<div dir="ltr">well thanks, i got it with adjusted IPaddr2 now working :D<br>when i got some time i will try to edit my own agent. Now i can go to master-master replication between regions and nagios monitoring/event-handling all ;)</div>
<div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Oct 2, 2013 at 4:28 PM, Peter Romfeld <span dir="ltr"><<a href="mailto:peter.romfeld.hk@gmail.com" target="_blank">peter.romfeld.hk@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">the changes take instant effect, i let "watch /usr/lib64/nagios/plugins/check_tcp -H my.vip.add.r -p 3306" on a 3rd instance running, and the second i issued on the new master node the aws command it changed from CRITICAL to OK</div>
<div class="HOEnZb"><div class="h5">
<div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Oct 2, 2013 at 4:13 PM, Peter Romfeld <span dir="ltr"><<a href="mailto:peter.romfeld.hk@gmail.com" target="_blank">peter.romfeld.hk@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">In you VPC the change take effect after you got "true", you can check it with describe-eip or in console :)<br>
right now i just try to add the command with hardcoded variables to IPaddr2 start, just to get it running for now<br>
<br>i put my attempt to create a resource agent on github, maybe someone can help me find why params are not working?<br>wget <a href="https://raw.github.com/peterromfeldhk/pacemaker/master/AWSFIP" target="_blank">https://raw.github.com/peterromfeldhk/pacemaker/master/AWSFIP</a><div>
<br></div><div>sorry im just started with scripting with nagios_nrpe last project :)</div><div>i have 2 problems, 1s2 the OCF_RESKEY_ params dont work as i thought, if i hardcode the variables the commands are working at least in testrun, the second big issue i have is the monitoring</div>
</div><div><div><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Oct 2, 2013 at 2:34 PM, David Lang <span dir="ltr"><<a href="mailto:david@lang.hm" target="_blank">david@lang.hm</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Unless something has changed in the AWS API in the last few months, when the aws command exits successfully, that doesn't mean the change has taken effect, just that the aws system has accepted the change and it will take effect 'soon'<div>
<div><br>
<br>
David Lang<br>
<br>
On Wed, 2 Oct 2013, Peter Romfeld wrote:<br>
<br>
</div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div>
yes i need to use the aws command, i am using a VPC, after issueing the<br>
command i get a "true" statement and its done<br>
<br>
so i only want pacemaker to issue the one-shot command at failover. Here is<br>
what i have atm: (i know its still dirty, just lerning pacemaker)<br>
<br>
primitive drbd_mysql ocf:linbit:drbd \<br>
params drbd_resource="mydata" \<br>
op monitor interval="15s"<br>
primitive fs_mysql ocf:heartbeat:Filesystem \<br>
params device="/dev/drbdx" directory="/mountpint" fstype="ext4"<br>
options="relatime,barrier=1" \<br>
op start interval="0" timeout="60" \<br>
op stop interval="0" timeout="60" \<br>
op monitor interval="10s" timeout="60s" OCF_CHECK_LEVEL="20" \<br>
meta target-role="started"<br>
primitive fvip ocf:heartbeat:AWSFIP \<br>
params fvip="192.168.2.10" region="ap-southeast-1"<br>
primitive ip_mysql ocf:heartbeat:IPaddr2 \<br>
params ip="192.168.2.10" cidr_netmask="20" \<br>
op monitor interval="10" \<br>
meta target-role="started"<br>
primitive mysqld lsb:mysql<br>
group mysql fs_mysql ip_mysql mysqld<br>
ms ms_drbd_mysql drbd_mysql \<br>
meta master-max="1" master-node-max="1" clone-max="2"<br>
