[ClusterLabs] Clustered LVM with iptables issue
Vladislav Bogdanov
bubble at hoster-ok.com
Fri Sep 11 09:46:24 UTC 2015
Hi Digimer,
Be aware that SCTP support in both kernel and DLM _may_ have issues (as
long as I remember it was not recommended to use at least in cman's
version of DLM at least because of the leak of testing).
I believe you can force use of TCP via dlm_controld parameters (or
config options). Of course that could require some kind of bonding to be
involved. Btw that is the main reason I prefer bonding over multi-ring
configurations.
Best,
Vladislav
11.09.2015 02:43, Digimer wrote:
> For the record;
>
> Noel helped me on IRC. The problem was that sctp was now allowed in
> the firewall. The clue was:
>
> ====
> [root at node1 ~]# /etc/init.d/clvmd start
> Starting clvmd:
> Activating VG(s): [ OK ]
> ====
>
> ====] syslog
> Sep 10 23:30:47 node1 kernel: ip_tables: (C) 2000-2006 Netfilter Core Team
> Sep 10 23:30:47 node1 kernel: nf_conntrack version 0.5.0 (16384 buckets,
> 65536 max)
> *** Sep 10 23:31:02 node1 kernel: dlm: Using SCTP for communications
> Sep 10 23:31:03 node1 clvmd: Cluster LVM daemon started - connected to CMAN
> ====
>
> ====
> [root at node2 ~]# /etc/init.d/clvmd start
> Starting clvmd: clvmd startup timed out
> ====
>
> ====] syslog
> Sep 10 23:31:03 node2 kernel: dlm: Using SCTP for communications
> Sep 10 23:31:05 node2 corosync[3001]: [TOTEM ] Incrementing problem
> counter for seqid 5644 iface 10.20.10.2 to [1 of 3]
> Sep 10 23:31:07 node2 corosync[3001]: [TOTEM ] ring 0 active with no
> faults
> ====
>
> Adding;
>
> iptables -I INPUT -p sctp -j ACCEPT
>
> Got it working. Obviously, that needs to be tightened up.
>
> digimer
>
> On 10/09/15 07:01 PM, Digimer wrote:
>> On 10/09/15 06:54 PM, Noel Kuntze wrote:
>>>
>>> Hello Digimer,
>>>
>>> I initially assumed you were familiar with ss or netstat and simply
>>> forgot about them.
>>> Seems I was wrong.
>>>
>>> Check the output of this: `ss -tpn` and `ss -upn`.
>>> Those commands give you the current open TCP and UDP connections,
>>> as well as the program that opened the connection.
>>> Check listening sockets with `ss -tpnl` and `ss -upnl`
>>
>> I'm not so strong on the network side of things, so I am not very
>> familiar with ss or netstat.
>>
>> I have clvmd running:
>>
>> ====
>> [root at node1 ~]# /etc/init.d/clvmd status
>> clvmd (pid 3495) is running...
>> Clustered Volume Groups: (none)
>> Active clustered Logical Volumes: (none)
>> ====
>>
>> Thought I don't seem to see anything:
>>
>> ====
>> [root at node1 ~]# ss -tpnl
>> State Recv-Q Send-Q Local Address:Port
>> Peer Address:Port
>> LISTEN 0 5 :::11111
>> :::* users:(("ricci",2482,3))
>> LISTEN 0 128 127.0.0.1:199
>> *:* users:(("snmpd",2020,8))
>> LISTEN 0 128 :::111
>> :::* users:(("rpcbind",1763,11))
>> LISTEN 0 128 *:111
>> *:* users:(("rpcbind",1763,8))
>> LISTEN 0 128 *:48976
>> *:* users:(("rpc.statd",1785,8))
>> LISTEN 0 5 :::16851
>> :::* users:(("modclusterd",2371,5))
>> LISTEN 0 128 :::55476
>> :::* users:(("rpc.statd",1785,10))
>> LISTEN 0 128 :::22
>> :::* users:(("sshd",2037,4))
>> LISTEN 0 128 *:22
>> *:* users:(("sshd",2037,3))
>> LISTEN 0 100 ::1:25
>> :::* users:(("master",2142,13))
>> LISTEN 0 100 127.0.0.1:25
>> *:* users:(("master",2142,12))
>> ====
>>
>> ====
>> [root at node1 ~]# ss -tpn
>> State Recv-Q Send-Q Local Address:Port
>> Peer Address:Port
>> ESTAB 0 0 192.168.122.10:22
>> 192.168.122.1:53935 users:(("sshd",2636,3))
>> ESTAB 0 0 192.168.122.10:22
>> 192.168.122.1:53934 users:(("sshd",2613,3))
>> ESTAB 0 0 10.10.10.1:48985
>> 10.10.10.2:7788
>> ESTAB 0 0 10.10.10.1:7788
>> 10.10.10.2:51681
>> ESTAB 0 0 ::ffff:10.20.10.1:16851
>> ::ffff:10.20.10.2:43553 users:(("modclusterd",2371,6))
>> ====
>>
>> ====
>> [root at node1 ~]# ss -upn
>> State Recv-Q Send-Q Local Address:Port
>> Peer Address:Port
>> ====
>>
>> I ran all three again and routed output to a file, stopped clvmd and
>> re-ran the three calls to a different file. I diff'ed the resulting
>> files and saw nothing of interest:
>>
>> ====
>> [root at node1 ~]# /etc/init.d/clvmd status
>> clvmd (pid 3495) is running...
>> Clustered Volume Groups: (none)
>> Active clustered Logical Volumes: (none)
>> ====
>>
>> ====
>> [root at node1 ~]# ss -tpnl > tpnl.on
>> [root at node1 ~]# ss -tpn > tpn.on
>> [root at node1 ~]# ss -upn > upn.on
>> ====
>>
>> ====[root at node1 ~]# /etc/init.d/clvmd stop
>> Signaling clvmd to exit [ OK ]
>> clvmd terminated [ OK ]
>> ====
>>
>> ====
>> [root at node1 ~]# ss -tpnl > tpnl.off
>> [root at node1 ~]# ss -tpn > tpn.off
>> [root at node1 ~]# ss -upn > upn.off
>> [root at node1 ~]# diff -U0 tpnl.on tpnl.off
>> [root at node1 ~]# diff -U0 tpn.on tpn.off
>> [root at node1 ~]# diff -U0 upn.on upn.off
>> ====
>>
>> I'm reading up on 'multiport' now and will adjust my iptables. It does
>> look a lot cleaner.
>>
>
>
More information about the Users
mailing list