Cluster quorum work the label and it is suppose to be unique across a given SAN. AFAIK, not mandatory to keep the same device names -----Original Message----- From: linux-cluster-bounces@xxxxxxxxxx [mailto:linux-cluster-bounces@xxxxxxxxxx] On Behalf Of linux-cluster-request@xxxxxxxxxx Sent: Friday, September 18, 2009 6:36 AM To: linux-cluster@xxxxxxxxxx Subject: Linux-cluster Digest, Vol 65, Issue 21 Send Linux-cluster mailing list submissions to linux-cluster@xxxxxxxxxx To subscribe or unsubscribe via the World Wide Web, visit https://www.redhat.com/mailman/listinfo/linux-cluster or, via email, send a message with subject or body 'help' to linux-cluster-request@xxxxxxxxxx You can reach the person managing the list at linux-cluster-owner@xxxxxxxxxx When replying, please edit your Subject line so it is more specific than "Re: Contents of Linux-cluster digest..." Today's Topics: 1. consistent quorum disk on cluster nodes (James Marcinek) 2. Re: consistent quorum disk on cluster nodes (Marc - A. Dahlhaus [ Administration | Westermann GmbH ]) 3. Re: consistent quorum disk on cluster nodes (James Marcinek) 4. Re: consistent quorum disk on cluster nodes (Marc - A. Dahlhaus [ Administration | Westermann GmbH ]) 5. Re: consistent quorum disk on cluster nodes (James Marcinek) 6. exact iptables command to stop a source from accessing a Linux cluster (sunhux G) 7. Re: exact iptables command to stop a source from accessing a Linux cluster (Ian Hayes) 8. Re: exact iptables command to stop a source from accessing a Linux cluster (sunhux G) 9. Re: exact iptables command to stop a source from accessing a Linux cluster (Ian Hayes) 10. Re: exact iptables command to stop a source from accessing a Linux cluster (sunhux G) ---------------------------------------------------------------------- Message: 1 Date: Thu, 17 Sep 2009 12:30:30 -0400 (EDT) From: James Marcinek <jmarc1@xxxxxxxxxxxxxx> Subject: consistent quorum disk on cluster nodes To: rhelcluster <Linux-cluster@xxxxxxxxxx> Message-ID: <664969789.1531253205029999.JavaMail.root@xxxxxxxxxxxxxxxxxxxx> Content-Type: text/plain; charset=utf-8 Hello all, Can anyone point me in the right direction to some examples of defining udev rules for quorum disks (or disks in general). I'm reading in the docs that the quorum disk needs to be the same on all nodes. I have 2 node clusters, which I've allocated a shared 100MB lun that I've created the quorum disk (mkqdisk command); however the devices are not showing up as the same device (eg /dev/sdc on one node and /dev/sdb on the other ). If the quorum disk could be managed by lvm that would likely make life easier but I'm not sure that would work or is supported, but I think that would be easier than having to create a udev rule for it... Thanks, james ------------------------------ Message: 2 Date: Thu, 17 Sep 2009 18:46:04 +0200 From: "Marc - A. Dahlhaus [ Administration | Westermann GmbH ]" <mad@xxxxxx> Subject: Re: consistent quorum disk on cluster nodes To: linux clustering <linux-cluster@xxxxxxxxxx> Message-ID: <1253205964.2641.156.camel@marc> Content-Type: text/plain Am Donnerstag, den 17.09.2009, 12:30 -0400 schrieb James Marcinek: > Hello all, > > Can anyone point me in the right direction to some examples of defining udev rules for quorum disks (or disks in general). I'm reading in the docs that the quorum disk needs to be the same on all nodes. I have 2 node clusters, which I've allocated a shared 100MB lun that I've created the quorum disk (mkqdisk command); however the devices are not showing up as the same device (eg /dev/sdc on one node and /dev/sdb on the other ). > > If the quorum disk could be managed by lvm that would likely make life easier but I'm not sure that would work or is supported, but I think that would be easier than having to create a udev rule for it... > > Thanks, > > james You should try to use the LABEL of the qdisk to select it. man qdiskd Marc ------------------------------ Message: 3 Date: Thu, 17 Sep 2009 12:53:47 -0400 (EDT) From: James Marcinek <jmarc1@xxxxxxxxxxxxxx> Subject: Re: consistent quorum disk on cluster nodes To: linux clustering <linux-cluster@xxxxxxxxxx> Message-ID: <1664263533.1561253206427426.JavaMail.root@xxxxxxxxxxxxxxxxxxxx> Content-Type: text/plain; charset=utf-8 ok, So I can specify it by the label when I issued the mkqdisk -c /dev/sdx -l quorum command (where x is device)? Thanks, James ----- Original Message ----- From: "Marc - A. Dahlhaus [ Administration | Westermann GmbH ]" <mad@xxxxxx> To: "linux clustering" <linux-cluster@xxxxxxxxxx> Sent: Thursday, September 17, 2009 12:46:04 PM GMT -05:00 US/Canada Eastern Subject: Re: consistent quorum disk on cluster nodes Am Donnerstag, den 17.09.2009, 12:30 -0400 schrieb James Marcinek: > Hello all, > > Can anyone point me in the right direction to some examples of defining udev rules for quorum disks (or disks in general). I'm reading in the docs that the quorum disk needs to be the same on all nodes. I have 2 node clusters, which I've allocated a shared 100MB lun that I've created the quorum disk (mkqdisk command); however the devices are not showing up as the same device (eg /dev/sdc on one node and /dev/sdb on the other ). > > If the quorum disk could be managed by lvm that would likely make life easier but I'm not sure that would work or is supported, but I think that would be easier than having to create a udev rule for it... > > Thanks, > > james You should try to use the LABEL of the qdisk to select it. man qdiskd Marc -- Linux-cluster mailing list Linux-cluster@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/linux-cluster ------------------------------ Message: 4 Date: Thu, 17 Sep 2009 19:00:41 +0200 From: "Marc - A. Dahlhaus [ Administration | Westermann GmbH ]" <mad@xxxxxx> Subject: Re: consistent quorum disk on cluster nodes To: linux clustering <linux-cluster@xxxxxxxxxx> Message-ID: <1253206841.2641.162.camel@marc> Content-Type: text/plain Am Donnerstag, den 17.09.2009, 12:53 -0400 schrieb James Marcinek: > ok, > > So I can specify it by the label when I issued the mkqdisk -c /dev/sdx -l quorum command (where x is device)? > > Thanks, James, you need to run the mkqdisk command only on one of your boxes but add the desired label to it. Then read how to add the qdisk configuration to your cluster.conf in the man page of qdisk(5). Marc ------------------------------ Message: 5 Date: Thu, 17 Sep 2009 18:49:03 -0400 (EDT) From: James Marcinek <jmarc1@xxxxxxxxxxxxxx> Subject: Re: consistent quorum disk on cluster nodes To: linux clustering <linux-cluster@xxxxxxxxxx> Message-ID: <542588928.1661253227743959.JavaMail.root@xxxxxxxxxxxxxxxxxxxx> Content-Type: text/plain; charset=utf-8 Yes thanks, I was just put the label in when I defined the quorum disk. All 9 clusters up and running! Thanks, James ----- Original Message ----- From: "Marc - A. Dahlhaus [ Administration | Westermann GmbH ]" <mad@xxxxxx> To: "linux clustering" <linux-cluster@xxxxxxxxxx> Sent: Thursday, September 17, 2009 1:00:41 PM GMT -05:00 US/Canada Eastern Subject: Re: consistent quorum disk on cluster nodes Am Donnerstag, den 17.09.2009, 12:53 -0400 schrieb James Marcinek: > ok, > > So I can specify it by the label when I issued the mkqdisk -c /dev/sdx -l quorum command (where x is device)? > > Thanks, James, you need to run the mkqdisk command only on one of your boxes but add the desired label to it. Then read how to add the qdisk configuration to your cluster.conf in the man page of qdisk(5). Marc -- Linux-cluster mailing list Linux-cluster@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/linux-cluster ------------------------------ Message: 6 Date: Fri, 18 Sep 2009 10:33:04 +0800 From: sunhux G <sunhux@xxxxxxxxx> Subject: exact iptables command to stop a source from accessing a Linux cluster To: linux clustering <linux-cluster@xxxxxxxxxx> Message-ID: <60f08e700909171933h116656ablf58ea7212026472c@xxxxxxxxxxxxxx> Content-Type: text/plain; charset="iso-8859-1" Hi, I have a RHEL 5.1 cluster that's constantly being accessed by an application from a Windows server application via sqlnet (ie Tcp port 1521) which caused a specific Oracle accounts to be locked. The owner of the Windows box does not know why the Filenet application is doing this so while she's doing the research which configuration in Filenet needs to be fixed to stop this, we need an interim measure to block this Windows server's access to the cluster. Thus I would like to set up iptables / firewall on this Linux box to stop the sqlnet access. Can someone provide me some example commands / syntax ? Source IP address : 10.5.5.25 (Windows server) Tcp port : 1521 My Linux boxes IP address : 10.5.5.46 / .47 My Linux cluster virtual addr : 10.5.5.45 In fact I would like to block on all ports on the Linux cluster to stop this Windows server from accessing it. So what's the exact commands I should issue on each of the Linux box? Would iptables also block the Windows server from accessing the cluster virtual IP addr? Thanks U -------------- next part -------------- An HTML attachment was scrubbed... URL: https://www.redhat.com/archives/linux-cluster/attachments/20090918/a6525 9ca/attachment.html ------------------------------ Message: 7 Date: Thu, 17 Sep 2009 19:36:42 -0700 From: Ian Hayes <cthulhucalling@xxxxxxxxx> Subject: Re: exact iptables command to stop a source from accessing a Linux cluster To: linux clustering <linux-cluster@xxxxxxxxxx> Message-ID: <36df569a0909171936n3dec0996uf96342be6a1f672@xxxxxxxxxxxxxx> Content-Type: text/plain; charset="iso-8859-1" iptables -A INPUT -s 10.5.5.25 -j DROP On Thu, Sep 17, 2009 at 7:33 PM, sunhux G <sunhux@xxxxxxxxx> wrote: > > Hi, > > I have a RHEL 5.1 cluster that's constantly being accessed by an > application from a Windows server application via sqlnet (ie Tcp > port 1521) which caused a specific Oracle accounts to be locked. > > The owner of the Windows box does not know why the Filenet > application is doing this so while she's doing the research which > configuration in Filenet needs to be fixed to stop this, we need an > interim measure to block this Windows server's access to the cluster. > > Thus I would like to set up iptables / firewall on this Linux box to > stop the sqlnet access. Can someone provide me some example > commands / syntax ? > > Source IP address : 10.5.5.25 (Windows server) > Tcp port : 1521 > My Linux boxes IP address : 10.5.5.46 / .47 > My Linux cluster virtual addr : 10.5.5.45 > > In fact I would like to block on all ports on the Linux cluster to stop > this Windows server from accessing it. So what's the exact commands > I should issue on each of the Linux box? Would iptables also block > the Windows server from accessing the cluster virtual IP addr? > > > Thanks > U > > > > > -- > Linux-cluster mailing list > Linux-cluster@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/linux-cluster > -------------- next part -------------- An HTML attachment was scrubbed... URL: https://www.redhat.com/archives/linux-cluster/attachments/20090917/6701d a76/attachment.html ------------------------------ Message: 8 Date: Fri, 18 Sep 2009 11:22:15 +0800 From: sunhux G <sunhux@xxxxxxxxx> Subject: Re: exact iptables command to stop a source from accessing a Linux cluster To: linux clustering <linux-cluster@xxxxxxxxxx> Message-ID: <60f08e700909172022k73729a81s38d10eb9024f358c@xxxxxxxxxxxxxx> Content-Type: text/plain; charset="iso-8859-1" Thanks Ian. So I issue this command on both cluster nodes and it will also stop access to the virtual cluster address? What's the command to reverse / remove " iptables -A INPUT -s 10.5.5.25 -j DROP " ? Just in case there's a problem, I'll need to reverse. Tks U On Fri, Sep 18, 2009 at 10:36 AM, Ian Hayes <cthulhucalling@xxxxxxxxx>wrote: > iptables -A INPUT -s 10.5.5.25 -j DROP > > On Thu, Sep 17, 2009 at 7:33 PM, sunhux G <sunhux@xxxxxxxxx> wrote: > >> >> Hi, >> >> I have a RHEL 5.1 cluster that's constantly being accessed by an >> application from a Windows server application via sqlnet (ie Tcp >> port 1521) which caused a specific Oracle accounts to be locked. >> >> The owner of the Windows box does not know why the Filenet >> application is doing this so while she's doing the research which >> configuration in Filenet needs to be fixed to stop this, we need an >> interim measure to block this Windows server's access to the cluster. >> >> Thus I would like to set up iptables / firewall on this Linux box to >> stop the sqlnet access. Can someone provide me some example >> commands / syntax ? >> >> Source IP address : 10.5.5.25 (Windows server) >> Tcp port : 1521 >> My Linux boxes IP address : 10.5.5.46 / .47 >> My Linux