https://bugzilla.novell.com/show_bug.cgi?id=250580 ------- Comment #3 from eugen@drnet.at 2007-03-05 12:32 MST ------- Ludwig and Lars, IMHO this is a firewall issue, but it needs both of you. Ludwig: SuSEfirewall2_setup doesn't set the rules the moment it is invoked, but queues setting those rules for immediately after the boot process ends. So e.g. S50SuSEfirewall2_setup and S51drbd doesn't work, as the firewall script returns, before the rules are set leaving drbd in a blocking situation again. For me a perfect resolution would be a directive like FW_SET_RULES_SYNCHRONOUS in /etc/sysconfig/SuSEfirewall2, that forces the rules to be set the moment the script is called. I guess this creates trouble not only for drbd, but for all services, that need an incoming connection to boot. I can not understand, why the rules are not set immediately after network comes up - but I guess this is my fault, not the firewall's! Now Lars: You could then add a startup dependency (or whatever mechanism) to make sure, drbd is started only after this is done (if SuSEfirewall2 is enabled) Our first workaround was something like S50network S51drbd S52SuSEfirewall2_init which is a REALLY bad idea if the drbd partner is slow or down. Our final workaround (after discovering this asynchronousity in SuSEfirewall2_setup) was to add a similar asynchronous wrapper to drbd, so that drbd is only started some seconds after the boot process has finished (and the firewall rules are set). This ofcourse needs an asynchronous start of heartbeat, which depends on drbd - a maintenance nightmare (and I haven't yet talked of clean shutdown)! -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.