[Linux-cluster] rhcs x iptables
jumanjiman at gmail.com
jumanjiman at gmail.com
Tue Mar 31 14:21:00 UTC 2009
Add some LOG rules to your netfilter config. Use wireshark. Between those two you will find the issue.
-paul
Sent via BlackBerry by AT&T
-----Original Message-----
From: Fernando Lozano <fernando at lozano.eti.br>
Date: Tue, 31 Mar 2009 11:16:40
To: linux clustering<linux-cluster at redhat.com>
Subject: Re: [Linux-cluster] rhcs x iptables
Hi,
Four days and no replies... maybe you folks don't like me as the list
has a healthy trafic on other topics ;-)
Is there anything with my setup that shouldn't work? The problem is not
with VMs because I tried the same configs with two real Dell servers and
got the same problems. My iptables rules follow what's in RHCS manuals
and wiki, and I found nothing new with netstat -a.
Even them rgmanager only works correctly with iptables turned off (that
is, iptables -F). If I start iptables (service iptables start) and then
try to start cman and rgmanager, it won't work to flush iptables rules,
I am forced to power off because rgmanager won't work and won't stop.
My setup is simple: no clvm, no gfs, no gnbd. Just rgmanager and an http
service configured as a script and an ip resource. But with iptables on,
rgmanager won't relocate or failover the http service. More strange,
system-config-cluster shows the service status only on the first node,
on the second one it shows an emply service list.
What can I do to debug the problem, as my /var/log/messages don't show
any error messages, just what apears to be a regular two-node cluster
startup?
[]s, Fernando Lozano
> Hi there,
>
> I have a Fedora 10 system with two KVM virtual machines, both running RHEL 5.2 and RHCS. The intent
> is to prototype a cluster configuration for a customer.
>
> The problem is, everything is fine unless I start iptables on the VMs. But it's unacceptable to run
> the cluster without am OS-level firewall. The ports list on rhcs manuals, on the cluster project
> wiki, and what I observe using netstat do not agree. None of them talks about port 5149 which I
> observe being opened by aisexec (cman). And I don't see any use of ports 41966 through 41968 which
> are supposed to be opened my rgmanager or 5404 by cman.
>
> But even after I changed my iptables config to open all ports, I still canot relocate or failover
> services between nodes.
>
> I configured apache as a script service to play with cluster administration. My vms are on the
> default KVM network, 192.168.122./24.
>
> It's very strange system-config-cluster on node 1 shows both nodes (cs1 and cs2) joined the cluster
> and starts my teste-httpd service, but node 2 doesn't show the status of any cluster service (on
> system-config-cluster).
>
> If I try to use clusvnadm to relocate the service from cs1 to cs2, it hangs. And I can't stop
> rgmanager with iptables enabled. Flushing iptables doesn't help when cman and rgmanager were started
> with iptables on.
>
> Attached are my cluster.conf, /etc/sysconfig/iptables and netstat -anp
>
>
> []s, Fernando Lozano
>
>
> ------------------------------------------------------------------------
>
> --
> Linux-cluster mailing list
> Linux-cluster at redhat.com
> https://www.redhat.com/mailman/listinfo/linux-cluster
--
Linux-cluster mailing list
Linux-cluster at redhat.com
https://www.redhat.com/mailman/listinfo/linux-cluster
More information about the Linux-cluster
mailing list