Re: CARP Cold Spare
On 9/24/21 6:13 PM, Don Tek wrote: Would there be any ‘problem’ with configuring a 2-machine CARP setup and then just keeping one machine powered-off until needed? I realize this defeats live failover, but this is not a requirement for my customer. I just want them to be able to, in the event of a primary machine failure, power-on the secondary and have it take over. Logic here is to otherwise not have the secondary sucking power off the UPS’s in the event of a power failure, or in general. Legit? Technically, should work fine. Administratively? you got a mess on your hands. With a fair amount of certainty, I can say you will run into at least the following administrative problems: * users added/changed to live box, not duplicated to spare. * Updates done to live box, not to spare * rule changes done to live box, not to spare. * Other settings changed on live box, not duplicated to spare. None of these are intrinsically CARP issues or solved by CARP at all but all of them are are going to be complicated by having a machine that is off when changes are made to the live one. All these issues have to be considered with a CARP setup, but with a machine powered off, you KNOW they won't be dealt with in a timely manner...which means they won't be there when you need them. If your goal is really to have one machine running, I'd suggest skipping CARP, and just mirror the drives on the primary and keep spare hw in reserve, and keep good backups of ALL configuration information. Drive fails? you got a mirror. HW fails? you got spare, move the drives, bring it up. Keep it simple, you will be happier. Nick.
Re: CARP Cold Spare
On 2021-09-25, leonard wrote: > What is the power draw? I use a 1500 VA apc backups with 6 outlets on ups and > 5 on surge protection. As long as your total draw is less than 1200 VA, for < > $200 canadian you have a cheap simple solution. Just put on on the ups side > and the other on the surge suppressor side. Or buy 2.leonard@on the road Then, when the UPS is depleted and auto shutdown either failed or wasn't setup in the first place, you can have two machines failing to start due to fsck failures, not just one! > > They experience multi-hour blackouts what seems like once a month; If they aren't spending the money on lower power servers, the chance of spending the money on a UPS and battery chain (or more likely, ATS and generator) capable of surviving multi-hour blackouts is slim. Seems to me the "cold spare" idea makes complete sense for the situation described. I would not bother with pfsync for this use. However, if the network config allows, I _would_ try to get some low power box (rpi or whatever) connected to serial console on both routers. -- Please keep replies on the mailing list.
Re: CARP Cold Spare
What is the power draw? I use a 1500 VA apc backups with 6 outlets on ups and 5 on surge protection. As long as your total draw is less than 1200 VA, for < $200 canadian you have a cheap simple solution. Just put on on the ups side and the other on the surge suppressor side. Or buy 2.leonard@on the road Original message From: Don Tek Date: 2021-09-25 11:40 (GMT-05:00) To: jslee Cc: misc@openbsd.org Subject: Re: CARP Cold Spare I'm not sure why the hardware matters, but the two machines are a couple HP 1U Gen 8 Xeon servers. Suffice to say, they are identical and have supported hardware configurations for OpenBSD.Of course I _could_ run one off direct power, but it would be a terrible idea. The location is notorious for power surges, blips that are enough to reboot servers and several-second brown-outs. So, not connected to the UPS is just asking for damages.They experience multi-hour blackouts what seems like once a month; this is where the desire to limit the draw on the UPS's comes from. To ensure we make it through without having to shut down.Remote access is of primary concern, both for me for support, since I'm geographically far enough away that being on-site is not feasible, and to the customer, who just wants to stay home and work on systems in the office.Configurations on the servers almost never change (simple firwall), so besides having to run a quick syspatch and reboot once at time of failover, I don't see maintenance being so bad. I keep config files backed-up otherwise centrally for quick restore to the running box as well.My primary concern here is if CARP / pfsync will have issues with the one machine being down a majority of the time. Based on the FAQ, I think not, but have no practical experience.> On Sep 25, 2021, at 3:00 AM, jslee wrote:> > Hi,> > You haven’t said anything about your hardware platform, but could you run one of them on non-UPS power? Then you’d still have one online when (*not* if) the UPS fails, and also they’ll both normally be online for maintenance, syspatch, config changes etc> > I do recall installing a pair of identical servers at the same time and having them both fail a year later within an hour of each other, both with seized CPU fans, so I am somewhat sympathetic to your idea. But I think the practical cost of maintenance may be rather high> > John> > >> On Sat, 25 Sep 2021, at 08:13, Don Tek wrote:>> Would there be any ‘problem’ with configuring a 2-machine CARP setup >> and then just keeping one machine powered-off until needed?>> >> I realize this defeats live failover, but this is not a requirement for >> my customer.>> >> I just want them to be able to, in the event of a primary machine >> failure, power-on the secondary and have it take over. Logic here is >> to otherwise not have the secondary sucking power off the UPS’s in the >> event of a power failure, or in general.>> >> Legit?
