Hi,
Recently we have deployed Sequoia into a new data center with the
following configuration.
2 controllers, 2 backends per conntroller. Web application access
Sequoia controller via ASA, allowing port 25322 TCP/UDP. Controllers
access Postgresql Database via ASA, allowing port 5432. Default on ASA
connection timeout is 60 minutes.
Webapps --> ASA Allow 25322 TCP/UDP --> Sequoia
Sequoia --> ASA Allow 5432 TCP --> Postgresql
You are missing the ports required by the group communication (depends
on your configuration) for inter-controller communication. You will also
need to open the ports for the dump transfer operation (backuper option).
We get the following error messages
ASA log
May 16 12:33:17 XXXXX Deny TCP (no connection) from LAPP1/49838 to
LDB1/5432 flags PSH ACK on interface XXX_XXX
Make sure that your connection pool timeout is lower than your ASA
connection timeout.
cluster.log
2008-05-16 12:33:19,431 INFO Database backend XXXX.ldb1 is now in
state disabled
2008-05-16 12:33:20,574 ERROR Disabling backend ldb1 because it is no
more in sync
full_cluster.log
2008-05-16 12:33:20,574 ERROR backend.DatabaseBackend.ldb1 Request
'update XXXXXXXXXXXXXXXXXX = ...' failed on backend ldb1 but 1 succeeded
(org.continuent.sequoia.common.exceptions.BadConnectionException: An
I/O error occured while sending to the backend.)
ASA broke the JDBC connection to PostgreSQL so the query execution
failed. You need to properly set your timeouts.
As I am not an expert with JDBC connections, and how Sequoia uses the
Postgresql JDBC connections to the backends, how can we specify it to
use keepalives, or is this by default? I have read that Postgresql jdbc
keepalive is off by default, referring to postgresql-jdbc-8.3-603
http://archives.postgresql.org/pgsql-jdbc/2008-02/msg00037.php
Sequoai just uses the standard JDBC API, so we have no control on
connections that are opened internally by the JDBC driver.
Another interesting point, during the fail
May 16 12:33:19 XXXXX : Deny icmp src XXXX:LAPP1
dst XXXXX:LDB1 (type 3, code 10) by access-group
"XXXXXXX" [0x0, 0x0]
It appears this is coming from our controller and sending to our
database, the ASA is dropping this as only port 5432 TCP is allowed, no
ICMP. What is it sending ICMP for, i realise this "port unreachable"
code, is this a side affect of Sequoia loosing sync with the backend?
As far as I know there is no ICMP packet sent by the controller. This
might be a misconfiguration of the group communication that can use PING
packets to detect failures.
Thanks for your interest in Sequoia,
Emmanuel
--
Emmanuel Cecchet
FTO @ Frog Thinker
Open Source Development & Consulting
--
Web: http://www.frogthinker.org
email: [EMAIL PROTECTED]
Skype: emmanuel_cecchet
_______________________________________________
Sequoia mailing list
[email protected]
https://forge.continuent.org/mailman/listinfo/sequoia
