I have deployed a Redis Cluster using Kubernetes. I am now attempting to use HAProxy to load balance. HAProxy is great for load balancing a redis cluster, IF you have static IPs. However, we don't have this when using kubernetes. While testing failover, Redis and Kubernetes handle election of a new master and deploying a new pod, respectively. However, kubernetes elects a new IP to the new pod. How can we inject this new IP into the HAProxy healthchecks and remove the old master IP?
I have the following setup.
+----+ +----+ +----+ +----+
| W1 | | W2 | | W3 | | W4 | Web application servers
+----+ +----+ +----+ +----+
\ | | /
\ | | /
\ | | /
+---------+
| HAProxy |
+---------+
/ \ \
+----+ +----+ +----+
| P1 | | P2 | | P3 | K8S pods = Redis + Sentinel
+----+ +----+ +----+
Which is very similar to the setup described on the haproxy blog.
According to https://github.com/GoogleCloudPlatform/kubernetes/tree/master/examples/redis it uses sentinel to manage the failover. This reduces the problem to the "normal" sentinel based solution.
In this case I would recommend running HAProxy in the same container as the Senrinels and using a simple sentinel script to update the HAProxy Config and issue a reload. A simple HAProxy Config which o ly talks to the master can easily be a simple search, replace, reload script.
Oh and don't use the HAProxy check in that blog post. It doesn't account for or detect split brain conditions. You could either go with a simple port check for availability, or write a custom check which queries each of the sentinels and only talks to the one with at least two sentinels reporting it as the master.
Related
I'm trying to introduce more redundancy and reliability to my server architecture.
Currently I have a variable number of web servers (minimum two) running apache with PHP and Memcached for sessions, which means that if one of the server goes down, the user will have to log in again.
After much research, I've decided to give Redis a go to store sessions, Redis Sentinel to manage Redis instance failure, and HAProxy to pass the sessions to the nominated Redis Master.
I'm a bit unclear about where all these things fit together despite days of reading. Let's say I have a minimum of two front end servers and two Redis servers, could this look like this:
Load balanced connection
|
-------------
| |
---------- ----------
| Apache | | Apache |
|Sentinel| |Sentinel|
| HAProxy| | HAProxy|
---------- ----------
| |
|----------
? ? - Managed by HAProxy,
---------- ---------- by talking to Sentinel
| | | |
| Redis | | Redis |
| | | |
---------- ----------
And then scale up, by adding more of the Apache/Sentinel/HAProxy severs? If so would this work on small (1gb memory) instances, or does Sentinel/HAProxy take up a lot of resources?
Secondly, how does HAProxy reliably talk to Sentinel? There appears to be lots of conflicting advice about how this works.
Many thanks for any help you can offer!
In the end, the simplest way to get this to work was to avoid HAProxy, and use Sentinel to tell the web server which Redis server was the Master.
To achieve this, I made a masterupdate.sh script that contained the following
#!/bin/bash
echo $6 > /location/master.txt
And edited redis/sentinel.conf to contain the following line
sentinel client-reconfig-script cache-master /location/masterupdate.sh
This meant that every time the master switched, Sentinel wrote the IP address to the master.txt text file, and I could read that text file from PHP to set up the sessions. Simple!
I've just set up a Redis cluster, which is working fine. The structure is the following:
Server 1 | Server 2 | Server 3
Master A | Master B | Master C
Slave B | Slave C | Slave A
Master A <-> Slave A
Master B <-> Slave B
Master C <-> Slave C
I'm wondering what's best practice to add a whole new server to this cluster.
Server 4
Master ?
Slave ?
Of course, I can add new nodes via ./redis-trib.rb add-node. Is there a generic way?
You can use the CLUSTER MEET command to add a new node into a cluster. This command forces two nodes take each other as a trusted node, and the newly added node will be introduced to other nodes in the cluster by the gossip protocol.
The newly added node will be an empty master. In order to turn it into a slave of another master node. You can use the CLUSTER REPLICATE command.
In your case, you can do the following steps:
Log in SLAVE-D
Join SLAVE-D into the cluster by sending the MEET command: CLUSTER MEET MASTER-A-IP MATER-A-PORT.
Join MASTER-D into the cluster by sending the MEET command: CLUSTER MEET MASTER-D-IP MATER-D-PORT
Make SLAVE-D a slave of MASTER-D by sending the REPLICATE command: CLUSTER REPLICATE MASTER-D-node-id
I have some server with OVS bridge on each. Each server has several VMs inside, all connected to the OVS bridge.
All bridges connect to the FloodLight OpenFlow controller and VMs inside 1 host can reach other. This is example of 2 host, A and B. VMs inside HOST A may get different or same subnet with VMs inside HOST B:
++++++++++++++++++++++++++++++
| +------+ +------+ |-----+
| | VM-1 | | VM-2 | | brA |
| +------+ +------+ |-----+------>--------+
+++++++++++ HOST A +++++++++++ \|/
+---------------+
| OF controller |
+---------------+
++++++++++++++++++++++++++++++ /|\
| +------+ +------+ |-----+------>--------+
| | VM-3 | | VM-4 | | brB |
| +------+ +------+ |-----+
+++++++++++ HOST B +++++++++++
Success: VM-1 reach VM-2.
