Preparing a cluster for running an active/active firewall.
Runing both nodes on Debian Sqeeze, corosync 1.2.1.
Each box has 3 nics :
- eth0 used as inside interface
- eth1 used as corosync communication between the nodes
- eth2 used as outside interface
On each box, eth0 is configured for virtual inside IP address : 172.16.0.1
On each box, eth2 is configured for virtual outside IP address :
192.168.1.50
I'm trying to have failover IP running on both nodes for both inside and
outside virtual IP addresses.
Everything works for one ( failover ip running on both nodes for inside )
but can't make it work for the second ( outside, which on start on one node
).
Guess I'm missing something with the timers or interval or timeout or
operations but really can't figure out what....
Results in the crm_mon :
============
Last updated: Sat Feb 23 17:14:10 2013
Stack: openais
Current DC: castor - partition with quorum
Version: 1.0.9-74392a28b7f31d7ddc86689598bd23114f58978b
2 Nodes configured, 2 expected votes
2 Resources configured.
============
Online: [ polux castor ]
Clone Set: clone-foip-inside
Started: [ polux castor ]
Clone Set: clone-foip-outside
Started: [ castor ]
Stopped: [ foip-outside:1 ]
Any advises over here ?
--------------------------------------------------------------------------------------------------------------------------------------------------------------
crm(live)configure# edit
node castor
node polux
primitive foip-inside ocf:heartbeat:IPaddr2 \
params ip="172.16.0.1" cidr_netmask="24" nic="eth0"
clusterip_hash="sourceip-sourceport-destport" \
op start interval="0s" timeout="30s" \
op monitor interval="5s" timeout="30s" on-fail="restart" \
op stop interval="0s" timeout="30s"
primitive foip-outside ocf:heartbeat:IPaddr2 \
params ip="192.168.1.50" cidr_netmask="24" nic="eth2"
clusterip_hash="sourceip-sourceport-destport" \
op start interval="0s" timeout="30s" \
op monitor interval="5s" timeout="30s" on-fail="restart" \
op stop interval="0s" timeout="30s"
clone clone-foip-inside foip-inside \
meta clone-max="2" clone-node-max="1" interleave="true"
notify="true" target-role="Started"
clone clone-foip-outside foip-outside \
meta clone-max="2" clone-node-max="1" interleave="true"
notify="true" target-role="Started"
property $id="cib-bootstrap-options" \
dc-version="1.0.9-74392a28b7f31d7ddc86689598bd23114f58978b" \
cluster-infrastructure="openais" \
expected-quorum-votes="2" \
stonith-enabled="false" \
no-quorum-policy="ignore"
Box 1 nics configuration :
#
# Interface eth0 --> inside
#
allow-hotplug eth0
iface eth0 inet static
address 172.16.0.2
netmask 255.255.255.0
network 172.16.0.0
broadcast 172.16.0.255
#
# Interface eth1 --> corosync
#
allow-hotplug eth1
iface eth1 inet static
address 172.16.31.1
netmask 255.255.255.252
network 172.16.31.0
broadcast 172.16.31.3
#
# Interface eth2 --> outside
#
allow-hotplug eth2
iface eth2 inet static
address 192.168.1.51
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.254
name-servers 192.168.1.254
Box 2 nics configuration :
#
# Interface eth0 --> inside
#
allow-hotplug eth0
iface eth0 inet static
address 172.16.0.3
netmask 255.255.255.0
network 172.16.0.0
broadcast 172.16.0.255
#
# Interface eth1 --> corosync
#
allow-hotplug eth1
iface eth1 inet static
address 172.16.31.2
netmask 255.255.255.252
network 172.16.31.0
broadcast 172.16.31.3
#
# Interface eth2 --> outside
#
allow-hotplug eth2
iface eth2 inet static
address 192.168.1.52
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.254
name-servers 192.168.1.254
_______________________________________________
Pacemaker mailing list: Pacemaker@oss.clusterlabs.org
http://oss.clusterlabs.org/mailman/listinfo/pacemaker
Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org
