On Thursday 23 September 2010 13:47:43 Dejan Muhamedagic wrote: > Hi, > > On Wed, Sep 08, 2010 at 09:26:40PM +0200, Jonathan Petersson wrote: > > Hi all, > > > > I haven't been active on this list for quite some time but I recall > > conntrack-support for heartbeat/pacemaker has been on the wall a few > > times. As I was in the process of installing a couple of new firewalls > > I figured I would spend some time actually getting some support for it > > now that the resource-based system has been put in place (great work > > btw). > > > > Please notice that the code-set is still work in progress and I'll be > > spending the next few days expanding it. > > Any new developments in the meantime? > > > The code is available at: http://pastebin.com/Bv060JvR > > > > Feel free to reply with comments and recommended changes. > > Isn't conntrack supposed to be a master-slave implementation, > i.e. where one instance sends updates to other instances? I don't > know if migrate can be used instead of demote/promote.
Hi, A MS RA for conntrackd is not nescessary. conntrack publishes its state table via multicast. You start it on all nodes of your firewall cluster as a clone resource. The firewall that has the floating IP address sees new entries in the state table and published it. All other nodes get the new entries. Passive nodes just do not get traffic and thus do not publish new entries. Of course, you could write a MS RA. But that would be too much work. Greetings, -- Dr. Michael Schwartzkopff Guardinistr. 63 81375 München Tel: (0163) 172 50 98 _______________________________________________ Linux-HA mailing list [email protected] http://lists.linux-ha.org/mailman/listinfo/linux-ha See also: http://linux-ha.org/ReportingProblems
