[Pacemaker] How SuSEfirewall2 affects on openais startup?

Tim Serong tserong at novell.com
Thu May 13 11:10:30 UTC 2010


On 5/13/2010 at 07:22 PM, Aleksey Zholdak <aleksey at zholdak.com> wrote: 
> firewall should let through the UDP multicast traffic on  
>>>> ports mcastport and mcastport+1.  
> >>   
> >> As I wrote above: all interfaces in SuSEfirewall2 is set to "Internal   
> >> zone". So, how can I "open" these ports if it already opened?  
> >> 
> >  
> > Just to double check, I assume "Internal zone" does not have any 
> > firewall rules applied to it?  If you go to "Allowed Services" in the 
> > YaST2 firewall config app, it should show everything greyed-out or 
> > allowed for Internal Zone. 
>  
> Yes, exactly, everything greyed-out and allowed for "Internal Zone". 
> "Internal zone is unprotected. All ports are open." 

OK, that sounds fine.

> > You said earlier that openais starts OK if you have the firewall on, 
> > but resources do not run.  What does the output of "crm_mon -r1" show 
> > in this case? 
>  
> sles2:~ # crm_mon -r1 
> ============ 
> Last updated: Thu May 13 12:21:21 2010 
> Stack: openais 
> Current DC: NONE 
> 2 Nodes configured, 2 expected votes 
> 10 Resources configured. 
> ============ 
>  
> Node sles2: UNCLEAN (offline) 
> Node sles1: UNCLEAN (offline) 

The above is normal for while the cluster is starting up.  This may sound
a little silly, but I would have expected everything to come online if
you just wait a few minutes.  You can watch status changes (if any) as
they occur, with "crm_mon -r".  It's worth checking /var/log/messages etc.
on each node too, to see if anything is obviously screaming in pain.

> Full list of resources: 
>  
>   Clone Set: sbd-clone 
>       Stopped: [ sbd_fense:0 sbd_fense:1 ] 

Don't clone the SBD stonith resource, you only need a single primitive
here (not that this should be causing your startup trouble).

Regards,

Tim


-- 
Tim Serong <tserong at novell.com>
Senior Clustering Engineer, OPS Engineering, Novell Inc.







More information about the Pacemaker mailing list