Re: [Pacemaker] How SuSEfirewall2 affects on openais startup?

Thu, 13 May 2010 06:51:34 -0700 

firewall should let through the UDP multicast traffic on

ports mcastport and mcastport+1.


As I wrote above: all interfaces in SuSEfirewall2 is set to "Internal
zone". So, how can I "open" these ports if it already opened?


Just to double check, I assume "Internal zone" does not have any
firewall rules applied to it?  If you go to "Allowed Services" in the
YaST2 firewall config app, it should show everything greyed-out or
allowed for Internal Zone.


Yes, exactly, everything greyed-out and allowed for "Internal Zone".
"Internal zone is unprotected. All ports are open."


OK, that sounds fine.


You said earlier that openais starts OK if you have the firewall on,
but resources do not run.  What does the output of "crm_mon -r1" show
in this case?



sles2:~ # crm_mon -r1
============
Last updated: Thu May 13 12:21:21 2010
Stack: openais
Current DC: NONE
2 Nodes configured, 2 expected votes
10 Resources configured.
============

Node sles2: UNCLEAN (offline)
Node sles1: UNCLEAN (offline)


The above is normal for while the cluster is starting up.  This may sound
a little silly, but I would have expected everything to come online if
you just wait a few minutes.  You can watch status changes (if any) as
they occur, with "crm_mon -r".  It's worth checking /var/log/messages etc.
on each node too, to see if anything is obviously screaming in pain.


In such state node are unchanged for hours.

Analysis of logs in this situation does not say anything ...


I must remind you that we are talking about a running one node of the two. 
The second node is turned off (burned, stolen, etc.)



   Clone Set: sbd-clone
       Stopped: [ sbd_fense:0 sbd_fense:1 ]


Don't clone the SBD stonith resource, you only need a single primitive
here (not that this should be causing your startup trouble).


sbd fence must be on each node.

When the firewall is off or run both of nodes - no problem.

--
Aleksey

_______________________________________________
Pacemaker mailing list: Pacemaker@oss.clusterlabs.org
http://oss.clusterlabs.org/mailman/listinfo/pacemaker

Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf























					Reply via email to