<div dir="ltr">
  
    
  
  <div bgcolor="#FFFFFF" text="#000000">
    <div>yes i need to use the aws command, i am
      using a VPC, after issueing the command i get a "true" statement
      and its done<br><br>so i only want pacemaker to issue the one-shot command at failover. Here is what i have atm: (i know its still dirty, just lerning pacemaker)<br><br><div>primitive drbd_mysql ocf:linbit:drbd \</div>
<div>        params drbd_resource="mydata" \</div><div>        op monitor interval="15s"</div><div>primitive fs_mysql ocf:heartbeat:Filesystem \</div><div>        params device="/dev/drbdx" directory="/mountpint" fstype="ext4" options="relatime,barrier=1" \</div>
<div>        op start interval="0" timeout="60" \</div><div>        op stop interval="0" timeout="60" \</div><div>        op monitor interval="10s" timeout="60s" OCF_CHECK_LEVEL="20" \</div>
<div>        meta target-role="started"</div><div>primitive fvip ocf:heartbeat:AWSFIP \</div><div>        params fvip="192.168.2.10" region="ap-southeast-1"</div><div>primitive ip_mysql ocf:heartbeat:IPaddr2 \</div>
<div>        params ip="192.168.2.10" cidr_netmask="20" \</div><div>        op monitor interval="10" \</div><div>        meta target-role="started"</div><div>primitive mysqld lsb:mysql</div>
<div>group mysql fs_mysql ip_mysql mysqld</div><div>ms ms_drbd_mysql drbd_mysql \</div><div>        meta master-max="1" master-node-max="1" clone-max="2" clone-node-max="1" notify="true"</div>
<div>colocation mysql_on_drbd inf: fvip mysql ms_drbd_mysql:Master</div><div>order mysql_after_drbd_and_fvip inf: ms_drbd_mysql:promote fvip:start mysql:start</div><div><br></div>
      my AWSFIP(adjusted Dummy :%s/dummy/awsfip/g|%s/Dummy/AWSFIP/g):</div><div><br></div><div><div><div><parameter name="fvip" unique="1" required="1"></div><div><longdesc lang="en"></div>
<div>The IPv4 address to be configured in dotted quad notation, for example</div><div>"192.168.1.1".</div><div></longdesc></div><div><shortdesc lang="en">IPv4 address</shortdesc></div>
<div><content type="string" default="" /></div><div></parameter></div><div><br></div><div><parameter name="region" unique="1" required="1"></div><div><longdesc lang="en"></div>
<div>The name of the AWS region</div><div></longdesc></div><div><shortdesc lang="en">AWS region</shortdesc></div><div><content type="string"/></div><div></parameter></div>
</div><div><br></div><div><div>awsfip_start() {</div><div>    awsfip_monitor</div><div>    Instance_ID=`/usr/bin/curl --silent <a href="http://169.254.169.254/latest/meta-data/instance-id`">http://169.254.169.254/latest/meta-data/instance-id`</a></div>
<div>    ENI_ID=`aws ec2 describe-instances --instance-id $Instance_ID --region $OCF_RESKEY_region | grep NetworkInterfaceId | cut -d '"' -f 4`</div><div>    if [ $? =  $OCF_SUCCESS ]; then</div><div>        return $OCF_SUCCESS</div>
<div>    fi</div><div>         aws ec2 assign-private-ip-addresses --network-interface-id $ENI_ID --private-ip-addresses $OCF_RESKEY_fvip --allow-reassignment --region $OCF_RESKEY_region</div><div>         sleep 4</div><div>
         aws ec2 assign-private-ip-addresses --network-interface-id $ENI_ID --private-ip-addresses $OCF_RESKEY_fvip --allow-reassignment --region $OCF_RESKEY_region</div><div>         /etc/init.d/networking restart</div><div>
    touch ${OCF_RESKEY_state}</div><div>}</div></div><div><br></div><div>I couldn't get it to work yet, and i don't want to run a external script for it. I can't be so hard to let pacemaker execute an additional one-shot command at failover (in the correct order..)</div>
<div><br></div><div>Thanks for your help!</div><div><br></div><div><br></div>
      On Wednesday, October 02, 2013 07:33 AM, David Lang wrote:<br>
    </div>
    <blockquote type="cite">the aws command is making the call to inform aws, if
      you were to bring up the address without making the aws command,
      would it work? If you are on a Virtual Private Cloud (VPC), it
      may, but I didn't think it would.
      <br>
      <br>
      If you can make it work without the aws command, then you can just
      use the standard pacemaker VIP configuration. I know that this
      doesn't work if you have an external IP that you are moving (you
      must use an aws call to tell Amazon to move the IP), but it's
      possible that you don't have to for an internal IP, but I would be
      surprised.
      <br>
      <br>
      David Lang
      <br>
      <br>
      <br>
      On Wed, 2 Oct 2013, Peter Romfeld wrote:
      <br>
      <br>
      <blockquote type="cite">Hey,
        <br>
        when i change the secondary IP per hand or with external script
        on a Ubuntu
        <br>
        Instance I just need:
        <br>
        /etc/network/interfaces
        <br>
        auto eth0
        <br>
        iface eth0 inet dhcp
        <br>
           address 192.168.32.12
        <br>
           netmask 255.255.240.0
        <br>
           gateway 192.168.32.1
        <br>
           up ip addr add <a href="http://192.168.32.11/20" target="_blank">192.168.32.11/20</a> dev eth0
        <br>
        <br>
        and then run the script which basically just does:
        <br>
        #!/bin/sh
        <br>
        <br>
        VIP=172.32.32.11
        <br>
        REGION=ap-southeast-1
        <br>
        <br>
        Instance_ID=`/usr/bin/curl --silent
        <br>
        <a href="http://169.254.169.254/latest/meta-data/instance-id" target="_blank">http://169.254.169.254/latest/meta-data/instance-id</a>`
        <br>
        ENI_ID=`aws ec2 describe-instances --instance-id $Instance_ID
        --region
        <br>
        $REGION | grep NetworkInterfaceId | cut -d '"' -f 4`
        <br>
        <br>
        aws ec2 assign-private-ip-addresses --network-interface-id
        $ENI_ID
        <br>
        --private-ip-addresses $VIP --allow-reassignment --region
        $REGION
        <br>
        <br>
        <br>
        I dont need to inform AWS or restart network, only the correct
        network
        <br>
        config and the one command, when i tested it with pinging from a
        3rd
        <br>
        instance during IP change i didnt got any interupts. I dont know
        about
        <br>
        monitoring it
        <br>
        <br>
        <br>
        On Wed, Oct 2, 2013 at 1:38 AM, David Lang <a href="mailto:david@lang.hm" target="_blank"><david@lang.hm></a>
        wrote:
        <br>
        <br>
        <blockquote type="cite">On Tue, 1 Oct 2013, Dejan Muhamedagic
          wrote:
          <br>
          <br>
           On Tue, Oct 01, 2013 at 10:07:12AM -0700, David Lang wrote:
          <br>
          <blockquote type="cite">
            <br>
            <blockquote type="cite">On Tue, 1 Oct 2013, Dejan
              Muhamedagic wrote:
              <br>
              <br>
               On Tue, Oct 01, 2013 at 07:22:20AM -0700, David Lang
              wrote:
              <br>
              <blockquote type="cite">
                <br>
                <blockquote type="cite">On Tue, 1 Oct 2013, Dejan
                  Muhamedagic wrote:
                  <br>
                  <br>
                   Hi David,
                  <br>
                  <blockquote type="cite">
                    <br>
                    On Mon, Sep 30, 2013 at 12:41:23PM -0700, David Lang
                    wrote:
                    <br>
                    <br>
                    <blockquote type="cite">On Mon, 30 Sep 2013, David
                      Lang wrote:
                      <br>
                      <br>
                       On Mon, 30 Sep 2013, Michael Schwartzkopff wrote:
                      <br>
                      <blockquote type="cite">
                        <br>
                         Am Montag, 30. September 2013, 21:12:56 schrieb
                        Peter Romfeld:
                        <br>
                        <blockquote type="cite">
                          <br>
                          <blockquote type="cite">I am working in AWS i
                            cant just use a VIP i need to use a floating
                            <br>
                            secondary IP which i reassign through
                            script, i want to let
                            <br>
                            pacemaker
                            <br>
                            handle the reassignment...
                            <br>
                            <br>
                          </blockquote>
                          <br>
                          Please explain the difference of a VIP and a
                          "secondary IP" in
                          <br>
                          your opinion.
                          <br>
                          <br>
                        </blockquote>
                        <br>
                        with AWS you need to inform amazon of the
                        change, not just change
                        <br>
                        the IP on the local box, that requires much more
                        work than a
                        <br>
                        simple local VIP
                        <br>
                        <br>
                      </blockquote>
                      <br>
                      being more detailed, instead of just
                      <br>
                      ifconfig eth0:0 $vip
                      <br>
                      you have to do something like
                      <br>
                      <br>
                      /opt/aws/bin/ec2-assign-**private-ip-addresses -n
                      $ENI_ID
                      <br>
                      --secondary-private-ip-address $VIP
                      --allow-reassignment --region $REGION
                      <br>
                      <br>
                    </blockquote>
                    <br>
                    We may consider adding such an option to IPaddr2.
                    Has anybody
                    <br>
                    ever tried that?
                    <br>
                    <br>
                     pingresult=`ping -c 1 -W 1 $VIP | grep time= | wc
                    -l`
                    <br>
                    <blockquote type="cite">if [ "$pingresult" == "0" ];
                      then
                      <br>
                      echo `date` "-- Restarting network"
                      <br>
                      /sbin/service network restart > /dev/null
                      2>&1
                      <br>
                      <br>
                    </blockquote>
                    <br>
                    That may break the cluster communication, which may
                    lead to split
                    <br>
                    brain, etc. Is that really the only way?
                    <br>
                    <br>
                  </blockquote>
                  <br>
                  It's not the only way, but you do have the problem
                  that the call to
                  <br>
                  aws management interface is asynchronous, you don't
                  know when it's
                  <br>
                  going to complete, and until it does, the IP doesn't
                  actually work.
                  <br>
                  <br>
                </blockquote>
                <br>
                Wouldn't it be then safer to wait until it starts
                working, i.e.
                <br>
                to monitor in a loop?
                <br>
                <br>
              </blockquote>
              <br>
              that's exactly what the snippet of code above is for, to
              detect when
              <br>
              the other box no longer has the address.
              <br>
              <br>
            </blockquote>
            <br>
            Hmm, perhaps I'm missing something, but I couldn't notice a
            loop
            <br>
            in that code. What I meant was something like this:
            <br>
            <br>
            while ! ping -c 1 -W 1 $VIP | grep -qs time=; do
            <br>
                    :
            <br>
            done
            <br>
            <br>
            Then network restart wouldn't be necessary, right? Sorry, I
            don't
            <br>
            know much about aws.
            <br>
            <br>
          </blockquote>
          <br>
          I haven't used this exact script before, but I have seen the
          problem that
          <br>
          this script is designed to address. I am not saying that I
          agree with this
          <br>
          script, but it's what Amazon is suggesting, so it's probably a
          reasonable
          <br>
          start.
          <br>
          <br>
          <br>
          this was a cut-n-paste from the URL provided earlier
          <br>
<a href="http://aws.amazon.com/**articles/2127188135977316" target="_blank">http://aws.amazon.com/**articles/2127188135977316</a><a href="http://aws.amazon.com/articles/2127188135977316" target="_blank"><http://aws.amazon.com/articles/2127188135977316></a>
          <br>
          <br>
          <br>
          #!/bin/sh
          <br>
          # This script will monitor another HA node and take over a
          Virtual IP (VIP)
          <br>
          # if communication with the other node fails
          <br>
          <br>
          # High Availability IP variables
          <br>
          # Other node's IP to ping and VIP to swap if other node goes
          down
          <br>
          HA_Node_IP=10.0.0.11
          <br>
          VIP=10.0.0.10
          <br>
          <br>
          # Specify the EC2 region that this will be running in
          <br>
          REGION=us-west-2
          <br>
          <br>
          # Run aws-apitools-common.sh to set up default environment
          variables and to
          <br>
          # leverage AWS security credentials provided by EC2 roles
          <br>
          . /etc/profile.d/aws-apitools-**common.sh
          <br>
          <br>
          # Determine the instance and ENI IDs so we can reassign the
          VIP to the
          <br>
          # correct ENI. Requires EC2 describe-instances and
          <br>
          assign-private-ip-address
          <br>
          # permissions. The following example EC2 roles policy will
          authorize these
          <br>
          # commands:
          <br>
          # {
          <br>
          # "Statement": [
          <br>
          # {
          <br>
          # "Action": [
          <br>
          # "ec2:AssignPrivateIpAddresses"**,
          <br>
          # "ec2:DescribeInstances"
          <br>
          # ],
          <br>
          # "Effect": "Allow",
          <br>
          # "Resource": "*"
          <br>
          # }
          <br>
          # ]
          <br>
          # }
          <br>
          <br>
          Instance_ID=`/usr/bin/curl --silent
          <a href="http://169.254.169.254/latest/**" target="_blank">http://169.254.169.254/latest/**</a>
          <br>
          meta-data/instance-id`ENI_ID=`**/opt/aws/bin/ec2-describe-**instances<a href="http://169.254.169.254/latest/meta-data/instance-idENI_ID=/opt/aws/bin/ec2-describe-instances" target="_blank"><http://169.254.169.254/latest/meta-data/instance-idENI_ID=/opt/aws/bin/ec2-describe-instances></a>$Instance_ID
          --region $REGION | grep eni -m 1 | awk '{print $2;}'`
          <br>
          <br>
          echo `date` "-- Starting HA monitor"
          <br>
          while [ . ]; do
          <br>
           pingresult=`ping -c 3 -W 1 $HA_Node_IP | grep time= | wc -l`
          <br>
          <br>
           if [ "$pingresult" == "0" ]; then
          <br>
           echo `date` "-- HA heartbeat failed, taking over VIP"
          <br>
          <br>
           /opt/aws/bin/ec2-assign-**private-ip-addresses -n $ENI_ID
          <br>
          --secondary-private-ip-address $VIP --allow-reassignment
          --region $REGION
          <br>
           pingresult=`ping -c 1 -W 1 $VIP | grep time= | wc -l`
          <br>
           if [ "$pingresult" == "0" ]; then
          <br>
           echo `date` "-- Restarting network"
          <br>
           /sbin/service network restart > /dev/null 2>&1
          <br>
           fi
          <br>
           sleep 60
          <br>
           fi
          <br>
           sleep 2
          <br>
          done
          <br>
          <br>
          <br>
          <br>
          David Lang
          <br>
          <br>
          ______________________________**_________________
          <br>
          Pacemaker mailing list: <a href="mailto:Pacemaker@oss.clusterlabs.org" target="_blank">Pacemaker@oss.clusterlabs.org</a>
          <br>
<a href="http://oss.clusterlabs.org/**mailman/listinfo/pacemaker" target="_blank">http://oss.clusterlabs.org/**mailman/listinfo/pacemaker</a><a href="http://oss.clusterlabs.org/mailman/listinfo/pacemaker" target="_blank"><http://oss.clusterlabs.org/mailman/listinfo/pacemaker></a>
          <br>
          <br>
          Project Home: <a href="http://www.clusterlabs.org" target="_blank">http://www.clusterlabs.org</a>
          <br>
          Getting started:
<a href="http://www.clusterlabs.org/**doc/Cluster_from_Scratch.pdf" target="_blank">http://www.clusterlabs.org/**doc/Cluster_from_Scratch.pdf</a><a href="http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf" target="_blank"><http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf></a><br>

          Bugs: <a href="http://bugs.clusterlabs.org" target="_blank">http://bugs.clusterlabs.org</a>
          <br>
          <br>
        </blockquote>
        <br>
      </blockquote>
      <br>
      <fieldset></fieldset>
      <br>
      <pre>_______________________________________________

Pacemaker mailing list: <a href="mailto:Pacemaker@oss.clusterlabs.org" target="_blank">Pacemaker@oss.clusterlabs.org</a>

<a href="http://oss.clusterlabs.org/mailman/listinfo/pacemaker" target="_blank">http://oss.clusterlabs.org/mailman/listinfo/pacemaker</a>



Project Home: <a href="http://www.clusterlabs.org" target="_blank">http://www.clusterlabs.org</a>

Getting started: <a href="http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf" target="_blank">http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf</a>

Bugs: <a href="http://bugs.clusterlabs.org" target="_blank">http://bugs.clusterlabs.org</a>

</pre>
      <br>
      <fieldset></fieldset>
      <br>
      <pre>_______________________________________________
Pacemaker mailing list: <a href="mailto:Pacemaker@oss.clusterlabs.org" target="_blank">Pacemaker@oss.clusterlabs.org</a>
<a href="http://oss.clusterlabs.org/mailman/listinfo/pacemaker" target="_blank">http://oss.clusterlabs.org/mailman/listinfo/pacemaker</a>

Project Home: <a href="http://www.clusterlabs.org" target="_blank">http://www.clusterlabs.org</a>
Getting started: <a href="http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf" target="_blank">http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf</a>
Bugs: <a href="http://bugs.clusterlabs.org" target="_blank">http://bugs.clusterlabs.org</a></pre></blockquote><div> </div>
  </div>

</div>