LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: Ldirectord v1.58 does check HTTPS negotiate work ?

To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: Re: Ldirectord v1.58 does check HTTPS negotiate work ?
From: Malcolm Turnbull <Malcolm.Turnbull@xxxxxxxxxxxx>
Date: Fri, 18 Oct 2002 10:16:54 +0100
Horms,

Thanks for the rapid response I'll try to debug my issue using the new code... I also bought a PERL book yesterday which should help.... :-).



Horms wrote:
On Thu, Sep 26, 2002 at 04:21:06PM +0100, Malcolm Turnbull wrote:


Ldirectord v1.58 does check HTTPS negotiate work ?


HTTPS with checktype = connect is fine
but changing checktype to negotiate removes all the real servers...

I'm not to good with PERL but the function seems to die before even getting to the warn ("Testing.... bit ?

sub check_https
{
        my ($v, $r) = @_;
        require Net::SSLeay;
        $Net::SSLeay::trace = 0;
        my $uri = $$v{request};
        my ($page, $result, %headers);
        eval {
                local $SIG{__WARN__};
                local $SIG{'__DIE__'} = "DEFAULT";
                local $SIG{'ALRM'} = sub { die "Timeout Alarm" };
                alarm $$v{negotiatetimeout};
($page, $result, %headers) = &Net::SSLeay::get_https($$r{server}, $$r{port}, $uri);
                my $recstr = $$r{receive};
                warn("Testing: $$r{server}, $$r{port}, $uri");
                if($result =~ /error/i ||
                                ($recstr =~ /.+/ && !($page =~ /$recstr/))) {
                        die("$result");
                }
        };
        alarm 0; # Cancel the alarm

        if ($@) {
                service_set($v, $r, "down");
                &ld_debug(2, "check_https: $$r{url} is down\n");
                return 0;
        }
        service_set($v, $r, "up");
        &ld_debug(2, "check_https: $$r{url} is up\n");
        return 1;
}


Hi Malcolm,

I'll start of by saying that this is not my favorite piece of code,
especially the "alarm()" bit.

After some testing it seems that the code is infact working (about as
well as it can). I have made some minor changes to the debuging output
of this function. These have been committed to CVS.  The new version is
1.59 and the resulting code is:


        eval {
                local $SIG{__WARN__};
                local $SIG{'__DIE__'} = "DEFAULT";
                local $SIG{'ALRM'} = sub { die "Timeout Alarm" };
                alarm $$v{negotiatetimeout};
                &ld_debug(2, "Testing: $$r{server}, $$r{port}, $uri");
                ($page, $result, %headers)  = &Net::SSLeay::get_https(
                                $$r{server}, $$r{port}, $uri);
                &ld_debug(2, "Result: $result");
                my $recstr = $$r{receive};
                if($result =~ /error/i ||
                                ($recstr =~ /.+/ && !($page =~ /$recstr/))) {
                        die("$result");
                }
        };


If you run ldirectord in debugging mode, then the "Testing:" and
"Result:" messages will show up. Ldirectord can be run in debuging mode
using something along the lines of:

/usr/sbin/ldirectord -d /etc/ha.d/ldirectord.cf start

The "Testing:" line should give you information on just what is going to
be retrieved.
The "Result:" line should show you what was recieved from the server
(hopefully this is short :). This line will not show up if a timeout
occurs. That is, get_https() doesn't complete within
$$v{negotiatetimeout} seconds.


Please note that for better or for worse get_https() does not follow
HTTP redirects. During my testing I the code was detecting the server I
was connecting to as being down, although it wasn't.  This turned out to
be the result of the server issuing a "302 Moved Tempoarily" which your
average-garden-variety web browser will follow blindly. Hopefully the
debuging code above will help you to isolate this if that is the problem
that you are seeing.


--
Regards,

Malcolm Turnbull
IT Manager

Crocus.co.uk Ltd
01344 629661
07715 770523




<Prev in Thread] Current Thread [Next in Thread>