[Pacemaker] IP Range Failover with IPaddr2 and clone / globally-unique="true"

Reid, Mike MBReid at thepei.com
Mon Jan 23 15:25:32 EST 2012 

Dejan,


Regarding the stability: In my two node cluster testing, unfortunately
multiple times (on each node) when managing multiple IP Ranges via
unique_clone_address, more than one of the IPs failed to create. The
default monitor settings were still in effect, but the IP was never
created until a manual "crm resource cleanup" was performed. When compared
to handling multiple IPs using individual IPaddr2 primitives, I've not had
that issue.

Tuomo Soini (IPaddr2 Author) told me this morning: "you try to create
multiple ip's with IPaddr2 ??? I had no idea it could do something like
that, and I _did_ write IPaddr2. I'm quite sure what you try to do is not
very well tested feature if possible."

The "not very well tested" line implies to me that this feature is still
"experimental", especially considering the multiple "FAILED" IP starts I
was receiving. No worries, however, I am very happy with IPaddr2 as a VIP
solution, I was just hoping I could take advantage of the simplified
configuration (much easier on the eyes) ;)

Best,
- Mike


>Hi,
>
>On Mon, Jan 23, 2012 at 08:05:34PM +0000, Reid, Mike wrote:
>> FYI,
>> 
>> 
>> The solution turned out to be related to IPTABLES rules that were added
>> using this approach.
>> By adding a custom IPTables "CLUSTERIP" chain, the firewall started
>> letting everything through :)
>> 
>> Unfortunately, it seems that this approach is somewhat experimental and
>
>What is experimental? The CLUSTERIP chain? Or how it is being
>used by the RA?
>
>> not very stable,
>
>How not stable?
>
>Thanks,
>
>Dejan
>
>> so while I finally found my solution, I will be going
>> back to using individual IPaddr2 Primitives for the time being.
>> 
>> Thanks,
>> 
>> Mike
>> 
>> >Dejan,
>> >
>> >Yes, thank you. I realized I was missing "unique_clone_address" in the
>> >config, which made _most_ of the difference.
>> >
>> >However, now I'm seeing some weirdness with regards to ARP -- In my
>>setup,
>> >I currently have three elastic IPs configured (effectively a small
>>sample
>> >of my intended IP Range), which all show up as Started, are visible via
>> >"ip adds show", but only the to-pmost IP in the range is able to be
>> >pinged?? It appears as if everything is working, I just can't use each
>>of
>> >the individual IP addresses. I even show all the CLUSTERIP IPTables
>>rules,
>> >etc.
>> >
>> >I'm looking for some recommendations on figuring this out, because as
>>far
>> >as I can tell it's all working as intended, however the IPs cannot be
>> >used. In the #linux-ha IRC channel, it was recommended I look into ARP
>> >issues.
>> >
>> >NOTE: I'm running Ubuntu 10.10 / Pacemaker 1.0.9
>> >
>> >FWIW, all of the IP Addresses are Public IPs (against eth0 device)
>>valid
>> >(confirmed subnet/gateway, etc), since using individual IPaddr2
>>primitive
>> >rules work for all of them. It's just when I attempt consolidating the
>>CIB
>> >configuration to leverage setup of the entire IP Range that it does not
>> >work as intended. Could this be a bug or side effect of my version? I
>>even
>> >ensure "libnet1-dev" was installed and re-compile cluster resource
>>agents,
>> >with no luck. 
>> >
>> >
>> >Any help would be very much appreciated.
>> >
>> >Best,
>> >- Mike
>> >
>> >On 1/17/12 8:59 PM, "pacemaker-request at oss.clusterlabs.org"
>> ><pacemaker-request at oss.clusterlabs.org> wrote:
>> >
>> >>$ crm ra info IPaddr2 | grep unique_clone_address
>> >>
>> >>Does that help?
>> >>
>> >>Thanks,
>> >>
>> >>Dejan
>> >
>> 
>
>
>
>------------------------------
>
>_______________________________________________
>Pacemaker mailing list
>Pacemaker at oss.clusterlabs.org
>http://oss.clusterlabs.org/mailman/listinfo/pacemaker
>
>
>End of Pacemaker Digest, Vol 50, Issue 58
>*****************************************
>
>______________________________________________________________________
>This email has been scanned by the Symantec Email Security.cloud service.
>For more information please visit http://www.symanteccloud.com
>______________________________________________________________________

More information about the Pacemaker mailing list