ocf_heartbeat_ipsec - Man Page
Handles IPSEC tunnels for VIPs
Synopsis
ipsec [start | stop | monitor | meta-data]
Description
This is a Resource Agent to manage IPSEC tunnels associated with a Virtual IP Address. It's meant to be collocated with a specific VIP, and will manage setting up or down a specific tunnel.
Supported Parameters
- tunnel
The name of the tunnel to be monitored.
(unique, required, string, no default)
- vip
Virtual IP address that the tunnel is using.
(unique, required, string, no default)
- confdir
The directory where the IPSEC tunnel configurations can be found.
(optional, string, default "/etc/ipsec.d/")
- fallbacktunnel
The name of the tunnel to fall back to when the main tunnel is put down.
(unique, optional, string, no default)
Supported Actions
This resource agent supports the following actions (operations):
- start
Starts the resource. Suggested minimum timeout: 20s.
- stop
Stops the resource. Suggested minimum timeout: 20s.
- monitor
Performs a detailed status check. Suggested minimum timeout: 20s. Suggested interval: 10s.
- reload
Suggested minimum timeout: 20s.
- meta-data
Retrieves resource agent metadata (internal use only). Suggested minimum timeout: 5s.
Example CRM Shell
The following is an example configuration for a ipsec resource using the crm(8) shell:
primitive p_ipsec ocf:heartbeat:ipsec \
params \
tunnel=string \
vip=string \
op monitor timeout="20s" interval="10s" depth="0"Example PCS
The following is an example configuration for a ipsec resource using pcs(8)
pcs resource create p_ipsec ocf:heartbeat:ipsec \ tunnel=string \ vip=string \ op monitor timeout="20s" interval="10s" OCF_CHECK_LEVEL="0"
See Also
Author
ClusterLabs contributors (see the resource agent source for information about individual authors)