[openstack-dev] [Fuel] Waiting for Haproxy backends

Andrew Beekhof abeekhof at redhat.com
Wed Nov 19 21:26:06 UTC 2014


> On 20 Nov 2014, at 6:55 am, Sergii Golovatiuk <sgolovatiuk at mirantis.com> wrote:
> 
> Hi crew,
> 
> Please see my inline comments.
> 
> Hi Everyone,
> 
> I was reading the blueprints mentioned here and thought I'd take the opportunity to introduce myself and ask a few questions.
> For those that don't recognise my name, Pacemaker is my baby - so I take a keen interest helping people have a good experience with it :)
> 
> A couple of items stood out to me (apologies if I repeat anything that is already well understood):
> 
> * Operations with CIB utilizes almost 100% of CPU on the Controller
> 
>  We introduced a new CIB algorithm in 1.1.12 which is O(2) faster/less resource hungry than prior versions.
>  I would be interested to hear your experiences with it if you are able to upgrade to that version.
>  
> Our team is aware of that. That's really nice improvement. Thank you very much for that. We've prepared all packages, though we have feature freeze. Pacemaker 1.1.12 will be added to next release.
>  
> * Corosync shutdown process takes a lot of time
> 
>  Corosync (and Pacemaker) can shut down incredibly quickly.
>  If corosync is taking a long time, it will be because it is waiting for pacemaker, and pacemaker is almost always waiting for for one of the clustered services to shut down.
> 
> As part of improvement we have idea to split signalling layer (corosync) and resource management (pacemaker) layers by specifying
> service { 
>        name: pacemaker
>        ver:  1
> }
> 
> and create upstart script to set start ordering. That will allow us
> 
> 1. Create some notifications in puppet for pacemaker
> 2. Restart and manage corosync and pacemaker independently
> 3. Use respawn in upstart to restart corosync or pacemaker
> 
> 
> * Current Fuel Architecture is limited to Corosync 1.x and Pacemaker 1.x
> 
>  Corosync 2 is really the way to go.
>  Is there something in particular that is holding you back?
>  Also, out of interest, are you using cman or the pacemaker plugin?
> 
> We use almost standard corosync 1.x and pacemaker from CentOS 6.5

Please be aware that the plugin is not long for this world on CentOS.
It was already removed once (in 6.4 betas) and is not even slightly tested at RH and about the only ones using it upstream are SUSE.

http://blog.clusterlabs.org/blog/2013/pacemaker-on-rhel6-dot-4/ has some relevant details.
The short version is that I would really encourage a transition to CMAN (which is really just corosync 1.x plus a more mature and better tested plugin from the corosync people).
See http://clusterlabs.org/quickstart-redhat.html , its really quite painless.

> and Ubuntu 12.04. However, we've prepared corosync 2.x and pacemaker 1.1.12 packages. Also we have update puppet manifests on review. As was said above, we can't just add at the end of development cycle.

Yep, makes sense.

>  
> 
> *  Diff operations against Corosync CIB require to save data to file rather
>   than keep all data in memory
> 
>  Can someone clarify this one for me?
>  
> That's our implementation for puppet. We can't just use shadow on distributed environment, so we run 
> 
>  Also, I notice that the corosync init script has been modified to set/unset maintenance-mode with cibadmin.
>  Any reason not to use crm_attribute instead?  You might find its a less fragile solution than a hard-coded diff.
>  
> Can you give a particular line where you see that?  

I saw it in one of the bugs:
   https://bugs.launchpad.net/fuel/+bug/1340172

Maybe it is no longer accurate

> 
> * Debug process of OCF scripts is not unified requires a lot of actions from
>  Cloud Operator
> 
>  Two things to mention here... the first is crm_resource --force-(start|stop|check) which queries the cluster for the resource's definition but runs the command directly. 
>  Combined with -V, this means that you get to see everything the agent is doing.
> 
> We write many own OCF scripts. We just need to see how OCF script behaves. ocf_tester is not enough for our cases.

Agreed. ocf_tester is more for out-of-cluster regression testing, not really good for debugging a running cluster.

