An antivirus software causes failover, reboot, or timeout events in a Red Hat High Availability cluster
Issue
-
Issues such as the following occurred in a
pacemakercluster with antivirus software running, and there was no obvious root cause. (Note: This is not an exhaustive list of possible symptoms. It is not necessary that any or all of these specific issues occurred.)- Creating the cluster running
pcs cluster setupfails with a timeout error - Simple Linux utility commands hung for more than 120 seconds
- Cluster commands like
pcs statusandcrm_mon --one-shot --inactivetake an excessively long time to complete. - An
IPaddr2resource failed to stop, leading to a fence event. - Generating an
sosreporttook more than 30 minutes. - There are many
OCF_TIMEOUTmessages frompacemakerdaemons in the log files. - Totem token failure , leading to fencing of the node.
-
corosyncrepeatedly logs"[TOTEM] Retransmit List"messages.Mar 28 06:15:03 Node02 corosync[2028]: [TOTEM ] Retransmit List: 2bb9
- Creating the cluster running
-
Which files and directories should be excluded from an antivirus scan
Environment
- Red Hat Enterprise Linux 7 (with the High Availability Add-on)
- Red Hat Enterprise Linux 8 (with the High Availability Add-on)
- Red Hat Enterprise Linux for SAP HANA
- Red Hat Enterprise Linux for SAP Solutions
- An antivirus or security application, including but not limited to the following:
- HelpSystems Antivirus
- Symantec Endpoint Protection
- Trend Micro Antivirus
- VMware Carbon Black
- Microsoft Defender for Endpoint / Microsoft Defender Advanced Threat Protection (MDATP)
- SentinelOne
- Tanium Endpoint management and Security platform
- CrowdStrike
- Nessus
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
