Thanks to the various posts on this thread, I've managed to get a pair of Hercules appliances up and running in the following configuration:

• two ESXi hosts, each with a Hercules appliance and an Ubuntu guest running squid proxy and outbound Postfix

• each of the Hercules guests are configured to load balance between the local Ubuntu instance and the Ubuntu instance on the other ESXi server

By themselves, the Hercules appliances are functioning as expected; the odd behavior now comes when I enable VRRPD so add redundancy between the load balancers themselves. My understanding is that once you've assigned a virtual IP to VRRP, the pair of VRRP servers is supposed to establish a master/backup configuration. However, once I've started the service, the Hercules appliances hang up for about 15-30 seconds, return to service, but now /var/log/messages show that both servers claim to be the master router.

Any suggestions on why this might be?

My (almost) working config:

#!/bin/sh

LOGFILE1=/var/log/pen.smtp.log

LOGFILE2=/var/log/pen.squid.log

PIDFILE1=/var/run/pen.smtp.pid

PIDFILE2=/var/run/pen.squid.pid

CONTROLPORT1=8888

CONTROLPORT2=8889

CHROOTDIR=/chroot/pen

VRRP_IP=10.1.1.100

VSERVER_ID=1

LBSERVER1=25

LBSERVER2=3128

SERVER1=10.1.1.72

SERVER2=10.1.1.92

case "$1" in

start)

echo -n "Starting VRRP Cluster Service: "

/sbin/vrrpd -i eth0 -v $VSERVER_ID $VRRP_IP

echo "OK"

if -x /bin/pen ; then

echo -n "Starting pen.smtp: "

/bin/pen -C $CONTROLPORT1 -X -l $LOGFILE1 -p $PIDFILE1 $LBSERVER1 $SERVER1 $SERVER2

echo "OK"

fi

if -x /bin/pen ; then

echo -n "Starting pen.squid: "

/bin/pen -C $CONTROLPORT2 -X -l $LOGFILE2 -p $PIDFILE2 $LBSERVER2 $SERVER1 $SERVER2

echo "OK"

fi

;;

stop)

kill `cat /var/run/pen.smtp.pid`

kill `cat /var/run/pen.squid.pid`

killall vrrpd

;;

*)

echo "usage: $0 { start | stop }" >&2

exit 1

;;

esac

Jeez people go read up on Pen;

The default concurrent users is 2048, but you can change it to what ever you want.

try this: pen --help

I don't think anyone is still supporting this. Too bad as this is a great appliance.

]Monty[

Hi,

I am searching for an VMware ESX4 ready Hercules Appliance.

Can anybody help me?

Kind regards,

Andre

Very nice and simple VM. tks to prabhakar, (if you still read this.)

I download exs3 version and use vmware converter to bring into esxi4 host.

Adapted startup script and boot mod from Hoppa66, two Hercules VMs with VRRP up and running in two hours.

@legacy, re: vrrpd

Curious, did you ever figure out a solution to the VRRP issue?  In my testing, as long as BOTH are set to the same priority, you won't have a split brain problem when you REBOOT either vm.  However, in a scenario where network connectivity between hosts is interrupted, the vrrp service on the standby goes active (as expected) but vrrp remains split brain after network services are restored.

What I've found is that VRRP resets eth0's MAC address (according to ifconfig) when becoming the active system.  I was expecting that it would retain its guest MAC, plus anwser for requests to the virtual MAC (vrrpd), not reset its interface.  I have a feeling that this is not playing nicely with the underlying vSwitch.  Will test some more theories and possibly open case w/ VMware.

@others, Re: support for vm

Definitely no longer supported... no idea where the creator disappeared to.  However, this is a simple system to create on your own.  I have documented the process, using Ubuntu8.04 JeOS.  However, as part of troubleshooting the above, I'm currently updating to an Ubuntu 8.10LTS minimal virutual build.  Once I address the above problem, I would be happy to share with the community.  Its not nearly as small as the dropbox implementation the original author provided, but I'm finding that having tools like tcpdump built into the appliance is quite handy.

Good news.  I've found that using keepalived instead of vrrpd seems to provide a much more robust solution.

By setting both keepalived instances as BACKUP, with one Priority 100, the other 90, and the "nopreempt" option:

- Split-brain recovers, forcing an election, which the balancer vm with pri 100 wins.  (tested by blocking multicast with iptables on one load balancer to simulate switch failure, isolating the current master.  Both load balancers are now master.  Flushing the iptables rules, they both immediately see eachother and an election occurs.  This is where vrrpd failed.  For some reason, vrrpd would not see each other's multicasts and thus no election would happen.)

- If the current master (prio 100) fails, the other (prio 90) becomes Master.  Once the failed load balancer comes back online, it will remain in Backup state.  This is important (to me) as I don't want clients failing over twice should the master fail.  The application behind the loadbalancer is stateful, and the clients switching twice causes two outages.  One is bad, two is worse