Differences

This shows you the differences between two versions of the page.

--- cloudappliance/mastermasterdb [2020_04_13 20:31] – [Disclaimer] steven
+++ cloudappliance/mastermasterdb [2021_04_08 15:56] – Update to edit iptables file directly to apply changes. eric
@@ Line 110: / Line 110: @@
 On both smesql01 and smesql02, you must update iptables to allow incoming connections to mariadb, do the following.
-As root:
+As root we will edit the iptables file to add the following lines:
+/etc/sysconfig/iptables :
 <code>
-iptables-save > /var/tmp/iptables_backup_`date -I`
+...
-ipt_line=`iptables -L RH-Firewall-1-INPUT -n --line-numbers | grep REJECT | awk '{print $1}'`
+-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT
-insert_line=`expr $ipt_line - 1`
+-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 11211 -j ACCEPT
-iptables -I RH-Firewall-1-INPUT $insert_line -p tcp -m state --state NEW -m tcp --dport 11211 -j ACCEPT
+...
+COMMIT
+</code>
+Then issue a restart:
-iptables -I RH-Firewall-1-INPUT $insert_line -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT
+<code>
+systemctl restart iptables
-iptables-save > /etc/sysconfig/iptables
+systemctl restart docker
 </code>
@@ Line 350: / Line 354: @@
 We will also need to allow multicast traffic (244.0.0.0) through our iptables firewall, as well as adjust selinux to allow keepalived to operate. Finally, we will add a user (keepalived_script) which keepalived will use.
+/etc/sysconfig/iptables :
 <code>
-iptables -I INPUT -i eth0 -d 224.0.0.0/8 -p vrrp -j ACCEPT
+...
-iptables-save > /etc/sysconfig/iptables
+-A RH-Firewall-1-INPUT -p vrrp -j ACCEPT
-semanage permissive -a keepalived_t
+...
-groupadd keepalived_script
+COMMIT
-useradd -s /sbin/nologin -g keepalived_script -M keepalived_script
+</code>
+Then issue a restart:
+<code>
+systemctl restart iptables
+systemctl restart docker
 </code>