<div dir="ltr">Your shorewall cannot handle ms Master and Slave operations, because is a lsb script, if you want your script to act as drbd ms, look that one and do it an script agent<br></div><div class="gmail_extra"><br>
<br><div class="gmail_quote">2013/12/22 Gaëtan Slongo <span dir="ltr"><<a href="mailto:gslongo@it-optics.com" target="_blank">gslongo@it-optics.com</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

  
    
  
  <div bgcolor="#FFFFFF" text="#333333">
    <div>Hi !<br>
      <br>
      Someone has any idea ?<br>
      <br>
      Thanks !<br>
      <br>
      <br>
      Le 18/12/13 15:08, Gaëtan Slongo a écrit :<br>
    </div><div><div class="h5">
    <blockquote type="cite">
      <pre>Hi !

I'm currently building a 2 node cluster for firewalling.
I would like to run a shorewall on both on the master and the "Slave"
node. I tried many things but nothing works as expected. Shorewall
configurations are good.
What I want to do is to start shorewall standby on the other node as
soon as my drbd resources are "Slave" or "Stopped"..?
Could you please give me a bit of help on this problem ?

Here is my current config

Thanks


node keskonrix1 \
        attributes standby="off"
node keskonrix2 \
        attributes standby="off"
primitive VIPDMZ ocf:heartbeat:IPaddr2 \
        params ip="10.0.1.1" nic="eth2" cidr_netmask="24" iflabel="VIPDMZ" \
        op monitor interval="30s" timeout="30s"
primitive VIPEXPL ocf:heartbeat:IPaddr2 \
        params ip="10.0.2.2" nic="eth3" cidr_netmask="28"
iflabel="VIPEXPL" \
        op monitor interval="30s" timeout="30s"
primitive VIPLAN ocf:heartbeat:IPaddr2 \
        params ip="192.168.1.248" nic="br0" cidr_netmask="16"
iflabel="VIPLAN" \
        op monitor interval="30s" timeout="30s"
primitive VIPNET ocf:heartbeat:IPaddr2 \
        params ip="XX.XX.XX.XX" nic="eth1" cidr_netmask="29"
iflabel="VIPDMZ" \
        op monitor interval="30s" timeout="30s"
primitive VIPPDA ocf:heartbeat:IPaddr2 \
        params ip="XX.XX.XX.XX" nic="eth1" cidr_netmask="29"
iflabel="VIPPDA" \
        op monitor interval="30s" timeout="30s"
primitive apache2 lsb:apache2 \
        op start interval="0" timeout="15s"
primitive bind9 lsb:bind9 \
        op start interval="0" timeout="15s"
primitive dansguardian lsb:dansguardian \
        op start interval="0" timeout="30s" on-fail="ignore"
primitive drbd-ServicesConfigs1 ocf:linbit:drbd \
        params drbd_resource="services-configs1" \
        op monitor interval="29s" role="Master" \
        op monitor interval="31s" role="Slave"
primitive drbd-ServicesLogs1 ocf:linbit:drbd \
        params drbd_resource="services-logs1" \
        op monitor interval="29s" role="Master" \
        op monitor interval="31s" role="Slave"
primitive fs_ServicesConfigs1 ocf:heartbeat:Filesystem \
        params device="/dev/drbd/by-res/services-configs1"
directory="/drbd/services-configs1/" fstype="ext4"
options="noatime,nodiratime" \
        meta target-role="Started"
primitive fs_ServicesLogs1 ocf:heartbeat:Filesystem \
        params device="/dev/drbd/by-res/services-logs1"
directory="/drbd/services-logs1/" fstype="ext4"
options="noatime,nodiratime" \
        meta target-role="Started"
primitive ipsec-setkey lsb:setkey \
        op start interval="0" timeout="30s"
primitive links_ServicesConfigs1 heartbeat:drbdlinks \
        meta target-role="Started"
primitive openvpn lsb:openvpn \
        op monitor interval="10" timeout="30s" \
        meta target-role="Started"
primitive racoon lsb:racoon \
        op start interval="0" timeout="30s"
primitive shorewall lsb:shorewall \
        op start interval="0" timeout="30s" \
        meta target-role="Started"
primitive shorewall-standby lsb:shorewall \
        op start interval="0" timeout="30s"
primitive squid lsb:squid \
        op start interval="0" timeout="15s" \
        op stop interval="0" timeout="120s"
group IPS-Services1 VIPLAN VIPDMZ VIPPDA VIPEXPL VIPNET \
        meta target-role="Started"
group IPSec ipsec-setkey racoon
group Services1 bind9 squid dansguardian apache2 openvpn shorewall
group ServicesData1 fs_ServicesConfigs1 fs_ServicesLogs1
links_ServicesConfigs1
ms drbd_master_slave_ServicesConfigs1 drbd-ServicesConfigs1 \
        meta master-max="1" master-node-max="1" clone-max="2"
clone-node-max="1" globally-unique="false" notify="true"
target-role="Master"
ms drbd_master_slave_ServicesLogs1 drbd-ServicesLogs1 \
        meta master-max="1" master-node-max="1" clone-max="2"
clone-node-max="1" globally-unique="false" notify="true"
target-role="Master"
colocation Services1_on_drbd inf:
drbd_master_slave_ServicesConfigs1:Master
drbd_master_slave_ServicesLogs1:Master ServicesData1 IPS-Services1
Services1 IPSec
colocation start-shorewall_standby-on-passive-node -inf:
shorewall-standby shorewall
order all_drbd inf: shorewall-standby:stop
drbd_master_slave_ServicesConfigs1:promote
drbd_master_slave_ServicesLogs1:promote ServicesData1:start
IPS-Services1:start IPSec:start Services1:start
property $id="cib-bootstrap-options" \
        dc-version="1.1.7-ee0730e13d124c3d58f00016c3376a1de5323cff" \
        cluster-infrastructure="openais" \
        expected-quorum-votes="2" \
        stonith-enabled="false" \
        no-quorum-policy="ignore"
rsc_defaults $id="rsc-options" \
        resource-stickiness="100"




_______________________________________________
Pacemaker mailing list: <a href="mailto:Pacemaker@oss.clusterlabs.org" target="_blank">Pacemaker@oss.clusterlabs.org</a>
<a href="http://oss.clusterlabs.org/mailman/listinfo/pacemaker" target="_blank">http://oss.clusterlabs.org/mailman/listinfo/pacemaker</a>

Project Home: <a href="http://www.clusterlabs.org" target="_blank">http://www.clusterlabs.org</a>
Getting started: <a href="http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf" target="_blank">http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf</a>
Bugs: <a href="http://bugs.clusterlabs.org" target="_blank">http://bugs.clusterlabs.org</a>
</pre>
    </blockquote>
  </div></div></div>

<br>_______________________________________________<br>
Pacemaker mailing list: <a href="mailto:Pacemaker@oss.clusterlabs.org">Pacemaker@oss.clusterlabs.org</a><br>
<a href="http://oss.clusterlabs.org/mailman/listinfo/pacemaker" target="_blank">http://oss.clusterlabs.org/mailman/listinfo/pacemaker</a><br>
<br>
Project Home: <a href="http://www.clusterlabs.org" target="_blank">http://www.clusterlabs.org</a><br>
Getting started: <a href="http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf" target="_blank">http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf</a><br>
Bugs: <a href="http://bugs.clusterlabs.org" target="_blank">http://bugs.clusterlabs.org</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br>esta es mi vida e me la vivo hasta que dios quiera
</div>