Aplica-se a SUSE Linux Enterprise High Availability 15 SP6

7 Setting up IP relocation via DNS update #

If one site of your Geo cluster is down and a ticket failover appears, you usually need to adjust the network routing accordingly (or you need to have configured a network failover for each ticket). Depending on the kind of service that is bound to a ticket, there is an alternative solution to reconfiguring the routing: you can use dynamic DNS update and instead change the IP address for a service.

The following prerequisites must be fulfilled for this scenario:

The service that needs to fail over is bound to a host name.
Your DNS server must be configured for dynamic DNS updates. For information on how to do so with BIND/named, see the named documentation, or refer to https://www.semicomplete.com/articles/dynamic-dns-with-dhcp/. More information on how to set up DNS, including dynamic update of zone data, can be found in the Administration Guide for SUSE Linux Enterprise Server 15 SP6.
The following example assumes that the DNS updates are protected by a shared key (TSIG key) for the zone to be updated. The key can be created using dnssec-keygen:
```
# dnssec-keygen -a hmac-md5 -b 128 -n USER geo-update
```
For more information, see the dnssec-keygen man page or the Administration Guide for SUSE Linux Enterprise Server 15 SP6.

Exemplo 7.1, “Resource configuration for dynamic DNS update” illustrates how to use the ocf:heartbeat:dnsupdate resource agent to manage the nsupdate command. The resource agent supports both IPv4 and IPv6.

Exemplo 7.1: Resource configuration for dynamic DNS update #

crm(live)configure# primitive dns-update-ip ocf:heartbeat:dnsupdate params \
  hostname="www.domain.com" \1
  ip="192.168.3.4" \2
  keyfile="/etc/whereever/Kgeo-update*.key" \3
  server="192.168.1.1" \4
  serverport="53"5

1	Host name bound to the service that needs to fail over together with the ticket. The IP address of this host name needs to be updated via dynamic DNS.
2	IP address of the server hosting the service to be migrated. The IP address specified here can be under cluster control, too. This does not handle local failover, but it ensures that outside parties will be directed to the right site after a ticket failover.
3	Path to the public key file generated with `dnssec-keygen`.
4	IP address of the DNS server to send the updates to. If no server is provided, this defaults to the primary server for the correct zone.
5	Port to use for communication with the DNS server. This option only takes effect if a DNS server is specified.

With the resource configuration above, the resource agent takes care of removing the failed Geo cluster site from the DNS record and changing the IP for a service via dynamic DNS update.