1LDIRECTORD(8)         User Contributed Perl Documentation        LDIRECTORD(8)
2
3
4

NAME

6       ldirectord - Linux Director Daemon
7
8       Daemon to monitor remote services and control Linux Virtual Server
9

SYNOPSIS

11       ldirectord [-d|--debug] [--] [configfile] start | stop | restart | try-
12       restart | reload | force-reload | status
13
14       ldirectord [-h|-?|--help|-v|--version]
15

DESCRIPTION

17       ldirectord is a daemon to monitor and administer real servers in a
18       cluster of load balanced virtual servers. ldirectord typically is
19       started from heartbeat but can also be run from the command line. On
20       startup ldirectord reads the file /etc/ha.d/conf/configuration.  After
21       parsing the file, entries for virtual servers are created on the LVS.
22       Now at regular intervals the specified real servers are monitored and
23       if they are considered alive, added to a list for each virtual server.
24       If a real server fails, it is removed from that list. Only one instance
25       of ldirectord can be started for each configuration, but more instances
26       of ldirectord may be started for different configurations. This helps
27       to group clusters of services.  Normally one would put an entry inside
28       /etc/ha.d/haresources
29
30       nodename virtual-ip-address ldirectord::configuration
31
32       to start ldirectord from heartbeat.
33

OPTIONS

35       configuration: This is the name for the configuration as specified in
36       the file /etc/ha.d/conf/configuration
37
38       -d|--debug Don't start as daemon and log verbosely.
39
40       -h|--help Print user manual and exit.
41
42       -v|--version Print version and exit.
43
44       start the daemon for the specified configuration.
45
46       stop the daemon for the specified configuration. This is the same as
47       sending a TERM signal to the running daemon.
48
49       restart the daemon for the specified configuration. The same as
50       stopping and starting.
51
52       reload the configuration file. This is only useful for modifications
53       inside a virtual server entry. It will have no effect on adding or
54       removing a virtual server block. This is the same as sending a HUP
55       signal to the running daemon.
56
57       status of the running daemon for the specified configuration.
58

