[Linux-HA] HA Firewall

Tue Nov 20 05:13:30 MST 2007

Hi,

On Tue, Nov 20, 2007 at 10:17:20AM +0000, North Country Boy wrote:
> Hi there, 
>  
> Sorry about the mailer, I will make sure I check the format
> before I send in future.  Thanks for the info about ipfail
> failing.  How do I configure this to connect to heartbeat?  I
> followed the readme but obviously that does not work.

That should be rather simple:

http://www.linux-ha.org/ConfigureIpfail

Check also

http://www.linux-ha.org/ha.cf

Make sure that the user in the respawn directive exists and that
it is a member of the haclient group. Note that ipfail works only
with v1 configurations. If you're using crm (v2) then try pingd.

Thanks,

Dejan

>  
> NCB.
>  
>  
> Hi,On Mon, Nov 19, 2007 at 08:29:23PM +0000, North Country Boy wrote:> Hello again. Please find attached my logs from both node1 and node2.> > Using node1 logs as reference, here are the sequence of events for brevity20:52 start node1 & node220.55 node1 can no longer reach the external host. Node 2 does not log anything for this event!20:59 node1 can now reach external host. Node 2 does not log anything for this event!21:01 heartbeat (eth0) cable pulled out. Both machines recognise and a failover begins, node 2 logs this and failover is successful21.03 heartbeat (eth0) plugged back in . Both machines respond and failover completes successfully.> It just seems that this will not failover unless the heartbeart connection fails!! > > Joris - thanks for the suggestion I will certainly take a look to see what other solutions people use. However I really want to crack this using heartbeat so that I can apply this to other situations such as webservers etc. For the purpose of this firewall I am not really interested in state table failover because the idea is just to keep an online presence in the event of failure overnight.> > > Nov 19 20:52:04 node1 logd: [9992]: info: setting log facility to daemon> Nov 19 20:52:04 node1 logd: [9992]: info: logd started with /etc/logd.cf.> Nov 19 20:52:04 node1 logd: [9992]: WARN: Core dumps could be lost if multiple dumps occur.> Nov 19 20:52:04 node1 logd: [9992]: WARN: Consider setting non-default value in /proc/sys/kernel/core_pattern (or equivalent) for maximum supportability> Nov 19 20:52:04 node1 logd: [9992]: WARN: Consider setting /proc/sys/kernel/core_uses_pid (or equivalent) to 1 for maximum supportability> Nov 19 20:52:04 node1 logd: [9993]: info: G_main_add_SignalHandler: Added signal handler for signal 15> Nov 19 20:52:04 node1 logd: [9992]: info: G_main_add_SignalHandler: Added signal handler for signal 15> Nov 19 20:52:04 node1 heartbeat: [10053]: info: Enabling logging daemon > Nov 19 20:52:04 node1 heartbeat: [10053]: info: logfile and debug file are those specified in logd config file (default /etc/logd.cf)> Nov 19 20:52:04 node1 heartbeat: [10053]: WARN: Core dumps could be lost if multiple dumps occur.> Nov 19 20:52:04 node1 heartbeat: [10053]: WARN: Consider setting non-default value in /proc/sys/kernel/core_pattern (or equivalent) for maximum supportability> Nov 19 20:52:04 node1 heartbeat: [10053]: WARN: Consider setting /proc/sys/kernel/core_uses_pid (or equivalent) to 1 for maximum supportability> Nov 19 20:52:04 node1 heartbeat: [10053]: info: Version 2 support: false> Nov 19 20:52:04 node1 heartbeat: [10053]: info: **************************> Nov 19 20:52:04 node1 heartbeat: [10053]: info: Configuration validated. Starting heartbeat 2.1.2> Nov 19 20:52:04 node1 heartbeat: [10054]: info: heartbeat: version 2.1.2> Nov 19 20:52:04 node1 heartbeat: [10054]: info: Heartbeat generation: 1193181887> Nov 19 20:52:04 node1 heartbeat: [10054]: info: G_main_add_TriggerHandler: Added signal manual handler> Nov 19 20:52:04 node1 heartbeat: [10054]: info: G_main_add_TriggerHandler: Added signal manual handler> Nov 19 20:52:04 node1 heartbeat: [10054]: info: Removing /var/run/heartbeat/rsctmp failed, recreating.> Nov 19 20:52:04 node1 heartbeat: [10054]: info: glib: UDP Broadcast heartbeat started on port 694 (694) interface eth0> Nov 19 20:52:04 node1 heartbeat: [10054]: info: glib: UDP Broadcast heartbeat closed on port 694 interface eth0 - Status: 1> Nov 19 20:52:04 node1 heartbeat: [10054]: info: glib: ping heartbeat started.> Nov 19 20:52:04 node1 heartbeat: [10054]: info: G_main_add_SignalHandler: Added signal handler for signal 17> Nov 19 20:52:04 node1 heartbeat: [10054]: info: Local status now set to: 'up'> Nov 19 20:52:05 node1 heartbeat: [10054]: info: Link node1:eth0 up.> Nov 19 20:52:06 node1 heartbeat: [10054]: info: Link externalhost:externalhost up.> Nov 19 20:52:06 node1 heartbeat: [10054]: info: Status update for node externalhost: status ping> Nov 19 20:52:35 node1 heartbeat: [10054]: WARN: node node2: is dead> Nov 19 20:52:35 node1 heartbeat: [10054]: info: Comm_now_up(): updating status to active> Nov 19 20:52:35 node1 heartbeat: [10054]: info: Local status now set to: 'active'> Nov 19 20:52:35 node1 heartbeat: [10054]: info: Starting child client "/usr/lib/heartbeat/ipfail" (0,0)> Nov 19 20:52:35 node1 heartbeat: [10054]: WARN: No STONITH device configured.> Nov 19 20:52:35 node1 heartbeat: [10054]: WARN: Shared disks are not protected.> Nov 19 20:52:35 node1 heartbeat: [10054]: info: Resources being acquired from node2.> Nov 19 20:52:35 node1 heartbeat: [10064]: info: Starting "/usr/lib/heartbeat/ipfail" as uid 0 gid 0 (pid 10064)> Nov 19 20:52:35 node1 heartbeat: [10065]: debug: notify_world: setting SIGCHLD Handler to SIG_DFL> Nov 19 20:52:35 node1 ipfail: [10064]: debug: PID=10064> Nov 19 20:52:35 node1 ipfail: [10064]: debug: Signing in with heartbeat> Nov 19 20:52:35 node1 heartbeat: [10054]: WARN: Client [ipfail] pid 10064 failed authorization [client failed authorization]> Nov 19 20:52:35 node1 heartbeat: [10054]: ERROR: api_process_registration_msg: cannot add client(ipfail)Your ipfail never connects to the Heartbeat. No wonder that itwon't work.Any chance to change your mail user agent? This one, whatever itis, sucks.Thanks,Dejan
> _________________________________________________________________
> Feel like a local wherever you go.
> http://www.backofmyhand.com_______________________________________________
> Linux-HA mailing list
> Linux-HA at lists.linux-ha.org
> http://lists.linux-ha.org/mailman/listinfo/linux-ha
> See also: http://linux-ha.org/ReportingProblems