We are trying to create a clone set of 2 nodes for load sharing , by using pacemaker commands as below:
crm configure primitive p_vip ocf:heartbeat:IPaddr2 params ip="10.214.132.107" cidr_netmask="21" nic="eth0" clusterip_hash="sourceip-sourceport" op start interval="0s" timeout="60s" op monitor interval="5s" timeout="20s" op stop interval="0s" timeout="60s"
crm configure clone clo_vip p_vip clone-max="2" notify="true" interleave="true"
but the pacemaker is not able to update iptables and the "crm status" are showing below error:
# crm status
Cluster Summary:
* Stack: corosync
* Current DC: sp11 (version 2.0.5-9.el8_4.1-ba59be7122) - partition with quorum
* Last updated: Thu Jun 1 07:26:11 2023
* Last change: Thu Jun 1 01:33:04 2023 by hacluster via crmd on sp12
* 2 nodes configured
* 2 resource instances configured
Node List:
* Online: [ sp11 sp12 ]
Full List of Resources:
* Clone Set: clo_vip [p_vip]:
* Stopped: [ sp11 sp12 ]
Failed Resource Actions:
* p_vip_start_0 on sp12 'error' (1): call=7, status='complete', exitreason='iptables failed', last-rc-change='2023-06-01 02:01:16 -06:00', queued=0ms, exec=183ms
* p_vip_start_0 on sp11 'error' (1): call=62, status='complete', exitreason='iptables failed', last-rc-change='2023-06-01 01:33:05 -06:00', queued=0ms, exec=185ms
Logs for iptables v1.8.4 , on Rocky 8.4 OS Kernel 4.18.0-305
May 31 21:11:34 sp12 IPaddr2(p_vip)[34777]: ERROR: iptables failed
May 31 21:11:34 sp12 pacemaker-execd[2511]: notice: p_vip_start_0[34777] error output [ iptables v1.8.4 (nf_tables): chain name not allowed to start with `-' ]
May 31 21:11:34 sp12 pacemaker-execd[2511]: notice: p_vip_start_0[34777] error output [ ]
May 31 21:11:34 sp12 pacemaker-execd[2511]: notice: p_vip_start_0[34777] error output [ Try `iptables -h' or 'iptables --help' for more information. ]
May 31 21:11:34 sp12 pacemaker-execd[2511]: notice: p_vip_start_0[34777] error output [ ocf-exit-reason:iptables failed ]
May 31 21:11:34 sp12 pacemaker-controld[2514]: notice: Result of start operation for p_vip on sp12: error
May 31 21:11:34 sp12 pacemaker-controld[2514]: notice: sp12-p_vip_start_0:32 [ iptables v1.8.4 (nf_tables): chain name not allowed to start with `-'\n\nTry `iptables -h' or 'iptables --help' for more information.\nocf-exit-reason:iptables failed\n ]
May 31 21:11:34 sp12 pacemaker-controld[2514]: notice: Transition 44 aborted by operation p_vip_start_0 'modify' on sp12: Event failed
May 31 21:11:34 sp12 pacemaker-controld[2514]: notice: Transition 44 action 5 (p_vip_start_0 on sp12): expected 'ok' but got 'error'
May 31 21:11:34 sp12 pacemaker-attrd[2512]: notice: Setting fail-count-p_vip#start_0[sp12]: (unset) -> INFINITY
May 31 21:11:34 sp12 pacemaker-controld[2514]: notice: Transition 44 action 3 (p_vip_start_0 on sp11): expected 'ok' but got 'error'
May 31 21:11:34 sp12 pacemaker-controld[2514]: notice: Transition 44 (Complete=6, Pending=0, Fired=0, Skipped=0, Incomplete=2, Source=/var/lib/pacemaker/pengine/pe-input-73.bz2): Complete
Logs for iptables v1.6.2
Jun 1 01:33:05 sp12 IPaddr2(p_vip)[59274]: ERROR: iptables failed
Jun 1 01:33:05 sp12 pacemaker-execd[2511]: notice: p_vip_start_0[59274] error output [ iptables: No chain/target/match by that name. ]
Jun 1 01:33:05 sp12 pacemaker-execd[2511]: notice: p_vip_start_0[59274] error output [ ocf-exit-reason:iptables failed ]
Jun 1 01:33:05 sp12 pacemaker-controld[2514]: notice: Result of start operation for p_vip on sp12: error
Jun 1 01:33:05 sp12 pacemaker-controld[2514]: notice: sp12-p_vip_start_0:79 [ iptables: No chain/target/match by that name.\nocf-exit-reason:iptables failed\n ]
Jun 1 01:33:05 sp12 pacemaker-controld[2514]: notice: Transition 91 aborted by operation p_vip_start_0 'modify' on sp12: Event failed
Jun 1 01:33:05 sp12 pacemaker-controld[2514]: notice: Transition 91 action 5 (p_vip_start_0 on sp12): expected 'ok' but got 'error'
Jun 1 01:33:05 sp12 pacemaker-attrd[2512]: notice: Setting fail-count-p_vip#start_0[sp12]: (unset) -> INFINITY
Jun 1 01:33:05 sp12 pacemaker-attrd[2512]: notice: Setting last-failure-p_vip#start_0[sp12]: (unset) -> 1685604785
