[Pacemaker] IP Range Failover with IPaddr2 and clone / globally-unique="true"

Dejan Muhamedagic dejanmm at fastmail.fm
Mon Jan 23 15:13:56 EST 2012 

Hi,

On Mon, Jan 23, 2012 at 08:05:34PM +0000, Reid, Mike wrote:
> FYI,
> 
> 
> The solution turned out to be related to IPTABLES rules that were added
> using this approach.
> By adding a custom IPTables "CLUSTERIP" chain, the firewall started
> letting everything through :)
> 
> Unfortunately, it seems that this approach is somewhat experimental and

What is experimental? The CLUSTERIP chain? Or how it is being
used by the RA?

> not very stable,

How not stable?

Thanks,

Dejan

> so while I finally found my solution, I will be going
> back to using individual IPaddr2 Primitives for the time being.
> 
> Thanks,
> 
> Mike
> 
> >Dejan,
> >
> >Yes, thank you. I realized I was missing "unique_clone_address" in the
> >config, which made _most_ of the difference.
> >
> >However, now I'm seeing some weirdness with regards to ARP -- In my setup,
> >I currently have three elastic IPs configured (effectively a small sample
> >of my intended IP Range), which all show up as Started, are visible via
> >"ip adds show", but only the to-pmost IP in the range is able to be
> >pinged?? It appears as if everything is working, I just can't use each of
> >the individual IP addresses. I even show all the CLUSTERIP IPTables rules,
> >etc.
> >
> >I'm looking for some recommendations on figuring this out, because as far
> >as I can tell it's all working as intended, however the IPs cannot be
> >used. In the #linux-ha IRC channel, it was recommended I look into ARP
> >issues.
> >
> >NOTE: I'm running Ubuntu 10.10 / Pacemaker 1.0.9
> >
> >FWIW, all of the IP Addresses are Public IPs (against eth0 device) valid
> >(confirmed subnet/gateway, etc), since using individual IPaddr2 primitive
> >rules work for all of them. It's just when I attempt consolidating the CIB
> >configuration to leverage setup of the entire IP Range that it does not
> >work as intended. Could this be a bug or side effect of my version? I even
> >ensure "libnet1-dev" was installed and re-compile cluster resource agents,
> >with no luck. 
> >
> >
> >Any help would be very much appreciated.
> >
> >Best,
> >- Mike
> >
> >On 1/17/12 8:59 PM, "pacemaker-request at oss.clusterlabs.org"
> ><pacemaker-request at oss.clusterlabs.org> wrote:
> >
> >>$ crm ra info IPaddr2 | grep unique_clone_address
> >>
> >>Does that help?
> >>
> >>Thanks,
> >>
> >>Dejan
> >
>

More information about the Pacemaker mailing list