Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Linux-HA: Users

Failover from external access dosent' work

 

 

Linux-HA users RSS feed   Index | Next | Previous | View Threaded


elvis.altherr at gmail

Dec 13, 2011, 7:38 AM

Post #1 of 6 (424 views)
Permalink
Failover from external access dosent' work

Dear List

I recently installed a two node heartbeat Cluster with two identical Servers.

So far so good.

for the separate Cluster Net i choose the IP Range 10.0.0.1 - 10.0.0.3
Mask 255.255.255.0

Now my problem is the following.

If a do a test to shutdown heartbeat on the Node with the IP 10.0.0.1
the secondary
Node 10.0.0.2 takes over the ressources and reserves the virtual IP 10.0.0.3

now if i access the Website from external (p.a. via office) i't dosen't work

i also checked the firewall which is correct configured and all web
requests will be forwarded from the public static IP 62.2.208.170 to
the IP 10.0.0.3

so what else coud the problem?

below the ha.cf on one node
# Logging
# debug 1
use_logd true
logfacility daemon

# Misc Options
traditional_compression off
compression bz2
coredumps true
auto_failback on

# Communications
udpport 694
ucast eth2 10.0.0.2
#autojoin any

# Thresholds (in seconds)
keepalive 2
warntime 5
deadtime 15
initdead 60
crm no
node mail2
node disthost2

Thanks for your help

--
Elvis Altherr
Brauerstrasse 83a
9016 St. Gallen
Privat: 071 2801379
E-Mail: elvis.altherr [at] gmail
_______________________________________________
Linux-HA mailing list
Linux-HA [at] lists
http://lists.linux-ha.org/mailman/listinfo/linux-ha
See also: http://linux-ha.org/ReportingProblems


dmaziuk at bmrb

Dec 13, 2011, 10:05 AM

Post #2 of 6 (412 views)
Permalink
Re: Failover from external access dosent' work [In reply to]

On 12/13/2011 09:38 AM, Elvis Altherr wrote:

> Node 10.0.0.2 takes over the ressources and reserves the virtual IP 10.0.0.3
>
> now if i access the Website from external (p.a. via office) i't dosen't work
>
> i also checked the firewall which is correct configured and all web
> requests will be forwarded from the public static IP 62.2.208.170 to
> the IP 10.0.0.3
>
> so what else coud the problem?

Did it work when 10.0.0.1 was up? Does it work from 10.0.0.1 now?

--
Dimitri Maziuk
Programmer/sysadmin
BioMagResBank, UW-Madison -- http://www.bmrb.wisc.edu
Attachments: signature.asc (0.25 KB)


elvis.altherr at gmail

Dec 13, 2011, 10:48 AM

Post #3 of 6 (411 views)
Permalink
Re: Failover from external access dosent' work [In reply to]

Am 13.12.2011 19:05, schrieb Dimitri Maziuk:
> On 12/13/2011 09:38 AM, Elvis Altherr wrote:
>
>> Node 10.0.0.2 takes over the ressources and reserves the virtual IP 10.0.0.3
>>
>> now if i access the Website from external (p.a. via office) i't dosen't work
>>
>> i also checked the firewall which is correct configured and all web
>> requests will be forwarded from the public static IP 62.2.208.170 to
>> the IP 10.0.0.3
>>
>> so what else coud the problem?
> Did it work when 10.0.0.1 was up? Does it work from 10.0.0.1 now?
Yes this works also on the secondary node 10.0.0.2

means telnet 10.0.0.1 80 -> works
also 10.0.0.2 80 (if secondary node is up of course or apache started)

it also works within my private net 192.168.1.0/24

if open the test page www.xxxxx/php/phpinfo.php it shows me the correct
hostname (mail2 if node one is up, and disthost2 if node two is up)

Also the firewall logs shows the correct forwarding to the "Cluster IP"
10.0.0.3


>
>
> _______________________________________________
> Linux-HA mailing list
> Linux-HA [at] lists
> http://lists.linux-ha.org/mailman/listinfo/linux-ha
> See also: http://linux-ha.org/ReportingProblems


--
Freundliche Grüsse

Elvis Altherr
Brauerstrasse 83a
9016 St. Gallen
071 280 13 79 (Privat)
elvis.altherr [at] gmail

