[ClusterLabs] Support for xt_cluster
Marcus Vinicius
marc_mcs10 at yahoo.com.br
Thu Dec 19 10:01:34 EST 2019
Hi,
As I know, CLUSTERIP is deprecated for some time. Recent distributions doesn't have this module on their repositories at all (Red Hat 8)
It seems Pacemaker still use CLUSTERIP for clone an IP address.
For this reason, I have the following error on an Active/Active cluster VIP:
Cenario:
CentOS 8Pacemaker 2.0.1Kernel 4.18.0Iptables 1.8.2
# pcs resource create ClusterIP ocf:heartbeat:IPaddr2 ip=172.18.14.100 nic=ens160 cidr_netmask=24 op monitor interval=2s# pcs resource clone ClusterIP# pcs status...Failed Resource Actions:* ClusterIP_start_0 on pcsnode1 'unknown error' (1): call=40, status=complete, exitreason='iptables failed', last-rc-change='Thu Dec 19 12:30:40 2019', queued=0ms, exec=172ms
Logs:
Dec 19 12:32:54 pcsnode1 IPaddr2(ClusterIP)[10245]: ERROR: iptables failedDec 19 12:32:54 pcsnode1 pacemaker-execd[1436]: notice: ClusterIP_start_0:10245:stderr [ iptables v1.8.2 (nf_tables): chain name not allowed to start with `-' ]Dec 19 12:32:54 pcsnode1 pacemaker-execd[1436]: notice: ClusterIP_start_0:10245:stderr [ ]Dec 19 12:32:54 pcsnode1 pacemaker-execd[1436]: notice: ClusterIP_start_0:10245:stderr [ Try `iptables -h' or 'iptables --help' for more information. ]Dec 19 12:32:54 pcsnode1 pacemaker-execd[1436]: notice: ClusterIP_start_0:10245:stderr [ ocf-exit-reason:iptables failed ]Dec 19 12:32:54 pcsnode1 pacemaker-controld[1439]: notice: Result of start operation for ClusterIP on pcsnode1: 1 (unknown error)
Any one can simulate the module problem, outside Pacemaker, with this command:
Perfectly good for CentOS 7 installation with ipt_CLUSTERIP.ko:
# iptables -A INPUT -d 172.18.14.100/32 -i ens192 -j CLUSTERIP --new --hashmode sourceip-sourceport --clustermac 43:0A:1F:80:58:36 --total-nodes 2 --local-node 2 --hash-init 0
No good for a default CentOS 8 installation:
# iptables -A INPUT -d 172.18.14.100/32 -i ens192 -j CLUSTERIP --new --hashmode sourceip-sourceport --clustermac 43:0A:1F:80:58:36 --total-nodes 2 --local-node 2 --hash-init 0iptables v1.8.2 (nf_tables): chain name not allowed to start with `-'
Try `iptables -h' or 'iptables --help' for more information.
Is there any intention to abandon CLUSTERIP in favor of xt_cluster.ko?
Thanks a lot!
Att,
Marcus Vinícius
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clusterlabs.org/pipermail/users/attachments/20191219/347a6eb1/attachment.html>
More information about the Users
mailing list