|
Thanks for your help ;=)
Yes, but the keepalived list have no asnwer ;=)
for my problems (2-)
his issue happens also when shorewall is desactivated on both machines and
iptables accepts all, this seems to me a keepalive issue no ?
Graeme Fowler a écrit :
Hi
Quiet as it may be over there, this question really belongs on the
keepalived mailing list as this is not LVS related. I'll try to answer
it here in any case:
On 23/08/2006 05:37, Noc Phibee wrote:
I request a small help on my Keepalived config ;=)
1- For Vrrp protocol, anyone know what entry i pu into shorewall 3.1.2 ?
You must allow packets from/to network 224.0.0.0/8
If you want to control this a bit more accurately, define mcast_src_ip
in your keepalived.conf for each defined vrrp_instance, and set your
filters accordingly.
2- I want that when my group change of state, he restart Shorewall.
I have used the notify_*:
When my MASTER are dead, the BACKUP change state and it's good.
but when the MASTER are available and get the virtual IP, he start
8/10x
the same script (restart of shorewall).
Anyone have a idea why he don't change immediatly the states ?
Firstly it looks like the Master is receiving the announcements from
the Backup. This is good. The Backup is also receiving packets from
the Master, which is also good - this is why the Backup flip-flops
from BACKUP to MASTER to BACKUP state continuously.
However - something else is happening here, and I expect it's your
Shorewall config.
Ignoring the Master machine for a moment, let me put forward a
possible reason:
The Backup machine starts up, brings up keepalived, and goes into
BACKUP state. Shorewall is dropping packets at this point, so the
Backup machine goes to MASTER state, does things to Shorewall with the
notify script, and starts to accept packets. It then receives an
advertisement from the Master director, so it switches to BACKUP
state, changes the Shorewall config back, misses advertisement,
switches to MASTER, changes the firewall, misses advertisement, etc etc.
Assuming this is correct, there are several things you need to do:
1. Make sure the Shorewall config isn't dropping the packets you want
(see the suggestions above).
2. Put your notify* script actions into your vrrp_sync_group block
instead of the vrrp_instance. That way it'll only fire once, when the
group changes state, rather than one being fired off for every
instance state change *and* the group.
Graeme
_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://www.in-addr.de/mailman/listinfo/lvs-users
|
