On 19.08.2016 23:20, Andy Zhou wrote:


On Fri, Aug 19, 2016 at 1:40 AM, Valentine Sinitsyn
<valentine.sinit...@gmail.com <mailto:valentine.sinit...@gmail.com>> wrote:

    On 19.08.2016 02:44, Andy Zhou wrote:



        On Thu, Aug 18, 2016 at 1:41 PM, Valentine Sinitsyn
        <valentine.sinit...@gmail.com
        <mailto:valentine.sinit...@gmail.com>
        <mailto:valentine.sinit...@gmail.com
        <mailto:valentine.sinit...@gmail.com>>> wrote:

            On 18.08.2016 23:49, Andy Zhou wrote:



                On Thu, Aug 18, 2016 at 8:34 AM, Valentine Sinitsyn
                <valentine.sinit...@gmail.com
        <mailto:valentine.sinit...@gmail.com>
                <mailto:valentine.sinit...@gmail.com
        <mailto:valentine.sinit...@gmail.com>>
                <mailto:valentine.sinit...@gmail.com
        <mailto:valentine.sinit...@gmail.com>
                <mailto:valentine.sinit...@gmail.com
        <mailto:valentine.sinit...@gmail.com>>>> wrote:

                    On 18.08.2016 17:42, Russell Bryant wrote:


                        On Thu, Aug 18, 2016 at 2:30 AM, Valentine Sinitsyn
                        <valentine.sinit...@gmail.com
        <mailto:valentine.sinit...@gmail.com>
                <mailto:valentine.sinit...@gmail.com
        <mailto:valentine.sinit...@gmail.com>>
                        <mailto:valentine.sinit...@gmail.com
        <mailto:valentine.sinit...@gmail.com>
                <mailto:valentine.sinit...@gmail.com
        <mailto:valentine.sinit...@gmail.com>>>
                        <mailto:valentine.sinit...@gmail.com
        <mailto:valentine.sinit...@gmail.com>
                <mailto:valentine.sinit...@gmail.com
        <mailto:valentine.sinit...@gmail.com>>

                        <mailto:valentine.sinit...@gmail.com
        <mailto:valentine.sinit...@gmail.com>
                <mailto:valentine.sinit...@gmail.com
        <mailto:valentine.sinit...@gmail.com>>>>> wrote:

                            Hi everyone,

                                        Russell, Would HA manager also
        manage
                ovn-controller
                                        switch over?


                                    Yes, indirectly.  The way this is
        typically
                handled
                        is by
                                    using a virtual
                                    IP that moves to whatever host is
        currently
                the master

                                Cool, then ovn-controller does not have
        to be HA
                aware.


                            In my understanding, the virtual IP feature in
                Pacemaker (i.e.
                            IPaddr2) works if both active and passive
        nodes of the
                        cluster are
                            in the same IP subnet.

                            For some deployments, this would mean both
        nodes a
                located
                        on the
                            same physical rack. This is not actually a
                fault-tolerant design
                            (think blackout).

                            If I'm getting virtual IP addresses in Pacemaker
                correct,
                        wouldn't
                            it be better to make ovn-controller HA
        aware? That
                is, have
                        a node
                            switching command (akin to
                        ovsdb-server/connect-active-ovsdb-server)
                            and let Pacemaker make use it?


                        I was not planning to have pacemaker manage
                ovn-controller on
                        every host.

                    OK, makes sense.

                Would using a proxy server, such as HAproxy, help?

            Help in what?

        To provide a single routable IP address for ovsdb clients to
        connect to.

    Yes it would, but doesn't Pacemaker handle this already as well?








                            If this sounds reasonable, I can take on it
        probably.


                        In general, I think having ovn-controller able
        to connect to
                        more than
                        one database IP seems fine.  I don't expect
        everyone to
                necessarily
                        agree on the same HA architecture.

                        Perhaps it's simple and good enough to add some
        support for
                        multiple IP
                        addresses for the southbound database that
                ovn-controller can rotate
                        through on reconnect attempts?

