[lvs-users] where is connection?

Gerry Reno greno at verizon.net
Fri Aug 3 18:02:13 BST 2007


Graeme Fowler wrote:
> On Thu, 2007-08-02 at 21:35 -0400, Gerry Reno wrote:
>   
>> Also, F7 is giving an avc denial when I try to run it in a notify 
>> script. Darn SELinux; I like it until it does this type of thing. I 
>> opened a bug on F7 for this. Something about denied access to ip socket.
>>     
>
>   
Fedora quickly made a fix for selinux-policy for this and it will be in 
the next
round of updates. They are really responsive to selinux issues.

And following some of Graeme's suggestions:

Here is what I have done:

I modified my approach to define static config files instead of 
dynamically setting things. This seems to have helped from the 
standpoint of stability and reliability.
I can recycle or reboot the directors and the VIP service clients do not 
notice other than sometimes there is a slightly longer delay during 
transition. The only thing that I am doing in my notify script now is to 
move VIP/32 on/off the lo device for the directors; no more changes on 
the real servers; and ping the router from VIP, and that's it.

And some things that I have found:

keepalived is sensitive to how it is started and stopped. If I do a 
'service keepalived restart', many times this will appear successful 
even in the logs but when you run 'ipvsadm -l' there are no entries in 
the table. The solution I found was to always handle keepalived by using 
separate 'service keepalived stop' and 'service keepalived start'. 
Controlling keepalived in this way has been 100% successful and reliable 
for me.

So now keepalived is working in a predictable manner. Thanks Graeme!

Gerry





More information about the lvs-users mailing list