Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Linux-HA>
  3. Users
openstack fencing agent
botemout at gmail
Feb 18, 2014, 2:11 PM
Post #1 of 5 (1571 views)
Permalink
Greetings,

Someone on the linux-ha irc channel suggested that perhaps this agent
might be of use to others using openstack.

Note: it's based on fence_virsh and was written in about 20 mins; it
seems to work for me but YMMV.

Cheers,
JR

--
Your electronic communications are being monitored; strong encryption is
an answer. My public key
<http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x4F08C504BD634953>

Attached Files:

openstack fencing agent [ In reply to ]
botemout at gmail
Feb 18, 2014, 2:15 PM
Post #2 of 5 (1540 views)
Permalink
Greetings,

Someone on the linux-ha irc channel suggested that perhaps this agent
might be of use to others using openstack.

Note: it's based on fence_virsh and was written in about 20 mins; it
seems to work for me but YMMV.

Cheers,
JR

-- Your electronic communications are being monitored; strong encryption
is an answer. My public key
<http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x4F08C504BD634953>

Attached Files:

Re: openstack fencing agent [ In reply to ]
andrew at beekhof
Feb 18, 2014, 3:47 PM
Post #3 of 5 (1538 views)
Permalink
On 19 Feb 2014, at 9:15 am, JR <botemout@gmail.com> wrote:

> Greetings,
>
> Someone on the linux-ha irc channel suggested that perhaps this agent
> might be of use to others using openstack.
>
> Note: it's based on fence_virsh and was written in about 20 mins; it
> seems to work for me but YMMV.

Question... this is for openstack instances acting as cluster nodes?
If so, how did you get them to use predictable IPs that corosync could bind to?
Also, how did you provide authentication for the nova client?

I created https://github.com/beekhof/fence_openstack but gave up on it because corosync wasn't able to function.

Attached Files:

Re: openstack fencing agent [ In reply to ]
botemout at gmail
Feb 18, 2014, 4:20 PM
Post #4 of 5 (1539 views)
Permalink
Hi Andrew,

Yes, this is for an ha cluster made of instances running in openstack.

I'm testing running a two node gfs2 (or perhaps ocfs2) cluster using
VMs. If I can get it all working and it's stable there are reasons why
running it as VMs would be handy (obviously). However, if there are
issues that derive from the node's virtualness, I have the option to run
these services on the physical hosts.

For this testing, I've used the private IP of each node that nova
provided when the nodes were booted. In my particular environment, I
automatically bring up nodes with names which identify their functions;
chef recipes then run and can search for the IP of the other partner
when configuring linux-ha (this is theoretical as I'm doing everything
by hand now; I can see that getting this right in recipes might be
non-trivial).

As for authentication: fence_openstack runs as root on the openstack
physical host(s); when it ssh's in, root's .bashrc sources the admin
creds from openstack so the call to nova list and nova reboot succeed.

Please note: as I said in the original post, my fence_openstack has 20
minutes of coding in it and not much more thinking about it. I assume
that someone who really knows these issues would fix any issues or shoot
down the methodology as unworkable, broken, insecure, etc... ;-) Given
your difficulties earlier, I'd not be terribly shocked if I've
overlooked something critical.

Best,
JR

On 2/18/2014 4:47 PM, Andrew Beekhof wrote:
>
> On 19 Feb 2014, at 9:15 am, JR <botemout@gmail.com> wrote:
>
>> Greetings,
>>
>> Someone on the linux-ha irc channel suggested that perhaps this agent
>> might be of use to others using openstack.
>>
>> Note: it's based on fence_virsh and was written in about 20 mins; it
>> seems to work for me but YMMV.
>
> Question... this is for openstack instances acting as cluster nodes?
> If so, how did you get them to use predictable IPs that corosync could bind to?
> Also, how did you provide authentication for the nova client?
>
> I created https://github.com/beekhof/fence_openstack but gave up on it because corosync wasn't able to function.
>
>
>
> _______________________________________________
> Linux-HA mailing list
> Linux-HA@lists.linux-ha.org
> http://lists.linux-ha.org/mailman/listinfo/linux-ha
> See also: http://linux-ha.org/ReportingProblems
>

--
Your electronic communications are being monitored; strong encryption is
an answer. My public key
<http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x4F08C504BD634953>
_______________________________________________
Linux-HA mailing list
Linux-HA@lists.linux-ha.org
http://lists.linux-ha.org/mailman/listinfo/linux-ha
See also: http://linux-ha.org/ReportingProblems
Re: openstack fencing agent [ In reply to ]
andrew at beekhof
Feb 18, 2014, 4:26 PM
Post #5 of 5 (1536 views)
Permalink
On 19 Feb 2014, at 11:20 am, JR <botemout@gmail.com> wrote:

> Hi Andrew,
>
> Yes, this is for an ha cluster made of instances running in openstack.
>
> I'm testing running a two node gfs2 (or perhaps ocfs2) cluster using
> VMs. If I can get it all working and it's stable there are reasons why
> running it as VMs would be handy (obviously). However, if there are
> issues that derive from the node's virtualness, I have the option to run
> these services on the physical hosts.
>
> For this testing, I've used the private IP of each node that nova
> provided when the nodes were booted. In my particular environment, I
> automatically bring up nodes with names which identify their functions;
> chef recipes then run and can search for the IP of the other partner
> when configuring linux-ha

Right, but how do you tell the surviving node about the IP of the new node?
I assume you're using udpu not multicast?

> (this is theoretical as I'm doing everything
> by hand now; I can see that getting this right in recipes might be
> non-trivial).
>
> As for authentication: fence_openstack runs as root on the openstack
> physical host(s);

You're ssh'ing from an instance to a physical openstack host... thats... interesting :)

> when it ssh's in, root's .bashrc sources the admin
> creds from openstack so the call to nova list and nova reboot succeed.
>
> Please note: as I said in the original post, my fence_openstack has 20
> minutes of coding in it and not much more thinking about it. I assume
> that someone who really knows these issues would fix any issues or shoot
> down the methodology as unworkable, broken, insecure, etc... ;-) Given
> your difficulties earlier, I'd not be terribly shocked if I've
> overlooked something critical.
>
> Best,
> JR
>
> On 2/18/2014 4:47 PM, Andrew Beekhof wrote:
>>
>> On 19 Feb 2014, at 9:15 am, JR <botemout@gmail.com> wrote:
>>
>>> Greetings,
>>>
>>> Someone on the linux-ha irc channel suggested that perhaps this agent
>>> might be of use to others using openstack.
>>>
>>> Note: it's based on fence_virsh and was written in about 20 mins; it
>>> seems to work for me but YMMV.
>>
>> Question... this is for openstack instances acting as cluster nodes?
>> If so, how did you get them to use predictable IPs that corosync could bind to?
>> Also, how did you provide authentication for the nova client?
>>
>> I created https://github.com/beekhof/fence_openstack but gave up on it because corosync wasn't able to function.
>>
>>
>>
>> _______________________________________________
>> Linux-HA mailing list
>> Linux-HA@lists.linux-ha.org
>> http://lists.linux-ha.org/mailman/listinfo/linux-ha
>> See also: http://linux-ha.org/ReportingProblems
>>
>
> --
> Your electronic communications are being monitored; strong encryption is
> an answer. My public key
> <http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x4F08C504BD634953>
> _______________________________________________
> Linux-HA mailing list
> Linux-HA@lists.linux-ha.org
> http://lists.linux-ha.org/mailman/listinfo/linux-ha
> See also: http://linux-ha.org/ReportingProblems

Attached Files:

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal