Ubuntu HA - Pacemaker Resource Agents Supportability

Ubuntu HA - Pacemaker Resource Agents Supportability

After discussions among Ubuntu Developers, it was decided that Ubuntu project should focus in splitting all existing Pacemaker Resource Agents into different categories:

  • Resource Agents: [main]
  • Resource Agents: [universe]
  • Resource Agents: [universe]-community
  • Resource Agents: [non-supported]
  • Resource Agents: [deprecated]

Note: There is a current plan to split resource agents into different packages so supported agents can be installed independently.

Resource Agents: [main]

Agents in this list are supported just like any other package available in [main] repository would be.

RESOURCE AGENT

RESOURCE AGENT DESCRIPTION

 

SUPPORT AGENTS

Delay test resource for introducing delay
MailTo sends email to a sysadmin whenever a takeover occurs
ClusterMon runs crm_mon to a html page from time to time
HealthCPU measures CPU idling and updates #health-cpu attr
HealthIOWait measures CPU idling and updates #health-iowait attr
HealthSMART measures CPU idling and updates #health-smart attr

SERVICES (OCF, Systemd, SysV)

apache apache web server instance
dovecot dovecot IMAP/POP3 server instance
dhcpd chrooted ISC dhcp server instance
mysql MySQL instance
mysql-proxy MySQL proxy instance
pgsql pgsql database instance
named bind/named server instance
nfsnotify nfs sm-notify reboot notifications daemon
nfsserver nfs server resource
exportfs nfs exports (not the nfs server)
nginx Nginx web/proxy server instance
postfix postfix mail server instance
rabbitmq-cluster cloned rabbitmq cluster instance
remote pacemaker remote resource agent
rsyncd rsyncd instance
rsyslog rsyslogd instance
slapd stand-alone LDAP daemon instance
Squid squid proxy server instance
vsftpd vsftpd server instance
 

STORAGE

Raid1 software RAID (MD) devices on shared storage
iscsi local iscsi initiator and its conns to targets
iSCSILogicalUnit iSCSI logical units
iSCSITarget iSCSI target export agent (implementation: tgt / lio)
LVM LVM volume as an HA resource
LVM-activate LVM activation/deact work for VGs (lvmlockd+LVM-activate OR clvm+LVM-activate)
Filesystem filesystem on a shared storage medium
symlink symbolic link
ZFS ZFS pools import/export

LOCKING & RESERVATIONS

controld distributed lock manager for clustered FSs
clvm clvmd daemon (cluster logical vol manager)
lvmlockd agent manages the lvmlockd daemon.
mpathpersist SCSI persistent reservations on mpath devs
sg_persist master/slave resource for SCSI3 reservations

NETWORKING

Route network routes
iface-bridge bridge network interfaces
iface-vlan vlan network interfaces
IPaddr2 virtual IPv4 and IPv6 addresses
ipsec ipsec tunnels for VIPs
IPsrcaddr preferred source address modification
IPv6addr IPv6 aliases
conntrackd conntrackd instance
SendArp send gratuitous ARP for IP address
VIPArip virtual IP address through RIP2
ifspeed monitor action runs -> updates CIB with if speed

VIRTUALIZATION

VirtualDomain manages virtual domains through libvirt (virtual machine only)

CONTAINERS

lxc allows LXC containers to be managed by the cluster

Resource Agents: [universe]

Agents in this list are supported just like any other package available in [universe] repository would be.

RESOURCE AGENT RESOURCE AGENT DESCRIPTION

SUPPORT AGENTS

anything generic agent to manage virtually anything
Dummy testing dummy resource agent (template for RA writers)
AudibleAlarm audible beeps at interval
Stateful example agent that supports two states
WinPopup sends a SMB notification msg (popup) to a host

SERVICES

asterisk asterisk PBX
CTDB clustered samba (for needed clustered underlying)
dnsupdate ip take-over via dynamic dns updates
fio fio instance
galera galera instance
garbd galera arbitrator instance
jboss JBoss application server instance
jira JIRA server instance
kamailio kamailio SIP proxy/registrar instance
mariadb MariaDB master/slave instance
nagios nagios instance
ovsmonitor clone resource to monitor network bonds on diff nodes
pgagent pgagent instance
pound pound reverse proxy load-bal server instance
proftpd proftpd instance
Pure-FTPd pure-ftpd instance
redis redis server (supports master/slave replicas)
syslog-ng syslog-ng instance
tomcat tomcat servlet environment instance
varnish varnish instance

STORAGE

AoEtarget ata over ethernet

NETWORKING

IPaddr virtual IPv4 addresses
ocf:pacemaker:ping records in CIB number of nodes host can connect to
portblock temporarily block/unblock access to tcp/udp ports

OPENSTACK

openstack-cinder-volume attach cinder vol to an instance (os-info <->)
openstack-floating-ip move a floating IP from an instance to another

VIRTUALIZATION

Xen xen unprivileged domains

REGISTRATION (CIB)

lxd-info nr of lxd containers running in CIB
machine-info records various node attributes in CIB
NodeUtilization cpu / host mem / hypervisor mem etc… into CIB
openstack-info records attributes of a node into CIB
SysInfo records various node attributes into CIB
SystemHealth monitors health of system using IPMI
attribute sets node attr one way when started and vice-versa

Resource Agents: [universe]-community

Agents in this list are only supported by the upstream community. All bugs opened against these agents will be forwarded to upstream IF makes sense (affected version is close to upstream).

RESOURCE AGENT RESOURCE AGENT DESCRIPTION

SERVICES

SphinxSearchDaemon sphix search daemon
Xinetd start/stop services managed by xinetd
zabbixserver zabbix server instance

STORAGE

o2cb oracle cluster filesystem userspace daemon (oracle)
sfex excl access to shared storage using SF-EX

VIRTUALIZATION

aliyun-vpc-move-ip move ip within a vpc of the aliyum ecs (alibaba)
awseip manages aws elastic IP address (aws)
awsvip manages aws secondary private ip addresses (aws)
aws-vpc-move-ip move ip within a vpc of the aws ec2 (aws)
aws-vpc-route53 update route53 vpc record for aws ec2 (aws)
azure-events monitor for scheduled events for azure vm (azure)
azure-lb answers azure load balancer health probe req (azure)
gcp-vpc-move-ip floating ip address within a GCP VPC (google)
ManageVE openVZ virtual environment (virtuozzo)
minio minio server instance
podman creates/launches podman containers
rkt creates/launches container based on supplied image

CONTAINERS

docker docker container resource agent

Resource Agents: [non-supported]

Agents in this list are NOT supported in Ubuntu and might be removed in future Ubuntu HA versions.

RESOURCE AGENT RESOURCE AGENT DESCRIPTION

UNSUPPORTED

db2 manages IBM DB2 LUW databases (IBM)
eDir88 Novell eDirectory directory server instance (novell)
ICP ICP vortex clustered host drive (intel)
ids IBM informix dynamic server (IDS) (IBM)
SAPDatabase SAP database (of any type) instance agent (SAP)
SAPInstance SAP application server instances agent (SAP)
ServeRAID enables/disables shared serveRAID merge groups (IBM)
ManageRAID raid devices (/etc/conf.d/HB-ManageRAID)
oraasm oracle asm agent / uses ohasd for asm disk grp (oracle)
oracle oracle database instance (oracle)
oralsnr oracle TNS listener (oracle)
sybaseASE sybase ASE failover instance (Sybase)
vdo-vol https://bugs.launchpad.net/ubuntu/+bug/1869825
WAS websphere application server instance (IBM)
WAS6 websphere application server instance (IBM)

Resource Agents: [deprecated]

Agents in this list are NOT supported in Ubuntu OR Upstream (due to being deprecated in favor of other agents) and might be removed in future Ubuntu HA versions.

RESOURCE AGENT RESOURCE AGENT DESCRIPTION

DEPRECATED

Evmsd clustered evms vol mgmt (evms is not maintained)
EvmsSCC clustered evms vol mgmt (evms is not maintained)
LinuxSCSI enables/disables scsi devs through kernel scsi hotplug
scsi2reservation SCSI-2 reservation agent (depends on scsi_reserve)
ocf:heartbeat:pingd monitors connectivity to specific hosts
ocf:pacemaker:pingd replaced by pacemaker:ping (this is broken)
vmware control vmware server 2.0 virtual machines (2009)

Thank you for moving the list out of the mail thread into this more accessible form.
I have commented in the past on the mail, but revisited this today.

galera - would you mind to ask James Page if this would be required fro UCA to be in a better category? The same applies to the two openstack agents.

In general I think it is nice to have this place to discuss and see the components then move between the categories as we can track history on this.

Further I think it might need a bit of disambiguation and special-case-comment. Link to Repos and maybe extend a bit how you envision this to work for a single source package.
You mentioned you want to split the binary-packages, but it will still be one source.
Do you expect to have some binary packages demoted to universe to reflect what was discussed/decided here (good approach IMHO, I did the same for the awkward HW PMDs in dpdk)?

