CTDB with net.ipv4.ip_nonlocal_bind=1 (was Re: Setting up CTDB on OCFS2 and VMs ...)

Martin Schwenke martin at meltin.net
Mon Dec 29 21:58:21 MST 2014 

On Tue, 30 Dec 2014 12:17:25 +0800, Min Wai Chan <dcmwai at gmail.com>
wrote:

> I'm not sure if I should start a new thread on this...

Definitely!  ;-)

I have at least changed the subject line.

> But I found that when using CTDB...
> 
> You cannot have the following (
> 
> */etc/sysctl.conf*
> 
> net.ipv4.ip_nonlocal_bind=1
> 
> 
> If such configure are available.
> 
> Both the CTDB node will only bind node0. (Even if it don't have the IP)

Yes, I guess that's why the documentation for this option says "may
break some applications".  This will cause 2 different types of
failures:

* The one you have noticed where CTDB on both nodes will bind to the
  same private IP address.  ctdbd(7) has the following DEBUG option:

       --listen=IPADDR
           This specifies which IP address that ctdbd will bind to.

           By default ctdbd will bind to the first address it finds in
           the /etc/ctdb/nodes file that is also present on the local
           system.

           This option is only required when you want to run multiple
           ctdbd daemons/nodes on the same physical host in which case
           there would be multiple entries in /etc/ctdb/nodes that
           would match a local interface.

  We use this when running tests.  There is no corresponding
  configuration option (which would be documented in ctdbd.conf(5)).
  Perhaps you've just given us a reason to consider adding one?  ;-)

  However, CTDB's "ctdb xpnn" CLI command depends on only being able to
  bind to a one address in the nodes file so it can determine the node
  number.  This would be harder to "fix" to accommodate
  ip_nonlocal_bind.  The way to do that would be to finally have the
  ctdb CLI tool also load configuration so that any "listen" option
  could be use in the xpnn code.  That looks like a non-trivial change.

  Another possibility would be to avoid using "ctdb xpnn" altogether.
  It is a hack to avoid "ctdb pnn" under heavy load when there might
  be issues talking to the daemon.  We use "ctdb xpnn" in scripts 5
  times.  One of those is in the 00.ctdb "startup" event.  We could
  instead drop the PNN value into a known file during the "setup" event
  and have the scripts just read the PNN value from that file.  I'm not
  sure if anything external actually uses "ctdb xpnn".

* Incorrect results when checking to see if a public IP address is
  present on an interface.  In a number of contexts CTDB uses bind(2) as
  a cheap way of checking if a public IP address is present on an
  interface.

  However, if you're using haproxy then you're probably not using
  CTDB's public IP addresses.

Can you please let us know whether you intend to use CTDB's public IP
addresses (no, I assume) and why you need to set ip_nonlocal_bind
(haproxy needs it, I assume)?

Meanwhile, I'll think about the changes needed to solve the 1st problem,
since it would allow CTDB to be used without public IP addresses when
ip_nonlocal_bind is set.

peace & happiness,
martin

More information about the samba-technical mailing list