From: John P. Eisenmenger (jpe_at_eisenmenger.org)
Date: Tue 08 Apr 2003 - 20:34:19 BST
Just a thought...
Could you set up the vservers on different IPs, then manage the HA IP in
the master servers & use iptables DNAT/SNAT rules to translate the HA IPs
to/from the vserver IPs?
-John
On Tue, 8 Apr 2003, Georg Glas wrote:
> Hi ...
>
> i yust try to design, study and eveluate a solution to use vservers for high
> availibility
>
> Lets see some basic setup that we start from:
>
> There are two machines (lets call them node A and node B) each running a bunch
> of virtual servers with different services inside.
>
>
> ... some we can run active-active:
> (eg ldap, samba-ldap, cups, dns services, apache, dhcpd) ..
> [despite the fact that some services might need fileservice syncronisation
> using nfs, afs, coda or some other shared filesystem] (these services are
> already working well in a vserver enviroment)
>
> .. other service need to be run active-standby
> (eg http proxy server (yes indeed you can use some javascripting and hashing
> to run it active-active, but most clients dont support this and require a
> uniq ip addresse to be added) ftp server, socks server)
> when running in active-standby there must be a way to switchover the ip
> address from one virtualserver on node A to a virtualserver on node B .. you
> could do this by monitoring the servers with heartbeat and restarting the
> complete server for adding/removing the iproot statment. This is a very slow
> approch and would take some time (eg for a large squid cache filesystem this
> could take up a minute or so).
>
> So we have to start up the server and just switch the ip address using eg
> vrrpd (http://www.off.net/~jme/vrrpd/index.html) running in the master-server
> ... however we cannot change the iproot statement any more in a running
> virtual server, so there will be no way that services can bind to the new
> added interface. So this solution want take us any further then here ..
> (maybe someone could introduce a hack to change the iproot of a running
> program?)
>
> Another way would be using ip virtual server (some kernel hack) and direct
> routing (http://www.linuxvirtualserver.org/VS-DRouting.html) but for the
> standard ipvs design we would need a for block architecture (so two ipvs
> redirectors, and two real servers) ... to make it ha, which is not what i
> intend todo ..
>
> so now my question did anyone solve this problem, and could point me to a
> solution or is this yust some foolisch idea ?
>
>
> --
> mfg.
> Georg Glas
> Hollomey Consultants GmbH
> phone: +4331681139362 fax: +433168113934
>
>
-- John P. Eisenmenger jpe_at_eisenmenger.org