You probably want to get an hardware crypto card if you are going down that road and have a reasonable ammount of traffic. You can terminate the SSL connection at the director, perhaps using something like squid as a reverse proxy, but then the Linux Director has to do a _lot_ of work.
So far it works with a dozen pop3 accounts and hundreds of mail sent with no loss. Pl rsync wrapper, which keeps track of a given filelist between rsync synchronizations (here the filelist is the maildir files). The incoming mails are stored on random realservers in maildir format following dns MX scheduling. To synchronize both realservers (so that pop3 accounts are correct when checked), I use rsync and especially the drsync. Drsync is run on each realserver every minute (cron) synchronizing the content with the other realserver(s).
LVS is designed for services which receive connect requests from clients. Authd initiates calls from the realservers to the client. The inability of authd to work with LVS is important enough that there is a separate section on authd/identd. Initiate a call from the identd client on the realserver to the identd server on the client. LVS does not allow authd to work anymore and this must be taken into account when running services that cooperate with authd. X) these clients will have non-routable src_addr’es and the LVS’ed service will have to wait for the call to timeout. With realservers on private networks (192. Sendmail and services running inside tcpwrappers). You do not explicitely setup authd (identd) as an LVS service.
One of the most common interface files is ifcfg-eth0, which controls the first
Ethernet network. To create a channel bonding interface, create a file in the .
These subnets may be part of a class A, B, C, etc network. For historical reference the network classes are defined as follows:. The concept of network classes is a little obsolete as subnets are now used to define smaller networks using CIDR (Classless Inter-Domain Routing) as detailed above.
The first gateway is the only one which is known by the host system. The destination host must be reached through one or more IP gateways. Indirect routing table entries occur when the source and destination hosts are on different physical networks.
I’m not sure what you are talking about, but I really don’t think it will help. The problem is still the same: trying to serve up two different SSL certs based on a Host: header alone in the HTTP stream which is encapsulated by the SSL session which can only be verified by the correct SSL cert.
The last part of this is the difficult part. We run our own RootCA here, because we were quoted a price from Verisign in excess of K per year for what we wanted to do. Then there is the ominous-looking spam that VeriSign sends that makes it sound like you will lose your domain name if you don’t register it through them, so I won’t do business with them anyway even if the price *has* come down.
Processes will probably pile up in ‘D’isk wait status on all of the machines. After the NFS server comes back online the hung processes should recover and finish up. Load will go through the roof. The SMTP/POP3 servers will be very un-happy to see their NFS server disappear so you will need to recover quickly.
If one machine fails, then the other can supply the disk content. This way two machines can access the same disk. If the RAID-5 disk fails, then you’re dead. It seems that the code which calculates the filehandle in NFS is so entrenched in NFS, that it can’t be rewritten to allow disks with the same content (but not neccessarily the same disk geometry) to act as failovers in NFS. The current way around this problem is for a reliable (eg RAID-5) disk to be on a shared scsi line.
What you are trying to do isn’t really a function of LVS. That apache and be running on or in front of the LVS director. If it is a smart thing to do is another matter. It can be done, in fact just about anything can be done these days. You can setup Apache+SSL running in a reverse proxy configuration. The apache can then make normal web connections to the internal machines which can be run through the LVS director and load balanced.
As to what else is missing I don’t know. If so you’ll need persistence. After that it’s brute force eg tcpdump I’m afraid. If you know the protocol well enough you can debug also with phatcat. Presumably these are two consecutive tcpip connections. Just for sanity checks, you can use these machines, IPs to setup some conventional LVS’ed service eg telnet, httpd. You know the ldap realservers are working OK outside of the LVS (ie you can connect to them directly, possibly after fiddling IPs).