On 19 Dec 2013, at 1:08 am, Gaëtan Slongo <gslo...@it-optics.com> wrote:
> Hi ! > > I'm currently building a 2 node cluster for firewalling. > I would like to run a shorewall on both on the master and the "Slave" > node. I tried many things but nothing works as expected. Shorewall > configurations are good. > What I want to do is to start shorewall standby on the other node as > soon as my drbd resources are "Slave" or "Stopped"..? > Could you please give me a bit of help on this problem ? It will be something like: colocation XXX -inf: shorewall-standby drbd_master_slave_ServicesConfigs1:Master colocation YYY -inf: shorewall-standby drbd_master_slave_ServicesLogs1:Master > > Here is my current config > > Thanks > > > node keskonrix1 \ > attributes standby="off" > node keskonrix2 \ > attributes standby="off" > primitive VIPDMZ ocf:heartbeat:IPaddr2 \ > params ip="10.0.1.1" nic="eth2" cidr_netmask="24" iflabel="VIPDMZ" \ > op monitor interval="30s" timeout="30s" > primitive VIPEXPL ocf:heartbeat:IPaddr2 \ > params ip="10.0.2.2" nic="eth3" cidr_netmask="28" > iflabel="VIPEXPL" \ > op monitor interval="30s" timeout="30s" > primitive VIPLAN ocf:heartbeat:IPaddr2 \ > params ip="192.168.1.248" nic="br0" cidr_netmask="16" > iflabel="VIPLAN" \ > op monitor interval="30s" timeout="30s" > primitive VIPNET ocf:heartbeat:IPaddr2 \ > params ip="XX.XX.XX.XX" nic="eth1" cidr_netmask="29" > iflabel="VIPDMZ" \ > op monitor interval="30s" timeout="30s" > primitive VIPPDA ocf:heartbeat:IPaddr2 \ > params ip="XX.XX.XX.XX" nic="eth1" cidr_netmask="29" > iflabel="VIPPDA" \ > op monitor interval="30s" timeout="30s" > primitive apache2 lsb:apache2 \ > op start interval="0" timeout="15s" > primitive bind9 lsb:bind9 \ > op start interval="0" timeout="15s" > primitive dansguardian lsb:dansguardian \ > op start interval="0" timeout="30s" on-fail="ignore" > primitive drbd-ServicesConfigs1 ocf:linbit:drbd \ > params drbd_resource="services-configs1" \ > op monitor interval="29s" role="Master" \ > op monitor interval="31s" role="Slave" > primitive drbd-ServicesLogs1 ocf:linbit:drbd \ > params drbd_resource="services-logs1" \ > op monitor interval="29s" role="Master" \ > op monitor interval="31s" role="Slave" > primitive fs_ServicesConfigs1 ocf:heartbeat:Filesystem \ > params device="/dev/drbd/by-res/services-configs1" > directory="/drbd/services-configs1/" fstype="ext4" > options="noatime,nodiratime" \ > meta target-role="Started" > primitive fs_ServicesLogs1 ocf:heartbeat:Filesystem \ > params device="/dev/drbd/by-res/services-logs1" > directory="/drbd/services-logs1/" fstype="ext4" > options="noatime,nodiratime" \ > meta target-role="Started" > primitive ipsec-setkey lsb:setkey \ > op start interval="0" timeout="30s" > primitive links_ServicesConfigs1 heartbeat:drbdlinks \ > meta target-role="Started" > primitive openvpn lsb:openvpn \ > op monitor interval="10" timeout="30s" \ > meta target-role="Started" > primitive racoon lsb:racoon \ > op start interval="0" timeout="30s" > primitive shorewall lsb:shorewall \ > op start interval="0" timeout="30s" \ > meta target-role="Started" > primitive shorewall-standby lsb:shorewall \ > op start interval="0" timeout="30s" > primitive squid lsb:squid \ > op start interval="0" timeout="15s" \ > op stop interval="0" timeout="120s" > group IPS-Services1 VIPLAN VIPDMZ VIPPDA VIPEXPL VIPNET \ > meta target-role="Started" > group IPSec ipsec-setkey racoon > group Services1 bind9 squid dansguardian apache2 openvpn shorewall > group ServicesData1 fs_ServicesConfigs1 fs_ServicesLogs1 > links_ServicesConfigs1 > ms drbd_master_slave_ServicesConfigs1 drbd-ServicesConfigs1 \ > meta master-max="1" master-node-max="1" clone-max="2" > clone-node-max="1" globally-unique="false" notify="true" > target-role="Master" > ms drbd_master_slave_ServicesLogs1 drbd-ServicesLogs1 \ > meta master-max="1" master-node-max="1" clone-max="2" > clone-node-max="1" globally-unique="false" notify="true" > target-role="Master" > colocation Services1_on_drbd inf: > drbd_master_slave_ServicesConfigs1:Master > drbd_master_slave_ServicesLogs1:Master ServicesData1 IPS-Services1 > Services1 IPSec > colocation start-shorewall_standby-on-passive-node -inf: > shorewall-standby shorewall > order all_drbd inf: shorewall-standby:stop > drbd_master_slave_ServicesConfigs1:promote > drbd_master_slave_ServicesLogs1:promote ServicesData1:start > IPS-Services1:start IPSec:start Services1:start > property $id="cib-bootstrap-options" \ > dc-version="1.1.7-ee0730e13d124c3d58f00016c3376a1de5323cff" \ > cluster-infrastructure="openais" \ > expected-quorum-votes="2" \ > stonith-enabled="false" \ > no-quorum-policy="ignore" > rsc_defaults $id="rsc-options" \ > resource-stickiness="100" > > > > > _______________________________________________ > Pacemaker mailing list: Pacemaker@oss.clusterlabs.org > http://oss.clusterlabs.org/mailman/listinfo/pacemaker > > Project Home: http://www.clusterlabs.org > Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf > Bugs: http://bugs.clusterlabs.org
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Pacemaker mailing list: Pacemaker@oss.clusterlabs.org http://oss.clusterlabs.org/mailman/listinfo/pacemaker Project Home: http://www.clusterlabs.org Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf Bugs: http://bugs.clusterlabs.org
