{Disarmed} Re: Somewhat OT: Clustering and HA

Julian Field MailScanner at ecs.soton.ac.uk
Thu Feb 28 19:32:52 GMT 2008 

Please can someone add this to the Wiki, it's a very useful guide. And 
once it's up there, we can edit and further improve it as necessary if 
people feel they would like to.

Thanks folks!
Jules.

Vlad Mazek wrote:
> I pieced mine out of a few guides but there is an easier way to do 
> this now (assuming you're in RHEL / CentOS world) as Redhat developed 
> a GUI for HA. It's called Piranha:
> www.*centos*.org/docs/5/html/Virtual_Server_Administration/ch-lvs-*piranha*-VSA.html
>
> You can get the RPMs from DAG and the process is pretty simple (at 
> least mine is). I use direct path. On the load balancer just modify 
> the /etc/rc.d/ha/lvs.cf to setup your load balancer and the virtual 
> servers.
>
> serial_no = 132
> primary = *MailScanner warning: numerical links are often malicious:* 
> 1.2.3.10 <http://1.2.3.10>
> service = lvs
> backup_active = 0
> backup = *MailScanner has detected a possible fraud attempt from 
> "0.0.0.0" claiming to be* 0.0.0.0 <http://0.0.0.0>
> heartbeat = 1
> heartbeat_port = 539
> keepalive = 20
> deadtime = 20
> network = direct
> debug_level = NONE
> monitor_links = 0
> virtual mailscanner {
>      active = 1
>      address = *MailScanner has detected a possible fraud attempt from 
> "1.2.3.5" claiming to be* 1.2.3.5 <http://1.2.3.5> eth0:1
>      vip_nmask = *MailScanner has detected a possible fraud attempt 
> from "255.255.255.0" claiming to be* 255.255.255.0 <http://255.255.255.0>
>      port = 25
>      use_regex = 0
>      load_monitor = none
>      scheduler = wrr
>      protocol = tcp
>      timeout = 20
>      reentry = 30
>      quiesce_server = 0
>      server mailscanner1 {
>          address = *MailScanner has detected a possible fraud attempt 
> from "1.2.3.1" claiming to be* 1.2.3.1 <http://1.2.3.1>
>          active = 1
>          weight = 1
>      }
>      server mailscanner2 {
>          address = *MailScanner has detected a possible fraud attempt 
> from "1.2.3.2" claiming to be* 1.2.3.2 <http://1.2.3.2>
>          active = 1
>          weight = 1
>      }
> }
>
> So here is the idea, your system runs on *MailScanner warning: 
> numerical links are often malicious:* 1.2.3.10 <http://1.2.3.10> and 
> you're going to be pointing the MX to *MailScanner has detected a 
> possible fraud attempt from "1.2.3.5" claiming to be* 1.2.3.5 
> <http://1.2.3.5> which will then deliver mail down to the actual 
> mailscanner real servers *MailScanner has detected a possible fraud 
> attempt from "1.2.3.1" claiming to be* 1.2.3.1 <http://1.2.3.1> and 
> *MailScanner has detected a possible fraud attempt from "1.2.3.2" 
> claiming to be* 1.2.3.2 <http://1.2.3.2>; Just start pulse and you're 
> done.
>
> Each node needs a loopback interface with the address of the virtual 
> server and *MailScanner warning: numerical links are often malicious:* 
> 255.255.255.255 <http://255.255.255.255> subnet mask.
> /etc/sysconfig/network-scripts/ifcfg-lo:1
> DEVICE=lo:1
> IPADDR=*MailScanner has detected a possible fraud attempt from 
> "1.2.3.5" claiming to be* 1.2.3.5 <http://1.2.3.5>
> NETMASK=*MailScanner warning: numerical links are often malicious:* 
> 255.255.255.255 <http://255.255.255.255>
> ONBOOT=yes
> NAME=loopback
>
> Some more junk for sysctl.conf (comment out packet forwarding):
>
> net.ipv4.conf.all.arp_ignore = 1
> net.ipv4.conf.eth0.arp_ignore = 1
> net.ipv4.conf.all.arp_announce = 2
> net.ipv4.conf.eth0.arp_announce = 2
> net.ipv4.ip_forward = 1
>
> Hope that helps (and hope you want to replicate exactly what I have 
> otherwise there is reading involved).. :)
>
> -Vlad
>
> On 2/27/08, *Alex Neuman* <alex at nkpanama.com 
> <mailto:alex at nkpanama.com>> wrote:
>
>
>     On Feb 27, 2008, at 4:04 PM, Vlad Mazek wrote:
>
>     > Keep in mind that if you have more than 4 MX records in round robin
>     > the lookup will only return four, throwing the load balancing a bit
>     > out of skew.  Linux HA with lvs is dead easy to configure and can do
>     > quite a bit with cheap hardware.
>
>
>     Can you please direct me to a good "howto" or "cookbook" on Linux HA?
>     I've looked around and most are either too specific or outdated.
>
>
>     --
>
>     MailScanner mailing list
>     mailscanner at lists.mailscanner.info
>     <mailto:mailscanner at lists.mailscanner.info>
>     http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>     Before posting, read http://wiki.mailscanner.info/posting
>
>     Support MailScanner development - buy the book off the website!
>
>

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list