Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
cloudappliance/mastermasterdb [2020_02_14 15:37] – [File Fabric HA Master - Master Database with Automatic Failover] dancloudappliance/mastermasterdb [2021_04_08 15:56] – Update to edit iptables file directly to apply changes. eric
Line 5: Line 5:
 The information in this document is provided on an as-is basis. You use it at your own risk. We accept no responsibility for errors or omissions, nor do we have any obligation to provide support for implementing or maintaining the configuration described here. Furthermore, we do not warrant that the design presented here is appropriate for your requirements. The information in this document is provided on an as-is basis. You use it at your own risk. We accept no responsibility for errors or omissions, nor do we have any obligation to provide support for implementing or maintaining the configuration described here. Furthermore, we do not warrant that the design presented here is appropriate for your requirements.
  
-SME designs, implements and supports HA File Fabric solutions for customers on a paid professional services basis. For more information please contact sales@storagemadeeasy.com +SME designs, implements and supports HA (High Availability) File Fabric solutions for customers on a paid professional services basis. For more information please contact sales@storagemadeeasy.com 
  
 <WRAP center round important 100%> <WRAP center round important 100%>
Line 110: Line 110:
 On both smesql01 and smesql02, you must update iptables to allow incoming connections to mariadb, do the following. On both smesql01 and smesql02, you must update iptables to allow incoming connections to mariadb, do the following.
  
-As root:+As root we will edit the iptables file to add the following lines:
  
 +/etc/sysconfig/iptables :
 <code> <code>
-iptables-save > /var/tmp/iptables_backup_`date -I` +... 
-ipt_line=`iptables -RH-Firewall-1-INPUT ---line-numbers | grep REJECT | awk '{print $1}'+-RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT 
-insert_line=`expr $ipt_line 1` +-RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 11211 -j ACCEPT 
-iptables -RH-Firewall-1-INPUT $insert_line -p tcp -m state --state NEW -m tcp --dport 11211 -j ACCEPT+... 
 +COMMIT 
 +</code> 
 +Then issue a restart:
  
-iptables -I RH-Firewall-1-INPUT $insert_line -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT +<code>  
- +systemctl restart iptables 
-iptables-save > /etc/sysconfig/iptables+systemctl restart docker
 </code> </code>
  
Line 350: Line 354:
 We will also need to allow multicast traffic (244.0.0.0) through our iptables firewall, as well as adjust selinux to allow keepalived to operate. Finally, we will add a user (keepalived_script) which keepalived will use.  We will also need to allow multicast traffic (244.0.0.0) through our iptables firewall, as well as adjust selinux to allow keepalived to operate. Finally, we will add a user (keepalived_script) which keepalived will use. 
  
 +/etc/sysconfig/iptables :
 <code> <code>
-iptables -I INPUT -i eth0 -d 224.0.0.0/8 -p vrrp -j ACCEPT +... 
-iptables-save /etc/sysconfig/iptables +-A RH-Firewall-1-INPUT -p vrrp -j ACCEPT 
-semanage permissive -keepalived_t +... 
-groupadd keepalived_script +COMMIT 
-useradd -s /sbin/nologin -g keepalived_script -M keepalived_script+</code
 +Then issue restart: 
 + 
 +<code>  
 +systemctl restart iptables 
 +systemctl restart docker
 </code> </code>
  
© Copyright 2024 Nasuni.