How to: VM-1 reach VM-3???
Update: before connect to OF controller, VMs can reach the internet with POSTROUTING masquerade rule but failed after connected to OF controller.
Thank you for your reply.
Open vSwitch 2.5 and above can not work with the latest FloodLight controller. Version 2.4.1 should work ok.
If I am setting up an switch device to be controlled via OpenFlow, what are the conditions to use ovs-dpctl versus ovs-vsctl? The man page for ovs-dpctl says to use ovs-vsctl if ovs-vswitchd is used.
So what circumstances would you uses ovs-dpctl? What does it do that you can't do otherwise?
One follow-up question is where the OF "datapath" value comes from. This would be the 64-bit number in the OF spec that the OF controller uses to identify OF switches. Is this value automatically computed or do you have to enter it?
Thanks for any help with this.
ovs-dpctl:
A tool to create, modify, and delete Open vSwitch data‐paths.
Here are some examples (commands are random):
– ovs-dpctl add-dp dp1
– ovs-dpctl add-if dp1 eth0
– ovs-dpctl show
– ovs-dpctl dump-flows
ovs-vsctl:
A utility for querying and updating the configuration of ovs-vswitchd (with the help of ovsdb-server). Port configuration, bridge additions/deletions, bonding, and VLAN tagging are just some of the options that are available with this command.
Here are some examples (commands are random):
– ovs-vsctl –V : Prints the current version of openvswitch.
– ovs-vsctl show : Prints a brief overview of the switch database configuration.
– ovs-vsctl list-br : Prints a list of configured bridges
– ovs-vsctl list-ports <bridge> : Prints a list of ports on a specific bridge.
– ovs-vsctl list interface : Prints a list of interfaces.
– ovs-vsctl add-br <bridge> : Creates a bridge in the switch database.
ovs-ofctl:
I think it worth mentioning this tool too. A command line tool for monitoring and administering OpenFlow switches. It is used to list implemented flows in the OVS kernel module
- ovs-ofctl add-flow <bridge> <flow>
- ovs-ofctl add-flow <bridge> <match-field> actions=all
- ovs-ofctl del-flows <bridge> <flow>
To me it seems that ovs-vsctl is used to configure the open vswitch itself like configuring ports, bridges, etc. While ovs-dpctl is used to work with datapaths and interfaces.
Sources:
openvswitch and ovsdb
OpenVSwitch slides
openvswitch cheat sheet
Your second question -> OF datapath: To me datapath in context of openflow is an object denoting the connection between controller and switch. I believe OF controller figures that out but it depend on the OF controller.
ovs-vsctl is used to manage the openvswitch and ovs-dpctl can be used to manage datapaths within an openvswitch.
A relevant comment explaining datapaths can be found in dpif-provider.h:
A datapath is a collection of physical or virtual ports that are
exposed over OpenFlow as a single switch. Datapaths and the
collections of ports that they contain may be fixed or dynamic.
Openvswitch provides the capability for different datapath implementations. The following diagram from the OVS porting guide shows how different datapaths fit into the OVS architecture.
_
| +-------------------+
| | ovs-vswitchd |<-->ovsdb-server
| +-------------------+
| | ofproto |<-->OpenFlow controllers
| +--------+-+--------+ _
| | netdev | |ofproto-| |
userspace | +--------+ | dpif | |
| | netdev | +--------+ |
| |provider| | dpif | |
| +---||---+ +--------+ |
| || | dpif | | implementation of
| || |provider| | ofproto provider
|_ || +---||---+ |
|| || |
_ +---||-----+---||---+ |
| | |datapath| |
kernel | | +--------+ _|
| | |
|_ +--------||---------+
||
physical
NIC
I have a two server RabbitMQ cluster behind a load balancer, but right now only the first nodes seems to be fielding traffic.
When I do:
> rabbitmqadmin list nodes name type running uptime
+----------------------+------+---------+------------+
| name | type | running | uptime |
+----------------------+------+---------+------------+
| rabbit#n2-rabbitmq-1 | disc | True | 3899164848 |
| rabbit#n2-rabbitmq-2 | disc | True | |
+----------------------+------+---------+------------+
The second node shows no uptime. A cluster_status shows:
> sudo rabbitmqctl cluster_status
Cluster status of node 'rabbit#n2-rabbitmq-1' ...
[{nodes,[{disc,['rabbit#n2-rabbitmq-1','rabbit#n2-rabbitmq-2']}]},
{running_nodes,['rabbit#n2-rabbitmq-2','rabbit#n2-rabbitmq-1']},
{cluster_name,<<"rabbit#n2-rabbitmq-1">>},
{partitions,[]}]
...done.
What am I doing wrong or what should I look for?
Maybe for some reasons, one of your node went down and when it's up again, it does not sync with the 'master' node( which is the one running). To do so, set in the configuration file, /etc/rabbitmq/rabbitmq.config :
{cluster_partition_handling, autoheal}
I recommend that you should be using web management plugin for better observation:
$ rabbitmq-plugins enable rabbitmq_management
From the main (overview) page, you could see the status of your nodes in the cluster(connected, partitioned ...)
Anyway you'd better show your procedure of configuring (every step) your cluster with more information. If my above guess is wrong, please show me some information you get from the web interface.