On Thu, Nov 25, 2010 at 8:25 PM, Luc Paulin <[email protected]> wrote: > Hi, I am looking to setup a monitoring of gre/tunnel interface of our > clustered firewall. > > Both firewall do have a gre/ipsec tunnel to a another host/site. > What I would like to do is to add a pingd ressource which will monitor the > other endpoint of the gre tunnel. fw01 and fw02 share the same internet > connection, however to make the routing redundant I created a gre tunnel per > fw, so obviously they both have different set of ip. Here's a brief diag.. > > fw01<-->gre(172.20.1.11/32)<-->gre(172.20.1.10)<-->ipsec1 > fw02<-->gre(172.20.1.21/32)<-->gre(172.20.1.20)<-->ipsec2 > > I have tried the following, hoerver it look like when it failover to the > other system the ressource is started on the other firewall. > > primitive conn-check-gre-fw01 ocf:pacemaker:pingd \ > params host_list="172.20.1.11" multiplier="100" \ > op monitor interval="15s" timeout="5s" dampen="6s" > primitive conn-check-gre-fw02 ocf:pacemaker:pingd \ > params host_list="172.20.1.22" multiplier="100" \ > op monitor interval="15s" timeout="5s" dampen="6s" > location fw01-check-gre conn-check-gre-fw01 inf: fw01 > location fw02-check-gre conn-check-gre-fw02 inf: fw02
try location fw01-check-gre conn-check-gre-fw01 -inf: fw02 location fw02-check-gre conn-check-gre-fw02 -inf: fw01 this will ensure the pingd resources only run on the _other_ node. then you need to use the pingd attributes somewhere: http://www.clusterlabs.org/doc/en-US/Pacemaker/1.0/html/Pacemaker_Explained/ch09s03s03s02.html > > What I want to do is .. > > conn-check-gre-fw01 should be started only on fw01 > conn-check-gre-fw02 should be started only on fw02 > > if one of the 2 ressource failed, the other firewall should takeover for > other defined ressource, but those 2 ressource shouldn't redundant/started on > the other node > > -Luc > > > CONFIDENTIALITY CAUTION > This e-mail and any attachments may be confidential or legally privileged. If > you received this message in error or are not the intended recipient, you > should destroy the e-mail message and any attachments or copies, and you are > prohibited from retaining, distributing, disclosing or using any information > contained herein. Please inform us of the erroneous delivery by return > e-mail. Thank you for your cooperation. > DOCUMENT CONFIDENTIEL > Le présent courriel et tout fichier joint à celui-ci peuvent contenir des > renseignements confidentiels ou privilégiés. Si cet envoi ne s'adresse pas à > vous ou si vous l'avez reçu par erreur, vous devez l'effacer. Vous ne pouvez > conserver, distribuer, communiquer ou utiliser les renseignements qu'il > contient. Nous vous prions de nous signaler l'erreur par courriel. Merci de > votre collaboration. > _______________________________________________ > Openais mailing list > [email protected] > https://lists.linux-foundation.org/mailman/listinfo/openais > _______________________________________________ Openais mailing list [email protected] https://lists.linux-foundation.org/mailman/listinfo/openais
