Overview
The witness is an arbitrator entity residing in a 3rd site (separate from the two InfiniBox systems involved in Active-Active replication), that acts as quorum in case of failure. It is a lightweight stateless software deployed as a VM.
When a replication failure occurs, the decision which system remains active is based on the witness' connectivity to the systems and each replica properties. As long as both systems can communicate with the witness, it will make the take-over decisions.
For more information about the witness role in Active-Active replication, see Active-Active replication.
This guide will go through the deployment and setup of the witness VM.
Infinidat strongly recommends that you use a witness system when you deploy Active-Active replication.
Should you want to use Active-Active replication without a witness, enter the witness address as 0.0.0.0. Be advised that if you choose this method, if the preferred system goes offline, the replicated volumes will also go offline.
Downloading the witness VM
Download the witness latest OVA package from https://repo.infinidat.com/home/main-stable.
The witness OVA package is about 700MB.
Requirements
General Requirements
The witness should be installed on a 3rd site, acting as a separate failure domain from the InfiniBox systems it monitors
The witness has the following virtual HW requirements
- 2 virtual CPU cores
- 4GB RAM
- 50GB virtual disk
Access to the witness console is authenticated
- The default user name is
adminand the default password isadmin - It is recommended to modify the password after installing the witness
Network Requirements
The witness requires a single IP address, which can be configured via DHCP (default) or manually.
The InfiniBox systems communicate with the witness IP address on TCP port 443. Occasionally, when troubleshooting issues, Infinidat support may need access from the InfiniBox system to the witness via SSH (i.e. on TCP port 22) and ICMP.
VMware vSphere Requirements
The witness must be installed on vSphere version 5.1 or newer
In order to improve the witness resilience
- It is highly recommended that the vSphere host network connection will be redundant
- It is recommended that the vSphere host will be in a vSphere H/A Cluster
Additional restrictions
- The witness VM datastore cannot reside on any of the InfiniBox systems it is monitoring
- The witness VM cannot be replicated or restored from a snapshot
Deploying a witness VM
Deploying a witness VM on VMware vSphere
Launch VMware vSphere Client, and select “Deploy OVF Template...”
Choose the downloaded OVA:
Follow the deployment wizard to specify the witness VM name, folder location, vSphere host or cluster
When the VM details appear, acknowledge the extra configuration:
Continue to choose storage for the VM and a network.
When choosing the storage location, do not choose a storage hosted on any InfiniBox system this witness will be protecting.
Configuring the witness
Configuring the witness network
Once the VM import is complete, power on the VM and open the console to configure the network settings.
To login to the witness CLI for the first time, use the user admin with the initial password admin. The witness requires you change the password immediately:
admin password at the (current) UNIX password prompt, and then enter the new password.Once you logged-in to the witness, setup is very simple. The commands available:
| Command | Description |
|---|---|
| change_hostname | Change the witness hostname |
| network_setup | Set up a static IP or DHCP |
| network_info | Show the static IP or the DHCP info |
| passwd | Change the witness admin password |
| version | Show the current witness version, -d will give additional version info |
At any point you can use the help command to see the available options:
Use the network_setup command to setup the network configuration of the witness:
After setting up the witness network it can be connected to the InfiniBox systems replication link.
See InfiniBox Best Practices Guide for Setting up the Replication Service for more information regarding network setup.
Upgrading the witness
We recommend using the latest witness version. It is in the same major release as the InfiniBox systems.
If the InfiniBox systems have different major releases, use the latest version.
Upgrading procedure
Upgrading the witness requires installing the new witness on a new virtual machine (VM), and taking down the old witness if it is no longer needed.
There are 2 options for defining a new witness:
Option 1: Keep existing witness IP
- Take down the old witness VM. Replication will continue in Preferred only mode.
- Install the new witness on a new VM with the existing IP. Make sure that systems can access the new VM.
The systems will automatically detect that a witness is now available and return to "witness" mode.
Option 2: Use a new witness IP
- Install the new witness on a new VM with a new IP. Make sure that the new VM is accessible and viewable to the systems.
- Update the new witness IP on the link for one of the systems (this will update both systems).
- Take down the old witness VM if it is no longer needed.
Comments