Le 13/02/2012 10:21, Karlis Kisis a écrit :
Question #2:
The whole clustering thingy works by stopping the service on one node
and starting it on the other. In my case, I would not want iptables to
be stopped but instead restarted with a "passive" config, like block
all traffic from outside (instead of dropping firewall entirely). How
would I go about it? Custom scripts?
Yes
In fact, I have such a setup, I created a LSB compliant initscript for
iptables (/etc/init.d/firewall) and added a lsb:firewall resource.
/etc/init.d/firewall start(): /usr/local/firewall/firewall.sh
/etc/init.d/firewall stop(): /usr/local/firewall/firewall-passive.sh
As for the status() function, you'd have to decide a way to know in
which state you are.
--
Cheers,
Florian Crouzat
_______________________________________________
Pacemaker mailing list: Pacemaker@oss.clusterlabs.org
http://oss.clusterlabs.org/mailman/listinfo/pacemaker
Project Home: http://www.clusterlabs.org
Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
Bugs: http://bugs.clusterlabs.org
