[Linux-ha-dev] ldirectord not removing ldap server from list
Michael Bristow
mbristow at novell.com
Fri Jul 27 13:50:28 MDT 2007
I am running ldirectord version 1.186-ha-2.0.8 on SLES10 SP1.
192.168.20.15 (sles101) = RealServer1
192.168.20.16 (sles102) = RealServer2
192.168.20.20 = vip
As you'll see from my ldirectord.cf file below, I am configured to load balance two real servers for LDAP. When I stop LDAP, on RealServer2, it should remove that server from the load balancer, and continue directing LDAP traffic to RealServer1.
When I launch "ldirectord -d start"and watch the debug.... I stop LDAP on RealServer2, and only see ipvsadm remove RealServer2 on port 636. No removal is done for port 389. As a result, when I look at "ipvsadm", it shows that 636 is gone for RealServer2, and 389 still exists for RealServer2.
When I enable LDAP on RealServer2, I see it add 636 back, and also try to add 389 back.
When RealServer2 is down, LDAP calls to 636 get redirected to RealServer1 perfectly. Port 389, of course, fails 50% of the time (Round Robin) because it still believes RealServer2 on 389 is up.
ldirectord.cf
----------------------------------------------------------
virtual=192.168.20.20:389
real=192.168.20.15:389 ipip
real=192.168.20.16:389 ipip
service=ldap
checktype=negotiate
negotiatetimeout=10
login="cn=test,o=novell"
passwd="novell"
request="o=novell"
receive="o=novell"
scheduler=rr
protocol=tcp
checktimeout=10
quiescent=no
virtual=192.168.20.20:636
real=192.168.20.15:636 ipip
real=192.168.20.16:636 ipip
service=ldap
checkport=636
checktype=negotiate
negotiatetimeout=10
login="cn=test,o=novell"
passwd="novell"
request="o=novell"
receive="o=novell"
scheduler=rr
protocol=tcp
checktimeout=10
quiescent=no
Debug of RealServer2 deletion:
----------------------------------------------------------
/ipvsadm -d -t 192.168.20.20:636 -r 192.168.20.16:636)
Running system(/sbin/ipvsadm -d -t 192.168.20.20:636 -r 192.168.20.16:636)
DEBUG2: Deleted real server: 192.168.20.16:636 (192.168.20.20:636)
Deleted real server: 192.168.20.16:636 (192.168.20.20:636)
DEBUG2: Disabled server=192.168.20.16
Debug of RealServer2 addition:
----------------------------------------------------------
/ipvsadm -a -t 192.168.20.20:389 -r 192.168.20.16:389 -i -w 1)
Running system(/sbin/ipvsadm -a -t 192.168.20.20:389 -r 192.168.20.16:389 -i -w 1)
DEBUG2: Added real server: 192.168.20.16:389 (192.168.20.20:389) (Weight set to 1)
Added real server: 192.168.20.16:389 (192.168.20.20:389) (Weight set to 1)
DEBUG2: Enabled server=192.168.20.16
DEBUG2: Checking negotiate: real server=negotiate:ldap:tcp:192.168.20.15:636::389:1:\/o\=novell:o\=novell (virtual=tcp:192.168.20.20:636)
DEBUG2: Checking ldap server=192.168.20.15 port=389
DEBUG2: Enabled server=192.168.20.15
DEBUG2: Checking negotiate: real server=negotiate:ldap:tcp:192.168.20.16:636::389:1:\/o\=novell:o\=novell (virtual=tcp:192.168.20.20:636)
DEBUG2: Checking ldap server=192.168.20.16 port=389
DEBUG2: Running system(/sbin/ipvsadm -a -t 192.168.20.20:636 -r 192.168.20.16:636 -i -w 1)
Running system(/sbin/ipvsadm -a -t 192.168.20.20:636 -r 192.168.20.16:636 -i -w 1)
DEBUG2: Added real server: 192.168.20.16:636 (192.168.20.20:636) (Weight set to 1)
Added real server: 192.168.20.16:636 (192.168.20.20:636) (Weight set to 1)
DEBUG2: Enabled server=192.168.20.16
IPVSADM after LDAP is disabled on RealServer2
----------------------------------------------------------
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.20.20:ldaps rr
-> sles101:l Local 1 0 0
TCP 192.168.20.20:ldap rr
-> sles102:l Tunnel 1 0 0
-> sles101:l Local 1 0 0
I have tried changing the port order in ldirectord.cf so that the port 636 information is first. Regardless of order, port 636 will always work and port 389 will always fail.
All heartbeat operations work.
Anyone have any ideas?
Thanks!
Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.community.tummy.com/pipermail/linux-ha-dev/attachments/20070727/da3ee2ab/attachment.html
More information about the Linux-HA-Dev
mailing list