[Linux-cluster] rhcs x iptables
fernando at lozano.eti.br
fernando at lozano.eti.br
Thu Mar 26 19:07:21 UTC 2009
Hi there,
I have a Fedora 10 system with two KVM virtual machines, both running RHEL 5.2 and RHCS. The intent
is to prototype a cluster configuration for a customer.
The problem is, everything is fine unless I start iptables on the VMs. But it's unacceptable to run
the cluster without am OS-level firewall. The ports list on rhcs manuals, on the cluster project
wiki, and what I observe using netstat do not agree. None of them talks about port 5149 which I
observe being opened by aisexec (cman). And I don't see any use of ports 41966 through 41968 which
are supposed to be opened my rgmanager or 5404 by cman.
But even after I changed my iptables config to open all ports, I still canot relocate or failover
services between nodes.
I configured apache as a script service to play with cluster administration. My vms are on the
default KVM network, 192.168.122./24.
It's very strange system-config-cluster on node 1 shows both nodes (cs1 and cs2) joined the cluster
and starts my teste-httpd service, but node 2 doesn't show the status of any cluster service (on
system-config-cluster).
If I try to use clusvnadm to relocate the service from cs1 to cs2, it hangs. And I can't stop
rgmanager with iptables enabled. Flushing iptables doesn't help when cman and rgmanager were started
with iptables on.
Attached are my cluster.conf, /etc/sysconfig/iptables and netstat -anp
[]s, Fernando Lozano
-------------- next part --------------
A non-text attachment was scrubbed...
Name: iptables
Type: application/octet-stream
Size: 2019 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-cluster/attachments/20090326/18615a0d/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cluster.conf
Type: application/octet-stream
Size: 1191 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-cluster/attachments/20090326/18615a0d/attachment-0001.obj>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: netstat-tudo.txt
URL: <http://listman.redhat.com/archives/linux-cluster/attachments/20090326/18615a0d/attachment.txt>
More information about the Linux-cluster
mailing list