On Tuesday 28 September 2010 11:13:47 Dejan Muhamedagic wrote: > Hi, > > On Tue, Sep 28, 2010 at 06:27:17AM +0200, Michael Schhwartzkopff wrote: > > On Thursday 23 September 2010 13:47:43 Dejan Muhamedagic wrote: > > > Hi, > > > > > > On Wed, Sep 08, 2010 at 09:26:40PM +0200, Jonathan Petersson wrote: > > > > Hi all, > > > > > > > > I haven't been active on this list for quite some time but I recall > > > > conntrack-support for heartbeat/pacemaker has been on the wall a few > > > > times. As I was in the process of installing a couple of new > > > > firewalls I figured I would spend some time actually getting some > > > > support for it now that the resource-based system has been put in > > > > place (great work btw). > > > > > > > > Please notice that the code-set is still work in progress and I'll be > > > > spending the next few days expanding it. > > > > > > Any new developments in the meantime? > > > > > > > The code is available at: http://pastebin.com/Bv060JvR > > > > > > > > Feel free to reply with comments and recommended changes. > > > > > > Isn't conntrack supposed to be a master-slave implementation, > > > i.e. where one instance sends updates to other instances? I don't > > > know if migrate can be used instead of demote/promote. > > > > Hi, > > > > A MS RA for conntrackd is not nescessary. conntrack publishes its state > > table via multicast. You start it on all nodes of your firewall cluster > > as a clone resource. The firewall that has the floating IP address sees > > new entries in the state table and published it. All other nodes get the > > new entries. > > So, you could just as well let conntrack start by the boot > process, right? I always wondered on the relative merit of > cloning such resources or starting them via init.
Monitoring via the cluster. An reaction when the resource doesn't run any more. -- Dr. Michael Schwartzkopff Guardinistr. 63 81375 München Tel: (0163) 172 50 98 _______________________________________________ Linux-HA mailing list [email protected] http://lists.linux-ha.org/mailman/listinfo/linux-ha See also: http://linux-ha.org/ReportingProblems
