subject:"Re\: \[ClusterLabs\] Can packmaker launch haproxy from new network namespace automatically\?"

Re: [ClusterLabs] Can packmaker launch haproxy from new network namespace automatically?

2016-12-21 Thread Hao QingFeng




在 2016-12-22 6:03, Ken Gaillot 写道:

On 12/17/2016 07:26 PM, Hao QingFeng wrote:

Hi Folks,

I am installing packmaker to manage the cluster of haproxy within
openstack on ubuntu 16.04.

I met the problem that haproxy can't start listening for some services
in vip because the related ports

were occupied by those native services which listened on 0.0.0.0.

I opened a bug to openstack team and a buddy told me that I should use
pacemaker to run haproxy in

a separate network namespace.  I attached his description here(also in bug):

<<<

Fuel runs haproxy via pacemaker (not vis systemd/upstart) and pacemaker
runs haproxy in a separate network namespace.

So haproxy does not cause any problems by listedning on 0.0.0.0 since
it's listening in a separate network namespace.

You can see it via "ip netns ls" command and then "ip netns exec haproxy
ip a".

Did you try to restart haproxy via systemd/upstart? If so then you could
face this problem. You should use pacemaker to control haproxy service.

Here is the bug link:

https://bugs.launchpad.net/openstack-manuals/+bug/1649902

Actually I did start haproxy with pacemaker but "ip netns ls" show
nothing and haproxy can't bind some port like 9292 on vip .

I checked and found that openstack starts including this function from
fuel 5.0(released in May, 2014).

But after I downloaded pacemaker's code, did a rough check, I couldn't
find any related functions(keywords: ip netns, clone, CLONE_NEW...)

except in the test cases for neutron and ovs etc(if my understanding is
correct).

I didn't see any related configuration item in "crm configure show" either.


So I would like just  to confirm that if pacemaker has such function to
create a new network namespace

for haproxy(or other manged service) automatically to avoid such socket
binding conflict?

If yes, how to configure it? If no such function, do you have any advice
on how to solve the problem?

No, pacemaker has no way to do that itself, but maybe you could run
haproxy inside a container, and manage the container as a pacemaker
resource.

Ken,
Thanks a lot for your explanation! I'll try to do as your approach!

BTW, you can see the detailed configuration information in the bug link,
if you need more, please let me know.

Thanks a lot!

Regards!

--

QingFeng Hao(Robin)

___
Users mailing list: Users@clusterlabs.org
http://lists.clusterlabs.org/mailman/listinfo/users

Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org



--
QingFeng Hao(Robin)


___
Users mailing list: Users@clusterlabs.org
http://lists.clusterlabs.org/mailman/listinfo/users

Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org

Re: [ClusterLabs] Can packmaker launch haproxy from new network namespace automatically?

2016-12-21 Thread Ken Gaillot

On 12/17/2016 07:26 PM, Hao QingFeng wrote:
> Hi Folks,
> 
> I am installing packmaker to manage the cluster of haproxy within
> openstack on ubuntu 16.04.
> 
> I met the problem that haproxy can't start listening for some services
> in vip because the related ports
> 
> were occupied by those native services which listened on 0.0.0.0.
> 
> I opened a bug to openstack team and a buddy told me that I should use
> pacemaker to run haproxy in
> 
> a separate network namespace.  I attached his description here(also in bug):
> 
> <<<
> 
> Fuel runs haproxy via pacemaker (not vis systemd/upstart) and pacemaker
> runs haproxy in a separate network namespace.
> 
> So haproxy does not cause any problems by listedning on 0.0.0.0 since
> it's listening in a separate network namespace.
> 
> You can see it via "ip netns ls" command and then "ip netns exec haproxy
> ip a".
> 
> Did you try to restart haproxy via systemd/upstart? If so then you could
> face this problem. You should use pacemaker to control haproxy service.
> 

> 
> Here is the bug link:
> 
> https://bugs.launchpad.net/openstack-manuals/+bug/1649902
> 
> Actually I did start haproxy with pacemaker but "ip netns ls" show
> nothing and haproxy can't bind some port like 9292 on vip .
> 
> I checked and found that openstack starts including this function from
> fuel 5.0(released in May, 2014).
> 
> But after I downloaded pacemaker's code, did a rough check, I couldn't
> find any related functions(keywords: ip netns, clone, CLONE_NEW...)
> 
> except in the test cases for neutron and ovs etc(if my understanding is
> correct).
> 
> I didn't see any related configuration item in "crm configure show" either.
> 
> 
> So I would like just  to confirm that if pacemaker has such function to
> create a new network namespace
> 
> for haproxy(or other manged service) automatically to avoid such socket
> binding conflict?
> 
> If yes, how to configure it? If no such function, do you have any advice
> on how to solve the problem?

No, pacemaker has no way to do that itself, but maybe you could run
haproxy inside a container, and manage the container as a pacemaker
resource.

> 
> BTW, you can see the detailed configuration information in the bug link,
> if you need more, please let me know.
> 
> Thanks a lot!
> 
> Regards!
> 
> -- 
> 
> QingFeng Hao(Robin)

___
Users mailing list: Users@clusterlabs.org
http://lists.clusterlabs.org/mailman/listinfo/users

Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org

Re: [ClusterLabs] Can packmaker launch haproxy from new network namespace automatically?

Re: [ClusterLabs] Can packmaker launch haproxy from new network namespace automatically?

2 matches

Site Navigation

Mail list logo

Footer information