[prev in list] [next in list] [prev in thread] [next in thread]
List: linux-ha-dev
Subject: [Linux-ha-dev] ldirectord not removing ldap server from list
From: "Michael Bristow" <mbristow () novell ! com>
Date: 2007-07-27 19:50:28
Message-ID: 46A9EA0A.55CB.0082.0 () novell ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
I am running ldirectord version 1.186-ha-2.0.8 on SLES10 SP1.
192.168.20.15 (sles101) = RealServer1
192.168.20.16 (sles102) = RealServer2
192.168.20.20 = vip
As you'll see from my ldirectord.cf file below, I am configured to load balance two \
real servers for LDAP. When I stop LDAP, on RealServer2, it should remove that server \
from the load balancer, and continue directing LDAP traffic to RealServer1.
When I launch "ldirectord -d start"and watch the debug.... I stop LDAP on \
RealServer2, and only see ipvsadm remove RealServer2 on port 636. No removal is done \
for port 389. As a result, when I look at "ipvsadm", it shows that 636 is gone for \
RealServer2, and 389 still exists for RealServer2.
When I enable LDAP on RealServer2, I see it add 636 back, and also try to add 389 \
back.
When RealServer2 is down, LDAP calls to 636 get redirected to RealServer1 perfectly. \
Port 389, of course, fails 50% of the time (Round Robin) because it still believes \
RealServer2 on 389 is up.
ldirectord.cf
----------------------------------------------------------
virtual=192.168.20.20:389
real=192.168.20.15:389 ipip
real=192.168.20.16:389 ipip
service=ldap
checktype=negotiate
negotiatetimeout=10
login="cn=test,o=novell"
passwd="novell"
request="o=novell"
receive="o=novell"
scheduler=rr
protocol=tcp
checktimeout=10
quiescent=no
virtual=192.168.20.20:636
real=192.168.20.15:636 ipip
real=192.168.20.16:636 ipip
service=ldap
checkport=636
checktype=negotiate
negotiatetimeout=10
login="cn=test,o=novell"
passwd="novell"
request="o=novell"
receive="o=novell"
scheduler=rr
protocol=tcp
checktimeout=10
quiescent=no
Debug of RealServer2 deletion:
----------------------------------------------------------
/ipvsadm -d -t 192.168.20.20:636 -r 192.168.20.16:636)
Running system(/sbin/ipvsadm -d -t 192.168.20.20:636 -r 192.168.20.16:636)
DEBUG2: Deleted real server: 192.168.20.16:636 (192.168.20.20:636)
Deleted real server: 192.168.20.16:636 (192.168.20.20:636)
DEBUG2: Disabled server=192.168.20.16
Debug of RealServer2 addition:
----------------------------------------------------------
/ipvsadm -a -t 192.168.20.20:389 -r 192.168.20.16:389 -i -w 1)
Running system(/sbin/ipvsadm -a -t 192.168.20.20:389 -r 192.168.20.16:389 -i -w 1)
DEBUG2: Added real server: 192.168.20.16:389 (192.168.20.20:389) (Weight set to 1)
Added real server: 192.168.20.16:389 (192.168.20.20:389) (Weight set to 1)
DEBUG2: Enabled server=192.168.20.16
DEBUG2: Checking negotiate: real \
server=negotiate:ldap:tcp:192.168.20.15:636::389:1:\/o\=novell:o\=novell \
(virtual=tcp:192.168.20.20:636)
DEBUG2: Checking ldap server=192.168.20.15 port=389
DEBUG2: Enabled server=192.168.20.15
DEBUG2: Checking negotiate: real \
server=negotiate:ldap:tcp:192.168.20.16:636::389:1:\/o\=novell:o\=novell \
(virtual=tcp:192.168.20.20:636)
DEBUG2: Checking ldap server=192.168.20.16 port=389
DEBUG2: Running system(/sbin/ipvsadm -a -t 192.168.20.20:636 -r 192.168.20.16:636 -i \
-w 1) Running system(/sbin/ipvsadm -a -t 192.168.20.20:636 -r 192.168.20.16:636 -i -w \
1)
DEBUG2: Added real server: 192.168.20.16:636 (192.168.20.20:636) (Weight set to 1)
Added real server: 192.168.20.16:636 (192.168.20.20:636) (Weight set to 1)
DEBUG2: Enabled server=192.168.20.16
IPVSADM after LDAP is disabled on RealServer2
----------------------------------------------------------
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.20.20:ldaps rr
-> sles101:l Local 1 0 0
TCP 192.168.20.20:ldap rr
-> sles102:l Tunnel 1 0 0
-> sles101:l Local 1 0 0
I have tried changing the port order in ldirectord.cf so that the port 636 \
information is first. Regardless of order, port 636 will always work and port 389 \
will always fail.