SYNTAX

60   Description of how to write configuration files
61       virtual = (ip_address|hostname:portnumber|servicename)|firewall-mark
62
63       Defines a virtual service by IP-address (or hostname) and port (or
64       servicename) or firewall-mark.  A firewall-mark is an integer greater
65       than zero. The configuration of marking packets is controlled using the
66       "-m" option to ipchains(8).  All real services and flags for a virtual
67       service must follow this line immediately and be indented.
68
69       checktimeout = n
70
71       Timeout in seconds for connect, external, external-perl and ping
72       checks. If the timeout is exceeded then the real server is declared
73       dead.
74
75       If defined in a virtual server section then the global value is
76       overridden.
77
78       If undefined then the value of negotiatetimeout is used.
79       negotiatetimeout is also a global value that may be overridden by a
80       per-virtual setting.
81
82       If both checktimeout and negotiatetimeout are unset, the default is
83       used.
84
85       Default: 5 seconds
86
87       negotiatetimeout = n
88
89       Timeout in seconds for negotiate checks.
90
91       If defined in a virtual server section then the global value is
92       overridden.
93
94       If undefined then the value of checktimeout is used.  checktimeout is
95       also a global value that may be overridden by a per-virtual setting.
96
97       If both negotiatetimeout and checktimeout are unset, the default is
98       used.
99
100       Default: 30 seconds
101
102       checkinterval = n
103
104       Defines the number of second between server checks.
105
106       When fork=no this option defines the amount of time ldirectord sleeps
107       between running all of the realserver checks in all virtual service
108       pools.
109
110       When fork=yes this option defines the amount of time each forked child
111       sleeps per virtual service pool after running all realserver checks for
112       that pool.
113
114       If set in the virtual server section then the global value is
115       overridden, but ONLY if using forking mode (fork = yes).
116
117       Default: 10 seconds
118
119       checkcount = n
120
121       This option is deprecated and slated for removal in a future version.
122       Please see the 'failurecount' option.
123
124       The number of times a check will be attempted before it is considered
125       to have failed. Only works with ping checks. Note that the
126       checktimeout/negotiatetimeout is additive, so if a connect check is
127       used, checkcount is 3 and checktimeout is 2 seconds, then a total of 6
128       seconds worth of timeout will occur before the check fails.
129
130       If defined in a virtual server section then the global value is
131       overridden.
132
133       Default: 1
134
135       failurecount = n
136
137       The number of consecutive times a failure will have to be reported by a
138       check before the realserver is considered to have failed.  A value of 1
139       will have the realserver considered failed on the first failure.  A
140       successful check will reset the failure counter to 0.
141
142       If defined in a virtual server section then the global value is
143       overridden.
144
145       Default: 1
146
147       autoreload = yes | no
148
149       Defines if <ldirectord> should continuously check the configuration
150       file for modification. If this is set to 'yes' and the configuration
151       file changed on disk and its modification time (mtime) is newer than
152       the previous version, the configuration is automatically reloaded.
153
154       Default: no
155
156       callback = "/path/to/callback"
157
158       If this directive is defined, ldirectord automatically calls the
159       executable /path/to/callback after the configuration file has changed
160       on disk. This is useful to update the configuration file through scp on
161       the other heartbeated host. The first argument to the callback is the
162       name of the configuration.
163
164       This directive might also be used to restart ldirectord automatically
165       after the configuration file changed on disk. However, if autoreload is
166       set to yes, the configuration is reloaded anyway.
167
168       fallback = ip_address|hostname[:portnumber|sercvicename] [gate | masq |
169       ipip]
170
171       the server onto which a webservice is redirected if all real servers
172       are down. Typically this would be 127.0.0.1 with an emergency page.
173
174       If defined in a virtual server section then the global value is
175       overridden.
176
177       fallbackcommand = "path to script"
178
179       If this directive is defined, the supplied script is executed whenever
180       all real servers for a virtual service are down or when the first real
181       server comes up again. In the first case, it is called with "start" as
182       its first argument, in the latter with "stop".  Additional parameters
183       are vserver with vport (vserver:vport) as second param and protocol
184       (tcp/udp) as third param to identify the virtual service within the
185       fallback script.
186
187       If defined in a virtual server section then the global value is
