Disable ldirectord checks

ldirectord is a daemon to monitor and administer real servers in a LVS cluster of load balanced virtual servers. ldirectord is typically used as a resource for heartbeat , but can also run standalone from the command line.

ldirectord monitors the health of the real servers by periodically running a service check (by default it will know how to check ftp|smtp|http|pop|pops|nntp|imap|imaps|ldap|https|dns|mysql|pgsql|sip) and if a real server fails to respond for the check, then the server is removed from service and will be reactivated once it comes back on line.

This checking is one of the main reasons we would want to use ldirectord and not have our configuration use just some simple ipvsadm commands. So why would I want to disable the checking? Well there might be various cases when this might be needed (during testing, while debugging, etc.), but normally not during day to day operations.

Let’s first see an example of a customized check for the service http might look:

virtual=192.168.6.240:80
real=192.168.6.2:80 gate
real=192.168.6.3:80 gate
fallback=127.0.0.1:80 gate
service=http
request="index.html"
receive="Test Page"
virtualhost=some_domain.com
protocol=tcp

Basically this sample http check will try to get the file “index.html” from the real servers ip and will expect for the response “Test Page” to consider the server up and running properly and keep it in the load balancer config.

If you want to disable this check and leave the config stripped like this:

virtual=192.168.6.240:80
real=192.168.6.2:80 gate
real=192.168.6.3:80 gate
fallback=127.0.0.1:80 gate
protocol=tcp

you would expect to no longer have this enabled. But this is not the case, as ldirectord will have some defaults enabled even if we don’t define any check: if there is no service set it will default to http, and it will request for “/” ; will not expect any string in particular, just a proper http reply.

Now if we really want to disable the ldirectord checking we have the checktype parameter:

checktype = negotiate|connect|N|ping|off|on

  • Negotiate sends a request and matches a receive string.

  • Connect only attempts to make a TCP/IP connection, thus the request and receive strings may be omitted.

  • If checktype is a number then negotiate and connect is combined so that after each N connect attempts one negotiate attempt is performed. This is useful to check often if a service answers and in much longer intervals a negotiating check is done.

  • Ping means that ICMP ping will be used to test the availability of real servers. Ping is also used as the connect check for UDP services.

  • Off means no checking will take place and no real or fallback servers will be activated.

  • On means no checking will take place and real servers will always be activated.

  • Default is negotiate.

So actually we have two choices: checktype=on or off, depending if we want real servers to be active or not (the change refers only to new servers as the existing ones will remain on - for live changes without ldirectord restart). For this example let’s say I would like to keep all the servers on the service so I will have to use:

virtual=192.168.6.240:80
real=192.168.6.2:80 gate
real=192.168.6.3:80 gate
fallback=127.0.0.1:80 gate
protocol=tcp
**checktype = on**

Again, normally during regular operations you would want to have a check automatically running and adding/removing servers if needed. Still during testing and debugging you might need to have this disable and find this information useful.

comments powered by Disqus