Re: CARP Cold Spare
Unsure what the power draw is on these guys yet, they just got them. They have redundant 450W Platinum power supplies. The "new" servers are completely overkill for the application, but this is a work-with-what's-available situation. They got these free from a friend and don't want to spend on new hardware, otherwise I'd just get them something "smaller" and supremely efficient. We already have redundant UPS's. With the 3 servers previously (main VM servers and 1 now-dead firewall) attached to battery-backed power, we were getting roughly 3.5 hours of runtime before UPS drop. Sometimes minutes can matter with these blackouts. I also want that with the one machine not running, it's not incurring any wear or tear just for the sake of hot failover. I've got no talent on site, so in the event of a hardware or file system failure, It's an extremely tedious experience for me to walk someone there through swapping hardware, wiring, or reinstalling an operating system. So, I'm looking for that turn-this-one-off-and-this-one-on recovery option, without the need to fiddle with any hardware. If this works the way I want, the only single point of failure will be their cable modem, and Comcast can handle replacing that. Option B is to just have identical configurations and have them need to swap the network wiring as part of the failover. Will still prevent the days of downtime we're incurring now due to this failure, but not as simple for them, if the CARP solution is solid. > On Sep 25, 2021, at 10:25 AM, leonard wrote: > > > What is the power draw? I use a 1500 VA apc backups with 6 outlets on ups and > 5 on surge protection. As long as your total draw is less than 1200 VA, for < > $200 canadian you have a cheap simple solution. Just put on on the ups side > and the other on the surge suppressor side. Or buy 2. > > > > leonard@on the road > > > Original message > From: Don Tek > Date: 2021-09-25 11:40 (GMT-05:00) > To: jslee > Cc: misc@openbsd.org > Subject: Re: CARP Cold Spare > > I'm not sure why the hardware matters, but the two machines are a couple HP > 1U Gen 8 Xeon servers. Suffice to say, they are identical and have supported > hardware configurations for OpenBSD. > > Of course I _could_ run one off direct power, but it would be a terrible > idea. The location is notorious for power surges, blips that are enough to > reboot servers and several-second brown-outs. So, not connected to the UPS > is just asking for damages. > > They experience multi-hour blackouts what seems like once a month; this is > where the desire to limit the draw on the UPS's comes from. To ensure we > make it through without having to shut down. > > Remote access is of primary concern, both for me for support, since I'm > geographically far enough away that being on-site is not feasible, and to the > customer, who just wants to stay home and work on systems in the office. > > Configurations on the servers almost never change (simple firwall), so > besides having to run a quick syspatch and reboot once at time of failover, I > don't see maintenance being so bad. I keep config files backed-up otherwise > centrally for quick restore to the running box as well. > > My primary concern here is if CARP / pfsync will have issues with the one > machine being down a majority of the time. Based on the FAQ, I think not, > but have no practical experience. > > > On Sep 25, 2021, at 3:00 AM, jslee wrote: > > > > Hi, > > > > You haven’t said anything about your hardware platform, but could you run > > one of them on non-UPS power? Then you’d still have one online when (*not* > > if) the UPS fails, and also they’ll both normally be online for > > maintenance, syspatch, config changes etc > > > > I do recall installing a pair of identical servers at the same time and > > having them both fail a year later within an hour of each other, both with > > seized CPU fans, so I am somewhat sympathetic to your idea. But I think the > > practical cost of maintenance may be rather high > > > > John > > > > > >> On Sat, 25 Sep 2021, at 08:13, Don Tek wrote: > >> Would there be any ‘problem’ with configuring a 2-machine CARP setup > >> and then just keeping one machine powered-off until needed? > >> > >> I realize this defeats live failover, but this is not a requirement for > >> my customer. > >> > >> I just want them to be able to, in the event of a primary machine > >> failure, power-on the secondary and have it take over. Logic here is > >> to otherwise not have the secondary sucking power off the UPS’s in the > >> event of a power failure, or in general. > >> > >> Legit? >
Re: CARP Cold Spare
