[ClusterLabs] RES: RES: Can't get a group of IP address up when moving to a new version of Pacemaker/Corosync

Carlos Xavier cbastos at connection.com.br
Fri Sep 4 08:43:00 EDT 2015

Tank you Dejan.

I Just tested the command the RA is trying to run on a OpenSuse installation ant it worked fine. The command is:

" iptables -I INPUT -d -i lo -j CLUSTERIP    --new   --clustermac b1:0a:7b:8b:9c:70  --total-nodes 2 --local-node 1
--hashmode sourceip-sourceport"

After that I could see that a module named "ipt_CLUSTERIP" was loaded.
Looking at the SLES12 installation I couldn't locate that module.

I'm going to escalate the trouble to our Datacenter provider. Meanwhile I'll try to use the old IPaddr2 RA, since we are going to
use LVS for load balance. With it we don't need support for iptables.

Best regards,

> -----Mensagem original-----
> De: Dejan Muhamedagic [mailto:dejanmm at fastmail.fm]
> Enviada em: sexta-feira, 4 de setembro de 2015 07:55
> Para: users at clusterlabs.org
> Assunto: Re: [ClusterLabs] RES: Can't get a group of IP address up when moving to a new version of
> Pacemaker/Corosync
> Hi,
> On Wed, Sep 02, 2015 at 03:44:47PM -0300, Carlos Xavier wrote:
> > Hi Kristoffer.
> >
> > Tank you very much for fast reply.
> >
> > I did a cleanup of the resource and took a look at the log and could see that the issue has
> something to do with the RA IPaddr2 trying to set some iptables rule, although we are not using any
> iptables rule set.
> >
> > crm(live)resource# cleanup c-ip-httpd
> > Cleaning up ip_ccardbusiness:0 on apolo Cleaning up ip_ccardbusiness:0
> > on diana Cleaning up ip_ccardgift:0 on apolo Cleaning up
> > ip_ccardgift:0 on diana Cleaning up ip_intranet:0 on apolo Cleaning up
> > ip_intranet:0 on diana Cleaning up ip_ccardbusiness:1 on apolo
> > Cleaning up ip_ccardbusiness:1 on diana Cleaning up ip_ccardgift:1 on
> > apolo Cleaning up ip_ccardgift:1 on diana Cleaning up ip_intranet:1 on
> > apolo Cleaning up ip_intranet:1 on diana Waiting for 12 replies from
> > the CRMd............ OK
> >
> > And on the log we have
> >
> [...]
> > 2015-09-02T14:40:54.184995-03:00 apolo IPaddr2(ip_ccardbusiness)[8360]: ERROR: iptables failed
> > 2015-09-02T14:40:54.187651-03:00 apolo lrmd[5182]:   notice: operation_finished:
> ip_ccardbusiness_start_0:8360:stderr [ iptables: No chain/target/match by that name. ]
> The target used is CLUSTERIP. Do you have the iptables extensions installed (you should)? The package
> is called xtables-plugins. It should contain a library with CLUSTERIP support.
> [...]
> > Is there a way to stop the IPaddr2 RA to try to manage the iptables rule?
> No, there isn't. Not a specialist on this, but so far nobody complained about iptables use. The
> underlying problem should be solved.
> Since you're running a SLE product, you can also ask for help from the SUSE support.
> Thanks,
> Dejan
> _______________________________________________
> Users mailing list: Users at clusterlabs.org http://clusterlabs.org/mailman/listinfo/users
> Project Home: http://www.clusterlabs.org Getting started:
> http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> Bugs: http://bugs.clusterlabs.org

More information about the Users mailing list