Hello, everybody. I'm trying to establish a 2-node Debian Squeeze x64 cluster with Corosync and Pacemaker, but I'm hanged with a strange issue : despite a lot of UDP chatting between the nodes (so network is OK but), each Corosync instance seems to ignore each other : the other node is never detected, and crm_mon --one-shot -V only says "Connection to cluster failed: connection failed". But the strangest in there is that both Corosync nodes are filling their logs with error messages saying "Totem is unable to form a cluster because of an operating system or network fault. The most common cause of this message is that the local firewall is configured improperly.". I tcpdumped all traffic between the hosts, and I have 2-way traffic between them. I tried to use backports versions of all Corosync- and Pacemaker-related packages, without improvement. I must add that, due to my hosting company network policy, I was forced to use UPD-Unicast instead of multicast, because multicast is blocked. Here comes my config : corosync.conf : # Please read the corosync.conf.5 manual page compatibility: whitetank totem { version: 2 secauth: on interface { member { memberaddr: 176.31.238.131 } ringnumber: 0 bindnetaddr: 37.59.18.208 mcastport: 5405 ttl: 1 } transport: udpu } logging { fileline: off to_logfile: yes to_syslog: yes debug: on logfile: /var/log/corosync.log debug: off timestamp: on logger_subsys { subsys: AMF debug: off } } Log messages : Jun 06 16:35:14 corosync [MAIN ] Corosync Cluster Engine ('1.4.2'): started and ready to provide service. Jun 06 16:35:14 corosync [MAIN ] Corosync built-in features: nss Jun 06 16:35:14 corosync [MAIN ] Successfully read main configuration file '/etc/corosync/corosync.conf'. Jun 06 16:35:14 corosync [TOTEM ] Initializing transport (UDP/IP Unicast). Jun 06 16:35:14 corosync [TOTEM ] Initializing transmit/receive security: libtomcrypt SOBER128/SHA1HMAC (mode 0). Jun 06 16:35:14 corosync [TOTEM ] The network interface [37.59.18.208] is now up. Jun 06 16:35:14 corosync [SERV ] Service engine loaded: corosync extended virtual synchrony service Jun 06 16:35:14 corosync [SERV ] Service engine loaded: corosync configuration service Jun 06 16:35:14 corosync [SERV ] Service engine loaded: corosync cluster closed process group service v1.01 Jun 06 16:35:14 corosync [SERV ] Service engine loaded: corosync cluster config database access v1.01 Jun 06 16:35:14 corosync [SERV ] Service engine loaded: corosync profile loading service Jun 06 16:35:14 corosync [SERV ] Service engine loaded: corosync cluster quorum service v0.1 Jun 06 16:35:14 corosync [MAIN ] Compatibility mode set to whitetank. Using V1 and V2 of the synchronization engine. Jun 06 16:35:23 corosync [TOTEM ] Totem is unable to form a cluster because of an operating system or network fault. The most common cause of this message is that the local firewall is configured improperly. Jun 06 16:35:25 corosync [TOTEM ] Totem is unable to form a cluster because of an operating system or network fault. The most common cause of this message is that the local firewall is configured improperly. Jun 06 16:35:27 corosync [TOTEM ] Totem is unable to form a cluster because of an operating system or network fault. The most common cause of this message is that the local firewall is configured improperly. Jun 06 16:35:30 corosync [TOTEM ] Totem is unable to form a cluster because of an operating system or network fault. The most common cause of this message is that the local firewall is configured improperly. # uname -a Linux Vindemiatrix 3.2.13-grsec-xxxx-grs-ipv6-64 #1 SMP Thu Mar 29 09:48:59 UTC 2012 x86_64 GNU/Linux # iptables -nvL Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- tun0 * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 0 0 tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 state NEW recent: SET name: SSH side: source 0 0 LOGDROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 state NEW recent: UPDATE seconds: 60 hit_count: 6 TTL-Match name: SSH side: source 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 state NEW 0 0 LOGDROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 multiport dports 80,443 #conn/32 > 100 1 48 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 multiport dports 80,443 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 flags:0x17/0x02 limit: avg 5/min burst 50 recent: SET name: FTP side: source 0 0 LOGDROP tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 flags:0x17/0x02 recent: UPDATE seconds: 60 hit_count: 6 TTL-Match name: FTP side: source 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 flags:0x17/0x02 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpts:50000:50500 state RELATED,ESTABLISHED 0 0 ACCEPT tcp -- eth0 * 176.31.238.131 0.0.0.0/0 tcp dpt:1194 11867 3145K ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:5405 /* Corosync */ 35 9516 ACCEPT all -- eth0 * 0.0.0.0/0 0.0.0.0/0 state NEW limit: avg 30/sec burst 200 0 0 LOGDROP tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 STRING match "w00tw00t.at.ISC.SANS." ALGO name bm TO 65535 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/sec burst 5 0 0 LOGDROP icmp -- * * 0.0.0.0/0 0.0.0.0/0 1031 70356 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 3 132 LOGDROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 LOGDROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * tun0 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0 0 0 LOGDROP tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 owner UID match 33 0 0 LOGDROP udp -- * eth0 0.0.0.0/0 0.0.0.0/0 udp dpt:80 owner UID match 33 0 0 LOGDROP tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 owner UID match 33 0 0 LOGDROP udp -- * eth0 0.0.0.0/0 0.0.0.0/0 udp dpt:443 owner UID match 33 0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 176.31.238.131 tcp dpt:1194 11871 3146K ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:5405 /* Corosync */ 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp dpt:43 0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 0 0 ACCEPT udp -- * eth0 0.0.0.0/0 0.0.0.0/0 udp dpt:53 0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 0 0 ACCEPT udp -- * eth0 0.0.0.0/0 0.0.0.0/0 udp dpt:123 0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 0.0.0.0/0 tcp dpt:873 11 924 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 1071 712K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 67 14013 LOGDROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain LOGDROP (12 references) pkts bytes target prot opt in out source destination 57 11655 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5 LOG flags 0 level 5 prefix `iptables rejected: ' 70 14145 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 # corosync -v Corosync Cluster Engine, version '1.4.2' Copyright (c) 2006-2009 Red Hat, Inc. I've been trying to solve this problem the 2 last days, without any result. Any help welcome. Thank ou in advance! Regards.
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ discuss mailing list discuss@xxxxxxxxxxxx http://lists.corosync.org/mailman/listinfo/discuss