[Pacemaker] Cluster forward problem

Luana C. Rocha luanac.rocha at gmail.com
Thu Oct 14 20:20:08 UTC 2010 

  Hi,

I've configured two ubuntu 10.04 x64 Kernel 2.6.32-21 with pacemaker and 
heartbeat as my network gateway, both active sharing the same ip address.
If I point the client machines gateway to the real ip of one the 
machines in the cluster, everything works perfectly (i've tested using 
the real ip of both machines in the cluster).
If I point the client machines gateway to the virtual Ip shared between 
the servers in the cluster, i can't access nothing, even when all 
iptables rules are allowing the traffic.
I can use the virtual ip to connect to resources available in the 
cluster machines like ssh (of course in this case i can't predict whose 
machine will answer, but it works). Seems like the problem is in the 
packet forward.
With tcpdump  i can see the package arriving in the local interface but 
i can't see the package in the external interface.
The parameter net.ipv4.ip_forward is set to 1 in the /etc/sysctl.conf.
I've transcript my configuration bellow. Can someone point me what is wrong?

cat /etc/ha.d/ha.cf
bcast eth0
autojoin any
crm on

crm>configure:

node $id="1900805f-0d48-4907-8534-91ead998858b" lira02
node $id="4e98dba2-3588-4e6d-954a-61c85b1c6766" lira01
primitive LANIP ocf:heartbeat:IPaddr2 \
operations $id="LANIP-operations" \
op monitor interval="10s" timeout="20s" start-delay="0" \
params ip="10.10.10.1" nic="eth2" cidr_netmask="24" 
clusterip_hash="sourceip-sourceport" \
meta resource-stickiness="0"
primitive SLANIP ocf:heartbeat:IPaddr2 \
operations $id="SLANIP-operations" \
op monitor interval="10s" timeout="20s" start-delay="0" \
params ip="192.168.1.1" nic="eth1" cidr_netmask="24" 
clusterip_hash="sourceip-sourceport" \
meta resource-stickiness="0"
clone cloneLANIP LANIP \
meta clone-max="2" globally-unique="true" clone-node-max="2" 
target-role="Started"
clone cloneSLANIP SLANIP \
meta clone-max="2" globally-unique="true" clone-node-max="2" 
target-role="Started"
property $id="cib-bootstrap-options" \
dc-version="1.0.8-042548a451fce8400660f6031f4da6f0223dd5dd" \
cluster-infrastructure="Heartbeat" \
stonith-enabled="false"

crm_mon
Attempting connection to the cluster...
============
Last updated: Thu Oct 14 17:14:32 2010
Stack: Heartbeat
Current DC: lira02 (1900805f-0d48-4907-8534-91ead998858b) - partition 
with quorum
Version: 1.0.8-042548a451fce8400660f6031f4da6f0223dd5dd
2 Nodes configured, unknown expected votes
2 Resources configured.
============

Online: [ lira01 lira02 ]

  Clone Set: cloneLANIP (unique)
LANIP:0    (ocf::heartbeat:IPaddr2):Started lira02
LANIP:1    (ocf::heartbeat:IPaddr2):Started lira01
  Clone Set: cloneSLANIP (unique)
SLANIP:0   (ocf::heartbeat:IPaddr2):Started lira01
SLANIP:1   (ocf::heartbeat:IPaddr2):Started lira02

Failed actions:
     LANIP:0_start_0 (node=lira01, call=7, rc=1, status=complete): 
unknown error

cat /etc/conntrackd/conntrackd.conf
#
# Synchronizer settings
#
Sync {
Mode FTFW {
Multicast {
IPv4_address 225.0.0.50
Group 3780
IPv4_interface 10.0.0.1
Interface eth0
SndSocketBuffer 1249280
RcvSocketBuffer 1249280
Checksum on
}
Nice -20
HashSize 32768
HashLimit 131072
LogFile on
Syslog on
LockFile /var/lock/conntrack.lock
UNIX {
Path /var/run/conntrackd.ctl
Backlog 20
}
NetlinkBufferSize 2097152
NetlinkBufferSizeMaxGrowth 8388608
Filter From Userspace {
Protocol Accept {
TCP
}
Address Ignore {
      IPv4_address 127.0.0.1 # loopback
}
}
}


  ifconfig
eth0      Link encap:Ethernet  HWaddr 6c:f0:49:f4:9e:5a
           inet addr:10.0.0.1  Bcast:10.0.0.255  Mask:255.255.255.0
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:40840 errors:0 dropped:0 overruns:0 frame:0
           TX packets:42623 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:1000
           RX bytes:8145406 (8.1 MB)  TX bytes:8627833 (8.6 MB)
           Interrupt:26

eth1      Link encap:Ethernet  HWaddr 1c:af:f7:0e:04:ce
           inet addr:192.168.1.23  Bcast:192.168.1.255  Mask:255.255.255.0
           UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
           RX packets:21526 errors:0 dropped:0 overruns:0 frame:0
           TX packets:9957 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:1000
           RX bytes:8008204 (8.0 MB)  TX bytes:1372032 (1.3 MB)
           Interrupt:20 Base address:0x6000

eth2      Link encap:Ethernet  HWaddr 1c:af:f7:70:df:6b
           inet addr:10.10.10.23  Bcast:10.10.10.255  Mask:255.255.255.0
           UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
           RX packets:109820 errors:0 dropped:0 overruns:0 frame:0
           TX packets:27931 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:1000
           RX bytes:11085542 (11.0 MB)  TX bytes:11731850 (11.7 MB)
           Interrupt:19 Base address:0x6000

lo        Link encap:Local Loopback
           inet addr:127.0.0.1  Mask:255.0.0.0
           UP LOOPBACK RUNNING  MTU:16436  Metric:1
           RX packets:3833 errors:0 dropped:0 overruns:0 frame:0
           TX packets:3833 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:2443307 (2.4 MB)  TX bytes:2443307 (2.4 MB)

  iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
CLUSTERIP  all  --  anywhere             192.168.1.1         CLUSTERIP 
hashmode=sourceip-sourceport clustermac=59:B7:CB:37:F5:70 total_nodes=2 
local_node=1 hash_init=0
CLUSTERIP  all  --  anywhere             10.10.10.1          CLUSTERIP 
hashmode=sourceip-sourceport clustermac=31:39:E3:41:DC:6F total_nodes=2 
local_node=2 hash_init=0

More information about the Pacemaker mailing list