[Pacemaker] Location / Colocation constraints issue

Gaëtan Slongo gslongo at it-optics.com
Sun Dec 22 05:27:11 EST 2013 

Hi !

Someone has any idea ?

Thanks !


Le 18/12/13 15:08, Gaëtan Slongo a écrit :
> Hi !
>
> I'm currently building a 2 node cluster for firewalling.
> I would like to run a shorewall on both on the master and the "Slave"
> node. I tried many things but nothing works as expected. Shorewall
> configurations are good.
> What I want to do is to start shorewall standby on the other node as
> soon as my drbd resources are "Slave" or "Stopped"..?
> Could you please give me a bit of help on this problem ?
>
> Here is my current config
>
> Thanks
>
>
> node keskonrix1 \
>         attributes standby="off"
> node keskonrix2 \
>         attributes standby="off"
> primitive VIPDMZ ocf:heartbeat:IPaddr2 \
>         params ip="10.0.1.1" nic="eth2" cidr_netmask="24" iflabel="VIPDMZ" \
>         op monitor interval="30s" timeout="30s"
> primitive VIPEXPL ocf:heartbeat:IPaddr2 \
>         params ip="10.0.2.2" nic="eth3" cidr_netmask="28"
> iflabel="VIPEXPL" \
>         op monitor interval="30s" timeout="30s"
> primitive VIPLAN ocf:heartbeat:IPaddr2 \
>         params ip="192.168.1.248" nic="br0" cidr_netmask="16"
> iflabel="VIPLAN" \
>         op monitor interval="30s" timeout="30s"
> primitive VIPNET ocf:heartbeat:IPaddr2 \
>         params ip="XX.XX.XX.XX" nic="eth1" cidr_netmask="29"
> iflabel="VIPDMZ" \
>         op monitor interval="30s" timeout="30s"
> primitive VIPPDA ocf:heartbeat:IPaddr2 \
>         params ip="XX.XX.XX.XX" nic="eth1" cidr_netmask="29"
> iflabel="VIPPDA" \
>         op monitor interval="30s" timeout="30s"
> primitive apache2 lsb:apache2 \
>         op start interval="0" timeout="15s"
> primitive bind9 lsb:bind9 \
>         op start interval="0" timeout="15s"
> primitive dansguardian lsb:dansguardian \
>         op start interval="0" timeout="30s" on-fail="ignore"
> primitive drbd-ServicesConfigs1 ocf:linbit:drbd \
>         params drbd_resource="services-configs1" \
>         op monitor interval="29s" role="Master" \
>         op monitor interval="31s" role="Slave"
> primitive drbd-ServicesLogs1 ocf:linbit:drbd \
>         params drbd_resource="services-logs1" \
>         op monitor interval="29s" role="Master" \
>         op monitor interval="31s" role="Slave"
> primitive fs_ServicesConfigs1 ocf:heartbeat:Filesystem \
>         params device="/dev/drbd/by-res/services-configs1"
> directory="/drbd/services-configs1/" fstype="ext4"
> options="noatime,nodiratime" \
>         meta target-role="Started"
> primitive fs_ServicesLogs1 ocf:heartbeat:Filesystem \
>         params device="/dev/drbd/by-res/services-logs1"
> directory="/drbd/services-logs1/" fstype="ext4"
> options="noatime,nodiratime" \
>         meta target-role="Started"
> primitive ipsec-setkey lsb:setkey \
>         op start interval="0" timeout="30s"
> primitive links_ServicesConfigs1 heartbeat:drbdlinks \
>         meta target-role="Started"
> primitive openvpn lsb:openvpn \
>         op monitor interval="10" timeout="30s" \
>         meta target-role="Started"
> primitive racoon lsb:racoon \
>         op start interval="0" timeout="30s"
> primitive shorewall lsb:shorewall \
>         op start interval="0" timeout="30s" \
>         meta target-role="Started"
> primitive shorewall-standby lsb:shorewall \
>         op start interval="0" timeout="30s"
> primitive squid lsb:squid \
>         op start interval="0" timeout="15s" \
>         op stop interval="0" timeout="120s"
> group IPS-Services1 VIPLAN VIPDMZ VIPPDA VIPEXPL VIPNET \
>         meta target-role="Started"
> group IPSec ipsec-setkey racoon
> group Services1 bind9 squid dansguardian apache2 openvpn shorewall
> group ServicesData1 fs_ServicesConfigs1 fs_ServicesLogs1
> links_ServicesConfigs1
> ms drbd_master_slave_ServicesConfigs1 drbd-ServicesConfigs1 \
>         meta master-max="1" master-node-max="1" clone-max="2"
> clone-node-max="1" globally-unique="false" notify="true"
> target-role="Master"
> ms drbd_master_slave_ServicesLogs1 drbd-ServicesLogs1 \
>         meta master-max="1" master-node-max="1" clone-max="2"
> clone-node-max="1" globally-unique="false" notify="true"
> target-role="Master"
> colocation Services1_on_drbd inf:
> drbd_master_slave_ServicesConfigs1:Master
> drbd_master_slave_ServicesLogs1:Master ServicesData1 IPS-Services1
> Services1 IPSec
> colocation start-shorewall_standby-on-passive-node -inf:
> shorewall-standby shorewall
> order all_drbd inf: shorewall-standby:stop
> drbd_master_slave_ServicesConfigs1:promote
> drbd_master_slave_ServicesLogs1:promote ServicesData1:start
> IPS-Services1:start IPSec:start Services1:start
> property $id="cib-bootstrap-options" \
>         dc-version="1.1.7-ee0730e13d124c3d58f00016c3376a1de5323cff" \
>         cluster-infrastructure="openais" \
>         expected-quorum-votes="2" \
>         stonith-enabled="false" \
>         no-quorum-policy="ignore"
> rsc_defaults $id="rsc-options" \
>         resource-stickiness="100"
>
>
>
>
> _______________________________________________
> Pacemaker mailing list: Pacemaker at oss.clusterlabs.org
> http://oss.clusterlabs.org/mailman/listinfo/pacemaker
>
> Project Home: http://www.clusterlabs.org
> Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> Bugs: http://bugs.clusterlabs.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clusterlabs.org/pipermail/pacemaker/attachments/20131222/b1472475/attachment-0003.html>

More information about the Pacemaker mailing list