[ClusterLabs] ocf test IPaddr2
Oyvind Albrigtsen
oalbrigt at redhat.com
Mon Nov 27 05:03:51 EST 2023
It would fail if the find interface function doesnt find the
interface for the IP, but in this case you've specified netmask and
nic, so it wont fail that test.
You can use it with the ocf:pacemaker:ping agent which will fail if
the IP is unreachable.
Oyvind
On 24/11/23 17:09 +0000, Fabrizio Lombardozzi wrote:
>Hi all,
>is it normal that test is always passed even with a non used IP?
>
>[root at ...~]# ping 10.10.62.87
>PING 10.10.62.87 (10.10.62.87) 56(84) bytes of data.
>From 10.10.62.83 icmp_seq=1 Destination Host Unreachable
>From 10.10.62.83 icmp_seq=2 Destination Host Unreachable
>From 10.10.62.83 icmp_seq=3 Destination Host Unreachable
>^C
>--- 10.10.62.87 ping statistics ---
>4 packets transmitted, 0 received, +3 errors, 100% packet loss, time 3067ms
>pipe 4
>[root at rmslv-sam-cs9-coll01 ~]# arp 10.10.62.87
>Address HWtype HWaddress Flags Mask Iface
>10.10.62.87 (incomplete) ens192
>
>is this the right syntax?
>[root at ... ~]# ocf-tester -n VirtualIP -o ip=10.10.62.87 -o cidr_netmask=24 -o nic=ens192 /usr/lib/ocf/resource.d/heartbeat/IPaddr2
>Beginning tests for /usr/lib/ocf/resource.d/heartbeat/IPaddr2...
>* Your agent does not support the notify action (optional)
>* Your agent does not support the demote action (optional)
>* Your agent does not support the promote action (optional)
>* Your agent does not support promotable clones (optional)
>* Your agent does not support the reload action (optional)
>/usr/lib/ocf/resource.d/heartbeat/IPaddr2 passed all tests
>
>
>here is the verbose output:
>
>[root at ... ~]# ocf-tester -v -n VirtualIP -o ip=10.10.62.87 -o cidr_netmask=24 -o nic=ens192 /usr/lib/ocf/resource.d/heartbeat/IPaddr2
>Beginning tests for /usr/lib/ocf/resource.d/heartbeat/IPaddr2...
>Testing permissions with uid nobody
>Testing: meta-data
>Testing: meta-data
><?xml version="1.0"?>
><!DOCTYPE resource-agent SYSTEM "ra-api-1.dtd">
><resource-agent name="IPaddr2" version="1.0">
><version>1.0</version>
>
><longdesc lang="en">
>This Linux-specific resource manages IP alias IP addresses.
>It can add an IP alias, or remove one.
>In addition, it can implement Cluster Alias IP functionality
>if invoked as a clone resource.
>
>If used as a clone, "shared address with a trivial, stateless
>(autonomous) load-balancing/mutual exclusion on ingress" mode gets
>applied (as opposed to "assume resource uniqueness" mode otherwise).
>For that, Linux firewall (kernel and userspace) is assumed, and since
>recent distributions are ambivalent in plain "iptables" command to
>particular back-end resolution, "iptables-legacy" (when present) gets
>prioritized so as to avoid incompatibilities (note that respective
>ipt_CLUSTERIP firewall extension in use here is, at the same time,
>marked deprecated, yet said "legacy" layer can make it workable,
>literally, to this day) with "netfilter" one (as in "iptables-nft").
>In that case, you should explicitly set clone-node-max >= 2,
>and/or clone-max < number of nodes. In case of node failure,
>clone instances need to be re-allocated on surviving nodes.
>This would not be possible if there is already an instance
>on those nodes, and clone-node-max=1 (which is the default).
>
>When the specified IP address gets assigned to a respective interface, the
>resource agent sends unsolicited ARP (Address Resolution Protocol, IPv4) or NA
>(Neighbor Advertisement, IPv6) packets to inform neighboring machines about the
>change. This functionality is controlled for both IPv4 and IPv6 by shared
>'arp_*' parameters.
></longdesc>
>
><shortdesc lang="en">Manages virtual IPv4 and IPv6 addresses (Linux specific version)</shortdesc>
>
><parameters>
><parameter name="ip" unique="1" required="1">
><longdesc lang="en">
>The IPv4 (dotted quad notation) or IPv6 address (colon hexadecimal notation)
>example IPv4 "192.168.1.1".
>example IPv6 "2001:db8:DC28:0:0:FC57:D4C8:1FFF".
></longdesc>
><shortdesc lang="en">IPv4 or IPv6 address</shortdesc>
><content type="string" default="" />
></parameter>
><parameter name="nic" unique="0">
><longdesc lang="en">
>The base network interface on which the IP address will be brought
>online.
>If left empty, the script will try and determine this from the
>routing table.
>
>Do NOT specify an alias interface in the form eth0:1 or anything here;
>rather, specify the base interface only.
>If you want a label, see the iflabel parameter.
>
>Prerequisite:
>
>There must be at least one static IP address, which is not managed by
>the cluster, assigned to the network interface.
>If you can not assign any static IP address on the interface,
>modify this kernel parameter:
>
>sysctl -w net.ipv4.conf.all.promote_secondaries=1 # (or per device)
></longdesc>
><shortdesc lang="en">Network interface</shortdesc>
><content type="string"/>
></parameter>
>
><parameter name="cidr_netmask">
><longdesc lang="en">
>The netmask for the interface in CIDR format
>(e.g., 24 and not 255.255.255.0)
>
>If unspecified, the script will also try to determine this from the
>routing table.
></longdesc>
><shortdesc lang="en">CIDR netmask</shortdesc>
><content type="string" default=""/>
></parameter>
>
><parameter name="broadcast">
><longdesc lang="en">
>Broadcast address associated with the IP. It is possible to use the
>special symbols '+' and '-' instead of the broadcast address. In this
>case, the broadcast address is derived by setting/resetting the host
>bits of the interface prefix.
></longdesc>
><shortdesc lang="en">Broadcast address</shortdesc>
><content type="string" default=""/>
></parameter>
>
><parameter name="iflabel">
><longdesc lang="en">
>You can specify an additional label for your IP address here.
>This label is appended to your interface name.
>
>The kernel allows alphanumeric labels up to a maximum length of 15
>characters including the interface name and colon (e.g. eth0:foobar1234)
>
>A label can be specified in nic parameter but it is deprecated.
>If a label is specified in nic name, this parameter has no effect.
></longdesc>
><shortdesc lang="en">Interface label</shortdesc>
><content type="string" default=""/>
></parameter>
>
><parameter name="table">
><longdesc lang="en">
>Table to use to lookup which interface to use for the IP.
>
>This can be used for policy based routing. See man ip-rule(8).
></longdesc>
><shortdesc lang="en">Table</shortdesc>
><content type="string" default="" />
></parameter>
>
><parameter name="lvs_support">
><longdesc lang="en">
>Enable support for LVS Direct Routing configurations. In case a IP
>address is stopped, only move it to the loopback device to allow the
>local node to continue to service requests, but no longer advertise it
>on the network.
>
>Notes for IPv6:
>It is not necessary to enable this option on IPv6.
>Instead, enable 'lvs_ipv6_addrlabel' option for LVS-DR usage on IPv6.
></longdesc>
><shortdesc lang="en">Enable support for LVS DR</shortdesc>
><content type="boolean" default="false"/>
></parameter>
>
><parameter name="lvs_ipv6_addrlabel">
><longdesc lang="en">
>Enable adding IPv6 address label so IPv6 traffic originating from
>the address's interface does not use this address as the source.
>This is necessary for LVS-DR health checks to realservers to work. Without it,
>the most recently added IPv6 address (probably the address added by IPaddr2)
>will be used as the source address for IPv6 traffic from that interface and
>since that address exists on loopback on the realservers, the realserver
>response to pings/connections will never leave its loopback.
>See RFC3484 for the detail of the source address selection.
>
>See also 'lvs_ipv6_addrlabel_value' parameter.
></longdesc>
><shortdesc lang="en">Enable adding IPv6 address label.</shortdesc>
><content type="boolean" default="false"/>
></parameter>
>
><parameter name="lvs_ipv6_addrlabel_value">
><longdesc lang="en">
>Specify IPv6 address label value used when 'lvs_ipv6_addrlabel' is enabled.
>The value should be an unused label in the policy table
>which is shown by 'ip addrlabel list' command.
>You would rarely need to change this parameter.
></longdesc>
><shortdesc lang="en">IPv6 address label value.</shortdesc>
><content type="integer" default="99"/>
></parameter>
>
><parameter name="mac">
><longdesc lang="en">
>Set the interface MAC address explicitly. Currently only used in case of
>the Cluster IP Alias. Leave empty to chose automatically.
>
></longdesc>
><shortdesc lang="en">Cluster IP MAC address</shortdesc>
><content type="string" default=""/>
></parameter>
>
><parameter name="clusterip_hash">
><longdesc lang="en">
>Specify the hashing algorithm used for the Cluster IP functionality.
>
></longdesc>
><shortdesc lang="en">Cluster IP hashing function</shortdesc>
><content type="string" default="sourceip-sourceport"/>
></parameter>
>
><parameter name="unique_clone_address">
><longdesc lang="en">
>If true, add the clone ID to the supplied value of IP to create
>a unique address to manage
></longdesc>
><shortdesc lang="en">Create a unique address for cloned instances</shortdesc>
><content type="boolean" default="false"/>
></parameter>
>
><parameter name="arp_interval">
><longdesc lang="en">
>Specify the interval between unsolicited ARP (IPv4) or NA (IPv6) packets in
>milliseconds.
>
>This parameter is deprecated and used for the backward compatibility only.
>It is effective only for the send_arp binary which is built with libnet,
>and send_ua for IPv6. It has no effect for other arp_sender.
></longdesc>
><shortdesc lang="en">ARP/NA packet interval in ms (deprecated)</shortdesc>
><content type="integer" default="200"/>
></parameter>
>
><parameter name="arp_count">
><longdesc lang="en">
>Number of unsolicited ARP (IPv4) or NA (IPv6) packets to send at resource
>initialization.
></longdesc>
><shortdesc lang="en">ARP/NA packet count sent during initialization</shortdesc>
><content type="integer" default="5"/>
></parameter>
>
><parameter name="arp_count_refresh">
><longdesc lang="en">
>For IPv4, number of unsolicited ARP packets to send during resource monitoring.
>Doing so helps mitigate issues of stuck ARP caches resulting from split-brain
>situations.
></longdesc>
><shortdesc lang="en">ARP packet count sent during monitoring</shortdesc>
><content type="integer" default="0"/>
></parameter>
>
><parameter name="arp_bg">
><longdesc lang="en">
>Whether or not to send the ARP (IPv4) or NA (IPv6) packets in the background.
>The default is true for IPv4 and false for IPv6.
></longdesc>
><shortdesc lang="en">ARP/NA from background</shortdesc>
><content type="string" default=""/>
></parameter>
>
><parameter name="arp_sender">
><longdesc lang="en">
>For IPv4, the program to send ARP packets with on start. Available options are:
> - send_arp: default
> - ipoibarping: default for infiniband interfaces if ipoibarping is available
> - iputils_arping: use arping in iputils package
> - libnet_arping: use another variant of arping based on libnet
></longdesc>
><shortdesc lang="en">ARP sender</shortdesc>
><content type="string" default=""/>
></parameter>
>
><parameter name="send_arp_opts">
><longdesc lang="en">
>For IPv4, extra options to pass to the arp_sender program.
>Available options are vary depending on which arp_sender is used.
>
>A typical use case is specifying '-A' for iputils_arping to use
>ARP REPLY instead of ARP REQUEST as Gratuitous ARPs.
></longdesc>
><shortdesc lang="en">Options for ARP sender</shortdesc>
><content type="string" default=""/>
></parameter>
>
><parameter name="flush_routes">
><longdesc lang="en">
>Flush the routing table on stop. This is for
>applications which use the cluster IP address
>and which run on the same physical host that the
>IP address lives on. The Linux kernel may force that
>application to take a shortcut to the local loopback
>interface, instead of the interface the address
>is really bound to. Under those circumstances, an
>application may, somewhat unexpectedly, continue
>to use connections for some time even after the
>IP address is deconfigured. Set this parameter in
>order to immediately disable said shortcut when the
>IP address goes away.
></longdesc>
><shortdesc lang="en">Flush kernel routing table on stop</shortdesc>
><content type="boolean" default="false"/>
></parameter>
>
><parameter name="run_arping">
><longdesc lang="en">
>For IPv4, whether or not to run arping for collision detection check.
></longdesc>
><shortdesc lang="en">Run arping for IPv4 collision detection check</shortdesc>
><content type="string" default="false"/>
></parameter>
>
><parameter name="nodad">
><longdesc lang="en">
>For IPv6, do not perform Duplicate Address Detection when adding the address.
></longdesc>
><shortdesc lang="en">Use nodad flag</shortdesc>
><content type="string" default="false"/>
></parameter>
>
><parameter name="noprefixroute">
><longdesc lang="en">
>Use noprefixroute flag (see 'man ip-address').
></longdesc>
><shortdesc lang="en">Use noprefixroute flag</shortdesc>
><content type="string" default="false"/>
></parameter>
>
><parameter name="preferred_lft">
><longdesc lang="en">
>For IPv6, set the preferred lifetime of the IP address.
>This can be used to ensure that the created IP address will not
>be used as a source address for routing.
>Expects a value as specified in section 5.5.4 of RFC 4862.
></longdesc>
><shortdesc lang="en">IPv6 preferred lifetime</shortdesc>
><content type="string" default="forever"/>
></parameter>
>
><parameter name="network_namespace">
><longdesc lang="en">
>Specifies the network namespace to operate within.
>The namespace must already exist, and the interface to be used must be within
>the namespace.
></longdesc>
><shortdesc lang="en">Network namespace to use</shortdesc>
><content type="string" default=""/>
></parameter>
></parameters>
>
><actions>
><action name="start" timeout="20s" />
><action name="stop" timeout="20s" />
><action name="status" depth="0" timeout="20s" interval="10s" />
><action name="monitor" depth="0" timeout="20s" interval="10s" />
><action name="meta-data" timeout="5s" />
><action name="validate-all" timeout="20s" />
></actions>
></resource-agent>
>Testing: validate-all
>Checking current state
>Testing: stop
>INFO: IP status = ok, IP_CIP=
>Testing: monitor
>Testing: monitor
>ocf-exit-reason:Setup problem: couldn't find command: ip
>Testing: start
>INFO: Adding inet address 10.10.62.87/24 with broadcast address 10.10.62.255 to device ens192
>INFO: Bringing device ens192 up
>INFO: /usr/libexec/heartbeat/send_arp -i 200 -r 5 -p /run/resource-agents/send_arp-10.10.62.87 ens192 10.10.62.87 auto not_used not_used
>Testing: monitor
>Testing: monitor
>Testing: notify
>usage: /usr/lib/ocf/resource.d/heartbeat/IPaddr2 {start|stop|status|monitor|validate-all|meta-data}
>
>Expects to have a fully populated OCF RA-compliant environment set.
>* Your agent does not support the notify action (optional)
>Checking for demote action
>usage: /usr/lib/ocf/resource.d/heartbeat/IPaddr2 {start|stop|status|monitor|validate-all|meta-data}
>
>Expects to have a fully populated OCF RA-compliant environment set.
>* Your agent does not support the demote action (optional)
>Checking for promote action
>usage: /usr/lib/ocf/resource.d/heartbeat/IPaddr2 {start|stop|status|monitor|validate-all|meta-data}
>
>Expects to have a fully populated OCF RA-compliant environment set.
>* Your agent does not support the promote action (optional)
>* Your agent does not support promotable clones (optional)
>Testing: stop
>INFO: IP status = ok, IP_CIP=
>Testing: monitor
>Restarting resource...
>INFO: Adding inet address 10.10.62.87/24 with broadcast address 10.10.62.255 to device ens192
>INFO: Bringing device ens192 up
>INFO: /usr/libexec/heartbeat/send_arp -i 200 -r 5 -p /run/resource-agents/send_arp-10.10.62.87 ens192 10.10.62.87 auto not_used not_used
>Testing: monitor
>Testing: starting a started resource
>Testing: monitor
>Stopping resource
>INFO: IP status = ok, IP_CIP=
>Testing: monitor
>Testing: stopping a stopped resource
>INFO: IP status = no, IP_CIP=
>Testing: monitor
>Checking for migrate_to action
>usage: /usr/lib/ocf/resource.d/heartbeat/IPaddr2 {start|stop|status|monitor|validate-all|meta-data}
>
>Expects to have a fully populated OCF RA-compliant environment set.
>Checking for reload action
>usage: /usr/lib/ocf/resource.d/heartbeat/IPaddr2 {start|stop|status|monitor|validate-all|meta-data}
>
>Expects to have a fully populated OCF RA-compliant environment set.
>* Your agent does not support the reload action (optional)
>/usr/lib/ocf/resource.d/heartbeat/IPaddr2 passed all tests
>Nov 24 17:20:03 INFO: ARPING 10.10.62.87 from 10.10.62.87 ens192
>Sent 5 probes (5 broadcast(s))
>Received 0 response(s)
>Nov 24 17:20:04 INFO: ARPING 10.10.62.87 from 10.10.62.87 ens192
>Sent 5 probes (5 broadcast(s))
>Received 0 response(s)
>
> Grazie
>Fabrizio
>
>_______________________________________________
>Manage your subscription:
>https://lists.clusterlabs.org/mailman/listinfo/users
>
>ClusterLabs home: https://www.clusterlabs.org/
More information about the Users
mailing list