188       overridden.
189
190       logfile = "/path/to/logfile"|syslog_facility
191
192       An alternative logfile might be specified with this directive. If the
193       logfile does not have a leading '/', it is assumed to be a syslog(3)
194       facility name.
195
196       Default: log directly to the file /var/log/ldirectord.log.
197
198       emailalert = "emailaddress[, emailaddress]..."
199
200       A valid email address for sending alerts about the changed connection
201       status to any real server defined in the virtual service.  This option
202       requires perl module MailTools to be installed.  Automatically tries to
203       send email using any of the built-in methods. See perldoc Mail::Mailer
204       for more info on methods.
205
206       Multiple addresses may be supplied, comma delimited.
207
208       If defined in a virtual server section then the global value is
209       overridden.
210
211       emailalertfrom = emailaddress
212
213       A valid email address to use as the from address of the email alerts.
214       You can use a plain email address or any RFC-compliant string for the
215       From header in the body of an email message (such as: "ldirectord
216       Alerts" <alerts@example.com>) Do not quote this string unless you want
217       the quotes passed in as part of the From header.
218
219       Default: unset, take system generated default (probably root@hostname)
220
221       emailalertfreq = n
222
223       Delay in seconds between repeating email alerts while any given real
224       server in the virtual service remains inaccessible.  A setting of zero
225       seconds will inhibit the repeating alerts. The email timing accuracy of
226       this setting is dependent on the number of seconds defined in the
227       checkinterval configuration option.
228
229       If defined in a virtual server section then the global value is
230       overridden.
231
232       Default: 0
233
234       emailalertstatus = all | none | starting | running | stopping |
235       reloading,...
236
237       Comma delimited list of server states in which email alerts should be
238       sent.  all is a short-hand for "starting,running,stopping,reloading".
239       If none is specified, no other option may be specified, otherwise
240       options are ored with each other.
241
242       If defined in a virtual server section then the global value is
243       overridden.
244
245       Default: all
246
247       smtp = ip_address|hostname"
248
249       A valid SMTP server address to use for sending email via SMTP.
250
251       If defined in a virtual server section then the global value is
252       overridden.
253
254       execute = "configuration"
255
256       Use this directive to start an instance of ldirectord for the named
257       configuration.
258
259       supervised = yes | no
260
261       If yes, then ldirectord does not go into background mode.  All log-
262       messages are redirected to stdout instead of a logfile.  This is useful
263       to run ldirectord supervised from daemontools.  See
264       http://untroubled.org/rpms/daemontools/ or
265       http://cr.yp.to/daemontools.html for details.
266
267       Default: no
268
269       fork = yes | no
270
271       If yes, then ldirectord will spawn a child process for every virtual
272       server, and run checks against the real servers from them.  This will
273       increase response times to changes in real server status in
274       configurations with many virtual servers.  This may also use less
275       memory then running many separate instances of ldirectord.  Child
276       processes will be automatically restarted if they die.
277
278       Default: no
279
280       quiescent = yes | no
281
282       If yes, then when real or failback servers are determined to be down,
283       they are not actually removed from the kernel's LVS table. Rather,
284       their weight is set to zero which means that no new connections will be
285       accepted.
286
287       This has the side effect, that if the real server has persistent
288       connections, new connections from any existing clients will continue to
289       be routed to the real server, until the persistent timeout can expire.
290       See ipvsadm for more information on persistent connections.
291
292       This side-effect can be avoided by running the following:
293
294       echo 1 > /proc/sys/net/ipv4/vs/expire_quiescent_template
295
296       If the proc file isn't present this probably means that the kernel
297       doesn't have LVS support, LVS support isn't loaded, or the kernel is
298       too old to have the proc file. Running ipvsadm as root should load LVS
299       into the kernel if it is possible.
300
301       If no, then the real or failback servers will be removed from the
302       kernel's LVS table. The default is yes.
303
304       If defined in a virtual server section then the global value is
305       overridden.
306
307       Default: yes
308
309       readdquiescent = yes | no
310
311       If yes, then when real or failback servers are determined to be down,
312       they are readded to the kernel's LVS table with weight 0 if they do not
313       exist in the table. Setting the value to no, allows manually removing
314       the realserver to manually disable all persistent connections.
315
316       cleanstop = yes | no
317
318       If yes, then when ldirectord exits it will remove all of the virtual
319       server pools that it is managing from the kernel's LVS table.
320
321       If no, then the virtual server pools it is managing and any real or
322       failback servers listed in them at the time ldirectord exits will be
323       left as-is.  If you want to be able to stop ldirectord without having
324       traffic to your realservers interrupted you will want to set this to
325       no.
326
327       If defined in a virtual server section then the global value is
328       overridden.
329
330       Default: yes
331
332       maintenancedir = directoryname
333
334       If this option is set ldirectord will look for a special file in the
335       specified directory and, if found, force the status of the real server
336       identified by the file to down, skipping the normal health check.  This
337       would be useful if you wish to force servers down for maintenance
338       without having to modify the actual ldirectord configuration file.
339
340       For example, given a realserver with IP 172.16.1.2, service on port
341       4444, and a resolvable reverse DNS entry pointing to
342       "realserver2.example.com" ldirectord will check for the existence of
343       the following files:
344
345       172.16.1.2:4444
346       172.16.1.2
347       realserver2.example.com:4444
348       realserver2.example.com
349       realserver2:4444
350       realserver2
351
352       If any one of those files is found then ldirectord will immediately
353       force the status of the server to down as if the check had failed.
354
355       Note: Since it checks for the IP/hostname without the port this means
356       you can decide to place an entire realserver into maintenance across a
357       large number of virtual service pools with a single file (if you were
358       going to reboot the server, for instance) or include the port number
359       and put just a particular service into maintenance.
360
361       This option is not valid in a virtual server section.
362
363       Default: disabled
364
365   Section virtual
366       The following commands must follow a virtual entry and must be indented
367       with a minimum of 4 spaces or one tab.
368
369       real =
370       ip_address|hostname[->ip_address|hostname][:portnumber|servicename]
371       gate | masq | ipip [weight] ["request", "receive"]
372
373       Defines a real service by IP-address (or hostname) and port (or
374       servicename). If the port is omitted then a 0 will be used, this is
375       intended primarily for fwmark services where the port for real servers
376       is ignored. Optionally a range of IPv4 addresses (or two hostnames) may
377       be given, in which case each IPv4 address in the range will be treated
378       as a real server using the given port. The second argument defines the
379       forwarding method, must be gate, ipip or masq.  The third argument is
380       optional and defines the weight for that real server. If omitted then a
381       weight of 1 will be used. The last two arguments are also optional.
382       They define a request-receive pair to be used to check if a server is
383       alive.  They override the request-receive pair in the virtual server
384       section. These two strings must be quoted. If the request string starts
385       with http://...  the IP-address and port of the real server is
386       overridden, otherwise the IP-address and port of the real server is
387       used.
388
389    For TCP and UDP (non fwmark) virtual services, unless the forwarding
390       method is masq and the IP address of a real server is non-local (not
391       present on a interface on the host running ldirectord) then the port of
392       the real server will be set to that of its virtual service. That is,
393       port-mapping is only available to if the real server is another machine
394       and the forwarding method is masq.  This is due to the way that the
395       underlying LVS code in the kernel functions.
396    More than one of these entries may be inside a virtual section.  The
397       checktimeout, negotiatetimeout, checkcount, fallback, emailalert,
398       emailalertfreq and quiescent options listed above may also appear
399       inside a virtual section, in which case the global setting is
400       overridden.
401       checktype = connect | external | external-perl | negotiate | off | on |
402       ping | checktimeoutN
403
404       Type of check to perform. Negotiate sends a request and matches a
405       receive string. Connect only attempts to make a TCP/IP connection, thus
406       the request and receive strings may be omitted.  If checktype is a
407       number then negotiate and connect is combined so that after each N
408       connect attempts one negotiate attempt is performed. This is useful to
409       check often if a service answers and in much longer intervals a
410       negotiating check is done. Ping means that ICMP ping will be used to
411       test the availability of real servers.  Ping is also used as the
412       connect check for UDP services. Off means no checking will take place
413       and no real or fallback servers will be activated.  On means no
