|
> I have met with success at getting ssh connections to work to LVS
> by running a separate sshd for the VIP on each realserver. I
>> I am not having any luck getting ssh service to run to LVS
>> kernel 2.4.21-20.ELsmp. Main problem seems to be in getting rid of arp
>> problems.
Not sure if this will help, hurt, or cause a lot of people to have a caniption:
Running LVS on the 2.6.10 kernel on Fedora FC3. (<-- all that new
stuff...and the cluster is a bunch of Pentium III Compaq iPaq very low end
desktop PCs)
Had a problem as the arp fix for Fedora has changed from the Howto.
I had to use:
(Text from my Linux install script:)
# Determine which port is the VIP ip:
interface=$(echo $cluster_ip | sed 's/^.*\.//g')
# Make a ipvs file for the Real Servers:
echo "echo 0 >/proc/sys/net/ipv4/ip_forward" > /etc/rc.d/init.d/S98ipvs
echo "echo 1 >/proc/sys/net/ipv4/conf/all/arp_ignore" >>
/etc/rc.d/init.d/S98ipvs
echo "echo 1 >/proc/sys/net/ipv4/conf/lo/arp_ignore" >>
/etc/rc.d/init.d/S98ipvs
echo "ifconfig lo:$interface $cluster_ip broadcast $cluster_ip netmask
0xffffffff up" >> /etc/rc.d/init.d/S98ipvs
echo "route add -host $cluster_ip dev lo:$interface" >>
/etc/rc.d/init.d/S98ipvs
# Link in the ipvs file:
chmod 755 ../init.d/S98ipvs
ln -s ../init.d/S98ipvs
(end text)
The key to arp being the two arp_ignore lines.
The S98ipvs is probably a bit mickey mouse, but it allows me not to have to
muck with the normal network settings earlier on on startup, and makes it
very easy to pull a machine out of the cluster while I'm still learning this.
For the problem of each time I connected thru LVS getting a new key --
which was a *huge* deal as I use Plink heavily to call Linux scripts from
NT systems.
The solution may not be elegant, it may not be right, at least I'm behind
fairly decent corporate firewalls...
(Text from my Linux install script:)
###########################################################
# Get common set of keys for seamless ssh via the LVS system:
cp -f /anetworkmount/ssh* /etc/ssh/.
chmod 600 ssh_host_key
chmod 600 ssh_host_rsa_key
chmod 600 ssh_host_dsa_key
chmod 644 ssh_host_key.pub
chmod 644 ssh_host_rsa_key.pub
chmod 644 ssh_host_dsa_key.pub
/etc/rc.d/rc3.d/S55sshd restart
(end text)
After I copied the keys up from one machine, this set the keys on every
member to be the same. So when I come in via the VIP, the first time I
accept the key, and never get prompted no matter which real server I
connect to next. I can still go to the real IP on the real servers to
directly administer them.
Matt Kivela
Sr. Systems Administrator
Worcester Telegram & Gazette
| 