AnsweredAssumed Answered

Can you use a different Public IP for VIP than the one at deployment in a vSec Azure cluster?

Question asked by tom7e9b57bc-4ab7-4226-9637-0b9701d64f46 on Jun 2, 2018
Latest reply on Jun 5, 2018 by tom7e9b57bc-4ab7-4226-9637-0b9701d64f46

We deployed a new vSec cluster in Azure a few days ago to upgrade our old one.  Support said we could use the old public IP addresses so we moved them from the old resource group.  They worked fine for the members, but in a failover, the API deletes "cluster-vip" and when it tries to recreate it on the new active member, it tries to find the original public IP at deployment, which has been moved to a different resource group.  If I could rename the Public IP for the VIP in Azure, I think everything would be fine. But we cant.

 

Any ideas on a work around for either renaming an IP in Azure, or how to adjust the config file?

 

Here is a lengthy description what we tried, I am using dummy names:

 

Original deployment a year ago named "YearAgovSec".  Members were named "YearAgovSec1", "YearAgovSec2".  Public IPs for members were named "YearAgovSec1", "YearAgovSec2". Public IP for VIP was named "YearAgovSec".  Resource group named "YearAgovSec"

 

New deployment this year named "ThisYearvSec".   Members were named "ThisYearvSec1", "ThisYearvSec2".  Public IPs for members were named "ThisYearvSec1", "ThisYearvSec2".  Public IP for VIP was named "ThisYearvSec".  Resource group named "ThisYearvSec"

 

We moved out the Public IP Address "ThisYearvSec" to another resource group, and moved in "YearAgovSec" Public IP Address into the "ThisYearvSec" resource group.

 

In failover, the routes would get re-written correctly, the "cluster-vip" would get removed from the failing member, then things would stop.  The "cluster-vip" would never get added to the active member.  If we added it manually, everything worked fine.

 

The error we would get is:
RequestException: HTTP/1.1 404 Not Found
{"error":{"code":"ResourceNotFound","message":"The Resource'Microsoft.Network/publicIPAddresses/ThisYearvSec' under resource group 'ThisYearvSec' was not found."}}

 

The azure-ha.json has these settings:
  "clusterName": "ThisYearvSec",
  "clusterNetworkInterfaces": {
    "eth0": [
      "10.5.1.9",
      "ThisYearvSec"
    ]

 


We saw in azure_had.py it determines the public IP name with:
    public_ip_id = (conf['baseId'] +
                    'Microsoft.Network/publicIPAddresses/' + conf['clusterName'])

 

So we changed "ClusterName" in azure-ha.json from "ThisYearvSec" to "YearAgovSec"

 

When we test the config, now we get:

 

The hostname ThisYearvSec2 should be either 'YearAgovSec1' or 'YearAgovSec2'  because of this line in azure_ha_test.py:
conf['hostname'] = conf.get('hostname', socket.gethostname())
    cluster_name = conf['clusterName'].lower()
    if conf['hostname'] not in {cluster_name + '1', cluster_name + '2'}:
        raise Exception('The hostname %s should be either \'%s\' or \'%s\'' % (
            conf['hostname'], cluster_name + '1', cluster_name + '2'))

 


At this point, we gave up trying to trick it with the config file.

Outcomes