Hi, I am looking to setup a monitoring of gre/tunnel interface of our clustered
firewall.
Both firewall do have a gre/ipsec tunnel to a another host/site.
What I would like to do is to add a pingd ressource which will monitor the
other endpoint of the gre tunnel. fw01 and fw02 share the same internet
connection, however to make the routing redundant I created a gre tunnel per
fw, so obviously they both have different set of ip. Here's a brief diag..
fw01<-->gre(172.20.1.11/32)<-->gre(172.20.1.10)<-->ipsec1
fw02<-->gre(172.20.1.21/32)<-->gre(172.20.1.20)<-->ipsec2
I have tried the following, hoerver it look like when it failover to the other
system the ressource is started on the other firewall.
primitive conn-check-gre-fw01 ocf:pacemaker:pingd \
params host_list="172.20.1.11" multiplier="100" \
op monitor interval="15s" timeout="5s" dampen="6s"
primitive conn-check-gre-fw02 ocf:pacemaker:pingd \
params host_list="172.20.1.22" multiplier="100" \
op monitor interval="15s" timeout="5s" dampen="6s"
location fw01-check-gre conn-check-gre-fw01 inf: fw01
location fw02-check-gre conn-check-gre-fw02 inf: fw02
What I want to do is ..
conn-check-gre-fw01 should be started only on fw01
conn-check-gre-fw02 should be started only on fw02
if one of the 2 ressource failed, the other firewall should takeover for other
defined ressource, but those 2 ressource shouldn't redundant/started on the
other node
-Luc
CONFIDENTIALITY CAUTION
This e-mail and any attachments may be confidential or legally privileged. If
you received this message in error or are not the intended recipient, you
should destroy the e-mail message and any attachments or copies, and you are
prohibited from retaining, distributing, disclosing or using any information
contained herein. Please inform us of the erroneous delivery by return e-mail.
Thank you for your cooperation.
DOCUMENT CONFIDENTIEL
Le présent courriel et tout fichier joint à celui-ci peuvent contenir des
renseignements confidentiels ou privilégiés. Si cet envoi ne s'adresse pas à
vous ou si vous l'avez reçu par erreur, vous devez l'effacer. Vous ne pouvez
conserver, distribuer, communiquer ou utiliser les renseignements qu'il
contient. Nous vous prions de nous signaler l'erreur par courriel. Merci de
votre collaboration.
_______________________________________________
Openais mailing list
[email protected]
https://lists.linux-foundation.org/mailman/listinfo/openais