Mailing List Archive: Linux Virtual Server: Users

[lvs-users] Is --timeout intended as non-persistent?

Index | Next | Previous | View Threaded

kgay at redhat

Jul 26, 2011, 11:08 AM

Post #1 of 7 (606 views)
Permalink

[lvs-users] Is --timeout intended as non-persistent?

I've been working with a client who notes that the only way to set --timeout persistently in Red Hat Enterprise Linux is to directly apply it to the /etc/sysconfig/ipvsadm file. A reboot seems to indicate that other parameters are retained. The ipvsadm -S output does not appear to include the timeout values.

Is there a reason for this?

--
Kendrick Gay, RHCE
Global Support Services, TSE
Red Hat, Inc.

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users [at] LinuxVirtualServer
Send requests to lvs-users-request [at] LinuxVirtualServer
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

graeme at graemef

Jul 27, 2011, 5:22 AM

Post #2 of 7 (567 views)
Permalink

Re: [lvs-users] Is --timeout intended as non-persistent? [In reply to]

On Tue, 2011-07-26 at 14:08 -0400, Kendrick Gay wrote:
> I've been working with a client who notes that the only way to set --timeout persistently in Red Hat Enterprise Linux is to directly apply it to the /etc/sysconfig/ipvsadm file. A reboot seems to indicate that other parameters are retained. The ipvsadm -S output does not appear to include the timeout values.
>
> Is there a reason for this?

--timeout is an option for the "-L" switch and is informational only.

Persistence timeout is set using the "-p" switch, which *is* displayed
using "-S" (this one is using fwmarks rather than IP addresses):

[root [at] serve ~]# ipvsadm -S
-A -f 5 -s rr -p 60
-a -f 5 -r localhost.localdomain:http -g -w 100
-a -f 5 -r other.machine.in.cluster:http -g -w 100

What is your client actually trying to achieve here?

Graeme

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users [at] LinuxVirtualServer
Send requests to lvs-users-request [at] LinuxVirtualServer
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

kgay at redhat

Jul 27, 2011, 7:43 AM

Post #3 of 7 (583 views)
Permalink

Re: [lvs-users] Is --timeout intended as non-persistent? [In reply to]

It looks like they're asking how to set the TCP timeout value persistently, as opposed to a virtual service?

I apologies in advance for my ignorance of LVS. Let me give you my client's inquiries in their own words, as I believe they explain it a bit clearer:

• Setting up a Piranha load balancer does not require direct interaction with the ipvsadm command - all the configuration for setting up the ipvsadm table is done automatically when configuring lvs.cf and starting pulse.
• Finding that a Piranha load balancer has a TCP timeout value that is causing a conflict with our application, we wish to correct the issue by modifying our Piranha load balancer config
• Piranha (via lvs.cf) appears to control all aspects of the ipvsadm table - minus the timeout values that are affecting our application, which can be see via ipvsadm --Ln --timeout
• It appears can workaround this issue manually after boot by setting the timeout value via the ipvsadm command, and we can workaround this issue at boot by setting up a fake /etc/sysconfig/ipvsadm config file that contains only a single "--set x 0 0" configuration entry, and letting lvs.cf / pulse handle the remainder of the LVS table based on the nanny healthchecks and whatnot - however ipvsadm -S does not actually save timeout values (I suppose this is a different bug / issue) into the file and therefore neither does "service ipvsadm save"

It seems as though not having the control of the ipvsadm LVS table timeout values from within Piranha / lvs.cf is broken, since someone admining one of these load balancers doesn't otherwise need to directly touch the table ourselves - I would expect Piranha to handle it. The rules themselves are not traditionally configured via "ipvsadm" and "service ipvsadm save / restore / stop / start" - they are via Piranha - so why do the /timeout/ values need to be configured in this way?

Lastly, and this is largely out of scope, but the "ipvsadm -S" command should ideally write out the "--timeout x y z" parameters to STDOUT so that those can be saved / restored with everything else.

Can you please address the following questions:

1. Is adding --timeout values for ipvsadm within lvs.cf and/or being controlled from Piranha something that should be added via feature request if it does not exist today or is it something that should be fixed via bugzilla if it does and isn't functioning properly?
2. Is adding --timeout values to be written from ipvsadm -S something that should be added via feature request if it does not exist today or is it something that should be fixed via bugzilla if it does and isn't functioning properly?
Definitely correct this logic if invalid, but I responded to the client regarding question #1 by stating that ipvsadm is designed to manage the IP services, so I didn't believe it was feasible to duplicate this functionality between the utilities. The second question is the one I'm a bit less clear on.

