On Thu, May 10, 2018 at 12:15 AM, Han Zhou <zhou...@gmail.com> wrote:
> Thanks Ali for the quick patch. Please see my comments inline. > > On Wed, May 9, 2018 at 9:30 AM, aginwala <aginw...@asu.edu> wrote: > > > > Thanks Han and Numan for the clarity to help sort it out. > > > > For making vip work with using LB in my two node setup, I had changed > below code to skip setting master IP when creating pcs resource for ovndbs > and listen on 0.0.0.0 instead. Hence, the discussion seems inline with the > code change which is small for sure as below: > > > > > > diff --git a/ovn/utilities/ovndb-servers.ocf > b/ovn/utilities/ovndb-servers.ocf > > index 164b6bc..d4c9ad7 100755 > > --- a/ovn/utilities/ovndb-servers.ocf > > +++ b/ovn/utilities/ovndb-servers.ocf > > @@ -295,8 +295,8 @@ ovsdb_server_start() { > > > > set ${OVN_CTL} > > > > - set $@ --db-nb-addr=${MASTER_IP} --db-nb-port=${NB_MASTER_PORT} > > - set $@ --db-sb-addr=${MASTER_IP} --db-sb-port=${SB_MASTER_PORT} > > + set $@ --db-nb-port=${NB_MASTER_PORT} > > + set $@ --db-sb-port=${SB_MASTER_PORT} > > > > if [ "x${NB_MASTER_PROTO}" = xtcp ]; then > > set $@ --db-nb-create-insecure-remote=yes > > > > This change solves the IP binding problem. It will just listen on 0.0.0.0. > One problem with this approach I see is that it would listen on all the IPs. May be it's not a good idea and may have some security issues. Can we instead check the value of MASTER_IP param something like below ? if [ "$MASTER_IP" == "0.0.0.0" ]; then set $@ --db-nb-addr=${MASTER_IP} --db-nb-port=${NB_MASTER_PORT} set $@ --db-sb-addr=${MASTER_IP} --db-sb-port=${SB_MASTER_PORT} else set $@ --db-nb-port=${NB_MASTER_PORT} set $@ --db-sb-port=${SB_MASTER_PORT} fi And when you create OVN pacemaker resource in your deployment, you can pass master_ip=0.0.0.0 Will this work ? Thanks Numan However, another problem is that we should let LB to do health check with > TCP port, and point only to the master. This requires that standby NB/SBs > do not listen on the same TCP ports, so we can make one more change so that > if the NB/SB is on slave, they start with unix socket only. > > > > > Results: > > # accessing via LB VIP > > ovn-nbctl --db=tcp:10.149.7.56:6641 show > > switch bb130c99-a00d-43cf-b40a-9c6fb1df5ed7 (ls666) > > ovn-nbctl --db=tcp:10.149.7.56:6641 ls-add ls55 > > # accessing via active node pool member > > root@test-pace2-2365308:~# ovn-nbctl --db=tcp:10.169.129.33:6641 show > > switch bb130c99-a00d-43cf-b40a-9c6fb1df5ed7 (ls666) > > switch 41922d23-3430-436d-b67a-00422367a653 (ls55) > > # accessing using standby node pool member > > root@test-pace2-2365308:~# ovn-nbctl --db=tcp:10.169.129.33:6641 ls-add > lss2222 > > ovn-nbctl: transaction error: {"details":"insert operation not allowed > when database serv > > # using connect string and skip using VIP resource just for reading db > and not for writing. > > ovn-nbctl --db=tcp:10.169.129.34:6641,tcp:10.169.129.33:6641 show > > > > I am pointing northd and ovn-controller to the db vip which works as > expected too. > > > > For northd, we can use local unix socket too which is valid as I have > tested both ways by keeping it running on both nodes. I think its just a > personal pref to use vip or unix socket as both are valid for northd. I > think that we might need to update the documentation too with above details. > > > > I will send a formal patch along with documentation update. Let me know > if there are other suggestions too in case anything is missed. > > > > > > Regards, > > Aliasgar > > > >
_______________________________________________ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss