[Pacemaker] How SuSEfirewall2 affects on openais startup?

Lars Marowsky-Bree lmb at novell.com
Fri May 14 11:37:26 UTC 2010


On 2010-05-14T09:40:28, Aleksey Zholdak <aleksey at zholdak.com> wrote:

> /var/log/firewall is empty
> dmesg contains nothing about firewall and openais
> In /var/log/messages I see a lot of messages that tells me nothing :(

The SUSEfirewall scripts block all external network traffic until the
system has started, even for internal zones I think. (This also tends to
affect drbd among others, if set to start via the init scripts ...)

If that is a SLES system, please file a bug through your support
contract.

> What you tell about? sbd must be running on _each_ node, not "somewhere"!

The sbd _daemon_ must run on each and every node, which is handled by
the openais init script before even attempting to start
openais/corosync.

The external/sbd stonith resource is "just" the cluster's connector to
the sbd fencing component, and it is quite sufficient to be running it
on a single node.

In practice, NO stonith resource needs to be cloned at all; there is no
gain at all in doing so. That was a misconception we had a few years
ago, but pacemaker handles this justfine. The meme is very hard to kill,
though.


Regards,
    Lars

-- 
Architect Storage/HA, OPS Engineering, Novell, Inc.
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg)
"Experience is the name everyone gives to their mistakes." -- Oscar Wilde





More information about the Pacemaker mailing list