Quote:
Originally Posted by lazydog
Can you explain this more, not sure I understand what you are meaning.
Show an example.
|
Sure thing.
First I am running Rhel 7.2, haproxy 1.5.14 and keepalived 1.2.13
[root@lvs2 ~]$ haproxy -v
HA-Proxy version 1.5.14 2015/07/02
Copyright 2000-2015 Willy Tarreau <willy@haproxy.org>
[root@lvs2 ~]$ keepalived -v
Keepalived v1.2.13 (06/25,2015)
[root@lvs2 ~]$ cat /etc/redhat-release
Red Hat Enterprise Linux Server release 7.2 (Maipo)
In this test setup I have 2 IPs 10.76.10.98(lvs2), which is the hostname for the server itself, and 10.76.10.105(mysqlmnmt) the virtual IP that keepalived handles
2: eno16780032: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:50:56:a8:17:c2 brd ff:ff:ff:ff:ff:ff
inet 10.76.10.98/24 brd 10.76.10.255 scope global dynamic eno16780032
valid_lft 448057sec preferred_lft 448057sec
inet 10.76.10.105/32 brd 10.76.10.255 scope global eno16780032
valid_lft forever preferred_lft forever
inet6 fe80::250:56ff:fea8:17c2/64 scope link
valid_lft forever preferred_lft forever
The problem that I have is that when I do an mysql -u thaylin -p -h 10.76.10.105 from another machine I get the error
ERROR 1045 (28000): Access denied for user 'thaylin'@'lvs2' (using password: YES)
It should be looking for the hostname associated with
This is not a password error, the password is correct..
I know with mysql you would normally use hostname security of the webserver making the call, but that does not work when you are using haproxy to pass through, and therefore it homes in on the virtual ip keepalived manages.
I have also attempted 2 interfaces. It is easier to route properly, but keepalived tries to add the routes before their is an IP assigned to it, and therefore the network is unreachable, in addition even if you set track_interface to the always live server interface the VRRP requests are not checked on it, but on the managed interface.