on a 3rd site, acting as a separate failure domain from the InfiniBox systems it monitors
The witness has the following virtual HW requirements
- 2 virtual CPU cores
- 4GB RAM
- 50GB virtual disk
Access to the witness console is authenticated
- The default user name is
adminand the default password isadmin - It is recommended to modify the password after installing the witness
Network Requirements
The witness requires a single IP address, which can be configured via DHCP (default) or manually.
The InfiniBox systems communicate with the witness IP address on TCP port 443. Occasionally, when troubleshooting issues, Infinidat support may need access from the InfiniBox system to the witness via SSH, i.e. on TCP port 22.
VMware vSphere Requirements
The witness must be installed on vSphere version 5.1 or newer
In order to improve the witness resilience
- It is highly recommended that the vSphere host network connection will be redundant
- It is recommended that the vSphere host will be in a vSphere H/A Cluster
Additional restrictions
- The witness VM datastore cannot reside on any of the InfiniBox systems it is monitoring
- The witness VM cannot be replicated or restored from a snapshot
Deploying a witness VM
Deploying a witness VM on VMware vSphere
Launch VMware vSphere Client, and select “Deploy OVF Template...”
Choose the downloaded OVA:
Follow the deployment wizard to specify the witness VM name, folder location, vSphere host or cluster
When the VM details appear, acknowledge the extra configuration:
Continue to choose storage for the VM and a network.
When choosing the storage location, do not choose a storage hosted on any InfiniBox system this witness will be protecting.
Configuring the witness
Configuring the witness network
Once the VM import is complete, power on the VM and open the console to configure the network settings.
To login to the witness CLI for the first time, use the user admin with the initial password admin. The witness requires you change the password immediately:
admin password at the (current) UNIX password prompt, and then enter the new password.Once you logged-in to the witness, setup is very simple. The commands available:
| Command | Description |
|---|---|
| change_hostname | Change the witness hostname |
| network_setup | Set up a static IP or DHCP |
| network_info | Show the static IP or the DHCP info |
| passwd | Change the witness admin password |
| version | Show the current witness version, -d will give additional version info |
At any point you can use the help command to see the available options:
Use the network_setup command to setup the network configuration of the witness:
After setting up the witness network it can be connected to the InfiniBox systems replication link.
See InfiniBox Best Practices Guide for setting up the Replication service for more information regarding network setup.
Comments