[Pacemaker] IP Range Failover with IPaddr2 and clone / globally-unique="true"
Jake Smith
jsmith at argotec.com
Tue Jan 24 16:01:19 UTC 2012
----- Original Message -----
> From: "Dejan Muhamedagic" <dejanmm at fastmail.fm>
> To: pacemaker at oss.clusterlabs.org
> Sent: Tuesday, January 24, 2012 10:28:30 AM
> Subject: Re: [Pacemaker] IP Range Failover with IPaddr2 and clone / globally-unique="true"
>
> On Mon, Jan 23, 2012 at 08:25:32PM +0000, Reid, Mike wrote:
> > Dejan,
> >
> >
> > Regarding the stability: In my two node cluster testing,
> > unfortunately
> > multiple times (on each node) when managing multiple IP Ranges via
> > unique_clone_address, more than one of the IPs failed to create.
> > The
> > default monitor settings were still in effect, but the IP was never
> > created until a manual "crm resource cleanup" was performed.
>
> What does "monitor setting" have to do with creating IP
> addresses?
Not my forte but from my limited knowledge wouldn't the monitor operation restart the "FAILED" IP's that didn't create properly once the monitor interval passed and the monitor operation found the "failed" resource?
>
> > When compared
> > to handling multiple IPs using individual IPaddr2 primitives, I've
> > not had
> > that issue.
>
> Well, I assume that can be fixed. Computers are good at
> automating things, right? :) Do you see anything in the logs? Did
> you try to use ocf_tester to see if it passes the test? If not,
> you can post the messages it prints to the terminal.
>
> > Tuomo Soini (IPaddr2 Author) told me this morning: "you try to
> > create
> > multiple ip's with IPaddr2 ??? I had no idea it could do something
> > like
> > that, and I _did_ write IPaddr2. I'm quite sure what you try to do
> > is not
> > very well tested feature if possible."
>
> I think that the feature was implemented several years ago by
> Andrew. Resource agents get extended from time to time and the
> original authors are not always involved (unfortunately).
>
> > The "not very well tested" line implies to me that this feature is
> > still
> > "experimental", especially considering the multiple "FAILED" IP
> > starts I
> > was receiving. No worries, however, I am very happy with IPaddr2 as
> > a VIP
> > solution, I was just hoping I could take advantage of the
> > simplified
> > configuration (much easier on the eyes) ;)
>
> Indeed, and that's important too.
>
> Cheers,
>
> Dejan
>
> > Best,
> > - Mike
> >
> >
> > >Hi,
> > >
> > >On Mon, Jan 23, 2012 at 08:05:34PM +0000, Reid, Mike wrote:
> > >> FYI,
> > >>
> > >>
> > >> The solution turned out to be related to IPTABLES rules that
> > >> were added
> > >> using this approach.
> > >> By adding a custom IPTables "CLUSTERIP" chain, the firewall
> > >> started
> > >> letting everything through :)
> > >>
> > >> Unfortunately, it seems that this approach is somewhat
> > >> experimental and
> > >
> > >What is experimental? The CLUSTERIP chain? Or how it is being
> > >used by the RA?
> > >
> > >> not very stable,
> > >
> > >How not stable?
> > >
> > >Thanks,
> > >
> > >Dejan
> > >
> > >> so while I finally found my solution, I will be going
> > >> back to using individual IPaddr2 Primitives for the time being.
> > >>
> > >> Thanks,
> > >>
> > >> Mike
> > >>
> > >> >Dejan,
> > >> >
> > >> >Yes, thank you. I realized I was missing "unique_clone_address"
> > >> >in the
> > >> >config, which made _most_ of the difference.
> > >> >
> > >> >However, now I'm seeing some weirdness with regards to ARP --
> > >> >In my
> > >>setup,
> > >> >I currently have three elastic IPs configured (effectively a
> > >> >small
> > >>sample
> > >> >of my intended IP Range), which all show up as Started, are
> > >> >visible via
> > >> >"ip adds show", but only the to-pmost IP in the range is able
> > >> >to be
> > >> >pinged?? It appears as if everything is working, I just can't
> > >> >use each
> > >>of
> > >> >the individual IP addresses. I even show all the CLUSTERIP
> > >> >IPTables
> > >>rules,
> > >> >etc.
> > >> >
> > >> >I'm looking for some recommendations on figuring this out,
> > >> >because as
> > >>far
> > >> >as I can tell it's all working as intended, however the IPs
> > >> >cannot be
> > >> >used. In the #linux-ha IRC channel, it was recommended I look
> > >> >into ARP
> > >> >issues.
> > >> >
> > >> >NOTE: I'm running Ubuntu 10.10 / Pacemaker 1.0.9
> > >> >
> > >> >FWIW, all of the IP Addresses are Public IPs (against eth0
> > >> >device)
> > >>valid
> > >> >(confirmed subnet/gateway, etc), since using individual IPaddr2
> > >>primitive
> > >> >rules work for all of them. It's just when I attempt
> > >> >consolidating the
> > >>CIB
> > >> >configuration to leverage setup of the entire IP Range that it
> > >> >does not
> > >> >work as intended. Could this be a bug or side effect of my
> > >> >version? I
> > >>even
> > >> >ensure "libnet1-dev" was installed and re-compile cluster
> > >> >resource
> > >>agents,
> > >> >with no luck.
> > >> >
> > >> >
> > >> >Any help would be very much appreciated.
> > >> >
> > >> >Best,
> > >> >- Mike
> > >> >
> > >> >On 1/17/12 8:59 PM, "pacemaker-request at oss.clusterlabs.org"
> > >> ><pacemaker-request at oss.clusterlabs.org> wrote:
> > >> >
> > >> >>$ crm ra info IPaddr2 | grep unique_clone_address
> > >> >>
> > >> >>Does that help?
> > >> >>
> > >> >>Thanks,
> > >> >>
> > >> >>Dejan
> > >> >
> > >>
> > >
> > >
> > >
> > >------------------------------
> > >
> > >_______________________________________________
> > >Pacemaker mailing list
> > >Pacemaker at oss.clusterlabs.org
> > >http://oss.clusterlabs.org/mailman/listinfo/pacemaker
> > >
> > >
> > >End of Pacemaker Digest, Vol 50, Issue 58
> > >*****************************************
> > >
> > >______________________________________________________________________
> > >This email has been scanned by the Symantec Email Security.cloud
> > >service.
> > >For more information please visit http://www.symanteccloud.com
> > >______________________________________________________________________
> >
>
> _______________________________________________
> Pacemaker mailing list: Pacemaker at oss.clusterlabs.org
> http://oss.clusterlabs.org/mailman/listinfo/pacemaker
>
> Project Home: http://www.clusterlabs.org
> Getting started:
> http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> Bugs: http://bugs.clusterlabs.org
>
>
More information about the Pacemaker
mailing list