|
Graeme Fowler wrote:
> On Thu, 2007-08-02 at 21:35 -0400, Gerry Reno wrote:
>
>> Also, F7 is giving an avc denial when I try to run it in a notify
>> script. Darn SELinux; I like it until it does this type of thing. I
>> opened a bug on F7 for this. Something about denied access to ip socket.
>>
>
>
Fedora quickly made a fix for selinux-policy for this and it will be in
the next
round of updates. They are really responsive to selinux issues.
And following some of Graeme's suggestions:
Here is what I have done:
I modified my approach to define static config files instead of
dynamically setting things. This seems to have helped from the
standpoint of stability and reliability.
I can recycle or reboot the directors and the VIP service clients do not
notice other than sometimes there is a slightly longer delay during
transition. The only thing that I am doing in my notify script now is to
move VIP/32 on/off the lo device for the directors; no more changes on
the real servers; and ping the router from VIP, and that's it.
And some things that I have found:
keepalived is sensitive to how it is started and stopped. If I do a
'service keepalived restart', many times this will appear successful
even in the logs but when you run 'ipvsadm -l' there are no entries in
the table. The solution I found was to always handle keepalived by using
separate 'service keepalived stop' and 'service keepalived start'.
Controlling keepalived in this way has been 100% successful and reliable
for me.
So now keepalived is working in a predictable manner. Thanks Graeme!
Gerry
|
