I'm sorry for missing the thrust of your question.
The problem with saying host:0 is that ldirectord now has
no way of knowing what ports you're actually interested in;
unless you are just pinging it won't try and connect on any ports,
or will test the port you request via checkport. I don't believe
it support multiple checkports (at least the source looks like it
doesn't).
On the other hand, its "just a perl script" - you can hack on it to
your hearts content.
But, things may be simpler if you just add a trivial external check
program...
I personally would be leery of using :0; you would need a separate
IP for management (sshd for example) and would need to make sure all
services did not bind to the * address or they would get forwarded too.
Any hiccup in your firewall would end up making your LB an open forwarding
router. But that's just my religion.
Neil
Amos Shapira wrote:
> 2009/10/26 Neil Katin <[email protected]>:
>> I believe if you want them to be jointly persistent you have
>> to use firewall marks to do this, then balance on the mark.
>>
>> The IPVS howto has details on this (see example 2):
>>
>> http://kb.linuxvirtualserver.org/wiki/Ipvsadm
>
> Thanks, I'm aware of fwmarks, but I'm not sure how they could help
> here - here are some more details:
>
> 1. The VIP I use for these services are dedicated, so I don't need to
> distinguish between separate ports to same VIP - I'm OK with LVS
> passing through ALL ports from same client to same host. I think that
> using :0 already achieves this. (I use iptables to block all unwanted
> ports).
>
> 2. My question was about removing a real server from the pool based on
> whether ANY of specific ports on it not passing a check, e.g. if a
> real server fails on port 443 only (and still passes a check on the
> other ports) then I want NO new connections passed to it on ANY port
> (443, 80, or 9000), same if it fails on check on port 9000 only, for
> instance.
>
> Does this clarify my question or am I still missing something about your
> reply?
>
> Thanks,
>
> --Amos
>
>> Amos Shapira wrote:
>>> Hello,
>>>
>>> We use LVS on CentOS 5 to load-balance servers which serve multiple
>>> ports (let's say 80, 443 and 9000 for this question). Some of these
>>> ports are served through apache (80, 443) while others are served by a
>>> stand-alone process (9000).
>>>
>>> We set them up as persistent (because all connections to all ports
>>> coming from the same client as part of a specific transaction should
>>> go to the same real server.
>>>
>>> We did this by specifying each service for each port separately:
>>>
>>> virtual=192.168.1.126:80
>>> real=192.168.98.117:80 gate
>>> real=192.168.98.126:80 gate
>>> scheduler=rr
>>> protocol=tcp
>>> persistent=120
>>> checktype=negotiate
>>> service=http
>>> request="lvs.txt"
>>> receive="OK"
>>>
>>> virtual=192.168.1.126:443
>>> real=192.168.98.117:443 gate
>>> real=192.168.98.126:443 gate
>>> scheduler=rr
>>> protocol=tcp
>>> persistent=120
>>> checktype=negotiate
>>> service=https
>>> request="lvs.txt"
>>> receive="OK"
>>> virtualhost=www.company.com
>>>
>>> virtual=192.168.1.126:9000
>>> real=192.168.98.117:9000 gate
>>> real=192.168.98.126:9000 gate
>>> scheduler=rr
>>> protocol=tcp
>>> persistent=120
>>> checktype=negotiate
>>> service=https
>>> request="lvs.txt"
>>> receive="OK"
>>> virtualhost=www.company.com
>>>
>>> We now noticed that this configuration is wrong - the persistence will
>>> be "per port" and not "per client" as we need it to be - port 80 could
>>> be served by one real server while port 443 from the same client could
>>> be served by another.
>>>
>>> The documentation says that we should just not specify the port, so
>>> the following should replace the above three:
>>>
>>> virtual=192.168.1.126:0
>>> real=192.168.98.117:0 gate
>>> real=192.168.98.126:0 gate
>>> scheduler=rr
>>> protocol=tcp
>>> persistent=120
>>> checktype=negotiate
>>> service=https
>>> request="lvs.txt"
>>> receive="OK"
>>> virtualhost=www.company.com
>>>
>>> 1. Is this correct?
>>>
>>> 2. If this is correct - is there a way to do the tests on ALL the
>>> ports and fail the entire sever if ANY of the ports fail? The only way
>>> I can find so far is to use an external script which will test all
>>> ports and fail if any of them is bad - is there a better way?
>>>
>>> Thanks,
>>>
>>> --Amos
>>> _______________________________________________
>>> Linux-HA mailing list
>>> [email protected]
>>> http://lists.linux-ha.org/mailman/listinfo/linux-ha
>>> See also: http://linux-ha.org/ReportingProblems
>>>
>> _______________________________________________
>> Linux-HA mailing list
>> [email protected]
>> http://lists.linux-ha.org/mailman/listinfo/linux-ha
>> See also: http://linux-ha.org/ReportingProblems
>>
> _______________________________________________
> Linux-HA mailing list
> [email protected]
> http://lists.linux-ha.org/mailman/listinfo/linux-ha
> See also: http://linux-ha.org/ReportingProblems
>
_______________________________________________
Linux-HA mailing list
[email protected]
http://lists.linux-ha.org/mailman/listinfo/linux-ha
See also: http://linux-ha.org/ReportingProblems
