[Pacemaker] Location / Colocation constraints issue

Gaëtan Slongo gslongo at it-optics.com
Wed Dec 18 14:08:54 UTC 2013


Hi !

I'm currently building a 2 node cluster for firewalling.
I would like to run a shorewall on both on the master and the "Slave"
node. I tried many things but nothing works as expected. Shorewall
configurations are good.
What I want to do is to start shorewall standby on the other node as
soon as my drbd resources are "Slave" or "Stopped"..?
Could you please give me a bit of help on this problem ?

Here is my current config

Thanks


node keskonrix1 \
        attributes standby="off"
node keskonrix2 \
        attributes standby="off"
primitive VIPDMZ ocf:heartbeat:IPaddr2 \
        params ip="10.0.1.1" nic="eth2" cidr_netmask="24" iflabel="VIPDMZ" \
        op monitor interval="30s" timeout="30s"
primitive VIPEXPL ocf:heartbeat:IPaddr2 \
        params ip="10.0.2.2" nic="eth3" cidr_netmask="28"
iflabel="VIPEXPL" \
        op monitor interval="30s" timeout="30s"
primitive VIPLAN ocf:heartbeat:IPaddr2 \
        params ip="192.168.1.248" nic="br0" cidr_netmask="16"
iflabel="VIPLAN" \
        op monitor interval="30s" timeout="30s"
primitive VIPNET ocf:heartbeat:IPaddr2 \
        params ip="XX.XX.XX.XX" nic="eth1" cidr_netmask="29"
iflabel="VIPDMZ" \
        op monitor interval="30s" timeout="30s"
primitive VIPPDA ocf:heartbeat:IPaddr2 \
        params ip="XX.XX.XX.XX" nic="eth1" cidr_netmask="29"
iflabel="VIPPDA" \
        op monitor interval="30s" timeout="30s"
primitive apache2 lsb:apache2 \
        op start interval="0" timeout="15s"
primitive bind9 lsb:bind9 \
        op start interval="0" timeout="15s"
primitive dansguardian lsb:dansguardian \
        op start interval="0" timeout="30s" on-fail="ignore"
primitive drbd-ServicesConfigs1 ocf:linbit:drbd \
        params drbd_resource="services-configs1" \
        op monitor interval="29s" role="Master" \
        op monitor interval="31s" role="Slave"
primitive drbd-ServicesLogs1 ocf:linbit:drbd \
        params drbd_resource="services-logs1" \
        op monitor interval="29s" role="Master" \
        op monitor interval="31s" role="Slave"
primitive fs_ServicesConfigs1 ocf:heartbeat:Filesystem \
        params device="/dev/drbd/by-res/services-configs1"
directory="/drbd/services-configs1/" fstype="ext4"
options="noatime,nodiratime" \
        meta target-role="Started"
primitive fs_ServicesLogs1 ocf:heartbeat:Filesystem \
        params device="/dev/drbd/by-res/services-logs1"
directory="/drbd/services-logs1/" fstype="ext4"
options="noatime,nodiratime" \
        meta target-role="Started"
primitive ipsec-setkey lsb:setkey \
        op start interval="0" timeout="30s"
primitive links_ServicesConfigs1 heartbeat:drbdlinks \
        meta target-role="Started"
primitive openvpn lsb:openvpn \
        op monitor interval="10" timeout="30s" \
        meta target-role="Started"
primitive racoon lsb:racoon \
        op start interval="0" timeout="30s"
primitive shorewall lsb:shorewall \
        op start interval="0" timeout="30s" \
        meta target-role="Started"
primitive shorewall-standby lsb:shorewall \
        op start interval="0" timeout="30s"
primitive squid lsb:squid \
        op start interval="0" timeout="15s" \
        op stop interval="0" timeout="120s"
group IPS-Services1 VIPLAN VIPDMZ VIPPDA VIPEXPL VIPNET \
        meta target-role="Started"
group IPSec ipsec-setkey racoon
group Services1 bind9 squid dansguardian apache2 openvpn shorewall
group ServicesData1 fs_ServicesConfigs1 fs_ServicesLogs1
links_ServicesConfigs1
ms drbd_master_slave_ServicesConfigs1 drbd-ServicesConfigs1 \
        meta master-max="1" master-node-max="1" clone-max="2"
clone-node-max="1" globally-unique="false" notify="true"
target-role="Master"
ms drbd_master_slave_ServicesLogs1 drbd-ServicesLogs1 \
        meta master-max="1" master-node-max="1" clone-max="2"
clone-node-max="1" globally-unique="false" notify="true"
target-role="Master"
colocation Services1_on_drbd inf:
drbd_master_slave_ServicesConfigs1:Master
drbd_master_slave_ServicesLogs1:Master ServicesData1 IPS-Services1
Services1 IPSec
colocation start-shorewall_standby-on-passive-node -inf:
shorewall-standby shorewall
order all_drbd inf: shorewall-standby:stop
drbd_master_slave_ServicesConfigs1:promote
drbd_master_slave_ServicesLogs1:promote ServicesData1:start
IPS-Services1:start IPSec:start Services1:start
property $id="cib-bootstrap-options" \
        dc-version="1.1.7-ee0730e13d124c3d58f00016c3376a1de5323cff" \
        cluster-infrastructure="openais" \
        expected-quorum-votes="2" \
        stonith-enabled="false" \
        no-quorum-policy="ignore"
rsc_defaults $id="rsc-options" \
        resource-stickiness="100"







More information about the Pacemaker mailing list