high-availability - Pacemaker ipaddr2 资源没有失败 correclty

Question

我有一个带有起搏器 ipaddr2 资源的浮动 IP 设置。

test-IP4       (ocf::heartbeat:IPaddr2):       Started node1

浮动 IP 设置为在我的 ib0 接口上启动。ib0 端口连接到网络交换机。当我禁用网络交换机上的端口时，ib0 端口关闭。但资源不会失败。我可以从同一主机 ping 通 IP 地址，但其他主机无法 ping 通它。为什么资源没有失败？

这是在我禁用交换机上的端口之前的样子。

ib0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 2044 qdisc pfifo_fast state UP group default qlen 256
    link/infiniband 80:00:02:08:fe:80:00:00:00:00:00:00:00:02:c9:03:00:18:97:71 brd 00:ff:ff:ff:ff:12:40:1b:ff:ff:00:00:00:00:00:00:ff:ff:ff:ff
    inet 192.168.2.168/24 brd 192.168.2.255 scope global noprefixroute ib0
       valid_lft forever preferred_lft forever

这就是我禁用交换机上的端口时的样子。

ib0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 2044 qdisc pfifo_fast state DOWN group default qlen 256
    link/infiniband 80:00:02:08:fe:80:00:00:00:00:00:00:00:02:c9:03:00:18:97:71 brd 00:ff:ff:ff:ff:12:40:1b:ff:ff:00:00:00:00:00:00:ff:ff:ff:ff
    inet 192.168.2.168/24 brd 192.168.2.255 scope global noprefixroute ib0
       valid_lft forever preferred_lft forever

Answer 1

The virtual IP (IPaddr2) will not failover if the interface is failed. As per my experience, IPaddr2 will try to recover this, in its start call and remain on the same Node. The pacemaker uses a stonith to handle network issue but if are monitoring other networks then we can use ping resource to do failover.

There are 3 ways to address this issue

1. Stonith configuration Generally, network issue is handled by stonith agent, after configuring stonith, it fences the unhealthy node to avoid the split-brain problem.

2. Create a custom resource to monitor the network and put dependency of ipaddr resource on this resource, whenever there is a network fault it will be handled by custom resource.

3. Create pingd resource Create ocf:pacemaker:ping clone resource and add dependency rule on ipaddr as ping will fail after nework fail, the ipaddr will failover to healthy node.

pcs resource create ping_res ocf:pacemaker:ping dampen=5s multiplier=1000 host_list="node1 node2" clone

pcs constraint location ipaddr-name-res rule score=-INFINITY pingd lt 1 or not_defined pingd

If ping failed then -INFINITY porperty will be set for ipaddr-name-res resource