<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body smarttemplateinserted="true" text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">Hi !<br>
<br>
Thanks for answer.<br>
I'm not trying to use shorewall as a ms resource. Let me explain :
I have 2 nodes. All resources are always on the same node (using
group and constraints) but what I want to do is to start a
shorewall on the "passive" node. <br>
How could I do that simply ? I tried to use constraints but it'is
not working well<br>
<br>
Gaëtan<br>
<br>
<br>
Le 22/12/13 13:24, emmanuel segura a écrit :<br>
</div>
<blockquote
cite="mid:CAE7pJ3B1m=ZzRH+deDfc+DLHG5u-NU23OiQABiJm0Jnwf+AnAA@mail.gmail.com"
type="cite">
<div dir="ltr">Your shorewall cannot handle ms Master and Slave
operations, because is a lsb script, if you want your script to
act as drbd ms, look that one and do it an script agent<br>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">2013/12/22 Gaëtan Slongo <span
dir="ltr"><<a moz-do-not-send="true"
href="mailto:gslongo@it-optics.com" target="_blank">gslongo@it-optics.com</a>></span><br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#333333">
<div>Hi !<br>
<br>
Someone has any idea ?<br>
<br>
Thanks !<br>
<br>
<br>
Le 18/12/13 15:08, Gaëtan Slongo a écrit :<br>
</div>
<div>
<div class="h5">
<blockquote type="cite">
<pre>Hi !
I'm currently building a 2 node cluster for firewalling.
I would like to run a shorewall on both on the master and the "Slave"
node. I tried many things but nothing works as expected. Shorewall
configurations are good.
What I want to do is to start shorewall standby on the other node as
soon as my drbd resources are "Slave" or "Stopped"..?
Could you please give me a bit of help on this problem ?
Here is my current config
Thanks
node keskonrix1 \
attributes standby="off"
node keskonrix2 \
attributes standby="off"
primitive VIPDMZ ocf:heartbeat:IPaddr2 \
params ip="10.0.1.1" nic="eth2" cidr_netmask="24" iflabel="VIPDMZ" \
op monitor interval="30s" timeout="30s"
primitive VIPEXPL ocf:heartbeat:IPaddr2 \
params ip="10.0.2.2" nic="eth3" cidr_netmask="28"
iflabel="VIPEXPL" \
op monitor interval="30s" timeout="30s"
primitive VIPLAN ocf:heartbeat:IPaddr2 \
params ip="192.168.1.248" nic="br0" cidr_netmask="16"
iflabel="VIPLAN" \
op monitor interval="30s" timeout="30s"
primitive VIPNET ocf:heartbeat:IPaddr2 \
params ip="XX.XX.XX.XX" nic="eth1" cidr_netmask="29"
iflabel="VIPDMZ" \
op monitor interval="30s" timeout="30s"
primitive VIPPDA ocf:heartbeat:IPaddr2 \
params ip="XX.XX.XX.XX" nic="eth1" cidr_netmask="29"
iflabel="VIPPDA" \
op monitor interval="30s" timeout="30s"
primitive apache2 lsb:apache2 \
op start interval="0" timeout="15s"
primitive bind9 lsb:bind9 \
op start interval="0" timeout="15s"
primitive dansguardian lsb:dansguardian \
op start interval="0" timeout="30s" on-fail="ignore"
primitive drbd-ServicesConfigs1 ocf:linbit:drbd \
params drbd_resource="services-configs1" \
op monitor interval="29s" role="Master" \
op monitor interval="31s" role="Slave"
primitive drbd-ServicesLogs1 ocf:linbit:drbd \
params drbd_resource="services-logs1" \
op monitor interval="29s" role="Master" \
op monitor interval="31s" role="Slave"
primitive fs_ServicesConfigs1 ocf:heartbeat:Filesystem \
params device="/dev/drbd/by-res/services-configs1"
directory="/drbd/services-configs1/" fstype="ext4"
options="noatime,nodiratime" \
meta target-role="Started"
primitive fs_ServicesLogs1 ocf:heartbeat:Filesystem \
params device="/dev/drbd/by-res/services-logs1"
directory="/drbd/services-logs1/" fstype="ext4"
options="noatime,nodiratime" \
meta target-role="Started"
primitive ipsec-setkey lsb:setkey \
op start interval="0" timeout="30s"
primitive links_ServicesConfigs1 heartbeat:drbdlinks \
meta target-role="Started"
primitive openvpn lsb:openvpn \
op monitor interval="10" timeout="30s" \
meta target-role="Started"
primitive racoon lsb:racoon \
op start interval="0" timeout="30s"
primitive shorewall lsb:shorewall \
op start interval="0" timeout="30s" \
meta target-role="Started"
primitive shorewall-standby lsb:shorewall \
op start interval="0" timeout="30s"
primitive squid lsb:squid \
op start interval="0" timeout="15s" \
op stop interval="0" timeout="120s"
group IPS-Services1 VIPLAN VIPDMZ VIPPDA VIPEXPL VIPNET \
meta target-role="Started"
group IPSec ipsec-setkey racoon
group Services1 bind9 squid dansguardian apache2 openvpn shorewall
group ServicesData1 fs_ServicesConfigs1 fs_ServicesLogs1
links_ServicesConfigs1
ms drbd_master_slave_ServicesConfigs1 drbd-ServicesConfigs1 \
meta master-max="1" master-node-max="1" clone-max="2"
clone-node-max="1" globally-unique="false" notify="true"
target-role="Master"
ms drbd_master_slave_ServicesLogs1 drbd-ServicesLogs1 \
meta master-max="1" master-node-max="1" clone-max="2"
clone-node-max="1" globally-unique="false" notify="true"
target-role="Master"
colocation Services1_on_drbd inf:
drbd_master_slave_ServicesConfigs1:Master
drbd_master_slave_ServicesLogs1:Master ServicesData1 IPS-Services1
Services1 IPSec
colocation start-shorewall_standby-on-passive-node -inf:
shorewall-standby shorewall
order all_drbd inf: shorewall-standby:stop
drbd_master_slave_ServicesConfigs1:promote
drbd_master_slave_ServicesLogs1:promote ServicesData1:start
IPS-Services1:start IPSec:start Services1:start
property $id="cib-bootstrap-options" \
dc-version="1.1.7-ee0730e13d124c3d58f00016c3376a1de5323cff" \
cluster-infrastructure="openais" \
expected-quorum-votes="2" \
stonith-enabled="false" \
no-quorum-policy="ignore"
rsc_defaults $id="rsc-options" \
resource-stickiness="100"
_______________________________________________
Pacemaker mailing list: <a moz-do-not-send="true" href="mailto:Pacemaker@oss.clusterlabs.org" target="_blank">Pacemaker@oss.clusterlabs.org</a>
<a moz-do-not-send="true" href="http://oss.clusterlabs.org/mailman/listinfo/pacemaker" target="_blank">http://oss.clusterlabs.org/mailman/listinfo/pacemaker</a>
Project Home: <a moz-do-not-send="true" href="http://www.clusterlabs.org" target="_blank">http://www.clusterlabs.org</a>
Getting started: <a moz-do-not-send="true" href="http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf" target="_blank">http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf</a>
Bugs: <a moz-do-not-send="true" href="http://bugs.clusterlabs.org" target="_blank">http://bugs.clusterlabs.org</a>
</pre>
</blockquote>
</div>
</div>
</div>
<br>
_______________________________________________<br>
Pacemaker mailing list: <a moz-do-not-send="true"
href="mailto:Pacemaker@oss.clusterlabs.org">Pacemaker@oss.clusterlabs.org</a><br>
<a moz-do-not-send="true"
href="http://oss.clusterlabs.org/mailman/listinfo/pacemaker"
