[Pacemaker] custom resource-agent

Peter Romfeld peter.romfeld.hk at gmail.com
Tue Oct 1 22:34:58 UTC 2013


Hey,
when i change the secondary IP per hand or with external script on a Ubuntu
Instance I just need:
/etc/network/interfaces
auto eth0
iface eth0 inet dhcp
    address 192.168.32.12
    netmask 255.255.240.0
    gateway 192.168.32.1
    up ip addr add 192.168.32.11/20 dev eth0

and then run the script which basically just does:
#!/bin/sh

VIP=172.32.32.11
REGION=ap-southeast-1

Instance_ID=`/usr/bin/curl --silent
http://169.254.169.254/latest/meta-data/instance-id`
ENI_ID=`aws ec2 describe-instances --instance-id $Instance_ID --region
$REGION | grep NetworkInterfaceId | cut -d '"' -f 4`

aws ec2 assign-private-ip-addresses --network-interface-id $ENI_ID
--private-ip-addresses $VIP --allow-reassignment --region $REGION


I dont need to inform AWS or restart network, only the correct network
config and the one command, when i tested it with pinging from a 3rd
instance during IP change i didnt got any interupts. I dont know about
monitoring it


On Wed, Oct 2, 2013 at 1:38 AM, David Lang <david at lang.hm> wrote:

> On Tue, 1 Oct 2013, Dejan Muhamedagic wrote:
>
>  On Tue, Oct 01, 2013 at 10:07:12AM -0700, David Lang wrote:
>>
>>> On Tue, 1 Oct 2013, Dejan Muhamedagic wrote:
>>>
>>>  On Tue, Oct 01, 2013 at 07:22:20AM -0700, David Lang wrote:
>>>>
>>>>> On Tue, 1 Oct 2013, Dejan Muhamedagic wrote:
>>>>>
>>>>>  Hi David,
>>>>>>
>>>>>> On Mon, Sep 30, 2013 at 12:41:23PM -0700, David Lang wrote:
>>>>>>
>>>>>>> On Mon, 30 Sep 2013, David Lang wrote:
>>>>>>>
>>>>>>>  On Mon, 30 Sep 2013, Michael Schwartzkopff wrote:
>>>>>>>>
>>>>>>>>  Am Montag, 30. September 2013, 21:12:56 schrieb Peter Romfeld:
>>>>>>>>>
>>>>>>>>>> I am working in AWS i cant just use a VIP i need to use a floating
>>>>>>>>>> secondary IP which i reassign through script, i want to let
>>>>>>>>>> pacemaker
>>>>>>>>>> handle the reassignment...
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Please explain the difference of a VIP and a "secondary IP" in
>>>>>>>>> your opinion.
>>>>>>>>>
>>>>>>>>
>>>>>>>> with AWS you need to inform amazon of the change, not just change
>>>>>>>> the IP on the local box, that requires much more work than a
>>>>>>>> simple local VIP
>>>>>>>>
>>>>>>>
>>>>>>> being more detailed, instead of just
>>>>>>> ifconfig eth0:0 $vip
>>>>>>> you have to do something like
>>>>>>>
>>>>>>> /opt/aws/bin/ec2-assign-**private-ip-addresses -n $ENI_ID
>>>>>>> --secondary-private-ip-address $VIP --allow-reassignment --region $REGION
>>>>>>>
>>>>>>
>>>>>> We may consider adding such an option to IPaddr2. Has anybody
>>>>>> ever tried that?
>>>>>>
>>>>>>  pingresult=`ping -c 1 -W 1 $VIP | grep time= | wc -l`
>>>>>>> if [ "$pingresult" == "0" ]; then
>>>>>>> echo `date` "-- Restarting network"
>>>>>>> /sbin/service network restart > /dev/null 2>&1
>>>>>>>
>>>>>>
>>>>>> That may break the cluster communication, which may lead to split
>>>>>> brain, etc. Is that really the only way?
>>>>>>
>>>>>
>>>>> It's not the only way, but you do have the problem that the call to
>>>>> aws management interface is asynchronous, you don't know when it's
>>>>> going to complete, and until it does, the IP doesn't actually work.
>>>>>
>>>>
>>>> Wouldn't it be then safer to wait until it starts working, i.e.
>>>> to monitor in a loop?
>>>>
>>>
>>> that's exactly what the snippet of code above is for, to detect when
>>> the other box no longer has the address.
>>>
>>
>> Hmm, perhaps I'm missing something, but I couldn't notice a loop
>> in that code. What I meant was something like this:
>>
>> while ! ping -c 1 -W 1 $VIP | grep -qs time=; do
>>         :
>> done
>>
>> Then network restart wouldn't be necessary, right? Sorry, I don't
>> know much about aws.
>>
>
> I haven't used this exact script before, but I have seen the problem that
> this script is designed to address. I am not saying that I agree with this
> script, but it's what Amazon is suggesting, so it's probably a reasonable
> start.
>
>
> this was a cut-n-paste from the URL provided earlier
> http://aws.amazon.com/**articles/2127188135977316<http://aws.amazon.com/articles/2127188135977316>
>
>
> #!/bin/sh
> # This script will monitor another HA node and take over a Virtual IP (VIP)
> # if communication with the other node fails
>
> # High Availability IP variables
> # Other node's IP to ping and VIP to swap if other node goes down
> HA_Node_IP=10.0.0.11
> VIP=10.0.0.10
>
> # Specify the EC2 region that this will be running in
> REGION=us-west-2
>
> # Run aws-apitools-common.sh to set up default environment variables and to
> # leverage AWS security credentials provided by EC2 roles
> . /etc/profile.d/aws-apitools-**common.sh
>
> # Determine the instance and ENI IDs so we can reassign the VIP to the
> # correct ENI. Requires EC2 describe-instances and
> assign-private-ip-address
> # permissions. The following example EC2 roles policy will authorize these
> # commands:
> # {
> # "Statement": [
> # {
> # "Action": [
> # "ec2:AssignPrivateIpAddresses"**,
> # "ec2:DescribeInstances"
> # ],
> # "Effect": "Allow",
> # "Resource": "*"
> # }
> # ]
> # }
>
> Instance_ID=`/usr/bin/curl --silent http://169.254.169.254/latest/**
> meta-data/instance-id`ENI_ID=`**/opt/aws/bin/ec2-describe-**instances<http://169.254.169.254/latest/meta-data/instance-idENI_ID=/opt/aws/bin/ec2-describe-instances>$Instance_ID --region $REGION | grep eni -m 1 | awk '{print $2;}'`
>
> echo `date` "-- Starting HA monitor"
> while [ . ]; do
>  pingresult=`ping -c 3 -W 1 $HA_Node_IP | grep time= | wc -l`
>
>  if [ "$pingresult" == "0" ]; then
>  echo `date` "-- HA heartbeat failed, taking over VIP"
>
>  /opt/aws/bin/ec2-assign-**private-ip-addresses -n $ENI_ID
> --secondary-private-ip-address $VIP --allow-reassignment --region $REGION
>  pingresult=`ping -c 1 -W 1 $VIP | grep time= | wc -l`
>  if [ "$pingresult" == "0" ]; then
>  echo `date` "-- Restarting network"
>  /sbin/service network restart > /dev/null 2>&1
>  fi
>  sleep 60
>  fi
>  sleep 2
> done
>
>
>
> David Lang
>
> ______________________________**_________________
> Pacemaker mailing list: Pacemaker at oss.clusterlabs.org
> http://oss.clusterlabs.org/**mailman/listinfo/pacemaker<http://oss.clusterlabs.org/mailman/listinfo/pacemaker>
>
> Project Home: http://www.clusterlabs.org
> Getting started: http://www.clusterlabs.org/**doc/Cluster_from_Scratch.pdf<http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf>
> Bugs: http://bugs.clusterlabs.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clusterlabs.org/pipermail/pacemaker/attachments/20131002/cd6622e9/attachment.htm>


More information about the Pacemaker mailing list