|
Hi!
> This is the real problem, your LVS isn't working.
At least with tunnelling and VIP it was working fine :-/
> You can either hack your way through your setup or you can get my script
> off the website (it's on the Docs page), which can setup TP on the
> director and realservers with VS-TUN forwarding for telnet.
Well, since I'm too stupid for setting it up myself, I'm
already working with your script.
> It doesn't
> have failover etc, but it will does some elementary checks to see if
> you've set it up properly.
It doesn't show errors. I included the output of the tree
machines and the setup-file as an attachment. Can you
take a look at it?
Thomas
#!/bin/bash
#rc.lvs_tun (C) Joseph Mack 1999,2000.
#autogenerated by configure_lvs.pl from lvs_tun.conf.
#Feel free to edit.
#This file needs a version of sh that has subroutines.
#sh on Solaris 2.7 and bash on Linux are fine.
#
#Setup for a Linux Virtual Server (LVS) running in tun mode.
#This code is part of the LVS project http://www.linuxvirtualserver.org
#The rc.lvs files produced by this code runs on Solaris machines,
#but I haven't been able to test whether it actually sets up a working
realserver yet
#
#---begin boilerplate--------------------------------------------------------
#
#
#was rc.ratz--------------------------------------
#
#adds VIP on non-linux realservers operating in a VS-DR LVS
#Info from Roberto Nibali (ratz) Ratz <ratz@xxxxxx>
#
realserver_osversion_unknown()
{
echo "$0 error: unknown version ${UNAME_R} of OS $UNAME"
echo ""
echo "You may be able to configure the direct routing interface"
echo "on this realserver using the known commands for "
echo "$UNAME contained in this file."
echo " "
echo "if you are successfull, please send the output of the following
commands"
echo ""
echo "uname "
echo "uname -r"
echo "the successful ifconfig command"
echo ""
echo "to $MAINTAINER or $LVS_USERS - thanks Joe"
exit 1
}
realserver_os_unknown()
{
echo "$0 error: unknown OS $UNAME"
echo ""
echo "cannot configure non arping lo device"
echo " "
echo "if you can figure out how to do this, please send the output of
the following commands"
echo ""
echo "uname "
echo "uname -r"
echo "the successful ifconfig command"
echo ""
echo "to $MAINTAINER or $LVS_USERS - thanks Joe"
exit 1
}
install_realserver_vip()
{
echo "install_realserver_vip: configuring $UNAME $UNAME_R "
$IFCONFIG $DEV $ALIAS $VIP netmask $NETMASK -arp up
echo "ifconfig output "
#$IFCONFIG -a
$IFCONFIG $DEV
echo "installing route for VIP $VIP on device $DEV"
$ROUTE add -host $VIP dev $DEV
echo "listing routing info for VIP $VIP "
$NETSTAT -rn | grep $VIP
}
detect_realserver_os()
{
DEV=$SERVER_VIP_DEVICE
SHORT_DEV=${DEV%:*} #lo:0 -> lo, tunl0 -> tunl0
#echo "SHORT_DEV=$SHORT_DEV"
case $UNAME in
Linux )
case $UNAME_R in
2.0.* )
#DEV="lo:0"
NETMASK="0xffffffff"
ALIAS=""
install_realserver_vip
;;
2.2.* )
NETMASK="0xffffffff"
ALIAS=""
if [ "$SERVER_VIP_DEVICE" = "TP" ]
then
#don't need to detect OS version if
installing TP
setup_realserver_TP
else
#test for "pre","-pre","-test" at the
end of uname_r eg 2.2.15pre10
#you can't test for a string (like
"pre")
#but you can remove it and see if the
string is changed.
