[ClusterLabs] Can packmaker launch haproxy from new network namespace automatically?

Hao QingFeng haoqf at linux.vnet.ibm.com
Thu Dec 22 02:40:58 UTC 2016



在 2016-12-22 6:03, Ken Gaillot 写道:
> On 12/17/2016 07:26 PM, Hao QingFeng wrote:
>> Hi Folks,
>>
>> I am installing packmaker to manage the cluster of haproxy within
>> openstack on ubuntu 16.04.
>>
>> I met the problem that haproxy can't start listening for some services
>> in vip because the related ports
>>
>> were occupied by those native services which listened on 0.0.0.0.
>>
>> I opened a bug to openstack team and a buddy told me that I should use
>> pacemaker to run haproxy in
>>
>> a separate network namespace.  I attached his description here(also in bug):
>>
>> <<<
>>
>> Fuel runs haproxy via pacemaker (not vis systemd/upstart) and pacemaker
>> runs haproxy in a separate network namespace.
>>
>> So haproxy does not cause any problems by listedning on 0.0.0.0 since
>> it's listening in a separate network namespace.
>>
>> You can see it via "ip netns ls" command and then "ip netns exec haproxy
>> ip a".
>>
>> Did you try to restart haproxy via systemd/upstart? If so then you could
>> face this problem. You should use pacemaker to control haproxy service.
>>
>> Here is the bug link:
>>
>> https://bugs.launchpad.net/openstack-manuals/+bug/1649902
>>
>> Actually I did start haproxy with pacemaker but "ip netns ls" show
>> nothing and haproxy can't bind some port like 9292 on vip .
>>
>> I checked and found that openstack starts including this function from
>> fuel 5.0(released in May, 2014).
>>
>> But after I downloaded pacemaker's code, did a rough check, I couldn't
>> find any related functions(keywords: ip netns, clone, CLONE_NEW...)
>>
>> except in the test cases for neutron and ovs etc(if my understanding is
>> correct).
>>
>> I didn't see any related configuration item in "crm configure show" either.
>>
>>
>> So I would like just  to confirm that if pacemaker has such function to
>> create a new network namespace
>>
>> for haproxy(or other manged service) automatically to avoid such socket
>> binding conflict?
>>
>> If yes, how to configure it? If no such function, do you have any advice
>> on how to solve the problem?
> No, pacemaker has no way to do that itself, but maybe you could run
> haproxy inside a container, and manage the container as a pacemaker
> resource.
Ken,
Thanks a lot for your explanation! I'll try to do as your approach!
>> BTW, you can see the detailed configuration information in the bug link,
>> if you need more, please let me know.
>>
>> Thanks a lot!
>>
>> Regards!
>>
>> -- 
>>
>> QingFeng Hao(Robin)
> _______________________________________________
> Users mailing list: Users at clusterlabs.org
> http://lists.clusterlabs.org/mailman/listinfo/users
>
> Project Home: http://www.clusterlabs.org
> Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> Bugs: http://bugs.clusterlabs.org
>

-- 
QingFeng Hao(Robin)





More information about the Users mailing list