Re: [Openstack] HA inside VMs (via Corosync/Pacemaker)
Oh, no. I use floating IPs for actually real public IPs. But now, that you mention the pools, well, I would have to assign one floating IP to at least TWO KVM instances. Hm, Pacemaker/Corosync *inside* the VM will add the Service-IP to the local ethernet interface, and thus, the outside OpenStack components do not know about. Using a dedicated floating IP pool for service IPs might feel like a great solution, but OpenStack is not the one to manage who gets what IP - but Corosync/Pacemaker inside the KVM instances. :-) Anyone an idea how to solve this? Many thanks in advance, Christian. On Sat, Jun 30, 2012 at 5:00 AM, Vishvananda Ishaya vishvana...@gmail.comwrote: Seems like you could use a floating ip for this. You can define a range for internal floating ips by using a separate floating ip pool. On Jun 29, 2012 7:06 PM, Christian Parpart tra...@gmail.com wrote: Hey all, I would like to setup a highly available service *inside* two KVM instances, so I have created a security group to contain all required service ports, so clients can connect to either VM and that works. And both instances have their own designated IP address, provided by nova itself. And now I want to allocate a custom private IP address (I just chose one from the higher address range, since I've a quite a big one (/21) and it was planned to use higher numbers for HA service IPs. But how do I teach OpneStack to let traffic to these KVMs via its designated Service IP? I took a look at the iptables rules, however, they are created automatically, and I did not get it really right what it all wants to tell me yet and what is there for what (not every rule uses -m comment --comment $hint). :-) So how do I teach OpneStack custom provided IP addresses? Best regards, Christian. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] HA inside VMs (via Corosync/Pacemaker)
On Sat, Jun 30, 2012 at 3:06 AM, Christian Parpart tra...@gmail.com wrote: Hm, Pacemaker/Corosync *inside* the VM will add the Service-IP to the local ethernet interface, and thus, the outside OpenStack components do not know about. Using a dedicated floating IP pool for service IPs might feel like a great solution, but OpenStack is not the one to manage who gets what IP - but Corosync/Pacemaker inside the KVM instances. :-) Anyone an idea how to solve this? It sounds like you want to add explicit support to pacemaker to deal with openstack fixed addresses. Then you could run with rfc1918 floating addresses, and then have pacemaker/corosync reassign the (external) fixed address when consensus changes. Think of the openstack fixed address control plane in a similar way to ifconfig. You should even be able to script it up yourself; you'd need to add your openstack creds to the HA images though. -nld ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] HA inside VMs (via Corosync/Pacemaker)
On Sat, Jun 30, 2012 at 1:51 PM, Narayan Desai narayan.de...@gmail.comwrote: On Sat, Jun 30, 2012 at 3:06 AM, Christian Parpart tra...@gmail.com wrote: Hm, Pacemaker/Corosync *inside* the VM will add the Service-IP to the local ethernet interface, and thus, the outside OpenStack components do not know about. Using a dedicated floating IP pool for service IPs might feel like a great solution, but OpenStack is not the one to manage who gets what IP - but Corosync/Pacemaker inside the KVM instances. :-) Anyone an idea how to solve this? It sounds like you want to add explicit support to pacemaker to deal with openstack fixed addresses. Then you could run with rfc1918 floating addresses, and then have pacemaker/corosync reassign the (external) fixed address when consensus changes. Think of the openstack fixed address control plane in a similar way to ifconfig. You should even be able to script it up yourself; you'd need to add your openstack creds to the HA images though. Hey, that's a really great idea, and IMHO apparently the only way to not interfere with OpenStack internals too much. So I need to create a new resource agent that represents a floating IP. If I succeed, I'll share that script then. :) Cheers, Christian Parpart. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] HA inside VMs (via Corosync/Pacemaker)
On 06/30/2012 06:32 AM, Christian Parpart wrote: On Sat, Jun 30, 2012 at 1:51 PM, Narayan Desai narayan.de...@gmail.com mailto:narayan.de...@gmail.com wrote: On Sat, Jun 30, 2012 at 3:06 AM, Christian Parpart tra...@gmail.com mailto:tra...@gmail.com wrote: Hm, Pacemaker/Corosync *inside* the VM will add the Service-IP to the local ethernet interface, and thus, the outside OpenStack components do not know about. Using a dedicated floating IP pool for service IPs might feel like a great solution, but OpenStack is not the one to manage who gets what IP - but Corosync/Pacemaker inside the KVM instances. :-) Anyone an idea how to solve this? It sounds like you want to add explicit support to pacemaker to deal with openstack fixed addresses. Then you could run with rfc1918 floating addresses, and then have pacemaker/corosync reassign the (external) fixed address when consensus changes. Think of the openstack fixed address control plane in a similar way to ifconfig. You should even be able to script it up yourself; you'd need to add your openstack creds to the HA images though. Hey, that's a really great idea, and IMHO apparently the only way to not interfere with OpenStack internals too much. So I need to create a new resource agent that represents a floating IP. If I succeed, I'll share that script then. :) Cheers, Christian Parpart. Another option is to give Heat's High Availability a spin. Heat is made specifically for OpenStack cloud environments (vs corosync/pacemaker being specifically made for bare metal Linux environments). See http://www.heat-api.org Heat originates from the same authors as Corosync and much of the cluster stack internals on Linux - so the high availability developer experience that went into creating the software is equivalent. For more details on Heat's HA see: https://github.com/heat-api/heat/wiki/Using-HA An example VM image template that describes HA: https://github.com/heat-api/heat/blob/master/templates/WordPress_Single_Instance_With_HA.template ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
[Openstack] HA inside VMs (via Corosync/Pacemaker)
Hey all, I would like to setup a highly available service *inside* two KVM instances, so I have created a security group to contain all required service ports, so clients can connect to either VM and that works. And both instances have their own designated IP address, provided by nova itself. And now I want to allocate a custom private IP address (I just chose one from the higher address range, since I've a quite a big one (/21) and it was planned to use higher numbers for HA service IPs. But how do I teach OpneStack to let traffic to these KVMs via its designated Service IP? I took a look at the iptables rules, however, they are created automatically, and I did not get it really right what it all wants to tell me yet and what is there for what (not every rule uses -m comment --comment $hint). :-) So how do I teach OpneStack custom provided IP addresses? Best regards, Christian. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
Re: [Openstack] HA inside VMs (via Corosync/Pacemaker)
Seems like you could use a floating ip for this. You can define a range for internal floating ips by using a separate floating ip pool. On Jun 29, 2012 7:06 PM, Christian Parpart tra...@gmail.com wrote: Hey all, I would like to setup a highly available service *inside* two KVM instances, so I have created a security group to contain all required service ports, so clients can connect to either VM and that works. And both instances have their own designated IP address, provided by nova itself. And now I want to allocate a custom private IP address (I just chose one from the higher address range, since I've a quite a big one (/21) and it was planned to use higher numbers for HA service IPs. But how do I teach OpneStack to let traffic to these KVMs via its designated Service IP? I took a look at the iptables rules, however, they are created automatically, and I did not get it really right what it all wants to tell me yet and what is there for what (not every rule uses -m comment --comment $hint). :-) So how do I teach OpneStack custom provided IP addresses? Best regards, Christian. ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp