Mailing List Archive

Spangler, Tim wrote:
> In my scenario, each Apache vhost needs its own IP address (they are all
> running SSL, thus the IP), and Wackamole is used as a failover
> solution. How do you configure Wackamole and Apache to handle multiple
> IP addresses without ever losing requests?
>
> Here are the scenarios I've thought of:
>
> 1) Set Apache to bind to 80 and 443 on all IPs. Works fine if you're
> only using 1 vhost, but Apache cannot be configured in this manner for
> multiple vhosts.
>
> 2) Set both Apache instances to bind to the VIP, and start wackamole on
> the failover system, then start Apache on the failover, then start
> wackamole on the primary (which moves the VIP to the primary), and
> finally start Apache on the primary. Works, but is somewhat clunky, and
> you cannot ever restart Apache on the failover system without killing
> wackamole on the primary.
>
> 3) Round robin DNS between both systems with X VIPs, where X is twice
> the number of virtual hosts I need. This works fine until one system
> dies -- at that point the VIPs move to server 2, but Apache is not
> listening on those IPs on server 2, so every other request fails.
>
> Anyone have a clever idea to get this to work?


Hi Tim! Here's how I did it (I'm using Apache 1.3.x):

For the NON ssl IPs, I have a vhosts.conf (it's Debian, but that's not
really important) that has:

NameVirtualHost *

# followed by several sections like
<VirtualHost *>
ServerName www.test.com
DocumentRoot /var/www/test.com
CustomLog /var/log/apache/test.com-access_log combined
ErrorLog /var/log/apache/test.com-error_log
<Directory /var/www/test.com>
AllowOverride All
</Directory>
</VirtualHost>

And all this works fine for non-SSL ips. The various web services get
wackamole virtual IPs in DNS, Apache answers on ANY AVAILABLE LOCAL IP
(which of course includes wackamole) and determines which website to
respond with based on HTTP/1.1. And failover is painless and seamless.

For SSL hosts, I have a file ssl_vhosts.conf. There are no
NameVirtualHost directives. Each ssl host gets <VirtualHost> a section
like so:

# the address here is the SSL hosts's IP,
# which should be a wackamole address.

<VirtualHost 111.222.333.444:443>

# General setup for the virtual host
DocumentRoot /var/www/test.com
ServerName www.test.com:443
ServerAdmin webmaster@test.com
ErrorLog /var/log/apache/test.com_ssl-error_log
TransferLog /var/log/apache/test.com_ssl-access_log

SSLCertificateFile /etc/apache/ssl.crt/test.com.crt
SSLCertificateKeyFile /etc/apache/ssl.key/test.com.key

SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>

SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

#CustomLog logs/ssl_request_log \
# "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>


This makes my wackamole failover setup work perfectly. Now, I know your
question included "without ever losing any requests." Realistically, if
you lose requests for, say, 3 seconds when your source of income (the
websites) automatically fail over and resume functioning, instead of
just STOPPING because you just blew your power supply... well, I think
wackamole is a WONDERFUL solution. :-)

Hope this helps (and Merry Christmas)!


L8r,
Rob
_______________________________________________
wackamole-users mailing list
wackamole-users@lists.backhand.org
http://lists.backhand.org/mailman/listinfo/wackamole-users

Thanks Rob, that solution worked great.

-Tim

-----Original Message-----
From: wackamole-users-bounces@lists.backhand.org
[mailto:wackamole-users-bounces@lists.backhand.org] On Behalf Of Rob
Bloodgood
Sent: Friday, December 21, 2007 12:11 PM
To: Wackamole Users List
Subject: Re: [Wackamole-users] Interesting logic problem with wackamole
andmultiple apache vhosts

Spangler, Tim wrote:
> In my scenario, each Apache vhost needs its own IP address (they are
> all running SSL, thus the IP), and Wackamole is used as a failover
> solution. How do you configure Wackamole and Apache to handle
> multiple IP addresses without ever losing requests?
>
> Here are the scenarios I've thought of:
>
> 1) Set Apache to bind to 80 and 443 on all IPs. Works fine if you're
> only using 1 vhost, but Apache cannot be configured in this manner for

> multiple vhosts.
>
> 2) Set both Apache instances to bind to the VIP, and start wackamole
> on the failover system, then start Apache on the failover, then start
> wackamole on the primary (which moves the VIP to the primary), and
> finally start Apache on the primary. Works, but is somewhat clunky,
> and you cannot ever restart Apache on the failover system without
> killing wackamole on the primary.
>
> 3) Round robin DNS between both systems with X VIPs, where X is twice
> the number of virtual hosts I need. This works fine until one system
> dies -- at that point the VIPs move to server 2, but Apache is not
> listening on those IPs on server 2, so every other request fails.
>
> Anyone have a clever idea to get this to work?


Hi Tim! Here's how I did it (I'm using Apache 1.3.x):

For the NON ssl IPs, I have a vhosts.conf (it's Debian, but that's not
really important) that has:

NameVirtualHost *

# followed by several sections like
<VirtualHost *>
ServerName www.test.com
DocumentRoot /var/www/test.com
CustomLog /var/log/apache/test.com-access_log combined
ErrorLog /var/log/apache/test.com-error_log
<Directory /var/www/test.com>
AllowOverride All
</Directory>
</VirtualHost>

And all this works fine for non-SSL ips. The various web services get
wackamole virtual IPs in DNS, Apache answers on ANY AVAILABLE LOCAL IP
(which of course includes wackamole) and determines which website to
respond with based on HTTP/1.1. And failover is painless and seamless.

For SSL hosts, I have a file ssl_vhosts.conf. There are no
NameVirtualHost directives. Each ssl host gets <VirtualHost> a section
like so:

# the address here is the SSL hosts's IP, # which should be a wackamole
address.

<VirtualHost 111.222.333.444:443>

# General setup for the virtual host
DocumentRoot /var/www/test.com
ServerName www.test.com:443
ServerAdmin webmaster@test.com
ErrorLog /var/log/apache/test.com_ssl-error_log
TransferLog /var/log/apache/test.com_ssl-access_log

SSLCertificateFile /etc/apache/ssl.crt/test.com.crt
SSLCertificateKeyFile /etc/apache/ssl.key/test.com.key

SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>

SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

#CustomLog logs/ssl_request_log \
# "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>


This makes my wackamole failover setup work perfectly. Now, I know your
question included "without ever losing any requests." Realistically, if
you lose requests for, say, 3 seconds when your source of income (the
websites) automatically fail over and resume functioning, instead of
just STOPPING because you just blew your power supply... well, I think
wackamole is a WONDERFUL solution. :-)

Hope this helps (and Merry Christmas)!


L8r,
Rob
_______________________________________________
wackamole-users mailing list
wackamole-users@lists.backhand.org
http://lists.backhand.org/mailman/listinfo/wackamole-users

-----------------------------------------
This message and any attachments are intended only for the use of
the addressee and may contain information that is privileged and
confidential. If the reader of the message is not the intended
recipient or an authorized representative of the intended
recipient, you are hereby notified that any dissemination of this
communication is strictly prohibited. If you have received this
communication in error, notify the sender immediately by return
email and delete the message and any attachments from your system.


_______________________________________________
wackamole-users mailing list
wackamole-users@lists.backhand.org
http://lists.backhand.org/mailman/listinfo/wackamole-users