target="_blank">http://oss.clusterlabs.org/mailman/listinfo/pacemaker</a><br>
<br>
Project Home: <a moz-do-not-send="true"
href="http://www.clusterlabs.org" target="_blank">http://www.clusterlabs.org</a><br>
Getting started: <a moz-do-not-send="true"
href="http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf"
target="_blank">http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf</a><br>
Bugs: <a moz-do-not-send="true"
href="http://bugs.clusterlabs.org" target="_blank">http://bugs.clusterlabs.org</a><br>
<br>
</blockquote>
</div>
<br>
<br clear="all">
<br>
-- <br>
esta es mi vida e me la vivo hasta que dios quiera
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Pacemaker mailing list: <a class="moz-txt-link-abbreviated" href="mailto:Pacemaker@oss.clusterlabs.org">Pacemaker@oss.clusterlabs.org</a>
<a class="moz-txt-link-freetext" href="http://oss.clusterlabs.org/mailman/listinfo/pacemaker">http://oss.clusterlabs.org/mailman/listinfo/pacemaker</a>
Project Home: <a class="moz-txt-link-freetext" href="http://www.clusterlabs.org">http://www.clusterlabs.org</a>
Getting started: <a class="moz-txt-link-freetext" href="http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf">http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf</a>
Bugs: <a class="moz-txt-link-freetext" href="http://bugs.clusterlabs.org">http://bugs.clusterlabs.org</a>
</pre>
</blockquote>
<br>
<br>
<div class="moz-signature">-- <br>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<div style="font-family: 'Lucida Grande', Verdana, Arial,
Sans-Serif;border-top: 1px #3a342c dotted;border-bottom: 1px
#3a342c dotted;">
<table>
<tbody>
<tr>
<td> <img
src="cid:part12.02080303.05060404@it-optics.com"
style="float: left; padding: 0 10px 20px 0;"
height="76" width="196">
<p><a href="http://www.it-optics.com/"
style="font-family: 'Lucida Grande', Verdana, Arial,
Sans-Serif;
color:#3676AF;text-decoration:none;font-size:
11.5px;text-align: center;center;display: block;"> <font
color="#3385CF">www.it-optics.com</font> </a></p>
</td>
<td>
<div style="font-family: 'Lucida Grande', Verdana,
Arial, Sans-Serif;min-height: 100px;line-height: 17px;
margin: 0; padding: 10px 0;font-size: 11.5px; color:
#3a342c;min-width: 530px;"> <span style="font-family:
'Lucida Grande', Verdana, Arial,
Sans-Serif;font-weight:bold;color: #3a342c;
font-size:12px;">Gaëtan SLONGO | IT & Project
Manager</span><br>
Boulevard Initialis, 28 - 7000 Mons<br>
<table style=" font-size: 11.5px;color:
#3a342c;line-height: 17px;" cellpadding="0"
cellspacing="0">
<tbody>
<tr>
<td width="70">Company :</td>
<td>+32 (0)65 84 23 85</td>
</tr>
<tr>
<td>Direct :</td>
<td>+32 (0)65 32 85 88</td>
</tr>
<tr>
<td>Fax :</td>
<td>+32 (0)65 84 66 76</td>
</tr>
<tr>
<td>GPG Key :</td>
<td><a
href="http://www.it-optics.com/gslongo/gslongo.pub.asc"
style="font-family: 'Lucida Grande',
Verdana, Arial, Sans-Serif;
color:#3676AF;text-decoration:none;font-size:
11.5px;"> <font color="#3385CF">gslongo-gpg_key.asc</font>
</a></td>
</tr>
</tbody>
</table>
</div>
</td>
</tr>
</tbody>
</table>
</div>
<div style="font-family: 'Lucida Grande', Verdana, Arial,
Sans-Serif; font-style: italic; font-size: 10.5px;">
<p>Please consider your environmental responsibility before
printing this e-mail</p>
</div>
</div>
</body>
</html>