Re: [Openstack-operators] Pacemaker / Corosync in guests on OpenStack

[Hauke Bruno Wollentin]

+1 to Johns answer.


We also run Pacemaker/Corosync clusters inside OpenStack instances (in 
project/self service networks). Our clusters are formed by 3 instances each and 
run in production currently. We didn't see any problems with migrations, 
handmade or triggered by Pacemaker.


I recommend using unicast for the cluster communication too + using the default 
ocf:heartbeat:IPaddr2 resource agent to keep things simple.


For the VIP we use a _dummy_ port (neutron port create) and allow its IP 
address to all cluster members via 'neutron port update'. That port is never 
attached to any instance, they are just using its IP address on their default 
ports.


The idea of fencing via the API sounds pretty neat, so I will have a look on 
that ;)


best regards,

hauke



From: John Petrini <jpetr...@coredial.com>
Sent: Wednesday, August 16, 2017 12:55 PM
To: Tim Bell
Cc: openstack-operators
Subject: Re: [Openstack-operators] Pacemaker / Corosync in guests on OpenStack

I just did recently and had no issues. I used a provider network so I don't 
have experience using it with project networks but I believe the only issue you 
might run into with project networks is multicast. You can work around this by 
using unicast instead.

If you do you use multicast you need to enable IGMP in your security groups. 
You can do this in Horizon by selecting other protocol and setting the IP 
protocol number to 2.

I hit a minor issue setting up a VIP because port security wouldn't allow 
traffic to the instance that was destined for that address but all I had to do 
was add the VIP as an allowed address pair on the port of each instance. Also, 
I attached an additional interface to one of the instances to allocate the VIP, 
I just didn't configure the interface within the instance. Since we use DHCP 
this was a simple way to reserve the IP. I'm sure I could have created a 
pacemaker resource that would move the port using the OpenStack API but I 
prefer the simplicity and speed of Pacemakers ocf:ipaddr2 resource.

I setup fencing of the instances via the openstack api to avoid any chance of a 
duplicate IP when moving the VIP. I borrowed this script 
https://github.com/beekhof/fence_openstack/blob/master/fence_openstack and made 
a few minor changes.

Overall there weren't many differences between setting up pacemaker in 
OpenStack vs Iron but I hope this is helpful.


Regards,


John Petrini




On Wed, Aug 16, 2017 at 6:06 AM, Tim Bell 
<tim.b...@cern.ch<mailto:tim.b...@cern.ch>> wrote:

Has anyone had experience setting up a cluster of VM guests running Pacemaker / 
Corosync? Any recommendations?

Tim


___
OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org<mailto:OpenStack-operators@lists.openstack.org>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators


___
OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators

Re: [Openstack-operators] Pacemaker / Corosync in guests on OpenStack

[John Petrini]

I just did recently and had no issues. I used a provider network so I don't
have experience using it with project networks but I believe the only issue
you might run into with project networks is multicast. You can work around
this by using unicast instead.

If you do you use multicast you need to enable IGMP in your security
groups. You can do this in Horizon by selecting other protocol and setting
the IP protocol number to 2.

I hit a minor issue setting up a VIP because port security wouldn't allow
traffic to the instance that was destined for that address but all I had to
do was add the VIP as an allowed address pair on the port of each instance.
Also, I attached an additional interface to one of the instances to
allocate the VIP, I just didn't configure the interface within the
instance. Since we use DHCP this was a simple way to reserve the IP. I'm
sure I could have created a pacemaker resource that would move the port
using the OpenStack API but I prefer the simplicity and speed of Pacemakers
ocf:ipaddr2 resource.

I setup fencing of the instances via the openstack api to avoid any chance
of a duplicate IP when moving the VIP. I borrowed this script
https://github.com/beekhof/fence_openstack/blob/master/fence_openstack and
made a few minor changes.

Overall there weren't many differences between setting up pacemaker in
OpenStack vs Iron but I hope this is helpful.


Regards,

John Petrini


On Wed, Aug 16, 2017 at 6:06 AM, Tim Bell  wrote:

>
>
> Has anyone had experience setting up a cluster of VM guests running
> Pacemaker / Corosync? Any recommendations?
>
>
>
> Tim
>
>
>
> ___
> OpenStack-operators mailing list
> OpenStack-operators@lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>
>
___
OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators

[Openstack-operators] Pacemaker / Corosync in guests on OpenStack

[Tim Bell]

Has anyone had experience setting up a cluster of VM guests running Pacemaker / 
Corosync? Any recommendations?

Tim

___
OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators