Lxc clustered services on OVH¶
Introduction¶
OVH provides powerful internet-connected servers at an affordable price and a scriptable IPv4 takeover. This is a great combination for clustered services driven by opensvc. This cookbook explains the steps involved in integrating such a cluster with LXC services on a local disk to gain a decent partitioning between services without compromise on performance and memory usage.
Preparing a node¶
Before moving on to the next step, you should have a couple of servers delivered by OVH, setup with Debian Squeeze, which has initscripts and kernel adapted for LXC. You should also have an 'IP failover' available. Finally, the OpenSVC agent should be installed on both nodes (doc)
Additional packages¶
Install:
apt-get install lxc bridge-utils python2.6 python2.5 debootstrap rsync lvm2 ntp python-soappy
And opensvc from https://repo.opensvc.com/deb/
Ethernet bridge¶
Create a backend bridge connected to a dummy interface. In /etc/network/interfaces
add the following block and activate the bridge using ifup br0:
auto br0
iface br0 inet static
bridge_ports dummy0
bridge_stp off
bridge_fd 0
bridge_maxwait 5
address 192.168.0.1
netmask 255.255.255.0
pre-up /sbin/modprobe dummy
Kernel parameters¶
In /etc/sysctl.conf
set the following parameters and reload the configuration using sysctl -p
:
# lxc routing
net.ipv4.ip_forward=1
net.ipv4.conf.br0.proxy_arp=1
Cgroup setup¶
In /etc/fstab
add the following line:
none /cgroup cgroup defaults 0 0
Then:
mkdir /cgroup
mount /cgroup
Preparing the service¶
Disk setup¶
OVH servers come with a 4 GB root filesystem, a ~4 GB swap partition and the rest of the disk is allocated to /home. The /home filesystem can be replaced by a single physical volume. Create a volume group over this pv and one or a set of logical volumes for each container. Format the logical volumes using the filesystem that suits you. Mount the logical volume set of the first container to create:
umount /home
vi /etc/fstab # remove the /home entry
pvcreate /dev/your_home_dev
vgcreate vg0 /dev/your_home_dev
lvcreate -n service_name -L 20G vg0
mkfs.ext4 /dev/vg0/opt/opensvc_name
mkdir /opt/opensvc_name
mount /dev/vg0/opt/opensvc_name /opt/opensvc_name
Container creation¶
Prepare the lxc container creation wrapper:
gzip -dc /usr/share/doc/lxc/examples/lxc-debian.gz >/tmp/lxc-debian
Create the container rootfs:
/tmp/lxc-debian -p /opt/opensvc_name
Basic container setup
- network
- locale
- tz
- hosts
- rc.sysinit (remove swaps and udev actions)
Create the container¶
create a lxc config file as /tmp/lxc.conf
containing:
lxc.utsname = service_name
lxc.tty = 4
lxc.pts = 1024
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = br0
lxc.network.name = eth0
lxc.network.mtu = 1500
lxc.rootfs = /opt/opensvc_name/rootfs
lxc.cgroup.devices.deny = a
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
lxc.cgroup.devices.allow = c 5:1 rwm
lxc.cgroup.devices.allow = c 5:0 rwm
lxc.cgroup.devices.allow = c 4:0 rwm
lxc.cgroup.devices.allow = c 4:1 rwm
lxc.cgroup.devices.allow = c 1:9 rwm
lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 136:* rwm
lxc.cgroup.devices.allow = c 5:2 rwm
lxc.cgroup.devices.allow = c 254:0 rwm
and create the container with:
lxc-create -f /tmp/lxc.conf -n service_name
Start the container:
lxc-start -n service_name
Opensvc service creation¶
Trust the node root account to ssh-login into the container:
mkdir /opt/opensvc_name/rootfs/root/.ssh
cat /root/.ssh/id_dsa.pub >>/opt/opensvc_name/rootfs/root/.ssh/authorized_keys
Create the service configuration file:
[default]
app = MYAPP
vm_name = service_name
mode = lxc
env = PRD
nodes = node1.mydomain node2.mydomain
orchestrate = start
[fs#1]
dev = /dev/mapper/vg0-service_name
mnt = /opt/opensvc_name
mnt_opt = defaults
type = ext4
standby = true
[ip#1]
ipdev = br0
ipname = service_name
post_start = /etc/opensvc/opensvc_name.d/ovh_routes start service_name 1.2.3.4
pre_stop = /etc/opensvc/opensvc_name.d/ovh_routes stop service_name 1.2.3.4
[sync#0]
src = /opt/opensvc_name/
dst = /opt/opensvc_name
dstfs = /opt/opensvc_name
target = nodes
snap = true
OVH routing and ipfailover¶
create the trigger scripts store, which is synchronized across nodes:
mkdir -p /etc/opensvc/opensvc_name.dir
cd /etc/opensvc/
ln -s opensvc_name.dir opensvc_name.d
create and adapt the trigger scripts as /etc/opensvc/opensvc_name.dir/ovh_routes
:
#!/bin/bash
svc=$2
vip=$3
route="$vip dev br0"
function has_route {
ip route ls | grep "$route" >/dev/null >&1
}
case $1 in
start)
has_route || ip route add $route
/etc/opensvc/etc/$svc.d/ipfailover
# make sure proxy_arp and ip_forwarding settings are set
sysctl -p >/dev/null 2>&1
# containers are not able to load kernel modules.
# trigger loading of common ones from here
iptables -L -n >/dev/null 2>&1
;;
stop)
has_route && ip route del $route
;;
esac
and /etc/opensvc/opensvc_name.dir/ipfailover
:
#!/usr/bin/python2.5
vip = '1.2.3.4'
nodes_ip = {
'n2': dict(
otheracc='ksXXXXX.kimsufi.com',
thisip='a.b.c.d'),
'n1': dict(
otheracc='ksYYYYY.kimsufi.com',
thisip='d.c.b.a'),
}
# login information
nic = 'xxxx-ovh'
password = 'xxxx'
#
# don't change below
#
from SOAPpy import WSDL
import sys
soap = WSDL.Proxy('https://www.ovh.com/soapi/ovh.wsdl')
try:
session = soap.login( nic, password )
except:
print >>sys.stderr, "Error login"
from os import uname
x, nodename, x, x, x = uname()
# dedicatedFailoverUpdate
try:
result = soap.dedicatedFailoverUpdate(session,
nodes_ip[nodename]['otheracc'],
vip,
nodes_ip[nodename]['thisip']);
print "dedicated Failover Update successfull";
except:
print >>sys.stderr, "Error dedicated Failover Update"
# logout
try:
result = soap.logout( session )
except:
print >>sys.stderr, "Error logout"
Make sure this last script is owned by root
and has 700
permissions, as it contains important credentials.