Is it possible?
For LVS you have to deal with something called the ARP problem (viz., the realservers should not respond to ARP requests for the hardware address associated with the virtual IP). This is solved with some sysctl stuff for kernel 2.2.x and for 2.4.26+, but of course CentOS 3 is 2.4.21.
There's a kernel module "noarp" that's suppoed to work for all 2.4.x kernels but I can't get its configure to work properly. Does anyone have any experience with this module? Is there an RPM somewhere?
On 9/14/06, Bart Schaefer barton.schaefer@gmail.com wrote:
There's a kernel module "noarp" that's supposed to work for all 2.4.x kernels but I can't get its configure to work properly.
I ended up working around this by directly editing config.status after running configure. The configure script tries to identify the directory in which to install the module, and gets confused because there are multiple kernels (both UP and SMP) installed on the system. The result of this confusion is a borked sed script (newlines where they should not be) which trashes the configure process.
[root@tick root]# cat /etc/sysconfig/network-scripts/ifcfg-lo:0 DEVICE=lo:0 IPADDR=XX.223.248.104 NETMASK=255.255.255.255 ONBOOT=yes ARP=-arp
This is how we did it on our 7.3 machines. All the ones I can find now (yes we still have dozens :( ) are running 2.4.27, but I'm sure we didn't change the setup on this when doing that kernel upgrade.
Btw, are you sure you even want to bother with DR? Looking back I wish I had just stuck with LVS-NAT.
-jim
On 9/15/06, Bart Schaefer barton.schaefer@gmail.com wrote:
On 9/14/06, Bart Schaefer barton.schaefer@gmail.com wrote:
There's a kernel module "noarp" that's supposed to work for all 2.4.x kernels but I can't get its configure to work properly.
I ended up working around this by directly editing config.status after running configure. The configure script tries to identify the directory in which to install the module, and gets confused because there are multiple kernels (both UP and SMP) installed on the system. The result of this confusion is a borked sed script (newlines where they should not be) which trashes the configure process. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On 9/15/06, jim bartus jim.bartus@gmail.com wrote:
Btw, are you sure you even want to bother with DR?
We've got an existing server cluster using it and are only trying to add new machines; changing the setup for the machines already in the LVS is not really an option.
We found this: http://www.ultramonkey.org/3/topologies/sl-ha-lb-eg.html
And adapted it as follows:
# yum install arptables_jf (if necessary) # /etc/rc.d/init.d/arptables_jf stop Flushing all chains: [ OK ] Removing user defined chains: [ OK ] Resetting built-in chains to the default ACCEPT policy: [ OK ] # /sbin/arptables -A IN -d [virtual_ip] -j DROP # /sbin/arptables -A OUT -j mangle -o eth0 -s [virtual_ip] --mangle-ip-s [realserver_ip] # /etc/rc.d/init.d/arptables_jf save Saving current rules to /etc/sysconfig/arptables: [ OK ] # /sbin/chkconfig --level 2345 arptables_jf on # /etc/rc.d/init.d/arptables_jf start Flushing all current rules and user defined chains: [ OK ] Clearing all current rules and user defined chains: [ OK ] Applying arptables firewall rules: [ OK ]
Then do "arptables -L -v -n" to verify that the rules were installed correctly.
On 9/16/06, Bart Schaefer barton.schaefer@gmail.com wrote:
# /sbin/arptables -A OUT -j mangle -o eth0 -s [virtual_ip] --mangle-ip-s [realserver_ip]
That should all be on one line, sorry about the gmail wrapping.
-
Bart Schaefer -
jim bartus