LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: Ldirectord realserver connection refused LVS-TUN

To: arthur@xxxxxxxxxxxxx, <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: Ldirectord realserver connection refused LVS-TUN
Cc: linux-ha@xxxxxxxxxxxxxxxxxx
From: Niraj Patel <niraj@xxxxxxxxxx>
Date: Wed, 20 Dec 2006 15:51:22 -0500
I had the RS listening on the RIP before and then in the process of trying to get https working, I must have turned it off. http checks now work if RS is listening on the RIP. The implication seems to be that

But now I have another problem, well more of a question really. Since https uses name resolution to pull the SSL cert, would I also need something like the following:

1. a dns entry for each virtual host that maps a fqdn like web.abc.com to each of the RIPs (not really sure about this part)
   i.e.  web.abc.com resolves to RIP1, RIP2, etc.
2. an SSL certificate for web.abc.com that's installed on each RS.

my ldirectord.cf would look like this:

virtual=10.5.2.72:443
       real=10.5.2.61:443 ipip 1
       #real=10.5.2.62:443 ipip 1
       fallback=127.0.0.1:443
       service=https
       request="/.testpage"
       receive="test page"
       virtualhost="web.abc.com"
       scheduler=nq
       protocol=tcp
       checktype=negotiate

is this correct?



Arthur Kao wrote:
On 12/13/06, Niraj Patel <niraj@xxxxxxxxxx> wrote:
Does LVS-TUN support Ldirectord and does anyone know of working systems
out there using both at the same time.
I do have a working LVS-TUN setup with ldirectord (ultramonkey setup)
for our web portal environment. I am able to telnet to port 80 from my
director. Is your web server listening to its RIP?


Would it be possible (or make sense) to run Ldirectord on machines other
than the directors?


Joseph Mack NA3T wrote:
> On Tue, 12 Dec 2006, Niraj Patel wrote:
>
>> I saw that part but then how does ldirectord make its negotiation
>> checks?
>
> I don't know how ldirectord does it, but for mon...
>
> on the realserver you have the service listening to the VIP _and_ the
> RIP. Health checking on the director checks the service on the RIP.
> You hope that the state of the service on the RIP reflects the service
> running on the VIP.
>
>> Does this also mean that you *MUST* run iptables in order to have
>> LVS-TUN work with failover and still have the flexibility of using
>> ldirectord?
>
> don't know sorry
>
> Joe
>
_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://www.in-addr.de/mailman/listinfo/lvs-users




<Prev in Thread] Current Thread [Next in Thread>