<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:SimSun;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"\@SimSun";
panose-1:2 1 6 0 3 1 1 1 1 1;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:451945833;
mso-list-type:hybrid;
mso-list-template-ids:-239693336 254178512 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l0:level1
{mso-level-start-at:16;
mso-level-number-format:bullet;
mso-level-text:-;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-font-family:SimSun;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal>Hi All,<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>I need some help/guidance, on how to make sure that certain resources (running in virtual cluster nodes) are run on the same physical server.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>The setup:<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>I have a cluster made of two physical nodes, that I am willing to use for HA purposes (no LB for the time being).<o:p></o:p></p><p class=MsoNormal>I have a failover IP<span style='mso-fareast-language:ZH-CN'> from the provider</span>, that is controlled using a resource agent from one pair of the virtual machines<span style='mso-fareast-language:ZH-CN'> (web1 and web2)</span>, and the IP is assigned always to one of the physical servers.<o:p></o:p></p><p class=MsoNormal>On the physical server I use iptables pre/postrouting to direct the traffic to the appropriate <span style='mso-fareast-language:ZH-CN'>virtual </span>node.<span style='mso-fareast-language:ZH-CN'> The routing points to the web VIP, and red5 VIP.<o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>On the physical servers I have 3-3 virtual servers, that host the specific roles of the solution, e.g. db1 db2, web1 web2, red5_1 red5_2.<o:p></o:p></p><p class=MsoNormal>The virtual servers use <span style='mso-fareast-language:ZH-CN'>the default gateway of their own physical server to talk to the outside world.<o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:ZH-CN'><o:p> </o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:ZH-CN'>My first idea was to create 3 independent two-node clusters. Db cluster, web cluster, red5 cluster.<o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:ZH-CN'>The db cluster is a M/S psql, with a virtual IP.<o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:ZH-CN'>The web cluster is an apache2 cluster, cloned on two virtual servers, with a failover IP RA (if node1 on phy1 fails, failover Ip is redirected to phy2 and vice versa).<o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:ZH-CN'>Red5 is a red5 cluster running on two instances, with a virtual IP (internal).<o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:ZH-CN'><o:p> </o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:ZH-CN'>This is where it gets interesting – because of the default gateway.<o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:ZH-CN'>The db cluster is accessed from the intranet only – no worries here.<o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:ZH-CN'><o:p> </o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:ZH-CN'>Red5 is different – but it needs further explanation.<o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:ZH-CN'>Let’s assume that all roles (db master, web, red5) are running on phisical server 1.<o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:ZH-CN'>Web1 fails for some reason. Web2 role will become active, and the external failover IP will point from now on to physical node2. The iptables script still points to the same VIP address, but it now runs on a different node. No issue shere, as Web2 gets its traffic properly, as it KNOWs that it is running on node2 now.<o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:ZH-CN'><o:p> </o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:ZH-CN'>The issue is with Red5.<o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:ZH-CN'>Red5 runs on node1, and uses default gw on node1. [it does not know that the external failover IP no longer points to node1].<o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:ZH-CN'>When a request is received on the failover IP (now ph node2), iptables redirects it to red5’s VIP. Red5, running on node1 gets this request, but does not know that it shall be routed through node2!<o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:ZH-CN'>As such, the replies, will be routed through ph node1 – as it is the default gw. This is definitively not the right approach.<o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:ZH-CN'><o:p> </o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:ZH-CN'>The actual question is:<o:p></o:p></span></p><p class=MsoListParagraph style='text-indent:-18.0pt;mso-list:l0 level1 lfo1'><![if !supportLists]><span style='mso-fareast-language:ZH-CN'><span style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span style='mso-fareast-language:ZH-CN'>Should I treat all nodes inside the same cluster (db1, db2, web1, web2, red1, red2) – and this way I could possibly detect that failover IP has changed and I should “do something” with red5?<o:p></o:p></span></p><p class=MsoListParagraph style='text-indent:-18.0pt;mso-list:l0 level1 lfo1'><![if !supportLists]><span style='mso-fareast-language:ZH-CN'><span style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span style='mso-fareast-language:ZH-CN'>“Do something” could mean for me one of the following:<o:p></o:p></span></p><p class=MsoListParagraph style='margin-left:72.0pt;text-indent:-18.0pt;mso-list:l0 level2 lfo1'><![if !supportLists]><span style='font-family:"Courier New";mso-fareast-language:ZH-CN'><span style='mso-list:Ignore'>o<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span style='mso-fareast-language:ZH-CN'>If “web” VIP is running on physical node 2 (on node “web2”), then move “red” VIP to physical node2 (to node “red2”)<o:p></o:p></span></p><p class=MsoListParagraph style='margin-left:72.0pt;text-indent:-18.0pt;mso-list:l0 level2 lfo1'><![if !supportLists]><span style='font-family:"Courier New";mso-fareast-language:ZH-CN'><span style='mso-list:Ignore'>o<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span style='mso-fareast-language:ZH-CN'>Alternatively, only change the default gateway for red1, to use “node2” as the default gateway?<o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:ZH-CN'><o:p> </o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:ZH-CN'>I hope my question is clear, and that the setup mentioned here is quite common.<o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:ZH-CN'>I am asking the experts, what is the recommended approach in this case.<o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:ZH-CN'><o:p> </o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:ZH-CN'><o:p> </o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:ZH-CN'>Thank you in advance,<o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:ZH-CN'><o:p> </o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:ZH-CN'>Attila<o:p></o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:ZH-CN'><o:p> </o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:ZH-CN'><o:p> </o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:ZH-CN'><o:p> </o:p></span></p><p class=MsoNormal><span style='mso-fareast-language:ZH-CN'><o:p> </o:p></span></p></div></body></html>