Software-based VM-centric and flash-friendly VM storage + free version
Moderators: anton (staff), art (staff), Max (staff), Anatoly (staff)
-
qwertz
- Posts: 36
- Joined: Wed Dec 12, 2012 3:47 pm
Wed Aug 27, 2014 11:46 am
Hi there,
it may be that I've found a bug in the latest V8.
If i create a HA Device manually:
1. Create Storage on clusternode1:
"add device (advanced)"-> "Hard Disk Device" -> "Virtual Disk" -> "My Computer\D\iSCSI_Backstores\Storage1.swdsk", 1GB, 512 b sector size -> "thick provisioned"-> "write-back 128MB" -> l2 Cache: N/A
2. after creation, goto replication manager:
"add replica-> synchronous-> "some-ip" -> select desired networks for sync / hb, everything creates but if i press "finish" they cannot synchronize.
After some tests i found out that the access rule for this ha device gets created on node1 but not on node2.
After I've added the rule manually on node2 the ha device was created successfully.
(instead of "partner node not ready" error msg)
This error doesn't appear if i use the "create clustered storage" wizzard, the access rule is created on both nodes.
Kind regards!
EDIT:
I forgot to mention that the "DefaultAccessPolicy" is set to DENY!
And, in addition, i found out that if i create the rule manually before I setup the replication an additional access rule for the cluster communication gets added.
So it seems like the "$create_access_rule" function uses the wrong network connection.
-
Anatoly (staff)
- Staff
- Posts: 1675
- Joined: Tue Mar 01, 2011 8:28 am
-
Contact:
Thu Aug 28, 2014 1:05 pm
DefaultAccessPolicy parameter should be set to "Allow" for all targets and connections. When this parameter is correctly set, I could not reproduce the problem. Was their any action on your end that could change default access policy? Look forward to hearing from you
Best regards,
Anatoly Vilchinsky
Global Engineering and Support Manager
www.starwind.com
av@starwind.com
-
qwertz
- Posts: 36
- Joined: Wed Dec 12, 2012 3:47 pm
Thu Aug 28, 2014 5:21 pm
Hi there!
Thanks for your reply!
I
manually changed the access policy to
deny everything.
Thats how i configure firewalls... and how I thought to configure Starwind.
Block everything, allow only initiators / IPs that are needed on interfaces that are needed to targets that are needed.
Lets ask the other way around, if the default policy should be set to
allow everything... Why does a additional rule gets added automatically to allow cluster communication? Seems redundant.
-
microfoundry
- Posts: 15
- Joined: Thu Jul 05, 2007 5:43 pm
Sat Aug 30, 2014 4:51 pm
Hey qwertz - Like you, I have changed my rules to deny everything as I don't want initiators connecting to LUNs that don't belong to them. BUT, I've also added "Replication" rules between my StarWind hosts that will allow for the "any device on replication IP(1&2)"<->"any device on replication IP(1&2)" type scenarios to solve your issue. This works for me as all my devices are replicated...
Terry
Best Regards,
Terry G Phillips
-
qwertz
- Posts: 36
- Joined: Wed Dec 12, 2012 3:47 pm
Tue Sep 02, 2014 11:55 am
Hi there!
Thanks for your reply.
I've also added the rule for the synchronization manually, initial synch works without problems with those rules.
I just wanted to report that the second rule isn't generated automatically on the second node. (on the first node the rule gets created automatically)
Kind regards!
-
Anatoly (staff)
- Staff
- Posts: 1675
- Joined: Tue Mar 01, 2011 8:28 am
-
Contact:
Thu Sep 04, 2014 3:29 pm
Thanks for notifying us about this, I’ll pass this to our QA and we’ll schedule the improvement in the nearest builds.
Best regards,
Anatoly Vilchinsky
Global Engineering and Support Manager
www.starwind.com
av@starwind.com
