<div dir="ltr">Hey,<br>
when i change the secondary IP per hand or with external script on a Ubuntu Instance I just need:<br>
/etc/network/interfaces<br>
auto eth0<br>
iface eth0 inet dhcp<br>
address 192.168.32.12<br>
netmask 255.255.240.0<br>
gateway 192.168.32.1<br>
up ip addr add <a href="http://192.168.32.11/20">192.168.32.11/20</a> dev eth0<br>
<br>
and then run the script which basically just does:<br>
#!/bin/sh<br>
<br>
VIP=172.32.32.11<br>
REGION=ap-southeast-1<br>
<br>
Instance_ID=`/usr/bin/curl --silent <a href="http://169.254.169.254/latest/meta-data/instance-id`">http://169.254.169.254/latest/meta-data/instance-id`</a><br>
ENI_ID=`aws ec2 describe-instances --instance-id $Instance_ID --region $REGION | grep NetworkInterfaceId | cut -d '"' -f 4`<br>
<br>
aws ec2 assign-private-ip-addresses --network-interface-id $ENI_ID
--private-ip-addresses $VIP --allow-reassignment --region $REGION<br>
<br>
<br>
I dont need to inform AWS or restart network, only the correct network config and the one command, when i tested it with pinging from a 3rd instance during IP change i didnt got any interupts. I dont know about monitoring it<br>
</div><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Oct 2, 2013 at 1:38 AM, David Lang <span dir="ltr"><<a href="mailto:david@lang.hm" target="_blank">david@lang.hm</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="HOEnZb"><div class="h5">On Tue, 1 Oct 2013, Dejan Muhamedagic wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
On Tue, Oct 01, 2013 at 10:07:12AM -0700, David Lang wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
On Tue, 1 Oct 2013, Dejan Muhamedagic wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
On Tue, Oct 01, 2013 at 07:22:20AM -0700, David Lang wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
On Tue, 1 Oct 2013, Dejan Muhamedagic wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi David,<br>
<br>
On Mon, Sep 30, 2013 at 12:41:23PM -0700, David Lang wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
On Mon, 30 Sep 2013, David Lang wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
On Mon, 30 Sep 2013, Michael Schwartzkopff wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Am Montag, 30. September 2013, 21:12:56 schrieb Peter Romfeld:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
I am working in AWS i cant just use a VIP i need to use a floating<br>
secondary IP which i reassign through script, i want to let pacemaker<br>
handle the reassignment...<br>
</blockquote>
<br>
Please explain the difference of a VIP and a "secondary IP" in<br>
your opinion.<br>
</blockquote>
<br>
with AWS you need to inform amazon of the change, not just change<br>
the IP on the local box, that requires much more work than a<br>
simple local VIP<br>
</blockquote>
<br>
being more detailed, instead of just<br>
ifconfig eth0:0 $vip<br>
you have to do something like<br>
<br>
/opt/aws/bin/ec2-assign-<u></u>private-ip-addresses -n $ENI_ID --secondary-private-ip-address $VIP --allow-reassignment --region $REGION<br>
</blockquote>
<br>
We may consider adding such an option to IPaddr2. Has anybody<br>
ever tried that?<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
pingresult=`ping -c 1 -W 1 $VIP | grep time= | wc -l`<br>
if [ "$pingresult" == "0" ]; then<br>
echo `date` "-- Restarting network"<br>
/sbin/service network restart > /dev/null 2>&1<br>
</blockquote>
<br>
That may break the cluster communication, which may lead to split<br>
brain, etc. Is that really the only way?<br>
</blockquote>
<br>
It's not the only way, but you do have the problem that the call to<br>
aws management interface is asynchronous, you don't know when it's<br>
going to complete, and until it does, the IP doesn't actually work.<br>
</blockquote>
<br>
Wouldn't it be then safer to wait until it starts working, i.e.<br>
to monitor in a loop?<br>
</blockquote>
<br>
that's exactly what the snippet of code above is for, to detect when<br>
the other box no longer has the address.<br>
</blockquote>
<br>
Hmm, perhaps I'm missing something, but I couldn't notice a loop<br>
in that code. What I meant was something like this:<br>
<br>
while ! ping -c 1 -W 1 $VIP | grep -qs time=; do<br>
:<br>
done<br>
<br>
Then network restart wouldn't be necessary, right? Sorry, I don't<br>
know much about aws.<br>
</blockquote>
<br></div></div>
I haven't used this exact script before, but I have seen the problem that this script is designed to address. I am not saying that I agree with this script, but it's what Amazon is suggesting, so it's probably a reasonable start.<br>
<br>
<br>
this was a cut-n-paste from the URL provided earlier <a href="http://aws.amazon.com/articles/2127188135977316" target="_blank">http://aws.amazon.com/<u></u>articles/2127188135977316</a><br>
<br>
<br>
#!/bin/sh<br>
# This script will monitor another HA node and take over a Virtual IP (VIP)<br>
# if communication with the other node fails<br>
<br>
# High Availability IP variables<br>
# Other node's IP to ping and VIP to swap if other node goes down<br>
HA_Node_IP=10.0.0.11<br>
VIP=10.0.0.10<br>
<br>
# Specify the EC2 region that this will be running in<br>
REGION=us-west-2<br>
<br>
# Run aws-apitools-common.sh to set up default environment variables and to<br>
# leverage AWS security credentials provided by EC2 roles<br>
. /etc/profile.d/aws-apitools-<u></u>common.sh<br>
<br>
# Determine the instance and ENI IDs so we can reassign the VIP to the<br>
# correct ENI. Requires EC2 describe-instances and assign-private-ip-address<br>
# permissions. The following example EC2 roles policy will authorize these<br>
# commands:<br>
# {<br>
# "Statement": [<br>
# {<br>
# "Action": [<br>
# "ec2:AssignPrivateIpAddresses"<u></u>,<br>
# "ec2:DescribeInstances"<br>
# ],<br>
# "Effect": "Allow",<br>
# "Resource": "*"<br>
# }<br>
# ]<br>
# }<br>
<br>
Instance_ID=`/usr/bin/curl --silent <a href="http://169.254.169.254/latest/meta-data/instance-idENI_ID=/opt/aws/bin/ec2-describe-instances" target="_blank">http://169.254.169.254/latest/<u></u>meta-data/instance-id`ENI_ID=`<u></u>/opt/aws/bin/ec2-describe-<u></u>instances</a> $Instance_ID --region $REGION | grep eni -m 1 | awk '{print $2;}'`<br>
<br>
echo `date` "-- Starting HA monitor"<br>
while [ . ]; do<br>
pingresult=`ping -c 3 -W 1 $HA_Node_IP | grep time= | wc -l`<div class="im"><br>
if [ "$pingresult" == "0" ]; then<br></div>
echo `date` "-- HA heartbeat failed, taking over VIP"<div class="im"><br>
/opt/aws/bin/ec2-assign-<u></u>private-ip-addresses -n $ENI_ID --secondary-private-ip-address $VIP --allow-reassignment --region $REGION<br></div><div class="im">
pingresult=`ping -c 1 -W 1 $VIP | grep time= | wc -l`<br>
if [ "$pingresult" == "0" ]; then<br>
echo `date` "-- Restarting network"<br>
/sbin/service network restart > /dev/null 2>&1<br></div>
fi<br>
sleep 60<br>
fi<br>
sleep 2<br>
done<div class="HOEnZb"><div class="h5"><br>
<br>
<br>
David Lang<br>
<br>
______________________________<u></u>_________________<br>
Pacemaker mailing list: <a href="mailto:Pacemaker@oss.clusterlabs.org" target="_blank">Pacemaker@oss.clusterlabs.org</a><br>
<a href="http://oss.clusterlabs.org/mailman/listinfo/pacemaker" target="_blank">http://oss.clusterlabs.org/<u></u>mailman/listinfo/pacemaker</a><br>
<br>
Project Home: <a href="http://www.clusterlabs.org" target="_blank">http://www.clusterlabs.org</a><br>
Getting started: <a href="http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf" target="_blank">http://www.clusterlabs.org/<u></u>doc/Cluster_from_Scratch.pdf</a><br>
Bugs: <a href="http://bugs.clusterlabs.org" target="_blank">http://bugs.clusterlabs.org</a><br>
</div></div></blockquote></div><br></div>