Home / user-24268

Gregor's questions

Martin Hope
Gregor
Asked: 2022-10-10 19:51:01 +0800 CST
  • 1

I have dual-stack ALBs in eu-west-1 (Dublin) and ap-southeast-2 (Sydney).

  • port 80 redirects to https
  • port 443 forwards to a target group (IPv4)

I can reach both target groups on IPv4 and IPv6 just fine by going directly to the ALBs (in each region).

Now I create a dual-stack GA with endpoints pointing at those two ALB.

  • endpoints are marked HEALTHY
  • I can get a normal response from the GA IPv4 address. My traffic is sent to one of the ALBs.
  • I get nothing when I try to connect via the GA IPv6 address (timeout on TCP connection).
  • I can ping the IPv6 GA addresses
  • I've checked ACLs, security groups etc.
  • Failure seems like it should not be caused by the target group, security-group or VPC, because I can reach everything by going to ALB directly (IPv6).

Any hints? What am I missing?

amazon-web-services
Martin Hope
Gregor
Asked: 2021-11-08 17:54:35 +0800 CST
  • 0

I would like to set a policy such that my Failover Cluster will always come into service, even if only one (of the two nodes) is available.

Background: I have only two nodes in the cluster, plus a witness quorum in a share on the DC. For this question assume that the DC stays in-service. (Windows Server 2019).

If I shutdown node1, then node2 will be active. If I then shut down node2, then cluster will be stopped (obviously), however, if I then start only node1, the cluster will never recover. Not only will it not recover, without node2, but I don't see an easy way to make the cluster come into service with the cluster manager. The only way I can recover the cluster, in this scenario, would be to start node2, however, that does not seem (to me) to be real high-availability. IMO I should be able to set a policy or have a reasonably easy way to bring the cluster back on-line (perhaps after a waiting period), even if node2 never recovers.

Am I just thinking about this the wrong way or missing something obvious?

UPDATE: I do see an error:

Node 'SOM2' failed to form a cluster. This was because the 
witness was not accessible. Please ensure that the witness 
resource is online and available.

However, the witness was available at that time, which makes me suspect that this is a permission issue, that is, the witness share is available to the cluster but not the cluster service accounts on each node. Is that possible?

Is there some special permission setting on the witness share to ensure it can be accessed by the local service accounts on each node?

Update:

To fix the permission error (not the central problem), I needed to use a powershell command from:

https://docs.microsoft.com/en-us/powershell/module/failoverclusters/set-clusterquorum

Check the permissions on the witness to allow full control by the correct domain account, such as a service account where the password never expires and cannot be changed. Then, on a cluster host, first get rid of the current witness configuration:

Set-ClusterQuorum -NoWitness
Get-ClusterResource

if needed:

Remove-ClusterResource -Name "File Share Witness"

or remove it using Failover Cluster manager

then, re-add the file-share witness with necessary domain credentials to allow access:

Set-ClusterQuorum -NodeAndFileShareMajority \\server\path-to-witness -Credential $(Get-Credential)
windows-server-2019 failovercluster
Martin Hope
Gregor
Asked: 2020-02-11 06:26:19 +0800 CST
  • 0

Is it possible to configure Hyper-V to present the Real Time Clock (RTC) to Guest as Universal Time Co-ordinates (UTC / GMT)?

I could probably make this happen by setting the Windows (Host) timezone to UTC, but I may not want to make that change because it would affect other things. Really, I just want to change it for a single Guest, or, if necessary, all Guests.

Update: if I configure the guest to tell it the RTC is local this leads to other problems because the guest is semi- mobile, so the hyper-v would have to tell the guest the RTC time zone somehow.

virtualization hyper-v
Martin Hope
Gregor
Asked: 2015-01-29 08:38:52 +0800 CST
  • 1

Has anyone created or used a deployable module pushed out to slaves (from the Domain Host-Controller) without a separate script or step to update the {JBOSS_HOME}/modules/ directory? I would like to be able to push out updates to a module centrally, or, if that is not possible, is there a way to detect if a slave has a different version of the module installed (than the Master)?

(I am running Wildfly 8.2, but JBOSS solution would likely apply also)

jboss