All heartbeat operations work.
Anyone have any ideas?
Thanks!
Mike
[Attachment #5 (text/html)]
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=utf-8">
<META content="MSHTML 6.00.2900.3132" name=GENERATOR></HEAD>
<BODY style="MARGIN: 4px 4px 1px; FONT: 10pt Times New Roman">
<DIV>I am running ldirectord version 1.186-ha-2.0.8 on SLES10 SP1.</DIV>
<DIV> </DIV>
<DIV>192.168.20.15 (sles101) = RealServer1</DIV>
<DIV>192.168.20.16 (sles102) = RealServer2</DIV>
<DIV>192.168.20.20 = vip</DIV>
<DIV> </DIV>
<DIV>As you'll see from my ldirectord.cf file below, I am configured to load balance \
two real servers for LDAP. When I stop LDAP, on RealServer2, it should remove \
that server from the load balancer, and continue directing LDAP traffic to \
RealServer1. </DIV> <DIV> </DIV>
<DIV>When I launch "ldirectord -d start"and watch the debug.... I stop LDAP on \
RealServer2, and only see ipvsadm remove RealServer2 on port 636. No \
removal is done for port 389. As a result, when I look at "ipvsadm", it shows that \
636 is gone for RealServer2, and 389 still exists for RealServer2.</DIV> \
<DIV> </DIV> <DIV>When I enable LDAP on RealServer2, I see it add 636 back, and \
also try to add 389 back.</DIV> <DIV> </DIV>
<DIV>When RealServer2 is down, LDAP calls to 636 get redirected to RealServer1 \
perfectly. Port 389, of course, fails 50% of the time (Round Robin) because it still \
believes RealServer2 on 389 is up. </DIV> <DIV> </DIV>
<DIV> </DIV>
<DIV>ldirectord.cf</DIV>
<DIV>----------------------------------------------------------</DIV>
<DIV>virtual=192.168.20.20:389<BR> \
real=192.168.20.15:389 ipip<BR> \
real=192.168.20.16:389 ipip<BR> \
service=ldap<BR> checktype=negotiate<BR> \
negotiatetimeout=10<BR> \
login="cn=test,o=novell"<BR> \
passwd="novell"<BR> \
request="o=novell"<BR> \
receive="o=novell"<BR> \
scheduler=rr<BR> \
protocol=tcp<BR> \
checktimeout=10<BR> quiescent=no</DIV> \
<DIV> </DIV> <DIV>virtual=192.168.20.20:636<BR> \
real=192.168.20.15:636 ipip<BR> \
real=192.168.20.16:636 ipip<BR> \
service=ldap<BR> \
checkport=636<BR> \
checktype=negotiate<BR> \
negotiatetimeout=10<BR> \
login="cn=test,o=novell"<BR> \
passwd="novell"<BR> \
request="o=novell"<BR> \
receive="o=novell"<BR> \
scheduler=rr<BR> \
protocol=tcp<BR> \
checktimeout=10<BR> quiescent=no<BR></DIV> \
<DIV> </DIV> <DIV>Debug of RealServer2 deletion:</DIV>
<DIV>----------------------------------------------------------</DIV>
<DIV>/ipvsadm -d -t 192.168.20.20:636 -r 192.168.20.16:636)<BR>Running \
system(/sbin/ipvsadm -d -t 192.168.20.20:636 -r 192.168.20.16:636)<BR>DEBUG2: Deleted \
