well thanks, i got it with adjusted IPaddr2 now working :D when i got some time i will try to edit my own agent. Now i can go to master-master replication between regions and nagios monitoring/event-handling all ;)
On Wed, Oct 2, 2013 at 4:28 PM, Peter Romfeld <peter.romfeld...@gmail.com>wrote: > the changes take instant effect, i let "watch > /usr/lib64/nagios/plugins/check_tcp -H my.vip.add.r -p 3306" on a 3rd > instance running, and the second i issued on the new master node the aws > command it changed from CRITICAL to OK > > > On Wed, Oct 2, 2013 at 4:13 PM, Peter Romfeld > <peter.romfeld...@gmail.com>wrote: > >> In you VPC the change take effect after you got "true", you can check it >> with describe-eip or in console :) >> right now i just try to add the command with hardcoded variables to >> IPaddr2 start, just to get it running for now >> >> i put my attempt to create a resource agent on github, maybe someone can >> help me find why params are not working? >> wget https://raw.github.com/peterromfeldhk/pacemaker/master/AWSFIP >> >> sorry im just started with scripting with nagios_nrpe last project :) >> i have 2 problems, 1s2 the OCF_RESKEY_ params dont work as i thought, if >> i hardcode the variables the commands are working at least in testrun, the >> second big issue i have is the monitoring >> >> >> On Wed, Oct 2, 2013 at 2:34 PM, David Lang <da...@lang.hm> wrote: >> >>> Unless something has changed in the AWS API in the last few months, when >>> the aws command exits successfully, that doesn't mean the change has taken >>> effect, just that the aws system has accepted the change and it will take >>> effect 'soon' >>> >>> >>> David Lang >>> >>> On Wed, 2 Oct 2013, Peter Romfeld wrote: >>> >>> yes i need to use the aws command, i am using a VPC, after issueing the >>>> command i get a "true" statement and its done >>>> >>>> so i only want pacemaker to issue the one-shot command at failover. >>>> Here is >>>> what i have atm: (i know its still dirty, just lerning pacemaker) >>>> >>>> primitive drbd_mysql ocf:linbit:drbd \ >>>> params drbd_resource="mydata" \ >>>> op monitor interval="15s" >>>> primitive fs_mysql ocf:heartbeat:Filesystem \ >>>> params device="/dev/drbdx" directory="/mountpint" fstype="ext4" >>>> options="relatime,barrier=1" \ >>>> op start interval="0" timeout="60" \ >>>> op stop interval="0" timeout="60" \ >>>> op monitor interval="10s" timeout="60s" OCF_CHECK_LEVEL="20" \ >>>> meta target-role="started" >>>> primitive fvip ocf:heartbeat:AWSFIP \ >>>> params fvip="192.168.2.10" region="ap-southeast-1" >>>> primitive ip_mysql ocf:heartbeat:IPaddr2 \ >>>> params ip="192.168.2.10" cidr_netmask="20" \ >>>> op monitor interval="10" \ >>>> meta target-role="started" >>>> primitive mysqld lsb:mysql >>>> group mysql fs_mysql ip_mysql mysqld >>>> ms ms_drbd_mysql drbd_mysql \ >>>> meta master-max="1" master-node-max="1" clone-max="2" >>>> clone-node-max="1" notify="true" >>>> colocation mysql_on_drbd inf: fvip mysql ms_drbd_mysql:Master >>>> order mysql_after_drbd_and_fvip inf: ms_drbd_mysql:promote fvip:start >>>> mysql:start >>>> >>>> my AWSFIP(adjusted Dummy :%s/dummy/awsfip/g|%s/Dummy/**AWSFIP/g): >>>> >>>> <parameter name="fvip" unique="1" required="1"> >>>> <longdesc lang="en"> >>>> The IPv4 address to be configured in dotted quad notation, for example >>>> "192.168.1.1". >>>> </longdesc> >>>> <shortdesc lang="en">IPv4 address</shortdesc> >>>> <content type="string" default="" /> >>>> </parameter> >>>> >>>> <parameter name="region" unique="1" required="1"> >>>> <longdesc lang="en"> >>>> The name of the AWS region >>>> </longdesc> >>>> <shortdesc lang="en">AWS region</shortdesc> >>>> <content type="string"/> >>>> </parameter> >>>> >>>> awsfip_start() { >>>> awsfip_monitor >>>> Instance_ID=`/usr/bin/curl --silent >>>> http://169.254.169.254/latest/**meta-data/instance-id`<http://169.254.169.254/latest/meta-data/instance-id> >>>> ENI_ID=`aws