Monitoring an SSL service
mark at ibidlive-systems.com
Wed Jan 24 13:48:24 GMT 2001
I've got a problem with a piranha installation but its sort of a generic
problem so maybe someone here can help...
The installation is a RedHat 6.2 "out of the box" LVS setup. No patches to
kernel etc. Everything is running fine and I can support virtual IPs for
both http and ftp. The problem is with https. The web servers are both
running secure servers and I'm happy that I've got https configured
correctly as I can connect to the servers directly if I run a browser on
one of the LVS routers. I can also connect to the servers using oppenssl.
A far as the cluster is concerned, if I run lvs by hand (lvs -n) nanny
reports that it gets no reponse from the server so the service is not made
available. From looking at the source for nanny, nanny sends an ICMP ECHO
REQUEST packet to the requested service port and expects a response. If it
gets a response then the service is available. Thats fine but what happens
for SSL services. Nanny does the ping to the port but nothing comes back as
the port is only "talking" SSL.
My question is, if you send an ICMP packet to an SSL listener, should you
get a response.? If you should then I'll go back to investigating futrher.
However, if you do not then how can you monitor an SSL service?
I'm quite happy to drop piranha and go over to another way of setting up
the cluster. Or hack nanny and make it "talk" SSL. With the various setup
around, if one wants to monitor an SSL service, what would be the best way
of doing it?
Thanks in advance.
14-16 King Street, East Grinstead, West Sussex
tel: 01342 311778
More information about the lvs-users