[Pacemaker] How SuSEfirewall2 affects on openais startup?
Tim Serong
tserong at novell.com
Thu May 13 11:10:30 UTC 2010
On 5/13/2010 at 07:22 PM, Aleksey Zholdak <aleksey at zholdak.com> wrote:
> firewall should let through the UDP multicast traffic on
>>>> ports mcastport and mcastport+1.
> >>
> >> As I wrote above: all interfaces in SuSEfirewall2 is set to "Internal
> >> zone". So, how can I "open" these ports if it already opened?
> >>
> >
> > Just to double check, I assume "Internal zone" does not have any
> > firewall rules applied to it? If you go to "Allowed Services" in the
> > YaST2 firewall config app, it should show everything greyed-out or
> > allowed for Internal Zone.
>
> Yes, exactly, everything greyed-out and allowed for "Internal Zone".
> "Internal zone is unprotected. All ports are open."
OK, that sounds fine.
> > You said earlier that openais starts OK if you have the firewall on,
> > but resources do not run. What does the output of "crm_mon -r1" show
> > in this case?
>
> sles2:~ # crm_mon -r1
> ============
> Last updated: Thu May 13 12:21:21 2010
> Stack: openais
> Current DC: NONE
> 2 Nodes configured, 2 expected votes
> 10 Resources configured.
> ============
>
> Node sles2: UNCLEAN (offline)
> Node sles1: UNCLEAN (offline)
The above is normal for while the cluster is starting up. This may sound
a little silly, but I would have expected everything to come online if
you just wait a few minutes. You can watch status changes (if any) as
they occur, with "crm_mon -r". It's worth checking /var/log/messages etc.
on each node too, to see if anything is obviously screaming in pain.
> Full list of resources:
>
> Clone Set: sbd-clone
> Stopped: [ sbd_fense:0 sbd_fense:1 ]
Don't clone the SBD stonith resource, you only need a single primitive
here (not that this should be causing your startup trouble).
Regards,
Tim
--
Tim Serong <tserong at novell.com>
Senior Clustering Engineer, OPS Engineering, Novell Inc.
More information about the Pacemaker
mailing list