[ClusterLabs] ocf test IPaddr2
Fabrizio Lombardozzi
fabrizio.lombardozzi at atlantica.it
Fri Nov 24 12:09:43 EST 2023
Hi all,
is it normal that test is always passed even with a non used IP?
[root at ...~]# ping 10.10.62.87
PING 10.10.62.87 (10.10.62.87) 56(84) bytes of data.
>From 10.10.62.83 icmp_seq=1 Destination Host Unreachable
>From 10.10.62.83 icmp_seq=2 Destination Host Unreachable
>From 10.10.62.83 icmp_seq=3 Destination Host Unreachable
^C
--- 10.10.62.87 ping statistics ---
4 packets transmitted, 0 received, +3 errors, 100% packet loss, time 3067ms
pipe 4
[root at rmslv-sam-cs9-coll01 ~]# arp 10.10.62.87
Address HWtype HWaddress Flags Mask Iface
10.10.62.87 (incomplete) ens192
is this the right syntax?
[root at ... ~]# ocf-tester -n VirtualIP -o ip=10.10.62.87 -o cidr_netmask=24 -o nic=ens192 /usr/lib/ocf/resource.d/heartbeat/IPaddr2
Beginning tests for /usr/lib/ocf/resource.d/heartbeat/IPaddr2...
* Your agent does not support the notify action (optional)
* Your agent does not support the demote action (optional)
* Your agent does not support the promote action (optional)
* Your agent does not support promotable clones (optional)
* Your agent does not support the reload action (optional)
/usr/lib/ocf/resource.d/heartbeat/IPaddr2 passed all tests
here is the verbose output:
[root at ... ~]# ocf-tester -v -n VirtualIP -o ip=10.10.62.87 -o cidr_netmask=24 -o nic=ens192 /usr/lib/ocf/resource.d/heartbeat/IPaddr2
Beginning tests for /usr/lib/ocf/resource.d/heartbeat/IPaddr2...
Testing permissions with uid nobody
Testing: meta-data
Testing: meta-data
<?xml version="1.0"?>
<!DOCTYPE resource-agent SYSTEM "ra-api-1.dtd">
<resource-agent name="IPaddr2" version="1.0">
<version>1.0</version>
<longdesc lang="en">
This Linux-specific resource manages IP alias IP addresses.
It can add an IP alias, or remove one.
In addition, it can implement Cluster Alias IP functionality
if invoked as a clone resource.
If used as a clone, "shared address with a trivial, stateless
(autonomous) load-balancing/mutual exclusion on ingress" mode gets
applied (as opposed to "assume resource uniqueness" mode otherwise).
For that, Linux firewall (kernel and userspace) is assumed, and since
recent distributions are ambivalent in plain "iptables" command to
particular back-end resolution, "iptables-legacy" (when present) gets
prioritized so as to avoid incompatibilities (note that respective
ipt_CLUSTERIP firewall extension in use here is, at the same time,
marked deprecated, yet said "legacy" layer can make it workable,
literally, to this day) with "netfilter" one (as in "iptables-nft").
In that case, you should explicitly set clone-node-max >= 2,
and/or clone-max < number of nodes. In case of node failure,
clone instances need to be re-allocated on surviving nodes.
This would not be possible if there is already an instance
on those nodes, and clone-node-max=1 (which is the default).
When the specified IP address gets assigned to a respective interface, the
resource agent sends unsolicited ARP (Address Resolution Protocol, IPv4) or NA
(Neighbor Advertisement, IPv6) packets to inform neighboring machines about the
change. This functionality is controlled for both IPv4 and IPv6 by shared
'arp_*' parameters.
</longdesc>
<shortdesc lang="en">Manages virtual IPv4 and IPv6 addresses (Linux specific version)</shortdesc>
<parameters>
<parameter name="ip" unique="1" required="1">
<longdesc lang="en">
The IPv4 (dotted quad notation) or IPv6 address (colon hexadecimal notation)
example IPv4 "192.168.1.1".
example IPv6 "2001:db8:DC28:0:0:FC57:D4C8:1FFF".
</longdesc>
<shortdesc lang="en">IPv4 or IPv6 address</shortdesc>
<content type="string" default="" />
</parameter>
<parameter name="nic" unique="0">
<longdesc lang="en">
The base network interface on which the IP address will be brought
online.