_______________________________________________
Linux-HA mailing list
Linux-HA [at] lists
http://lists.linux-ha.org/mailman/listinfo/linux-ha
See also: http://linux-ha.org/ReportingProblems


dmaziuk at bmrb

Dec 13, 2011, 11:18 AM

Post #4 of 6 (410 views)
Permalink
Re: Failover from external access dosent' work [In reply to]

On 12/13/2011 12:48 PM, Elvis Altherr wrote:
> Am 13.12.2011 19:05, schrieb Dimitri Maziuk:
>> On 12/13/2011 09:38 AM, Elvis Altherr wrote:
>>
>>> Node 10.0.0.2 takes over the ressources and reserves the virtual IP 10.0.0.3
>>>
>>> now if i access the Website from external (p.a. via office) i't dosen't work
>>>
>>> i also checked the firewall which is correct configured and all web
>>> requests will be forwarded from the public static IP 62.2.208.170 to
>>> the IP 10.0.0.3
>>>
>>> so what else coud the problem?
>> Did it work when 10.0.0.1 was up? Does it work from 10.0.0.1 now?
> Yes this works also on the secondary node 10.0.0.2
>
> means telnet 10.0.0.1 80 -> works
> also 10.0.0.2 80 (if secondary node is up of course or apache started)

No I meant telnet 10.0.0.3 80.

Make sure you start apache *after* 10.0.0.3 is up.

> it also works within my private net 192.168.1.0/24
>
> if open the test page www.xxxxx/php/phpinfo.php it shows me the correct
> hostname (mail2 if node one is up, and disthost2 if node two is up)
>
> Also the firewall logs shows the correct forwarding to the "Cluster IP"
> 10.0.0.3

This sounds like http://62.2.208.170/ is inaccessible from your office.

--
Dimitri Maziuk
Programmer/sysadmin
BioMagResBank, UW-Madison -- http://www.bmrb.wisc.edu
Attachments: signature.asc (0.25 KB)


elvis.altherr at gmail

Dec 13, 2011, 11:45 AM

Post #5 of 6 (434 views)
Permalink
Re: Failover from external access dosent' work [In reply to]

Am 13.12.2011 20:18, schrieb Dimitri Maziuk:
> On 12/13/2011 12:48 PM, Elvis Altherr wrote:
>> Am 13.12.2011 19:05, schrieb Dimitri Maziuk:
>>> On 12/13/2011 09:38 AM, Elvis Altherr wrote:
>>>
>>>> Node 10.0.0.2 takes over the ressources and reserves the virtual IP 10.0.0.3
>>>>
>>>> now if i access the Website from external (p.a. via office) i't dosen't work
>>>>
>>>> i also checked the firewall which is correct configured and all web
>>>> requests will be forwarded from the public static IP 62.2.208.170 to
>>>> the IP 10.0.0.3
>>>>
>>>> so what else coud the problem?
>>> Did it work when 10.0.0.1 was up? Does it work from 10.0.0.1 now?
>> Yes this works also on the secondary node 10.0.0.2
>>
>> means telnet 10.0.0.1 80 -> works
>> also 10.0.0.2 80 (if secondary node is up of course or apache started)
> No I meant telnet 10.0.0.3 80.
>
> Make sure you start apache *after* 10.0.0.3 is up.
>
>> it also works within my private net 192.168.1.0/24
>>
>> if open the test page www.xxxxx/php/phpinfo.php it shows me the correct
>> hostname (mail2 if node one is up, and disthost2 if node two is up)
>>
>> Also the firewall logs shows the correct forwarding to the "Cluster IP"
>> 10.0.0.3
> This sounds like http://62.2.208.170/ is inaccessible from your office.
>
>
>
> _______________________________________________
> Linux-HA mailing list
> Linux-HA [at] lists
> http://lists.linux-ha.org/mailman/listinfo/linux-ha
> See also: http://linux-ha.org/ReportingProblems
ok i will check.. but i think this ins't the problem cause if a do a
portforwarding (NAT) to the webserver (mail2 = Node1) it works fine means

62.2.208.170:80 will be natted to 192.168.1.43:80

seems to be a Firewall specific problem as it works from within the
private net 192.168.1.0./24 (on the Windows7 Home PC)

very strange

telnet 10.0.0.3 80 works fine. and if i check the logs on both Servers
the apache and mysql service will started after the Script "IPAddr" has
allocated the virtual Cluster IP 10.0.0.3

see below (node 1 mail2 is stopped)

login as: ea
Using keyboard-interactive authentication.
Password:
Last login: Tue Dec 13 15:32:33 CET 2011 from mail2.elvisaltherr.ch on ssh
ea [at] disthost ~ $ su -
Password:
disthost2 ~ # tail -f /var/log/messages
Dec 13 20:10:01 disthost2 cron[16751]: (root) CMD (test -x
/usr/sbin/run-crons && /usr/sbin/run-crons )
Dec 13 20:20:01 disthost2 cron[16763]: (root) CMD (test -x
/usr/sbin/run-crons && /usr/sbin/run-crons )
Dec 13 20:29:50 disthost2 -- MARK --
Dec 13 20:30:01 disthost2 cron[16775]: (root) CMD (test -x
/usr/sbin/run-crons && /usr/sbin/run-crons )
Dec 13 20:39:32 disthost2 sshd[16786]: SSH: Server;Ltype:
Version;Remote: 192.168.1.45-56196;Protocol: 2.0;Client: PuTTY_Release_0.61
Dec 13 20:39:50 disthost2 sshd[16786]: Accepted keyboard-interactive/pam
for ea from 192.168.1.45 port 56196 ssh2
Dec 13 20:39:50 disthost2 sshd[16786]: pam_unix(sshd:session): session
opened for user ea by (uid=0)
Dec 13 20:39:53 disthost2 su[16794]: Successful su for root by ea
Dec 13 20:39:53 disthost2 su[16794]: + /dev/pts/0 ea:root
Dec 13 20:39:53 disthost2 su[16794]: pam_unix(su:session): session
opened for user root by ea(uid=1000)
tail: inotify cannot be used, reverting to polling: Function not implemented
Dec 13 20:40:01 disthost2 cron[16801]: (root) CMD (test -x
/usr/sbin/run-crons && /usr/sbin/run-crons )

disthost2 ~ # /etc/init.d/heartbeat status
heartbeat is stopped. No process
disthost2 ~ # /etc/init.d/heartbeat start
Starting High-Availability services: IPaddr[16865]: INFO: Resource is
stopped
Done.

disthost2 ~ # tail -f /var/log/messages
Dec 13 20:40:31 disthost2 heartbeat: [16915]: WARN: logd is enabled but
logfile/debugfile/logfacility is still configured in ha.cf
Dec 13 20:40:31 disthost2 heartbeat: [16915]: info:
**************************
Dec 13 20:40:31 disthost2 heartbeat: [16915]: info: Configuration
validated. Starting heartbeat 3.0.5
Dec 13 20:40:31 disthost2 heartbeat: [16916]: info: heartbeat: version 3.0.5
Dec 13 20:40:31 disthost2 heartbeat: [16916]: info: Heartbeat
generation: 1316422996
Dec 13 20:40:31 disthost2 heartbeat: [16916]: info: glib: ucast: write
socket priority set to IPTOS_LOWDELAY on eth1
Dec 13 20:40:31 disthost2 heartbeat: [16916]: info: glib: ucast: bound
send socket to device: eth1
Dec 13 20:40:31 disthost2 heartbeat: [16916]: info: glib: ucast: bound
receive socket to device: eth1
Dec 13 20:40:31 disthost2 heartbeat: [16916]: info: glib: ucast: started
on port 694 interface eth1 to 10.0.0.1
Dec 13 20:40:31 disthost2 heartbeat: [16916]: info: Local status now set
to: 'up'
tail: inotify cannot be used, reverting to polling: Function not implemented
Dec 13 20:41:17 disthost2 heartbeat: [16916]: info: Link mail2:eth1 up.
Dec 13 20:41:17 disthost2 heartbeat: [16916]: info: Status update for
node mail2: status up
Dec 13 20:41:17 disthost2 heartbeat: [16924]: debug: notify_world:
setting SIGCHLD Handler to SIG_DFL
Dec 13 20:41:17 disthost2 harc[16924]: info: Running
/usr/etc/ha.d//rc.d/status status
Dec 13 20:41:17 disthost2 heartbeat: [16916]: info: Comm_now_up():
updating status to active
Dec 13 20:41:17 disthost2 heartbeat: [16916]: info: Local status now set
to: 'active'
Dec 13 20:41:17 disthost2 heartbeat: [16916]: debug: get_delnodelist:
delnodelist=
Dec 13 20:41:18 disthost2 heartbeat: [16916]: info: Status update for
node mail2: status active
Dec 13 20:41:18 disthost2 heartbeat: [16945]: debug: notify_world:
setting SIGCHLD Handler to SIG_DFL
Dec 13 20:41:18 disthost2 harc[16945]: info: Running
/usr/etc/ha.d//rc.d/status status
Dec 13 20:41:28 disthost2 heartbeat: [16916]: info: remote resource
transition completed.
Dec 13 20:41:28 disthost2 heartbeat: [16916]: info: remote resource
transition completed.
Dec 13 20:41:28 disthost2 heartbeat: [16916]: info: Initial resource
acquisition complete (T_RESOURCES(us))
Dec 13 20:41:29 disthost2 IPaddr[16999]: INFO: Resource is stopped
Dec 13 20:41:29 disthost2 heartbeat: [16963]: info: Local Resource
acquisition completed.
Dec 13 20:41:29 disthost2 heartbeat: [16916]: debug:
StartNextRemoteRscReq(): child count 1
Dec 13 20:41:29 disthost2 heartbeat: [17034]: debug: notify_world:
setting SIGCHLD Handler to SIG_DFL
Dec 13 20:41:29 disthost2 harc[17034]: info: Running
/usr/etc/ha.d//rc.d/ip-request-resp ip-request-resp
Dec 13 20:41:29 disthost2 ip-request-resp[17034]: received
ip-request-resp 10.0.0.3 OK yes
Dec 13 20:41:29 disthost2 ResourceManager[17059]: info: Acquiring
resource group: disthost2 10.0.0.3 apache2 mysqld
Dec 13 20:41:29 disthost2 IPaddr[17088]: INFO: Resource is stopped
Dec 13 20:41:29 disthost2 ResourceManager[17059]: info: Running
/usr/etc/ha.d/resource.d/IPaddr 10.0.0.3 start
Dec 13 20:41:30 disthost2 IPaddr[17159]: INFO: Using calculated nic for
10.0.0.3: eth1
Dec 13 20:41:30 disthost2 IPaddr[17159]: INFO: Using calculated netmask
for 10.0.0.3: 255.255.255.0
Dec 13 20:41:30 disthost2 IPaddr[17159]: INFO: eval ifconfig eth1:25
10.0.0.3 netmask 255.255.255.0 broadcast 10.0.0.255
Dec 13 20:41:30 disthost2 IPaddr[17142]: INFO: Success
Dec 13 20:41:30 disthost2 ResourceManager[17059]: info: Running
/usr/etc/ha.d/resource.d/apache2 start
Dec 13 20:41:32 disthost2 ResourceManager[17059]: info: Running
/usr/etc/ha.d/resource.d/mysqld start

disthost2 ~ # tail -f /var/log/messages
Dec 13 20:41:29 disthost2 ip-request-resp[17034]: received
ip-request-resp 10.0.0.3 OK yes
Dec 13 20:41:29 disthost2 ResourceManager[17059]: info: Acquiring
resource group: disthost2 10.0.0.3 apache2 mysqld
Dec 13 20:41:29 disthost2 IPaddr[17088]: INFO: Resource is stopped
Dec 13 20:41:29 disthost2 ResourceManager[17059]: info: Running
/usr/etc/ha.d/resource.d/IPaddr 10.0.0.3 start
Dec 13 20:41:30 disthost2 IPaddr[17159]: INFO: Using calculated nic for
10.0.0.3: eth1
Dec 13 20:41:30 disthost2 IPaddr[17159]: INFO: Using calculated netmask
for 10.0.0.3: 255.255.255.0
Dec 13 20:41:30 disthost2 IPaddr[17159]: INFO: eval ifconfig eth1:25
10.0.0.3 netmask 255.255.255.0 broadcast 10.0.0.255
Dec 13 20:41:30 disthost2 IPaddr[17142]: INFO: Success
Dec 13 20:41:30 disthost2 ResourceManager[17059]: info: Running
/usr/etc/ha.d/resource.d/apache2 start
Dec 13 20:41:32 disthost2 ResourceManager[17059]: info: Running
/usr/etc/ha.d/resource.d/mysqld start
tail: inotify cannot be used, reverting to polling: Function not implemented
Dec 13 20:43:22 disthost2 heartbeat: [16916]: info: Received shutdown
notice from 'mail2'.
Dec 13 20:43:22 disthost2 heartbeat: [16916]: info: Resources being
acquired from mail2.
Dec 13 20:43:22 disthost2 heartbeat: [16916]: debug:
StartNextRemoteRscReq(): child count 1
Dec 13 20:43:22 disthost2 heartbeat: [17371]: info: acquire local HA
resources (standby).
Dec 13 20:43:22 disthost2 ResourceManager[17407]: info: Acquiring
resource group: disthost2 10.0.0.3 apache2 mysqld
Dec 13 20:43:23 disthost2 IPaddr[17431]: INFO: Running OK
Dec 13 20:43:23 disthost2 heartbeat: [17372]: info: Local Resource
acquisition completed.
Dec 13 20:43:23 disthost2 heartbeat: [16916]: debug:
StartNextRemoteRscReq(): child count 1
Dec 13 20:43:23 disthost2 IPaddr[17464]: INFO: Running OK
Dec 13 20:43:23 disthost2 ResourceManager[17407]: info: Running
/usr/etc/ha.d/resource.d/apache2 start
Dec 13 20:43:23 disthost2 ResourceManager[17407]: info: Running
/usr/etc/ha.d/resource.d/mysqld start
Dec 13 20:43:23 disthost2 /etc/init.d/mysql[17574]: WARNING: mysql has
already been started
Dec 13 20:43:23 disthost2 heartbeat: [17371]: info: local HA resource
acquisition completed (standby).
Dec 13 20:43:23 disthost2 heartbeat: [16916]: info: Standby resource
acquisition done [all].
Dec 13 20:43:23 disthost2 heartbeat: [17575]: debug: notify_world:
setting SIGCHLD Handler to SIG_DFL
Dec 13 20:43:24 disthost2 harc[17575]: info: Running
/usr/etc/ha.d//rc.d/status status
Dec 13 20:43:24 disthost2 mach_down[17593]: info:
/usr/share/heartbeat/mach_down: nice_failback: foreign resources acquired
Dec 13 20:43:24 disthost2 mach_down[17593]: info: mach_down takeover
complete for node mail2.
Dec 13 20:43:24 disthost2 heartbeat: [16916]: info: mach_down takeover
complete.
Dec 13 20:43:38 disthost2 heartbeat: [16916]: WARN: node mail2: is dead
Dec 13 20:43:38 disthost2 heartbeat: [16916]: info: Dead node mail2 gave
up resources.
Dec 13 20:43:38 disthost2 heartbeat: [16916]: info: Link mail2:eth1 dead.
and so on

of course this works also vice versa


--
Freundliche Grüsse

Elvis Altherr
Brauerstrasse 83a
9016 St. Gallen
071 280 13 79 (Privat)
elvis.altherr [at] gmail

_______________________________________________
Linux-HA mailing list
Linux-HA [at] lists
http://lists.linux-ha.org/mailman/listinfo/linux-ha
See also: http://linux-ha.org/ReportingProblems


dmaziuk at bmrb

Dec 13, 2011, 12:11 PM

Post #6 of 6 (417 views)
Permalink
Re: Failover from external access dosent' work [In reply to]

On 12/13/2011 01:45 PM, Elvis Altherr wrote:

> ok i will check.. but i think this ins't the problem cause if a do a
> portforwarding (NAT) to the webserver (mail2 = Node1) it works fine

Try this, then:
http://lists.linux-ha.org/pipermail/linux-ha/2008-March/031612.html

--
Dimitri Maziuk
Programmer/sysadmin
BioMagResBank, UW-Madison -- http://www.bmrb.wisc.edu
Attachments: signature.asc (0.25 KB)

Linux-HA users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.