#if [ ${UNAME_R%pre*} != "$UNAME_R" ]
#UNAME_R="2.2.1-9" #for testing
#echo "UNAME_R $UNAME_R"
#echo "UNAME_R no suffix
${UNAME_R%%[\-A-Za-z]*}"
if [ ${UNAME_R%%[\-A-Za-z]*} !=
"$UNAME_R" ]
then
echo -n "OS verion
${UNAME}-${UNAME_R} being treated as minor version "
UNAME_R=${UNAME_R%%[\-A-Za-z]*}
MINOR_VERSION_NUMBER=${UNAME_R#2\.2\.}
#decrement MINOR_VERSION_NUMBER
if [ $MINOR_VERSION_NUMBER !=
"0" ]
then
MINOR_VERSION_NUMBER=$(($MINOR_VERSION_NUMBER - 1))
fi
echo "$MINOR_VERSION_NUMBER"
UNAME_R="2.2.${MINOR_VERSION_NUMBER}"
else
MINOR_VERSION_NUMBER=${UNAME_R#2\.2\.}
fi
#
# echo "MINOR_VERSION_NUMBER
$MINOR_VERSION_NUMBER"
if [ $CONNECTION_TYPE = $DR ] || [
$CONNECTION_TYPE = $TUN ]
then
#DEV="lo:0" or "tunl0"
install_realserver_vip
if [ $MINOR_VERSION_NUMBER -ge
14 ]
then
#hide VIP, OS
minor_version >=14
if [ $HIDDEN = "Y" ]
then
echo "hiding
interface $DEV, will not arp"
echo 1 >
/proc/sys/net/ipv4/conf/all/hidden
echo 1 >
/proc/sys/net/ipv4/conf/${SHORT_DEV}/hidden
else
echo "un-hiding
interface $DEV, will arp"
echo 0 >
/proc/sys/net/ipv4/conf/all/hidden
echo 0 >
/proc/sys/net/ipv4/conf/${SHORT_DEV}/hidden
fi
else
echo ""
echo
"warning:${UNAME}-${UNAME_R} does not support hiding devices"
echo "upgrade to at
least 2.2.14 or else read the HOWTO for solving the arp problem"
echo "the VIP device on
the realserver will arp and the LVS will not work in its current state"
echo ""
fi
else
echo "unknown connection type
$CONNECTION_TYPE"
fi
fi
;;
* )
realserver_osversion_unknown
;;
esac
;;
#uname : FreeBSD
#uname -r : 3.2-RELEASE
#<command> : ifconfig lo0 alias <VIP> netmask 0xffffffff -arp up
#ifconfig -a: lo0: flags=80c9<UP,LOOPBACK,RUNNING,NOARP,MULTICAST>mtu
16837
# inet 127.0.0.1 netmask 0xff000000
# inet <VIP> netmask 0xffffffff
FreeBSD )
case $UNAME_R in
3.2* | 3.3* | 2.2.5* )
#DEV="lo0"
NETMASK="0xffffffff"
ALIAS="alias"
if [ $CONNECTION_TYPE = $TUN ]
then
echo "error:tunneling not supported
with ${UNAME}-${UNAME_R}"
echo "VIP device not installed, no
action taken"
else
install_realserver_vip
fi
;;
* )
realserver_osversion_unknown
;;
esac
;;
#
#uname : IRIX
#uname -r : 6.5
#<command> : ifconfig lo0 alias <VIP> netmask 0xffffffff -arp up
#ifconfig -a: lo0: flags=18c9<UP,LOOPBACK,RUNNING,NOARP,MULTICAST,CKSUM>
# inet 127.0.0.1 netmask 0xff000000
# inet <VIP> netmask 0xffffffff
IRIX )
case $UNAME_R in
6.5 )
#DEV="lo0"
NETMASK="0xffffffff"
ALIAS="alias"
if [ $CONNECTION_TYPE = $TUN ]
then
echo "error:tunneling not supported
with ${UNAME}-${UNAME_R}"
echo "VIP device not installed, no
action taken"
else
install_realserver_vip
fi
;;
* )
realserver_osversion_unknown
;;
esac
;;
#uname : SunOS
#uname -r : 5.7
#<command> : ifconfig lo0:1 <VIP> netmask 255.255.255.255 up
#ifconfig -a: lo0: flags=849<UP,LOOPBACK,RUNNING,MULTICAST>mtu 8232
# inet 127.0.0.1 netmask ff000000
# lo0:1 flags=849<UP,LOOPBACK,RUNNING,MULTICAST>mtu 8232
# inet <VIP> netmask ffffffff
SunOS )
case $UNAME_R in
5.7 )
#DEV="lo0"
NETMASK="0xffffffff"
ALIAS="alias"
if [ $CONNECTION_TYPE = $TUN ]
then
echo "error:tunneling not supported
with ${UNAME}-${UNAME_R}"
echo "VIP device not installed, no
action taken"
else
install_realserver_vip
fi
;;
* )
realserver_osversion_unknown
;;
esac
;;
#
#uname : HP-UX
#uname -r : B.11.00
#<command> : ifconfig lan1:1 10.10.10.10 netmask 0xffffff00 -arp up
#ifconfig -a: lan0: flags=842<BROADCAST,RUNNING,MULTICAST>
# inet <some IP> netmask ffffff00
# lan0:1: flags=8c2<BROADCAST,RUNNING,NOARP,MULTICAST>
# inet <VIP> netmask ffffff00
#
HP-UX )
case $UNAME_R in
B.11.00 )
#DEV="lan1:1"
NETMASK="0xffffff00"
ALIAS=""
if [ $CONNECTION_TYPE = $TUN ]
then
echo "error:tunneling not supported
with ${UNAME}-${UNAME_R}"
echo "VIP device not installed, no
action taken"
else
install_realserver_vip
echo "warning HP-UX lo replies to arp
requests."
