DOKK / manpages / debian 12 / resource-agents / ocf_heartbeat_ipsec.7.en
OCF_HEARTBEAT_IPSEC(7) OCF resource agents OCF_HEARTBEAT_IPSEC(7)

ocf_heartbeat_ipsec - Handles IPSEC tunnels for VIPs

ipsec [start | stop | monitor | meta-data]

This is a Resource Agent to manage IPSEC tunnels associated with a Virtual IP Address. It's meant to be collocated with a specific VIP, and will manage setting up or down a specific tunnel.

tunnel

The name of the tunnel to be monitored.

(unique, required, string, no default)

vip

Virtual IP address that the tunnel is using.

(unique, required, string, no default)

confdir

The directory where the IPSEC tunnel configurations can be found.

(optional, string, default "/etc/ipsec.d/")

fallbacktunnel

The name of the tunnel to fall back to when the main tunnel is put down.

(unique, optional, string, no default)

This resource agent supports the following actions (operations):

start

Starts the resource. Suggested minimum timeout: 20s.

stop

Stops the resource. Suggested minimum timeout: 20s.

monitor

Performs a detailed status check. Suggested minimum timeout: 20s. Suggested interval: 10s.

reload

Suggested minimum timeout: 20s.

meta-data

Retrieves resource agent metadata (internal use only). Suggested minimum timeout: 5s.

The following is an example configuration for a ipsec resource using the crm(8) shell:

primitive p_ipsec ocf:heartbeat:ipsec \


  params \


    tunnel=string \


    vip=string \


  op monitor timeout="20s" interval="10s" depth="0"

The following is an example configuration for a ipsec resource using pcs(8)

pcs resource create p_ipsec ocf:heartbeat:ipsec \


  tunnel=string \


  vip=string \


  op monitor timeout="20s" interval="10s" OCF_CHECK_LEVEL="0"

http://clusterlabs.org/

ClusterLabs contributors (see the resource agent source for information about individual authors)

04/13/2023 resource-agents 4.12.0-2