[ClusterLabs] Antw: how to connect to the cluster from a docker container

Ken Gaillot kgaillot at redhat.com
Wed Aug 7 09:50:55 EDT 2019 

On Wed, 2019-08-07 at 14:42 +0200, Dejan Muhamedagic wrote:
> Hi,
> 
> On Wed, Aug 07, 2019 at 11:23:09AM +0200, Klaus Wenninger wrote:
> > On 8/7/19 10:09 AM, Dejan Muhamedagic wrote:
> > > Hi Ulrich,
> > > 
> > > On Tue, Aug 06, 2019 at 02:38:10PM +0200, Ulrich Windl wrote:
> > > > > > > Dejan Muhamedagic <dejanmm at fastmail.fm> schrieb am
> > > > > > > 06.08.2019 um 10:37 in
> > > > 
> > > > Nachricht <20190806083726.GA8262 at capote>:
> > > > > Hi,
> > > > > 
> > > > > Hawk runs in a docker container on one of the cluster nodes
> > > > > (the
> > > > > nodes run Debian and apparently it's rather difficult to
> > > > > install
> > > > > hawk on a non‑SUSE distribution, hence docker). Now, how to
> > > > > connect to the cluster? Hawk uses the pacemaker command line
> > > > > tools such as cibadmin. I have a vague recollection that
> > > > > there is
> > > > > a way to connect over tcp/ip, but, if that is so, I cannot
> > > > > find
> > > > > any documentation about it.
> > > > 
> > > > I always thought hawk has to run on one of the cluster nodes
> > > > (natively).
> > > 
> > > Well, let's see if that is the case. BTW, the Dockerfile is
> > > available here:
> > > 
> > > https://github.com/krig/docker-hawk
> > > 
> > > Cheers,
> > > 
> > > Dejan
> > 
> > That container seems to be foreseen to act as a cluster-node
> > controlling docker-containers on the same host.
> > If the pacemaker-version inside the container is close enough
> > to the pacemaker-version you are running on debian and
> > if it has pacemaker-remote you might be able to run the
> > container as guest-node.
> > No idea though if tooling hawk uses is gonna be happy tunneling
> > through pacemaker-remote.
> 
> hawk seems to be using only the standard pacemaker-cli-utils
> (cibadmin etc).
> 
> > A little bit like hypervisors are doing it nowadays - running the
> > admin-interface in a VM ...
> > Of course just useful if you can live with hawk not being
> > available if the cluster is in a state where it doesn't start
> > the guest-node.
> 
> Interesting idea. Would then cibadmin et al work from this remote
> node?

Yes, that sounds like a really good option. There may still be a few
command-line options here and there that aren't remote friendly, but
that should be rare with recent versions.

I'd launch the container via a bundle, for simplicity.

I don't know everything hawk can do, but obviously you couldn't start
the cluster via hawk using that setup! It may also open up some new
avenues for trouble, e.g. the user may be able to disable the hawk
resource via hawk, but couldn't enable it again without resorting to
the command line.

Whatever approach you go with, in your case it's important to keep the
pacemaker version inside the container the same or newer than the rest
of the cluster. That's because it will need the schema files to
validate the cluster configuration. (This isn't important for most
containers, since they don't run any configuration commands.)

> 
> Cheers,
> 
> Dejan
> 
> > Klaus
> > > 
> > > > > Cheers,
> > > > > 
> > > > > Dejan

-- Ken Gaillot <kgaillot at redhat.com>

More information about the Users mailing list