On 03.12.2013 12:19, Timur I. Bakeyev wrote: > Hi guys! > > I've posted bug report regarding ldirectord, can you please review it and > commit, if possible? > > https://github.com/ClusterLabs/resource-agents/issues/361 > > Ldirectord is using LWP for it's negotiate checks for the HTTP/HTTPS sites. > Since LWP 6.0 by default it verifies the correspondence of the SSL > certificate and the server hostname. In 99.9% of the cases this is the VIP > hostname and RIP are identified by their internal hostnames or, most common > - by their IP addresses. > > That breaks hostname verification and hence - marks HTTPS backends as > invalid and kicks them off the pool. This problem did hit me in the > production when we've upgraded from Debian squeeze to Debian wheezy, which > brought newer version of LWP. > > http://search.cpan.org/~gaas/LWP-Protocol-https-6.04/lib/LWP/Protocol/https.pm > > Luckily, the fix to the problem is easy: > > --- ldirectord.orig 2013-12-03 11:59:11.114983525 +0100 > +++ ldirectord 2013-12-03 11:59:34.703026282 +0100 > @@ -2834,7 +2834,7 @@ > &ld_debug(2, "check_http: url=\"$$r{url}\" " > . "virtualhost=\"$virtualhost\""); > > - my $ua = new LWP::UserAgent(); > + my $ua = new LWP::UserAgent(ssl_opts => { verify_hostname => 0 }); > > my $h = undef; > if ($$v{service} eq "http_proxy") { > > I haven't verified that with older version of LWP, but I believe it should > just ignore unknown parameters to the constructor.
I don't think that's a bug but you have to specify the virtualhost parameter to set the Host header for the realservers. Regards, Dennis _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - [email protected] Send requests to [email protected] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
