I'm a new LVS user. I posted a shorter version over on the keepalived-devel
list but there doesn't seem to be much traffic over there so I thought
it might be better to move my questions over to the lvs-users list.
I've got a basic two realserver configuration running. I setup the
config to ba
Hi Joe,
Hey thanks for the response.
Joseph Mack NA3T wrote:
you're showing a single realserver with the director running in local
node.
I am? I guess I don't understand what this means. What I thought I had
is a MASTER and a BACKUP director for failover (didn't post the BACKUP
config but it'
Joseph Mack NA3T wrote:
don't know what the problem is. It's unlikely to be a bug or other
people would be complaining about it too.
Can you try with two external realservers, rather than one external
and one localnode?
Joe
Ok, I tried switching the IP's for the realservers to two other m
Dr. Volker Jaenisch wrote:
Hy Gerry!
Gerry Reno schrieb:
Ok, I tried switching the IP's for the realservers to two other
machines on my LAN. I can ssh into these without problem. But now
when I restart keepalived and try to ssh from any non-director-master
clients to the VIP it just
Gerry Reno wrote:
Ok, I tried switching the IP's for the realservers to two other
machines on my LAN. I can ssh into these without problem. But now
when I restart keepalived and try to ssh from any
non-director-master clients to the VIP it just hangs. No info in any
log, nothing. If I t
Dr. Volker Jaenisch wrote:
Hi Gerry!
Gerry Reno schrieb:
No, 192.168.1.215 is the virtual ip for the SSH service.
Sorry for my unclear formulation.
Is on the machine that runs the ipvs the sshd active on port 22.
If so the port 22 is occupied by the sshd and can not be used bei the
Gerry Reno wrote:
Dr. Volker Jaenisch wrote:
Hi Gerry!
Gerry Reno schrieb:
No, 192.168.1.215 is the virtual ip for the SSH service.
Sorry for my unclear formulation.
Is on the machine that runs the ipvs the sshd active on port 22.
If so the port 22 is occupied by the sshd and can not be
Dr. Volker Jaenisch wrote:
Hi Gerry!
Gerry Reno schrieb:
# netstat -a -n -p | grep -e ssh -e keepalived
tcp0 0 :::22
:::*LISTEN 2387/sshd
As you can see in this line the sshd is blocking the port 22. So
keepalived can
I'm getting a lot of these on various links/tabs on the
http://www.linuxvirtualserver.org/ website:
Forbidden
You don't have permission to access /Documents.html on this server.
___
LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServe
Are there any preferred topologies for setting up LVS?
Right now without LVS I have everything on one lan and I just run
firewalls. But to use LVS effectively I can see I need to create
separate lans. Now this presents other problems because if I put my
sets of realservers (web, db) on separa
Joseph Mack NA3T wrote:
separate from what, the other realservers? the VIP?
yes
then it's more difficult to administer them and also they will lose
access to common resources such as the backup server. So it looks
like each realserver will have to be part of multiple lans or vlans
into orde
Hmm... ascii art does not work on this list. :-(
___
LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to [EMAIL PROTECTED]
or go to http://www.in-addr.de/mailman/listinfo/lvs-users
Joseph Mack NA3T wrote:
On Sat, 26 May 2007, Gerry Reno wrote:
Joseph Mack NA3T wrote:
separate from what, the other realservers? the VIP?
yes
then it's more difficult to administer them and also they will lose
access to common resources such as the backup server. So it looks
like
After looking at my LVS load balancing options 1-LAN or 2-LAN, in
conjunction with my other needs such as ease of access to services such
as shared storage, I'm going to set things up as 1-LAN. Now is 1-LAN
just as reliable as 2-LAN? Also, I'm going to put the load balancers
for now in QEMU
Joseph Mack NA3T wrote:
> The reasons for two networks are
>
> o you get two ports for the director to talk out of (twice
> the bandwidth)
>
> o the inside and the outside are isolated traffic-wise, ie
> no-one on the outside gets to see traffic in the inside.
>
As I explored 2-LAN the separa
Joseph Mack NA3T wrote:
> On Mon, 4 Jun 2007, Gerry Reno wrote:
>
>
>> As I explored 2-LAN the separation was great for security but a real
>> problem for figuring out how to keep all my accesses and shared services
>> working. I'll have to work on the se
Graeme Fowler wrote:
> On Mon, 2007-06-04 at 12:53 -0400, Gerry Reno wrote:
>
>> After looking at my LVS load balancing options 1-LAN or 2-LAN, in
>> conjunction with my other needs such as ease of access to services such
>> as shared storage, I'm going to set
Joseph Mack NA3T wrote:
> - why don't you tell us what you've
> got and how it has to look to the various resources.
