[Pacemaker] Issues in a statefull firewall using "conntrackd" with heartbeat+pacemaker
Florian Haas
florian.haas at linbit.com
Fri Apr 29 07:26:42 UTC 2011
On 2011-04-28 23:48, CeR wrote:
> When I added the resources:
> --------------------------------------------
> root at fw1:~# crm configure primitive slave_conntrackd heartbeat:conntrackd \
> op monitor depth="0" timeout="20" interval="20" role="Slave"
This is not how you're supposed to configure master/slave sets. And
conntrackd is also not a heartbeat resource agent, but an OCF one. And
that monitor op definition is also shot. I think you deserve a prize for
most efficiently cramming configuration errors into one line. :)
Try this:
crm configure primitive p_conntrackd ocf:heartbeat:conntrackd \
op monitor timeout="20" interval="20" role="Slave" \
op monitor timeout="20" interval="10" role="Master"
crm configure ms ms_conntrackd p_conntrackd \
meta notify="true" interleave="true"
All of that being said, I do notice that the conntrackd RA incorrectly
advertises its monitor operations, and the man pages we generate could
use some improvement as to how they present examples for master/slave sets.
Hope this helps.
Florian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <https://lists.clusterlabs.org/pipermail/pacemaker/attachments/20110429/3a639bbf/attachment-0004.sig>
More information about the Pacemaker
mailing list