real server: 192.168.20.16:636 (192.168.20.20:636)<BR>Deleted real server: \
192.168.20.16:636 (192.168.20.20:636)<BR>DEBUG2: Disabled \
server=192.168.20.16<BR></DIV> <DIV> </DIV>
<DIV>Debug of RealServer2 addition:</DIV>
<DIV>----------------------------------------------------------</DIV>
<DIV>/ipvsadm -a -t 192.168.20.20:389 -r 192.168.20.16:389 -i -w 1)<BR>Running \
system(/sbin/ipvsadm -a -t 192.168.20.20:389 -r 192.168.20.16:389 -i -w 1)<BR>DEBUG2: \
Added real server: 192.168.20.16:389 (192.168.20.20:389) (Weight set to 1)<BR>Added \
real server: 192.168.20.16:389 (192.168.20.20:389) (Weight set to 1)<BR>DEBUG2: \
Enabled server=192.168.20.16<BR>DEBUG2: Checking negotiate: real \
server=negotiate:ldap:tcp:192.168.20.15:636::389:1:\/o\=novell:o\=novell \
(virtual=tcp:192.168.20.20:636)<BR>DEBUG2: Checking ldap server=192.168.20.15 \
port=389<BR>DEBUG2: Enabled server=192.168.20.15<BR>DEBUG2: Checking negotiate: real \
server=negotiate:ldap:tcp:192.168.20.16:636::389:1:\/o\=novell:o\=novell \
(virtual=tcp:192.168.20.20:636)<BR>DEBUG2: Checking ldap server=192.168.20.16 \
port=389<BR>DEBUG2: Running system(/sbin/ipvsadm -a -t 192.168.20.20:636 -r \
192.168.20.16:636 -i -w 1)<BR>Running system(/sbin/ipvsadm -a -t 192.168.20.20:636 -r \
192.168.20.16:636 -i -w 1)<BR>DEBUG2: Added real server: 192.168.20.16:636 \
(192.168.20.20:636) (Weight set to 1)<BR>Added real server: 192.168.20.16:636 \
(192.168.20.20:636) (Weight set to 1)<BR>DEBUG2: Enabled \
server=192.168.20.16<BR></DIV> <DIV> </DIV>
<DIV>IPVSADM after LDAP is disabled on \
RealServer2</DIV>---------------------------------------------------------- <DIV>IP \
Virtual Server version 1.2.1 (size=4096)<BR>Prot LocalAddress:Port Scheduler \
Flags<BR> -> \
RemoteAddress:Port \
Forward Weight ActiveConn InActConn<BR>TCP 192.168.20.20:ldaps rr<BR> \
-> sles101:l Local 1 \
0 0<BR>TCP \
192.168.20.20:ldap rr<BR> -> sles102:l Tunnel \
1 \
0 0<BR> -> sles101:l \
Local 1 \
0 0<BR></DIV> <DIV> </DIV>
<DIV>I have tried changing the port order in ldirectord.cf so that the port 636 \
information is first. Regardless of order, port 636 will always work and port 389 \
will always fail.</DIV> <DIV> </DIV>
<DIV>All heartbeat operations work.</DIV>
<DIV> </DIV>
<DIV>Anyone have any ideas?</DIV>
<DIV> </DIV>
<DIV>Thanks!</DIV>
<DIV> </DIV>
<DIV>Mike</DIV></BODY></HTML>
_______________________________________________________
Linux-HA-Dev: Linux-HA-Dev@lists.linux-ha.org
http://lists.linux-ha.org/mailman/listinfo/linux-ha-dev
Home Page: http://linux-ha.org/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic