search

ClusterLabs / resource-agents

Combined repository of OCF agents from the RHCS and Linux-HA projects
GNU General Public License v2.0
493 stars 582 forks source link

IPaddr2: CLUSTERIP start fails with nftables #1289

Open vvidic opened 5 years ago

vvidic commented 5 years ago

It seems that with a recent kernel (4.19.13) and iptables (1.8.2) CLUSTERIP module does not start anymore:

Jan 16 10:28:27 sid1 IPaddr2(cip:1)[18653]: ERROR: iptables failed
Jan 16 10:28:27 sid1 pacemaker-execd[711]:  notice: cip:1_start_0:18653:stderr [ iptables v1.8.2 (nf_tables):  RULE_INSERT failed (Operation not supported): rule in chain INPUT ]
Jan 16 10:28:27 sid1 pacemaker-execd[711]:  notice: cip:1_start_0:18653:stderr [ ocf-exit-reason:iptables failed ]

Kernel log reports:

[70159.456298] ipt_CLUSTERIP: ClusterIP Version 0.8 loaded successfully
[70159.458756] ipt_CLUSTERIP: cannot use CLUSTERIP target from nftables compat

Perhaps using an equivalent nftables command would work here.

oalbrigt commented 4 years ago

https://github.com/ClusterLabs/resource-agents/pull/1439