On 12/22/09 16:51, Bill Hathaway wrote: > Sangeeta - > Thank you for your response. Additional comments in-line. > > On Dec 22, 2009, at 4:40 PM, Sangeeta Misra wrote: > >> On 12/22/09 10:23, Bill Hathaway wrote: >>> Hi, I have tried using ILB for the last few days and had some >>> comments and questions >>> >>> Background >>> ----------------- >>> I am using a lab environment that consists of the following machines: >>> x4150 - machine running OpenSolaris b129 with ILB ip=10.250.1.51 >>> >>> web1 - web server ip=10.250.1.12 running apache on port 80 >>> web2 - web server ip=10.250.1.13 running apache on port 80 >>> >>> My current config is: >>> create-servergroup prodweb >>> add-server -s server=10.250.1.12:80 prodweb >>> add-server -s server=10.250.1.13:80 prodweb >>> create-healthcheck -n -h >>> hc-test=TCP,hc-timeout=5,hc-count=3,hc-interval=30 webhc >>> create-rule -e -i vip=10.250.1.51,port=80,protocol=tcp -m >>> lbalg=roundrobin,type=NAT,proxy-src=10.250.1.51-10.250.1.51 -h >>> hc-name=webhc,hc-port=ANY -t nat-timeout=120 -o servergroup=prodweb >>> prodweb >>> >>> >>> Issues >>> --------- >>> 1) ilbadm man page wasn't supplied >>> I already filed a bug >> >> THe man page will be available in snv_130( which is not in >> Opensolaris yet) . In the meantime, manpage ( and examples) are >> available at: >> http://wikis.sun.com/display/OpenSolarisInfo/Integrated+Load+Balancer >> >>> >>> 2) ilbd is missing needed authorizations >>> I already files a bug >> What authorization are you looking for? See >> http://wikis.sun.com/display/OpenSolarisInfo/Setting+up+user+authorization+for+ILB+configuration+commands >> >> >> >> on how to get a user to have authorizations to execute config commands. >> Also make sure you have this line in /etc/user_attr file: >> >> daemon::::auths=solaris.smf.manage.ilb,solaris.smf.modify.application > > Yes, that daemon line is what I was referring to. That should be > taken care of by the IPS package and shouldn't need to be handled > manually. > I submitted > http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6910697 >
Bill, When you upgade your setup to b_129, the SUNWcsr package should have updated the following files : /etc/user_attr /etc/security/prof_attr /etc/security/auth_attr I am told that there is a bug where updates to SUNWcsr's RBAC *_attr files are not "propagated" to the system when updating to the build. I will make changes to ILB's package to have it rbac to make the edits instead. So thanks for filing the bug on this. Current workaround for it is to manually add the lines in the *_attr files as listed in attached txt file. > > I think it would be more user friendly to have something like: > ilbadm: error, the hc-interval must be greater than hc-timeout times > hc-count > Will file a bug and fix this as well to make the command clearer. Also note that we do have VRRP, and I will soon add notes to : http://wikis.sun.com/display/OpenSolarisInfo/Integrated+Load+Balancer on what ILB failover scenarios can be handled by VRRP. Lastly please let us know of what other features you would like to see in ILB in future(including any L7 features and what perf requirements need to be met for that) . We are planning for Phase II delivery and we would like feedback from the Opensource community on this. Sangeeta -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: ILB_rbacfilechanges URL: <http://mail.opensolaris.org/pipermail/ilb-dev/attachments/20091223/b80dcd3c/attachment.ksh>
