Frank,
Okay. So disabling SELinux didn't seem to have any effect. But adding
iptables rules like these (from /etc/sysconfig/iptables), seemed to get
the connection information syncing between directors:
> #IPVS connection syncing for keepalived
> -A INPUT -d 224.0.0.81/32 -s 192.168.25.9/32 -j ACCEPT
> -A INPUT -d 224.0.0.81/32 -s 192.168.25.10/32 -j ACCEPT
In this state the connections are still getting stuck in the ESTABLISHED
state, instead of transitioning to FIN_WAIT. But when I flush the
iptables entirely ("iptables -F" or "service iptables stop"), they seem
to transition correctly.
In general, I don't like the idea of leaving the iptables completely
empty, so I guess I'll have to figure out what specific traffic is
getting blocked, that is causing the connections to get stuck in
ESTABLISHED. If anyone has any pointers on that one, I'd be glad to
hear it.
Thanks again for the help,
Lloyd Brown
Systems Administrator
Fulton Supercomputing Lab
Brigham Young University
http://marylou.byu.edu
On 07/29/2014 08:22 AM, Lloyd Brown wrote:
> Frank,
>
> I hadn't thought about SELinux, but I'll check on that. I'm assuming
> that the firewall isn't a problem, since I captured the packets on the
> backup director. But I'll test both of those, and report back.
>
> All the communication between servers (both keepalived's VRRP, and the
> IPVS connection sync) is going over Ethernet. Since this is a test
> environment, both directors (and the realserver) are actually VMWare
> Virtual Machines.
>
>
>
> Lloyd Brown
> Systems Administrator
> Fulton Supercomputing Lab
> Brigham Young University
> http://marylou.byu.edu
>
> On 07/28/2014 11:26 PM, Frank Kirschner wrote:
>> Hi Lloyd,
>>
>> do you have disables SELinux for the RHEL hosts? By the way: also set the
>> firewall to accept all (later if all is working you should set up a firewall
>> of cause)
>>
>> I wich way you communicate the keepalived between the two directors? Over
>> Ethernet or serial cable?
>>
>> best regards
>> Frank
>>
>> mfg
>> Frank Kirschner
>
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
> Send requests to lvs-users-requ...@linuxvirtualserver.org
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to lvs-users-requ...@linuxvirtualserver.org
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
