LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-04-2009, 06:44 PM   #1
justemail
LQ Newbie
 
Registered: Apr 2009
Posts: 29

Rep: Reputation: 15
Linux Virtual Server (LVS) problems


After two weeks of struggling, I am going to need help with Linux Virtual Server (LVS) setup.

I have a simple setup. I am following “A Basic LVS Configuration” as described in “Linux Virtual Server (LVS) for Red Hat Enterprise Linux 5.2”.

I have setup two Virtual Servers and one Real Server (I will add one more RS after basic testing).

First, I setup one Real Server and tested it. I connected it to the Internet (eth0 => Routable IP) and tested Apache Server. I could display any web site including the one on the Real Server itself (http://www.tib.com).

Then I setup two Virtual Servers (VS) and followed the instructions to configure them up. Here is the LVS configuration file and NET setup.

------- lvs.conf --------

serial_no = 31
primary = 65.103.190.106
primary_private = 192.168.1.1
service = lvs
backup_active = 1
backup = 65.103.190.108
backup_private = 192.168.1.2
heartbeat = 1
heartbeat_port = 539
keepalive = 6
deadtime = 18
network = nat
nat_router = 192.168.1.254 eth1:1
nat_nmask = 255.255.255.255
debug_level = NONE
monitor_links = 0
syncdaemon = 0
virtual HTTP {
active = 1
address = 65.103.190.107 eth0:1
vip_nmask = 255.255.255.248
port = 80
send = "GET / HTTP/1.0rnrn"
expect = "HTTP"
use_regex = 0
load_monitor = none
scheduler = wlc
protocol = tcp
timeout = 6
reentry = 15
quiesce_server = 1
server rs1 {
address = 192.168.1.10
active = 1
weight = 1
}
}

-----

[root@tib ~]# /sbin/route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
65.103.190.104 * 255.255.255.248 U 0 0 0 eth0
192.168.1.0 * 255.255.255.0 U 0 0 0 eth1
192.168.122.0 * 255.255.255.0 U 0 0 0 virbr0
169.254.0.0 * 255.255.0.0 U 0 0 0 eth1
default 65.103.190.110 0.0.0.0 UG 0 0 0 eth0
[root@tib ~]#
[root@tib ~]# /sbin/ifconfig
eth0 Link encap:Ethernet HWaddr 00:01:53:81:11:53
inet addr:65.103.190.106 Bcast:65.103.190.111 Mask:255.255.255.248
inet6 addr: fe80::201:53ff:fe81:1153/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:126901 errors:0 dropped:0 overruns:0 frame:0
TX packets:70743 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:185129030 (176.5 MiB) TX bytes:5348672 (5.1 MiB)
Interrupt:201 Base address:0x9000

eth1 Link encap:Ethernet HWaddr 00:30:1B:38:C4:C9
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::230:1bff:fe38:c4c9/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:729 errors:0 dropped:0 overruns:0 frame:0
TX packets:784 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:43740 (42.7 KiB) TX bytes:44014 (42.9 KiB)
Interrupt:177

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:184 errors:0 dropped:0 overruns:0 frame:0
TX packets:184 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:85975 (83.9 KiB) TX bytes:85975 (83.9 KiB)

virbr0 Link encap:Ethernet HWaddr 00:00:00:00:00:00
inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0
inet6 addr: fe80::200:ff:fe00:0/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:43 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:8300 (8.1 KiB)

[root@tib ~]#

-------

PLEASE NOTE: I have NOT selected either “Persistence” or “Firewall Marks” and have made no changes to “IPTABLES”.

My GOAL is to test displaying my test web site, http://www.tib.com and then add other services.

My first test failed; I can’t display my test web site from a Win32 PC!!!!!!

I have checked that HTTP & HTTPS are OPEN on both the VS & RS. At one time I DISABLED the firewall on both VS & RS to test. No Luck!

I have checked “/var/log/messages” and found no errors. I have no idea which other files to look for error! I am what you call a NEWBIE.

In Closing, can somebody help with what I am doing wrong?

Jennifer King
 
Old 06-04-2009, 09:09 PM   #2
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 18,314

Rep: Reputation: 3877Reputation: 3877Reputation: 3877Reputation: 3877Reputation: 3877Reputation: 3877Reputation: 3877Reputation: 3877Reputation: 3877Reputation: 3877Reputation: 3877
Quote:
Originally Posted by justemail View Post
After two weeks of struggling, I am going to need help with Linux Virtual Server (LVS) setup.

I have a simple setup. I am following “A Basic LVS Configuration” as described in “Linux Virtual Server (LVS) for Red Hat Enterprise Linux 5.2”.

I have setup two Virtual Servers and one Real Server (I will add one more RS after basic testing).

First, I setup one Real Server and tested it. I connected it to the Internet (eth0 => Routable IP) and tested Apache Server. I could display any web site including the one on the Real Server itself (http://www.tib.com).

