On 9/5/14 11:23 PM, David Magda wrote:
I have two nodes that I wish to run OpenLDAP slapd on. I want Pacemaker / CRM
to check the health of the OpenLDAP daemon, and if it's healthy, I want that
node to be a candidate for having a vIP live on it. If OpenLDAP's slapd is not
healthy (process is down, incorrect query results, etc.) then I want the vIP to
fail over to the other (presumably healthy) node.
(I also want to do something similar with BIND named, but we'll use OpenLDAP as
the working case for now.)
The main thing is that I want the daemon to run on each node in active-active
configuration (so Nagios can keep tabs on things), and only have the vIP for
the LDAP service fail-over.
The vIP is straight forward enough:
sudo crm configure primitive vip_ldap2 \
ocf:heartbeat:IPaddr2 params ip="10.0.0.89" cidr_netmask="32"
The following line creates a resource where slapd only runs on one of the nodes
at a time, but I want it running on both:
sudo crm configure primitive srv_slapd \
ocf:heartbeat:slapd op monitor interval="30s"
I'm using Debian 7 with default pacemaker 1.1.7-1 package, with the following
resource agent:
https://github.com/ClusterLabs/resource-agents/blob/master/heartbeat/slapd
The slapd process can be either managed or unmanaged, but I think I would
prefer unmanaged so that we can fiddle with it using the regular OS-level
service commands. We don't use HA / clustering in a lot of places, and so it
will probably be easy to forget that CRM is there, and so could lead to
frustration if it's doing behind our backs.
From what I could tell, I want to create a primitive (is-managed=false) and
make an anonymous clone, which can then be run on multiple nodes. Somehow?
Maybe?
Hi David,
We do something very similar: two nodes running stock wheezy, bind and
slapd on both, and two virtual IPs (one for DNS and one for LDAP) that
can bounce back and forth between the nodes. This type of setup allows
for DNS/LDAP resolution lists of the form virtual-ip, node1-ip, node2-ip.
If you're really set on not having slapd managed, Alex Samad's solution
of customizing the IPaddr2 resource agent will likely perform better
than trying to have pacemaker monitor an unmanaged resource.
We have bind and slapd as managed resources. You do have to remember not
to use the init script for restarts, but other than that, all the usual
commands work fine. (Even "rndc reload" doesn't bother pacemaker.)
The LDAP portion of our crm config (with additional comments) is:
# ocf:gleim:slapd is the unmodified slapd resource agent,
# from a later version of resource-agents than is available
# with wheezy
primitive ldap-daemon ocf:gleim:slapd \
params config="/etc/ldap/slapd.d" \
user="openldap" group="openldap" \
services="ldap:/// ldapi:///" \
op monitor interval="60" timeout="20" \
op start interval="0" timeout="20" \
op stop interval="0" timeout="20"
# This allows slapd to run on both hosts.
clone ldap-daemon-clone ldap-daemon meta globally-unique="false"
interleave="true"
# Bring up the virtual IP for LDAP resolution on one node.
# Replace xxx's with your virtual IP and mask.
primitive ldap-ip ocf:heartbeat:IPaddr2 \
params ip="xxx.xxx.xxx.xxx" cidr_netmask="xxx" \
op monitor depth="0" timeout="20s" interval="5s" \
op start interval="0" timeout="20" \
op stop interval="0" timeout="20"
# Bring up the virtual IP only on a host with a working slapd.
colocation ldap-ip-with-daemon +inf: ldap-ip ldap-daemon-clone
-- Ken Gaillot <kjgai...@gleim.com>
Gleim NOC
_______________________________________________
Pacemaker mailing list: Pacemaker@oss.clusterlabs.org
http://oss.clusterlabs.org/mailman/listinfo/pacemaker
Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org