On Thu, May 10, 2018 at 12:15 AM, Han Zhou <zhou...@gmail.com> wrote:
> Thanks Ali for the quick patch. Please see my comments inline.
>
> On Wed, May 9, 2018 at 9:30 AM, aginwala <aginw...@asu.edu> wrote:
> >
> > Thanks Han and Numan for the clarity to help sort it out.
> >
> > For making vip work with using LB in my two node setup, I had changed
> below code to skip setting master IP when creating pcs resource for ovndbs
> and listen on 0.0.0.0 instead. Hence, the discussion seems inline with the
> code change which is small for sure as below:
> >
> >
> > diff --git a/ovn/utilities/ovndb-servers.ocf
> b/ovn/utilities/ovndb-servers.ocf
> > index 164b6bc..d4c9ad7 100755
> > --- a/ovn/utilities/ovndb-servers.ocf
> > +++ b/ovn/utilities/ovndb-servers.ocf
> > @@ -295,8 +295,8 @@ ovsdb_server_start() {
> >
> > set ${OVN_CTL}
> >
> > - set $@ --db-nb-addr=${MASTER_IP} --db-nb-port=${NB_MASTER_PORT}
> > - set $@ --db-sb-addr=${MASTER_IP} --db-sb-port=${SB_MASTER_PORT}
> > + set $@ --db-nb-port=${NB_MASTER_PORT}
> > + set $@ --db-sb-port=${SB_MASTER_PORT}
> >
> > if [ "x${NB_MASTER_PROTO}" = xtcp ]; then
> > set $@ --db-nb-create-insecure-remote=yes
> >
>
> This change solves the IP binding problem. It will just listen on 0.0.0.0.
>
One problem with this approach I see is that it would listen on all the
IPs. May be it's not a good idea and may have some security issues.
Can we instead check the value of MASTER_IP param something like below ?
if [ "$MASTER_IP" == "0.0.0.0" ]; then
set $@ --db-nb-addr=${MASTER_IP} --db-nb-port=${NB_MASTER_PORT}
set $@ --db-sb-addr=${MASTER_IP} --db-sb-port=${SB_MASTER_PORT}
else
set $@ --db-nb-port=${NB_MASTER_PORT}
set $@ --db-sb-port=${SB_MASTER_PORT}
fi
And when you create OVN pacemaker resource in your deployment, you can pass
master_ip=0.0.0.0
Will this work ?
Thanks
Numan
However, another problem is that we should let LB to do health check with
> TCP port, and point only to the master. This requires that standby NB/SBs
> do not listen on the same TCP ports, so we can make one more change so that
> if the NB/SB is on slave, they start with unix socket only.
>
> >
> > Results:
> > # accessing via LB VIP
> > ovn-nbctl --db=tcp:10.149.7.56:6641 show
> > switch bb130c99-a00d-43cf-b40a-9c6fb1df5ed7 (ls666)
> > ovn-nbctl --db=tcp:10.149.7.56:6641 ls-add ls55
> > # accessing via active node pool member
> > root@test-pace2-2365308:~# ovn-nbctl --db=tcp:10.169.129.33:6641 show
> > switch bb130c99-a00d-43cf-b40a-9c6fb1df5ed7 (ls666)
> > switch 41922d23-3430-436d-b67a-00422367a653 (ls55)
> > # accessing using standby node pool member
> > root@test-pace2-2365308:~# ovn-nbctl --db=tcp:10.169.129.33:6641 ls-add
> lss2222
> > ovn-nbctl: transaction error: {"details":"insert operation not allowed
> when database serv
> > # using connect string and skip using VIP resource just for reading db
> and not for writing.
> > ovn-nbctl --db=tcp:10.169.129.34:6641,tcp:10.169.129.33:6641 show
> >
> > I am pointing northd and ovn-controller to the db vip which works as
> expected too.
> >
> > For northd, we can use local unix socket too which is valid as I have
> tested both ways by keeping it running on both nodes. I think its just a
> personal pref to use vip or unix socket as both are valid for northd. I
> think that we might need to update the documentation too with above details.
> >
> > I will send a formal patch along with documentation update. Let me know
> if there are other suggestions too in case anything is missed.
> >
> >
> > Regards,
> > Aliasgar
> >
>
>
_______________________________________________
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
