If you want your routing changes to take affect each time you boot then
you can add them to the /etc/sysconfig/static-routes config file (at
least for RedHat Linux systems where this file is read by the network
init script), which in your case would look something like this:
any -net 239.2.11.71 netmask 255.255.255.255 dev eth1
any -net 255.255.255.255 netmask 255.255.255.255 dev eth1
~Jason
On Tue, 2005-09-20 at 15:28 +0100, Alex Davies wrote:
> Dear Jason,
>
> The following two commands appear to have fixed it:
>
> route add -net 239.2.11.71 netmask 255.255.255.255 dev eth1
> route add -net 255.255.255.255 netmask 255.255.255.255 dev eth1
>
> However I can not work out how to get these to "stick" after a reboot
> (apart from writing an init script to execute the above two commands
> which appears a little messy). Is there a common way to do this?
>
> I have also not tried to reboot the master server just yet but hope
> that it will continue to work!
>
> If anyone finds this thread, in addition to the two commands above I
> also added the following to /etc/gmond.conf on all nodes:
>
> udp_send_channel {
> mcast_join = 239.2.11.71
> mcast_if = eth1
> port = 8649
> }
>
> With many thanks for all your help,
>
> Alex
>
>
> On 20/09/05, Jason A. Smith <[EMAIL PROTECTED]> wrote:
> If your systems have more than one interface then you probably
> need to
> tell gmond which interface to bind to by setting the mcast_if
> option to
> eth1 in the gmond.conf file. The exact details will vary
> depending on
> which version of ganglia you are using, 2.5.x or 3.0.x.
>
> ~Jason
>
>
> On Tue, 2005-09-20 at 14:41 +0100, Alex Davies wrote:
> > Dear All,
> >
> > Thank you for your continued support. The firewall is
> reporting errors
> > like these:
> >
> > iptables: dropped input: IN=eth0 OUT=
> > MAC=ff:ff:ff:ff:ff:ff:00:e0:81:32:00:1a:08:00 SRC= 0.0.0.0
> > DST=255.255.255.255 LEN=42 TOS=0x00 PREC=0x00 TTL=1 ID=62540
> PROTO=UDP
> > SPT=3711 DPT=3711 LEN=22
> >
> > This on all the servers.
> >
> > My current firewall, in english, is
> > * All outgoing traffic allowed
> > * All incomming traffic on eth1 allowed without going
> through
> > firewall
> > * All incomming traffic on eth0 allowed if it comes
> from another
> > cluster node or on a standard port ( e.g. 80; I did
> try the
> > gmond ports in here to no avail).
> > Is there a way of *forcing* gmond to use eth1 for these
> bizarre
> > packets which are going out to 255.255.255.255 (which I take
> it is
> > part of multicasting since this address does not exist)?
> >
> > Failing that, is there a route command I can use to force
> these
> > packets out of eth1?
> >
> > Falingthat, is there an IP tables command I can use to allow
> these
> > packets? (I tried allowing all ports from 0.0.0.0 to no
> avail).
> >
> > Many thanks,
> >
> > Alex
> >
> >
> > On 20/09/05, Jason A. Smith <[EMAIL PROTECTED]> wrote:
> > > If you think it is the iptables firewall that is causing
> you your
> > > problems then try turning on logging of dropped/rejected
> packets to
> > help
> > > debug your problem:
> > >
> > > iptables -A INPUT -m limit --limit 3/m -j LOG --log-level
> info \
> > > --log-prefix "iptables: dropped input: "
> > >
> > > this rule needs to go before the DROP/REJECT rule that is
> at the end
> > of
> > > your INPUT chain, or just at the bottom if you have a
> default policy
> > set
> > > to DROP/REJECT. Then watch /var/log/messages for iptables
> logs to
> > see
> > > what ganglia related traffic is getting blocked.
> > >
> > > Also, I assume that you have a rule allowing your gmetad
> server to
> > > connect to your cluster, something like:
> > >
> > > iptables -A INPUT -p tcp -m state --state NEW -m tcp -s
> > gmetad.host.ip \
> > > --dport 8649 -j ACCEPT
> > >
> > >
> > > ~Jason
> > >
> > >
> > > On Tue, 2005-09-20 at 00:12, Alex Davies wrote:
> > > > I am afraid that I still experience the complete loss of
> > monitoring as
> > > > soon as I start my firewall even with those rules
> added...
> > > >
> > > > I cant seem to find any clear instructions on this, but
> is there
> > any
> > > > way to get each gmond daemon just to collect statistics
> from its
> > local
> > > > host and have one server collect all the xml files every
> 20
> > seconds or
> > > > so?
