Hello, all. I'm writing to report that the problem is solved. I've built the latest vanilla kernel with pv-ops and ip_vs modules. Now everything seems working OK.
Thanks to LVS project developers. On Fri, Oct 8, 2010 at 2:17 PM, HUB Netsky <[email protected]> wrote: > Hello, everyone. > > I'm trying to set up a load balanced cluster of *normal* squid proxy > servers (neither reverse, nor transparent). Balancing is done by ipvs > controlled by ldirectord, ipip tunneling is used. > > Most of pages load normally, but some (ex. gmail login, > serverfault.com login with OpenID, several other sides with redirects) > experience problems. When I try (for example) to log in to gmail, I > enter login & password and after a while get just a blank page. At the > same time, many sites, that use 301-redirects work OK (for example > "http://yandex.ru"; redirects to "http://www.yandex.ru"; using > 301-redirect). When working through any of the cluster nodes directly, > no problems appear, so the issue is not in Squid itself. > > Added later: It seems, the problem is floating. Sometimes it doesn't > allow log in, sometimes, log out, sometimes even doesn't load login > page. I'm stuck... > > Suggestion that the problem is with balancing requests sent to > different servers during login was incorrect. According to Squid' s > access.log, all requests go to one server, leaving only one squid > server in ipvs in the configuration doesn't solve the problem either. > > So, the question is what is wrong in my configuration? Any ideas on > additional methods of troubleshooting? Could anyone send me a working > configuration (and software versions) of cluster of similar type? > > Currently I'm using squid v. 3.1.7 (built from sources), kernel > 2.6.32-xen (SLES 11 SP1 distro), ipvsadm 1.2.1 (built from sources), > ldirectord v. 1.0.3 (also from sources). I also tried squid 2.7, gmail > login worked, but Gtalk chat was not available. > Here are some configs: > > ======= ldirectord.cf ======= > ldirectord.cf: > # Global Directives > checktimeout=5 > checkinterval=5 > autoreload=no > logfile="/var/log/ldirectord.log" > quiescent=no > cleanstop=yes > # Virtual Server for HTTP_PROXY > virtual=10.128.0.109:8080 > fallback=127.0.0.1:80 > real=10.128.1.43:8080 ipip 200 > real=10.128.0.106:8080 ipip 300 > service=http_proxy > request="http://www.google.com/index.html"; > receive="Google Search" > scheduler=sh > # persistent=60 > protocol=tcp > checktype=negotiate > ======= EOF ldirectord.cf ======= > > ======= squid.conf ======= > http_port 10.128.0.106:8080 # "real" IP of the node > http_port 10.128.0.109:8080 # "Virtual" IP of the cluster on tunl0 interface > http_port 127.0.0.1:8080 > cache_mem 300 MB > cache_dir ufs /opt/squid/var/cache 500 16 256 > cache_effective_user squid > cache_effective_group squid > visible_hostname AQUA-node > cachemgr_passwd SquidCM all > access_log /opt/squid/var/logs/access.log > logfile_rotate 5 > > # ICQ connect (experimental) > acl ICQ_ADDR dst 64.12.0.0/16 205.188.0.0/16 > acl ICQ_PORT port 5190 443 > acl CONNECT method CONNECT > acl ICQ_PROTO proto HTTPS > acl ICQ_DOMAIN dstdomain .icq.com .aol.com .aim.com > always_direct allow ICQ_DOMAIN ICQ_PORT CONNECT > always_direct allow ICQ_ADDR ICQ_PORT CONNECT > > acl allnet_temp src 10.0.0.0/8 > http_access allow allnet_temp > > http_access deny all > ======= EOF squid.conf ======= > > Example: > (loged in gmail, closing tab, changing proxy sennings in browser, > opening gmail.com in new tab) > (Url in browser: > "https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue= > <and so on>") > ======= access.log ======= > 1286531980.273 228 10.0.0.232 TCP_MISS/302 1069 GET > http://mail.google.com/mail/ - DIRECT/74.125.79.83 text/html > 1286531990.392 10101 10.0.0.232 TCP_MISS/200 133 CONNECT > www.google.com:443 - DIRECT/74.125.87.104 - > ======= EOF access.log ======= > > Another example: > (loged out from gmail, cleared cache&cookies, switched proxy in > browser, loged in gmail normally (chat not working), couldn' logout > ("Please, wait" on screen), closed tab, trying to access gmail again, > blank page) > ======= access.log ======= > 1286532375.042 108 10.0.0.232 TCP_MISS/302 1069 GET > http://mail.google.com/mail/ - DIRECT/74.125.79.19 text/html > ======= EOF access.log ======= > > If any additional information is needed, just let me know. > > P.S. Sorry for such a long letter. > -- > HUB > -- HUB _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - [email protected] Send requests to [email protected] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
