Hi, On Tue, Sep 28, 2010 at 06:27:17AM +0200, Michael Schhwartzkopff wrote: > On Thursday 23 September 2010 13:47:43 Dejan Muhamedagic wrote: > > Hi, > > > > On Wed, Sep 08, 2010 at 09:26:40PM +0200, Jonathan Petersson wrote: > > > Hi all, > > > > > > I haven't been active on this list for quite some time but I recall > > > conntrack-support for heartbeat/pacemaker has been on the wall a few > > > times. As I was in the process of installing a couple of new firewalls > > > I figured I would spend some time actually getting some support for it > > > now that the resource-based system has been put in place (great work > > > btw). > > > > > > Please notice that the code-set is still work in progress and I'll be > > > spending the next few days expanding it. > > > > Any new developments in the meantime? > > > > > The code is available at: http://pastebin.com/Bv060JvR > > > > > > Feel free to reply with comments and recommended changes. > > > > Isn't conntrack supposed to be a master-slave implementation, > > i.e. where one instance sends updates to other instances? I don't > > know if migrate can be used instead of demote/promote. > > Hi, > > A MS RA for conntrackd is not nescessary. conntrack publishes its state table > via multicast. You start it on all nodes of your firewall cluster as a clone > resource. The firewall that has the floating IP address sees new entries in > the > state table and published it. All other nodes get the new entries.
So, you could just as well let conntrack start by the boot process, right? I always wondered on the relative merit of cloning such resources or starting them via init. > Passive nodes just do not get traffic and thus do not publish new entries. I wonder why then there is migrate_to/from in the RA. > Of course, you could write a MS RA. But that would be too much work. Well, that doesn't seem to be needed. Thanks, Dejan > Greetings, > > -- > Dr. Michael Schwartzkopff > Guardinistr. 63 > 81375 München > > Tel: (0163) 172 50 98 > _______________________________________________ > Linux-HA mailing list > [email protected] > http://lists.linux-ha.org/mailman/listinfo/linux-ha > See also: http://linux-ha.org/ReportingProblems _______________________________________________ Linux-HA mailing list [email protected] http://lists.linux-ha.org/mailman/listinfo/linux-ha See also: http://linux-ha.org/ReportingProblems