                    As passive ovsdb instance doesn't accept client
        connections,
                this
                    wouldn't help much if the connectivity between
                ovn-controller and
                    south ovsdb master is broken. But this scenario is
        likely
                outside
                    current HA architecture either.


                Yes, something external should change ovsdb-server from
        backup into
                active.  A backup server accepts clinet connections, but
        rejects any
                "write" transaction that can
                change the database.

            Pacamaker is a proposed way to do it, as far as I understand.

        Right.  I am still in favor of using floating IP for this release.

    Agree. That's a typical was to deploy Pacemaker, and something which
    would work for most people, I guess.

    I'm trying to find a solution for a different case, where this IP
    can float within the single rack only (as L3 subnet is not permitted
    to stretch across racks). The mechanisms involved are complementary,
    not mutually exclusive.






                    In short, yes, having support for multiple IPs in
                ovn-controller is
                    certainly a step forward in the right direction IMO.


                I agree it could be a worthwhile feature. If we end up
                implementing this
                feature, I hope we don't statically configure the backup
        server IP
                address.  It may be better
                for the idl client to keep track of current backup
        server.  One
                possible
                way to implement it is to store the backup connection
        into the
                database.

            Which of the databases? ovn-controller connects to OVS one,
        and to
            SB. Storing this in OVS means the backup server need to know all
            ovn-controllers on the net, having this information in SB
        itself is
            somewhat chicken and the egg problem.


        I'd think we need store them in both DBs.  HA manager or backup
        server
        can update the SB first,  ovn-controller can then replicate the
        configurations to its local OVS DB.

    An ovsdb-server updating itself sounds somewhat unnatural to me. HA
    manager updating the SB (or NB) seems more straightforward. However
    this leaves us a narrow race window when an active server fails and
    the client is left with no way to learn the backup server address.


HA manager works.

Do you mean the narrow window between a backup server has transitioned
into an active server, but before HA manager adds the next backup server?
Yes.

If it helps, we can update the SB with new backup server address
*before* making it active.  Current OVSDB does not allow this, but can
be fixed.

Are there other race windows?
I'm not presently aware of any other races. Although we discussed our problem within the team today, and it seems we have some other solution not involving any OVN changes at this point. IOW, this can be probably postponed.

On a related note, this ML indicates some ongoing work on ovsdb-server OCF scripts. Do you know if someone works on OCF scripts for ovn-northd, or there are no plans to make it HA-enabled at this point?

Thanks,
Valentine







            Now we store OVN SB location in the OVS database, do we? My
        initial
            intent was store not one, but two addresses, and switch
        between them.


        I don't object we start there. and this may be fine for the
        situations
        where active and backup server will always occupy two well known
        addresses. I just hope we have
        a plan to to update those addresses in case HA manager launches the
        backup server with a differnt IP address.

    Ack.



            Besides, don't we also want ovn-northd to support multiple
        addresses
            for NB/SB then?


        That would be nice too,

    Will have a look on it.

    Valentine



                The backup server
                can issue an transaction to record its connection
        information,
                before
                replicating.


            Valentine



                    Best,
                    Valentine



                        --
                        Russell Bryant

                    _______________________________________________
                    dev mailing list
                    dev@openvswitch.org <mailto:dev@openvswitch.org>
        <mailto:dev@openvswitch.org <mailto:dev@openvswitch.org>>
                <mailto:dev@openvswitch.org <mailto:dev@openvswitch.org>
        <mailto:dev@openvswitch.org <mailto:dev@openvswitch.org>>>
                    http://openvswitch.org/mailman/listinfo/dev
        <http://openvswitch.org/mailman/listinfo/dev>
                <http://openvswitch.org/mailman/listinfo/dev
        <http://openvswitch.org/mailman/listinfo/dev>>
                    <http://openvswitch.org/mailman/listinfo/dev
        <http://openvswitch.org/mailman/listinfo/dev>
                <http://openvswitch.org/mailman/listinfo/dev
        <http://openvswitch.org/mailman/listinfo/dev>>>




_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev

Reply via email to