+1 to Johns answer.
We also run Pacemaker/Corosync clusters inside OpenStack instances (in
project/self service networks). Our clusters are formed by 3 instances each and
run in production currently. We didn't see any problems with migrations,
handmade or triggered by Pacemaker.
I recommend using unicast for the cluster communication too + using the default
ocf:heartbeat:IPaddr2 resource agent to keep things simple.
For the VIP we use a _dummy_ port (neutron port create) and allow its IP
address to all cluster members via 'neutron port update'. That port is never
attached to any instance, they are just using its IP address on their default
ports.
The idea of fencing via the API sounds pretty neat, so I will have a look on
that ;)
best regards,
hauke
From: John Petrini <jpetr...@coredial.com>
Sent: Wednesday, August 16, 2017 12:55 PM
To: Tim Bell
Cc: openstack-operators
Subject: Re: [Openstack-operators] Pacemaker / Corosync in guests on OpenStack
I just did recently and had no issues. I used a provider network so I don't
have experience using it with project networks but I believe the only issue you
might run into with project networks is multicast. You can work around this by
using unicast instead.
If you do you use multicast you need to enable IGMP in your security groups.
You can do this in Horizon by selecting other protocol and setting the IP
protocol number to 2.
I hit a minor issue setting up a VIP because port security wouldn't allow
traffic to the instance that was destined for that address but all I had to do
was add the VIP as an allowed address pair on the port of each instance. Also,
I attached an additional interface to one of the instances to allocate the VIP,
I just didn't configure the interface within the instance. Since we use DHCP
this was a simple way to reserve the IP. I'm sure I could have created a
pacemaker resource that would move the port using the OpenStack API but I
prefer the simplicity and speed of Pacemakers ocf:ipaddr2 resource.
I setup fencing of the instances via the openstack api to avoid any chance of a
duplicate IP when moving the VIP. I borrowed this script
https://github.com/beekhof/fence_openstack/blob/master/fence_openstack and made
a few minor changes.
Overall there weren't many differences between setting up pacemaker in
OpenStack vs Iron but I hope this is helpful.
Regards,
John Petrini
On Wed, Aug 16, 2017 at 6:06 AM, Tim Bell
<tim.b...@cern.ch<mailto:tim.b...@cern.ch>> wrote:
Has anyone had experience setting up a cluster of VM guests running Pacemaker /
Corosync? Any recommendations?
Tim
___
OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org<mailto:OpenStack-operators@lists.openstack.org>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
___
OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators