[ClusterLabs] Access denied when using Floating IP

Erick Ocrospoma zipper1790 at gmail.com
Fri Jan 6 18:11:48 EST 2017


On 6 January 2017 at 14:37, Ken Gaillot <kgaillot at redhat.com> wrote:

> On 12/26/2016 12:03 AM, Kaushal Shriyan wrote:
> > Hi,
> >
> > I have set up Highly Available HAProxy Servers with Keepalived and
> > Floating IP.  I have the below details
> >
> > *Master Node keepalived.conf*
> >
> > global_defs {
> > # Keepalived process identifier
> > #lvs_id haproxy_DH
> > }
> > # Script used to check if HAProxy is running
> > vrrp_script check_haproxy {
> > script "/usr/bin/killall -0 haproxy"
> > interval 2
> > weight 2
> > }
> > # Virtual interface
> > # The priority specifies the order in which the assigned interface to
> > take over in a failover
> > vrrp_instance VI_01 {
> > state MASTER
> > interface eth0
> > virtual_router_id 51
> > priority 200
> > # The virtual ip address shared between the two loadbalancers
> > virtual_ipaddress {
> > *172.16.0.75/32 <http://172.16.0.75/32>*
> > }
> > track_script {
> > check_haproxy
> > }
> > }
> >
> > *Slave Node keepalived.conf*
> >
> > global_defs {
> > # Keepalived process identifier
> > #lvs_id haproxy_DH_passive
> > }
> > # Script used to check if HAProxy is running
> > vrrp_script check_haproxy {
> > script "/usr/bin/killall -0 haproxy"
> > interval 2
> > weight 2
> > }
> > # Virtual interface
> > # The priority specifies the order in which the assigned interface to
> > take over in a failover
> > vrrp_instance VI_01 {
> > state BACKUP
> > interface eth0
> > virtual_router_id 51
> > priority 100
> > # The virtual ip address shared between the two loadbalancers
> > virtual_ipaddress {
> > 172.16.0.75/32 <http://172.16.0.75/32>
> > }
> > track_script {
> > check_haproxy
> > }
> > }
> >
> > HAProxy Node 1 has two IP Addresses
> >
> > eth0 :- 172.16.0.20 LAN IP of the box Master Node
> > eth0 :- 172.16.0.75 Virtual IP
> >
> > eth0 :- 172.16.0.21 LAN IP of the box Slave Node
> >
> > In MySQL server, i have given access for the Floating IP :- 172.16.0.75
> >
> > *GRANT USAGE ON *.* TO 'haproxy_check'@'172.16.0.75';
> > *
> > *GRANT ALL PRIVILEGES ON *.* TO 'haproxy_root'@'172.16.0.75' IDENTIFIED
> > BY PASSWORD '*7A3F28E9F3E3AEFDFF87BCFE119DCF830101DD71' WITH GRANT
> OPTION;*
> >
> > When i try to connect to the MySQL server using floating IP :-
> 172.16.0.75,
> > I get access denied inspite of giving grant access as per the above
> > mentioned command. When i try to use the static IP to connect to the
> > MySQL server using LAN IP :- 172.16.0.20, it works as expected. is it
> > because eth0 has two IPs :- 172.16.0.20 and 172.16.0.75?
>

​Might be. Try by giving privileges to both IPs.
Also you could try "seeing" from which IP you are exactly login from.
http://serverfault.com/questions/65255/log-mysql-login-attempts​


> >
> > Please do let me know if you need any additional information.
> >
> > Regards,
> >
> > Kaushal
>
> People on this list tend to be more familiar with pacemaker clusters
> than keepalived, but my guess is that mysql's privileges apply to the IP
> address that the user is connecting *from*. Try giving the same
> privileges to the user at all other local IPs (or @'%' if you don't mind
> allowing connections from anywhere, and use a firewall to block unwanted
> connections instead).
>
> _______________________________________________
> Users mailing list: Users at clusterlabs.org
> http://lists.clusterlabs.org/mailman/listinfo/users
>
> Project Home: http://www.clusterlabs.org
> Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf
> Bugs: http://bugs.clusterlabs.org
>



-- 


Erick.


-------------------------------------------
IRC     :   zerick
Blog    : http://zerick.me
About :  http://about.me/zerick
Linux User ID :  549567
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clusterlabs.org/pipermail/users/attachments/20170106/e0c67c21/attachment-0003.html>


More information about the Users mailing list