[Pacemaker] Issues in a statefull firewall using "conntrackd" with heartbeat+pacemaker

Florian Haas florian.haas at linbit.com
Fri Apr 29 03:26:42 EDT 2011

On 2011-04-28 23:48, CeR wrote:
> When I added the resources:
> --------------------------------------------
> root at fw1:~# crm configure primitive slave_conntrackd heartbeat:conntrackd \
> op monitor depth="0" timeout="20" interval="20" role="Slave"

This is not how you're supposed to configure master/slave sets. And
conntrackd is also not a heartbeat resource agent, but an OCF one. And
that monitor op definition is also shot. I think you deserve a prize for
most efficiently cramming configuration errors into one line. :)

Try this:

crm configure primitive p_conntrackd ocf:heartbeat:conntrackd \
  op monitor timeout="20" interval="20" role="Slave" \
  op monitor timeout="20" interval="10" role="Master"

crm configure ms ms_conntrackd p_conntrackd \
  meta notify="true" interleave="true"

All of that being said, I do notice that the conntrackd RA incorrectly
advertises its monitor operations, and the man pages we generate could
use some improvement as to how they present examples for master/slave sets.

Hope this helps.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <https://lists.clusterlabs.org/pipermail/pacemaker/attachments/20110429/3a639bbf/attachment-0003.sig>

More information about the Pacemaker mailing list