From Petr_Savich at associates.ru Thu Jul 10 20:01:19 2008 From: Petr_Savich at associates.ru (Petr Savich) Date: Fri, 11 Jul 2008 00:01:19 +0400 Subject: piranha patch to allow colocation of director/realserver Message-ID: <085080982B2C9E4B94864491F27003316D97D7@alphyn.associates.ru> Hey guys, I want to contribute to piranha project. I've made a patch for piranha pulse daemon to allow colocation of both IPVS director and real server on the same box (current design does not allow doing it). Having only two boxes instead of four is good for appliance-based HA solutions. Idea is pretty simple: instead of ifconfig up/down the virtual interface, just bind the virtual IP to loopback during system startup and then advertise/deadvertise it by ARP using arptables or new sysctl vars. If I missed something at this point please fix me ;-) Patch was done in the response to our primary vendor's new software product which runs on RHEL4. This is an advanced enterprise security web gateway and our company is a software distributor, so commercially speaking new feature will extend both the RHEL and vendor's opportunities. I see many vendors choose RHEL as an appliance platform so probably they'd all benefit from that. I choose piranha for its simple, compact yet effective design comparing to other bulky and complex projects found at linux-ha.org. So if I did not miss anything may I expect the interest from the Red Hat to include my patch (along with man page and GUI fixes) into the supported package? The resulting .patch file is about 360 lines. I did not fix the man/GUI yet, waiting for your response. Thanks. --- Peter From lhh at redhat.com Thu Jul 10 20:12:46 2008 From: lhh at redhat.com (Lon Hohberger) Date: Thu, 10 Jul 2008 16:12:46 -0400 Subject: piranha patch to allow colocation of director/realserver In-Reply-To: <085080982B2C9E4B94864491F27003316D97D7@alphyn.associates.ru> References: <085080982B2C9E4B94864491F27003316D97D7@alphyn.associates.ru> Message-ID: <1215720766.22185.26.camel@localhost.localdomain> On Fri, 2008-07-11 at 00:01 +0400, Petr Savich wrote: > Hey guys, > > I want to contribute to piranha project. > > I've made a patch for piranha pulse daemon to allow colocation of both > IPVS director and real server on the same box (current design does not > allow doing it). Having only two boxes instead of four is good for > appliance-based HA solutions. > > Idea is pretty simple: instead of ifconfig up/down the virtual > interface, just bind the virtual IP to loopback during system startup > and then advertise/deadvertise it by ARP using arptables or new sysctl > vars. > > If I missed something at this point please fix me ;-) > > Patch was done in the response to our primary vendor's new software > product which runs on RHEL4. This is an advanced enterprise security web > gateway and our company is a software distributor, so commercially > speaking new feature will extend both the RHEL and vendor's > opportunities. I see many vendors choose RHEL as an appliance platform > so probably they'd all benefit from that. > > I choose piranha for its simple, compact yet effective design comparing > to other bulky and complex projects found at linux-ha.org. > > So if I did not miss anything may I expect the interest from the Red Hat > to include my patch (along with man page and GUI fixes) into the > supported package? > > The resulting .patch file is about 360 lines. > I did not fix the man/GUI yet, waiting for your response. It sounds like a useful feature. -- Lon From Petr_Savich at associates.ru Mon Jul 14 07:57:01 2008 From: Petr_Savich at associates.ru (Petr Savich) Date: Mon, 14 Jul 2008 11:57:01 +0400 Subject: piranha patch to allow colocation of director/realserver In-Reply-To: <1215720766.22185.26.camel@localhost.localdomain> References: <085080982B2C9E4B94864491F27003316D97D7@alphyn.associates.ru> <1215720766.22185.26.camel@localhost.localdomain> Message-ID: <085080982B2C9E4B94864491F27003316D9906@alphyn.associates.ru> Lon, Thanks for your interest. Because I don't know if I'm authorized to put the patch into the list directly I