On Wed, Dec 23, 2009 at 8:13 PM, Lars Ellenberg
<[email protected]> wrote:
> On Wed, Dec 23, 2009 at 02:24:10AM -0700, Tim Serong wrote:
>> On 12/23/2009 at 12:42 AM, Jiaju Zhang <[email protected]> wrote:
>> > On Tue, Dec 22, 2009 at 8:56 PM, Dejan Muhamedagic <[email protected]>
>> > wrote:
>> > >
>> > >> Thank you for stepping forward!
>> > >
>> > > Jiaju, many thanks for the contribution. Any chance to also
>> > > implement the suggested improvements?
>> >
>> > Sure :)
>> > Thanks for all the suggestions. I'll improve it and update it soon.
>>
>> Another suggestion:
>>
>> # diff -u IPaddr2 IPaddr2.new
>> --- IPaddr2 2009-12-23 20:10:33.089860727 +1100
>> +++ IPaddr2.new 2009-12-23 20:17:31.656957776 +1100
>> @@ -532,13 +532,14 @@
>> }
>>
>> save_tcp_connections() {
>> + [ -z "$OCF_RESKEY_tickle_dir" ] && return
>> mydir=$OCF_RESKEY_tickle_dir/`hostname`
>
> why the hostname part?
> why not just statefile=$OCF_RESKEY_tickle_dir/$OCF_RESKEY_ip ?
> the IP may only be active on one server at a time,
> so only one may write to the file.
Yeah. I origianl thought of the scenaio where diffferent floating
IPs/service groups active in different nodes respectively, but it
turned out to be no need do this since it should specify different
$OCF_RESKEY_tickle_dir to address this.
I'm going to remove this too, thanks :)
>
>> rm -f $mydir/*
>
> not good, removes everything.
> should only remove _one_ statefile.
> we may have multiple IPs!
>
> we may want to be able to do ip switchover independently.
>
> also, please quote, this script runs as root.
> rm is not necessary at all.
>
> maybe do
> generate_client_server_list_for_this_ip |
> dd of="$statefile".new conv=fsync &&
> mv "$statefile"
>
> only that not all versions of dd support fsync ;)
>
>> netstat -tn |egrep
>> '^tcp[[:space:]]+[0-9]+[[:space:]]+[0-9]+[[:space:]]+[0-9\.]+:[0-9]+.*ESTABLISHED'
>> |
>> awk '{print $4" "$5}' |
>> while read server client; do
>> ip=${server%:*}
>> - echo $client $server >> $mydir/$ip
>> + [ "$ip" == "$OCF_RESKEY_ip" ] && echo $client $server
>> >> $mydir/$ip
>> done
>> }
>
>
> how about:
> # use lsof, to avoid issues with truncated output
> # let lsof do numerical output, filter on $OCF_RESKEY_ip already,
> # and prepare the output for "other programs", see lsof man page ;)
> # use sed to get the remote ip address and port.
> lsof -nP -i4...@$ocf_reskey_ip -F nT |
> sed -ne '/^n/h; /^TST=ESTABLISHED/ { g;s/^.*->//p; }' \
> > "$statefile.new" &&
> mv "$statefile.new" "$statefile"
>
> (same would work for a wrapper script around ocf:IPv6addr , only change:
> # I'm not sure about the form of the ipv6addr parameter.
> # lsof filter requires the [] however.
> case $OCF_RESKEY_ipv6addr in
> \[*\]) ipv6=$OCF_RESKEY_ipv6addr;;
> *) ipv6="[$OCF_RESKEY_ipv6addr]";;
> esac
> lsof -nP "-i6...@$ipv6" .F nT | ...
> )
>
>
> then provide the "local" address (OCF_reskey) via command line option to
> tickle_ack, and feed it remote-address:port via stdin.
Many thanks for all the suggestions :)
>
> not sure about cluster ip clones, which usually are active on more than
> one node. They probably need to put the "instance number" into the
> statefile name as well, to not step on each others toes.
>
> maybe tickle_acks make not much sense with cluster ip anyways,
> so cloned IPaddr2 should just not do all this stuff.
Yeah, in fact I'm re-thinking about this feature and haven't written the code :)
I'm also thinking about the cluster ip clones scenarios, and the original patch
can't address that.
For cluster ip clones, if one node dead, you should provide a timing
that other nodes do the tickle. In original patch, tickle is called
when the IPaddr2 RA started, but for clones, no more resource group
will start if one node dead. So I think it can be added to monitor
operation. It is not event-driven but so many things is not
event-driven and is not precise, so I think this should be acceptable.
The second thing is how do you know who is dead, you can easily get
this info via pacemaker, but the "hostname" part should also be
reserved since we should use it to differentiate the info in different
node. The last thing is who should do the tickle, I think I can let
the DC do this or just every other alive nodes do this as well.
Another important thing I think we should address is if the tickle
feature should be added in IPaddr2 RA? When you deploy your HA
solution, maybe sometimes you should configure the application service
started after the IPaddr2 started, but sometimes you should configure
IPaddr2 as the first-started resource then started the application. If
it is the latter, if you tickle ACK when IPaddr2 started, but the real
service application is not started at that time, the user may see the
error like "Port is not reachable", this is not a good usability. So
we may need to start the tickle when the application is ready. One
simple implementation of this is to add the tickle feature in a
seperated RA and add it to the last in the service group when you
deploy it. Does this make sence? If yes, I'll implement it :)
Any suggestions and comments are welcome :)
Thanks,
Jiaju
_______________________________________________________
Linux-HA-Dev: [email protected]
http://lists.linux-ha.org/mailman/listinfo/linux-ha-dev
Home Page: http://linux-ha.org/
