LVS
lvs-users
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

Problems balancing http/ssl

from [Carlos J. Ramos] [Permanent Link]
To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: Problems balancing http/ssl
From: "Carlos J. Ramos" <cjramos@xxxxxxxxxxx>
Date: Wed, 10 Dec 2003 11:33:11 +0100 
Hi all there.

We are using ldirectord to manage the pool of a realservers cluster, in
order to do that we are balancing both 80 and 443 ports.

When we are balancing to 80 port, everything is all right, but when
trying to balance to 443 port requests, ldirectord never try to contact
with the machine to check if it is correctly up.

We had put a sniffer (tcpdump) listening in 443 ports of realservers and
no check is done, this way, the realservers are never added to the pool
of the realservers with ipvsadm...

Well the config file we use is this :

checktimeout=5
checkinterval=1
autoreload=yes
logfile="/var/log/ha/ldirectord.log"
quiescent=yes
virtual=195.57.212.78:80
        real=172.16.40.51:80 masq 1
        real=172.16.40.52:80 masq 1
        service=http
        request="check.html"
        receive="alive"
        scheduler=wlc
virtual=195.57.212.78:443
        real=172.16.40.51:443 masq 1
        real=172.16.40.52:443 masq 1
        request="check.html"
        receive="alive"
        scheduler=wlc
        service=https


The file "check.html" is inside the apache root document, and it is
accessible through http and https (tested with lynx-ssl), also the text
string "alive" is the only text in the file.

We have put ldirectord in debug mode using the -d switch, and we
gathered this information:


First, ldirectord add as a virtual server, thats ok...

(...)
DEBUG2: Running system(/sbin/ipvsadm -A -t 195.57.212.78:443 -s wlc )
Running system(/sbin/ipvsadm -A -t 195.57.212.78:443 -s wlc )
DEBUG2: Added virtual server: 195.57.212.78:443
Added virtual server: 195.57.212.78:443
(...)

Ldirectord add the server and virtual servers related to 80 port... but
when it tries to add 443 servers fail:

(...)
DEBUG2: Checking negotiate: real
server=negotiate:https:tcp:172.16.40.51:443::\/ldirectord\.html:toy\
vivo (virtual=tcp:195.57.212.78:443)
DEBUG2: Checking https server=172.16.40.51 port=443
DEBUG2: Testing: 172.16.40.51, 443, /ldirectord.html
DEBUG2: Disabled server=172.16.40.51
DEBUG2: Checking negotiate: real
server=negotiate:https:tcp:172.16.40.52:443::\/ldirectord\.html:toy\
vivo (virtual=tcp:195.57.212.78:443)
DEBUG2: Checking https server=172.16.40.52 port=443
DEBUG2: Testing: 172.16.40.52, 443, /ldirectord.html
DEBUG2: Disabled server=172.16.40.52
(...)

...as it can be seen, ldirectord saids it test each server, but we
cannot see using the network sniffer any packet reaching real servers...
neither outgoing packets from the balancer.

Since 80 and 443 ports connectivity is done using the same switch we
don't think it could be due to a lost of connectivity.

Further information:

Linux Distro: Mandrake 9.1 (download edition)

- Heartbeat packages compiled from heartbeat-1.0.4-1.src.rpm

heartbeat-stonith-1.0.4-1
heartbeat-pils-1.0.4-1
heartbeat-1.0.4-1
heartbeat-ldirectord-1.0.4-1

- ipvsadm package compiled from ipvsadm-1.21.-7.src.rpm

ipvsadm-1.21-7

- ucd-snmp package and openssl version used:

ucd-snmp-4.2.3-5mdk
openssl-0.9.7a-1.2.91mdk
libopenssl0.9.7-0.9.7a-1.2.91mdk
libopenssl0.9.7-devel-0.9.7a-1.2.91mdk
libopenssl0-0.9.6i-1.2.91mdk

- Perl package.

perl-Parse-RecDescent-1.80-6mdk
perl-URI-1.23-1mdk
perl-HTML-Parser-3.27-1mdk
perl-XML-Parser-2.31-6mdk
perl-libwww-perl-5.69-1mdk
perl-devel-5.8.0-19mdk
perl-base-5.8.0-19mdk
perl-MDK-Common-1.0.4-23mdk
perl-Locale-gettext-1.01-7mdk
perl-DateManip-5.40-4mdk
perl-URPM-0.81-13mdk
perl-5.8.0-19mdk
perl-Net_SSLeay-1.21-1mdk
perl-HTML-Tagset-3.03-5mdk
perl-Authen-SASL-2.03-1mdk
perl-ldap-0.27.01-1mdk
perl-Mail-IMAPClient-2.1.4-1

Fresh kernel 2.4.21 from www.es.kernel.org compiled from sources and
patched with linux-2.4.21-ipvs-1.0.10.patch


What can be due to?, is there any well tested platform recommended for
heartbeat-ldirectord?, I also tried to download precompiled packages for
redhat 9.0 from
http://www.ultramonkey.org/download/heartbeat/stable.latest/redhat_9/dependancies/
but each file i tried to download gives me a 404 not found error....

Thanks, and sorry for the the length of the mail.

-- 
--------------------------------------------------------
Carlos J. Ramos                 Genasys II Spain, S.A.U.
Administrador de Sistemas       Ventura de la Vega 5
Tel:+34-91-3649100 ext 170      28014 Madrid
Fax:+34-91-3649119              Spain
Email:  cjramos@xxxxxxxxxx
--------------------------------------------------------
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Persistence and faillover, Francois JEANMOUGIN
Next by Date:  Re: persistance dependencies??, Roberto Nibali
Previous by Thread:  Persistence and faillover, Francois JEANMOUGIN
Next by Thread:  Re: Problems balancing http/ssl, Horms
Indexes:  [Date] [Thread] [Top] [All Lists]