>
Ok, let me find a way to draw this. The list eats ascii art so let me
see what I can do.
___
LinuxVirtualServer.org mailing lis
Joseph Mack NA3T wrote:
> On Mon, 4 Jun 2007, Gerry Reno wrote:
>
>
>> Joseph Mack NA3T wrote:
>>
>>> - why don't you tell us what you've
>>> got and how it has to look to the various resources.
>>>
>>>
>> Ok,
Original Topology assuming Multi-LAN solution
|
|(Single Public IP)
-
|NAT Firewall |
That's the best I can do with ascii art. You'll have to piece some of it
together. The Mail, File Server box is way over on the right.
___
LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to [EMAIL PROTECTED]
or go
The general setup is a single Inet NAT Router/GW box connected to a
switch (multi-VLAN 801q capable) that connects to all the servers. The
physical servers for this discussion are two web servers, two sql
servers, one shared storage server, two email servers, two file servers.
For simplicity le
Joseph Mack NA3T wrote:
> On Mon, 4 Jun 2007, Gerry Reno wrote:
>
> Can't read your ascii diagram, but it seems like I've seen
> it before. Have you posted on this setup recently.
>
>
>
>> The general setup is a single Inet NAT Router/GW box connected to
I'm looking at implementing one of these two LVS methods. So as I
understand it if I choose LVS-DR then I'm limited to having the LB and
RS on the same physical network. But if I choose LVS-TUN then I have to
be prepared to absorb the overhead associated with the repackaging.
My questions:
I
Gerry Reno wrote:
> Joseph Mack NA3T wrote:
>
>> On Mon, 4 Jun 2007, Gerry Reno wrote:
>>
>> Can't read your ascii diagram, but it seems like I've seen
>> it before. Have you posted on this setup recently.
>>
>>
>>
>>
&g
Has anyone ever been able to use LVS with OpenVZ? Can you develop a
loadbalancing solution with this combo? The reason I might want to use
OpenVZ is that the networking is native speed.
___
LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtu
Joseph Mack NA3T wrote:
> On Thu, 28 Jun 2007, Gerry Reno wrote:
>
>
>> Has anyone ever been able to use LVS with OpenVZ?
>>
>
> no-one has tried it that I know.
>
> I'm at OLS waiting for the first talk of the day. I'd never
> heard of OpenV
Rio wrote:
> also please check out linux-vserver
>
> http://linux-vserver.org/Welcome_to_Linux-VServer.org
>
> we have been running it for a year now with absolutely no hiccups whatsoever
> and no excessive loading! we have 84 virtual servers on 1 machine and 40 on
> another machine and i am con
Ben Hollingsworth wrote:
> Howdy Gerry,
>
> Did you ever figure out a solution to your LVS topology problem that you
> posted about on LVS-users a few weeks back? I'm in the same boat right
> now. I believe need to use LVS-NAT (not DR) because some of my real
> servers will be Windows. The prima
Dr. Volker Jaenisch wrote:
> Hello Gerry! ...
> I personally do not like openVZ since this is no more than a boosted
> chroot-Environment. With openVZ you can
> not truly seperate the virtual machines in the way you can with true
> virtualisation techniques as XEN.
>
> Best regards,
>
> Volker
>
The only drawback that I can find with the virtual server (VE) approach
is that if you encounter a kernel panic then you lose all the VE's at
once. But that occurence is usually rare enough to warrant the small
risk. The VE solution is trailing behind VM solution for now but as
soon as the VE
Dr. Volker Jaenisch wrote:
> Hi IPVS People!
>
> ipvsman is a realtime GUI for the ipvs linux loadbalancer.
>
> http://sourceforge.net/projects/ipvsman
>
> ipvsman was developed on the debian plattform.
> Now I get several errors from not debian distributions
>
> Please report any installation erro
Gerry Reno wrote:
> Dr. Volker Jaenisch wrote:
>
>> Hi IPVS People!
>>
>> ipvsman is a realtime GUI for the ipvs linux loadbalancer.
>>
>> http://sourceforge.net/projects/ipvsman
>>
>> ipvsman was developed on the debian plattform.
>>
Joseph Mack NA3T wrote:
...
> I thought you had 84 virtual machines. Clearly I don't know
> what you have.
>
> What is the hardware running these 84 machines (number CPUs,
> number NICs etc)? How many virtual instances are
> realservers? Why don't you just have a small number of
> realservers,
Joseph Mack NA3T wrote:
> On Tue, 3 Jul 2007, Gerry Reno wrote:
>
>
>> VE's are basically just kernel-based supercharged
>> chroot environments.
>>
>
> So they all see the same NIC (assuming a one NIC box)? If
> you have 4 VE's on the box and
Joseph Mack NA3T wrote:
> realserver is an LVS term referring to the machine/node(s)
> that are being loadbalanced by the director.
>
> I've never liked the LVS nomenclature; e.g. "virtual",
> "realserver", but since I couldn't come up with an
> alternative and no-one else seemed to mind, I've j
Gerry Reno wrote:
> Joseph Mack NA3T wrote:
>
>> realserver is an LVS term referring to the machine/node(s)
>> that are being loadbalanced by the director.
>>
>> I've never liked the LVS nomenclature; e.g. "virtual",
>> "realserver"
Joe,
I just thought I'd put out the gale warning before the hurricane hits is
all. Virtualization is coming like a tidal wave over the next 5 years.
The IT press is going to be covered with it.
Gerry
___
LinuxVirtualServer.org mailing list - lvs-user
Gerry Reno wrote:
> Joe,
> I just thought I'd put out the gale warning before the hurricane hits is
> all. Virtualization is coming like a tidal wave over the next 5 years.
> The IT press is going to be covered with it.
>
> Gerry
>
>
I mean I would not like to go
Nick Stephens wrote:
> Hi all,
>
> I am quite new to LVS, and learned about it initially as a part of Redhat
> Enterprise Servers. Because of that I initially thought that redhat was
> the primary resource for clustering and load balancing, but thanks to the
> linuxvirtualservers.org site I now
Tobias Klausmann wrote:
> We're currently using keepalived and vanilla 2.6 kernels (which
> already have LVS, so no patching needed). We're also looking into
> ldirectord since keepalived has given us some trouble.
>
Tobias,
Are you still having the same catatonic problem? Or is this something n
Joseph Mack NA3T wrote:
> On Thu, 5 Jul 2007, K Kopper wrote:
>
>
>> Lately we've been using the term "application node" or
>> "app node" for short. That term seems to help clarify
>> the purpose of the box--it's where the applications
>> run inside the cluster.
>>
>> You can stick virtual hosts
Joseph Mack NA3T wrote:
> On Thu, 5 Jul 2007, K Kopper wrote:
>
>
>> http://en.wikipedia.org/wiki/Service_%28Systems_Architecture%29
>>
>
> this must have been written by someone from management
>
> Joe
>
>
Worse yet, a theorist.
Gerry
___
L
Tobias Klausmann wrote:
> Hi!
>
> On Thu, 05 Jul 2007, Gerry Reno wrote:
>
>> Tobias Klausmann wrote:
>>
>>> We're currently using keepalived and vanilla 2.6 kernels (which
>>> already have LVS, so no patching needed). We're also looki
Tobias Klausmann wrote:
>>
>> Have you discussed this with keepalived team?
>>
>
> Not yet. I planned doing that just after I've seen how ldirectord
> work. Maybe setting it up and testing it would yield insight into
> how/why/when keepalived fails. I usually suspect errors in my
> methodol
Finally took some time and I am trying the LVS-DR setup. Read the HOWTO
plus a bunch of other articles on doing this. So when I finished the
configs I fired up keepalived, checked ipvsadm -l and saw the real
server entries, pointed my browser at the new VIP and, and, and,
nothing.
Checke
Joseph Mack NA3T wrote:
> On Sat, 21 Jul 2007, Gerry Reno wrote:
>
>
>> Checked ipvsadm and I could see an InactConn on one of the real servers
>>
>
> http://www.austintek.com/LVS/LVS-HOWTO/mini-HOWTO/LVS-mini-HOWTO.html#connection_hangs_entries_in_inactconn
&g
Gerry Reno wrote:
> Hi Joe,
> Yep, I did that already in /etc/sysconfig/network:
> NETWORKING=yes
> HOSTNAME=grp-01-30-50
> GATEWAY=192.168.1.1 < IP of my network router gateway
>
> Gerry
>
I've been trying a number of things but nothing has got this setu
Bingo! I was just ready to go get the examples from the HOWTO when I got
it working with a suggestion from Rob. Thanks Rob. :-) He said I should
check the VIP on the Real Servers. I thought I had these but when I
checked there were no VIP entries for the Real Servers. So I added them
and immedi
I have found a technique that allows me to control LVS-DR VIP with
keepalived only. I modified the /etc/keepalived/ip_localhost script that
I have been using to issue a remote "ip addr add' command to the real
servers for the 'del' case and put the VIP on the lo device. Right now
I'm using 'rsh
Gerry Reno wrote:
> I have found a technique that allows me to control LVS-DR VIP with
> keepalived only. I modified the /etc/keepalived/ip_localhost script that
> I have been using to issue a remote "ip addr add' command to the real
> servers for the 'del' case
Today while testing my LVS-DR I have been running into the situation
where keepalived gets itself into some kind of sync issue. Basically
both directors end up as master and then nothing works after that. Here
is a snip from logs:
DIRECTOR 1:
Jul 23 21:52:50 grp-01-00-50 Keepalived: Starting
Here is what I added to the 'del' case in ip_localhost:
rsh 192.168.1.200 /sbin/ip addr add 192.168.1.240/32 dev lo brd + scope host
rsh 192.168.1.201 /sbin/ip addr add 192.168.1.240/32 dev lo brd + scope host
rsh 192.168.1.200 echo "1" > /proc/sys/net/ipv4/conf/eth0/arp_ignore
rsh 192.168.1.201 ec
I have been noticing some delay in initial connections with my setup.
It is about 15 secs. After that everything works great. In the HOWTO
it talks about authd/identd being the cause of this problem (don't know
how relevant the information is still). Is identd still an issue with
Fedora 7 (
Bill Omer wrote:
> On 7/24/07, Gerry Reno <[EMAIL PROTECTED]> wrote:
>
>> I have been noticing some delay in initial connections with my setup.
>> It is about 15 secs. After that everything works great. In the HOWTO
>> it talks about authd/identd being the cau
Bill Omer wrote:
>
> Does the delay only happen when you connect to the vip, or do you see
> the same delay when you ssh in to your server?
>
>
It's only when I was connecting to the vip.
Gerry
___
LinuxVirtualServer.org mailing list - lvs-users@Lin
Bill Omer wrote:
> On 7/24/07, Gerry Reno <[EMAIL PROTECTED]> wrote:
>
>> Bill Omer wrote:
>>
>>> Does the delay only happen when you connect to the vip, or do you see
>>> the same delay when you ssh in to your server?
>>>
>>&
I have tried removing some real servers from LVS using ipvsadm but the
command does not work:
Here's my test LVS:
[EMAIL PROTECTED] keepalived]# ipvsadm -l
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveCon
Gary W. Smith wrote:
> You are missing the protocol (-t)
>
> ipvsadm -d -t 192.168.1.201:80
>
> [ipvsadm command proto ip:[port] other_options]
>
>
:smacks-head:
thanks
___
LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.o
This is what worked for me:
ipvsadm -d -t 192.168.1.240:http -r 192.168.1.201:http
ipvsadm -a -t 192.168.1.240:http -r 192.168.1.201:http -g -w 1
Gerry
___
LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to [EMAIL
Rob wrote:
> This is why I always recommend (and try myself) to use thttpd and a single
> image and hand coded html page to do initial _and_ ongoing testing.
>
> So for instance, I'll run thttpd permanently on port 8088 or something so
> that
> if the app is going slow then you can test the timi
Graeme Fowler wrote:
> Have you ensured:
>
> HostnameLookups Off
>
Hi Graeme,
Yes, I have checked and HostnameLookups is off. I have done some
tweaking to the original application and now the first accesses are down
below 15 seconds which is tolerable. It is a large groupware app and
they are
If I have 20 real servers is there a way to simplify declaring these in
keepalived.conf. In other words how can I get the same block of
information to apply to multiple real servers:
Currently:
real_server 192.168.1.200 80 {
...
}
real_server 192.168.1.201 80 {
Ok, I've got my test setup working nicely with no firewalls in place and
so I decided to bring up the firewalls on all of the machines like we
would have in production. Even though I thought I had the right ports
open it is giving me problems. Whenever I start keepalived now it
immediately go
Joseph Mack NA3T wrote:
> how have you stopped the two directors from talking to each
> other?
>
> Joe
>
I was hoping someone could tell me. I just brought up the firewalls on
the directors and instant split brain. What port/protocol do the
directors use to communicate with each other? I under
Joseph Mack NA3T wrote:
> On Sun, 29 Jul 2007, Gerry Reno wrote:
>
>
>> Joseph Mack NA3T wrote:
>>
>>> how have you stopped the two directors from talking to each
>>> other?
>>>
>>> Joe
>>>
>>>
>>
Graeme Fowler wrote:
> On Sun, 2007-07-29 at 10:55 -0400, Gerry Reno wrote:
>
>> I was hoping someone could tell me. I just brought up the firewalls on
>> the directors and instant split brain. What port/protocol do the
>> directors use to communicate with each other
Graeme Fowler wrote:
> If it were me I'd make that line 1 of my ruleset and restart iptables.
> Adding it to alive set might mean it's after a REJECT or DROP rule.
>
> Graeme
>
>
That got it! I had a reject catch all. Moving the line up made it effective.
Thanks,
Gerry
___
[EMAIL PROTECTED] keepalived]# ipvsadm -l
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.1.240:https rr persistent 600
-> 192.168.1.201:https Route 1 0 0
David Coulson wrote:
> Does ipvsadm -ln go any quicker?
>
>
Yes.
___
LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to [EMAIL PROTECTED]
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
David Coulson wrote:
> Reverse DNS issue - You're using non-routable IPs, so you'll have to
> make sure that your upstream NS has something valid for them all.
>
> Or just do ipvsadm -ln all the time :-)
>
> Gerry Reno wrote:
>
>> David Coulson wrote:
>
Created a second set of directors but this time I use sync_group to sync
two instances like this:
vrrp_sync_group VG1 {
VI_1
VI_2
}
vrrp_instance VI_1 {
state MASTER
# state BACKUP
interface eth0
virtual_router_id 45
priority 150 # MASTER
#
I have all firewalls down.
Scenarios I have tested:
sync group and both instances: infinite loop
sync group and one instance (either one): infinite loop
single instance (either one): runs ok
Is there something special needed to get sync group working?
Gerry
__
Gerry Reno wrote:
> I have all firewalls down.
>
> Scenarios I have tested:
> sync group and both instances: infinite loop
> sync group and one instance (either one): infinite loop
both instances: runs ok # forgot this one
> single instance (either one): runs ok
>
Dan Baughman wrote:
> I am trying to gather a sniffing session from both of my sides of the
> connection now. So far, they have both been comcast users.
>
> On 7/31/07, Joseph Mack NA3T <[EMAIL PROTECTED]> wrote:
>
>> On Tue, 31 Jul 2007, Dan Baughman wrote:
>>
>>
>>> There are some users t
Gerry Reno wrote:
> Dan Baughman wrote:
>
>> I am trying to gather a sniffing session from both of my sides of the
>> connection now. So far, they have both been comcast users.
>>
>> On 7/31/07, Joseph Mack NA3T <[EMAIL PROTECTED]> wrote:
>>
>
If I need to perform some maintenance on a real server and maybe reboot
it, what is best method to do this?
I'm thinking that I set its weight at 0 but then what? Do I just wait
until all connections show InAct and
then take it down?
Gerry
___
Linux
I went and established a ssh connection to my VIP and I also started a
web session to my VIP but when I look for connections on MASTER I do not
see them. Instead I see connections on BACKUP. Here is some output:
MASTER:
[EMAIL PROTECTED] keepalived]# ipvsadm -l
IP Virtual Server version 1.2.1
Gerry Reno wrote:
> I went and established a ssh connection to my VIP and I also started a
> web session to my VIP but when I look for connections on MASTER I do not
> see them. Instead I see connections on BACKUP. Here is some output:
>
> MASTER:
> [EMAIL PROTECTED] keepa
Gerry Reno wrote:
> I went and established a ssh connection to my VIP and I also started a
> web session to my VIP but when I look for connections on MASTER I do not
> see them. Instead I see connections on BACKUP. Here is some output:
>
> MASTER:
> [EMAIL PROTECTED] keepa
Gerry Reno wrote:
> So I wait for a while and let all connections go inactive/timeout then I
> reload webpage to VIP and make new connection using ssh to VIP and now
> it is showing on MASTER. Not one new entry in logs on either server. So
> how can this be?
> MASTER:
>
Gerry Reno wrote:
> Gerry Reno wrote:
>
>> So I wait for a while and let all connections go inactive/timeout then I
>> reload webpage to VIP and make new connection using ssh to VIP and now
>> it is showing on MASTER. Not one new entry in logs on either server
Graeme Fowler wrote:
> Gerry
>
> On Thu, 2007-08-02 at 14:49 -0400, Gerry Reno wrote:
>> I would like to know how to make LVS reliable even when taking servers
>> down for maintenance.
>
> I think you need to back up a bit and take stock.
>
> Firstly, keepalived
Forgot this:
ROUTING TABLE: shows same on MASTER, BACKUP and all RS
[EMAIL PROTECTED] ~]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
169.254.0.0 * 255.255.0.0 U 0 0 0 eth0
default 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
Graeme Fowler wrote:
> Hi Gerry
>
> On Thu, 2007-08-02 at 16:24 -0400, Gerry Reno wrote:
>
>> This is all LVS-DR and I admit I am no network expert. But I do think I
>> understand the basic concepts of how LVS functions. So here goes at some
>> basic informatio
Gerry Reno wrote:
> The rest of this setup is working fine except that you cannot reliably
> tell where the connections are.
>
And you have to restart both directors not just one in order to get
reliable connections
Graeme Fowler wrote:
> On Thu, 2007-08-02 at 17:10 -0400, Gerry Reno wrote:
>
>> No. Directors and Real Servers are separate machines.
>>
>
> Right, got that, In that case once the realservers are setup, just leave
> them alone. Their config is the same regard
Joseph Mack NA3T wrote:
> If some of this is not needed for this question,
> can you edit it out?
>
Sure thing.
Gerry
___
LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to [EMAIL PROTECTED]
or go to http://list
Graeme Fowler wrote:
> ping -c3 -I $VIP $GW
>
This command hangs for me unless I add -w 3 to deadline it.
Also, F7 is giving an avc denial when I try to run it in a notify
script. Darn SELinux; I like it until it does this type of thing. I
opened a bug on F7 for this. Something about denied a
Here is a scenario that is presenting inconsistent results:
Both directors started and running normally handling VIP connections.
Users have been working in webapps but they are idle for a while and
connections have gone past persistent time.
ipvsadm -l on both directors shows no connections. (t
Graeme Fowler wrote:
> On Thu, 2007-08-02 at 21:35 -0400, Gerry Reno wrote:
>
>> Also, F7 is giving an avc denial when I try to run it in a notify
>> script. Darn SELinux; I like it until it does this type of thing. I
>> opened a bug on F7 for this. Something about de
An observation:
There is a definite disparity between the connections shown on the
MASTER and on the BACKUP. Today I was testing recovery scenarios and
rebooting the directors. What I found was that many times when I would
reboot a MASTER that had active connections, even though the BACKUP
tran
Gerry Reno wrote:
> We would let
> it sit in this configuration for a long time
The original MASTER was shutdown at this point.
> and for any client, nothing
> would show in the ipvsadm connection list.
>
What's wierd is that this did not happen all the time. The onl
Matthias Saou wrote:
> Scenario 1 :
> ...
> When I make a web request to the LVS director, it works fine when it
> sends it to the 2nd or 3rd web servers, but only gets about the first
> 12kb of the page when it sends it to the 1st web server (the only one
> on the same Xen Host as LVS). For pages
I have setup a stanza in keepalived.conf for SSH to use an alternate
port. But whenever I try to ssh into the VIP on the alternate port I
get a "No route to host". It looks like it gets to the director but it
never gets to the real server. I see an immediate inactive connection
in IPVS. All
Gerry Reno wrote:
> I have setup a stanza in keepalived.conf for SSH to use an alternate
> port. But whenever I try to ssh into the VIP on the alternate port I
> get a "No route to host". It looks like it gets to the director but it
> never gets to the real serve
I looked through the howto's and did not see anything showing how to put
ssh on an alternate port. If LVS-DR cannot be used to map from an
alternate port back to 22 then is my only choice a firewall rule? I was
hoping that I could leave sshd running on port 22 on the director and
have an incomi
Thanks Graeme, thanks Joe. I think you've put me on the right track now.
Joe, I didn't see that howto on the howto page:
http://www.austintek.com/LVS/LVS-HOWTO/ or is it listed somewhere else?
I obviously missed it.
Gerry
___
LinuxVirtualServer.org
Con Tassios wrote:
> Would you need something like this on the real servers?
>
> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 33322 -j REDIRECT
> --to-port 22
>
>
In conjunction with Graeme's suggestion about sshd_config, your rule
works, when used on the directors.
Gerry
__
Gerry Reno wrote:
> Con Tassios wrote:
>
>> Would you need something like this on the real servers?
>>
>> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 33322 -j REDIRECT
>> --to-port 22
>>
>>
>>
> In conjunction with Graeme
1 - 100 of 119 matches
Mail list logo
