'Re: [Linux-ha-dev] Tickle Ack function in portblock resource'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-ha-dev
Subject:    Re: [Linux-ha-dev] Tickle Ack function in portblock resource
From:       Sam Tran <stlist () gmail ! com>
Date:       2010-04-30 15:54:48
Message-ID: h2tcee681b01004300854qa07c013brc2a585d737b684da () mail ! gmail ! com
[Download RAW message or body]

On Tue, Apr 27, 2010 at 6:02 AM, Dejan Muhamedagic <dejanmm@fastmail.fm> wrote:
> Hi,
>
> On Mon, Apr 26, 2010 at 04:35:31PM -0400, Sam Tran wrote:
>> Hi All,
>>
>> I am running pacemaker 1.0.8 + corosync 1.2.1 + resource-agents 1.0.3
>> on a pair of OpenLDAP master servers (CentOS Linux 5.4).
>>
>> The active OpenLDAP master hold the failover IP resource. An OpenLDAP
>> replica server is connecting to that failover IP address the master
>> server for updates, then the connection is maintained, and the replica
>> is waiting for subsequent updates from the master server. The
>> connection state is successfully synchronized using csync2. If the
>> active master server fails, the other master takes over the resources
>> and I was expecting the Tickle Ack function in the portblock resource
>> to break the established connection between the replica and the
>> failover IP. But the latter didn't happen. I am not sure what I am
>> doing wrong. Here is my crm configuration:
>>
>> node info-ldap-015.internal.example.com
>> node info-ldap-016.internal.example.com
>> primitive email-notify ocf:heartbeat:MailTo \
>>         params email="stlist@example.com" subject="TEST_LDAP_PROVIDER_CLUSTER"
>> primitive failover-ip1 ocf:heartbeat:IPaddr2 \
>>         params ip="192.168.8.171" \
>>         op monitor interval="5s"
>> primitive portblock_block ocf:heartbeat:portblock \
>>         params protocol="tcp" ip="192.168.8.171" portno="636" action="block" \
>>         op monitor interval="10" timeout="10" depth="0"
>> primitive portblock_unblock ocf:heartbeat:portblock \
>>         params protocol="tcp" ip="192.168.8.171" portno="636" action="unblock" \
>>         op monitor interval="10" timeout="10" depth="0"
>> tickle_dir="/tmp/tickle" sync_script="/usr/sbin/csync2 -xvr"
>
> This can't stand just so, on its own. Wrong cut&paste? Anyway, it
> should look like this:
>
> primitive portblock_unblock ocf:heartbeat:portblock \
>        params protocol="tcp" ip="192.168.8.171" portno="636" action="unblock" \
>                tickle_dir="/tmp/tickle" sync_script="/usr/sbin/csync2 -xvr" \
>        op monitor interval="10" timeout="10" depth="0"
>
> BTW, better keep the tickle_dir where only root can write.
>
> Otherwise, you can try to watch the wire with tcpdump and see if
> the RA sends reset TCP packets to the clients.
>

I did a packet capture on the node that is taking over the resources:
it doesn't send any TCP packets to the LDAP replica. Here are the
relevant lines in the message log that include the string 'portblock':

Apr 30 10:06:13 info-ldap-015 crmd: [11246]: info: do_lrm_rsc_op:
Performing key=14:170:0:71879926-a8a3-4c77-89f5-0cfb84e836b7
op=portblock_block_start_0 )
Apr 30 10:06:13 info-ldap-015 lrmd: [11243]: info: rsc:portblock_block:9: start
Apr 30 10:06:13 info-ldap-015 lrmd: [11243]: info: Managed
portblock_block:start process 11572 exited with return code 0.
Apr 30 10:06:13 info-ldap-015 crmd: [11246]: info: process_lrm_event:
LRM operation portblock_block_start_0 (call=9, rc=0, cib-update=15,
confirmed=true) ok
Apr 30 10:06:13 info-ldap-015 crmd: [11246]: info: do_lrm_rsc_op:
Performing key=15:170:0:71879926-a8a3-4c77-89f5-0cfb84e836b7
op=portblock_block_monitor_10000 )
Apr 30 10:06:13 info-ldap-015 lrmd: [11243]: info:
rsc:portblock_block:10: monitor
Apr 30 10:06:13 info-ldap-015 crmd: [11246]: info: do_lrm_rsc_op:
Performing key=17:170:0:71879926-a8a3-4c77-89f5-0cfb84e836b7
op=portblock_unblock_start_0 )
Apr 30 10:06:13 info-ldap-015 lrmd: [11243]: info:
rsc:portblock_unblock:11: start
Apr 30 10:06:13 info-ldap-015 lrmd: [11243]: info: Managed
portblock_block:monitor process 11589 exited with return code 0.
Apr 30 10:06:13 info-ldap-015 crmd: [11246]: info: process_lrm_event:
LRM operation portblock_block_monitor_10000 (call=10, rc=0,
cib-update=16, confirmed=false) ok
Apr 30 10:06:13 info-ldap-015 lrmd: [11243]: info: Managed
portblock_unblock:start process 11599 exited with return code 0.
Apr 30 10:06:13 info-ldap-015 crmd: [11246]: info: process_lrm_event:
LRM operation portblock_unblock_start_0 (call=11, rc=0, cib-update=17,
confirmed=true) ok
Apr 30 10:06:13 info-ldap-015 crmd: [11246]: info: do_lrm_rsc_op:
Performing key=18:170:0:71879926-a8a3-4c77-89f5-0cfb84e836b7
op=portblock_unblock_monitor_10000 )
Apr 30 10:06:13 info-ldap-015 lrmd: [11243]: info:
rsc:portblock_unblock:12: monitor
Apr 30 10:06:14 info-ldap-015 lrmd: [11243]: info: Managed
portblock_unblock:monitor process 11609 exited with return code 0.
Apr 30 10:06:14 info-ldap-015 crmd: [11246]: info: process_lrm_event:
LRM operation portblock_unblock_monitor_10000 (call=12, rc=0,
cib-update=18, confirmed=false) ok
Apr 30 10:06:23 info-ldap-015 pengine: [11245]: notice: native_print:
    portblock_block      (ocf::heartbeat:portblock):     Started
info-ldap-015.internal.example.com
Apr 30 10:06:23 info-ldap-015 pengine: [11245]: notice: native_print:
    portblock_unblock    (ocf::heartbeat:portblock):     Started
info-ldap-015.internal.example.com
Apr 30 10:06:23 info-ldap-015 pengine: [11245]: info:
native_merge_weights: failover-ip1: Rolling back scores from
portblock_block
Apr 30 10:06:23 info-ldap-015 pengine: [11245]: info:
native_merge_weights: email-notify: Rolling back scores from
portblock_block
Apr 30 10:06:23 info-ldap-015 pengine: [11245]: notice: LogActions:
Leave resource portblock_block      (Started
info-ldap-015.internal.example.com)
Apr 30 10:06:23 info-ldap-015 pengine: [11245]: notice: LogActions:
Leave resource portblock_unblock    (Started
info-ldap-015.internal.example.com)
Apr 30 10:06:24 info-ldap-015 pengine: [11245]: notice: native_print:
    portblock_block      (ocf::heartbeat:portblock):     Started
info-ldap-015.internal.example.com
Apr 30 10:06:24 info-ldap-015 pengine: [11245]: notice: native_print:
    portblock_unblock    (ocf::heartbeat:portblock):     Started
info-ldap-015.internal.example.com
Apr 30 10:06:24 info-ldap-015 pengine: [11245]: info:
native_merge_weights: failover-ip1: Rolling back scores from
portblock_block
Apr 30 10:06:24 info-ldap-015 pengine: [11245]: info:
native_merge_weights: email-notify: Rolling back scores from
portblock_block
Apr 30 10:06:24 info-ldap-015 pengine: [11245]: notice: LogActions:
Leave resource portblock_block      (Started
info-ldap-015.internal.example.com)
Apr 30 10:06:24 info-ldap-015 pengine: [11245]: notice: LogActions:
Leave resource portblock_unblock    (Started
info-ldap-015.internal.example.com)

Thanks,
Sam
_______________________________________________________
Linux-HA-Dev: Linux-HA-Dev@lists.linux-ha.org
http://lists.linux-ha.org/mailman/listinfo/linux-ha-dev
Home Page: http://linux-ha.org/

[prev in list] [next in list] [prev in thread] [next in thread] 