[ClusterLabs] monitor IP address

Ken Gaillot kgaillot at redhat.com
Thu Aug 2 12:59:25 EDT 2018

On Thu, 2018-08-02 at 11:02 +0200, Aurelien Kempiak wrote:
> Hello,
> I'm using Openvpn in failover mode, and it manages a ucarp VIP for
> this. Problem is there's only one managed VIP (let's say I use it for
> WAN), not two (for WAN + LAN).
> My idea is to use Corosync/pacemaker, monitor the openvpn ucarp (WAN)
> VIP, and brings up my pacemaker (LAN) VIP depending on WAN VIP's
> presence, that's all.

I wasn't familiar with openvpn's ucarp feature -- it looks quite

>From an HA perspective, the main thing it lacks is fencing, which makes
it susceptible to split-brain. Putting it in a pacemaker cluster can
take care of that.

Ideally, your pacemaker cluster would manage openvpn itself as a
resource (most likely a systemd resource cloned on two nodes).

So, the situation is that you have openvpn running on two nodes, and
openvpn itself will bring up the WAN IP on one of those nodes. You want
to bring up a LAN IP on whichever node has the WAN IP.

I think you'll need a custom resource agent.

Least complicated would be to copy the ocf:heartbeat:Dummy agent and
modify its monitor operation to check for the WAN IP locally and set a
node attribute yes or no. Then you can use a location constraint with a
rule saying the LAN VIP must be located where that node attribute is

> I read a lot of documentation but I really did not find how to
> monitor an IP address presence. Is that even possible ?
> I would be glad if someone can tell me ;)
> Best regards.
> -- 
>               	   Aurélien Kempiak 
> System & Network Engineer	 Fixe : 03 59 82 20 05 
>  125 Avenue de la République 59110 La Madeleine 
> 12 rue Marivaux 75002 Paris                     	   
Ken Gaillot <kgaillot at redhat.com>

More information about the Users mailing list