I apologize in advance for the top posting and the horrible web based
e-mail.... I'm on the road.
I wrote a whitepaper/book about building Internet firewalls using Linux based
systems, and have been keeping it up until relatively recently. It includes a
chapter on using Heartbeat in order to manage an active/passive firewall setup.
The book itself is centered around RHEL/CentOS, but the majority of it would
work for pretty much any Linux distribution.
The main reason I haven't been keeping it up is that I am working on the
"Second Edition" of it. The original was based around the 4.x version of
RHEL/CentOS. The new version will be based around the 5.x version.
Another important note is that in the old version, it uses 2.0.8 of Heartbeat.
The new version will be using 2.1.3, but the config files, at least as far as a
firewall is concerned, look like they will be the same.
I'd be more than happy to send you a copy. I can either send you the PDF of it
or the DOC version of it.
Dear list members,
at the moment I try to setup a linux cluster of 2 firewalls that should
both be online and only one should run virtual ip addresses of all
network segments.
My configuration looks like the following:
master fw is linux (uname) and slave is idefix. I generated a
resource group called grp_vips that contains all virtual ip
resources (rsc_int_vip and rsc_ext_vip). If I reboot the master (linux)
idefix takes over all resources and everything is ok, but if I
shutdown a resource (rsc_int_vip) on the master the second resource
(rsc_ext_vip) migrates to the slave (idefix) and the first resource
(rsc_int_vip) stays at the master (linux) as unmanaged. Attached are the
ha.cf and cib.xml files of my configuration.
What I want to achieve is:
- one dedicated master (linux), only, if there are problems
switch to the slave (idefix)
- if the master comes back (or only the interface that was gone)
the whole group should migrate
back to the primary master (linux)
- if one resource of the group goes down, the whole group should
be migrated to the slave
(collocated = true of the group is already set)
- if possible, the slave should become master (to always have
the master where the resources are running
One feature I detected also with my init scripts on Opensuse 10.3 is
that heartbeat sometimes (80%)
does not start because the network is not ready. I downloaded heartbeat
rpms from the linux-ha download
site and I'm using heartbeat 2.1.3.
Any hints how I can achieve what I want are highly appreciated.
Thank you for your help.
Best regards
Christof
_______________________________________________
Linux-HA mailing list
[email protected]
http://lists.linux-ha.org/mailman/listinfo/linux-ha
See also: http://linux-ha.org/ReportingProblems
_______________________________________________
Linux-HA mailing list
[email protected]
http://lists.linux-ha.org/mailman/listinfo/linux-ha
See also: http://linux-ha.org/ReportingProblems
