Graeme Fowler wrote: > On Thu, 2007-08-02 at 21:35 -0400, Gerry Reno wrote: > >> Also, F7 is giving an avc denial when I try to run it in a notify >> script. Darn SELinux; I like it until it does this type of thing. I >> opened a bug on F7 for this. Something about denied access to ip socket. >> > > Fedora quickly made a fix for selinux-policy for this and it will be in the next round of updates. They are really responsive to selinux issues.
And following some of Graeme's suggestions: Here is what I have done: I modified my approach to define static config files instead of dynamically setting things. This seems to have helped from the standpoint of stability and reliability. I can recycle or reboot the directors and the VIP service clients do not notice other than sometimes there is a slightly longer delay during transition. The only thing that I am doing in my notify script now is to move VIP/32 on/off the lo device for the directors; no more changes on the real servers; and ping the router from VIP, and that's it. And some things that I have found: keepalived is sensitive to how it is started and stopped. If I do a 'service keepalived restart', many times this will appear successful even in the logs but when you run 'ipvsadm -l' there are no entries in the table. The solution I found was to always handle keepalived by using separate 'service keepalived stop' and 'service keepalived start'. Controlling keepalived in this way has been 100% successful and reliable for me. So now keepalived is working in a predictable manner. Thanks Graeme! Gerry _______________________________________________ LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org Send requests to [EMAIL PROTECTED] or go to http://lists.graemef.net/mailman/listinfo/lvs-users