|
I've got an RHEL4 UM3 setup (LVS-DR), installed using the rpm's from the
offsite link on ulramonkey.org. Realservers are Solaris 10 with Tomcat
running unencrypted on port 80 and SSL on 443.
Visiting http://RIP and https://RIP work fine, as does telnetting to RIP
ports 80 and 443.
When I bring up ldirectord, http://VIP works great, but I get a connection
refused on https://VIP (same goes for telnet). All software firewalls
turned off. I'm running on Sun Fire X4100 x64's, FWIW.
My ldirectord.cf looks like: (right now I'm only using 1 realserver for
debugging)
-------------------
# Global Directives
checktimeout=10
checkinterval=20
autoreload=yes
logfile="local0"
quiescent=yes
# Virtual Service for HTTPS
virtual=128.6.xx.xx:443
real=128.6.xx.xx:443 gate
service=https
scheduler=rr
# persistent=600
protocol=tcp
checktype=negotiate
request="/"
receive="Tomcat"
virtual=128.6.xx.xx:80
real=128.6.xx.xx:80 gate
service=http
scheduler=rr
# persistent=600
protocol=tcp
checktype=connect
If I start ldirectord in debug mode, it makes successful checks to the
realserver:
--------------------------------------------------
LWP::UserAgent::send_request: GET https://RIP:443/
LWP::UserAgent::_need_proxy: Not proxied
LWP::Protocol::http::request: ()
LWP::Protocol::collect: read 878 bytes
LWP::Protocol::collect: read 4096 bytes
LWP::Protocol::collect: read 3880 bytes
LWP::Protocol::collect: read 282 bytes
LWP::UserAgent::request: Simple response: OK
DEBUG2: SSL-Cipher: EDH-RSA-DES-CBC3-SHA
DEBUG2: SSL-Cert-Subject: <Omitted>
DEBUG2: SSL-Cert-Issuer: /C=ZA/ST=Western Cape/L=Cape Town/O=Thawte
Consulting cc/OU=Certification Services Division/CN=Thawte Server
CA/emailAddress=server-certs@xxxxxxxxxx
DEBUG2: Enabled server=RIP
DEBUG2: check_http: https://RIP:443/ is up
But after I hit it with my browser, ipvsadm shows it sitting in SYN_RECV
forever:
-------------------------------------------
IP Virtual Server version 1.2.0 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP ohta.rutgers.edu:http rr
-> ha1.rutgers.edu:http Route 1 0 0
TCP ohta.rutgers.edu:https rr
-> ha1.rutgers.edu:https Route 1 0 1
[root@yokote1 network-scripts]$ /sbin/ipvsadm -lc
IPVS connection entries
pro expire state source virtual destination
TCP 00:52 SYN_RECV xxx.rutgers.edu:1334 virthost.rutgers.edu:https
rserver.rutgers.edu:https
If I do a solaris 'snoop' on the realserver, I see a brief spurt of
traffic from my desktop. Instead of the realserver hostname, I see the
virtualhost hostname, which I'm assuming is normal since lo0:1 is
configured with the VIP in DR:
---------------------------------------------------------
mydesktop.rutgers.edu -> virthost.rutgers.edu HTTPS C port=1222
virthost.rutgers.edu -> mydesktop.rutgers.edu HTTPS R port=1222
mydesktop.rutgers.edu -> virthost.rutgers.edu HTTPS C port=1222
virthost.rutgers.edu -> mydesktop.rutgers.edu HTTPS R port=1222
mydesktop.rutgers.edu -> virthost.rutgers.edu HTTPS C port=1222
virthost.rutgers.edu -> mydesktop.rutgers.edu HTTPS R port=1222
That's it. Any ideas?? Like I said, http/port80 works like a champ...
Thanks!
Dana
===================================
Dana Price
Systems Administrator
Rutgers University,
Office of Instructional and Research Technology
101J Administrative Services Building Annex I
d.price@xxxxxxxxxxx
732-445-6305
|
