[openstack-dev] [Fuel] Waiting for Haproxy backends

Sergii Golovatiuk sgolovatiuk at mirantis.com
Wed Nov 19 19:55:57 UTC 2014


Hi crew,

Please see my inline comments.

Hi Everyone,
>
> I was reading the blueprints mentioned here and thought I'd take the
> opportunity to introduce myself and ask a few questions.
> For those that don't recognise my name, Pacemaker is my baby - so I take a
> keen interest helping people have a good experience with it :)
>
> A couple of items stood out to me (apologies if I repeat anything that is
> already well understood):
>
> * Operations with CIB utilizes almost 100% of CPU on the Controller
>
>  We introduced a new CIB algorithm in 1.1.12 which is O(2) faster/less
> resource hungry than prior versions.
>  I would be interested to hear your experiences with it if you are able to
> upgrade to that version.
>

Our team is aware of that. That's really nice improvement. Thank you very
much for that. We've prepared all packages, though we have feature freeze.
Pacemaker 1.1.12 will be added to next release.


> * Corosync shutdown process takes a lot of time
>
>  Corosync (and Pacemaker) can shut down incredibly quickly.
>  If corosync is taking a long time, it will be because it is waiting for
> pacemaker, and pacemaker is almost always waiting for for one of the
> clustered services to shut down.
>

As part of improvement we have idea to split signalling layer (corosync)
and resource management (pacemaker) layers by specifying

service {
       name: pacemaker
       ver:  1
}

and create upstart script to set start ordering. That will allow us

1. Create some notifications in puppet for pacemaker
2. Restart and manage corosync and pacemaker independently
3. Use respawn in upstart to restart corosync or pacemaker


> * Current Fuel Architecture is limited to Corosync 1.x and Pacemaker 1.x
>
>  Corosync 2 is really the way to go.
>  Is there something in particular that is holding you back?
>  Also, out of interest, are you using cman or the pacemaker plugin?
>

We use almost standard corosync 1.x and pacemaker from CentOS 6.5 and
Ubuntu 12.04. However, we've prepared corosync 2.x and pacemaker 1.1.12
packages. Also we have update puppet manifests on review. As was said
above, we can't just add at the end of development cycle.


>
> *  Diff operations against Corosync CIB require to save data to file rather
>   than keep all data in memory
>
>  Can someone clarify this one for me?
>

That's our implementation for puppet. We can't just use shadow on
distributed environment, so we run

>
>  Also, I notice that the corosync init script has been modified to
> set/unset maintenance-mode with cibadmin.
>  Any reason not to use crm_attribute instead?  You might find its a less
> fragile solution than a hard-coded diff.
>

Can you give a particular line where you see that?

* Debug process of OCF scripts is not unified requires a lot of actions from
>  Cloud Operator
>
>  Two things to mention here... the first is crm_resource
> --force-(start|stop|check) which queries the cluster for the resource's
> definition but runs the command directly.

 Combined with -V, this means that you get to see everything the agent is
> doing.
>

We write many own OCF scripts. We just need to see how OCF script behaves.
ocf_tester is not enough for our cases. I'll try if crm_resource -V
--force-start is better.


>
>  Also, pacemaker now supports the ability for agents to emit specially
> formatted error messages that are stored in the cib and can be shown back
> to users.
>  This can make things much less painful for admins. Look for
> PCMK_OCF_REASON_PREFIX in the upstream resource-agents project.
>

Thank you for tip.

>
>
> * Openstack services are not managed by Pacemaker
>

The general idea to have all openstack services under pacemaker control
rather than having upstart and pacemaker. It will be very handy for
operators to see the status of all services from one console. Also it will
give us flexibility to have more complex service verification checks in
monitor function.


>
>  Oh?
>
> * Compute nodes aren't in Pacemaker cluster, hence, are lacking a viable
>  control plane for their's compute/nova services.
>
>  pacemaker-remoted might be of some interest here.
>
> http://clusterlabs.org/doc/en-US/Pacemaker/1.1-pcs/html/Pacemaker_Remote/index.html
>
>
> * Creating and committing shadows not only adds constant pain with
> dependencies and unneeded complexity but also rewrites cluster attributes
> and even other changes if you mess up with ordering and it’s really hard to
> debug it.
>
>  Is this still an issue?  I'm reasonably sure this is specific to the way
> crmsh uses shadows.
>  Using the native tools it should be possible to commit only the delta, so
> any other changes that occur while you're updating the shadow would not be
> an issue, and existing attributes wouldn't be rewritten.
>

We are on the way to replace pcs and crm with native tools in puppet
service provider.


