[Pacemaker] Active-Passive firewall with conntrackd and ip colocation

Andreas Kurz andreas at hastexo.com
Wed Feb 29 15:34:29 EST 2012 

Hello,

On 02/27/2012 01:04 PM, Benjamin Kiessling wrote:
> Hi,
> 
> I've set up a small two node cluster using Debian squeeze to act as a
> active-passive firewall using conntrackd and IPaddr2 resource agent. My
> configuration looks like this:
> 
> node node1
> node node2
> primitive conntrackd ocf:heartbeat:conntrackd \
>         op monitor interval="20" role="Slave" timeout="20" \
>         op monitor interval="10" role="Master" timeout="20"
> primitive routerIP ocf:heartbeat:IPaddr2 \
>         params ip="172.22.92.84" cidr_netmask="28" \
>         op monitor interval="1s" timeout="4s"
> ms ms_conntrackd conntrackd \
>         meta notify="true" interleave="true"
> location prefer-node1 routerIP 50: node1
> colocation conntrack-with-routerIP inf: ms_conntrackd:Master routerIP

Per default the role used for the right (routerIP) resource is the same
as for the left (ms_conntrackd) ... so you collocate the
conntrackd:Master with the routerIP:Master role ... use routerIP:Started

The order they start is not critical?

> property $id="cib-bootstrap-options" \
>         dc-version="1.0.9-74392a28b7f31d7ddc86689598bd23114f58978b" \

Really consider an update!

Regards,
Andreas

-- 
Need help with Pacemaker?
http://www.hastexo.com

>         cluster-infrastructure="openais" \
>         expected-quorum-votes="2" \
>         stonith-enabled="false" \
>         no-quorum-policy="ignore"
> 
> The setup I'm trying to achieve is that conntrackd (as Master role) has
> to run with routerIP preferentially on node1. This configuration moves
> conntrackd and routerIP from node1 to node2 when I simulate a failover
> but after node1 is operational again conntrackd's Master is not moved
> back to node1 while routerIP is. 
> I couldn't find any documentation about multi-state resources apart from
> the most basis examples so I don't know if this configuration is even
> remotely sensible. Could you point me in the right direction on this
> issue?
> 
> Regards,
> Ben 
> 
> 
> 
> _______________________________________________
> Pacemaker mailing list: Pacemaker at oss.clusterlabs.org
> http://oss.clusterlabs.org/mailman/listinfo/pacemaker
> 
> Project Home: http://www.clusterlabs.org
> Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> Bugs: http://bugs.clusterlabs.org



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 222 bytes
Desc: OpenPGP digital signature
URL: <https://lists.clusterlabs.org/pipermail/pacemaker/attachments/20120229/92a9b971/attachment-0003.sig>

More information about the Pacemaker mailing list