decided to keep it here (TEMPORARY): http://89.253.238.200/files/piranha-0.8.4-advertise-address.patch Well, after some tidying it grew to 500 lines, sorry ;-) I followed the original author's C coding style. I also have some sort of intermediate SRPM. Code changes: - added new `advertise_address' option to lvs.cf in virtual server section. - added logic to select the method: classic or advertise - added advertise/unadvertise functions - added/modified helper functions to call arptables and send_arp - modified some version information - FIX ME Changes to lvs.cf(5) - PER-VIRTUAL SERVER SECTION: advertise_address = i.e.: advertise_address = 192.168.0.35 eth0 Piranha will advertise the virtual address on the selected device only when active. It will hide the virtual address when it is passive using arptables. Note that `advertise_address' is mutually exclusive with `address' option and if pulse see both then it will complain and fail to run. Changes to network design: Collocate the director and real server on the same box. Idea is to have two boxes - each with director and real server. Changes in machine setup: With the new option pulse will no longer do ifconfig up/down of VIF. You have to bind the virtual address to loopback manually and provide appropriate initial ARP screening of it in /etc/sysconfig/arptables. Please read 6.8 of LVS-HOWTO document: http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.arp_problem.html When pulse becomes active it will unblock the ARP and send gratuitous message. Why arptables? Yes, it is clumsy but portable across RHEL[345]. I could use sysctls but I wish to use functionality on RHEL 3 and 4. Possible caveats: - If you change the real IP address - please update the ARP screening. You can't avoid mangling of source IP address in the OUT chain. - I tested only direct routing (because it is vital for web security gateway to see the untouched source IP address). Not sure that NAT/TUN will work in local mode. Next steps: If you recognize my work useful please let me know - I can proceed with GUI. I could also try fixing the send_arp program to avoid obsolete SOCK_PACKET syscall that make complains on newer kernels. --- Peter From hicheerup at gmail.com Tue Jul 22 16:14:15 2008 From: hicheerup at gmail.com (lingu) Date: Tue, 22 Jul 2008 21:44:15 +0530 Subject: Oracle apps form server issue with Piranha Load balancer Message-ID: <29e045b80807220914p2a06a38fuc3b790f15c5fb3d6@mail.gmail.com> Hi all, This is my first mail to this mailing list.First of all sorry for writing such a big mail.I am facing problem while implementing Piranha Load balancer on RHEL4U6 for my two oracle 11i application server running on linux. Oracle Real server details Instance Name - test url's - 1 . dev.xxx.com:8004 2 . uat.xxx.com:8004 Architecture - Services installed on dev are 1. Database Server 2.Concurrent Processing Server 3. Administration Server 4. Forms Server 5. Web server And services installed on uat are 1.Web server 2.Form server Note: Form server running on port 9004 on both hosts. Piranha details eth0 192.168.23.2 --- external physical ip eth0:1 192.168.23.3 ---EXTERNAL VIP eth2 192.168.17.125 --internal physical ip eth2:1 192.168.17.121 --INTERNAL VIP Client Network: 192.168.23.0/24 Real Server Network: 192.168.17.0/24 Client are accessing oracle application using VIP of piranha by http://192.168.23.3:8004/ Real server ips, hostname and gateway 192.168.17.16 dev.xxx.com having gateway of piranha Internal vip 192.168.17.121 192.168.17.17 uat.xxx.com having gateway of piranha Internal vip 192.168.17.121 my ipvsadm rule is like below 192.168.23.3:8004 ---->>192.168.17.16:8004 192.168.23.3:8004 ---->>192.168.17.17:8004 For me load balancing is working fine for http://192.168.23.3:8004/ . But once i logged in when ever i tried to browse any Oracle Application Forms then it is giving me error "Failed to connect to the server" uat.xxx.com:9004 Note: Form server running on port 9004 on my both oracle application sever when ever i click on any forms it is trying to connect to uat.xxx.com[which is aliased to the VIP of piranha that is 192.168.23.3 in my client host entry] so it is clearly trying to connect to 192.168.23.3:9004 but there is no service or ipvsadm rule on that vip of piranha for that 9004 port. Note: Telnet to Form server on both oracle apps server is working on 9004 from piranha server. So i created the ipvsadm rules on piranha on same vip on 9004 port like below. 192.168.23.3:9004 ---->>192.168.17.16:9004 192.168.23.3:9004 ---->>192.168.17.17:9004 But i am getting below error on my syslog ################################################################################ Jul 21 20:25:38 testlvs nanny[5064]: starting LVS client monitor for 192.168.23.3:9004 Jul 21 20:25:38 testlvs nanny[5065]: starting LVS client monitor for 192.168.23.3:9004 Jul 21 20:25:43 testlvs pulse[5040]: gratuitous lvs arps finished Jul 21 20:25:47 testlvs nanny[5065]: READ from 192.168.17.16:9004 was too short Jul 21 20:25:47 testlvs nanny[5064]: READ from 192.168.17.17:9004 was too short Jul 21 20:25:53 testlvs nanny[5061]: making 192.168.17.16:8004 available Jul 21 20:25:53 testlvs nanny[5065]: READ from 192.168.17.16:9004 was too short Jul 21 20:25:53 testlvs nanny[5059]: making 192.168.17.124:80 available Jul 21 20:25:53 testlvs nanny[5062]: making 192.168.17.17:8004 available Jul 21 20:25:53 testlvs nanny[5064]: READ from 192.168.17.17:9004 was too short Jul 21 20:25:59 testlvs nanny[5065]: READ from 192.168.17.16:9004 was too short Jul 21 20:25:59 testlvs nanny[5064]: READ from 192.168.17.17:9004 was too short Jul 21 20:26:05 testlvs nanny[5065]: READ from 192.168.17.16:9004 was too short Jul 21 20:26:05 testlvs nanny[5064]: READ from 192.168.17.17:9004 was too short Jul 21 20:26:11 testlvs nanny[5065]: READ from 192.168.17.16:9004 was too short Jul 21 20:26:11 testlvs nanny[5064]: READ from 192.168.17.17:9004 was too short Jul 21 20:26:17 testlvs nanny[5065]: READ from 192.168.17.16:9004 was too short Jul 21 20:26:17 testlvs nanny[5064]: READ from 192.168.17.17:9004 was too short Jul 21 20:26:23 testlvs nanny[5065]: READ from 192.168.17.16:9004 was too short ################################################################################ I am not able to see any thing for 9004 whenever i try ipvsdam -L. So i need some one help to solve this issue,i am facing problem only with forms rest of all of my other apps are working fine under piranha.Also forms are working fine whenever i bypassed piranha server. Regards, lingu -------------- next part -------------- An HTML attachment was scrubbed... URL: From U.Criola at patrick.com.au Tue Jul 22 22:46:42 2008 From: U.Criola at patrick.com.au (U.Criola at patrick.com.au) Date: Wed, 23 Jul 2008 08:46:42 +1000 Subject: Criola, Urbano is out of the office. Message-ID: I will be Out of the Office Start Date: 23/07/2008. End Date: 24/07/2008. I will be away from the office on wed 23/7/08 on a family matter. I will attend to your email on my return on thur 24/7/08. Regards, Urbano Criola. From hirantha at securedpipe.net Wed Jul 23 09:33:31 2008 From: hirantha at securedpipe.net (hirantha) Date: Wed, 23 Jul 2008 15:03:31 +0530 Subject: Oracle apps form server issue with Piranha Load balancer In-Reply-To: <29e045b80807220914p2a06a38fuc3b790f15c5fb3d6@mail.gmail.com> References: <29e045b80807220914p2a06a38fuc3b790f15c5fb3d6@mail.gmail.com> Message-ID: <4886FAEB.5060709@securedpipe.net> lingu wrote: > Hi all, > > I'm not a pro, but http://www.redhat.com/docs/manuals/csgfs/browse/4.6/Virtual_Server_Administration/s2-piranha-virtservs-ems-VSA.html will tell you how to right your own send_prog. and nanny will looking to this. Hope this will help > This is my first mail to this mailing list.First of all sorry for > writing such a big mail.I am facing problem while implementing Piranha > Load balancer on RHEL4U6 for my two oracle 11i application server > running on linux. > > Oracle Real server details > > Instance Name - test > > url's - 1 . dev.xxx.com:8004 > 2 . uat.xxx.com:8004 > > Architecture - > Services installed on dev are > > 1. Database Server > 2.Concurrent Processing Server > 3. Administration Server > 