Steve Campbell
2012-Jul-26 12:05 UTC
[CentOS] using ip address on bonded channels in a cluster
I'm creating a firewall HA cluster. The proof of concept for the basic firewall cluster is OK. I can bring up the cluster, start the iptables firewall, and move all of this with no problem. I'm using Conga to do all of this configuration on Centos 6.3 servers. To extend the "HA" part of this, I'd like to use bonded channels instead of plain old NICs. The firewall uses the "IP address" service for the outside firewall IP addresses. Each server behind the firewall is NATted to one of these external IPs on the firewall's external interface. I'm not seeing how I can use bonded channels anywhere for these "IP address" services. Part of the problem is that Conga will "guess" at which interface to place the ip address service upon. In the case of bonded channels, I don't think Conga is even aware of the "bondx" interface, and Conga only uses interfaces like eth0, eth1, etc. I realize that the sysconfig network scripts will come into play here as well, but that's another problem for me to tackle. Does anyone have any experience with bonded channels and Conga? I could sure use some help with this. Thanks, steve campbell
On 07/26/2012 08:05 AM, Steve Campbell wrote:> I'm creating a firewall HA cluster. The proof of concept for the basic > firewall cluster is OK. I can bring up the cluster, start the iptables > firewall, and move all of this with no problem. I'm using Conga to do > all of this configuration on Centos 6.3 servers. > > To extend the "HA" part of this, I'd like to use bonded channels instead > of plain old NICs. The firewall uses the "IP address" service for the > outside firewall IP addresses. Each server behind the firewall is NATted > to one of these external IPs on the firewall's external interface. > > I'm not seeing how I can use bonded channels anywhere for these "IP > address" services. Part of the problem is that Conga will "guess" at > which interface to place the ip address service upon. In the case of > bonded channels, I don't think Conga is even aware of the "bondx" > interface, and Conga only uses interfaces like eth0, eth1, etc. > > I realize that the sysconfig network scripts will come into play here as > well, but that's another problem for me to tackle. > > Does anyone have any experience with bonded channels and Conga? I could > sure use some help with this. > > Thanks, > > steve campbellI use bonding extensively, but I always edit cluster.conf directly. If conga doesn't support "bond*" device names, please file a bug in red hat's bugzilla. Once the bondX device is up, it will have the IP and the "ethX" devices can be totally ignored from the cluster's perspective. Use the bondX device just as you would have used simple ethX devices. In case it helps, here is how I setup bonded interfaces on red hat clusters for complete HA; https://alteeve.com/w/2-Node_Red_Hat_KVM_Cluster_Tutorial#Network -- Digimer Papers and Projects: https://alteeve.com