ec2 describe-instances --instance-id $Instance_ID >>>> --region >>>> $OCF_RESKEY_region | grep NetworkInterfaceId | cut -d '"' -f 4` >>>> if [ $? = $OCF_SUCCESS ]; then >>>> return $OCF_SUCCESS >>>> fi >>>> aws ec2 assign-private-ip-addresses --network-interface-id >>>> $ENI_ID >>>> --private-ip-addresses $OCF_RESKEY_fvip --allow-reassignment --region >>>> $OCF_RESKEY_region >>>> sleep 4 >>>> aws ec2 assign-private-ip-addresses --network-interface-id >>>> $ENI_ID >>>> --private-ip-addresses $OCF_RESKEY_fvip --allow-reassignment --region >>>> $OCF_RESKEY_region >>>> /etc/init.d/networking restart >>>> touch ${OCF_RESKEY_state} >>>> } >>>> >>>> I couldn't get it to work yet, and i don't want to run a external script >>>> for it. I can't be so hard to let pacemaker execute an additional >>>> one-shot >>>> command at failover (in the correct order..) >>>> >>>> Thanks for your help! >>>> >>>> >>>> On Wednesday, October 02, 2013 07:33 AM, David Lang wrote: >>>> >>>> the aws command is making the call to inform aws, if you were to bring >>>> up >>>> the address without making the aws command, would it work? If you are >>>> on a >>>> Virtual Private Cloud (VPC), it may, but I didn't think it would. >>>> >>>> If you can make it work without the aws command, then you can just use >>>> the >>>> standard pacemaker VIP configuration. I know that this doesn't work if >>>> you >>>> have an external IP that you are moving (you must use an aws call to >>>> tell >>>> Amazon to move the IP), but it's possible that you don't have to for an >>>> internal IP, but I would be surprised. >>>> >>>> David Lang >>>> >>>> >>>> On Wed, 2 Oct 2013, Peter Romfeld wrote: >>>> >>>> Hey, >>>> when i change the secondary IP per hand or with external script on a >>>> Ubuntu >>>> Instance I just need: >>>> /etc/network/interfaces >>>> auto eth0 >>>> iface eth0 inet dhcp >>>> address 192.168.32.12 >>>> netmask 255.255.240.0 >>>> gateway 192.168.32.1 >>>> up ip addr add 192.168.32.11/20 dev eth0 >>>> >>>> and then run the script which basically just does: >>>> #!/bin/sh >>>> >>>> VIP=172.32.32.11 >>>> REGION=ap-southeast-1 >>>> >>>> Instance_ID=`/usr/bin/curl --silent >>>> http://169.254.169.254/latest/**meta-data/instance-id`<http://169.254.169.254/latest/meta-data/instance-id> >>>> ENI_ID=`aws ec2 describe-instances --instance-id $Instance_ID --region >>>> $REGION | grep NetworkInterfaceId | cut -d '"' -f 4` >>>> >>>> aws ec2 assign-private-ip-addresses --network-interface-id $ENI_ID >>>> --private-ip-addresses $VIP --allow-reassignment --region $REGION >>>> >>>> >>>> I dont need to inform AWS or restart network, only the correct network >>>> config and the one command, when i tested it with pinging from a 3rd >>>> instance during IP change i didnt got any interupts. I dont know about >>>> monitoring it >>>> >>>> >>>> On Wed, Oct 2, 2013 at 1:38 AM, David Lang <da...@lang.hm> >>>> <da...@lang.hm>wrote: >>>> >>>> On Tue, 1 Oct 2013, Dejan Muhamedagic wrote: >>>> >>>> On Tue, Oct 01, 2013 at 10:07:12AM -0700, David Lang wrote: >>>> >>>> >>>> On Tue, 1 Oct 2013, Dejan Muhamedagic wrote: >>>> >>>> On Tue, Oct 01, 2013 at 07:22:20AM -0700, David Lang wrote: >>>> >>>> >>>> On Tue, 1 Oct 2013, Dejan Muhamedagic wrote: >>>> >>>> Hi David, >>>> >>>> >>>> On Mon, Sep 30, 2013 at 12:41:23PM -0700, David Lang wrote: >>>> >>>> On Mon, 30 Sep 2013, David Lang wrote: >>>> >>>> On Mon, 30 Sep 2013, Michael Schwartzkopff wrote: >>>> >>>> >>>> Am Montag, 30. September 2013, 21:12:56 schrieb Peter Romfeld: >>>> >>>> >>>> I am working in AWS i cant just use a VIP i need to use a floating >>>> secondary IP which i reassign through script, i want to let >>>> pacemaker >>>> handle the reassignment... >>>> >>>> >>>> Please explain the difference of a VIP and a "secondary IP" in >>>> your opinion. >>>> >>>> >>>> with AWS you need to inform amazon of the change, not just change >>>> the IP on the local box, that requires much more work than a >>>> simple local VIP >>>> >>>> >>>> being more detailed, instead of just >>>> ifconfig eth0:0 $vip >>>> you have to do something like >>>> >>>> /opt/aws/bin/ec2-assign-****private-ip-addresses -n $ENI_ID >>>> --secondary-private-ip-address $VIP --allow-reassignment --region >>>> $REGION >>>> >>>> >>>> We may consider adding such an option to IPaddr2. Has anybody >>>> ever tried that? >>>> >>>> pingresult=`ping -c 1 -W 1 $VIP | grep time= | wc -l` >>>> >>>> if [ "$pingresult" == "0" ]; then >>>> echo `date` "-- Restarting network" >>>> /sbin/service network restart > /dev/null 2>&1 >>>> >>>> >>>> That may break the cluster communication, which may lead to split >>>> brain, etc. Is that really the only way? >>>> >>>> >>>> It's not the only way, but you do have the problem that the call to >>>> aws management interface is asynchronous, you don't know when it's >>>> going to complete, and until it does, the IP doesn't actually work. >>>> >>>> >>>> Wouldn't it be then safer to wait until it starts working, i.e. >>>> to monitor in a loop? >>>> >>>> >>>> that's exactly what the snippet of code above is for, to detect when >>>> the other box no longer has the address. >>>> >>>> >>>> Hmm, perhaps I'm missing something, but I couldn't notice a loop >>>> in that code. What I meant was something like this: >>>> >>>> while ! ping -c 1 -W 1 $VIP | grep -qs time=; do >>>> : >>>> done >>>> >>>> Then network restart wouldn't be necessary, right? Sorry, I don't >>>> know much about aws. >>>> >>>> >>>> I haven't used this exact script before, but I have seen the problem >>>> that >>>> this script is designed to address. I am not saying that I agree with >>>> this >>>> script, but it's what Amazon is suggesting, so it's probably a >>>> reasonable >>>> start. >>>> >>>> >>>> this was a cut-n-paste from the URL provided earlier >>>> http://aws.amazon.com/****articles/2127188135977316<http://aws.amazon.com/**articles/2127188135977316> >>>> <http://aws.amazon.com/**articles/2127188135977316<http://aws.amazon.com/articles/2127188135977316> >>>> ><htt**p://aws.amazon.com/articles/**2127188135977316<http://aws.amazon.com/articles/2127188135977316> >>>> > >>>> >>>> >>>> >>>> #!/bin/sh >>>> # This script will monitor another HA node and take over a Virtual IP >>>> (VIP) >>>> # if communication with the other node fails >>>> >>>> # High Availability IP variables >>>> # Other node's IP to ping and VIP to swap if other node goes down >>>> HA_Node_IP=10.0.0.11 >>>> VIP=10.0.0.10 >>>> >>>> # Specify the EC2 region that this will be running in >>>> REGION=us-west-2 >>>> >>>> # Run aws-apitools-common.sh to set up default environment variables >>>> and to >>>> # leverage AWS security credentials provided by EC2 roles >>>> . /etc/profile.d/aws-apitools-****common.sh >>>> >>>> # Determine the instance and ENI IDs so we can reassign the VIP to the >>>> # correct ENI. Requires EC2 describe-instances and >>>> assign-private-ip-address >>>> # permissions. The following example EC2 roles policy will authorize >>>> these >>>> # commands: >>>> # { >>>> # "Statement": [ >>>> # { >>>> # "Action": [ >>>> # "ec2:AssignPrivateIpAddresses"****, >>>> # "ec2:DescribeInstances" >>>> # ], >>>> # "Effect": "Allow", >>>> # "Resource": "*" >>>> # } >>>> # ] >>>> # } >>>> >>>> Instance_ID=`/usr/bin/curl --silent >>>> http://169.254.169.254/latest/****<http://169.254.169.254/latest/**> >>>> meta-data/instance-id`ENI_ID=`****/opt/aws/bin/ec2-describe-**** >>>> instances >>>> <http://169.254.169.254/**latest/meta-data/instance-** >>>> idENI_ID=/opt/aws/bin/ec2-**describe-instances<http://169.254.169.254/latest/meta-data/instance-idENI_ID=/opt/aws/bin/ec2-describe-instances> >>>> ><http://**169.254.169.254/latest/meta-**data/instance-idENI_ID=/opt/** >>>> aws/bin/ec2-describe-instances<http://169.254.169.254/latest/meta-data/instance-idENI_ID=/opt/aws/bin/ec2-describe-instances> >>>> **>$Instance_ID >>>> >>>> --region $REGION | grep eni -m 1 | awk '{print $2;}'` >>>> >>>> echo `date` "-- Starting HA monitor" >>>> while [ . ]; do >>>> pingresult=`ping -c 3 -W 1 $HA_Node_IP | grep time= | wc -l` >>>> >>>> if [ "$pingresult" == "0" ]; then >>>> echo `date` "-- HA heartbeat failed, taking over VIP" >>>> >>>> /opt/aws/bin/ec2-assign-****private-ip-addresses -n $ENI_ID >>>> --secondary-private-ip-address $VIP --allow-reassignment --region >>>> $REGION >>>> pingresult=`ping -c 1 -W 1 $VIP | grep time= | wc -l` >>>> if [ "$pingresult" == "0" ]; then >>>> echo `date` "-- Restarting network" >>>> /sbin/service network restart > /dev/null 2>&1 >>>> fi >>>> sleep 60 >>>> fi >>>> sleep 2 >>>> done >>>> >>>> >>>> >>>> David Lang >>>> >>>> ______________________________****_________________ >>>> Pacemaker mailing list: Pacemaker@oss.clusterlabs.org >>>> http://oss.clusterlabs.org/****mailman/listinfo/pacemaker<http://oss.clusterlabs.org/**mailman/listinfo/pacemaker> >>>> <http://oss.clusterlabs.org/**mailman/listinfo/pacemaker<http://oss.clusterlabs.org/mailman/listinfo/pacemaker> >>>> ><ht**tp://oss.clusterlabs.org/**mailman/listinfo/pacemaker<http://oss.clusterlabs.org/mailman/listinfo/pacemaker> >>>> > >>>> >>>> >>>> Project Home: http://www.clusterlabs.org >>>> Getting started: http://www.clusterlabs.org/**** >>>> doc/Cluster_from_Scratch.pdf<http://www.clusterlabs.org/**doc/Cluster_from_Scratch.pdf> >>>> <http://www.clusterlabs.org/**doc/Cluster_from_Scratch.pdf<http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf> >>>> ><**http://www.clusterlabs.org/**doc/Cluster_from_Scratch.pdf<http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf> >>>> > >>>> >>>> Bugs: http://bugs.clusterlabs.org >>>> >>>> >>>> >>>> >>>> ______________________________**_________________ >>>> >>>> Pacemaker mailing list: Pacemaker@oss.clusterlabs.org >>>> http://oss.clusterlabs.org/**mailman/listinfo/pacemaker<http://oss.clusterlabs.org/mailman/listinfo/pacemaker> >>>> >>>> >>>> >>>> Project Home: http://www.clusterlabs.org >>>> >>>> Getting started: http://www.clusterlabs.org/** >>>> doc/Cluster_from_Scratch.pdf<http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf> >>>> >>>> Bugs: http://bugs.clusterlabs.org >>>> >>>> >>>> >>>> ______________________________**_________________ >>>> Pacemaker mailing list: >>>> Pacemaker@oss.clusterlabs.**orghttp://oss.clusterlabs.org/** >>>> mailman/listinfo/pacemaker<http://oss.clusterlabs.org/mailman/listinfo/pacemaker> >>>> >>>> >>>> Project Home: http://www.clusterlabs.org >>>> Getting started: http://www.clusterlabs.org/** >>>> doc/Cluster_from_Scratch.pdf<http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf> >>>> Bugs: http://bugs.clusterlabs.org >>>> >>> >>> _______________________________________________ >>> >>> Pacemaker mailing list: Pacemaker@oss.clusterlabs.org >>> >>> http://oss.clusterlabs.org/mailman/listinfo/pacemaker >>> >>> >>> >>> Project Home: http://www.clusterlabs.org >>> >>> Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf >>> >>> Bugs: http://bugs.clusterlabs.org >>> >>> >>> _______________________________________________ >>> Pacemaker mailing list: Pacemaker@oss.clusterlabs.org >>> http://oss.clusterlabs.org/mailman/listinfo/pacemaker >>> >>> Project Home: http://www.clusterlabs.org >>> Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf >>> Bugs: http://bugs.clusterlabs.org >>> >>> >> >
_______________________________________________ Pacemaker mailing list: Pacemaker@oss.clusterlabs.org http://oss.clusterlabs.org/mailman/listinfo/pacemaker Project Home: http://www.clusterlabs.org Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf Bugs: http://bugs.clusterlabs.org