Linux Virtual Server (LVS) problems
After two weeks of struggling, I am going to need help with Linux Virtual Server (LVS) setup.
I have a simple setup. I am following “A Basic LVS Configuration” as described in “Linux Virtual Server (LVS) for Red Hat Enterprise Linux 5.2”. I have setup two Virtual Servers and one Real Server (I will add one more RS after basic testing). First, I setup one Real Server and tested it. I connected it to the Internet (eth0 => Routable IP) and tested Apache Server. I could display any web site including the one on the Real Server itself (http://www.tib.com). Then I setup two Virtual Servers (VS) and followed the instructions to configure them up. Here is the LVS configuration file and NET setup. ------- lvs.conf -------- serial_no = 31 primary = 65.103.190.106 primary_private = 192.168.1.1 service = lvs backup_active = 1 backup = 65.103.190.108 backup_private = 192.168.1.2 heartbeat = 1 heartbeat_port = 539 keepalive = 6 deadtime = 18 network = nat nat_router = 192.168.1.254 eth1:1 nat_nmask = 255.255.255.255 debug_level = NONE monitor_links = 0 syncdaemon = 0 virtual HTTP { active = 1 address = 65.103.190.107 eth0:1 vip_nmask = 255.255.255.248 port = 80 send = "GET / HTTP/1.0rnrn" expect = "HTTP" use_regex = 0 load_monitor = none scheduler = wlc protocol = tcp timeout = 6 reentry = 15 quiesce_server = 1 server rs1 { address = 192.168.1.10 active = 1 weight = 1 } } ----- [root@tib ~]# /sbin/route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 65.103.190.104 * 255.255.255.248 U 0 0 0 eth0 192.168.1.0 * 255.255.255.0 U 0 0 0 eth1 192.168.122.0 * 255.255.255.0 U 0 0 0 virbr0 169.254.0.0 * 255.255.0.0 U 0 0 0 eth1 default 65.103.190.110 0.0.0.0 UG 0 0 0 eth0 [root@tib ~]# [root@tib ~]# /sbin/ifconfig eth0 Link encap:Ethernet HWaddr 00:01:53:81:11:53 inet addr:65.103.190.106 Bcast:65.103.190.111 Mask:255.255.255.248 inet6 addr: fe80::201:53ff:fe81:1153/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:126901 errors:0 dropped:0 overruns:0 frame:0 TX packets:70743 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:185129030 (176.5 MiB) TX bytes:5348672 (5.1 MiB) Interrupt:201 Base address:0x9000 eth1 Link encap:Ethernet HWaddr 00:30:1B:38:C4:C9 inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::230:1bff:fe38:c4c9/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:729 errors:0 dropped:0 overruns:0 frame:0 TX packets:784 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:43740 (42.7 KiB) TX bytes:44014 (42.9 KiB) Interrupt:177 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:184 errors:0 dropped:0 overruns:0 frame:0 TX packets:184 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:85975 (83.9 KiB) TX bytes:85975 (83.9 KiB) virbr0 Link encap:Ethernet HWaddr 00:00:00:00:00:00 inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0 inet6 addr: fe80::200:ff:fe00:0/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:43 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:8300 (8.1 KiB) [root@tib ~]# ------- PLEASE NOTE: I have NOT selected either “Persistence” or “Firewall Marks” and have made no changes to “IPTABLES”. My GOAL is to test displaying my test web site, http://www.tib.com and then add other services. My first test failed; I can’t display my test web site from a Win32 PC!!!!!! I have checked that HTTP & HTTPS are OPEN on both the VS & RS. At one time I DISABLED the firewall on both VS & RS to test. No Luck! I have checked “/var/log/messages” and found no errors. I have no idea which other files to look for error! I am what you call a NEWBIE. In Closing, can somebody help with what I am doing wrong? Jennifer King |
Quote:
And not to sound like I'm brushing you off...but if you're using RHEL5.2, you're paying for support. They'd be the first people I'd call, since they can and will help you with such things. |
This information might help:
I am using CentOS 5.3 & virtualization-en-US-5.2.11.el5.centos.noarch (comes packaged with CentOS 5.3) This is the procedure I followed to setup the LVS: 1. First I setup a standalone Real Server (RS)with eth0: connecting to the Internet. I opened both HTTP & HTTPS on the RS firewall then setup a test Web page and tested it by displaying it both from the RS and from an external Win32 PC. 2. Then I setup two Virtual Servers (VS),Primary VS & Backup VS. Tested that Backup VS takes over when Primary VS goes down. These are the settings I used: Primary Virtual Server: eth0: 65.103.190.106/29 eth1: 192.168.1.1/24 ; Connecting to RS Piranha GUI Setup VIP & NAT Floating IP: eth0:1 65.103.190.107 eth1:1 192.168.1.254 On the Real Server: Firewall is DISABLED eth0: 192.168.1.10/24 Gateway: 192.168.1.254 -------------------- After setting up LVS, I did a PING on NIC for VS & RS and they respond (checking Network). On Primary VS, HTTP & HTTPS are open. In my previous posy I have listed the lvs.conf setting. Here is the Iptables setting from Primary VS: ----------------- [root@tib ~]# [root@tib ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain RH-Firewall-1-INPUT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere icmp any ACCEPT esp -- anywhere anywhere ACCEPT ah -- anywhere anywhere ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ACCEPT udp -- anywhere anywhere udp dpt:ipp ACCEPT tcp -- anywhere anywhere tcp dpt:ipp ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:nfs ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http REJECT all -- anywhere anywhere reject-with icmp-host-prohibited [root@tib ~]# ----------------- Now when I try to display the test WEB site "http://www.tib.com" either from the Primary Virtual Server or from an external Win32, it times out and nothing is displayed. ONE BIG HINT: Last night, I DISABLED the firewall on the Primary Virtual Server and tried displaying the test WEB from it (VS), I got the message from VS Apache verifying that HTTPD was properly installed. What it means is that when the FW was disabled, the web browser request go to the DNS server (at off site location at GODADDY) and then tried to display the web page from the Primary VS. It seems that the FW needs tweaking or the Primary VS is NOT forwarding the request to the RS! I do not see the request to display the test WEB if passing through the Firewall on the Primary VS. I have looked into LOGS both on VS & RS and see no message that an attempt is made to display the test WEB site. FYI, 'net.ipv4.ip_forward' is set to '1'. I sure appreciate any help. If there is any further information is needed, please ask. Thanks in advance. Jennifer K. |
I had posted this question "Linux Virtual Server (LVS) problems". It was my hunch that the FIREWALL was somehow blocking the Web (test) query!!
My hunch turned out to be true. I am posting this information to help other users. The problem is that as the firewall is setup, it OPENs & CLOSEs ports on the Virtual Server's physical IP address. However, all traffic is directed to the VIP address. Therefore, PORTS on VIP must be opened for Virtual Server to accept traffic. I have not figured out how to modify the iptables to accomplish that but I am working on it. |
All times are GMT -5. The time now is 11:18 AM. |