I'm not sure why the hardware matters, but the two machines are a couple HP 1U Gen 8 Xeon servers. Suffice to say, they are identical and have supported hardware configurations for OpenBSD. Of course I _could_ run one off direct power, but it would be a terrible idea. The location is notorious for power surges, blips that are enough to reboot servers and several-second brown-outs. So, not connected to the UPS is just asking for damages. They experience multi-hour blackouts what seems like once a month; this is where the desire to limit the draw on the UPS's comes from. To ensure we make it through without having to shut down. Remote access is of primary concern, both for me for support, since I'm geographically far enough away that being on-site is not feasible, and to the customer, who just wants to stay home and work on systems in the office. Configurations on the servers almost never change (simple firwall), so besides having to run a quick syspatch and reboot once at time of failover, I don't see maintenance being so bad. I keep config files backed-up otherwise centrally for quick restore to the running box as well. My primary concern here is if CARP / pfsync will have issues with the one machine being down a majority of the time. Based on the FAQ, I think not, but have no practical experience. > On Sep 25, 2021, at 3:00 AM, jslee wrote: > > Hi, > > You haven’t said anything about your hardware platform, but could you run one > of them on non-UPS power? Then you’d still have one online when (*not* if) > the UPS fails, and also they’ll both normally be online for maintenance, > syspatch, config changes etc > > I do recall installing a pair of identical servers at the same time and > having them both fail a year later within an hour of each other, both with > seized CPU fans, so I am somewhat sympathetic to your idea. But I think the > practical cost of maintenance may be rather high > > John > > >> On Sat, 25 Sep 2021, at 08:13, Don Tek wrote: >> Would there be any ‘problem’ with configuring a 2-machine CARP setup >> and then just keeping one machine powered-off until needed? >> >> I realize this defeats live failover, but this is not a requirement for >> my customer. >> >> I just want them to be able to, in the event of a primary machine >> failure, power-on the secondary and have it take over. Logic here is >> to otherwise not have the secondary sucking power off the UPS’s in the >> event of a power failure, or in general. >> >> Legit?
Re: CARP Cold Spare
Hi, You haven’t said anything about your hardware platform, but could you run one of them on non-UPS power? Then you’d still have one online when (*not* if) the UPS fails, and also they’ll both normally be online for maintenance, syspatch, config changes etc I do recall installing a pair of identical servers at the same time and having them both fail a year later within an hour of each other, both with seized CPU fans, so I am somewhat sympathetic to your idea. But I think the practical cost of maintenance may be rather high John On Sat, 25 Sep 2021, at 08:13, Don Tek wrote: > Would there be any ‘problem’ with configuring a 2-machine CARP setup > and then just keeping one machine powered-off until needed? > > I realize this defeats live failover, but this is not a requirement for > my customer. > > I just want them to be able to, in the event of a primary machine > failure, power-on the secondary and have it take over. Logic here is > to otherwise not have the secondary sucking power off the UPS’s in the > event of a power failure, or in general. > > Legit?
Re: CARP Cold Spare
> On Sep 24, 2021, at 6:16 PM, Don Tek wrote: > > Would there be any ‘problem’ with configuring a 2-machine CARP setup and > then just keeping one machine powered-off until needed? > > I realize this defeats live failover, but this is not a requirement for my > customer. > > I just want them to be able to, in the event of a primary machine failure, > power-on the secondary and have it take over. Logic here is to otherwise not > have the secondary sucking power off the UPS’s in the event of a power > failure, or in general. > > Legit? > Sounds legit to me. Let’s you share the IP safely and easily, up or down.
CARP Cold Spare
Would there be any ‘problem’ with configuring a 2-machine CARP setup and then just keeping one machine powered-off until needed? I realize this defeats live failover, but this is not a requirement for my customer. I just want them to be able to, in the event of a primary machine failure, power-on the secondary and have it take over. Logic here is to otherwise not have the secondary sucking power off the UPS’s in the event of a power failure, or in general. Legit?
