I've been using ipvsadm and heartbeat for quite a while now with great
success. They are both really great programs. I've been using some small
perl scripts to do some of the failover without much luck. So I've
started looking into ldirectord, but am having some issues incorporating
it into my environment.
I understand how to load the files for ldirector and how to get it to
start from heartbeat, but the documentation on ldirectord is a little
sparse, so I"m here to ask a few questions. Basically I need help
incorporating the script below into ldirectord.
First of all, my current config looks like so:
echo "1" > /proc/sys/net/ipv4/ip_forward
ipchains -F
ipvsadm -C
#firewall packet marking
ipchains -A input -s 0.0.0.0/0 -d 207.228.79.0/25 -m 1
ipchains -A input -s 0.0.0.0/0 -d 207.148.155.0/24 -m 1
ipchains -A input -s 0.0.0.0/0 -d 207.148.151.0/24 -m 1
ipchains -A input -s 0.0.0.0/0 -d 207.148.181.0/24 -m 1
#virtual server stuff
#cgi1/cgi2 web balancing for ~ homedirs
ipvsadm -A -t 207.228.64.34:80 -s wlc
ipvsadm -a -t 207.228.64.34:80 -r 207.228.64.35:80 -g -w 1
ipvsadm -a -t 207.228.64.34:80 -r 207.228.64.109:80 -g -w 1
#forums.cadvision.com
ipvsadm -A -t 207.228.64.104:80 -s wlc
ipvsadm -a -t 207.228.64.104:80 -r 207.228.64.35:80 -g -w 1
ipvsadm -a -t 207.228.64.104:80 -r 207.228.64.109:80 -g -w 1
#secure ssl
ipvsadm -A -t 207.228.64.34:443 -s wlc -p 1800
ipvsadm -a -t 207.228.64.34:443 -r 207.228.64.35:443 -g -w 1
ipvsadm -a -t 207.228.64.34:443 -r 207.228.64.109:443 -g -w 1
#ftp balancing
ipvsadm -A -t 207.228.64.34:21 -s wrr -p 600
ipvsadm -a -t 207.228.64.34:21 -r 207.228.64.35:21 -g -w 1
ipvsadm -a -t 207.228.64.34:21 -r 207.228.64.109:21 -g -w 1
#telnet and ssh
ipvsadm -A -t 207.228.64.34:22 -s wrr
ipvsadm -a -t 207.228.64.34:22 -r 207.228.64.35:22 -g -w 1
ipvsadm -a -t 207.228.64.34:22 -r 207.228.64.109:22 -g -w 1
ipvsadm -A -t 207.228.64.34:23 -s wrr
ipvsadm -a -t 207.228.64.34:23 -r 207.228.64.35:23 -g -w 1
ipvsadm -a -t 207.228.64.34:23 -r 207.228.64.109:23 -g -w 1
#virtual hosts
ipvsadm -A -f 1 wlc
ipvsadm -a -f 1 -r 207.228.64.35 -g
ipvsadm -a -f 1 -r 207.228.64.109 -g
Now, I've made one ldirector cf file(called www.cf) as follows:
# The /etc/ha.d/www.cf for ldirectord
#
# the number of second until a real server is declared dead
timeout = 10
# the number of second between server checks
checkinterval = 10
virtual = 207.228.64.34:80
protocol = tcp
scheduler = wlc
real = 207.228.64.35:80 gate 1
real = 207.228.64.109:80 gate 1
request = "/.testpage"
receive = "test page"
virtual = 207.228.64.104:80
protocol = tcp
scheduler = wlc
real = 207.228.64.35:80 gate 1
real = 207.228.64.109:80 gate 1
request = "/.testpage"
receive = "test page"
So the above www.cf file covers the two main ips, but none of the class
C's, which isn't terribly important, since if the two main ips are
unreachable, the rest of the Class C's most likely aren't either, but
what builds the rules for ipvsadm? Do I still need to run the first
script I have at the top of this email? If so, how does ldirectord know
how to remove and add the servers in and out?
Another question is about the firewall mark and how to incorporate it
into the a cf file for ldirector?
And is there any documentation on the /etc/ha.d/ldirectord.cf, or is
that the equivalent of the www.cf file I've posted above?
Thanks in advance for any help :)
|