[Pacemaker] IP Range Failover with IPaddr2 and clone / globally-unique="true"

Dejan Muhamedagic dejanmm at fastmail.fm
Tue Jan 24 15:28:30 UTC 2012


On Mon, Jan 23, 2012 at 08:25:32PM +0000, Reid, Mike wrote:
> Dejan,
> 
> 
> Regarding the stability: In my two node cluster testing, unfortunately
> multiple times (on each node) when managing multiple IP Ranges via
> unique_clone_address, more than one of the IPs failed to create. The
> default monitor settings were still in effect, but the IP was never
> created until a manual "crm resource cleanup" was performed.

What does "monitor setting" have to do with creating IP
addresses?

> When compared
> to handling multiple IPs using individual IPaddr2 primitives, I've not had
> that issue.

Well, I assume that can be fixed. Computers are good at
automating things, right? :) Do you see anything in the logs? Did
you try to use ocf_tester to see if it passes the test? If not,
you can post the messages it prints to the terminal.

> Tuomo Soini (IPaddr2 Author) told me this morning: "you try to create
> multiple ip's with IPaddr2 ??? I had no idea it could do something like
> that, and I _did_ write IPaddr2. I'm quite sure what you try to do is not
> very well tested feature if possible."

I think that the feature was implemented several years ago by
Andrew. Resource agents get extended from time to time and the
original authors are not always involved (unfortunately).

> The "not very well tested" line implies to me that this feature is still
> "experimental", especially considering the multiple "FAILED" IP starts I
> was receiving. No worries, however, I am very happy with IPaddr2 as a VIP
> solution, I was just hoping I could take advantage of the simplified
> configuration (much easier on the eyes) ;)

Indeed, and that's important too.

Cheers,

Dejan

> Best,
> - Mike
> 
> 
> >Hi,
> >
> >On Mon, Jan 23, 2012 at 08:05:34PM +0000, Reid, Mike wrote:
> >> FYI,
> >> 
> >> 
> >> The solution turned out to be related to IPTABLES rules that were added
> >> using this approach.
> >> By adding a custom IPTables "CLUSTERIP" chain, the firewall started
> >> letting everything through :)
> >> 
> >> Unfortunately, it seems that this approach is somewhat experimental and
> >
> >What is experimental? The CLUSTERIP chain? Or how it is being
> >used by the RA?
> >
> >> not very stable,
> >
> >How not stable?
> >
> >Thanks,
> >
> >Dejan
> >
> >> so while I finally found my solution, I will be going
> >> back to using individual IPaddr2 Primitives for the time being.
> >> 
> >> Thanks,
> >> 
> >> Mike
> >> 
> >> >Dejan,
> >> >
> >> >Yes, thank you. I realized I was missing "unique_clone_address" in the
> >> >config, which made _most_ of the difference.
> >> >
> >> >However, now I'm seeing some weirdness with regards to ARP -- In my
> >>setup,
> >> >I currently have three elastic IPs configured (effectively a small
> >>sample
> >> >of my intended IP Range), which all show up as Started, are visible via
> >> >"ip adds show", but only the to-pmost IP in the range is able to be
> >> >pinged?? It appears as if everything is working, I just can't use each
> >>of
> >> >the individual IP addresses. I even show all the CLUSTERIP IPTables
> >>rules,
> >> >etc.
> >> >
> >> >I'm looking for some recommendations on figuring this out, because as
> >>far
> >> >as I can tell it's all working as intended, however the IPs cannot be
> >> >used. In the #linux-ha IRC channel, it was recommended I look into ARP
> >> >issues.
> >> >
> >> >NOTE: I'm running Ubuntu 10.10 / Pacemaker 1.0.9
> >> >
> >> >FWIW, all of the IP Addresses are Public IPs (against eth0 device)
> >>valid
> >> >(confirmed subnet/gateway, etc), since using individual IPaddr2
> >>primitive
> >> >rules work for all of them. It's just when I attempt consolidating the
> >>CIB
> >> >configuration to leverage setup of the entire IP Range that it does not
> >> >work as intended. Could this be a bug or side effect of my version? I
> >>even
> >> >ensure "libnet1-dev" was installed and re-compile cluster resource
> >>agents,
> >> >with no luck. 
> >> >
> >> >
> >> >Any help would be very much appreciated.
> >> >
> >> >Best,
> >> >- Mike
> >> >
> >> >On 1/17/12 8:59 PM, "pacemaker-request at oss.clusterlabs.org"
> >> ><pacemaker-request at oss.clusterlabs.org> wrote:
> >> >
> >> >>$ crm ra info IPaddr2 | grep unique_clone_address
> >> >>
> >> >>Does that help?
> >> >>
> >> >>Thanks,
> >> >>
> >> >>Dejan
> >> >
> >> 
> >
> >
> >
> >------------------------------
> >
> >_______________________________________________
> >Pacemaker mailing list
> >Pacemaker at oss.clusterlabs.org
> >http://oss.clusterlabs.org/mailman/listinfo/pacemaker
> >
> >
> >End of Pacemaker Digest, Vol 50, Issue 58
> >*****************************************
> >
> >______________________________________________________________________
> >This email has been scanned by the Symantec Email Security.cloud service.
> >For more information please visit http://www.symanteccloud.com
> >______________________________________________________________________
> 




More information about the Pacemaker mailing list