Hi guys! I've posted bug report regarding ldirectord, can you please review it and commit, if possible?
https://github.com/ClusterLabs/resource-agents/issues/361 Ldirectord is using LWP for it's negotiate checks for the HTTP/HTTPS sites. Since LWP 6.0 by default it verifies the correspondence of the SSL certificate and the server hostname. In 99.9% of the cases this is the VIP hostname and RIP are identified by their internal hostnames or, most common - by their IP addresses. That breaks hostname verification and hence - marks HTTPS backends as invalid and kicks them off the pool. This problem did hit me in the production when we've upgraded from Debian squeeze to Debian wheezy, which brought newer version of LWP. http://search.cpan.org/~gaas/LWP-Protocol-https-6.04/lib/LWP/Protocol/https.pm Luckily, the fix to the problem is easy: --- ldirectord.orig 2013-12-03 11:59:11.114983525 +0100 +++ ldirectord 2013-12-03 11:59:34.703026282 +0100 @@ -2834,7 +2834,7 @@ &ld_debug(2, "check_http: url=\"$$r{url}\" " . "virtualhost=\"$virtualhost\""); - my $ua = new LWP::UserAgent(); + my $ua = new LWP::UserAgent(ssl_opts => { verify_hostname => 0 }); my $h = undef; if ($$v{service} eq "http_proxy") { I haven't verified that with older version of LWP, but I believe it should just ignore unknown parameters to the constructor. With best regards, Timur Bakeyev.
_______________________________________________________ Linux-HA-Dev: Linux-HA-Dev@lists.linux-ha.org http://lists.linux-ha.org/mailman/listinfo/linux-ha-dev Home Page: http://linux-ha.org/