On Thu, 2018-08-02 at 11:02 +0200, Aurelien Kempiak wrote: > Hello, > I'm using Openvpn in failover mode, and it manages a ucarp VIP for > this. Problem is there's only one managed VIP (let's say I use it for > WAN), not two (for WAN + LAN). > My idea is to use Corosync/pacemaker, monitor the openvpn ucarp (WAN) > VIP, and brings up my pacemaker (LAN) VIP depending on WAN VIP's > presence, that's all.
I wasn't familiar with openvpn's ucarp feature -- it looks quite interesting. From an HA perspective, the main thing it lacks is fencing, which makes it susceptible to split-brain. Putting it in a pacemaker cluster can take care of that. Ideally, your pacemaker cluster would manage openvpn itself as a resource (most likely a systemd resource cloned on two nodes). So, the situation is that you have openvpn running on two nodes, and openvpn itself will bring up the WAN IP on one of those nodes. You want to bring up a LAN IP on whichever node has the WAN IP. I think you'll need a custom resource agent. Least complicated would be to copy the ocf:heartbeat:Dummy agent and modify its monitor operation to check for the WAN IP locally and set a node attribute yes or no. Then you can use a location constraint with a rule saying the LAN VIP must be located where that node attribute is yes. > I read a lot of documentation but I really did not find how to > monitor an IP address presence. Is that even possible ? > I would be glad if someone can tell me ;) > Best regards. > -- > Aurélien Kempiak > System & Network Engineer Fixe : 03 59 82 20 05 > 125 Avenue de la République 59110 La Madeleine > 12 rue Marivaux 75002 Paris -- Ken Gaillot <[email protected]> _______________________________________________ Users mailing list: [email protected] https://lists.clusterlabs.org/mailman/listinfo/users Project Home: http://www.clusterlabs.org Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf Bugs: http://bugs.clusterlabs.org