If left empty, the script will try and determine this from the
routing table.
Do NOT specify an alias interface in the form eth0:1 or anything here;
rather, specify the base interface only.
If you want a label, see the iflabel parameter.
Prerequisite:
There must be at least one static IP address, which is not managed by
the cluster, assigned to the network interface.
If you can not assign any static IP address on the interface,
modify this kernel parameter:
sysctl -w net.ipv4.conf.all.promote_secondaries=1 # (or per device)
</longdesc>
<shortdesc lang="en">Network interface</shortdesc>
<content type="string"/>
</parameter>
<parameter name="cidr_netmask">
<longdesc lang="en">
The netmask for the interface in CIDR format
(e.g., 24 and not 255.255.255.0)
If unspecified, the script will also try to determine this from the
routing table.
</longdesc>
<shortdesc lang="en">CIDR netmask</shortdesc>
<content type="string" default=""/>
</parameter>
<parameter name="broadcast">
<longdesc lang="en">
Broadcast address associated with the IP. It is possible to use the
special symbols '+' and '-' instead of the broadcast address. In this
case, the broadcast address is derived by setting/resetting the host
bits of the interface prefix.
</longdesc>
<shortdesc lang="en">Broadcast address</shortdesc>
<content type="string" default=""/>
</parameter>
<parameter name="iflabel">
<longdesc lang="en">
You can specify an additional label for your IP address here.
This label is appended to your interface name.
The kernel allows alphanumeric labels up to a maximum length of 15
characters including the interface name and colon (e.g. eth0:foobar1234)
A label can be specified in nic parameter but it is deprecated.
If a label is specified in nic name, this parameter has no effect.
</longdesc>
<shortdesc lang="en">Interface label</shortdesc>
<content type="string" default=""/>
</parameter>
<parameter name="table">
<longdesc lang="en">
Table to use to lookup which interface to use for the IP.
This can be used for policy based routing. See man ip-rule(8).
</longdesc>
<shortdesc lang="en">Table</shortdesc>
<content type="string" default="" />
</parameter>
<parameter name="lvs_support">
<longdesc lang="en">
Enable support for LVS Direct Routing configurations. In case a IP
address is stopped, only move it to the loopback device to allow the
local node to continue to service requests, but no longer advertise it
on the network.
Notes for IPv6:
It is not necessary to enable this option on IPv6.
Instead, enable 'lvs_ipv6_addrlabel' option for LVS-DR usage on IPv6.
</longdesc>
<shortdesc lang="en">Enable support for LVS DR</shortdesc>
<content type="boolean" default="false"/>
</parameter>
<parameter name="lvs_ipv6_addrlabel">
<longdesc lang="en">
Enable adding IPv6 address label so IPv6 traffic originating from
the address's interface does not use this address as the source.
This is necessary for LVS-DR health checks to realservers to work. Without it,
the most recently added IPv6 address (probably the address added by IPaddr2)
will be used as the source address for IPv6 traffic from that interface and
since that address exists on loopback on the realservers, the realserver
response to pings/connections will never leave its loopback.
See RFC3484 for the detail of the source address selection.
See also 'lvs_ipv6_addrlabel_value' parameter.
</longdesc>
<shortdesc lang="en">Enable adding IPv6 address label.</shortdesc>
<content type="boolean" default="false"/>
</parameter>
<parameter name="lvs_ipv6_addrlabel_value">
<longdesc lang="en">
Specify IPv6 address label value used when 'lvs_ipv6_addrlabel' is enabled.
The value should be an unused label in the policy table
which is shown by 'ip addrlabel list' command.
You would rarely need to change this parameter.
</longdesc>
<shortdesc lang="en">IPv6 address label value.</shortdesc>
<content type="integer" default="99"/>
</parameter>
<parameter name="mac">
<longdesc lang="en">
Set the interface MAC address explicitly. Currently only used in case of
the Cluster IP Alias. Leave empty to chose automatically.
</longdesc>
<shortdesc lang="en">Cluster IP MAC address</shortdesc>
<content type="string" default=""/>
</parameter>
<parameter name="clusterip_hash">
<longdesc lang="en">
Specify the hashing algorithm used for the Cluster IP functionality.
</longdesc>
<shortdesc lang="en">Cluster IP hashing function</shortdesc>
<content type="string" default="sourceip-sourceport"/>
</parameter>
<parameter name="unique_clone_address">
<longdesc lang="en">
If true, add the clone ID to the supplied value of IP to create
a unique address to manage
</longdesc>
<shortdesc lang="en">Create a unique address for cloned instances</shortdesc>
<content type="boolean" default="false"/>
</parameter>
<parameter name="arp_interval">
<longdesc lang="en">
Specify the interval between unsolicited ARP (IPv4) or NA (IPv6) packets in
milliseconds.
This parameter is deprecated and used for the backward compatibility only.
It is effective only for the send_arp binary which is built with libnet,
and send_ua for IPv6. It has no effect for other arp_sender.
</longdesc>
<shortdesc lang="en">ARP/NA packet interval in ms (deprecated)</shortdesc>
<content type="integer" default="200"/>
</parameter>
<parameter name="arp_count">
<longdesc lang="en">
Number of unsolicited ARP (IPv4) or NA (IPv6) packets to send at resource
initialization.
</longdesc>
<shortdesc lang="en">ARP/NA packet count sent during initialization</shortdesc>
<content type="integer" default="5"/>
</parameter>
<parameter name="arp_count_refresh">
<longdesc lang="en">
For IPv4, number of unsolicited ARP packets to send during resource monitoring.
Doing so helps mitigate issues of stuck ARP caches resulting from split-brain
situations.
</longdesc>
<shortdesc lang="en">ARP packet count sent during monitoring</shortdesc>
<content type="integer" default="0"/>
</parameter>
<parameter name="arp_bg">
<longdesc lang="en">
Whether or not to send the ARP (IPv4) or NA (IPv6) packets in the background.
The default is true for IPv4 and false for IPv6.
</longdesc>
<shortdesc lang="en">ARP/NA from background</shortdesc>
<content type="string" default=""/>
</parameter>
<parameter name="arp_sender">
<longdesc lang="en">
For IPv4, the program to send ARP packets with on start. Available options are:
- send_arp: default
- ipoibarping: default for infiniband interfaces if ipoibarping is available
- iputils_arping: use arping in iputils package
- libnet_arping: use another variant of arping based on libnet
</longdesc>
<shortdesc lang="en">ARP sender</shortdesc>
<content type="string" default=""/>
</parameter>
<parameter name="send_arp_opts">
<longdesc lang="en">
For IPv4, extra options to pass to the arp_sender program.
Available options are vary depending on which arp_sender is used.
A typical use case is specifying '-A' for iputils_arping to use
ARP REPLY instead of ARP REQUEST as Gratuitous ARPs.
</longdesc>
<shortdesc lang="en">Options for ARP sender</shortdesc>
<content type="string" default=""/>
</parameter>
<parameter name="flush_routes">
<longdesc lang="en">
Flush the routing table on stop. This is for
applications which use the cluster IP address
and which run on the same physical host that the
IP address lives on. The Linux kernel may force that
application to take a shortcut to the local loopback
interface, instead of the interface the address
is really bound to. Under those circumstances, an
application may, somewhat unexpectedly, continue
to use connections for some time even after the
IP address is deconfigured. Set this parameter in
order to immediately disable said shortcut when the
IP address goes away.
</longdesc>
<shortdesc lang="en">Flush kernel routing table on stop</shortdesc>
<content type="boolean" default="false"/>
</parameter>
<parameter name="run_arping">
<longdesc lang="en">
For IPv4, whether or not to run arping for collision detection check.
</longdesc>
<shortdesc lang="en">Run arping for IPv4 collision detection check</shortdesc>
<content type="string" default="false"/>
</parameter>
<parameter name="nodad">
<longdesc lang="en">
For IPv6, do not perform Duplicate Address Detection when adding the address.
</longdesc>
<shortdesc lang="en">Use nodad flag</shortdesc>
<content type="string" default="false"/>
</parameter>
<parameter name="noprefixroute">
<longdesc lang="en">
Use noprefixroute flag (see 'man ip-address').
</longdesc>
<shortdesc lang="en">Use noprefixroute flag</shortdesc>
<content type="string" default="false"/>
</parameter>
<parameter name="preferred_lft">
<longdesc lang="en">
For IPv6, set the preferred lifetime of the IP address.
This can be used to ensure that the created IP address will not
be used as a source address for routing.
Expects a value as specified in section 5.5.4 of RFC 4862.
</longdesc>
<shortdesc lang="en">IPv6 preferred lifetime</shortdesc>
<content type="string" default="forever"/>
</parameter>
<parameter name="network_namespace">
<longdesc lang="en">
Specifies the network namespace to operate within.
The namespace must already exist, and the interface to be used must be within
the namespace.
</longdesc>
<shortdesc lang="en">Network namespace to use</shortdesc>
<content type="string" default=""/>
</parameter>
</parameters>
<actions>
<action name="start" timeout="20s" />
<action name="stop" timeout="20s" />
<action name="status" depth="0" timeout="20s" interval="10s" />
<action name="monitor" depth="0" timeout="20s" interval="10s" />
<action name="meta-data" timeout="5s" />
<action name="validate-all" timeout="20s" />
</actions>
</resource-agent>
Testing: validate-all
Checking current state
Testing: stop
INFO: IP status = ok, IP_CIP=
Testing: monitor
Testing: monitor
ocf-exit-reason:Setup problem: couldn't find command: ip
Testing: start
INFO: Adding inet address 10.10.62.87/24 with broadcast address 10.10.62.255 to device ens192
INFO: Bringing device ens192 up
INFO: /usr/libexec/heartbeat/send_arp -i 200 -r 5 -p /run/resource-agents/send_arp-10.10.62.87 ens192 10.10.62.87 auto not_used not_used
Testing: monitor
Testing: monitor
Testing: notify
usage: /usr/lib/ocf/resource.d/heartbeat/IPaddr2 {start|stop|status|monitor|validate-all|meta-data}
Expects to have a fully populated OCF RA-compliant environment set.
* Your agent does not support the notify action (optional)
Checking for demote action
usage: /usr/lib/ocf/resource.d/heartbeat/IPaddr2 {start|stop|status|monitor|validate-all|meta-data}
Expects to have a fully populated OCF RA-compliant environment set.
* Your agent does not support the demote action (optional)
Checking for promote action
usage: /usr/lib/ocf/resource.d/heartbeat/IPaddr2 {start|stop|status|monitor|validate-all|meta-data}
Expects to have a fully populated OCF RA-compliant environment set.
* Your agent does not support the promote action (optional)
* Your agent does not support promotable clones (optional)
Testing: stop
INFO: IP status = ok, IP_CIP=
Testing: monitor
Restarting resource...
INFO: Adding inet address 10.10.62.87/24 with broadcast address 10.10.62.255 to device ens192
INFO: Bringing device ens192 up
INFO: /usr/libexec/heartbeat/send_arp -i 200 -r 5 -p /run/resource-agents/send_arp-10.10.62.87 ens192 10.10.62.87 auto not_used not_used
Testing: monitor
Testing: starting a started resource
Testing: monitor
Stopping resource
INFO: IP status = ok, IP_CIP=
Testing: monitor
Testing: stopping a stopped resource
INFO: IP status = no, IP_CIP=
Testing: monitor
Checking for migrate_to action
usage: /usr/lib/ocf/resource.d/heartbeat/IPaddr2 {start|stop|status|monitor|validate-all|meta-data}
Expects to have a fully populated OCF RA-compliant environment set.
Checking for reload action
usage: /usr/lib/ocf/resource.d/heartbeat/IPaddr2 {start|stop|status|monitor|validate-all|meta-data}
Expects to have a fully populated OCF RA-compliant environment set.
* Your agent does not support the reload action (optional)
/usr/lib/ocf/resource.d/heartbeat/IPaddr2 passed all tests
Nov 24 17:20:03 INFO: ARPING 10.10.62.87 from 10.10.62.87 ens192
Sent 5 probes (5 broadcast(s))
Received 0 response(s)
Nov 24 17:20:04 INFO: ARPING 10.10.62.87 from 10.10.62.87 ens192
Sent 5 probes (5 broadcast(s))
Received 0 response(s)
Grazie
Fabrizio
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clusterlabs.org/pipermail/users/attachments/20231124/dc39ec40/attachment-0001.htm>
More information about the Users
mailing list