Elastix HA solution

Discussion in 'General' started by yesmat, Oct 12, 2009.

  1. yesmat

    Joined:
    Mar 16, 2009
    Messages:
    103
    Likes Received:
    0
    Hi All,

    Has anyone deployed a HA solution using the Elastix HA model before?

    What are you experience? does it work as the documentation describe? do you recommend it? do you have any pointers or advice on what to do and what not to do?

    We are very interested in this since we have a good potential for a HA system with a bigger client.

    Your advice and guidance is very much appreciated.

    Thanks
     
  2. yesmat

    Joined:
    Mar 16, 2009
    Messages:
    103
    Likes Received:
    0
    somebody must have done this before?
     
  3. ramoncio

    Joined:
    May 12, 2010
    Messages:
    1,663
    Likes Received:
    0
    Search the forum, there are a couple of threads about it. I think there also was a document in the wiki.
    heartbeat, drbd and RedPhone are the way to go.
     
  4. yesmat

    Joined:
    Mar 16, 2009
    Messages:
    103
    Likes Received:
    0
    Hi ramoncio.
    Sorry I am not asking how to implement Elastix HA, I have read the document and the posts already but my question was has anybody used this setup in production before? what are their experirnces? does it work fine? are there any gotchas or things to look out for? any advice etc.... and I guess successful stories too.

    Cheers
     
  5. dicko

    Joined:
    Oct 24, 2008
    Messages:
    4,099
    Likes Received:
    0
    They gotchas are a little hidden, but mostly network related, if you don't have room for more than one external IP, you need to arrange to be able to access the machines by some alternate method, if you need to share one external network address the heart-beat network script will, in it's current state leave you without a gateway. Conversely, if you have three available external addresses, then the two that are redundant, and left on by the redfone article (excellent recipe I might add) leave a security hole that needs plugging. If you have added avantfax, ossec, fail2ban, openfire, sugar etc. you need to further expand the replicated data fs and service start/stop bits.

    The method of replication needs careful consideration also, if local, then a dedicated network interface with a crossover cable will be fine (add the serial link for Heart-beat robustness) if "not so close" then a well configured vlan with proper qos works well also (on any network) , use of the WAN or LAN if in their native state is ill advised.

    If you try it on two "cloned" machines, then you need to fix the "clonelyness" (machineid/suid etc.) before you proceed.


    Otherwise it works flawlessly, but it really isn't for newbies. (for what it's worth I'm about 75% through a script to do it all for you, but don't hang on to your hat)

    p.s. another FWIW, if you are tempted to go similarly to my lazy mondoarchive/mondorestore cloning, way, start with a non LVM based machine (or convert it back to plain old partitions before you proceed), that will save you more than a few hours of hair pulling. When you make the replicated mount point make them IDENTICAL on both machines, and force them to start on a cylinder if disk based, (NFS works also but a lot more gotchas there also) the other partitions can vary.

    p.p.s.

    use IPADDR2 not IPADDR or arp based protocols get screwed.
     
  6. yesmat

    Joined:
    Mar 16, 2009
    Messages:
    103
    Likes Received:
    0
    Hey dicko,

    So based on your feedback you recommend the following:

    1- Having a dedicated management interface that has nothing to do with Heartbeat or DRBD and obviously configure default gateway on it to be able to access the boxes remotely. I agree.

    2- Having another dedicated interface to Heartbeat and DRBD inter-connecting both machines on a dedicated VLAN, where we have the floating IP Address. I agree

    3- Having a third interface dedicated to Redfone. But in my case will not be using Redfone so this will not be required.

    4- Need to add more services that are dependent on heartbeat like openfire, sugarcrm etc....agreed

    5- Not sure what you meant by "clone machines", but i think you mean VMs. Doesn't apply to my scenario since both machines are going to be physical chassis and not Vmware.

    6- never been successful with mondoresue so i stopped trying and just rely on Elastix backup routine. I assume you use mondorescue to replicate the common partition between both servers hence you want them to be identical.
     
  7. dicko

    Joined:
    Oct 24, 2008
    Messages:
    4,099
    Likes Received:
    0
    Yesmat:

    I recommend nothing!,just my 2 cents worth as ever.

    I personally use Vlan's to segregate function, VLAN512 for phones for Cisco legacy reasons, I use VLAN256 for management drdb and heartbeat etc. . 512 has all the qos/tos set, 256 can be a much lower q, and the untagged VLAN for lowly wingroans machines. With 100/1000 nics, no problem normally, the nice thing about VLANS is you can spread them around your infrastructure, drdb an on location client machine to your data center(usually a VM in my case), and when the network goes down, it's less pissed off people, at least they get their vmail/faxes/IVR's they just have to take (and make) their calls on their cell-phones and the queues are all effed up. If it's the VLAN that effed up and the WAN is working, then nobody knows but you, and it's split-brain time.

    Redfone and Xorcom do excellent TDM/analog drdb failover solutions, for VOIP only it's easier and cheaper, same solution though.

    Having spent over three days? building my "perfect" Elastix/avantfax/ossec/fail2ban/aastra/polycom/qos/iptables/vlan/drbd/heartbeat ready "base" machine, I prefer to clone it to the supplicant machine, and save another three days? each time. mondoarchive enables me to walk into a situation with a usb stick in my pocket, and have a totally up to date ElastixPlus machine in place and working in less than two hours.

    Yes it works on VM's (VMWARE by my preference, but you'll need a decent kernel) but also on almost anything else, even machines that 1.5.2 can't install to, further it's trivial to migrate between VM and physical, and vice versa.

    For the initial replication I use rsync into the replica (also sadly not included with basic elastix (I sometimes wonder about those Ecuadoran guys B) B) )

    (You should give mondo another chance, coincidentally from a post of mine ago
    .
    .
    (If you go that mondo route, I suggest you should add TERM=vt100 to the ADDITIONAL_BOOT_PARAMS in /usr/sbin/mindi if you value your eyesight, and have at least a rudimentary understanding of vi .)
    .
    .


    regards

    dicko
     
  8. yesmat

    Joined:
    Mar 16, 2009
    Messages:
    103
    Likes Received:
    0
    I wonder if Xorcom does so good of a job, why bother building a redundant machine from scratch?

    Interesting stuff you are doing with mondorescue. Once you have built a standard machine with all the goodies that you mentioned, which version of mondorescue do you use to copy the disk?
    Do you copy into a bootable USB?

    Do you recommend any reading material or user manuals for mondorescue? (don't panic i will not hold you responsible :))

    cheers
     
  9. dicko

    Joined:
    Oct 24, 2008
    Messages:
    4,099
    Likes Received:
    0
    Cos it's cheaper and more fun, and TDM/analog is almost by definition restricted to one location.

    I get the mondo.repo (for rhel5, the Centos5 one doesn't work) and yum install mondo, so as I suffer from CRS I can't answer that specifically. For "Belt and braces" I have both dvd and usb images, but I find the dvd's get scratched in my pocket, so I leave the ISO's on "the server".

    mondoarchive.org?, google? :) :) ( I never panic, there is only one rule and that is "Don't panic", ref: "42"! )
     
  10. yesmat

    Joined:
    Mar 16, 2009
    Messages:
    103
    Likes Received:
    0
    could you restore the mondo image onto a different hardware to the one that it was created on? example different motherboard or NIC?
     
  11. dicko

    Joined:
    Oct 24, 2008
    Messages:
    4,099
    Likes Received:
    0

Share This Page