Thanks in advance for the assistance, btw! LVS cases are few and far between for us here, so I don't find myself dusting off our LVS books very often...
----- Original Message -----

From: "Graeme Fowler" <graeme [at] graemef>
To: "LinuxVirtualServer.org users mailing list." <lvs-users [at] linuxvirtualserver>
Sent: Wednesday, July 27, 2011 8:22:43 AM
Subject: Re: [lvs-users] Is --timeout intended as non-persistent?

On Tue, 2011-07-26 at 14:08 -0400, Kendrick Gay wrote:
> I've been working with a client who notes that the only way to set --timeout persistently in Red Hat Enterprise Linux is to directly apply it to the /etc/sysconfig/ipvsadm file. A reboot seems to indicate that other parameters are retained. The ipvsadm -S output does not appear to include the timeout values.
>
> Is there a reason for this?

--timeout is an option for the "-L" switch and is informational only.

Persistence timeout is set using the "-p" switch, which *is* displayed
using "-S" (this one is using fwmarks rather than IP addresses):

[root [at] serve ~]# ipvsadm -S
-A -f 5 -s rr -p 60
-a -f 5 -r localhost.localdomain:http -g -w 100
-a -f 5 -r other.machine.in.cluster:http -g -w 100

What is your client actually trying to achieve here?

Graeme

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users [at] LinuxVirtualServer
Send requests to lvs-users-request [at] LinuxVirtualServer
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

--
Kendrick Gay, RHCE
Global Support Services, TSE
Red Hat, Inc.
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users [at] LinuxVirtualServer
Send requests to lvs-users-request [at] LinuxVirtualServer
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

malcolm at loadbalancer

Jul 27, 2011, 9:02 AM

Post #4 of 7 (564 views)
Permalink

Re: [lvs-users] Is --timeout intended as non-persistent? [In reply to]

Kendrick,

I don't think anyone will be too worried about how Piranha works on this list...
But most people just put the TCP timeout settings in rc.local or
rc.firewall or some other bootscript as they are non-persistent.

On 27 July 2011 15:43, Kendrick Gay <kgay [at] redhat> wrote:
> It looks like they're asking how to set the TCP timeout value persistently, as opposed to a virtual service?
>
> I apologies in advance for my ignorance of LVS. Let me give you my client's inquiries in their own words, as I believe they explain it a bit clearer:
>

--
Regards,

Malcolm Turnbull.

Loadbalancer.org Ltd.
Phone: +44 (0)870 443 8779
http://www.loadbalancer.org/

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users [at] LinuxVirtualServer
Send requests to lvs-users-request [at] LinuxVirtualServer
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

kgay at redhat

Jul 27, 2011, 10:47 AM

Post #5 of 7 (565 views)
Permalink

Re: [lvs-users] Is --timeout intended as non-persistent? [In reply to]

Is there a particular reason they're non-persistent,
or do you think this would this be a plausible a feature request?

----- Original Message -----
From: "Malcolm Turnbull" <malcolm [at] loadbalancer>
To: "LinuxVirtualServer.org users mailing list." <lvs-users [at] linuxvirtualserver>
Sent: Wednesday, July 27, 2011 12:02:11 PM
Subject: Re: [lvs-users] Is --timeout intended as non-persistent?

Kendrick,

I don't think anyone will be too worried about how Piranha works on this list...
But most people just put the TCP timeout settings in rc.local or
rc.firewall or some other bootscript as they are non-persistent.

On 27 July 2011 15:43, Kendrick Gay <kgay [at] redhat> wrote:
> It looks like they're asking how to set the TCP timeout value persistently, as opposed to a virtual service?
>
> I apologies in advance for my ignorance of LVS. Let me give you my client's inquiries in their own words, as I believe they explain it a bit clearer:
>

--
Regards,

Malcolm Turnbull.

Loadbalancer.org Ltd.
Phone: +44 (0)870 443 8779
http://www.loadbalancer.org/

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users [at] LinuxVirtualServer
Send requests to lvs-users-request [at] LinuxVirtualServer
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

--
Kendrick Gay, RHCE
Global Support Services, TSE
Red Hat, Inc.

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users [at] LinuxVirtualServer
Send requests to lvs-users-request [at] LinuxVirtualServer
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

graeme at graemef

Jul 27, 2011, 11:14 AM

Post #6 of 7 (565 views)
Permalink

Re: [lvs-users] Is --timeout intended as non-persistent? [In reply to]

On Wed, 2011-07-27 at 13:47 -0400, Kendrick Gay wrote:
> Is there a particular reason they're non-persistent,
> or do you think this would this be a plausible a feature request?

Firstly what we're talking about here is "--set". From the man page:

--set tcp tcpfin udp
Change the timeout values used for IPVS connections. This com-
mand always takes 3 parameters, representing the timeout
values (in seconds) for TCP sessions, TCP sessions after receiv-
ing a FIN packet, and UDP packets, respectively. A timeout
value 0 means that the current timeout value of the correspond-
ing entry is preserved.

So...

Nothing - well, I mean *almost* nothing - in a raw, unadulterated (by
any management applications) IPVS/LVS is persistent.

The kernel boots; the modules are loaded (or compiled in) and at this
point the only persistent things are the default compile-time settings
(hash size and so on).

At this point you don't have an LVS, so something else - not the
LVS/IPVS framework itself - is doing the configuring. It strikes me that
the management app (whether home cooked, rc.local, Piranha, Keepalived,
ldirectord or anything else folks might mention) has the job of making
settings persistent.

That said, you're right that "-S" doesn't output the timeout settings.
That could, I guess, be changed - but there will still be a large number
of systems out there without it, which will still need to manage that
setting in some way by themselves.

I believe you'd be better off tweaking Piranha's pulse (or whatever the
daemon is called) to handle this with a configuration option, in the
exact same way it's configured with virtual services. It's perhaps
notable that neither keepalived nor ldirectord do this.

Graeme

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users [at] LinuxVirtualServer
Send requests to lvs-users-request [at] LinuxVirtualServer
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

kgay at redhat

Jul 27, 2011, 3:30 PM

Post #7 of 7 (564 views)
Permalink

Re: [lvs-users] Is --timeout intended as non-persistent? [In reply to]

Excellent, that's invaluable information.

Thanks!

----- Original Message -----
From: "Graeme Fowler" <graeme [at] graemef>
To: "LinuxVirtualServer.org users mailing list." <lvs-users [at] linuxvirtualserver>
Sent: Wednesday, July 27, 2011 2:14:26 PM
Subject: Re: [lvs-users] Is --timeout intended as non-persistent?

On Wed, 2011-07-27 at 13:47 -0400, Kendrick Gay wrote:
> Is there a particular reason they're non-persistent,
> or do you think this would this be a plausible a feature request?

Firstly what we're talking about here is "--set". From the man page:

--set tcp tcpfin udp
Change the timeout values used for IPVS connections. This com-
mand always takes 3 parameters, representing the timeout
values (in seconds) for TCP sessions, TCP sessions after receiv-
ing a FIN packet, and UDP packets, respectively. A timeout
value 0 means that the current timeout value of the correspond-
ing entry is preserved.

So...

Nothing - well, I mean *almost* nothing - in a raw, unadulterated (by
any management applications) IPVS/LVS is persistent.

The kernel boots; the modules are loaded (or compiled in) and at this
point the only persistent things are the default compile-time settings
(hash size and so on).

At this point you don't have an LVS, so something else - not the
LVS/IPVS framework itself - is doing the configuring. It strikes me that
the management app (whether home cooked, rc.local, Piranha, Keepalived,
ldirectord or anything else folks might mention) has the job of making
settings persistent.

That said, you're right that "-S" doesn't output the timeout settings.
That could, I guess, be changed - but there will still be a large number
of systems out there without it, which will still need to manage that
setting in some way by themselves.

I believe you'd be better off tweaking Piranha's pulse (or whatever the
daemon is called) to handle this with a configuration option, in the
exact same way it's configured with virtual services. It's perhaps
notable that neither keepalived nor ldirectord do this.

Graeme

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users [at] LinuxVirtualServer
Send requests to lvs-users-request [at] LinuxVirtualServer
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

--
Kendrick Gay, RHCE
Global Support Services, TSE
Red Hat, Inc.

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users [at] LinuxVirtualServer
Send requests to lvs-users-request [at] LinuxVirtualServer
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads