Re: [ClusterLabs] Fencing questions

2019-05-09 Thread Klaus Wenninger 
On 5/9/19 1:03 PM, Lopez, Francisco Javier [Global IT] wrote:
> Good day guys !
>
> I'm implementing fencing in my two node cluster with this detail:
>
> - fence_vmware_soap
> - PostgreSql release 10.X
> - CentOS 7.X
>
> As far as I know, to create the resources, I can use two different ways:
>
> - Create only one resource for both nodes, following this way:
>
>   # pcs -f stonith_cfg stonith create fence_nodes \
>   fence_vmware_soap \
>   ipaddr= \
>   ssl_insecure=1 \
>   login="" \
>   passwd="" \
>   action=reboot \
>   pcmk_host_list="node_01,node_02" \
>   power_wait=3 op monitor interval=60s
>
> - Create two different resources, one for each node, following this way:
>
>   # pcs -f stonith_cfg stonith create fence_node_01 \
>   fence_vmware_soap  \
>   ipaddr= \
>   ssl_insecure=1 \
>   login="" \
>   passwd="" \
>   action=reboot \
>   pcmk_host_list="node_01" \
>   power_wait=3 op monitor interval=60s
>
>   # pcs -f stonith_cfg stonith create fence_node_02 \
>   fence_vmware_soap  \
>   ipaddr= \
>   ssl_insecure=1 \
>   login="" \
>   passwd="" \
>   action=reboot \
>   pcmk_host_list="node_02" \
>   power_wait=3 op monitor interval=60s
>
>   With this method I understand I will have to add some constraints, etc.
>
> Said this, my questions are:
>
> - Which are the differences among them ? (if any).
> - Is there any recommended option and why ?
For your 2-node-cluster there might be a definite reason why you'd
like to have 2 fence-resources as to prevent fence-races when both
are still alive but just don't see each other. If you make one
wait a little longer to fence you can determine which one would
rather win.
If the aim is just to prevent that they fence each other at the same
time introduction of a random delay should be fine as well.
(That is pcmk_delay_max and if you want to further tailor the delay
with astatic delay component you can use pcmk_delay_base on top.)

Klaus
>
> Regards
> Javier
> Francisco Javier​     Lopez
>
> IT System Engineer |  Global IT
>
> O: *+34 619 728 249*    | 
> M: *+34 619 728 249*    | 
>   *franciscojavier.lo...@solera.com*
>   |  *Solera.com*
> 
>
> Audatex Datos, S.A.    | 
> Avda. de Bruselas, 36, Salida 16, A‑1 (Diversia)  ,   Alcobendas  
> , 
> Madrid,   28108   ,   Spain
>
>  
>
>
> 
>
> " Este e-mail y sus archivos adjuntos son confidenciales y están
> dirigidos exclusivamente a la(s) persona(s) destinataria prevista. Si
> ha recibido este mensaje por error, por favor, notifique
> inmediatamente al remitente y elimine este mensaje. La empresa no
> firma contratos por e-mail y todas las negociaciones están sujetas a
> la firma de un contrato por escrito.
>
> This e-mail and any attached files are confidential and intended for
> the named addressee(s) only. If you have received this message in
> error, please notify the sender and delete the email immediately. The
> company does not conclude contracts by email and all negotiations are
> subject to written contract. "
>
> ___
> Manage your subscription:
> https://lists.clusterlabs.org/mailman/listinfo/users
>
> ClusterLabs home: https://www.clusterlabs.org/

___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

[ClusterLabs] Fencing questions

2019-05-09 Thread Lopez, Francisco Javier [Global IT] 
Good day guys !

I'm implementing fencing in my two node cluster with this detail:

- fence_vmware_soap
- PostgreSql release 10.X
- CentOS 7.X

As far as I know, to create the resources, I can use two different ways:

- Create only one resource for both nodes, following this way:

  # pcs -f stonith_cfg stonith create fence_nodes \
  fence_vmware_soap \
  ipaddr= \
  ssl_insecure=1 \
  login="" \
  passwd="" \
  action=reboot \
  pcmk_host_list="node_01,node_02" \
  power_wait=3 op monitor interval=60s

- Create two different resources, one for each node, following this way:

  # pcs -f stonith_cfg stonith create fence_node_01 \
  fence_vmware_soap  \
  ipaddr= \
  ssl_insecure=1 \
  login="" \
  passwd="" \
  action=reboot \
  pcmk_host_list="node_01" \
  power_wait=3 op monitor interval=60s

  # pcs -f stonith_cfg stonith create fence_node_02 \
  fence_vmware_soap  \
  ipaddr= \
  ssl_insecure=1 \
  login="" \
  passwd="" \
  action=reboot \
  pcmk_host_list="node_02" \
  power_wait=3 op monitor interval=60s

  With this method I understand I will have to add some constraints, etc.

Said this, my questions are:

- Which are the differences among them ? (if any).
- Is there any recommended option and why ?

Regards
Javier
Francisco Javier​   Lopez

IT System Engineer   |  Global IT

O: +34 619 728 249|  M: +34 619 728 
249|

franciscojavier.lo...@solera.com   
 |  Solera.com

Audatex Datos, S.A.  |  Avda. de Bruselas, 36, Salida 16, A‑1 
(Diversia),   Alcobendas  ,   Madrid  ,   28108   , 
  Spain


[cid:image660500.png@443BEB68.0955AF5D]






" Este e-mail y sus archivos adjuntos son confidenciales y están dirigidos 
exclusivamente a la(s) persona(s) destinataria prevista. Si ha recibido este 
mensaje por error, por favor, notifique inmediatamente al remitente y elimine 
este mensaje. La empresa no firma contratos por e-mail y todas las 
negociaciones están sujetas a la firma de un contrato por escrito.

This e-mail and any attached files are confidential and intended for the named 
addressee(s) only. If you have received this message in error, please notify 
the sender and delete the email immediately. The company does not conclude 
contracts by email and all negotiations are subject to written contract. "
___
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

Re: [ClusterLabs] Fencing questions.

2015-10-20 Thread Jan Pokorný 
On 19/10/15 10:51 -0400, Digimer wrote:
> On 19/10/15 06:53 AM, Arjun Pandey wrote:
>> 2. Fencing test cases.
>>  Based on the internet queries i could find , apart from plugging out
>> the dedicated cable. The only other case suggested is killing corosync
>> process on one of the nodes.
>> Are there any other basic cases that i should look at ?
>> What about bring up interface down manually ? I understand that this is
>> an unlikely scenario but i am just looking for more ways to test this out.

Recurring topic, for instance:
http://clusterlabs.org/pipermail/users/2015-October/001567.html
(scroll down under second item)

As a corollary, you should make sure this scenario is indeed unlikely
(e.g., because of NetworkManager activity).
 
[...]

>> 4. Fencing agent to be used (fence_ipmilan vs fence_ilo4)
>> Also for ILO fencing i see fence_ilo4 and fence_ipmilan both available.
>> I had been using fence_ilo4 till now. 
> 
> Which ever works is fine. I believe a lot of the fence_X out-of-band
> agents are actually just links to fence_ipmilan, but I might be wrong.

Correct; for instance, see the description above the following
table/anchor:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Cluster_Administration/ap-fence-device-param-CA.html#tb-software-fence-ipmi-CA
+
https://github.com/ClusterLabs/fence-agents/blob/v4.0.21/fence/agents/ipmilan/fence_ipmilan.py#L147

Similar to fence_ilo + fence_ilo2:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Cluster_Administration/ap-fence-device-param-CA.html#tb-software-fence-hpilo-CA
+
https://github.com/ClusterLabs/fence-agents/blob/v4.0.21/fence/agents/ilo/fence_ilo.py#L88

Also note that there can be sophistication on top of plain duplication;
some default parameters can be internally adjusted as per how the
agent is invoked:
https://github.com/ClusterLabs/fence-agents/blob/v4.0.21/fence/agents/ipmilan/fence_ipmilan.py#L130

-- 
Jan (Poki)


pgpXsmgCbgEoo.pgp
Description: PGP signature
___
Users mailing list: Users@clusterlabs.org
http://clusterlabs.org/mailman/listinfo/users

Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org

Re: [ClusterLabs] Fencing questions.

2015-10-19 Thread Digimer 
On 19/10/15 06:53 AM, Arjun Pandey wrote:
> Hi
> 
> I am running a 2 node cluster with this config on centos 6.5/6.6  where

It's important to keep both nodes on the same minor version,
particularly in this case. Please either upgrade centos 6.5 to 6.6 or
both to 6.7.

> i have a multi-state resource foo being run in master/slave mode and  a
> bunch of floating IP addresses configured. Additionally i have
> a collocation constraint for the IP addr to be collocated with the master.
> 
> Please find the following files attached 
> cluster.conf
> CIB

It's preferable on a mailing list to copy the text into the body of the
message. Easier to read.

> Issues that i have :-
> 1. Daemons required for fencing
> Earlier we were invoking cman start quorum from pacemaker script which
> ensured that fenced / gfs and other daemons are not started. This was ok
> since fencing wasn't being handled earlier.

The cman fencing is simply a pass-through to pacemaker. When pacemaker
tells cman that fencing succeeded, it inform DLM and begins cleanup.

> For fencing purpose do we only need the fenced to be started ?  We don't
> have any gfs partitions that we want to monitor via pacemaker. My
> concern here is that if i use the unmodified script then pacemaker start
> time increases significantly. I see a difference of 60 sec from the
> earlier startup before service pacemaker status shows up as started.

Don't start fenced manually, just start pacemaker and let it handle
everything. Ideally, use the pcs command (and pcsd daemon on the nodes)
to start/stop the cluster, but you'll need to upgrade to 6.7.

> 2. Fencing test cases.
>  Based on the internet queries i could find , apart from plugging out
> the dedicated cable. The only other case suggested is killing corosync
> process on one of the nodes.
> Are there any other basic cases that i should look at ?
> What about bring up interface down manually ? I understand that this is
> an unlikely scenario but i am just looking for more ways to test this out.

echo c > /proc/sysrq-trigger == kernel panic. It's my preferred test.
Also, killing the power to the node will cause IPMI to fail and will
test your backup fence method, if you have it, or ensure the cluster
locks up if you don't (better to hang than to risk corruption).

> 3. Testing whether fencing is working or not.
> Previously i have been using fence_ilo4 from the shell to test whether
> the command is working. I was assuming that similar invocation would be
> done by stonith when actual fencing needs to be done. 
> 
> However based on other threads i could find people also use fence_tool
>  to try this out. According to me this tests out whether
> fencing when invoked by fenced for a particular node succeeds or not. Is
> that valid ? 

Fence tool is just a command to control the cluster's fencing. The
fence_X agents do the actual work.

> Since we are configuring fence_pcmk as the fence device the flow of
> things is 
> fenced -> fence_pcmk -> stonith -> fence agent.

Basically correct.

> 4. Fencing agent to be used (fence_ipmilan vs fence_ilo4)
> Also for ILO fencing i see fence_ilo4 and fence_ipmilan both available.
> I had been using fence_ilo4 till now. 

Which ever works is fine. I believe a lot of the fence_X out-of-band
agents are actually just links to fence_ipmilan, but I might be wrong.

> I think this mail has multiple questions and i will probably send out
> another mail for a few issues i see after fencing takes place. 
> 
> Thanks in advance
> Arjun
> 
> 
> ___
> Users mailing list: Users@clusterlabs.org
> http://clusterlabs.org/mailman/listinfo/users
> 
> Project Home: http://www.clusterlabs.org
> Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> Bugs: http://bugs.clusterlabs.org
> 


-- 
Digimer
Papers and Projects: https://alteeve.ca/w/
What if the cure for cancer is trapped in the mind of a person without
access to education?

___
Users mailing list: Users@clusterlabs.org
http://clusterlabs.org/mailman/listinfo/users

Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org