[2.3] MAAS does not handle vips and real ips well
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| MAAS |
Fix Released
|
Wishlist
|
Unassigned | ||
Bug Description
When configuring MAAS with HA, vip will be used for HAProxy (active-active regiond) or regiond (active-backup), because MAAS does not have any native HA mechanism for regiond.
In that scenario, one MAAS host may have multiple IP addresses as real IP address + vip. Since vip is managed by an external component of MAAS, such as pacemaker, MAAS does not knows how multiple IP addresses are used and does not distribute required IP addresses to MAAS nodes well.
Let's say, 3 hosts as configured as follows:
maas-1 (regiond + rackd): 192.168.0.11
maas-2 (regiond + rackd): 192.168.0.12
maas-3 (regiond + rackd): 192.168.0.13
and
maas-1 has an additional vip for Postgres: 192.168.0.28
maas-2 has an additional vip for regiond or HAProxy in front of regiond: 192.168.0.29
Then, at this point:
maas-1: 192.168.0.11 (real) + 192.168.0.28 (vip)
maas-2: 192.168.0.12 (real) + 192.168.0.29 (vip)
maas-3: 192.168.0.13 (real)
When deploying a MAAS node, the node will have the following IPs from MAAS:
[curtin-
apt:
proxy: http://
^^ this is from "maas_url: http://
network:
config:
- address:
- 192.168.0.28
- 192.168.0.12
- 192.168.0.13
search:
- maas
type: nameserver
^^^ looks like MAAS distributes all regiond IP addresses as DNS servers, but if a fail over of Postgres happens in this case, DNS in maas-1 won't be used by MAAS nodes even after maas-1 comes back, because 192.168.0.28 is already moved to somewhere else.
My expectation is that MAAS distributes 3 real IPs as 192.168.0.11, .12, .13 or just one vip as 192.168.0.29, not 192.168.0.28.
[/var/lib/
#cloud-config
ntp:
pools: []
servers: [192.168.0.28, 192.168.0.29]
^^^ MAAS distributes two racked IP addresses as NTP servers. In this case, the main PXE(DHCP) network has active-active rackd as maas-1 and maas-2. However, vips are used and those vips can be migrated to maas-3 which is not responsible for the network.
My expectation is that MAAS uses 192.168.0.11 and .12 because those are the real IP of two rackd.
Overall, some mechanisms to tell MAAS about real IPs and vips structure would be nice to have.
| Nobuto Murata (nobuto) wrote | #1 |
| description: | updated |
| tags: | added: cpe-onsite |
| tags: | added: ha |
| Changed in maas: | |
| status: | New → Triaged |
| importance: | Undecided → Wishlist |
| milestone: | none → 2.4.x |
| Andres Rodriguez (andreserl) wrote | #2 |
| Changed in maas: | |
| milestone: | 2.4.x → 2.5.0beta1 |
| status: | Triaged → Fix Committed |
| Changed in maas: | |
| status: | Fix Committed → Fix Released |
| Changed in maas: | |
| milestone: | 2.5.0beta1 → none |
FWIW, we configure the vip as /32. The could be used to determine which one is a real IP.
8: broam: <BROADCAST,
link/ether 3c:fd:fe:b6:5f:a1 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.11/24 brd 172.20.2.255 scope global broam
valid_lft forever preferred_lft forever
inet 192.168.0.28/32 brd 172.20.2.255 scope global broam
valid_lft forever preferred_lft forever
inet6 fe80::3efd:
valid_lft forever preferred_lft forever