Re: [SSI-users] iptables and CVIP?

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Your cvip.conf is set to do NAT. Since both your nodes have access to 
the 10.1.242 network, you don't want to use NAT, you want to use DR. For 
DR, you do not need a gateway address, so delete that.

That being said, I don't quite understand why your cluster is in the 
state is in. (The 10.1.242.246/32 is correct for an IP alias by the 
way.) There should be an IP alias on eth1 on the second node and there 
is not. Did you start ha-lvs by hand by any chance?

Anyway, make the changes to your cvip.conf and reboot your cluster. 
ha-lvs should start during the boot and when node 2 joins.

If you are trying to use iptables with cvip, I don't know how they will 
interact. So leave that off until cvip is working.

John Byrne

Jiann-Ming Su wrote:
> How do I start iptables on the second node (it has an external interface)?
> 
> Also, I'm trying to configure CVIP.  I've read through the
> README.CVIP, but I can't seem to get the cluster to respond to the
> cvip.  Here's what I have so far:
> 
>   # onall ip addr
>   1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
>       link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>       inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
>   2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
>       link/ether 00:0f:1f:6c:ba:bb brd ff:ff:ff:ff:ff:ff
>       inet 192.168.0.1/24 brd 192.168.0.255 scope global eth0
>       inet 10.1.242.2/32 scope global eth0
>   3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
>       link/ether 00:0f:1f:6c:ba:bc brd ff:ff:ff:ff:ff:ff
>       inet 10.1.242.25/24 brd 10.1.242.255 scope global eth1
>       inet 10.1.242.246/32 scope global eth1
>   (node 2)
>   1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue 
>       link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>       inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
>   2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
>       link/ether 00:0f:1f:6c:ba:c5 brd ff:ff:ff:ff:ff:ff
>       inet 192.168.0.2/24 brd 192.168.0.255 scope global eth0
>   3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
>       link/ether 00:0f:1f:6c:ba:c6 brd ff:ff:ff:ff:ff:ff
>       inet 10.1.242.20/24 brd 10.1.242.255 scope global eth1
> 
>   # cat /proc/cluster/lvs
>   CVIP Address             Node number
>   10.1.242.246         1
>   # cat /proc/cluster/ip_vs_portweight 
>    Port Range      Weight
>   1    -   80         1
> 
>   # ipvsadm -Ln
>   IP Virtual Server version 1.0.10 (size=65536)
>   Prot LocalAddress:Port Scheduler Flags
>     -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
>   TCP  10.1.242.246:22 wlc
>     -> 192.168.0.2:22               Local   1      0          0         
> 
> But, I can't connect to the cvip:
> 
>   $ telnet 10.1.242.246 22
>   Trying 10.1.242.246...
> 
> It doesn't respond to pings or traceroutes.  But, I can access the
> nodes themselves.
> 
>   $ telnet 10.1.242.20 22
>   Trying 10.1.242.20...
>   Connected to node2.mydomain.bogus (10.1.242.20).
>   Escape character is '^]'.
>   SSH-1.99-OpenSSH_3.6.1p2
> 
> I thought it may have been an iptables problems, but I tried with
> iptables turned off with the same results.  What am I missing here? 
> The only thing I can tell is that cvip seems to think it's a /32
> instead of a /24 network.  I've included my cvip.conf file as an
> attachment.  Thanks for any insight.
> 