|
On 03.12.2013 12:19, Timur I. Bakeyev wrote:
> Hi guys!
>
> I've posted bug report regarding ldirectord, can you please review it and
> commit, if possible?
>
> https://github.com/ClusterLabs/resource-agents/issues/361
>
> Ldirectord is using LWP for it's negotiate checks for the HTTP/HTTPS sites.
> Since LWP 6.0 by default it verifies the correspondence of the SSL
> certificate and the server hostname. In 99.9% of the cases this is the VIP
> hostname and RIP are identified by their internal hostnames or, most common
> - by their IP addresses.
>
> That breaks hostname verification and hence - marks HTTPS backends as
> invalid and kicks them off the pool. This problem did hit me in the
> production when we've upgraded from Debian squeeze to Debian wheezy, which
> brought newer version of LWP.
>
> http://search.cpan.org/~gaas/LWP-Protocol-https-6.04/lib/LWP/Protocol/https.pm
>
> Luckily, the fix to the problem is easy:
>
> --- ldirectord.orig 2013-12-03 11:59:11.114983525 +0100
> +++ ldirectord 2013-12-03 11:59:34.703026282 +0100
> @@ -2834,7 +2834,7 @@
> &ld_debug(2, "check_http: url=\"$$r{url}\" "
> . "virtualhost=\"$virtualhost\"");
>
> - my $ua = new LWP::UserAgent();
> + my $ua = new LWP::UserAgent(ssl_opts => { verify_hostname => 0 });
>
> my $h = undef;
> if ($$v{service} eq "http_proxy") {
>
> I haven't verified that with older version of LWP, but I believe it should
> just ignore unknown parameters to the constructor.
I don't think that's a bug but you have to specify the virtualhost
parameter to set the Host header for the realservers.
Regards,
Dennis
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|
