Ldirectord realserver connection refused LVS-TUN

Niraj Patel niraj at vipana.com
Wed Dec 20 20:51:22 GMT 2006 

I had the RS listening on the RIP before and then in the process of 
trying to get https working, I must have turned it off. http checks now 
work if RS is listening on the RIP.  The implication seems to be that

But now I have another problem, well more of a question really. Since 
https uses name resolution to pull the SSL cert, would I also need 
something like the following:

1. a dns entry for each virtual host that maps a fqdn like web.abc.com 
to each of the RIPs  (not really sure about this part)
    i.e.  web.abc.com resolves to RIP1, RIP2, etc.
2. an SSL certificate for web.abc.com that's installed on each RS.

my ldirectord.cf would look like this:

virtual=10.5.2.72:443
        real=10.5.2.61:443 ipip 1
        #real=10.5.2.62:443 ipip 1
        fallback=127.0.0.1:443
        service=https
        request="/.testpage"
        receive="test page"
        virtualhost="web.abc.com"
        scheduler=nq
        protocol=tcp
        checktype=negotiate

is this correct?



Arthur Kao wrote:
> On 12/13/06, Niraj Patel <niraj at vipana.com> wrote:
>> Does LVS-TUN support Ldirectord and does anyone know of working systems
>> out there using both at the same time.
> I do have a working LVS-TUN setup with ldirectord (ultramonkey setup)
> for our web portal environment. I am able to telnet to port 80 from my
> director. Is your web server listening to its RIP?
>
>>
>> Would it be possible (or make sense) to run Ldirectord on machines other
>> than the directors?
>>
>>
>> Joseph Mack NA3T wrote:
>> > On Tue, 12 Dec 2006, Niraj Patel wrote:
>> >
>> >> I saw that part but then how does ldirectord make its negotiation
>> >> checks?
>> >
>> > I don't know how ldirectord does it, but for mon...
>> >
>> > on the realserver you have the service listening to the VIP _and_ the
>> > RIP. Health checking on the director checks the service on the RIP.
>> > You hope that the state of the service on the RIP reflects the service
>> > running on the VIP.
>> >
>> >> Does this also mean that you *MUST* run iptables in order to have
>> >> LVS-TUN work with failover and still have the flexibility of using
>> >> ldirectord?
>> >
>> > don't know sorry
>> >
>> > Joe
>> >
>> _______________________________________________
>> LinuxVirtualServer.org mailing list - lvs-users at LinuxVirtualServer.org
>> Send requests to lvs-users-request at LinuxVirtualServer.org
>> or go to http://www.in-addr.de/mailman/listinfo/lvs-users
>>
>
>

More information about the lvs-users mailing list