> I'll try if crm_resource -V --force-start is better.
>  
> 
>  Also, pacemaker now supports the ability for agents to emit specially formatted error messages that are stored in the cib and can be shown back to users.
>  This can make things much less painful for admins. Look for PCMK_OCF_REASON_PREFIX in the upstream resource-agents project.
> 
> Thank you for tip. 
> 
> 
> * Openstack services are not managed by Pacemaker
> 
> The general idea to have all openstack services under pacemaker control rather than having upstart and pacemaker. It will be very handy for operators to see the status of all services from one console. Also it will give us flexibility to have more complex service verification checks in monitor function.
>  
> 
>  Oh?
> 
> * Compute nodes aren't in Pacemaker cluster, hence, are lacking a viable
>  control plane for their's compute/nova services.
> 
>  pacemaker-remoted might be of some interest here.
>  http://clusterlabs.org/doc/en-US/Pacemaker/1.1-pcs/html/Pacemaker_Remote/index.html
> 
> 
> * Creating and committing shadows not only adds constant pain with dependencies and unneeded complexity but also rewrites cluster attributes and even other changes if you mess up with ordering and it’s really hard to debug it.
> 
>  Is this still an issue?  I'm reasonably sure this is specific to the way crmsh uses shadows.
>  Using the native tools it should be possible to commit only the delta, so any other changes that occur while you're updating the shadow would not be an issue, and existing attributes wouldn't be rewritten.
> 
> We are on the way to replace pcs and crm with native tools in puppet service provider.
>  
> 
> * Restarting resources by Puppet’s pacemaker service provider restarts them even if they are running on other nodes and it sometimes impacts the cluster.
> 
>  Not available yet, but upstream there is now a smart --restart option for crm_resource which can optionally take a --host parameter.
>  Sounds like it would be useful here.
>  http://blog.clusterlabs.org/blog/2014/feature-spotlight-smart-resource-restart-from-the-command-line/
> 
> * An attempt to stop or restart corosync service brings down a lot of resources and probably will fail and bring down the entire deployment.
> 
>  That sounds deeply worrying.  Details?
>  
> As said above we need to separate corosync and pacemaker services. That will allow us to restart corosync or modify its config without touching resource logic.

Oh, I think I understand now.
I thought you meant stopping the cluster on one node blew it up everywhere else, but you're talking about changing corosync's config on all nodes and trying to get that applied right?

Would I be correct in guessing this is to add/remove nodes?  Most other corosync options tend to be set and forget.

I _think_ pcs in CentOS 6 is smart enough to support this without requiring the corosync to restart (at least when CMAN is involved).
In CentOS 7 (which has corosync 2) it definitely can.
> 
> 
> * Controllers other the the first download configured cib an immediate start all cloned resources before they are configured so they have to be cleaned up later.
> 
>  By this you mean clones are being started on nodes which do not have the software? Or before the ordering/colocation constraints have been configured?
> 
> The problem is how cluster is usually deployed. By default, puppet applies changes to one node, then to another and so on. When environment has clones, once pacemaker is installed, it will get configuration and would try to start resources on node immediately even if puppet is not done with catalog run. We implemented asymmetric cluster to mitigate such behavior. Though, I believe that more straight solution is to implement more complex orchestration.

Perhaps a stupid question, but is there a way to delay pacemaker from starting until the end of puppet's work on that node?

>  
> 
> 
> > On 15 Nov 2014, at 10:31 am, Sergii Golovatiuk <sgolovatiuk at mirantis.com> wrote:
> >
> > +1 for ha-pacemaker-improvements
> >
> > --
> > Best regards,
> > Sergii Golovatiuk,
> > Skype #golserge
> > IRC #holser
> >
> > On Fri, Nov 14, 2014 at 11:51 PM, Dmitry Borodaenko <dborodaenko at mirantis.com> wrote:
> > Good plan, but I really hate the name of this blueprint. I think we
> > should stop lumping different unrelated HA improvements into a single
> > blueprint with a generic name like that, especially when we already
> > had a blueprint with essentially the same name
> > (ha-pacemaker-improvements). There's nothing wrong with having 4
> > trivial but specific blueprints instead of one catch-all.
> >
> > On Wed, Nov 12, 2014 at 4:10 AM, Aleksandr Didenko
> > <adidenko at mirantis.com> wrote:
> > > HI,
> > >
> > > in order to make sure some critical Haproxy backends are running (like mysql
> > > or keystone) before proceeding with deployment, we use execs like [1] or
> > > [2].
> > >
> > > We're currently working on a minor improvements of those execs, but there is
> > > another approach - we can replace those execs with puppet resource providers
> > > and move all the iterations/loops/timeouts logic there. Also we should fail
> > > catalog compilation/run if those resource providers are not able to ensure
> > > needed Haproxy backends are up and running. Because there is no point to
> > > proceed with deployment if keystone is not running, for example.
> > >
> > > If no one objects, I can start implementing this for Fuel-6.1. We can
> > > address it as a part of pacemaker improvements BP [3] or create a new BP.
> > >
> > > [1]
> > > https://github.com/stackforge/fuel-library/blob/master/deployment/puppet/osnailyfacter/manifests/cluster_ha.pp#L551-L572
> > > [2]
> > > https://github.com/stackforge/fuel-library/blob/master/deployment/puppet/openstack/manifests/ha/mysqld.pp#L28-L33
> > > [3] https://blueprints.launchpad.net/fuel/+spec/pacemaker-improvements
> > >
> > > Regards,
> > > Aleksandr Didenko
> > >
> > >
> > > _______________________________________________
> > > OpenStack-dev mailing list
> > > OpenStack-dev at lists.openstack.org
> > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> > >
> >
> >
> >
> > --
> > Dmitry Borodaenko
> >
> > _______________________________________________
> > OpenStack-dev mailing list
> > OpenStack-dev at lists.openstack.org
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> >
> > _______________________________________________
> > OpenStack-dev mailing list
> > OpenStack-dev at lists.openstack.org
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> 
> 
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> 
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev




More information about the OpenStack-dev mailing list