Re: load balancing using keepalived

[Gerry Reno <greno@xxxxxxxxxxx>]

Dr. Volker Jaenisch wrote:
> Hi Gerry!
>
> Gerry Reno schrieb:
> > # netstat -a -n -p | grep -e ssh -e keepalived
> > tcp        0      0 :::22                       
> > :::*                        LISTEN      2387/sshd          
> As you can see in this line the sshd is blocking the port 22. So 
> keepalived can not use this port.
> Just move sshd out of the way.
>
> Change in
>
> /etc/ssh/sshd_config
>
> the line
>
> Port 22
>
> to e.g.
>
> Port 2222
>
> and perform a
>
> /etc/init.d/ssh restart
> /etc/init.d/keepalived restart
>
> To connect to this machine directly via ssh you will now have to use
>
> ssh -p2222 gerry@<vip>
>
> All others using
>
> ssh gerry@<vip>
>
> will land via the ipvs on your realservers.
>
> Best Regards,
>
> Volker
Ok, I tried this and it did not work.  But after looking at my setup for 
a while and reading the mini-HOWTO again I think I know where the 
problem may be.  My setup is all on one LAN and I think packets are 
being best-routed around the director which is causing things to hang.  
The mini-HOWTO indicates that this is so.  So I guess I need to 
contemplate some things.  My eventual goal is to have a web tier and a 
more secure data tier.  From a security perspective it makes sense to 
have these on separate networks and so I think I should probably set 
these up before doing any testing.  I'm probably just wasting time 
trying to get this simple one-LAN example working.  So I think I will 
setup two VLANS and isolate the networks.  I'm assuming VLANS are ok.  
Then I will retry an example with a virtual service IP and a virtual 
director IP.  This seems to be the more 'basic' config that Joe was 
referring to.  I think I'm beginning to understand some of the 
capabilities and limitations of LVS now.
Gerry