Robert Segall wrote:[...]

I've been running it for a while with no regressions.  +1 on marking it 
stable.

Regards,[...]

Yup:

ListenHTTPS
  Address X.Y.Z.W
  Port    443
  Cert    "/etc/pound/nsol/mycert.pem"
  VerifyList "/etc/pound/nsol/ca/nsol_ca_list.pem"
  CAlist "/etc/pound/nsol/ca/nsol_ca_list.pem"
  AddHeader "HTTPS: ON"
[...]

Oh, that nsol_ca_list.pem file is just:

<private key>
<AddTrustExtrenalCARoot.crt>
<NetworkSolutions_CA.crt>
<UTNAddTrustServer_CA.crt>

all concatenated into the pem file.
[...]

On Feb 1, 2008, at 9:43 AM, Jacob Anderson wrote:
[...]


so in the Cert directive, is the privkey and my cert (btw, is the  
pkcs8 format for the privkey now required?),  but where can i find the  
right bytes for the netsol ca list?

-mml

On Feb 1, 2008, at 9:45 AM, Jacob Anderson wrote:
[...]


ah, great! ignore that reply i just sent.

thanks,

-mml

Hi, I am also interested in this.  It is not possible with Pound 
currently however.

Rick

tyntas wrote:[...]

>> Is there a way to set up such a thing:[...]

I'm curious - whats the use case here?  Why do you want something like that?
[...]

For me I have a pound proxy, apache backend, and lighttpd backend. I 
would like all the requests to hit lighttpd normally. if light is dead, 
overloaded, or otherwise not answering requests, I would like apache to 
answer requests. Lighttpd is much much faster but apache can run for 
years without a restart.

Rick



Dave Steinberg wrote:
>>> Is there a way to set up such a thing:
>>> There are configured two groups of BackEnds - group A (backend A1 
>>> and A2) and group B (backend B1 and B2)
>>>
>>> 1) In normal state group A is queried and load distributed as 
>>> specified in priorities inside group A, but group B stays
absolutely 
>>> passive.
>>> 2) If all BackEnds in group A goes down, then pound starts using 
>>> BackEnd's in group B with priorities specified in their group 
>>> respectively.
>>> 3) If later any BackEnd in group A become active, then group B 
>>> should be left passive again.
>>> 4) When no group is available, Emergency service should be
used.[...]

Rick Blundell wrote:[...]

To play devil's advocate for a moment, why not simply de-prioritize your 
apache backends down to 1?  Wouldn't that achieve the desired effect?
[...]

J,
 
We setup a front end using relayd (also called hoststatd) in openbsd. We
have two groups of hosts; A is compromised of 3 primary web server machines
and B comprising of 2 emergency backup web server machines.

The balancers are all running pound. Just like your example, if all hosts
in A go down then B comes up. When any machine is A comes back up then
machines in B go unused.  We also have scripts to look at the request load
to make sure that at least 2 machines in A come up before the switch is
initiated.
                                  |- Group A, webserver 1
                      |- pound A -|- Group A, webserver 2 
                      |           |- Group A, webserver 3
internet -- openbsd --|
(sourcex2)  (CARPx3)  |- pound B -|- Group B, webserver 1 
                                  |- Group B, webserver 2

This is a bit complicated solution, but allows us to take machines down on
a whim. The users or staff never notice a problem. We can also loose as
many as 2 openbsd CARP's, one pound box and 4 web servers and can still be
considered up and serving data. 

I have never tried to setup pound to to the job of relayd, but it may be
possible. Even the solution above requires many extra scripts to make sure
all machines know about the status of the cluster.

You can find a lot of this information at http://calomel.org

--
 Calomel (at) http://calomel.org
 Open Source Research and Reference


On Mon, Feb 11, 2008 at 04:40:13PM +0200, tyntas wrote:[...]

My case is alittle bit different.

I have international website which has one backend and proxies 
distributed in a few countries. There are dedicated international links 
for local proxies to query central backends. I use pound because there 
are a few central servers as well as a few proxies in each locale.

The problem would be if my dedicated link fails. It has quite high SLA, 
but still - if it would fail - I would like the queries to travel via 
public internet rather than site being out of service, because i have no 
security concerns here moving traffic publicaly.

Local pound can see central backends as internal IP's which are routed 
internaly, but it can also reach te same backends by querying their 
public addresses which are route via global Internet. If pound would 
support BackEnd groups I could setup group A of internal IP's, and group 
B of external ones. I think it's clear what would it mean if the servers 
in group A are not reachible, but in group B they are.

In this case pound would be doing "link failover" instead of "BackEnd 
failover" actully and it might be already out of pounds scope, but still 
a very nice addition to it's value.

j.

Rick Blundell rašė:[...]
>>>> Is there a way to set up such a thing:
>>>> There are configured two groups of BackEnds - group A (backend
A1 
>>>> and A2) and group B (backend B1 and B2)
>>>>
>>>> 1) In normal state group A is queried and load distributed as 
>>>> specified in priorities inside group A, but group B stays
absolutely 
>>>> passive.
>>>> 2) If all BackEnds in group A goes down, then pound starts
using 
>>>> BackEnd's in group B with priorities specified in their group 
>>>> respectively.
>>>> 3) If later any BackEnd in group A become active, then group B

>>>> should be left passive again.
>>>> 4) When no group is available, Emergency service should be
used.[...][...]

Hello,

I think you want pound to do a networking infrastructure's job. I'm sure 
you can setup your network so that it will always serve the internal 
address, but in case of link failure it'll tunnel the address(es) to 
your remote location.

Pound is indeed a backend load balancer. The failover functionality is 
kind of a side-effect of that. Doing a link failover would be out of the 
scope for it, I suppose.

MT.

tyntas napsal(a):[...][...]
>>>>> Is there a way to set up such a thing:
>>>>> There are configured two groups of BackEnds - group A
(backend A1 
>>>>> and A2) and group B (backend B1 and B2)
>>>>>
>>>>> 1) In normal state group A is queried and load distributed
as 
>>>>> specified in priorities inside group A, but group B stays 
>>>>> absolutely passive.
>>>>> 2) If all BackEnds in group A goes down, then pound starts
using 
>>>>> BackEnd's in group B with priorities specified in their
group 
>>>>> respectively.
>>>>> 3) If later any BackEnd in group A become active, then
group B 
>>>>> should be left passive again.
>>>>> 4) When no group is available, Emergency service should be
used.
>>>
>>> I'm curious - whats the use case here?  Why do you want something 
>>> like that?
[...]