cluster virtual addr : 10.5.5.45 >> >> In fact I would like to block on all ports on the Linux cluster to stop >> this Windows server from accessing it. So what's the exact commands >> I should issue on each of the Linux box? Would iptables also block >> the Windows server from accessing the cluster virtual IP addr? >> >> >> Thanks >> U >> >> >> >> >> -- >> Linux-cluster mailing list >> Linux-cluster@xxxxxxxxxx >> https://www.redhat.com/mailman/listinfo/linux-cluster >> > > > -- > Linux-cluster mailing list > Linux-cluster@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/linux-cluster > -------------- next part -------------- An HTML attachment was scrubbed... URL: https://www.redhat.com/archives/linux-cluster/attachments/20090918/87275 760/attachment.html ------------------------------ Message: 9 Date: Thu, 17 Sep 2009 20:38:25 -0700 From: Ian Hayes <cthulhucalling@xxxxxxxxx> Subject: Re: exact iptables command to stop a source from accessing a Linux cluster To: linux clustering <linux-cluster@xxxxxxxxxx> Message-ID: <36df569a0909172038t18280965y10efb75d9a802acb@xxxxxxxxxxxxxx> Content-Type: text/plain; charset="iso-8859-1" [root@cthulhu ~]# iptables -L --line-numbers Chain INPUT (policy ACCEPT) num target prot opt source destination 1 DROP all -- 10.5.5.5 anywhere 2 DROP all -- 10.5.5.6 anywhere 3 DROP all -- 10.5.5.7 anywhere Find the rule number that matches the one you want to delete. Say you want to delete #2 from the INPUT table [root@cthulhu ~]# iptables -D INPUT 2 [root@cthulhu ~]# iptables -L --line-numbers Chain INPUT (policy ACCEPT) num target prot opt source destination 1 DROP all -- 10.5.5.5 anywhere 2 DROP all -- 10.5.5.7 anywhere Or you can do iptables -F which will basically drop all your iptables. Make sure you've saved recently before you do that. On Thu, Sep 17, 2009 at 8:22 PM, sunhux G <sunhux@xxxxxxxxx> wrote: > Thanks Ian. > > So I issue this command on both cluster nodes and it will also > stop access to the virtual cluster address? > > What's the command to reverse / remove > " iptables -A INPUT -s 10.5.5.25 -j DROP " ? > Just in case there's a problem, I'll need to reverse. > > Tks > U > On Fri, Sep 18, 2009 at 10:36 AM, Ian Hayes <cthulhucalling@xxxxxxxxx>wrote: > >> iptables -A INPUT -s 10.5.5.25 -j DROP >> >> On Thu, Sep 17, 2009 at 7:33 PM, sunhux G <sunhux@xxxxxxxxx> wrote: >> >>> >>> Hi, >>> >>> I have a RHEL 5.1 cluster that's constantly being accessed by an >>> application from a Windows server application via sqlnet (ie Tcp >>> port 1521) which caused a specific Oracle accounts to be locked. >>> >>> The owner of the Windows box does not know why the Filenet >>> application is doing this so while she's doing the research which >>> configuration in Filenet needs to be fixed to stop this, we need an >>> interim measure to block this Windows server's access to the cluster. >>> >>> Thus I would like to set up iptables / firewall on this Linux box to >>> stop the sqlnet access. Can someone provide me some example >>> commands / syntax ? >>> >>> Source IP address : 10.5.5.25 (Windows server) >>> Tcp port : 1521 >>> My Linux boxes IP address : 10.5.5.46 / .47 >>> My Linux cluster virtual addr : 10.5.5.45 >>> >>> In fact I would like to block on all ports on the Linux cluster to stop >>> this Windows server from accessing it. So what's the exact commands >>> I should issue on each of the Linux box? Would iptables also block >>> the Windows server from accessing the cluster virtual IP addr? >>> >>> >>> Thanks >>> U >>> >>> >>> >>> >>> -- >>> Linux-cluster mailing list >>> Linux-cluster@xxxxxxxxxx >>> https://www.redhat.com/mailman/listinfo/linux-cluster >>> >> >> >> -- >> Linux-cluster mailing list >> Linux-cluster@xxxxxxxxxx >> https://www.redhat.com/mailman/listinfo/linux-cluster >> > > > -- > Linux-cluster mailing list > Linux-cluster@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/linux-cluster > -------------- next part -------------- An HTML attachment was scrubbed... URL: https://www.redhat.com/archives/linux-cluster/attachments/20090917/ebd68 3b9/attachment.html ------------------------------ Message: 10 Date: Fri, 18 Sep 2009 18:35:23 +0800 From: sunhux G <sunhux@xxxxxxxxx> Subject: Re: exact iptables