Then I setup two Virtual Servers (VS) and followed the instructions to configure them up. Here is the LVS configuration file and NET setup.

PLEASE NOTE: I have NOT selected either “Persistence” or “Firewall Marks” and have made no changes to “IPTABLES”.

My GOAL is to test displaying my test web site, http://www.tib.com and then add other services.

My first test failed; I can’t display my test web site from a Win32 PC!!!!!!

I have checked that HTTP & HTTPS are OPEN on both the VS & RS. At one time I DISABLED the firewall on both VS & RS to test. No Luck!

I have checked “/var/log/messages” and found no errors. I have no idea which other files to look for error! I am what you call a NEWBIE.

In Closing, can somebody help with what I am doing wrong?

Jennifer King
Sounds like you've made a good start, but there's some info missing. You say you've followed the guide for RHEL5.2, but don't say whether or not you're USING RHEL5.2...are you? Also, you say you can't display it from a Win32 PC, but don't say where that is, in relation to the network (internal? On the Internet? Firewalled?), or if you can display your sites from the Linux server itself.

And not to sound like I'm brushing you off...but if you're using RHEL5.2, you're paying for support. They'd be the first people I'd call, since they can and will help you with such things.
 
Old 06-05-2009, 06:49 PM   #3
justemail
LQ Newbie
 
Registered: Apr 2009
Posts: 29

Original Poster
Rep: Reputation: 15
This information might help:

I am using CentOS 5.3 & virtualization-en-US-5.2.11.el5.centos.noarch (comes packaged with CentOS 5.3)

This is the procedure I followed to setup the LVS:

1. First I setup a standalone Real Server (RS)with eth0: connecting to the Internet. I opened both HTTP & HTTPS on the RS firewall then setup a test Web page and tested it by displaying it both from the RS and from an external Win32 PC.

2. Then I setup two Virtual Servers (VS),Primary VS & Backup VS. Tested that Backup VS takes over when Primary VS goes down.

These are the settings I used:

Primary Virtual Server:

eth0: 65.103.190.106/29
eth1: 192.168.1.1/24 ; Connecting to RS

Piranha GUI Setup VIP & NAT Floating IP:

eth0:1 65.103.190.107
eth1:1 192.168.1.254

On the Real Server:

Firewall is DISABLED

eth0: 192.168.1.10/24
Gateway: 192.168.1.254

--------------------
After setting up LVS, I did a PING on NIC for VS & RS and they respond (checking Network).

On Primary VS, HTTP & HTTPS are open.

In my previous posy I have listed the lvs.conf setting. Here is the Iptables setting from Primary VS:
-----------------
[root@tib ~]#
[root@tib ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:nfs
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
[root@tib ~]#
-----------------

Now when I try to display the test WEB site "http://www.tib.com" either from the Primary Virtual Server or from an external Win32, it times out and nothing is displayed.

ONE BIG HINT: Last night, I DISABLED the firewall on the Primary Virtual Server and tried displaying the test WEB from it (VS), I got the message from VS Apache verifying that HTTPD was properly installed. What it means is that when the FW was disabled, the web browser request go to the DNS server (at off site location at GODADDY) and then tried to display the web page from the Primary VS.

It seems that the FW needs tweaking or the Primary VS is NOT forwarding the request to the RS! I do not see the request to display the test WEB if passing through the Firewall on the Primary VS. I have looked into LOGS both on VS & RS and see no message that an attempt is made to display the test WEB site.

FYI, 'net.ipv4.ip_forward' is set to '1'.

I sure appreciate any help. If there is any further information is needed, please ask.

Thanks in advance.

Jennifer K.
 
Old 06-09-2009, 08:03 PM   #4
justemail
LQ Newbie
 
Registered: Apr 2009
Posts: 29

Original Poster
Rep: Reputation: 15
I had posted this question "Linux Virtual Server (LVS) problems". It was my hunch that the FIREWALL was somehow blocking the Web (test) query!!

My hunch turned out to be true. I am posting this information to help other users.

The problem is that as the firewall is setup, it OPENs & CLOSEs ports on the Virtual Server's physical IP address. However, all traffic is directed to the VIP address. Therefore, PORTS on VIP must be opened for Virtual Server to accept traffic.

I have not figured out how to modify the iptables to accomplish that but I am working on it.
 
  


Reply

Tags
lvs


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Piranha LVS/TUN support OR alternative web interface for configuring LVS ajitabhpandey Red Hat 0 05-18-2009 10:37 PM
How to protect LVS director server with IPTABLES yaw55555 Linux - Networking 0 04-10-2009 05:21 AM
LVS is load balancing ok but it does not recognize a server as down if it goes down abefroman Linux - Networking 0 09-04-2005 11:23 PM
problem after LVS server---------------- pal Linux - Networking 0 01-13-2005 04:45 AM
Redhat Linux on Microsoft Virtual Server Problems???? mcostello1 Linux - Hardware 1 09-02-2004 12:14 AM


All times are GMT -5. The time now is 05:57 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration