Re: Realserver failover problem using ssl and tomcat

To: Jason Downing <jasondowning@xxxxxxxxxxxxxxxx>
Subject: Re: Realserver failover problem using ssl and tomcat
Cc: lvs-users <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
From: Horms <horms@xxxxxxxxxxxx>
Date: Thu, 29 Jun 2006 16:36:15 +0900
On Thu, Jun 29, 2006 at 04:49:52PM +1000, Jason Downing wrote:
> Thanks Horms that fixes the problem. However the system resets this value 
> to 0 whenever Debian starts. I've put the value into sysctl.conf by adding:
> net.ipv4.vs.expire_nodest_conn = 1

All sysconf values behave like that :)

> and if I run sysctl -p it updates the variable to 1. However on restart the 
> variable is back to 0. I have worked out that this is because the vs 
> directory is deleted on boot (or maybe shutdown) and not re-created until 
> an ipvsadm command is issued. This means that the entry in sysctl.conf has 
> no effect because the directory where the file goes is not present at the 
> time the sysctl.conf file is used.

This is probably because lvs is a module and thus that directory isn't
available until the module is inserted. And presumably the call to 
sysctl -p during the init process is occuring after that.

> I have written a init.d script (yes I know its a complete hack) which runs 
> when the other init.d startup scripts run, and this causes the directory to 
> be created (by issuing /sbin/ipvsadm -L -n) and then issues sysctl -p to 
> put the variable in place. Here is the hack:
> #!/bin/sh
> /sbin/ipvsadm -L -n
> sleep 1
> sysctl -p
> Then I used:
> /usr/sbin/update-rc.d expire_nodest_conn start 75 2 3 4 5 . stop 05 0 1 6 .
> to make it run on boot. I also put the line:
> net.ipv4.vs.expire_nodest_conn = 1
> into /etc/sysctl.conf
> Thanks for the help, Jason

A fine hack indeed. Onother work around might be to add ip_vs to
/etc/modules. I'm not sure if that gets processed early enough to help
your problem, but it would be worth checking.

H:          W:

<Prev in Thread] Current Thread [Next in Thread>