-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/15/2012 03:03 PM, Dimitri Maziuk wrote: > On 11/15/2012 10:11 AM, Digimer wrote: >> On 11/15/2012 02:52 AM, [email protected] wrote: >>> Hello, > >>> I have to secure a "homemade" monitoring solution mainly based >>> on Nagios 2.x and MySQL 5.1. >>> >>> I must deploy an "active / passive" cluster with automated >>> switch of services. 2 servers will be located on two different >>> datacentres and connected by an optical fiber (which will be >>> channeled through the lifeline + cluster replication data). >> >> What you are trying to do is called a "stretch cluster". If you >> want automatic failover, you will have some significant >> challenges. Mainly, when a node stops responding, it needs to be >> put into a known state to ensure that the same service isn't >> offered twice or that shared storage is not happening without >> coordination. >> >> This is done using fencing, and fencing only really useful when >> it uses an independent network path. So dual links are needed. >> Now that probability of failing both links at the same time is >> real (someone digs without looking, for example) would break the >> cluster's fencing, leaving the nodes hung until there is human >> intervention. >> >> Stretch clustering requires very careful planning and rarely is >> worth it. > > So where do nagios and mysql come into the picture? > >>> Tests were carried out with products DRBD (8.3.7) & Heartbeat >>> (3.0.3) using the official Debian mirrors. >> >> DRBD 8.3.7 is *very* old. Heartbeat is deprecated and has no >> future development planned. > > Which doesn't mean you shouldn't use heartbeat for "simple stupid" > 2-node active/passive 'haresources' cluster. You shouldn't use *if* > you need more than simple stupid. The good news is it's not > changing to something not entirely dissimilar every 18 months, > unlike everything that's been developed since. > > DRBD is old but our public servers have been running 8.3 for quote > some time now without problems. > > (Our centos 5 servers have been running heartbeat 2.1.4 and drbd > 8.3.8 for years now.) > >>> I wanted to get your opinion on the various security products >>> such cluster (HA / Pacemaker / Corosync / keepalived / OpenSVC >>> ...) to point me towards the most efficient and adapted >>> according to my needs. > > Where'd "security products" come from? Do you mean you > nagios+mysql setup is doing some sort of security monitoring? The > good thing about heartbeat is it's not being developed anymore. So > what you've learned about it remains relevant. > >> The future of open source clustering is on corosync + pacemaker. >> I would start by learning more about them. > > I would wait a year. They'll come up with something else and you'll > have to unlearn the old busted coronary+zapper and learn about the > new shiny+hotness instead. > > But for the most part: what is you're trying to actually do? > > Using drbd for database replication is suboptimal, especially over > non-local links. You really want transactional replication and if > mysql doesn't do it, switch to the one that does. > > As for nagios, why not set up two independent ones monitoring > everything and each other? I suspect you can go a lot with a few > lines of perl to make sure you don't get double the e-mail.
This is verging on a philosophical debate, which I am not to interested in. For what it's worth, I use corosync + cman + rgmanager because it is so stable and relatively unchanging, with a planned supported life to 2020. My point was that Julien, starting a new project, should not start on day 1 with very old, deprecated software. By your argument, I could say "what will a user do when X simply is not supported anymore and a critical issue is found?". I offer my advice for free, and people can take from it what they paid for it. - -- Digimer Papers and Projects: https://alteeve.ca/w/ What if the cure for cancer is trapped in the mind of a person without access to education? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iQIcBAEBAgAGBQJQpU9QAAoJEJL1R7RwoP6I++4P+wal3C76+IC5eDwNbRnSQIIU hGI+ozr0b/oz7HBCWvZijNDiABRd0lh2du16qlHfI/ZjFw8ArZGlZNcGe9ZWpGoH yT5HG78nHvR8yaQu/bpjp/QE0lrf4fqgKjrp1hvduT6IAWQd3FZL/QlWt7VMWofE S6A9BVq+bI6PRUddAsJPiZrmpaQ6xRb4LKmaUECQafrl3j4PqBoFNf6v0D7ywGBR Fa3N1JkU6xd146rZPwnAoQ80hsVMbvmNe6ekRQEoeHytd/LAJilVRU4GsYyz8soo 2Z5RdhVq+AbrrWH8OT5Ch1HhlcbJNmL5kXOTbMNHaUYDi7r/5qlcrv7VtGOAJyIN QpBqprOH4woLDeRJgiseQCevKnBncueaLqOa+vgLzEvzP8YImURx6DvvHXLfYR8N ViROgGihgHGSdDPO9HlnvYRaAkoNIqjD8WYK5mSXWJh+DkHDswYxp7oheLVAL1M3 HB7LrBtx4OzcX79V439zq1nCK1qBmW8wxj90//MTfSid/gj7cYDTj+cHgzE41iJu 1utWtzq1yrj2oEx1ZqI6YtP1cacl4J/h2XHFWTcjf1LtOqFRaAcf+dAY3ceX2X21 uFKmeqlU0+SdX4hRWrqkvdXD2nrsICaNcZ02sj+0ADT13R/Sx+k7qj3ZsNQ42Zbt sReTnT3DaUeSNhRtytYS =IYGa -----END PGP SIGNATURE----- _______________________________________________ Linux-HA mailing list [email protected] http://lists.linux-ha.org/mailman/listinfo/linux-ha See also: http://linux-ha.org/ReportingProblems
