LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: [lvs-users] Access denied when using Floating IP

To: "LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [lvs-users] Access denied when using Floating IP
From: Malcolm Turnbull <malcolm@xxxxxxxxxxxxxxxx>
Date: Sat, 24 Dec 2016 17:23:28 +0000
Kaushal,


Have you specified the source as the floating IP in the HAProxy config?
You can do this in the bind/front end section or per server - or even on
the health check line I think.

Or just grant ALL of the source IPs access from master and slave.





On 24 December 2016 at 17:08, Kaushal Shriyan <kaushalshriyan@xxxxxxxxx>
wrote:

> Hi,
>
> I have set up Highly Available HAProxy Servers with Keepalived and Floating
> IP. I have the below details
>
> *Master Node keepalived.conf*
>
> global_defs {
> # Keepalived process identifier
> #lvs_id haproxy_DH
> }
> # Script used to check if HAProxy is running
> vrrp_script check_haproxy {
> script "/usr/bin/killall -0 haproxy"
> interval 2
> weight 2
> }
> # Virtual interface
> # The priority specifies the order in which the assigned interface to take
> over in a failover
> vrrp_instance VI_01 {
> state MASTER
> interface eth0
> virtual_router_id 51
> priority 200
> # The virtual ip address shared between the two loadbalancers
> virtual_ipaddress {
> *172.16.0.75/32 <http://172.16.0.75/32>*
> }
> track_script {
> check_haproxy
> }
> }
>
> *Slave Node keepalived.conf*
>
> global_defs {
> # Keepalived process identifier
> #lvs_id haproxy_DH_passive
> }
> # Script used to check if HAProxy is running
> vrrp_script check_haproxy {
> script "/usr/bin/killall -0 haproxy"
> interval 2
> weight 2
> }
> # Virtual interface
> # The priority specifies the order in which the assigned interface to take
> over in a failover
> vrrp_instance VI_01 {
> state BACKUP
> interface eth0
> virtual_router_id 51
> priority 100
> # The virtual ip address shared between the two loadbalancers
> virtual_ipaddress {
> 172.16.0.75/32
> }
> track_script {
> check_haproxy
> }
> }
>
> HAProxy Node 1 has two IP Addresses
>
> eth0 :- 172.16.0.20 LAN IP of the box Master Node
> eth0 :- 172.16.0.75 Virtual IP
>
> eth0 :- 172.16.0.21 LAN IP of the box Slave Node
>
> In MySQL server, i have given access for the Floating IP :- 172.16.0.75
>
>
> *GRANT USAGE ON *.* TO 'haproxy_check'@'172.16.0.75';*
> *GRANT ALL PRIVILEGES ON *.* TO 'haproxy_root'@'172.16.0.75' IDENTIFIED BY
> PASSWORD '*7A3F28E9F3E3AEFDFF87BCFE119DCF830101DD71' WITH GRANT OPTION;*
>
> When i try to connect to the MySQL server using floating IP :- 172.16.0.75,
> I get access denied inspite of giving grant access as per the above
> mentioned command. When i try to use the static IP to connect to the MySQL
> server using LAN IP :- 172.16.0.20, it works as expected. is it because
> eth0 has two IPs :- 172.16.0.20 and 172.16.0.75?
>
> Please do let me know if you need any additional information.
>
> Regards,
>
> Kaushal
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>



-- 
Regards,

Malcolm Turnbull.

Loadbalancer.org Ltd.
Phone: +44 (0)330 380 1064
http://www.loadbalancer.org/
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

<Prev in Thread] Current Thread [Next in Thread>