On Mon, Jan 23, 2023 at 7:51 AM Roberto Ferrari <rferr...@mbigroup.it> wrote: > > Hello everybody, > I'd like to understand a strange behavior of a cluster of mine with, > basically, some IPAddr resource and a systemd resource that deals with > netfilter-persistent. > Here the configuration: > > primitive FW-VIP-Outside IPaddr2 \ > params ip=192.168.26.74 cidr_netmask=24 nic=outside arp_bg=true \ > op monitor interval=20s timeout=20s > primitive FW-VIP-Private IPaddr2 \ > params ip=192.168.104.100 cidr_netmask=24 nic=private arp_bg=true \ > op monitor interval=20s timeout=20s > primitive Netfilter systemd:netfilter-persistent \ > op start interval=0 timeout=60 \ > op stop interval=0 timeout=60 > group FW-VIPs FW-VIP-Private FW-VIP-Outside Netfilter > The active node, when I reboot the server, hangs shutting down for many > minutes writing: > > A stop job is running for Pacemaker High Availability Cluster Manager ( > 11 s / 30 min). (where 11 is the number of seconds already passed) > > Obviously switching to another master is immediate and performing > syetmctl stop netfilter-persistent is immediate too. > > Do you have any hint on what goes wrong with this? I cannot find > anything strange in the logs. > > Thanks a lot, > > Roberto.
Is the netfilter systemd unit enabled outside pacemaker? Run `systemctl is-enabled netfilter-persistent` to find out, and run `systemctl disable netfilter-persistent` to disable it if it's enabled. Only Pacemaker should start or stop netfilter. > > -- > _______________________________________________ > Manage your subscription: > https://lists.clusterlabs.org/mailman/listinfo/users > > ClusterLabs home: https://www.clusterlabs.org/ > -- Regards, Reid Wahl (He/Him) Senior Software Engineer, Red Hat RHEL High Availability - Pacemaker _______________________________________________ Manage your subscription: https://lists.clusterlabs.org/mailman/listinfo/users ClusterLabs home: https://www.clusterlabs.org/