On Thu, Sep 26, 2002 at 04:21:06PM +0100, Malcolm Turnbull wrote:
Ldirectord v1.58 does check HTTPS negotiate work ?
HTTPS with checktype = connect is fine
but changing checktype to negotiate removes all the real servers...
I'm not to good with PERL but the function seems to die before even
getting to the warn ("Testing.... bit ?
sub check_https
{
my ($v, $r) = @_;
require Net::SSLeay;
$Net::SSLeay::trace = 0;
my $uri = $$v{request};
my ($page, $result, %headers);
eval {
local $SIG{__WARN__};
local $SIG{'__DIE__'} = "DEFAULT";
local $SIG{'ALRM'} = sub { die "Timeout Alarm" };
alarm $$v{negotiatetimeout};
($page, $result, %headers) =
&Net::SSLeay::get_https($$r{server}, $$r{port}, $uri);
my $recstr = $$r{receive};
warn("Testing: $$r{server}, $$r{port}, $uri");
if($result =~ /error/i ||
($recstr =~ /.+/ && !($page =~ /$recstr/))) {
die("$result");
}
};
alarm 0; # Cancel the alarm
if ($@) {
service_set($v, $r, "down");
&ld_debug(2, "check_https: $$r{url} is down\n");
return 0;
}
service_set($v, $r, "up");
&ld_debug(2, "check_https: $$r{url} is up\n");
return 1;
}
Hi Malcolm,
I'll start of by saying that this is not my favorite piece of code,
especially the "alarm()" bit.
After some testing it seems that the code is infact working (about as
well as it can). I have made some minor changes to the debuging output
of this function. These have been committed to CVS. The new version is
1.59 and the resulting code is:
eval {
local $SIG{__WARN__};
local $SIG{'__DIE__'} = "DEFAULT";
local $SIG{'ALRM'} = sub { die "Timeout Alarm" };
alarm $$v{negotiatetimeout};
&ld_debug(2, "Testing: $$r{server}, $$r{port}, $uri");
($page, $result, %headers) = &Net::SSLeay::get_https(
$$r{server}, $$r{port}, $uri);
&ld_debug(2, "Result: $result");
my $recstr = $$r{receive};
if($result =~ /error/i ||
($recstr =~ /.+/ && !($page =~ /$recstr/))) {
die("$result");
}
};
If you run ldirectord in debugging mode, then the "Testing:" and
"Result:" messages will show up. Ldirectord can be run in debuging mode
using something along the lines of:
/usr/sbin/ldirectord -d /etc/ha.d/ldirectord.cf start
The "Testing:" line should give you information on just what is going to
be retrieved.
The "Result:" line should show you what was recieved from the server
(hopefully this is short :). This line will not show up if a timeout
occurs. That is, get_https() doesn't complete within
$$v{negotiatetimeout} seconds.
Please note that for better or for worse get_https() does not follow
HTTP redirects. During my testing I the code was detecting the server I
was connecting to as being down, although it wasn't. This turned out to
be the result of the server issuing a "302 Moved Tempoarily" which your
average-garden-variety web browser will follow blindly. Hopefully the
debuging code above will help you to isolate this if that is the problem
that you are seeing.
