LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: [lvs-users] Ldirectord not respecting received text for https

To: Simon Horman <horms@xxxxxxxxxxxx>
Subject: Re: [lvs-users] Ldirectord not respecting received text for https
Cc: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
From: Brent Jensen <brent@xxxxxxxxxxx>
Date: Sun, 02 Jan 2011 19:21:20 -0700
I'm now using the latest version of ldirectord. There was no change in the 
bug. I have a global variable that changes the output of the web server 
(http & https). Ldirectord seems to work for port 80, but not for port 443. 
I have multiple external IPs natted and looking at the real servers on both 
port 80 & 443.

It's looking for "Connected successfully". When turned off it no longer 
appears; however, the debug code seems to allow the output, even though 
it's not there (external IPs changed to x.x.x.n):

DEBUG2: Checking connect: real 
server=connect:tcp:10.0.3.11:443:::1:masq:\/index\.html:Connected\ 
successfully (virtual=tcp:x.x.x.54:443)
DEBUG3: Connected to 10.0.3.11 (port 443)
DEBUG2: Enabled  real 
server=connect:tcp:10.0.3.11:443:::1:masq:\/index\.html:Connected\ 
successfully (virtual=tcp:x.x.x.54:443)
DEBUG3: Activated service 10.0.3.11:443


This is output when enabled, meaning changing the output of the webserver 
to show "Connected Successfully", not turning on the webserver:

[Sun Jan  2 18:48:47 2011|ldirectord.cf|5834] Quiescent real server: 
10.0.3.11:80 (x.x.x.54:80) (Weight set to 0)
[Sun Jan  2 18:48:47 2011|ldirectord.cf|5834] Quiescent real server: 
10.0.3.11:80 (x.x.x.50:80) (Weight set to 0)
[Sun Jan  2 18:48:47 2011|ldirectord.cf|5834] Quiescent real server: 
10.0.3.11:80 (x.x.x.44:80) (Weight set to 0)
[Sun Jan  2 18:48:47 2011|ldirectord.cf|5834] Quiescent real server: 
10.0.3.11:80 (x.x.x.45:80) (Weight set to 0)
[Sun Jan  2 18:49:03 2011|ldirectord.cf|5834] Resetting soft failure count: 
10.0.3.11:80 (tcp:x.x.x.54:80)
[Sun Jan  2 18:49:03 2011|ldirectord.cf|5834] Restored real server: 
10.0.3.11:80 (x.x.x.54:80) (Weight set to 8)
[Sun Jan  2 18:49:03 2011|ldirectord.cf|5834] Resetting soft failure count: 
10.0.3.11:80 (tcp:x.x.x.50:80)
[Sun Jan  2 18:49:03 2011|ldirectord.cf|5834] Restored real server: 
10.0.3.11:80 (x.x.x.50:80) (Weight set to 1)
[Sun Jan  2 18:49:03 2011|ldirectord.cf|5834] Resetting soft failure count: 
10.0.3.11:80 (tcp:x.x.x.44:80)
[Sun Jan  2 18:49:03 2011|ldirectord.cf|5834] Restored real server: 
10.0.3.11:80 (x.x.x.44:80) (Weight set to 1)
[Sun Jan  2 18:49:03 2011|ldirectord.cf|5834] Resetting soft failure count: 
10.0.3.11:80 (tcp:x.x.x.45:80)
[Sun Jan  2 18:49:03 2011|ldirectord.cf|5834] Restored real server: 
10.0.3.11:80 (x.x.x.45:80) (Weight set to 1)

Note: If I turn off the web server it drops it out like it should:
TCP  x.x.x.54:443 rr
   -> 10.0.3.18:443                Masq    1      1          25
   -> 10.0.3.10:443                Masq    1      1          29
   -> 10.0.3.11:443                Masq    0      0          23 (this is 
quiescent like it should)

Stopping web server:
[Sun Jan  2 18:59:18 2011|ldirectord.cf|5834] Quiescent real server: 
10.0.3.11:80 (x.x.x.54:80) (Weight set to 0)
[Sun Jan  2 18:59:18 2011|ldirectord.cf|5834] Quiescent real server: 
10.0.3.11:443 (x.x.x.54:443) (Weight set to 0)
[Sun Jan  2 18:59:18 2011|ldirectord.cf|5834] Quiescent real server: 
10.0.3.11:80 (x.x.x.50:80) (Weight set to 0)
[Sun Jan  2 18:59:18 2011|ldirectord.cf|5834] Quiescent real server: 
10.0.3.11:80 (x.x.x.44:80) (Weight set to 0)
[Sun Jan  2 18:59:18 2011|ldirectord.cf|5834] Quiescent real server: 
10.0.3.11:80 (x.x.x.45:80) (Weight set to 0)

