|
On Wed, Dec 10, 2003 at 11:33:11AM +0100, Carlos J. Ramos wrote:
> Hi all there.
>
> We are using ldirectord to manage the pool of a realservers cluster, in
> order to do that we are balancing both 80 and 443 ports.
>
> When we are balancing to 80 port, everything is all right, but when
> trying to balance to 443 port requests, ldirectord never try to contact
> with the machine to check if it is correctly up.
>
> We had put a sniffer (tcpdump) listening in 443 ports of realservers and
> no check is done, this way, the realservers are never added to the pool
> of the realservers with ipvsadm...
>
> Well the config file we use is this :
>
> checktimeout=5
> checkinterval=1
> autoreload=yes
> logfile="/var/log/ha/ldirectord.log"
> quiescent=yes
> virtual=195.57.212.78:80
> real=172.16.40.51:80 masq 1
> real=172.16.40.52:80 masq 1
> service=http
> request="check.html"
> receive="alive"
> scheduler=wlc
> virtual=195.57.212.78:443
> real=172.16.40.51:443 masq 1
> real=172.16.40.52:443 masq 1
> request="check.html"
> receive="alive"
> scheduler=wlc
> service=https
>
>
> The file "check.html" is inside the apache root document, and it is
> accessible through http and https (tested with lynx-ssl), also the text
> string "alive" is the only text in the file.
>
> We have put ldirectord in debug mode using the -d switch, and we
> gathered this information:
>
>
> First, ldirectord add as a virtual server, thats ok...
>
> (...)
> DEBUG2: Running system(/sbin/ipvsadm -A -t 195.57.212.78:443 -s wlc )
> Running system(/sbin/ipvsadm -A -t 195.57.212.78:443 -s wlc )
> DEBUG2: Added virtual server: 195.57.212.78:443
> Added virtual server: 195.57.212.78:443
> (...)
>
> Ldirectord add the server and virtual servers related to 80 port... but
> when it tries to add 443 servers fail:
>
> (...)
> DEBUG2: Checking negotiate: real
> server=negotiate:https:tcp:172.16.40.51:443::\/ldirectord\.html:toy\
> vivo (virtual=tcp:195.57.212.78:443)
> DEBUG2: Checking https server=172.16.40.51 port=443
> DEBUG2: Testing: 172.16.40.51, 443, /ldirectord.html
> DEBUG2: Disabled server=172.16.40.51
> DEBUG2: Checking negotiate: real
> server=negotiate:https:tcp:172.16.40.52:443::\/ldirectord\.html:toy\
> vivo (virtual=tcp:195.57.212.78:443)
> DEBUG2: Checking https server=172.16.40.52 port=443
> DEBUG2: Testing: 172.16.40.52, 443, /ldirectord.html
> DEBUG2: Disabled server=172.16.40.52
> (...)
>
> ...as it can be seen, ldirectord saids it test each server, but we
> cannot see using the network sniffer any packet reaching real servers...
> neither outgoing packets from the balancer.
>
> Since 80 and 443 ports connectivity is done using the same switch we
> don't think it could be due to a lost of connectivity.
That is very curious. Have you tried putting some extra debuging
statements into check_https to try and descover why the test is
failing?
Have you tried tracing packets from the linux-director or the
real-server? The former may be more informative.
[snip]
> Fresh kernel 2.4.21 from www.es.kernel.org compiled from sources and
> patched with linux-2.4.21-ipvs-1.0.10.patch
>
>
> What can be due to?, is there any well tested platform recommended for
> heartbeat-ldirectord?, I also tried to download precompiled packages for
> redhat 9.0 from
> http://www.ultramonkey.org/download/heartbeat/stable.latest/redhat_9/dependancies/
> but each file i tried to download gives me a 404 not found error....
Sorry, my mistake. Those links are fixed now.
--
Horms
|