414       checking will take place and real servers will always be activated.
415       Default is negotiate.
416
417       service = dns | ftp | http | https | http_proxy | imap | imaps | ldap |
418       mysql | nntp | none | oracle | pgsql | pop | pops | radius | simpletcp
419       | sip | smtp | submission
420
421       The type of service to monitor when using checktype=negotiate. None
422       denotes a service that will not be monitored.
423
424       simpletcp sends the request string to the server and tests it against
425       the receive regexp. The other types of checks connect to the server
426       using the specified protocol. Please see the request and receive
427       sections for protocol specific information.
428
429       Default:
430
431       ·   Virtual server port is 21: ftp
432
433       ·   Virtual server port is 25: smtp
434
435       ·   Virtual server port is 53: dns
436
437       ·   Virtual server port is 80: http
438
439       ·   Virtual server port is 110: pop
440
441       ·   Virtual server port is 119: nntp
442
443       ·   Virtual server port is 143: imap
444
445       ·   Virtual server port is 389: ldap
446
447       ·   Virtual server port is 443: https
448
449       ·   Virtual server port is 587: submission
450
451       ·   Virtual server port is 993: imaps
452
453       ·   Virtual server port is 995: pops
454
455       ·   Virtual server port is 1521: oracle
456
457       ·   Virtual server port is 1812: radius
458
459       ·   Virtual server port is 3128: http_proxy
460
461       ·   Virtual server port is 3306: mysql
462
463       ·   Virtual server port is 5432: pgsql
464
465       ·   Virtual server port is 5060: sip
466
467       ·   Otherwise: none
468
469       checkcommand = "path to script"
470
471       This setting is used if checktype is external or external-perl and is
472       the command to be run to check the status of a real server. It should
473       exit with status 0 if everything is ok, or non-zero otherwise.
474
475       Four parameters are passed to the script:
476
477       ·   virtual server ip/firewall mark
478
479       ·   virtual server port
480
481       ·   real server ip
482
483       ·   real server port
484
485       If the checktype is external-perl then the command is assumed to be a
486       Perl script and it is evaluated into an anonymous subroutine which is
487       called at check time, avoiding a fork-exec.  The argument signature and
488       exit code conventions are identical to checktype external.  That is, an
489       external-perl checktype should also work as an external checktype.
490
491       Default: /bin/true
492
493       checkport = n
494
495       Number of port to monitor. Sometimes check port differs from service
496       port.
497
498       Default: port specified for each real server
499
500       request = "uri to requested object"
501
502       This object will be requested each checkinterval seconds on each real
503       server.  The string must be inside quotes. Note that this string may be
504       overridden by an optional per real-server based request-string.
505
506       For an HTTP/HTTPS check, this should be a relative URI, while it has to
507       be absolute for the 'http_proxy' check type. In the latter case, this
508       URI will be requested through the proxy backend that is being checked.
509
510       For a DNS check this should the name of an A record, or the address of
511       a PTR record to look up.
512
513       For a MySQL, Oracle or PostgeSQL check, this should be an SQL SELECT
514       query.  The data returned is not checked, only that the answer is one
515       or more rows.  This is a required setting.
516
517       For a simpletcp check, this string is sent verbatim except any
518       occurrences of \n are replaced with a new line character.
519
520       receive = "regexp to compare"
521
522       If the requested result contains this regexp to compare, the real
523       server is declared alive. The regexp must be inside quotes. Keep in
524       mind that regexps are not plain strings and that you need to escape the
525       special characters if they should as literals. Note that this regexp
526       may be overridden by an optional per real-server based receive regexp.
527
528       For a DNS check this should be any one the A record's addresses or any
529       one of the PTR record's names.  In case of dynamic DNS answers
530       (different answers on the same question) a regex to match multiple
531       addresses or PTR record names could also defined.
532
533       For a MySQL check, the receive setting is not used.
534
535       httpmethod = GET | HEAD
536
537       Sets the HTTP method which should be used to fetch the URI specified in
538       the request-string. GET is the method used by default if the parameter
539       is not set. If HEAD is used, the receive-string should be unset.
540
541       Default: GET
542
543       virtualhost = "hostname"
544
545       Used when using a negotiate check with HTTP or HTTPS. Sets the host
546       header used in the HTTP request.  In the case of HTTPS this generally
547       needs to match the common name of the SSL certificate. If not set then
548       the host header will be derived from the request url for the real
549       server if present.  As a last resort the IP address of the real server
550       will be used.
551
552       login = "username"
553
554       For FTP, IMAP, LDAP, MySQL, Oracle, POP and PostgreSQL, the username
555       used to log in.
556
557       For RADIUS the username is used for the attribute User-Name.
558
559       For SIP, the username is used as both the to and from address for an
560       OPTIONS query.
561
562       Default:
563
564       ·   FTP: Anonymous
565
566       ·   MySQL Oracle, and PostgreSQL: Must be specified in the
567           configuration
568
569       ·   SIP: ldirectord\@<hostname>, hostname is derived as per the passwd
570                option below.
571
572       ·   Otherwise: empty string, which denotes that      case
573           authentication will not be attempted.
574
575       passwd = "password"
576
577       Password to use to login to FTP, IMAP, LDAP, MySQL, Oracle, POP,
578       PostgreSQL and SIP servers.
579
580       For RADIUS the passwd is used for the attribute User-Password.
581
582       Default:
583
584       ·   FTP: ldirectord\@<hostname>,      where hostname is the environment
585           variable HOSTNAME evaluated at      run time, or sourced from uname
586           if unset.
587
588       ·   Otherwise: empty string.       In the case of LDAP, MySQL, Oracle,
589           and PostgreSQL this means      that authentication will not be
590           performed.
591
592       database = "databasename"
593
594       Database to use for MySQL, Oracle and PostgreSQL servers, this is the
595       database that the query (set by receive above) will be performed
596       against.  This is a required setting.
597
598       secret = "radiussecret"
599
600       Secret to use for RADIUS servers, this is the secret used to perform an
601       Access-Request with the username (set by login above) and passwd (set
602       by passwd above).
603
604       Default: empty string
605
606       scheduler = scheduler_name
607
608       Scheduler to be used by LVS for loadbalancing.  For an information on
609       the available sehedulers please see the ipvsadm(8) man page.
610
611       Default: "wrr"
612
613       persistent = n
614
615       Number of seconds for persistent client connections.
616
617       netmask = w.x.y.z | prefixlen
618
619       Netmask to be used for granularity of persistent client connections.
620       IPv4 netmask should be specified in dotted quad notation.  IPv6 netmask
621       should be specified as a prefix length between 1 and 128.
622
623       protocol = tcp | udp | fwm
624
625       Protocol to be used. If the virtual is specified as an IP address and
626       port then it must be one of tcp or udp. If a firewall mark then the
627       protocol must be fwm.
628
629       Default:
630
631       ·   Virtual is an IP address and port, and the port is not 53: tcp
632
633       ·   Virtual is an IP address and port, and the port is 53: udp
634
635       ·   Virtual is a firewall mark: fwm
636
637       monitorfile = "/path/to/monitorfile"
638
639       File to continuously log the real service checks to for this virtual
640       service. This is useful for monitoring when and why real services were
641       down or for statistics.
642
643       The log format is: [timestamp|pid|real_service_id|status|message]
644
645       Default: no separate logging of service checks.
646
647       ops = yes | no
648
649       Specify that a virtual service uses one-packet scheduling. This option
650       can be used only for UDP services. If this option is specified, all
651       connections are created only to schedule one packet. Option is useful
652       to schedule UDP packets from same client port to different real
653       servers.
654
655       servicename = short name
656
657       A name for this service. This is for the sole purpose of making it
658       easier to know which service is affected when e-mail notifications are
659       sent out.  It will be included in the e-mail subject and body.
660
661       comment = comment
662
663       Notes about this service to be included in e-mail notifications (for
664       example, purpose of the service or relevant administrator to contact).
665

IPv6

667       Directives for IPv6 are virtual6, real6, fallback6.  IPv6 addresses
668       specified for virtual6, real6, fallback6 and a file of maintenance
669       directory should be enclosed by brackets ([2001:db8::abcd]:80).
670
671       Following checktype and service are supported.
672
673       checktype: connect | external | external-perl | negotiate | off | on |
674       checktimeoutN
675
676       service: dns | http | https | nntp | none | simpletcp | sip
677
678       Note: When using a service type with http or https, you need to install
679       perl module perl-Net-INET6Glue.
680

FILES

682       /etc/ha.d/ldirectord.cf
683
684       /var/log/ldirectord.log
685
686       /var/run/ldirectord.configuration.pid
687
688       /etc/services
689

SEE ALSO

691       ipvsadm, heartbeat
692
693       Ldirectord Web Page: http://www.vergenet.net/linux/ldirectord/
694

AUTHORS

696       Horms <horms@verge.net.au>
697
698       Jacob Rief <jacob.rief@tiscover.com>
699
700
701
702perl v5.28.0                      2018-10-24                     LDIRECTORD(8)
Impressum