[ClusterLabs] Cannot ping a secondary address apart from the server which it is assigned to (on Azure)

Andrei Borzenkov arvidjaar at gmail.com
Thu Oct 28 09:30:58 EDT 2021


On Thu, Oct 28, 2021 at 3:43 PM Paul Warwicker <paul.warwicker at gmail.com> wrote:
>
> Hello,
>
> I originally posted this in the Azure forums first but have had no replies. Trying here instead in case anyone has encountered it.
>
> I am trying to setup up a High Availability Cluster in Azure using CentOS 8, Pacemaker and Corosync. Everything is deployed using terraform.
>
> For our application, we need to migrate a floating IP address, a shared storage and our daemon between nodes. These resources are grouped into a service and these are successfully migrating between nodes as required. We are also using a private DNS zone and there is no firewall on either server. There is a DNS entry for the floating IP and that is resolvable by both servers and client.
>
> The problem is that floating IP address is only pingable on the server which has the floating IP address assigned as a secondary address. All other nodes in the same subnet will get the error Destination Host Unreachable, but pings to the primary address will succeed. All the IP addresses are in the same subnet (172.16.31.0/24). Auto-registration is enabled for the servers and client which makes up the test environment. The floating address was a somewhat arbitrary choice, but remains in that same subnet and would not be otherwise allocated. I mentioned the auto registration because the floating IP is not auto-registered.
>

My understanding is that Azure does not have Layer 2 and it must know
every IP each VM is using. For virtual IP you can (should?) use Azure
load balancers - basically,  you create a pool of one address, Azure
probes each node and detects which node has IP active.

See as example this RH documentation:

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/deploying_red_hat_enterprise_linux_8_on_public_cloud_platforms/configuring-rhel-high-availability-on-azure_cloud-content#azure-create-internal-load-balancer-in-azure-ha_configuring-rhel-high-availability-on-azure

Maybe it is possible to use a resource agent that configures IP in
Azure on demand (i.e. assigns it to correct VM when resource is
activated). I believe I have seen it mentioned somewhere.

> If I migrate the service to the other server node, the roles are reversed, the server which could not ping the address can now do so and the server which could, cannot.
>

Accessing local IP is done entirely inside one single server.


More information about the Users mailing list