command to stop a source from accessing a Linux cluster To: linux clustering <linux-cluster@xxxxxxxxxx> Message-ID: <60f08e700909180335n767535bfjdd39bc43ccd96122@xxxxxxxxxxxxxx> Content-Type: text/plain; charset="iso-8859-1" I can't even start up iptables as the previous admin hardened it (but not sure how / where he hardened it) So despite that I do service iptables start, "service iptables status" still show "Firewall is stopped" Now, can I use /etc/hosts.deny instead ? Do I need to do "pkill -HUP tcpd" or "service xinetd restart" - which of the two commands shd I execute & what's the syntax in /etc/hosts.deny ? Thanks On Fri, Sep 18, 2009 at 11:38 AM, Ian Hayes <cthulhucalling@xxxxxxxxx>wrote: > [root@cthulhu ~]# iptables -L --line-numbers > Chain INPUT (policy ACCEPT) > num target prot opt source destination > 1 DROP all -- 10.5.5.5 anywhere > 2 DROP all -- 10.5.5.6 anywhere > 3 DROP all -- 10.5.5.7 anywhere > > Find the rule number that matches the one you want to delete. Say you want > to delete #2 from the INPUT table > > [root@cthulhu ~]# iptables -D INPUT 2 > [root@cthulhu ~]# iptables -L --line-numbers > Chain INPUT (policy ACCEPT) > num target prot opt source destination > 1 DROP all -- 10.5.5.5 anywhere > 2 DROP all -- 10.5.5.7 anywhere > > > Or you can do iptables -F which will basically drop all your iptables. Make > sure you've saved recently before you do that. > > > On Thu, Sep 17, 2009 at 8:22 PM, sunhux G <sunhux@xxxxxxxxx> wrote: > >> Thanks Ian. >> >> So I issue this command on both cluster nodes and it will also >> stop access to the virtual cluster address? >> >> What's the command to reverse / remove >> " iptables -A INPUT -s 10.5.5.25 -j DROP " ? >> Just in case there's a problem, I'll need to reverse. >> >> Tks >> U >> On Fri, Sep 18, 2009 at 10:36 AM, Ian Hayes <cthulhucalling@xxxxxxxxx>wrote: >> >>> iptables -A INPUT -s 10.5.5.25 -j DROP >>> >>> On Thu, Sep 17, 2009 at 7:33 PM, sunhux G <sunhux@xxxxxxxxx> wrote: >>> >>>> >>>> Hi, >>>> >>>> I have a RHEL 5.1 cluster that's constantly being accessed by an >>>> application from a Windows server application via sqlnet (ie Tcp >>>> port 1521) which caused a specific Oracle accounts to be locked. >>>> >>>> The owner of the Windows box does not know why the Filenet >>>> application is doing this so while she's doing the research which >>>> configuration in Filenet needs to be fixed to stop this, we need an >>>> interim measure to block this Windows server's access to the cluster. >>>> >>>> Thus I would like to set up iptables / firewall on this Linux box to >>>> stop the sqlnet access. Can someone provide me some example >>>> commands / syntax ? >>>> >>>> Source IP address : 10.5.5.25 (Windows server) >>>> Tcp port : 1521 >>>> My Linux boxes IP address : 10.5.5.46 / .47 >>>> My Linux cluster virtual addr : 10.5.5.45 >>>> >>>> In fact I would like to block on all ports on the Linux cluster to stop >>>> this Windows server from accessing it. So what's the exact commands >>>> I should issue on each of the Linux box? Would iptables also block >>>> the Windows server from accessing the cluster virtual IP addr? >>>> >>>> >>>> Thanks >>>> U >>>> >>>> >>>> >>>> >>>> -- >>>> Linux-cluster mailing list >>>> Linux-cluster@xxxxxxxxxx >>>> https://www.redhat.com/mailman/listinfo/linux-cluster >>>> >>> >>> >>> -- >>> Linux-cluster mailing list >>> Linux-cluster@xxxxxxxxxx >>> https://www.redhat.com/mailman/listinfo/linux-cluster >>> >> >> >> -- >> Linux-cluster mailing list >> Linux-cluster@xxxxxxxxxx >> https://www.redhat.com/mailman/listinfo/linux-cluster >> > > > -- > Linux-cluster mailing list > Linux-cluster@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/linux-cluster > -------------- next part -------------- An HTML attachment was scrubbed... URL: https://www.redhat.com/archives/linux-cluster/attachments/20090918/21bba 89a/attachment.html ------------------------------ -- Linux-cluster mailing list Linux-cluster@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/linux-cluster End of Linux-cluster Digest, Vol 65, Issue 21 ********************************************* -- Linux-cluster mailing list Linux-cluster@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/linux-cluster
