[SOLVED] Cluster Nodes Grey(?) after Enabling Datacenter Firewall

Discussion in 'Proxmox VE: Networking and Firewall' started by anson, Aug 11, 2019.

  1. anson

    anson New Member

    Joined:
    Sep 28, 2016
    Messages:
    15
    Likes Received:
    0
    Hi all,

    It appears that my nodes are showing a grey question mark after enabling Datacenter's Firewall with default Input Policy being DROP. Other nodes are now inaccessible with this error in node's Summary 'hostname lookup 'pve123' failed - failed to get address info for: pve123: No address associated with hostname (500)'.

    I could see Quorate is still showing 'Yes' and I still have a Quorum.

    I am trying to revert changes by forcing local mode (pmxcfs -l) to write changes to cluster.fw, but this will not work because changes are not being written to other cluster's members /etc/pve/firewall/cluster.fw

    Please advise how can I fix this?

    Thank you

    This issue seems to be similar to https://forum.proxmox.com/threads/cluster-loses-quorum-when-activating-firewall.49514/ but I'm not sure how the OP manage to make changes to cluster.fw and propagate the settings in cluster when multicast traffic was dropped
     
    #1 anson, Aug 11, 2019
    Last edited: Aug 11, 2019
  2. anson

    anson New Member

    Joined:
    Sep 28, 2016
    Messages:
    15
    Likes Received:
    0
    Finally managed to solve the issue...solution below. Hope this helps someone out there in future. :)

    SOLUTION:
    1. Stop both corosync and pve-cluster on all nodes except one.
    2. Run pvecm expected 1 and revert cluster firewall settings to 'No' (enable: 0) on the remaining node.
    3. Start corosync and pve-cluster on the rest of the nodes (or reboot).
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice