[Pacemaker] Issues in a statefull firewall using "conntrackd" with heartbeat+pacemaker

CeR cer.inet at linuxmail.org
Thu Apr 28 17:48:58 EDT 2011 

Hi there.
I'm testing the building of a stateful firewall HA (active-pasive) cluster
using "conntrackd" (netfilter project) with heartbeat + pacemaker.
I have already working my virtual ips resources in the cluster, following
the "cluster from scratch" document in the pacemaker documentation.

Now, I'm in the moment to handle with conntrackd as a resource. As first, i
didn't find any pre-established resource-agent after the basic installation
of all the software from the official debian repos.
Then i found in the linux-ha mail list a RA script, that i copied into
"/etc/ha.d/resource.d/conntrackd".
As soon as I add the resources for having conntrackd working in the cluster,
the others resources (virtual ips) dissapear.

Have some error messages I can't understand:
NOTE: My nodes are "fw1" and "fw2".
------------------------------------------

root at fw1:~# crm status
============
Last updated: Thu Apr 28 19:28:43 2011
Stack: Heartbeat
Current DC: fw2 (a20e072f-ce5b-41ec-873a-d998180ca5ce) - partition with
quorum
Version: 1.0.9-74392a28b7f31d7ddc86689598bd23114f58978b
2 Nodes configured, unknown expected votes
4 Resources configured.
============
Online: [ fw1 fw2 ]
 master_conntrackd (heartbeat:conntrackd): Started fw2 (unmanaged) FAILED
 slave_conntrackd (heartbeat:conntrackd): Started fw2 (unmanaged) FAILED
Failed actions:
    master_conntrackd_start_0 (node=fw2, call=7, rc=127, status=complete):
<unknown>
    master_conntrackd_stop_0 (node=fw2, call=10, rc=127, status=complete):
<unknown>
    slave_conntrackd_start_0 (node=fw2, call=8, rc=127, status=complete):
<unknown>
    slave_conntrackd_stop_0 (node=fw2, call=11, rc=127, status=complete):
<unknown>
----------------------------------



When I added the resources:
--------------------------------------------
root at fw1:~# crm configure primitive slave_conntrackd heartbeat:conntrackd \
op monitor depth="0" timeout="20" interval="20" role="Slave"

WARNING: slave_conntrackd: action monitor_Slave_0 not advertised in
meta-data, it may not be supported by the RA

----------------------------------------------------


This is the script
http://pastebin.com/ji497mQt

Any idea? Thanks!

-- 
/* Arturo Borrero Gonzalez || cer.inet at linuxmail.org */
/* Use debian gnu/linux! Best OS ever! */
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.clusterlabs.org/pipermail/pacemaker/attachments/20110428/d88e64e5/attachment-0002.html>

More information about the Pacemaker mailing list