[Pacemaker] Help with Pacemaker 2-node Router Setup
Eric Renfro
erenfro at gmail.com
Sat Dec 26 11:22:47 UTC 2009
Michael Schwartzkopff wrote:
> Am Samstag, 26. Dezember 2009 08:12:49 schrieb Eric Renfro:
>
>> Hello,
>>
>> I'm trying to setup 2 nodes that'll run pacemaker with openais as the
>> communication layer. Ideally what I want is for router1 to be the master
>> node and take over for router2 if it comes back up fully functional
>> again. In my setup, the routers are both internet-facing servers that
>> toggle the external internet IP to whichever controls it at the time,
>> and also handles the internal IP for the gateway for internal systems to
>> route via.
>>
>> My problem is with Route in my setup, so far, and later getting
>> shorewall to start/stop per whichever nodes active.
>>
>> Route, in my case in the setup I will show below, is failing to start
>> initially because I presume the internet IP address is not fully
>> initialized at the time it's trying to enable the route. If I do a crm
>> resource cleanup failover-gw, it brings it up just fine. If I try to
>> move the router_cluster resource to router2 from router1 after it's
>> fully up, it fails because of failover-gw on router2.
>>
> (...)
>
> If you just want to create a HA firewall why do you need to switch the routing?
> Do you know my HOWTO for a HA firewall (www.multinet.de/HAFirewall) ? I am just
> switching the ip_forward in the kernel.
>
> Greetings,
>
>
Well, it's not technically just a HA firewall. What I'm doing is making
two routers that are facing the internet directly and providing a
default route point IP (hence, 192.168.0.1), which is why the routes
need to change as a result. Having the internet IP up on both computers
tends to cause IP conflicts, correct? Though it was wierd, when I tried
this with keepalived, both had the internet IP up fully while just
passing the internal IP, 192.168.0.1, without any noticeable problem.
I'm on business class with Brighthouse Business, and they have my router
set up in bridged mode.
I'm about to try out what you said in the previous email. I'm also on
IRC freenode #linux-ha and #linux-cluster presently too, but I don't
mind using the mailing list, perhaps the discussion will help others in
the future anyway as well. ;)
--
Eric Renfro
More information about the Pacemaker
mailing list