Mailing List Archive

[lvs-users] Access denied when using Floating IP
Hi,

I have set up Highly Available HAProxy Servers with Keepalived and Floating
IP. I have the below details

*Master Node keepalived.conf*

global_defs {
# Keepalived process identifier
#lvs_id haproxy_DH
}
# Script used to check if HAProxy is running
vrrp_script check_haproxy {
script "/usr/bin/killall -0 haproxy"
interval 2
weight 2
}
# Virtual interface
# The priority specifies the order in which the assigned interface to take
over in a failover
vrrp_instance VI_01 {
state MASTER
interface eth0
virtual_router_id 51
priority 200
# The virtual ip address shared between the two loadbalancers
virtual_ipaddress {
*172.16.0.75/32 <http://172.16.0.75/32>*
}
track_script {
check_haproxy
}
}

*Slave Node keepalived.conf*

global_defs {
# Keepalived process identifier
#lvs_id haproxy_DH_passive
}
# Script used to check if HAProxy is running
vrrp_script check_haproxy {
script "/usr/bin/killall -0 haproxy"
interval 2
weight 2
}
# Virtual interface
# The priority specifies the order in which the assigned interface to take
over in a failover
vrrp_instance VI_01 {
state BACKUP
interface eth0
virtual_router_id 51
priority 100
# The virtual ip address shared between the two loadbalancers
virtual_ipaddress {
172.16.0.75/32
}
track_script {
check_haproxy
}
}

HAProxy Node 1 has two IP Addresses

eth0 :- 172.16.0.20 LAN IP of the box Master Node
eth0 :- 172.16.0.75 Virtual IP

eth0 :- 172.16.0.21 LAN IP of the box Slave Node

In MySQL server, i have given access for the Floating IP :- 172.16.0.75


*GRANT USAGE ON *.* TO 'haproxy_check'@'172.16.0.75';*
*GRANT ALL PRIVILEGES ON *.* TO 'haproxy_root'@'172.16.0.75' IDENTIFIED BY
PASSWORD '*7A3F28E9F3E3AEFDFF87BCFE119DCF830101DD71' WITH GRANT OPTION;*

When i try to connect to the MySQL server using floating IP :- 172.16.0.75,
I get access denied inspite of giving grant access as per the above
mentioned command. When i try to use the static IP to connect to the MySQL
server using LAN IP :- 172.16.0.20, it works as expected. is it because
eth0 has two IPs :- 172.16.0.20 and 172.16.0.75?

Please do let me know if you need any additional information.

Regards,

Kaushal
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to lvs-users-request@LinuxVirtualServer.org
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
Re: [lvs-users] Access denied when using Floating IP [ In reply to ]
Kaushal,


Have you specified the source as the floating IP in the HAProxy config?
You can do this in the bind/front end section or per server - or even on
the health check line I think.

Or just grant ALL of the source IPs access from master and slave.





On 24 December 2016 at 17:08, Kaushal Shriyan <kaushalshriyan@gmail.com>
wrote:

> Hi,
>
> I have set up Highly Available HAProxy Servers with Keepalived and Floating
> IP. I have the below details
>
> *Master Node keepalived.conf*
>
> global_defs {
> # Keepalived process identifier
> #lvs_id haproxy_DH
> }
> # Script used to check if HAProxy is running
> vrrp_script check_haproxy {
> script "/usr/bin/killall -0 haproxy"
> interval 2
> weight 2
> }
> # Virtual interface
> # The priority specifies the order in which the assigned interface to take
> over in a failover
> vrrp_instance VI_01 {
> state MASTER
> interface eth0
> virtual_router_id 51
> priority 200
> # The virtual ip address shared between the two loadbalancers
> virtual_ipaddress {
> *172.16.0.75/32 <http://172.16.0.75/32>*
> }
> track_script {
> check_haproxy
> }
> }
>
> *Slave Node keepalived.conf*
>
> global_defs {
> # Keepalived process identifier
> #lvs_id haproxy_DH_passive
> }
> # Script used to check if HAProxy is running
> vrrp_script check_haproxy {
> script "/usr/bin/killall -0 haproxy"
> interval 2
> weight 2
> }
> # Virtual interface
> # The priority specifies the order in which the assigned interface to take
> over in a failover
> vrrp_instance VI_01 {
> state BACKUP
> interface eth0
> virtual_router_id 51
> priority 100
> # The virtual ip address shared between the two loadbalancers
> virtual_ipaddress {
> 172.16.0.75/32
> }
> track_script {
> check_haproxy
> }
> }
>
> HAProxy Node 1 has two IP Addresses
>
> eth0 :- 172.16.0.20 LAN IP of the box Master Node
> eth0 :- 172.16.0.75 Virtual IP
>
> eth0 :- 172.16.0.21 LAN IP of the box Slave Node
>
> In MySQL server, i have given access for the Floating IP :- 172.16.0.75
>
>
> *GRANT USAGE ON *.* TO 'haproxy_check'@'172.16.0.75';*
> *GRANT ALL PRIVILEGES ON *.* TO 'haproxy_root'@'172.16.0.75' IDENTIFIED BY
> PASSWORD '*7A3F28E9F3E3AEFDFF87BCFE119DCF830101DD71' WITH GRANT OPTION;*
>
> When i try to connect to the MySQL server using floating IP :- 172.16.0.75,
> I get access denied inspite of giving grant access as per the above
> mentioned command. When i try to use the static IP to connect to the MySQL
> server using LAN IP :- 172.16.0.20, it works as expected. is it because
> eth0 has two IPs :- 172.16.0.20 and 172.16.0.75?
>
> Please do let me know if you need any additional information.
>
> Regards,
>
> Kaushal
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
>
> LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
> Send requests to lvs-users-request@LinuxVirtualServer.org
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>



--
Regards,

Malcolm Turnbull.

Loadbalancer.org Ltd.
Phone: +44 (0)330 380 1064
http://www.loadbalancer.org/
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org
Send requests to lvs-users-request@LinuxVirtualServer.org
or go to http://lists.graemef.net/mailman/listinfo/lvs-users