Note: "permalinks" may not be as permanent as we would like,
direct links of old sources may well be a few messages off.
Sorry, meant to reply to this earlier. Thanks to Bart for the OCFS2 timeout settings. They were set to 2000ms; however, raising it to 10000ms didn't seem to make any difference for IPTables, but I think I may raise them in production anyways. Anyone know if there's any problems with raising this? >From Andreas suggestion for the unloading modules, I found the problem with RHEL6's iptables init.d script. It seems that by default, it unloads *all* modules when doing a restart. Thanks Andreas! There's a line that sets a variable in /etc/init.d/iptables which controls this: IPTABLES_MODULES_UNLOAD="yes" After changing this to "no", it doesn't have any problems with split-brain anymore. Still no luck on the OCFS2 corruption, but I guess I probably should ask the OCFS2 mailing list about that one. Thanks! Herman On Tue, 2011-05-17 at 22:47 +0100, bart at timedout.org wrote: > Herman wrote: > > I made a change to IPTables, and did a "service iptables restart", and > > next thing I knew, I had a split brain. > > Are you sure it was a split-brain on DRBD level, or perhaps OCFS2 > "freaked" out and nodes started fencing each other? > > Default OCFS2 cluster rules have quite low timeout levels -- I used to > have some problems with default settings even in active/standby mode. > > 'service o2cb status' should be able to tell you timeouts etc. If it's > going to be 2000ms, I would raise it to something around 10000ms and try > reloading firewall then. > > I have DRBD running on few nodes and reloading firewall, although I am > using filtergen -- so 'fgadm reload' -- never caused any issues with > neither DRBD nor OCFS2.