Hi Andrew, Yes, this is for an ha cluster made of instances running in openstack.
I'm testing running a two node gfs2 (or perhaps ocfs2) cluster using VMs. If I can get it all working and it's stable there are reasons why running it as VMs would be handy (obviously). However, if there are issues that derive from the node's virtualness, I have the option to run these services on the physical hosts. For this testing, I've used the private IP of each node that nova provided when the nodes were booted. In my particular environment, I automatically bring up nodes with names which identify their functions; chef recipes then run and can search for the IP of the other partner when configuring linux-ha (this is theoretical as I'm doing everything by hand now; I can see that getting this right in recipes might be non-trivial). As for authentication: fence_openstack runs as root on the openstack physical host(s); when it ssh's in, root's .bashrc sources the admin creds from openstack so the call to nova list and nova reboot succeed. Please note: as I said in the original post, my fence_openstack has 20 minutes of coding in it and not much more thinking about it. I assume that someone who really knows these issues would fix any issues or shoot down the methodology as unworkable, broken, insecure, etc... ;-) Given your difficulties earlier, I'd not be terribly shocked if I've overlooked something critical. Best, JR On 2/18/2014 4:47 PM, Andrew Beekhof wrote: > > On 19 Feb 2014, at 9:15 am, JR <[email protected]> wrote: > >> Greetings, >> >> Someone on the linux-ha irc channel suggested that perhaps this agent >> might be of use to others using openstack. >> >> Note: it's based on fence_virsh and was written in about 20 mins; it >> seems to work for me but YMMV. > > Question... this is for openstack instances acting as cluster nodes? > If so, how did you get them to use predictable IPs that corosync could bind > to? > Also, how did you provide authentication for the nova client? > > I created https://github.com/beekhof/fence_openstack but gave up on it > because corosync wasn't able to function. > > > > _______________________________________________ > Linux-HA mailing list > [email protected] > http://lists.linux-ha.org/mailman/listinfo/linux-ha > See also: http://linux-ha.org/ReportingProblems > -- Your electronic communications are being monitored; strong encryption is an answer. My public key <http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x4F08C504BD634953> _______________________________________________ Linux-HA mailing list [email protected] http://lists.linux-ha.org/mailman/listinfo/linux-ha See also: http://linux-ha.org/ReportingProblems
