[lvs-users] Bug: With checktype=negotiate, check_pop() always thinks a real server is working.

Tom Connell TConnell at blackfoot.com
Thu Oct 4 23:49:28 BST 2012


We have been using ldirectord in our HA implementation for many years.  Whoa, now that I think about it, we could be coming up on a decade of use!  Thank you for a great program.

A while back, I noticed a problem within the check_pop() sub.  When our real servers' POP3 would stop responding, ldirectord did not remove those servers from the cluster.  That's not good!  We are using checktype=negotiate.  checktype=connect works as I expect.

After a few months I finally got around to looking into it, as it was a problem of some importance.  You know, service failures, whatever.  ;)   After poking around a bit, I discovered that the constructor for the Mail::POP3Client always returns an object, even if it cannot connect to the server.  http://search.cpan.org/~sdowd/Mail-POP3Client-2.16/POP3Client.pm says: "new returns a valid Mail::POP3Client object in all cases."  So the code that does

if (!$pop)

is never going to trigger.

Our system is using the ldirectord version that came with Debian 6, 1:1.0.3-3.  I did check the newest version to see if the code had the same flaw.

Since it did, I figured I would attempt fix the problem on my own, with the patch below:

--- ldirectord  2010-07-08 04:21:56.000000000 -0600
+++ ldirectord.new      2012-10-04 16:37:02.000000000 -0600
@@ -2807,7 +2807,7 @@
                                        DEBUG => 0,
                                        TIMEOUT => $$v{negotiatetimeout});
-       if (!$pop) {
+       if ( $pop->Count() == -1 ) {
                service_set($v, $r, "down", {do_log => 1});
                return $SERVICE_DOWN;

This patch works, but only when I provide a valid login= and passwd=.  Based on my reading of the Mail::POP3Client documentation and my experiments, it does not look like there is a way to use this pop3 perl module without a username and password for login.  The man page for ldirectord says that lack of a username "denotes that case authentication will not be attempted."  This makes me think that check_pop() should work with or without credentials, but since that does not seem possible with any simple code changes, I do not know how I should further patch this function.

For us, using checktype=connect will be sufficient, but I wanted to let the list know about this bug, my patch and the conundrum it revealed.  Hopefully the powers that be can make the call on what to do from here.

Here is the debug output from Mail::POP3Client's new(), when I have not provided login credentials:
DEBUG2: Checking pop server= port=110 ssl=0
POP3 <- +OK mfe6 Cyrus POP3 Murder v2.2.13-Debian-2.2.13-19+squeeze3 server ready
 at /usr/sbin/ldirectord.new line 2802
at /usr/sbin/ldirectord.new line 2802
POP3 <- +OK List of capabilities follows
at /usr/sbin/ldirectord.new line 2802
at /usr/sbin/ldirectord.new line 2802
at /usr/sbin/ldirectord.new line 2802
at /usr/sbin/ldirectord.new line 2802
at /usr/sbin/ldirectord.new line 2802
at /usr/sbin/ldirectord.new line 2802
at /usr/sbin/ldirectord.new line 2802
at /usr/sbin/ldirectord.new line 2802
at /usr/sbin/ldirectord.new line 2802
at /usr/sbin/ldirectord.new line 2802
POP3 <- IMPLEMENTATION Cyrus POP3 Murder server v2.2.13-Debian-2.2.13-19+squeeze3
at /usr/sbin/ldirectord.new line 2802
POP3 <- .
at /usr/sbin/ldirectord.new line 2802
 at /usr/sbin/ldirectord.new line 2802
POP3 <- -ERR Syntax error
at /usr/sbin/ldirectord.new line 2802

Thanks for your time, and let me know if I was not clear on anything,


Thomas Connell
Internet Administrator
[cid:image005.png at 01CDA250.3842AEB0]<http://modwest.com/>[cid:image003.png at 01CDA249.6BA721C0]
1221 North Russell Street
Missoula, MT  59808
Phone: 406-541-5796
Mobile: 406-531-5520
Email: tconnell at modwest.com<mailto:tconnell at modwest.com>
Web: modwest.com<http://modwest.com/>
[cid:image004.gif at 01CDA249.6BA721C0]<http://twitter.com/modwest>Engage & Learn: Follow us on Twitter @modwest<http://twitter.com/modwest>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 1270 bytes
Desc: image003.png
Url : http://lists.graemef.net/pipermail/lvs-users/attachments/20121004/08ff5adc/attachment-0002.png 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.gif
Type: image/gif
Size: 1794 bytes
Desc: image004.gif
Url : http://lists.graemef.net/pipermail/lvs-users/attachments/20121004/08ff5adc/attachment-0001.gif 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image005.png
Type: image/png
Size: 9559 bytes
Desc: image005.png
Url : http://lists.graemef.net/pipermail/lvs-users/attachments/20121004/08ff5adc/attachment-0003.png 

More information about the lvs-users mailing list