[Pacemaker] How SuSEfirewall2 affects on openais startup?
Aleksey Zholdak
aleksey at zholdak.com
Thu May 13 05:22:51 EDT 2010
>>> The firewall should let through the UDP multicast traffic on
>>> ports mcastport and mcastport+1.
>>
>> As I wrote above: all interfaces in SuSEfirewall2 is set to "Internal
>> zone". So, how can I "open" these ports if it already opened?
>>
>
> Just to double check, I assume "Internal zone" does not have any
> firewall rules applied to it? If you go to "Allowed Services" in the
> YaST2 firewall config app, it should show everything greyed-out or
> allowed for Internal Zone.
Yes, exactly, everything greyed-out and allowed for "Internal Zone".
"Internal zone is unprotected. All ports are open."
> You said earlier that openais starts OK if you have the firewall on,
> but resources do not run. What does the output of "crm_mon -r1" show
> in this case?
sles2:~ # crm_mon -r1
============
Last updated: Thu May 13 12:21:21 2010
Stack: openais
Current DC: NONE
2 Nodes configured, 2 expected votes
10 Resources configured.
============
Node sles2: UNCLEAN (offline)
Node sles1: UNCLEAN (offline)
Full list of resources:
Clone Set: sbd-clone
Stopped: [ sbd_fense:0 sbd_fense:1 ]
Clone Set: dlm-clone
Stopped: [ dlm:0 dlm:1 ]
Clone Set: clvm-clone
Stopped: [ clvm:0 clvm:1 ]
Clone Set: eCluster_vg0-clone
Stopped: [ eCluster_vg0:0 eCluster_vg0:1 ]
Clone Set: o2cb-clone
Stopped: [ o2cb:0 o2cb:1 ]
Clone Set: fs-clone
Stopped: [ fs:0 fs:1 ]
Clone Set: pingd-clone
Stopped: [ pingd:0 pingd:1 ]
Resource Group: ip-group
int_ip (ocf::heartbeat:IPaddr2): Stopped
ext_ip (ocf::heartbeat:IPaddr2): Stopped
Resource Group: engine-group
mysql (ocf::heartbeat:mysql): Stopped
apache (ocf::heartbeat:apache): Stopped
Resource Group: tools-group
ftp (ocf::heartbeat:Pure-FTPd): Stopped
--
Aleksey
More information about the Pacemaker
mailing list