> > > >
> > > > Many thanks,
> > > >
> > > > Alex
> > > >
> > > >
> > > > On 20/09/05, Jason A. Smith < [EMAIL PROTECTED]> wrote:
> > > > > If your network switches are configured to do igmp,
> then you
> > will
> > > > > probably want to add an iptables rule like this:
> > > > >
> > > > > iptables -A INPUT -p igmp -j ACCEPT
> > > > >
> > > > > We have iptables configured on all of our systems
> running
> > ganglia
> > > > > without any problems and only have 2 related rules,
> the igmp one
> > above
> > > > > and a multicast rule like this:
> > > > >
> > > > > iptables -A INPUT -p udp -m udp -d 239.2.11.71 --dport
> 8649 -j
> > ACCEPT
> > > > >
> > > > > ~Jason
> > > > >
> > > > >
> > > > > On Mon, 2005-09-19 at 22:47, Alex Davies wrote:
> > > > > > Dear Mike,
> > > > > >
> > > > > > Many thanks for your very fast reply :)
> > > > > >
> > > > > > All my nodes are on the same switch, but we are
> using software
> > > > > > firewalls. The cluster is trying to use the second
> ethernet
> > port which
> > > > > > is plugged into a dedicated switch, which is
> "trusted" and
> > not
> > > > > > supposed to be firewalled but I have a hunch that
> the
> > multicasting
> > > > > > thing is not going over that port, and I am not sure
> how to
> > force it
> > > > > > to (nor am I sure if it matters).
> > > > > >
> > > > > > However, could you confirm how you forced ganglia to
> use your
> > tunnel -
> > > > > > particularly for the multicast packets?
> > > > > >
> > > > > > Many thanks,
> > > > > >
> > > > > > Alex
> > > > > >
> > > > > > On 20/09/05, michael chang <[EMAIL PROTECTED]>
> wrote:
> > > > > > > On 9/19/05, Alex Davies < [EMAIL PROTECTED]>
> wrote:
> > > > > > > > I have been trying to install ganglia on my 13-
> node
> > cluster and had
> > > > > > > > it all working wonderfully and was amazed how
> easilly
> > until I
> > > > > > > > restarted my firewall :)
> > > > > > >
> > > > > > > This is probably impratical, and the worst advice
> I can give
> > you, so
> > > > > > > I'm going to BEG one of the others on the list to
> come up
> > with a
> > > > > > > better answer, but I can tell you that I've got
> Ganglia
> > working just
> > > > > > > fine over a OpenVPN tunnel (provided that peer-to-
> peer
> > client
> > > > > > > communication is online, and the PC hosting the
> OpenVPN
> > tunnel is
> > > > > > > online). Maybe that's something you want...? I
> doubt it,
> > but I
> > > > > > > figured I'd mention it anyways, just in case.
> > > > > > >
> > > > > > > I'm wondering, when the firewall restarts, what
> happens to
> > the
> > > > > > > interfaces that Ganglia is multicasting
> over? Maybe you
> > need
> > > > > > > something that automatically restarts ganglia when
> the
> > firewall
> > > > > > > restarts ...? Like I said, someone else probably
> has a
> > better answer.
> > > > > > >
> > > > > > > My apologies for any unhelpfulnesses.
> > > > > > >
> > > > > > > --
> > > > > > > ~Mike
> > > > > > > - Just my two cents
> > > > > > > - No man is an island, and no man is unable.
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> >
> > --
> > Alex Davies // http://www.davz.net
> >
> > This email and any files transmitted with it are
> confidential and
> > intended solely for the use of the individual or entity to
> whom they
> > are addressed. If you have received this email in error
> please notify
> > the sender immediately by e-mail and delete this e-mail
> permanently.
> >
> > Contact me - MSN: [EMAIL PROTECTED] SKYPE: alex.davies
> --
> /------------------------------------------------------------------\
> | Jason A.
> Smith Email: [EMAIL PROTECTED] |
> | Atlas Computing Facility, Bldg.
> 510M Phone: (631)344-4226 |
> | Brookhaven National Lab, P.O. Box
> 5000 Fax: (631)344-7616 |
> | Upton, NY
> 11973-5000 |
> \------------------------------------------------------------------/
>
>
>
>
>
> --
> Alex Davies // http://www.davz.net
>
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the sender immediately by e-mail and delete this e-mail permanently.
>
> Contact me - MSN: [EMAIL PROTECTED] SKYPE: alex.davies
--
/------------------------------------------------------------------\
| Jason A. Smith Email: [EMAIL PROTECTED] |
| Atlas Computing Facility, Bldg. 510M Phone: (631)344-4226 |
| Brookhaven National Lab, P.O. Box 5000 Fax: (631)344-7616 |
| Upton, NY 11973-5000 |
\------------------------------------------------------------------/
