[Pacemaker] Setting up routing for a virtual ip

Stephan-Frank Henry Frank.Henry at gmx.net
Fri Sep 3 11:17:13 EDT 2010 

-------- Original-Nachricht --------
> Datum: Thu, 02 Sep 2010 19:08:00 +0200
> Von: "Stephan-Frank Henry" <Frank dot Henry at gmx dot net>
> An: The Pacemaker cluster resource manager <pacemaker at oss.clusterlabs.org>
> Betreff: Re: [Pacemaker] Setting up routing for a virtual ip

> -------- Original-Nachricht --------
> > Datum: Thu, 02 Sep 2010 11:40:13 +0200
> > Von: "Stephan-Frank Henry" <Frank dot Henry at gmx dot net>
> > An: pacemaker at oss.clusterlabs.org
> > Betreff: [Pacemaker] Setting up routing for a virtual ip
> 
> > Hello everyone,
> > 
> > I am currently stuck trying to set up routing for a configured virtual
> ip
> > to the static ip on the same host.
> > 
> > static ip: 150.158.1.2
> > (I have two nics in use, but this is the important one)
> > virtual ip: 1.2.3.4
> > nic: eth0
> > 
> > versions:
> > Debian Lenny 2.6.33.3 x86_64
> > corosync : 1.2.1-1
> > libheartbeat2 : 3.0.3-2
> > 
> > Here are the relevant parts:
> > <primitive id="ip_resource" class="ocf" type="IPaddr2"
> > provider="heartbeat">
> >   <instance_attributes id="virtual-ip-attribs">
> >     <attributes>
> >       <nvpair id="virtual-ip-addr" name="ip" value="1.2.3.4"/>
> >       <nvpair id="virtual-ip-addr-nic" name="nic" value="eth0"/>
> >       <nvpair id="virtual-ip-addr-netmask" name="cidr_netmask"
> > value="22"/>
> >     </attributes>
> >   </instance_attributes>
> >   <operations>
> >     <op id="virtual-ip-monitor-10s" interval="10s" name="monitor"/>
> >   </operations>
> > </primitive>
> > <primitive id="ip_gateway" class="ocf" type="Route"
> provider="heartbeat">
> >   <instance_attributes id="route-ip-attribs">
> >     <attributes>
> >       <nvpair id="gateway-ip-source" name="source" value="1.2.3.4"/>
> >       <nvpair id="gateway-ip-gateway" name="gateway"
> value="150.158.1.2"/>
> >       <nvpair id="gateway-ip-destination" name="destination"
> > value="0.0.0.0/0"/>
> >       <nvpair id="gateway-ip-device" name="device" value="eth0"/>
> >     </attributes>
> >   </instance_attributes>
> >   <operations>
> >     <op id="gateway-ip-monitor-10s" timeout="20s" interval="10s"
> > name="monitor"/>
> >   </operations>
> > </primitive>
> > 
> > But when I run it, it prints out messages like:
> > Route[25503]: ERROR: ip_gateway Failed to add network route: to
> 0.0.0.0/0
> > via 150.158.1.2 src 1.2.3.5
> > WARN: unpack_rsc_op: Processing failed op ip_gateway_start_0 on
> nodealpha:
> > unknown error (1)
> > 
> > I have tried it with variations (f.i. leaving out the device) but
> without
> > success.
> > 
> > If I remove the routing config, it works fine.
> > 
> > What am I missing?
> > 
> > Could it be related to the fact that I do not see a virtual interface
> via
> > ifconfig (-a)?
> > 
> > thanks
> > 
> > Frank
> 
> Self-update :D
> 
> I have updated the settings and now am only using IPaddr instead of the *2
> version and now at least I can see the virtual ip.
> 
> I also commented out the device (dunno if I should put in eth0 or eth0:0)
> and changed the virtual ip to 150.158.1.5
> 
> now I am getting this error
> 
> crmd: [20637]: info: do_lrm_rsc_op: Performing
> key=35:1:0:d010917f-1f67-415a-b02b-97c784c1974f op=ip_gateway_start_0 )
> lrmd: [20634]: info: rsc:ip_gateway:15: start
> crmd: [20637]: info: te_rsc_command: Initiating action 35: start
> ip_gateway_start_0 on nodealpha (local)
> crmd: [20637]: info: process_lrm_event: LRM operation
> ip_resource_monitor_10000 (call=14, rc=0, cib-update=41, confirmed=false) ok
> lrmd: [20634]: info: RA output: (ip_gateway:start:stderr) RTNETLINK
> answers: File exists
> crmd: [20637]: info: match_graph_event: Action ip_resource_monitor_10000
> (34) confirmed on nodealpha (rc=0)
> Route[21137]: ERROR: ip_gateway Failed to add network route: to 0.0.0.0/0
> via 150.158.1.2
> crmd: [20637]: info: process_lrm_event: LRM operation ip_gateway_start_0
> (call=15, rc=1, cib-update=42, confirmed=true) unknown error
> 
> Anyone?
> 
> BTW: I'm not a network expert, so please highlight any issues.
> 
> thanks
> 
> Frank

Oookay, so it looks like one of the issues is my near complete lack of knowledge of networking.

>From one of our resident networking guys it seems as though I need iptables to solve this issue.

Something like
iptables -t nat -A PREROUTING -p tcp -i eth0 -d 150.158.1.5 -j DNAT --to 150.158.1.2
iptables -A FORWARD -p tcp -i eth0 -d 150.158.1.5 -j ACCEPT

Is there any way to natively embed this into the resource management or do I need to have my own scripts?
I checked the files but I could not really find anything useful.

thanks

frank
-- 
GMX DSL SOMMER-SPECIAL: Surf & Phone Flat 16.000 für nur 19,99 Euro/mtl.!*
http://portal.gmx.net/de/go/dsl

More information about the Pacemaker mailing list