[Pacemaker] Location / Colocation constraints issue

Andrew Beekhof andrew at beekhof.net
Mon Jan 13 21:45:23 UTC 2014


On 19 Dec 2013, at 1:08 am, Gaëtan Slongo <gslongo at it-optics.com> wrote:

> Hi !
> 
> I'm currently building a 2 node cluster for firewalling.
> I would like to run a shorewall on both on the master and the "Slave"
> node. I tried many things but nothing works as expected. Shorewall
> configurations are good.
> What I want to do is to start shorewall standby on the other node as
> soon as my drbd resources are "Slave" or "Stopped"..?
> Could you please give me a bit of help on this problem ?

It will be something like:

colocation XXX -inf: shorewall-standby drbd_master_slave_ServicesConfigs1:Master
colocation YYY -inf: shorewall-standby drbd_master_slave_ServicesLogs1:Master

> 
> Here is my current config
> 
> Thanks
> 
> 
> node keskonrix1 \
>        attributes standby="off"
> node keskonrix2 \
>        attributes standby="off"
> primitive VIPDMZ ocf:heartbeat:IPaddr2 \
>        params ip="10.0.1.1" nic="eth2" cidr_netmask="24" iflabel="VIPDMZ" \
>        op monitor interval="30s" timeout="30s"
> primitive VIPEXPL ocf:heartbeat:IPaddr2 \
>        params ip="10.0.2.2" nic="eth3" cidr_netmask="28"
> iflabel="VIPEXPL" \
>        op monitor interval="30s" timeout="30s"
> primitive VIPLAN ocf:heartbeat:IPaddr2 \
>        params ip="192.168.1.248" nic="br0" cidr_netmask="16"
> iflabel="VIPLAN" \
>        op monitor interval="30s" timeout="30s"
> primitive VIPNET ocf:heartbeat:IPaddr2 \
>        params ip="XX.XX.XX.XX" nic="eth1" cidr_netmask="29"
> iflabel="VIPDMZ" \
>        op monitor interval="30s" timeout="30s"
> primitive VIPPDA ocf:heartbeat:IPaddr2 \
>        params ip="XX.XX.XX.XX" nic="eth1" cidr_netmask="29"
> iflabel="VIPPDA" \
>        op monitor interval="30s" timeout="30s"
> primitive apache2 lsb:apache2 \
>        op start interval="0" timeout="15s"
> primitive bind9 lsb:bind9 \
>        op start interval="0" timeout="15s"
> primitive dansguardian lsb:dansguardian \
>        op start interval="0" timeout="30s" on-fail="ignore"
> primitive drbd-ServicesConfigs1 ocf:linbit:drbd \
>        params drbd_resource="services-configs1" \
>        op monitor interval="29s" role="Master" \
>        op monitor interval="31s" role="Slave"
> primitive drbd-ServicesLogs1 ocf:linbit:drbd \
>        params drbd_resource="services-logs1" \
>        op monitor interval="29s" role="Master" \
>        op monitor interval="31s" role="Slave"
> primitive fs_ServicesConfigs1 ocf:heartbeat:Filesystem \
>        params device="/dev/drbd/by-res/services-configs1"
> directory="/drbd/services-configs1/" fstype="ext4"
> options="noatime,nodiratime" \
>        meta target-role="Started"
> primitive fs_ServicesLogs1 ocf:heartbeat:Filesystem \
>        params device="/dev/drbd/by-res/services-logs1"
> directory="/drbd/services-logs1/" fstype="ext4"
> options="noatime,nodiratime" \
>        meta target-role="Started"
> primitive ipsec-setkey lsb:setkey \
>        op start interval="0" timeout="30s"
> primitive links_ServicesConfigs1 heartbeat:drbdlinks \
>        meta target-role="Started"
> primitive openvpn lsb:openvpn \
>        op monitor interval="10" timeout="30s" \
>        meta target-role="Started"
> primitive racoon lsb:racoon \
>        op start interval="0" timeout="30s"
> primitive shorewall lsb:shorewall \
>        op start interval="0" timeout="30s" \
>        meta target-role="Started"
> primitive shorewall-standby lsb:shorewall \
>        op start interval="0" timeout="30s"
> primitive squid lsb:squid \
>        op start interval="0" timeout="15s" \
>        op stop interval="0" timeout="120s"
> group IPS-Services1 VIPLAN VIPDMZ VIPPDA VIPEXPL VIPNET \
>        meta target-role="Started"
> group IPSec ipsec-setkey racoon
> group Services1 bind9 squid dansguardian apache2 openvpn shorewall
> group ServicesData1 fs_ServicesConfigs1 fs_ServicesLogs1
> links_ServicesConfigs1
> ms drbd_master_slave_ServicesConfigs1 drbd-ServicesConfigs1 \
>        meta master-max="1" master-node-max="1" clone-max="2"
> clone-node-max="1" globally-unique="false" notify="true"
> target-role="Master"
> ms drbd_master_slave_ServicesLogs1 drbd-ServicesLogs1 \
>        meta master-max="1" master-node-max="1" clone-max="2"
> clone-node-max="1" globally-unique="false" notify="true"
> target-role="Master"
> colocation Services1_on_drbd inf:
> drbd_master_slave_ServicesConfigs1:Master
> drbd_master_slave_ServicesLogs1:Master ServicesData1 IPS-Services1
> Services1 IPSec
> colocation start-shorewall_standby-on-passive-node -inf:
> shorewall-standby shorewall
> order all_drbd inf: shorewall-standby:stop
> drbd_master_slave_ServicesConfigs1:promote
> drbd_master_slave_ServicesLogs1:promote ServicesData1:start
> IPS-Services1:start IPSec:start Services1:start
> property $id="cib-bootstrap-options" \
>        dc-version="1.1.7-ee0730e13d124c3d58f00016c3376a1de5323cff" \
>        cluster-infrastructure="openais" \
>        expected-quorum-votes="2" \
>        stonith-enabled="false" \
>        no-quorum-policy="ignore"
> rsc_defaults $id="rsc-options" \
>        resource-stickiness="100"
> 
> 
> 
> 
> _______________________________________________
> Pacemaker mailing list: Pacemaker at oss.clusterlabs.org
> http://oss.clusterlabs.org/mailman/listinfo/pacemaker
> 
> Project Home: http://www.clusterlabs.org
> Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> Bugs: http://bugs.clusterlabs.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://lists.clusterlabs.org/pipermail/pacemaker/attachments/20140114/54f7dd64/attachment-0004.sig>


More information about the Pacemaker mailing list