clone-node-max="1" notify="true"<br>
colocation mysql_on_drbd inf: fvip mysql ms_drbd_mysql:Master<br>
order mysql_after_drbd_and_fvip inf: ms_drbd_mysql:promote fvip:start<br>
mysql:start<br>
<br>
my AWSFIP(adjusted Dummy :%s/dummy/awsfip/g|%s/Dummy/<u></u>AWSFIP/g):<br>
<br>
<parameter name="fvip" unique="1" required="1"><br>
<longdesc lang="en"><br>
The IPv4 address to be configured in dotted quad notation, for example<br>
"192.168.1.1".<br>
</longdesc><br>
<shortdesc lang="en">IPv4 address</shortdesc><br>
<content type="string" default="" /><br>
</parameter><br>
<br>
<parameter name="region" unique="1" required="1"><br>
<longdesc lang="en"><br>
The name of the AWS region<br>
</longdesc><br>
<shortdesc lang="en">AWS region</shortdesc><br>
<content type="string"/><br>
</parameter><br>
<br>
awsfip_start() {<br>
awsfip_monitor<br>
Instance_ID=`/usr/bin/curl --silent<br>
<a href="http://169.254.169.254/latest/meta-data/instance-id" target="_blank">http://169.254.169.254/latest/<u></u>meta-data/instance-id`</a><br>
ENI_ID=`aws ec2 describe-instances --instance-id $Instance_ID --region<br>
$OCF_RESKEY_region | grep NetworkInterfaceId | cut -d '"' -f 4`<br>
if [ $? = $OCF_SUCCESS ]; then<br>
return $OCF_SUCCESS<br>
fi<br>
aws ec2 assign-private-ip-addresses --network-interface-id $ENI_ID<br>
--private-ip-addresses $OCF_RESKEY_fvip --allow-reassignment --region<br>
$OCF_RESKEY_region<br>
sleep 4<br>
aws ec2 assign-private-ip-addresses --network-interface-id $ENI_ID<br>
--private-ip-addresses $OCF_RESKEY_fvip --allow-reassignment --region<br>
$OCF_RESKEY_region<br>
/etc/init.d/networking restart<br>
touch ${OCF_RESKEY_state}<br>
}<br>
<br>
I couldn't get it to work yet, and i don't want to run a external script<br>
for it. I can't be so hard to let pacemaker execute an additional one-shot<br>
command at failover (in the correct order..)<br>
<br>
Thanks for your help!<br>
<br>
<br>
On Wednesday, October 02, 2013 07:33 AM, David Lang wrote:<br>
<br>
the aws command is making the call to inform aws, if you were to bring up<br>
the address without making the aws command, would it work? If you are on a<br>
Virtual Private Cloud (VPC), it may, but I didn't think it would.<br>
<br>
If you can make it work without the aws command, then you can just use the<br>
standard pacemaker VIP configuration. I know that this doesn't work if you<br>
have an external IP that you are moving (you must use an aws call to tell<br>
Amazon to move the IP), but it's possible that you don't have to for an<br>
internal IP, but I would be surprised.<br>
<br>
David Lang<br>
<br>
<br>
On Wed, 2 Oct 2013, Peter Romfeld wrote:<br>
<br>
Hey,<br>
when i change the secondary IP per hand or with external script on a Ubuntu<br>
Instance I just need:<br>
/etc/network/interfaces<br>
auto eth0<br>
iface eth0 inet dhcp<br>
address 192.168.32.12<br>
netmask 255.255.240.0<br>
gateway 192.168.32.1<br>
up ip addr add <a href="http://192.168.32.11/20" target="_blank">192.168.32.11/20</a> dev eth0<br>
<br>
and then run the script which basically just does:<br>
#!/bin/sh<br>
<br>
VIP=172.32.32.11<br>
REGION=ap-southeast-1<br>
<br>
Instance_ID=`/usr/bin/curl --silent<br>
<a href="http://169.254.169.254/latest/meta-data/instance-id" target="_blank">http://169.254.169.254/latest/<u></u>meta-data/instance-id`</a><br>
ENI_ID=`aws ec2 describe-instances --instance-id $Instance_ID --region<br>
$REGION | grep NetworkInterfaceId | cut -d '"' -f 4`<br>
<br>
aws ec2 assign-private-ip-addresses --network-interface-id $ENI_ID<br>
--private-ip-addresses $VIP --allow-reassignment --region $REGION<br>
<br>
<br>
I dont need to inform AWS or restart network, only the correct network<br>
config and the one command, when i tested it with pinging from a 3rd<br>
instance during IP change i didnt got any interupts. I dont know about<br>
monitoring it<br>
<br>
<br>
On Wed, Oct 2, 2013 at 1:38 AM, David Lang <<a href="mailto:david@lang.hm" target="_blank">david@lang.hm</a>><br>
<<a href="mailto:david@lang.hm" target="_blank">david@lang.hm</a>>wrote:<br>
<br>
On Tue, 1 Oct 2013, Dejan Muhamedagic wrote:<br>
<br>
On Tue, Oct 01, 2013 at 10:07:12AM -0700, David Lang wrote:<br>
<br>
<br>
On Tue, 1 Oct 2013, Dejan Muhamedagic wrote:<br>
<br>
On Tue, Oct 01, 2013 at 07:22:20AM -0700, David Lang wrote:<br>
<br>
<br>
On Tue, 1 Oct 2013, Dejan Muhamedagic wrote:<br>
<br>
Hi David,<br>
<br>
<br>
On Mon, Sep 30, 2013 at 12:41:23PM -0700, David Lang wrote:<br>
<br>
On Mon, 30 Sep 2013, David Lang wrote:<br>
<br>
On Mon, 30 Sep 2013, Michael Schwartzkopff wrote:<br>
<br>
<br>
Am Montag, 30. September 2013, 21:12:56 schrieb Peter Romfeld:<br>
<br>
<br>
I am working in AWS i cant just use a VIP i need to use a floating<br>
secondary IP which i reassign through script, i want to let<br>
pacemaker<br>
handle the reassignment...<br>
<br>
<br>
Please explain the difference of a VIP and a "secondary IP" in<br>
your opinion.<br>
<br>
<br>
with AWS you need to inform amazon of the change, not just change<br>
the IP on the local box, that requires much more work than a<br>
simple local VIP<br>
<br>
<br>
being more detailed, instead of just<br>
ifconfig eth0:0 $vip<br>
you have to do something like<br>
<br>
/opt/aws/bin/ec2-assign-**<u></u>private-ip-addresses -n $ENI_ID<br>
--secondary-private-ip-address $VIP --allow-reassignment --region $REGION<br>
<br>
<br>
We may consider adding such an option to IPaddr2. Has anybody<br>
ever tried that?<br>
<br>
pingresult=`ping -c 1 -W 1 $VIP | grep time= | wc -l`<br>
<br>
if [ "$pingresult" == "0" ]; then<br>
echo `date` "-- Restarting network"<br>
/sbin/service network restart > /dev/null 2>&1<br>
<br>
<br>
That may break the cluster communication, which may lead to split<br>
brain, etc. Is that really the only way?<br>
<br>
<br>
It's not the only way, but you do have the problem that the call to<br>
aws management interface is asynchronous, you don't know when it's<br>
going to complete, and until it does, the IP doesn't actually work.<br>
<br>
<br>
Wouldn't it be then safer to wait until it starts working, i.e.<br>
to monitor in a loop?<br>
<br>
<br>
that's exactly what the snippet of code above is for, to detect when<br>
the other box no longer has the address.<br>
<br>
<br>
Hmm, perhaps I'm missing something, but I couldn't notice a loop<br>
in that code. What I meant was something like this:<br>
<br>
while ! ping -c 1 -W 1 $VIP | grep -qs time=; do<br>
:<br>
done<br>
<br>
Then network restart wouldn't be necessary, right? Sorry, I don't<br>
know much about aws.<br>
<br>
<br>
I haven't used this exact script before, but I have seen the problem that<br>
this script is designed to address. I am not saying that I agree with this<br>
script, but it's what Amazon is suggesting, so it's probably a reasonable<br>
start.<br>
<br>
<br>
this was a cut-n-paste from the URL provided earlier<br>
<a href="http://aws.amazon.com/**articles/2127188135977316" target="_blank">http://aws.amazon.com/**<u></u>articles/2127188135977316</a><br></div></div>
<<a href="http://aws.amazon.com/articles/2127188135977316" target="_blank">http://aws.amazon.com/<u></u>articles/2127188135977316</a>><<a href="http://aws.amazon.com/articles/2127188135977316" target="_blank">htt<u></u>p://aws.amazon.com/articles/<u></u>2127188135977316</a>><div>
<div><br>
<br>
<br>
#!/bin/sh<br>
# This script will monitor another HA node and take over a Virtual IP (VIP)<br>
# if communication with the other node fails<br>
<br>
# High Availability IP variables<br>
# Other node's IP to ping and VIP to swap if other node goes down<br>
HA_Node_IP=10.0.0.11<br>
VIP=10.0.0.10<br>
<br>
# Specify the EC2 region that this will be running in<br>
REGION=us-west-2<br>
<br>
# Run aws-apitools-common.sh to set up default environment variables and to<br>
# leverage AWS security credentials provided by EC2 roles<br>
. /etc/profile.d/aws-apitools-**<u></u>common.sh<br>
<br>
# Determine the instance and ENI IDs so we can reassign the VIP to the<br>
# correct ENI. Requires EC2 describe-instances and<br>
assign-private-ip-address<br>
# permissions. The following example EC2 roles policy will authorize these<br>
# commands:<br>
# {<br>
# "Statement": [<br>
# {<br>
# "Action": [<br>
# "ec2:AssignPrivateIpAddresses"<u></u>**,<br>
# "ec2:DescribeInstances"<br>
# ],<br>
# "Effect": "Allow",<br>
# "Resource": "*"<br>
# }<br>
# ]<br>
# }<br>
<br>
Instance_ID=`/usr/bin/curl --silent <a href="http://169.254.169.254/latest/**" target="_blank">http://169.254.169.254/latest/<u></u>**</a><br>
meta-data/instance-id`ENI_ID=`<u></u>**/opt/aws/bin/ec2-describe-**<u></u>instances<br></div></div>
<<a href="http://169.254.169.254/latest/meta-data/instance-idENI_ID=/opt/aws/bin/ec2-describe-instances" target="_blank">http://169.254.169.254/<u></u>latest/meta-data/instance-<u></u>idENI_ID=/opt/aws/bin/ec2-<u></u>describe-instances</a>><<a href="http://169.254.169.254/latest/meta-data/instance-idENI_ID=/opt/aws/bin/ec2-describe-instances" target="_blank">http://<u></u>169.254.169.254/latest/meta-<u></u>data/instance-idENI_ID=/opt/<u></u>aws/bin/ec2-describe-instances</a><u></u>>$Instance_ID<div>
<br>
--region $REGION | grep eni -m 1 | awk '{print $2;}'`<br>
<br>
echo `date` "-- Starting HA monitor"<br>
while [ . ]; do<br>
pingresult=`ping -c 3 -W 1 $HA_Node_IP | grep time= | wc -l`<br>
<br>
if [ "$pingresult" == "0" ]; then<br>
echo `date` "-- HA heartbeat failed, taking over VIP"<br>
<br>
/opt/aws/bin/ec2-assign-**<u></u>private-ip-addresses -n $ENI_ID<br>
--secondary-private-ip-address $VIP --allow-reassignment --region $REGION<br>
pingresult=`ping -c 1 -W 1 $VIP | grep time= | wc -l`<br>
if [ "$pingresult" == "0" ]; then<br>
echo `date` "-- Restarting network"<br>
/sbin/service network restart > /dev/null 2>&1<br>
fi<br>
sleep 60<br>
fi<br>
sleep 2<br>
done<br>
<br>
<br>
<br>
David Lang<br>
<br>
______________________________<u></u>**_________________<br>
Pacemaker mailing list: <a href="mailto:Pacemaker@oss.clusterlabs.org" target="_blank">Pacemaker@oss.clusterlabs.org</a><br>
<a href="http://oss.clusterlabs.org/**mailman/listinfo/pacemaker" target="_blank">http://oss.clusterlabs.org/**<u></u>mailman/listinfo/pacemaker</a><br></div>
<<a href="http://oss.clusterlabs.org/mailman/listinfo/pacemaker" target="_blank">http://oss.clusterlabs.org/<u></u>mailman/listinfo/pacemaker</a>><<a href="http://oss.clusterlabs.org/mailman/listinfo/pacemaker" target="_blank">ht<u></u>tp://oss.clusterlabs.org/<u></u>mailman/listinfo/pacemaker</a>><div>
<br>
<br>
Project Home: <a href="http://www.clusterlabs.org" target="_blank">http://www.clusterlabs.org</a><br>
Getting started: <a href="http://www.clusterlabs.org/**doc/Cluster_from_Scratch.pdf" target="_blank">http://www.clusterlabs.org/**<u></u>doc/Cluster_from_Scratch.pdf</a><br></div>
<<a href="http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf" target="_blank">http://www.clusterlabs.org/<u></u>doc/Cluster_from_Scratch.pdf</a>><<a href="http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf" target="_blank"><u></u>http://www.clusterlabs.org/<u></u>doc/Cluster_from_Scratch.pdf</a>><div>
<br>
Bugs: <a href="http://bugs.clusterlabs.org" target="_blank">http://bugs.clusterlabs.org</a><br>
<br>
<br>
<br>
<br>
______________________________<u></u>_________________<br>
<br>
Pacemaker mailing list: <a href="mailto:Pacemaker@oss.clusterlabs.org" target="_blank">Pacemaker@oss.clusterlabs.org</a><br>
<a href="http://oss.clusterlabs.org/mailman/listinfo/pacemaker" target="_blank">http://oss.clusterlabs.org/<u></u>mailman/listinfo/pacemaker</a><br>
<br>
<br>
<br>
Project Home: <a href="http://www.clusterlabs.org" target="_blank">http://www.clusterlabs.org</a><br>
<br>
Getting started: <a href="http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf" target="_blank">http://www.clusterlabs.org/<u></u>doc/Cluster_from_Scratch.pdf</a><br>
<br>
Bugs: <a href="http://bugs.clusterlabs.org" target="_blank">http://bugs.clusterlabs.org</a><br>
<br>
<br>
<br>
______________________________<u></u>_________________<br>
Pacemaker mailing list:<br></div>
Pacemaker@oss.clusterlabs.<u></u>orghttp://<a href="http://oss.clusterlabs.org/mailman/listinfo/pacemaker" target="_blank">oss.clusterlabs.org/<u></u>mailman/listinfo/pacemaker</a><div><br>
<br>
Project Home: <a href="http://www.clusterlabs.org" target="_blank">http://www.clusterlabs.org</a><br>
Getting started: <a href="http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf" target="_blank">http://www.clusterlabs.org/<u></u>doc/Cluster_from_Scratch.pdf</a><br>
Bugs: <a href="http://bugs.clusterlabs.org" target="_blank">http://bugs.clusterlabs.org</a><br>
</div></blockquote>
<br>_______________________________________________<br>
<br>
Pacemaker mailing list: <a href="mailto:Pacemaker@oss.clusterlabs.org" target="_blank">Pacemaker@oss.clusterlabs.org</a><br>
<br>
<a href="http://oss.clusterlabs.org/mailman/listinfo/pacemaker" target="_blank">http://oss.clusterlabs.org/mailman/listinfo/pacemaker</a><br>
<br>
<br>
<br>
Project Home: <a href="http://www.clusterlabs.org" target="_blank">http://www.clusterlabs.org</a><br>
<br>
Getting started: <a href="http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf" target="_blank">http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf</a><br>
<br>
Bugs: <a href="http://bugs.clusterlabs.org" target="_blank">http://bugs.clusterlabs.org</a><br>
<br>
<br>_______________________________________________<br>
Pacemaker mailing list: <a href="mailto:Pacemaker@oss.clusterlabs.org" target="_blank">Pacemaker@oss.clusterlabs.org</a><br>
<a href="http://oss.clusterlabs.org/mailman/listinfo/pacemaker" target="_blank">http://oss.clusterlabs.org/mailman/listinfo/pacemaker</a><br>
<br>
Project Home: <a href="http://www.clusterlabs.org" target="_blank">http://www.clusterlabs.org</a><br>
Getting started: <a href="http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf" target="_blank">http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf</a><br>
Bugs: <a href="http://bugs.clusterlabs.org" target="_blank">http://bugs.clusterlabs.org</a><br>
<br></blockquote></div><br></div>
</div></div></blockquote></div><br></div>
</div></div></blockquote></div><br></div>