Am 2013-06-03 16:48, schrieb Thomas Schulte: > Am 2013-06-03 16:12, schrieb Lars Marowsky-Bree: > On 2013-06-03T16:07:33, Thomas Schulte <tho...@cupracer.de> wrote: > > If the ldirectord and a managed service (let's say vsftpd) are on the > same node, everything is fine. > But if vsftpd is on a different node, I need a ocf:heartbeat:Route > resource to set a special gateway in a separate routing table > on both nodes so that the packets find their way back to the director. > This setup is running fine if it's configued manullay, but of course I > need this to be done automatically. > > In short, you want the Route clone to be running where ldirectord isn't > running? > > primitive pri_ldirectord ... \ > meta priority=1000 > clone clone_route ... \ > meta interleave="true" priority=0 > > colocation -inf: cloned_route pri_ldirectord > > ? > > > Regards, > Lars > > > Hi Lars, > > thanks for your quick answer. > > No, I'm afraid that this isn't enough. I thought (and wished) that it > would run this way, > but for some reason I need the same route on both nodes. > > This is the relevant part of my setup: > > primitive pri_failover_gateway ocf:heartbeat:IPaddr2 \ > operations $id="pri_failover_gateway-operations" \ > op monitor interval="10s" timeout="20s" \ > params ip="10.0.1.100" nic="br0" cidr_netmask="24" > primitive pri_failover_hostip1 ocf:heartbeat:IPaddr2 \ > operations $id="pri_failover_hostip1-operations" \ > op monitor interval="10s" timeout="20s" \ > params ip="144.xx.yy.zz" nic="eth0" cidr_netmask="32" > lvs_support="true" > primitive pri_svc_ldirectord ocf:heartbeat:ldirectord \ > params configfile="/etc/ha.d/ldirectord.cf" \ > op monitor interval="30" \ > meta priority="1000" > primitive pri_svc_vsftpd lsb:vsftpd \ > operations $id="pri_svc_vsftpd-operations" \ > op monitor interval="15" timeout="15" > group grp_failover_ip1 pri_failover_hostip1 pri_failover_gateway > pri_svc_ldirectord \ > meta target-role="Started" > > primitive pri_route_vsftpd ocf:heartbeat:Route \ > operations $id="pri_route_vsftpd-operations" \ > op monitor interval="10" timeout="20" \ > params destination="default" gateway="10.0.1.100" device="br0" > table="vsftpd" > clone clo_route_vsftpd pri_route_vsftpd \ > meta target-role="Started" is-managed="true" interleave="true" > priority="0" > > > ipvsadm: > > IP Virtual Server version 1.2.1 (size=4096) > Prot LocalAddress:Port Scheduler Flags > -> RemoteAddress:Port Forward Weight ActiveConn InActConn > TCP ser4.de:ftp rr > -> 10.0.1.107:ftp Masq 1 0 0 > > > If grp_failover_ip1 and pri_svc_vsftpd are running on the same node, no > special routing has to be done. > But if these resource are on different nodes I need a special routing > configuration. > > If done manually, it looks like this (as said, on both nodes): > > ip route add default via 10.0.1.100 dev br0 table vsftpd > ip rule add from 10.0.1.107 table vsftpd > > > I couldn't figure out why this route is also needed on the second (the > ldirectord) node, but it only works this way. > > > Regards, > Thomas > _______________________________________________ > Linux-HA mailing list > Linux-HA@lists.linux-ha.org > http://lists.linux-ha.org/mailman/listinfo/linux-ha > See also: http://linux-ha.org/ReportingProblems
After a long time of researching I finally realized that using vsftpd for testing the new setup was the worst thing to do. vsftpd requires the module ip_vs_ftp to work correctly in my environment. Since loading the module the setup that Lars suggested is working fine and without the need of the route on the director. (thanks again, Lars!) The configuration is now successful for vsftpd and bind (named). One drop of bitterness is that configuring everything the same to get the pound reversy proxy working didn't succeed. Does anyone know about something special related to pound and LVS? Pound was running fine with normal iptables masquerading. Regards, Thomas _______________________________________________ Linux-HA mailing list Linux-HA@lists.linux-ha.org http://lists.linux-ha.org/mailman/listinfo/linux-ha See also: http://linux-ha.org/ReportingProblems
