[Pacemaker] Validate strategy for RA on DRBD standby node

Serge Dubrouski sergeyfd at gmail.com
Thu Feb 24 16:05:56 UTC 2011


Why are you trying to start LDAP on a node where you don't have your
DRBD resource mounted. Having LDAP up on both nodes would make sense
if you were building an active/active LDAP cluster with syncrepl or
any other replication mechanism. In that case you'd set it up and M/S
and or as a clone and would have to provide access to the config file
on both nodes. In active/passive case you have to collocate your LDAP
resource with your DRBD and filesystem resources and Pacemaker won't
try to start LDAP on a node that doesn't have DRBD activated and
filesystem mounted.

On Thu, Feb 24, 2011 at 6:06 AM, David McCurley <mac at fabric.com> wrote:
> Pacemaker and list newbie here :)
>
> I'm writing a resource adapter in python for the newer release of OpenLDAP but I need some pointers on a strategy for the validate function in a certain case.  (In python because the more advanced shell scripting hurts my head :).  Here is the situation:
>
> The config file for OpenLDAP is stored in /etc/ldap/slapd.d/cn=config.ldif.  This is on a DRBD active-passive system and the /etc/ldap directory is actually a symlink to the DRBD controlled share /vcoreshare/etc/ldap.  The real config file is at /vcoreshare/etc/ldap/slapd.d/cn=config.ldif.
>
> So I'm trying to be very judicious with every function and validation, checking file permissions, etc.  But the problem is that /etc/ldap/slapd.d/cn=config.ldif is only present on the active DRBD node.  My validate function checks that the file is readable by the user/group that slapd is to run as.  Now, as soon as I start ldap in the cluster, it starts fine, but validate fails on the standby node (because the DRBD volume isn't mounted) and crm_mon shows a failed action:
> ----------------------------------------------
> ============
> Last updated: Wed Feb 23 07:35:19 2011
> Stack: openais
> Current DC: vcoresrv1 - partition with quorum
> Version: 1.0.8-042548a451fce8400660f6031f4da6f0223dd5dd
> 2 Nodes configured, 2 expected votes
> 5 Resources configured.
> ============
>
> Online: [ vcoresrv1 vcoresrv2 ]
>
> fs_vcoreshare   (ocf::heartbeat:Filesystem):    Started vcoresrv1
>  Master/Slave Set: ms_drbd_vcoreshare
>     Masters: [ vcoresrv1 ]
>     Slaves: [ vcoresrv2 ]
> clusterip       (ocf::heartbeat:IPaddr2):       Started vcoresrv1
> clusteripsourcing       (ocf::heartbeat:IPsrcaddr):     Started vcoresrv1
>
> Failed actions:
>    ldap_monitor_0 (node=vcoresrv2, call=130, rc=5, status=complete): not installed
> ---------------------------------------------
>
> Is there a way for my RA to know that it is being called on the active node instead of the passive node.  Or more generally, what would anyone recommend here?  I really didn't want to write the resource adapter so it would be specific to our setup (e.g. checking to make sure the DRBD mount is readable before looking for the config files).  Maybe Pacemaker passes in some extra env variable that can be used?
>
> I'm reluctanct to post the code for the RA here in the list because it is 450 lines.  But, here is the logic for the validate function:
>
> if the appropriate slapd user and group do not exist:
>   return OCF_ERR_INSTALLED
> if the ldap config file doesn't exist or isn't readable by the slapd user:
>   return OCF_ERR_INSTALLED
> if the ldap binary doesn't exist or isn't executable:
>   return OCF_ERR_INSTALLED
> return OCF_SUCCESS
>
> Or maybe I'm overdoing it in my tests or have misinterpreted the "OCF Resource Agent Developer's Guide"?
>
> Any advice or guidance / clarification appreciated.
>
> Thanks,
>
> Mac
>
> _______________________________________________
> Pacemaker mailing list: Pacemaker at oss.clusterlabs.org
> http://oss.clusterlabs.org/mailman/listinfo/pacemaker
>
> Project Home: http://www.clusterlabs.org
> Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> Bugs: http://developerbugs.linux-foundation.org/enter_bug.cgi?product=Pacemaker
>



-- 
Serge Dubrouski.




More information about the Pacemaker mailing list