>
> * Restarting resources by Puppet’s pacemaker service provider restarts
> them even if they are running on other nodes and it sometimes impacts the
> cluster.
>
>  Not available yet, but upstream there is now a smart --restart option for
> crm_resource which can optionally take a --host parameter.
>  Sounds like it would be useful here.
>
> http://blog.clusterlabs.org/blog/2014/feature-spotlight-smart-resource-restart-from-the-command-line/
>
> * An attempt to stop or restart corosync service brings down a lot of
> resources and probably will fail and bring down the entire deployment.
>
>  That sounds deeply worrying.  Details?
>

As said above we need to separate corosync and pacemaker services. That
will allow us to restart corosync or modify its config without touching
resource logic.


> * Controllers other the the first download configured cib an immediate
> start all cloned resources before they are configured so they have to be
> cleaned up later.
>
>  By this you mean clones are being started on nodes which do not have the
> software? Or before the ordering/colocation constraints have been
> configured?
>

The problem is how cluster is usually deployed. By default, puppet applies
changes to one node, then to another and so on. When environment has
clones, once pacemaker is installed, it will get configuration and would
try to start resources on node immediately even if puppet is not done with
catalog run. We implemented asymmetric cluster to mitigate such behavior.
Though, I believe that more straight solution is to implement more complex
orchestration.


>
>
> > On 15 Nov 2014, at 10:31 am, Sergii Golovatiuk <sgolovatiuk at mirantis.com>
> wrote:
> >
> > +1 for ha-pacemaker-improvements
> >
> > --
> > Best regards,
> > Sergii Golovatiuk,
> > Skype #golserge
> > IRC #holser
> >
> > On Fri, Nov 14, 2014 at 11:51 PM, Dmitry Borodaenko <
> dborodaenko at mirantis.com> wrote:
> > Good plan, but I really hate the name of this blueprint. I think we
> > should stop lumping different unrelated HA improvements into a single
> > blueprint with a generic name like that, especially when we already
> > had a blueprint with essentially the same name
> > (ha-pacemaker-improvements). There's nothing wrong with having 4
> > trivial but specific blueprints instead of one catch-all.
> >
> > On Wed, Nov 12, 2014 at 4:10 AM, Aleksandr Didenko
> > <adidenko at mirantis.com> wrote:
> > > HI,
> > >
> > > in order to make sure some critical Haproxy backends are running (like
> mysql
> > > or keystone) before proceeding with deployment, we use execs like [1]
> or
> > > [2].
> > >
> > > We're currently working on a minor improvements of those execs, but
> there is
> > > another approach - we can replace those execs with puppet resource
> providers
> > > and move all the iterations/loops/timeouts logic there. Also we should
> fail
> > > catalog compilation/run if those resource providers are not able to
> ensure
> > > needed Haproxy backends are up and running. Because there is no point
> to
> > > proceed with deployment if keystone is not running, for example.
> > >
> > > If no one objects, I can start implementing this for Fuel-6.1. We can
> > > address it as a part of pacemaker improvements BP [3] or create a new
> BP.
> > >
> > > [1]
> > >
> https://github.com/stackforge/fuel-library/blob/master/deployment/puppet/osnailyfacter/manifests/cluster_ha.pp#L551-L572
> > > [2]
> > >
> https://github.com/stackforge/fuel-library/blob/master/deployment/puppet/openstack/manifests/ha/mysqld.pp#L28-L33
> > > [3] https://blueprints.launchpad.net/fuel/+spec/pacemaker-improvements
> > >
> > > Regards,
> > > Aleksandr Didenko
> > >
> > >
> > > _______________________________________________
> > > OpenStack-dev mailing list
> > > OpenStack-dev at lists.openstack.org
> > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> > >
> >
> >
> >
> > --
> > Dmitry Borodaenko
> >
> > _______________________________________________
> > OpenStack-dev mailing list
> > OpenStack-dev at lists.openstack.org
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> >
> > _______________________________________________
> > OpenStack-dev mailing list
> > OpenStack-dev at lists.openstack.org
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20141119/fc284ab8/attachment.html>


More information about the OpenStack-dev mailing list