Furthermore - if there is a CVE it will be monitored and fixed, this already was the case and won’t change as the source package is in main already.
I think your package split will help as it will allow decisions like “yes the bug (or CVE) is in resource-agent, but it only happens to be in this particular binary package which really is even deprecated already”.

Having that content - in the way you envision it - on this page as well will help for everyone:
a) not as familiar with the terms
b) that needs to understand down to the fine-details how it is meant

The decisions for deprecation are clear (following upstream), those for universe sometimes might not be. For example, this is in the universe section:

IPaddr virtual IPv4 addresses

And one might think, hey I use this stuff why …

But actually there is:

IPaddr2 virtual IPv4 and IPv6 addresses

So instead of “just” putting things down into the “yeah in universe, but not getting all the love” section we might want to add “why”. That will also help people to realize where they might want to transition to instead.

IPaddr virtual IPv4 addresses (superseded by IPaddr2)

I’m not entirely sure we have perfect reasons for all of them, but the more we explain the more people will understand and follow. Especially for the types of:

  • this agent is superseded by X, please use X instead
  • this agent is a subset of Y and of lower quality, please use Y instead
  • this agent manages database Z which is in universe itself, please consider using Z’ (for example maria / mysql)

The differentiation between [Universe] and [Universe-community] is odd.
I understand most of the ordering into the three groups looking at the agents and what they manage. But what is the actual effective difference?

For example if you plan to look at a bug in asterisk which is in [universe] what makes it different from the packages in [main] then? And if you don’t want to look at it what makes it different from [Universe-community] or even [unsupported]?

Remember that with the source being in main MOTUs can’t upload it, so “just like any other package available in universe repository” doesn’t fully apply (also they do SRUs so rarely that it can almost be neglected).

I guess all but the first group of packages will end up in the universe pocket, but the naming here isn’t perfect yet. I think we’d want to iterate on the naming and outline in more details what to expect from it. Maybe the “reasons why” I requested above will help as well to make this more clear.

From other packages I’ve seen similar choices on plugins being reflected in the package name and description at least. So you could end up having groups of agents:

  • resource-agents-supported
  • resource-agents-community
  • resource-agents-unsupported
  • resource-agents-deprecated

If you want to split each agent into a binary of its own these could make the above at least be meta packages, but that wouldn’t be as much do notice this isn’t good as forcing the people to install a package called "...-unsupported".

And I beg your pardon, this isn’t a bike-shedding effort, I want to try to understand what we want the Ubuntu-Users to expect from these different categories eventually.

Done. I have copied you in the email.

AFAICT we don’t use the galera RA or any of the openstack RA’s for Charm deployed OpenStack.

I’ll make some changes trying to clarify the repositories, what they mean and point to them.

Yes, I really want those tables to be reflected into the current Ubuntu version packaging.

Hum, nice. I haven’t given this much thoughts. And, yes, we can device if CVEs and SRUs make sense depending on the affected binary packages, thats nice.

Working on it.

I’ll add an extra column to the table with those. I like it.

There are multiple “support” ideas here to be split:

  1. Supported by Ubuntu Community
  2. Supported by Ubuntu Server Community
  3. Supported by Canonical Server Team
  4. Supported by Canonical (Ubuntu Advantage)

Starting from the bottom up:

  • Ubuntu Advantage depends on a good [main] or [universe] categorization as they rely on those to offer to a final customer the supported service ([main]) or a supported as best effort service ([universe] or some extras, like Cloud Archives, etc).

  • Canonical Server Team has very finite resources so identifying the reference architecture (related pkgs in [main]) and classifying bugs affecting that architecture as higher priority is a must.

  • There are multiple agents outside anything we consider reference architecture and some of them are important to some end users. Just like the [universe] repository nature, bugs within those agents would be handled by either Ubuntu/Ubuntu Server Community or the Canonical Server Team.

  • There are agents that aren’t important to Ubuntu project, at least not for the project to put resources on it, but are meaningful to the ones who created them (Cloud providers) and their users (awseip / awsvip / aws-vpc-move-ip). It would be very expensive for us to try to help in those packages bugs, so the idea behind [universe]-community was to forward issues with those agents directly to upstream community (even if end user does not do it).

I really liked those names =).

Please consider Ubuntu Server Community and Ubuntu Community as “Community” only. I’ll refactor the post after we come into an agreement… waiting your input.