Hetzner Failover IP OCF script

At Hetzner you can get very cheap servers. If your application stack can handle failovers and the like, it’s a cheap venue to setup a fairly large setup. One thing that’s a bit different than at most other colocators I know, is their network setup. They actually route all traffic via managed switches to your machine. So all machines are in their own network. That can be a problem if you want to do cool stuff like moving an IP address on the fly.

Luckily, they have provided “Failover IP” addresses, which you can allocate to a server and which you can switch to another server. But only via a web interface. The web interface also has an API, which makes things a bit easier. For one of our customers, we wrote an OCF script that can perform the failover, so we can user heartbeat and pacemaker over there.


Due to the fact that pacemaker expects all variables to be the same on both machines, we need to use several data sources. We’ve created it as follows:

  • An OCF script that calls a Python script for assigning the failover IP
  • The aforementioned Python script, which reads some variables from a local file (defaults to /etc/hetzner.cfg) and which actually talks to the API to switch the IP address or check if the IP address is currently assigned to this host
  • A local config file which is read by the Python script and contains the Hetzner API credentials and the local machine IP address.

The local IP address in the configuration file is needed because we run all important stuff in VMs and the API expects the IP address of the iron to which you want the failover IP to point. Usually, you do not have access to the local IP address, which is why we simply set it up in the configuration file. The Python script is fairly simple. You can run it with -h to see the possible commands you can give it. The config file probably requires some explanation:

[dummy]

user = #12345+RaNdM

pass = sEcReT

local_ip = 1.2.3.4

The user and pass can be generated from the Hetzner Robot interface. When you have selected the server to which the failover IP is assigned, select the Admin option and request new credentials. These are specific to that machine and all resources assigned to that machine. This is a safety measure. The local IP is the primary IP address of the local machine. So if you want to be able to switch the failover IP address to the machine with the local IP address of 2.3.4.5, that machine will have local_ip = 2.3.4.5 in it’s /etc/hetzner.cfg file. Are you still following this? Good!

Now, the using the OCF script is simple. Add it to /usr/lib/ocf/resource.d/kumina/hetzner-failover-ip and setup your CRM configuration as follows:

primitive IP_mysql ocf:kumina:hetzner-failover-ip \
    op start interval="0" timeout="300s" \
    op monitor interval="60s" timeout="300s" \
    params ip="1.1.1.1" script="/usr/local/sbin/parse-hetzner-json.py"

The 1.1.1.1 should be replaced with your failover IP, of course. The script needs to be added. If you want to use another configuration file, you can change it into /usr/local/sbin/parse-hetzner-json.py -c /etc/myconfig.hetz or something that suits your fancy. The timeout is needed, because the Hetzner API is a slow beast. (On a related note, I think it’s possible to change the OCF script to use this as a default, but I couldn’t find it quickly.)

Do let us know if you have questions or if this helped you!

The files:

Update: Add monitor statement to CRM configuration, to work with scenarios where failover addresses are modified manually.

Comments

Comments powered by Disqus