Introduction to ldirectord

To failover the LVS load-balancing resource from the primary Director to the backup Director and automatically remove nodes from the cluster, we need to use the ldirectord program. This program automatically builds the IPVS table when it first starts up and then it monitors the health of the cluster nodes and removes them from the IPVS table (on the Director) when they fail.

How ldirectord Monitors Cluster Nodes (LVS Real Servers)

The ldirectord daemon monitors the health of real servers by sending requests to access cluster resources on the real IP (RIP) of each real server. This is true for all LVS cluster types: LVS-DR, LVS-TUN, and LVS-NAT. Normally, one ldirectord daemon runs for each VIP address on the Director. When a real server does not reply to the ldirectord daemon running on the Director, the ldirectord daemon issues the correct ipvsadm command to remove it from the IPVS table for the VIP address. (Later, when the real server comes back online, ldirectord issues the correct ipvsadm command to add the real server back into the IPVS table.)

To monitor real servers inside a web cluster, for example, the ldirectord daemon uses the HTTP protocol to ask each real server for a specific web page. The Director knows what it should receive back from the real servers if they are healthy. If the reply string, or web page, takes too long to come back from the real server, or never comes back at all, or comes back changed in some way, ldirectord will know something is wrong, and it will remove the node from the IPVS table of valid real servers for a given VIP.

Figure 15-2 shows the ldirectord request to view a special health check web page (not normally viewed by client computers) on the first real server.

Figure 15-2: ldirectord requests a health check URL

The URL in this figure (http://10.1.1.2/.healthcheck.html) relies on a file named .healthcheck.html on real server 1 at RIP 10.1.1.2. The Apache web server daemon running on real server 1 will use this file (which contains only the word OKAY) to reply to the ldirectord daemon as shown in Figure 15-3.

Figure 15-3: Real server 1 sends back the reply

Notice in Figure 15-2 that the destination address of the packet is the RIP address of a real server (real server 1). Also notice that the return address of the packet is the Director's IP address (the DIP).

In Figure 15-3, the packet sent back from the real server to the Director's DIP is shown.

If anything other than the expected reply (the word OKAY as shown in this example) is received by the ldirectord daemon on the Director, the real server will be removed from the IPVS table.

Health checks for cluster resources must be made on the RIP addresses of the real servers inside the cluster regardless of the LVS forwarding method used. In the case of the HTTP protocol, the Apache web server running on the real servers must be listening for requests on the RIP address. (Appendix F contains instructions for configuring Apache in a cluster environment.) Apache must be configured to allow requests for the health check web page or health check CGI script on the RIP address.

Apache normally writes a log entry each time the health check web page is accessed. This will quickly cause your access_log and disk drive to fill up with useless information. To avoid this situation, create an httpd.conf entry like this:

 SetEnvIf Request_URI \.healthcheck\.html$ dontlog 

Place this line before the CustomLog entry for the access_log in the httpd.conf file. Next, modify the CustomLog entry to ignore all requests that have been flagged with the dontlog environment variable by adding env=!dontlog so that the CustomLog line now looks like this:

 CustomLog logs/access_log combined env=!dontlog 

Then restart the Apache daemon.

Because ldirectord is using the RIP address to monitor the real server and not the VIP address, the cluster service might not be available on the VIP address even though the health check web page is available at the RIP address.