echo "This will work if the VIP is on a
separate ethernet device."
echo "See the HOWTO about solutions to
the arp problem."
fi
;;
* )
realserver_osversion_unknown
echo "error: HP-UX lo replies to arp requests."
echo "Cannot use with VS-DR"
;;
esac
;;
* )
realserver_os_unknown
;;
esac
}
#end rc.ratz-------------------------------------------
#--------was rc.horms--------------------------
setup_realserver_TP()
{
#realserver and director TP setup are different
#on director accept all services
#on realserver only accept services destined for that realserver
#
#turn on IP forwarding (off by default in 2.2.x kernels)
echo "1" > /proc/sys/net/ipv4/ip_forward
#flush ipchains table
$IPCHAINS -F input
print_redirect_services
#list ipchain rules
echo ""
echo "listing ipchains rules"
$IPCHAINS -L input
}
#--------end rc.horms------------------------------------
remove_vip()
{
VIP_FOUND="N"
DEVICES=`$IFCONFIG -a | cut -c0-10 | xargs`
for DEVICE in $DEVICES
do
#echo "checking device $DEVICE for VIP"
NUMBER_VIPS=`$IFCONFIG $DEVICE | grep -c $VIP`
if [ "${NUMBER_VIPS}" != "0" ]
then
#echo "device $DEVICE has VIP $VIP"
#if this is an ethernet aliase (eg eth0:110)
#then bringing it down will also bring down
#all eth devices and
#remove the entries from the routing table.
#
#However if we are just deinstalling and reinstalling
#the same aliased device (eg eth0:110) then we don't
#need to bother anyone with alarming messages.
#
if [ $DEVICE = $NEW_VIP_DEVICE ]
then
#do nothing, new device == old device
echo ""
#echo "old VIP device = new VIP device"
else
#do we have to remove an eth device?
SHORT_DEV=${DEVICE%:*} #eth0:0 -> eth0, tunl0
-> tunl0
THIS_DEVICE=`expr "$DEVICE" : '\(...\).*' `
#first 3 chars of device, eth0:110 -> eth
#looking for eth devices only
if [ $THIS_DEVICE = "eth" ]
then
echo "For this configuration, the VIP
$VIP on $DEVICE must be removed (not just down'ed)."
echo "The VIP $VIP is on an
aliased/regular ethernet device $DEVICE."
echo "To just bring down $DEVICE will
bring down all connections on $SHORT_DEV,"
echo "but $DEVICE would still be in the
ifconfig table, "
echo "marked as down (or not marked
UP)."
echo "The network connections to
$SHORT_DEV and its aliases"
echo "would be gone from the routing
table"
echo "and your $SHORT_DEV network will
be hosed."
echo "If you are connected from a
remote machine via $SHORT_DEV,"
echo "then your connection would be
lost."
echo ""
echo "This script will exit here to
prevent loosing editing sessions etc."
echo "You should re-execute this script
after removing the $DEVICE entry"
echo "from the ifconfig table (not just
downing it)."
echo "If you were to down $DEVICE, then
when any IP on $SHORT_DEV is up'ed,"
echo "then $DEVICE will also be up'ed,
so down'ing an aliased device doesn't remove it."
echo "Unlike Solaris you can't unplumb
$SHORT_DEV."
echo "You can reboot :-(, or unload the
driver for $SHORT_DEV."
echo "To unload the module without
dropping connections,"
echo "make sure the connections are
idle (you'll loose the connections otherwise), "
echo "then at the console do"
echo ""
echo "# ifconfig eth0 down;ifconfig
eth1 down (all eth devices);\\"
echo " rmmod tulip (your ethernet
module);\\"
echo " . /etc/rc.d/rc.inet1 (or
whatever brings up your network)"
echo ""
echo "If you remove $DEVICE
successfully, "
echo "you will not see this notice next
time you run this script."
exit 1
fi # eth device
fi # replacing VIP onto device different to that found
with ifconfig -a
#echo "is it up?"
if [ `$IFCONFIG $DEVICE | grep -c "UP"` != "0" ]
then
#echo "it's up"
VIP_FOUND="Y"
#echo "device $DEVICE has $VIP and is UP"
#echo "removing $VIP from $DEVICE"
$IFCONFIG $DEVICE down
else
#echo "it's not up"
echo -n ""
fi
fi
done
DEVICES=`$NETSTAT -rn | grep $VIP | awk '{print $8}' | xargs`
for DEVICE in $DEVICES
do
#echo "removing route to VIP through $DEVICE"
route del -host $VIP $DEVICE
done
if [ $VIP_FOUND = "N" ]
then
#echo "$VIP not found on any network devices, good"
echo -n ""
fi
echo ""
}
get_current_gw(){
# routing table can have multiple default gw
NUMBER_DEFAULT_GW=`netstat -rn| grep "^0.0.0.0" |awk '{print $2}' |wc
-l`
#get first default gw
CURRENT_GW=`$NETSTAT -rn| grep "^0.0.0.0" |awk '{print $2}'| xargs |
awk '{print $1}'`
#echo "number of default gw $NUMBER_DEFAULT_GW, first gw $CURRENT_GW "
}
install_default_gw(){
get_current_gw
#it's a little tricky to test if there is only one default gw
#and it's the right IP.
#just strip out all the gw's and re-install the correct one
#
echo " "
while [ $NUMBER_DEFAULT_GW != "0" ]
do
#echo "deleting current default gw $CURRENT_GW"
$ROUTE del default gw $CURRENT_GW
get_current_gw
done
echo "changing default gw to $DEFAULT_GW"
route add default gw $DEFAULT_GW
echo "showing routing table"
$NETSTAT -rn
echo ""
echo -n "checking if DEFAULT_GW $DEFAULT_GW is reachable - "
$FPING $DEFAULT_GW | tr -d '\n' #remove \n from fping
if [ $? = "0" ]
then
echo ", good"
else
echo ", warning: this machine must be able to connect to the
default gw for the LVS to work"
fi
}
#--------end boilerplate------------------------------------
check_for_DIIP(){
#since this is a realserver, there should be no DIIP here
#here and it should have been installed on the director by now.
echo "looking for DIIP $DIRECTOR_INSIDEIP "
$FPING $DIRECTOR_INSIDEIP
if [ $? = "0" ]
then
echo "found, good"
#check that it's not local.
#(we shouldn\'t have got here if it is)
if [ `$IFCONFIG -a | grep -c "$DIRECTOR_INSIDEIP "` = "0" ]
then
echo "not local, good "
else
echo "error: DIIP is local - "
echo "we shouldn't even have got here!"
fi
else
echo "DIIP not found, director has not been setup yet."
echo "rerun this script after setting up director"
echo "so that all tests can be run."
fi
} #check_for_DIIP
check_for_vip_on_director(){
echo ""
#echo "looking for VIP on director and/or realserver from realserver"
#there is no VIP device installed yet on realserver
#VS-NAT will not get a VIP device on the realserver
echo ""
echo "looking for VIP on director from realserver"
if [ $DIRECTOR_VIP_DEVICE = "TP" ]
then
echo "director is accepting packets by TP (no VIP on director)"
echo "bypassing ping check of VIP $VIP"
else
echo "director is accepting packets on network device
$DIRECTOR_VIP_DEVICE"
echo "pinging VIP "
$FPING $VIP
if [ "$?" = "0" ]
then
echo "$VIP found, good. It's not on this server, assume
it's on the director. "
else
echo "warning:$VIP not found, presumably director has
not been set up yet"
echo "rerun this script after setting up the director
if you want all checks to be positive"
fi
fi
} #check_for_vip_on_director
#--------end boilerplate------------------------------------
print_ipvsadm_lines() {
#
#setup servers for telnet
#service 23 uses rr scheduler
$IPVSADM -A -t ${VIP}:telnet -s rr
#echo "adding service telnet to realserver godard using connection type
tun weight 1"
$IPVSADM -a -t ${VIP}:telnet -R godard $CONNECTION_TYPE -w 1
echo -n "checking realserver godard reachable from director - "
$FPING godard
#echo "adding service telnet to realserver chaplin using connection
type tun weight 1"
$IPVSADM -a -t ${VIP}:telnet -R chaplin $CONNECTION_TYPE -w 1
echo -n "checking realserver chaplin reachable from director - "
$FPING chaplin
#
#setup servers for www
#service 80 uses rr scheduler
$IPVSADM -A -t ${VIP}:www -s rr
#echo "adding service www to realserver godard using connection type
tun weight 1"
$IPVSADM -a -t ${VIP}:www -R godard $CONNECTION_TYPE -w 1
echo -n "checking realserver godard reachable from director - "
$FPING godard
#echo "adding service www to realserver chaplin using connection type
tun weight 1"
$IPVSADM -a -t ${VIP}:www -R chaplin $CONNECTION_TYPE -w 1
echo -n "checking realserver chaplin reachable from director - "
$FPING chaplin
#
#setup servers for squid
#service 8080 uses rr scheduler
$IPVSADM -A -t ${VIP}:squid -s rr
#echo "adding service squid to realserver godard using connection type
tun weight 1"
$IPVSADM -a -t ${VIP}:squid -R godard $CONNECTION_TYPE -w 1
echo -n "checking realserver godard reachable from director - "
$FPING godard
#echo "adding service squid to realserver chaplin using connection type
tun weight 1"
$IPVSADM -a -t ${VIP}:squid -R chaplin $CONNECTION_TYPE -w 1
echo -n "checking realserver chaplin reachable from director - "
$FPING chaplin
}
print_redirect_services() {
echo "installing redirect rules"
if [ `$IFCONFIG -a | grep -c "192.168.10.3 "` = "1" ]
then
echo "redirecting ${VIP}:telnet:tcp to local:telnet
on 192.168.10.3"
$IPCHAINS -A input -j REDIRECT telnet -d $VIP telnet -p tcp
fi
if [ `$IFCONFIG -a | grep -c "192.168.10.6 "` = "1" ]
then
echo "redirecting ${VIP}:telnet:tcp to local:telnet
on 192.168.10.6"
$IPCHAINS -A input -j REDIRECT telnet -d $VIP telnet -p tcp
fi
if [ `$IFCONFIG -a | grep -c "192.168.10.3 "` = "1" ]
then
echo "redirecting ${VIP}:www:tcp to local:www on
192.168.10.3"
$IPCHAINS -A input -j REDIRECT www -d $VIP www -p tcp
fi
if [ `$IFCONFIG -a | grep -c "192.168.10.6 "` = "1" ]
then
echo "redirecting ${VIP}:www:tcp to local:www on
192.168.10.6"
$IPCHAINS -A input -j REDIRECT www -d $VIP www -p tcp
fi
if [ `$IFCONFIG -a | grep -c "192.168.10.3 "` = "1" ]
then
echo "redirecting ${VIP}:squid:tcp to local:squid on
192.168.10.3"
$IPCHAINS -A input -j REDIRECT squid -d $VIP squid -p tcp
fi
if [ `$IFCONFIG -a | grep -c "192.168.10.6 "` = "1" ]
then
echo "redirecting ${VIP}:squid:tcp to local:squid on
192.168.10.6"
$IPCHAINS -A input -j REDIRECT squid -d $VIP squid -p tcp
fi
}
setup_director() {
echo "LVS director "
echo ""
echo "clearing ipchain rules "
$IPCHAINS -F
#echo "displaying ipchain rules (should be empty) "
#$IPCHAINS -L
#echo ""
echo "turn on ip forwarding"
echo "1" >/proc/sys/net/ipv4/ip_forward
echo ""
#don't bother removing device with VIP if it's going to be the
replacement
NEW_VIP_DEVICE=$DIRECTOR_VIP_DEVICE
remove_vip
NEW_VIP_DEVICE=""
#setup accepting connection by TP
echo " "
echo "Director is accepting packets by transparent proxy (TP)."
echo "When using TP, the director does not have an IP for the VIP."
echo "You must install a route on the router/test client telling it how
to get to the VIP."
echo "You can put a host route to an IP already on the director "
echo "eg route add -host $VIP gw director "
echo "or "
echo "put a (permanent) arp entry (arp -f /etc/ethers or arp -s)
pointing to a MAC address on the director."
echo ""
echo "Installing director redirect rules..."
echo "redirecting ${VIP}:telnet:tcp to local:telnet "
$IPCHAINS -A input -j REDIRECT telnet -d $VIP telnet -p tcp
if [ $? != "0" ]
then
echo "setup_director_TP: error - transparent proxy not
installed?"
fi
echo "redirecting ${VIP}:telnet:tcp to local:telnet "
$IPCHAINS -A input -j REDIRECT telnet -d $VIP telnet -p tcp
if [ $? != "0" ]
then
echo "setup_director_TP: error - transparent proxy not
installed?"
fi
echo "redirecting ${VIP}:www:tcp to local:www "
$IPCHAINS -A input -j REDIRECT www -d $VIP www -p tcp
if [ $? != "0" ]
then
echo "setup_director_TP: error - transparent proxy not
installed?"
fi
echo "redirecting ${VIP}:www:tcp to local:www "
$IPCHAINS -A input -j REDIRECT www -d $VIP www -p tcp
if [ $? != "0" ]
then
echo "setup_director_TP: error - transparent proxy not
installed?"
fi
echo "redirecting ${VIP}:squid:tcp to local:squid "
$IPCHAINS -A input -j REDIRECT squid -d $VIP squid -p tcp
if [ $? != "0" ]
then
echo "setup_director_TP: error - transparent proxy not
installed?"
fi
echo "redirecting ${VIP}:squid:tcp to local:squid "
$IPCHAINS -A input -j REDIRECT squid -d $VIP squid -p tcp
if [ $? != "0" ]
then
echo "setup_director_TP: error - transparent proxy not
installed?"
fi
echo " "
#echo "clearing ipvsadm table "
$IPVSADM -C
echo "installing LVS services with ipvsadm"
print_ipvsadm_lines
#display current settings
echo " "
echo "displaying ipvsadm settings "
$IPVSADM
echo ""
echo ""
if [ $DIRECTOR_DEFAULT_GW = "" ]
then
echo "no default gw set in input data. "
echo "make sure each director has a route to the outside
world/client(s) "
echo "This will normally be setup by rc.inet1 "
else
DEFAULT_GW=$DIRECTOR_DEFAULT_GW
install_default_gw
fi
echo " "
echo "checking for valid server_gw "
#note blank at the end of the IP
if [ `$IFCONFIG -a | grep -c "192.168.10.6 "` = "0" ]
then
echo "default gw for vs-tun servers is NOT on director, good "
else
echo "warning: the default gw for the $LVS_TYPE servers is on
the director "
echo "you probably do not want this - a standard $LVS_TYPE LVS
will not work this way. "
echo "this setup will need Julian's martian modification to the
kernel to work "
fi
echo ""
} #setup_director
setup_realserver() {
echo "LVS realserver type $LVS_TYPE "
#don't bother removing device with VIP if it's going to be the
replacement
NEW_VIP_DEVICE=$SERVER_VIP_DEVICE
remove_vip
NEW_VIP_DEVICE=""
echo " "
check_for_DIIP
check_for_vip_on_director
#install non-arping network device on Server
#don't bother removing device with VIP if it's going to be the
replacement
NEW_VIP_DEVICE=$SERVER_VIP_DEVICE
remove_vip
NEW_VIP_DEVICE=""
detect_realserver_os
echo " "
echo ""
if [ $SERVER_DEFAULT_GW = "" ]
then
echo "warning: no default gw set in input data. "
echo "make sure each server has a route to the outside
world/client(s) "
echo "This will normally be setup by rc.inet1 "
else
DEFAULT_GW=$SERVER_DEFAULT_GW
install_default_gw
fi
} #setup_realserver
#-----------------------------------------
#main:
MAINTAINER="jmack@xxxxxxxx"
LVS_USERS="lvs-users@xxxxxxxxxxxxxxxxxxxxxx"
UNAME=`uname`
UNAME_R=`uname -r`
#initialise utilities. some of them will be in the path hopefully.
#At least this way a "file not found" error will result if they're in a
different place.
#Otherwise the "" command would have been issued with lots of arguements.
#
IFCONFIG="ifconfig"
NETSTAT="netstat"
ROUTE="route"
AWK="awk"
if [ `uname` = "SunOS" ]
then
{
IFCONFIG="/usr/sbin/ifconfig"
NETSTAT="/usr/bin/netstat"
ROUTE="/usr/sbin/route"
AWK="/usr/bin/awk"
#echo "Solaris $IFCONFIG $NETSTAT $ROUTE"
}
fi
if [ `uname` = "Linux" ]
then
{
IFCONFIG="/sbin/ifconfig"
NETSTAT="/bin/netstat"
ROUTE="/sbin/route"
AWK="/usr/bin/awk"
#echo "Linux $IFCONFIG $NETSTAT $ROUTE"
}
fi
IPVSADM="/sbin/ipvsadm"
IPCHAINS="/sbin/ipchains"
FPING="/usr/local/bin/fping"
VIP=192.168.10.110
DIRECTOR_VIP_DEVICE=TP
DIRECTOR_INSIDEIP=192.168.10.7
DIRECTOR_DEFAULT_GW=192.168.10.3
LVS_TYPE=vs-tun
HIDDEN="Y"
NAT="-m"
DR="-g"
TUN="-i"
CONNECTION_TYPE="$TUN"
#echo "connection type = $CONNECTION_TYPE"
SERVER_DEFAULT_GW=192.168.10.6
SERVER_VIP_DEVICE=TP
#initialise incase use TP
#Determine if I'm a realserver, director (or fail)
#Am I a server?
#The IPs listed by ifconfig are grep'ed against the list of server IPs.
#If there are no matches (== 0), then I'm not a server.
#(Note the blank after the IP.
#Without the blank, "192.168.1.1" matches "192.168.1.1x", but "192.168.1.1 "
will not.
#a similar problem exists at the front of the IP, but there's no easy way to
handle it.
#In linux the previous char is a blank or '', in solaris it's '#'
#If I'm not a server, then maybe I'm the director. If I'm the director, then
ipvsadm will be on this machine.
#If this fails, give up, exit and cry for help
if \
[ `$IFCONFIG eth0 | grep -c "192.168.10.3 "` = "0" ] && \
[ `$IFCONFIG eth0 | grep -c "192.168.10.6 "` = "0" ] && \
[ `$IFCONFIG eth0 | grep -c "192.168.10.3 "` = "0" ] && \
[ `$IFCONFIG eth0 | grep -c "192.168.10.6 "` = "0" ] && \
[ `$IFCONFIG eth0 | grep -c "192.168.10.3 "` = "0" ] && \
[ `$IFCONFIG eth0 | grep -c "192.168.10.6 "` = "0" ]
then
{
#used to test for ipvsadm
#I'm the director, then $IPVSADM should be on this machine
#if [ -x $IPVSADM ]
#now test for DIIP
#note blank after DIRECTOR_INSIDEIP
if [ `$IFCONFIG -a | grep -c "$DIRECTOR_INSIDEIP "` = "1" ]
then
{
setup_director
}
else
{
echo "error: not a server, not a director"
echo "I'm not a server machine - this machine doesn't have the
IP of any of the servers"
echo "I'm not a director - I don't have the DIIP
$DIRECTOR_INSIDEIP"
echo "bummer - exiting."
#return error in case this script is executed by another script
return 1
}
fi
}
else
{
setup_realserver
}
fi
#----rc.lvs_tun-------------------------------------------------------------
LVS director
clearing ipchain rules
turn on ip forwarding
Director is accepting packets by transparent proxy (TP).
When using TP, the director does not have an IP for the VIP.
You must install a route on the router/test client telling it how to get to the
VIP.
You can put a host route to an IP already on the director
eg route add -host 192.168.10.110 gw director
or
put a (permanent) arp entry (arp -f /etc/ethers or arp -s) pointing to a MAC
address on the director.
Installing director redirect rules...
redirecting 192.168.10.110:telnet:tcp to local:telnet
redirecting 192.168.10.110:telnet:tcp to local:telnet
redirecting 192.168.10.110:www:tcp to local:www
redirecting 192.168.10.110:www:tcp to local:www
redirecting 192.168.10.110:squid:tcp to local:squid
redirecting 192.168.10.110:squid:tcp to local:squid
installing LVS services with ipvsadm
checking realserver godard reachable from director - godard is alive
checking realserver chaplin reachable from director - chaplin is alive
checking realserver godard reachable from director - godard is alive
checking realserver chaplin reachable from director - chaplin is alive
checking realserver godard reachable from director - godard is alive
checking realserver chaplin reachable from director - chaplin is alive
displaying ipvsadm settings
IP Virtual Server version 0.9.15 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.10.110:www rr
-> chaplin:www Tunnel 1 0 0
-> godard:www Tunnel 1 0 0
TCP 192.168.10.110:telnet rr
-> chaplin:telnet Tunnel 1 0 0
-> godard:telnet Tunnel 1 0 0
TCP 192.168.10.110:squid rr
-> chaplin:squid Tunnel 1 0 0
-> godard:squid Tunnel 1 0 0
changing default gw to 192.168.10.3
showing routing table
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.10.7 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.10.3 0.0.0.0 UG 0 0 0 eth0
checking if DEFAULT_GW 192.168.10.3 is reachable - 192.168.10.3 is alive, good
checking for valid server_gw
default gw for vs-tun servers is NOT on director, good
LVS realserver type vs-tun
looking for DIIP 192.168.10.7
192.168.10.7 is alive
found, good
not local, good
looking for VIP on director from realserver
director is accepting packets by TP (no VIP on director)
bypassing ping check of VIP 192.168.10.110
installing redirect rules
redirecting 192.168.10.110:telnet:tcp to local:telnet on 192.168.10.6
redirecting 192.168.10.110:www:tcp to local:www on 192.168.10.6
redirecting 192.168.10.110:squid:tcp to local:squid on 192.168.10.6
listing ipchains rules
Chain input (policy ACCEPT):
target prot opt source destination ports
REDIRECT tcp ------ anywhere 192.168.10.110 any ->
telnet => telnet
REDIRECT tcp ------ anywhere 192.168.10.110 any -> www
=> www
REDIRECT tcp ------ anywhere 192.168.10.110 any ->
squid => squid
changing default gw to 192.168.10.6
showing routing table
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.10.6 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.10.6 0.0.0.0 UG 0 0 0 eth0
checking if DEFAULT_GW 192.168.10.6 is reachable - 192.168.10.6 is alive, good
LVS realserver type vs-tun
looking for DIIP 192.168.10.7
192.168.10.7 is alive
found, good
not local, good
looking for VIP on director from realserver
director is accepting packets by TP (no VIP on director)
bypassing ping check of VIP 192.168.10.110
installing redirect rules
redirecting 192.168.10.110:telnet:tcp to local:telnet on 192.168.10.3
redirecting 192.168.10.110:www:tcp to local:www on 192.168.10.3
redirecting 192.168.10.110:squid:tcp to local:squid on 192.168.10.3
listing ipchains rules
Chain input (policy ACCEPT):
target prot opt source destination ports
REDIRECT tcp ------ anywhere 192.168.10.110 any ->
telnet => telnet
REDIRECT tcp ------ anywhere 192.168.10.110 any -> www
=> www
REDIRECT tcp ------ anywhere 192.168.10.110 any ->
squid => squid
changing default gw to 192.168.10.6
showing routing table
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.10.3 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.10.6 0.0.0.0 UG 0 0 0 eth0
checking if DEFAULT_GW 192.168.10.6 is reachable - 192.168.10.6 is alive, good
|