Starting web server:
[Sun Jan  2 18:59:35 2011|ldirectord.cf|5834] Resetting soft failure count: 
10.0.3.11:80 (tcp:x.x.x.54:80)
[Sun Jan  2 18:59:35 2011|ldirectord.cf|5834] Restored real server: 
10.0.3.11:80 (x.x.x.54:80) (Weight set to 8)
[Sun Jan  2 18:59:35 2011|ldirectord.cf|5834] Resetting soft failure count: 
10.0.3.11:443 (tcp:x.x.x.54:443)
[Sun Jan  2 18:59:35 2011|ldirectord.cf|5834] Restored real server: 
10.0.3.11:443 (x.x.x.54:443) (Weight set to 1)
[Sun Jan  2 18:59:35 2011|ldirectord.cf|5834] Resetting soft failure count: 
10.0.3.11:80 (tcp:x.x.x.50:80)
[Sun Jan  2 18:59:35 2011|ldirectord.cf|5834] Restored real server: 
10.0.3.11:80 (x.x.x.50:80) (Weight set to 1)
[Sun Jan  2 18:59:35 2011|ldirectord.cf|5834] Resetting soft failure count: 
10.0.3.11:80 (tcp:x.x.x.44:80)
[Sun Jan  2 18:59:35 2011|ldirectord.cf|5834] Restored real server: 
10.0.3.11:80 (x.x.x.44:80) (Weight set to 1)
[Sun Jan  2 18:59:35 2011|ldirectord.cf|5834] Resetting soft failure count: 
10.0.3.11:80 (tcp:x.x.x.45:80)
[Sun Jan  2 18:59:35 2011|ldirectord.cf|5834] Restored real server: 
10.0.3.11:80 (x.x.x.45:80) (Weight set to 1)

About the only thing I can think of it is caching the good output. As a 
work-around maybe I need to check on port 80 instead of port 443? I ran 
this test:
(1) Removed the receive string: http:80 dropped out (https should have 
dropped out too)
(2) Turned off the web server: https:443 dropped out.
(3) Turned on the web server: https:443 popped in (didn't respect the 
receive string)
(4) Enabled the receive string: http:80 popped in.

This tells me that either (1) https is cached for a very long time or (2) 
ldirectord it doesn't work properly.

Here's my conf for this example:

virtual=x.x.x.54:443
         fallback=127.0.0.1:443
         real=10.0.3.10:443 masq 1
         real=10.0.3.11:443 masq 1
         real=10.0.3.18:443 masq 1
         service=https
         request="index.html"
         receive="Connected successfully"
         scheduler=rr
         #persistent=600
         protocol=tcp
         checktype=connect

Is this correct?

Thanks,

Brent



At 11:33 AM 12/31/2010 +0900, Simon Horman wrote:
>On Thu, Dec 30, 2010 at 06:06:52PM -0700, Brent Jensen wrote:
> >
> >  I've just noticed (not sure how long this has been going on) that my
> >  Ldirectord script doesn't respect the return code from the webservers
> >  using https--it works not matter what the return string is. It works
> >  fine for http. I've seen some old threads on this but not sure of late.
> >  My version I'm running comes from clusterlabs repository
> >  (ldirectord-1.0.3-2.6.el5). I haven't tried any newer versions. Is this
> >  a known bug w/ this version?
>
>Hi Brent,
>
>Unfortunately I seem to be unable to reproduce this problem using both the
>current tip version[1] and the version that was included in agents-1.0.3.
>The latter should correspond to the version that you are using.
>
>My test involved a 404, and ldirectord identified the server as being down.
>
>My suspicion is that there is a problem in either one of the underlying
>libraries or your configuration.
>
>Would it be possible for you to run the version that you have
>installed with the -d flag to see if the resulting debugging information
>sheds any light on the problem? Or perhaps try the latest snapshot
>to check that it isn't a bug specific to the version you have?
>
>[1] http://horms.net/projects/ldirectord/download/ldirectord-latest


_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

<Prev in Thread] Current Thread [Next in Thread>