Re: [ClusterLabs] Howto masquerade real server in a two armed transparent setup

[user . clusterlabs . org]

Sorry wrong mailing list, it’s to early in the day ;)

> On 12. nov. 2015, at 07.43, user.clusterlabs@siimnet.dk wrote:
> 
> Trying to make a two armed transparent setup like mentioned here 
>  to do both 
> transparently L4 [SSL] DR + L7 SSL termination load balanced services.
> 
> I’m having the load balanced services working, but I wont the real servers to 
> be able to access the public internet and to have other non-balanced services 
> like management ssh access through HAproxy VMs to my real servers.
> 
> Question is now how do I possible masquerade the real servers to access 
> public internet through my active/passiveHAproxies, currently setup like 
> mentioned here . Any hints/URLs are 
> welcomed?
> 
> TIA
> 
> /Steffen

___
Users mailing list: Users@clusterlabs.org
http://clusterlabs.org/mailman/listinfo/users

Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org

[ClusterLabs] Howto masquerade real server in a two armed transparent setup

[user . clusterlabs . org]

Trying to make a two armed transparent setup like mentioned here 
 to do both 
transparently L4 [SSL] DR + L7 SSL termination load balanced services.

I’m having the load balanced services working, but I wont the real servers to 
be able to access the public internet and to have other non-balanced services 
like management ssh access through HAproxy VMs to my real servers.

Question is now how do I possible masquerade the real servers to access public 
internet through my active/passiveHAproxies, currently setup like mentioned 
here . Any hints/URLs are welcomed?

TIA

/Steffen___
Users mailing list: Users@clusterlabs.org
http://clusterlabs.org/mailman/listinfo/users

Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org

Re: [ClusterLabs] Loadbalancing using Pacemaker

[user . clusterlabs . org]

> On 8. nov. 2015, at 16.24, Michael Schwartzkopff  wrote:
> 
> Am Samstag, 7. November 2015, 09:40:47 schrieb didier tanti:
>> Hello, i am new to Pacemaker and have a question concerning how to have my
>> cluster services aware of the state and location of the other services in
>> the cluster.  Example:
>> Service A is running on Host XService B1 is running on Host XService B2 is
>> running on Host Y Which API would allow my Service A to send IPC messages
>> to services B1 and B2 in a round robin manner?(for example how Service A
>> would be aware of which B is up and active (B1, B2 or both), and how A
>> would even be able to know on which host B1 or B2 is running?) It looks
>> very basic but i cannot find information on this on clusterlabs.org Is
>> there basic tutorial that would explain how to achieve this ? (I guess i
>> would need to link my service binaries with some pacemaker /corosync libs
>> and use some API ?) Thanks for helping out,
> 
> Hi,
> 
> this task is beyond the ability of pacemaker. Your application has to know 
> how 
> to handle that.
> 
> Best solution would be to use virtual IP addresses for services B1 and B2
Yes and maybe through a IP load balancer like nginx or haproxy to do the round 
robin

 
> make sure that the IP addresses run together with the services. Now you 
> service A only has to talk to the IP addresses, no matter on which host they 
> run.
> 
> pacemaker could take care that they run on different hosts is possible.
> 
> Mit freundlichen Grüßen,
> 
> Michael Schwartzkopff
> 
> -- 
> [*] sys4 AG
> 
> http://sys4.de, +49 (89) 30 90 46 64, +49 (162) 165 0044
> Franziskanerstraße 15, 81669 München
> 
> Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
> Vorstand: Patrick Ben Koetter, Marc Schiffbauer
> Aufsichtsratsvorsitzender: Florian 
> Kirstein___
> Users mailing list: Users@clusterlabs.org
> http://clusterlabs.org/mailman/listinfo/users
> 
> Project Home: http://www.clusterlabs.org
> Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> Bugs: http://bugs.clusterlabs.org


___
Users mailing list: Users@clusterlabs.org
http://clusterlabs.org/mailman/listinfo/users

Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org

Re: [ClusterLabs] Howto use ocf:heartbeat:nginx check level > 0

[user . clusterlabs . org]

> On 8. nov. 2015, at 10.26, user.clusterlabs@siimnet.dk wrote:
> 
> Setting up my first pacemaker cluster, I’m trying to grasp howto make 
> ocf:heartbeat:nginx monitor with check levels > 0.
> 
> Got this so far:
> 
> [root@afnA ~]# pcs resource
>  Resource Group: afnGroup
>  afnVIP (ocf::heartbeat:IPaddr2):   Started afnA 
>  afnNGinx   (ocf::heartbeat:nginx): Started afnA 
> 
> [root@afnA ~]# pcs resource show afnNGinx
>  Resource: afnNGinx (class=ocf provider=heartbeat type=nginx)
>   Attributes: configfile=/opt/imail/nginx/conf/nginx.conf port=8080 
> httpd=/opt/imail/nginx/sbin/nginx options="-p /opt/imail/nginx" 
> status10url=/ping status10regex=".+ is alive\." 
>   Operations: start interval=0s timeout=60s (afnNGinx-start-interval-0s)
>   stop interval=0s timeout=60s (afnNGinx-stop-interval-0s)
>   monitor interval=10s timeout=20s (afnNGinx-monitor-interval-10s)
>   monitor interval=60s timeout=20s (afnNGinx-monitor-interval-60s)
> [root@afnA ~]# 
> 
> but I cant verify that pacemaker RA ever calls http://localhost:8080/ping 
> , why not?
> 
> Any pointers to info source(s) for better understanding RA configuration and 
> maybe specially check levels?

Found this: 
http://clusterlabs.org/doc/en-US/Pacemaker/1.0/html/Pacemaker_Explained/s-operation-monitor-multiple.html
 


This seemed to work much better:

[root@afnA ~]# pcs resource show afnNGinx
 Resource: afnNGinx (class=ocf provider=heartbeat type=nginx)
  Attributes: configfile=/opt/imail/nginx/conf/nginx.conf port=8080 
httpd=/opt/imail/nginx/sbin/nginx options="-p /opt/imail/nginx" 
status10url=http://localhost:8080/ping status10regex="mss[0-9] is alive\." 
  Meta Attrs: target-role=Started 
  Operations: start interval=0s timeout=60s (afnNGinx-start-interval-0s)
  stop interval=0s timeout=60s (afnNGinx-stop-interval-0s)
  monitor interval=10s timeout=10s (afnNGinx-monitor-interval-10s)
  monitor interval=120s timeout=30s OCF_CHECK_LEVEL=10 
(afnNGinx-monitor-interval-120s)

=>

127.0.0.1 - - [08/Nov/2015:11:34:25 +0100] "GET /ping HTTP/1.1" 200 16 "-" 
"curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.19.1 Basic ECC 
zlib/1.2.3 libidn/1.18 libssh2/1.4.2"
127.0.0.1 - - [08/Nov/2015:11:36:25 +0100] "GET /ping HTTP/1.1" 200 16 "-" 
"curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.19.1 Basic ECC 
zlib/1.2.3 libidn/1.18 libssh2/1.4.2"
127.0.0.1 - - [08/Nov/2015:11:38:25 +0100] "GET /ping HTTP/1.1" 200 16 "-" 
"curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.19.1 Basic ECC 
zlib/1.2.3 libidn/1.18 libssh2/1.4.2"
127.0.0.1 - - [08/Nov/2015:11:40:25 +0100] "GET /ping HTTP/1.1" 200 16 "-" 
"curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.19.1 Basic ECC 
zlib/1.2.3 libidn/1.18 libssh2/1.4.2"


[root@afnA]# pcs --version
0.9.139

https://www.mankier.com/8/pcs  seems to indicate 
a debug-monitor command only my pcs version doesn’t seem to support this, might 
it only be in a later version, also I can seem to find ocf-tester from CentOS 6 
repository, where might I find ocf-tester rpm?

/Steffen___
Users mailing list: Users@clusterlabs.org
http://clusterlabs.org/mailman/listinfo/users

Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org

Re: [ClusterLabs] two node cluster not behaving right

[user . clusterlabs . org]

>> Nov 06 01:30:54 corosync [TOTEM ] Retransmit List: 96 97
>> Nov 06 01:30:56 corosync [TOTEM ] Retransmit List: 96 97
>> Nov 06 01:30:57 corosync [TOTEM ] Retransmit List: 96 97
>> Nov 06 01:30:59 corosync [TOTEM ] Retransmit List: 96 97
>> Nov 06 01:31:01 corosync [TOTEM ] Retransmit List: 96 97
> 
> This means something is blocking successful delivery of packets. Make sure to:
> - Properly configure firewall (for testing you can disable it completely)
> - Make sure you have properly configured multicast. As alternative, you can 
> try udpu. Udpu is usually better compatible with switches and for two node 
> use case performance is same.
Thanks, though got no FW between VM nodes, and multicast should be working too:

[root@afnA ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source   destination 

Chain FORWARD (policy ACCEPT)
target prot opt source   destination 

Chain OUTPUT (policy ACCEPT)
target prot opt source   destination 
[root@afnA ~]# omping afnB afnA
afnB : waiting for response msg
afnB : joined (S,G) = (*, 232.43.211.234), pinging
afnB :   unicast, seq=1, size=69 bytes, dist=0, time=0.265ms
afnB :   unicast, seq=2, size=69 bytes, dist=0, time=0.342ms
afnB : multicast, seq=2, size=69 bytes, dist=0, time=0.443ms
afnB :   unicast, seq=3, size=69 bytes, dist=0, time=0.517ms
afnB : multicast, seq=3, size=69 bytes, dist=0, time=0.590ms
afnB :   unicast, seq=4, size=69 bytes, dist=0, time=0.349ms
afnB : multicast, seq=4, size=69 bytes, dist=0, time=0.435ms
afnB :   unicast, seq=5, size=69 bytes, dist=0, time=0.361ms
afnB : multicast, seq=5, size=69 bytes, dist=0, time=0.448ms
afnB :   unicast, seq=6, size=69 bytes, dist=0, time=0.277ms
afnB : multicast, seq=6, size=69 bytes, dist=0, time=0.343ms
afnB :   unicast, seq=7, size=69 bytes, dist=0, time=0.302ms
afnB : multicast, seq=7, size=69 bytes, dist=0, time=0.402ms
^C
afnB :   unicast, xmt/rcv/%loss = 7/7/0%, min/avg/max/std-dev = 
0.265/0.345/0.517/0.084
afnB : multicast, xmt/rcv/%loss = 7/6/14% (seq>=2 0%), min/avg/max/std-dev = 
0.343/0.444/0.590/0.082
[root@afnA ~]# 

also corosync should be okay ImHO:

[root@afnA ~]# corosync-quorumtool  -l
Nodeid Name
   1   afnA.mxi.tdcfoo
   2   afnB.mxi.tdcfoo
[root@afnA ~]# corosync-quorumtool  -s
Version:  1.4.7
Nodes:2
Ring ID:  208
Quorum type:  quorum_cman
Quorate:  Yes

[root@afnA ~]# pcs status
Cluster name: afn-cluster
Last updated: Fri Nov  6 08:57:57 2015
Last change: Fri Nov  6 02:47:33 2015
Stack: cman
Current DC: afna - partition with quorum
Version: 1.1.11-97629de
2 Nodes configured
0 Resources configured


Online: [ afna ]
OFFLINE: [ afnb ]

Full list of resources:


[root@afnA ~]# ___
Users mailing list: Users@clusterlabs.org
http://clusterlabs.org/mailman/listinfo/users

Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org

Re: [ClusterLabs] two node cluster not behaving right

[user . clusterlabs . org]

> On 6. nov. 2015, at 08.42, Jan Friesse  wrote:
> 
> user.clusterlabs@siimnet.dk  
> napsal(a):
>> Been new to pacemaker, I’m trying to create my first cluster of two nodes, 
>> but it seems to behave a little strange.
>> Following this guide: http://clusterlabs.org/quickstart-redhat-6.html 
>>  
>> > >
>> 
>> but am unable to do f.ex.:
>> 
>> [root@afnA ~]# pcs property set stonith-enabled=false
>> Error: Unable to update cib
>> Call cib_replace failed (-62): Timer expired
>> 
>> 
>> only thing I find in logs are continued corosync events:
>> 
>> Nov 06 01:30:54 corosync [TOTEM ] Retransmit List: 96 97
>> Nov 06 01:30:56 corosync [TOTEM ] Retransmit List: 96 97
>> Nov 06 01:30:57 corosync [TOTEM ] Retransmit List: 96 97
>> Nov 06 01:30:59 corosync [TOTEM ] Retransmit List: 96 97
>> Nov 06 01:31:01 corosync [TOTEM ] Retransmit List: 96 97
> 
> This means something is blocking successful delivery of packets. Make sure to:
> - Properly configure firewall (for testing you can disable it completely)
> - Make sure you have properly configured multicast. As alternative, you can 
> try udpu. Udpu is usually better compatible with switches and for two node 
> use case performance is same.
Found this thread: http://www.gossamer-threads.com/lists/linuxha/pacemaker/90203

It seems that multicast between my two KVM nodes stops after 180s:

afnA :   unicast, seq=178, size=69 bytes, dist=0, time=0.238ms
afnA : multicast, seq=178, size=69 bytes, dist=0, time=0.324ms
afnA :   unicast, seq=179, size=69 bytes, dist=0, time=0.243ms
afnA : multicast, seq=179, size=69 bytes, dist=0, time=0.313ms
afnA :   unicast, seq=180, size=69 bytes, dist=0, time=0.273ms
afnA :   unicast, seq=181, size=69 bytes, dist=0, time=0.449ms
afnA :   unicast, seq=182, size=69 bytes, dist=0, time=0.266ms
afnA :   unicast, seq=183, size=69 bytes, dist=0, time=0.367ms

I can then just restart omping and get another 180s of multicasting… hmm might 
this have anything to do with the open vswitch used between nodes… seem to 
remember to have read about issues with open vswitches and multicasting, will 
dig more…

Meanwhile since I only have two nodes cluster, how do I configure it to do 
unicast in /etc/cluster/cluster,conf, as cman stack doesn’t use 
/etc/corosync/corosync.conf (have test with skewed malfunction corosync.conf, 
cman still forms quorum initially)?

TIA

___
Users mailing list: Users@clusterlabs.org
http://clusterlabs.org/mailman/listinfo/users

Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org

Re: [ClusterLabs] two node cluster not behaving right

[user . clusterlabs . org]

> On 6. nov. 2015, at 08.42, Jan Friesse  wrote:
> 
> This means something is blocking successful delivery of packets. Make sure to:
> - Properly configure firewall (for testing you can disable it completely)
> - Make sure you have properly configured multicast. As alternative, you can 
> try udpu. Udpu is usually better compatible with switches and for two node 
> use case performance is same.
Seem unicast fixed the issue ;)
This was done by changing cman configuration to udpu transport in cluster.conf 
like this:

http://clusterlabs.org/mailman/listinfo/users

Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org

[ClusterLabs] two node cluster not behaving right

[user . clusterlabs . org]

Been new to pacemaker, I’m trying to create my first cluster of two nodes, but 
it seems to behave a little strange.
Following this guide: http://clusterlabs.org/quickstart-redhat-6.html 


but am unable to do f.ex.:

[root@afnA ~]# pcs property set stonith-enabled=false
Error: Unable to update cib
Call cib_replace failed (-62): Timer expired


only thing I find in logs are continued corosync events:

Nov 06 01:30:54 corosync [TOTEM ] Retransmit List: 96 97 
Nov 06 01:30:56 corosync [TOTEM ] Retransmit List: 96 97 
Nov 06 01:30:57 corosync [TOTEM ] Retransmit List: 96 97 
Nov 06 01:30:59 corosync [TOTEM ] Retransmit List: 96 97 
Nov 06 01:31:01 corosync [TOTEM ] Retransmit List: 96 97 
...

Let me known if more info would help!

TIA

pcs cluster report: 
https://dl.dropboxusercontent.com/u/13225502/pacemaker.report.tar.bz2 



CentOS 6.7 w/:
pacemaker-1.1.12-8.el6.x86_64
pcs-0.9.139-9.el6_7.1.x86_64
ccs-0.16.2-81.el6.x86_64
resource-agents-3.9.5-24.el6.x86_64
cman-3.0.12.1-73.el6.1.x86_64
corosync-1.4.7-2.el6.x86_64

[root@afnB ~]# pacemakerd --features
Pacemaker 1.1.11 (Build: 97629de)
 Supporting v3.0.9:  generated-manpages agent-manpages ascii-docs ncurses 
libqb-logging libqb-ipc nagios  corosync-plugin cman acls

[root@afnB ~]# corosync-quorumtool -l
Nodeid Name
   1   afnA.mxi.tdcfoo
   2   afnB.mxi.tdcfoo
[root@afnB ~]# corosync-quorumtool -s
Version:  1.4.7
Nodes:2
Ring ID:  8
Quorum type:  quorum_cman
Quorate:  Yes
[root@afnB ~]# pcs status
Cluster name: afn-cluster
WARNING: no stonith devices and stonith-enabled is not false
Last updated: Fri Nov  6 01:35:30 2015
Last change: Fri Nov  6 01:29:37 2015
Stack: cman
Current DC: afna - partition with quorum
Version: 1.1.11-97629de
2 Nodes configured
0 Resources configured


Online: [ afna afnb ]


Full list of resources:



[root@afnB ~]# cat /etc/cluster/cluster.conf

  
  

  

  

  


  

  

  

  
  
  

  
  


  



[root@afnB ~]# grep -v '#' /etc/corosync/corosync.conf
compatibility: whitetank

totem {
version: 2

secauth: off
threads: 0

window_size: 150

interface {
ringnumber: 0
bindnetaddr: 10.45.69.0
mcastaddr: 239.255.15.1
mcastport: 5405
ttl: 1
}
}

logging {
fileline: off
to_stderr: no
to_logfile: yes
logfile: /var/log/cluster/corosync.log
to_syslog: yes
debug: off
timestamp: on
logger_subsys {
subsys: AMF
debug: off
}
}

___
Users mailing list: Users@clusterlabs.org
http://clusterlabs.org/mailman/listinfo/users

Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org