[ClusterLabs] Can packmaker launch haproxy from new network namespace automatically?
haoqf at linux.vnet.ibm.com
Wed Dec 21 21:40:58 EST 2016
在 2016-12-22 6:03, Ken Gaillot 写道:
> On 12/17/2016 07:26 PM, Hao QingFeng wrote:
>> Hi Folks,
>> I am installing packmaker to manage the cluster of haproxy within
>> openstack on ubuntu 16.04.
>> I met the problem that haproxy can't start listening for some services
>> in vip because the related ports
>> were occupied by those native services which listened on 0.0.0.0.
>> I opened a bug to openstack team and a buddy told me that I should use
>> pacemaker to run haproxy in
>> a separate network namespace. I attached his description here(also in bug):
>> Fuel runs haproxy via pacemaker (not vis systemd/upstart) and pacemaker
>> runs haproxy in a separate network namespace.
>> So haproxy does not cause any problems by listedning on 0.0.0.0 since
>> it's listening in a separate network namespace.
>> You can see it via "ip netns ls" command and then "ip netns exec haproxy
>> ip a".
>> Did you try to restart haproxy via systemd/upstart? If so then you could
>> face this problem. You should use pacemaker to control haproxy service.
>> Here is the bug link:
>> Actually I did start haproxy with pacemaker but "ip netns ls" show
>> nothing and haproxy can't bind some port like 9292 on vip .
>> I checked and found that openstack starts including this function from
>> fuel 5.0(released in May, 2014).
>> But after I downloaded pacemaker's code, did a rough check, I couldn't
>> find any related functions(keywords: ip netns, clone, CLONE_NEW...)
>> except in the test cases for neutron and ovs etc(if my understanding is
>> I didn't see any related configuration item in "crm configure show" either.
>> So I would like just to confirm that if pacemaker has such function to
>> create a new network namespace
>> for haproxy(or other manged service) automatically to avoid such socket
>> binding conflict?
>> If yes, how to configure it? If no such function, do you have any advice
>> on how to solve the problem?
> No, pacemaker has no way to do that itself, but maybe you could run
> haproxy inside a container, and manage the container as a pacemaker
Thanks a lot for your explanation! I'll try to do as your approach!
>> BTW, you can see the detailed configuration information in the bug link,
>> if you need more, please let me know.
>> Thanks a lot!
>> QingFeng Hao(Robin)
> Users mailing list: Users at clusterlabs.org
> Project Home: http://www.clusterlabs.org
> Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> Bugs: http://bugs.clusterlabs.org
More information about the Users