4. Forms Server > 5. Web server > > And services installed on uat are > > 1.Web server > 2.Form server > > Note: Form server running on port 9004 on both hosts. > > Piranha details > > eth0 192.168.23.2 --- external physical ip > eth0:1 192.168.23.3 ---EXTERNAL VIP > eth2 192.168.17.125 --internal physical ip > eth2:1 192.168.17.121 --INTERNAL VIP > > Client Network: 192.168.23.0/24 > Real Server Network: 192.168.17.0/24 > > Client are accessing oracle application using VIP of piranha by > http://192.168.23.3:8004/ > > Real server ips, hostname and gateway > > 192.168.17.16 dev.xxx.com > having gateway of piranha Internal vip 192.168.17.121 > > 192.168.17.17 uat.xxx.com > having gateway of piranha Internal vip > 192.168.17.121 > > my ipvsadm rule is like below > > 192.168.23.3:8004 ---->>192.168.17.16:8004 > > 192.168.23.3:8004 ---->>192.168.17.17:8004 > > > For me load balancing is working fine for http://192.168.23.3:8004/ . > But once i logged in when ever i tried to browse any Oracle Application > Forms then it is giving me error "Failed to connect to the server" > uat.xxx.com:9004 > > Note: Form server running on port 9004 on my both oracle application sever > > when ever i click on any forms it is trying to connect to uat.xxx.com > [which is aliased to the VIP of piranha that is > 192.168.23.3 in my client host entry] so it is > clearly trying to connect to 192.168.23.3:9004 > but there is no service or ipvsadm rule on > that vip of piranha for that 9004 port. > > Note: Telnet to Form server on both oracle apps server is working on > 9004 from piranha server. > > So i created the ipvsadm rules on piranha on same vip on 9004 port > like below. > 192.168.23.3:9004 ---->>192.168.17.16:9004 > > 192.168.23.3:9004 ---->>192.168.17.17:9004 > > > But i am getting below error on my syslog > > ################################################################################ > Jul 21 20:25:38 testlvs nanny[5064]: starting LVS client monitor for > 192.168.23.3:9004 > Jul 21 20:25:38 testlvs nanny[5065]: starting LVS client monitor for > 192.168.23.3:9004 > Jul 21 20:25:43 testlvs pulse[5040]: gratuitous lvs arps finished > Jul 21 20:25:47 testlvs nanny[5065]: READ from 192.168.17.16:9004 > was too short > Jul 21 20:25:47 testlvs nanny[5064]: READ from 192.168.17.17:9004 > was too short > Jul 21 20:25:53 testlvs nanny[5061]: making 192.168.17.16:8004 > available > Jul 21 20:25:53 testlvs nanny[5065]: READ from 192.168.17.16:9004 > was too short > Jul 21 20:25:53 testlvs nanny[5059]: making 192.168.17.124:80 > available > Jul 21 20:25:53 testlvs nanny[5062]: making 192.168.17.17:8004 > available > Jul 21 20:25:53 testlvs nanny[5064]: READ from 192.168.17.17:9004 > was too short > Jul 21 20:25:59 testlvs nanny[5065]: READ from 192.168.17.16:9004 > was too short > Jul 21 20:25:59 testlvs nanny[5064]: READ from 192.168.17.17:9004 > was too short > Jul 21 20:26:05 testlvs nanny[5065]: READ from 192.168.17.16:9004 > was too short > Jul 21 20:26:05 testlvs nanny[5064]: READ from 192.168.17.17:9004 > was too short > Jul 21 20:26:11 testlvs nanny[5065]: READ from 192.168.17.16:9004 > was too short > Jul 21 20:26:11 testlvs nanny[5064]: READ from 192.168.17.17:9004 > was too short > Jul 21 20:26:17 testlvs nanny[5065]: READ from 192.168.17.16:9004 > was too short > Jul 21 20:26:17 testlvs nanny[5064]: READ from 192.168.17.17:9004 > was too short > Jul 21 20:26:23 testlvs nanny[5065]: READ from 192.168.17.16:9004 > was too short > ################################################################################ > > I am not able to see any thing for 9004 whenever i try ipvsdam -L. So > i need some one help to solve this issue,i am facing problem only with > forms rest of all of my other apps are working fine under piranha.Also > forms are working fine whenever i bypassed piranha server. > > > Regards, > lingu > > > ------------------------------------------------------------------------ > > _______________________________________________ > Piranha-list mailing list > Piranha-list at redhat.com > https://www.redhat.com/mailman/listinfo/piranha-list