|
Hi,
> > In Apache http.conf we can specify a LISTEN port and run a separate
> > daemon for HTTPS on port 443 for example. If this https daemon or daemons
> > dies, or fails to start (because we have it configured to prompt for our
> > security certificate password at startup) we wouldn't want to make
> > assumptions about the health of the daemons listening on port 80 right?
IMHO you have three possibilities to overcome the INADDR_ANY bind problem:
1.) configure the application to listen to localhost as normal and to a VIP
only for healthchecking.
2.) ipchains is your friend, man! Do an ipchains -A input -j REDIRECT for
packets
coming from the DIP with destination VIP. You redirect it to the loopback
and get your response. You may even first mark the incoming packet and
redirect it accordingly.
3.) Write a user space daemon maybe even with tcpd support that listens to a
unused port and does the check locally and sends 0 if ok and 1 if nok.
pros: It's working and it's cool.
cons: the solutions are not 100% cross-compatible. f.e [1] will work on all
nodes, [2] only on unices that either have support for ipchains or ipfw
and [3] finally needs some coder and is the hardest to maintain.
> Yes, even when we have one httpd for two domains may be we want to
> check different cgi or database calls with L7 HTTP checks. But the L4
> check can be one, of course, configured from the user: bind to 0.0.0.0:80.
The healthcheck is based on the VIP and not on the RIP, so as long as we
don't have L7 support in LVS this is not an issue since for every new service
needs a new VIP.
> > Many thanks to Alexandre Cassen for the great contribution... I plan to
> > test it further in the lab ASAP.
Me too. I hope Julian and Alexandre can merge their work.
Regards,
Roberto Nibali, ratz
--
mailto: `echo NrOatSz@xxxxxxxxx | sed 's/[NOSPAM]//g'`
|
