<div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br></div><div class="gmail_extra"><br><div class="gmail_quote">On 6 January 2017 at 14:37, Ken Gaillot <span dir="ltr"><<a href="mailto:kgaillot@redhat.com" target="_blank">kgaillot@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><span class="gmail-">On 12/26/2016 12:03 AM, Kaushal Shriyan wrote:<br>
> Hi,<br>
><br>
> I have set up Highly Available HAProxy Servers with Keepalived and<br>
> Floating IP. I have the below details<br>
><br>
</span>> *Master Node keepalived.conf*<br>
<span class="gmail-">><br>
> global_defs {<br>
> # Keepalived process identifier<br>
> #lvs_id haproxy_DH<br>
> }<br>
> # Script used to check if HAProxy is running<br>
> vrrp_script check_haproxy {<br>
> script "/usr/bin/killall -0 haproxy"<br>
> interval 2<br>
> weight 2<br>
> }<br>
> # Virtual interface<br>
> # The priority specifies the order in which the assigned interface to<br>
> take over in a failover<br>
> vrrp_instance VI_01 {<br>
> state MASTER<br>
> interface eth0<br>
> virtual_router_id 51<br>
> priority 200<br>
> # The virtual ip address shared between the two loadbalancers<br>
> virtual_ipaddress {<br>
</span>> *<a href="http://172.16.0.75/32" rel="noreferrer" target="_blank">172.16.0.75/32</a> <<a href="http://172.16.0.75/32" rel="noreferrer" target="_blank">http://172.16.0.75/32</a>>*<br>
> }<br>
> track_script {<br>
> check_haproxy<br>
> }<br>
> }<br>
><br>
> *Slave Node keepalived.conf*<br>
<span class="gmail-">><br>
> global_defs {<br>
> # Keepalived process identifier<br>
> #lvs_id haproxy_DH_passive<br>
> }<br>
> # Script used to check if HAProxy is running<br>
> vrrp_script check_haproxy {<br>
> script "/usr/bin/killall -0 haproxy"<br>
> interval 2<br>
> weight 2<br>
> }<br>
> # Virtual interface<br>
> # The priority specifies the order in which the assigned interface to<br>
> take over in a failover<br>
> vrrp_instance VI_01 {<br>
> state BACKUP<br>
> interface eth0<br>
> virtual_router_id 51<br>
> priority 100<br>
> # The virtual ip address shared between the two loadbalancers<br>
> virtual_ipaddress {<br>
</span>> <a href="http://172.16.0.75/32" rel="noreferrer" target="_blank">172.16.0.75/32</a> <<a href="http://172.16.0.75/32" rel="noreferrer" target="_blank">http://172.16.0.75/32</a>><br>
<span class="gmail-">> }<br>
> track_script {<br>
> check_haproxy<br>
> }<br>
> }<br>
><br>
> HAProxy Node 1 has two IP Addresses<br>
><br>
> eth0 :- 172.16.0.20 LAN IP of the box Master Node<br>
> eth0 :- 172.16.0.75 Virtual IP<br>
><br>
> eth0 :- 172.16.0.21 LAN IP of the box Slave Node<br>
><br>
> In MySQL server, i have given access for the Floating IP :- 172.16.0.75<br>
><br>
</span>> *GRANT USAGE ON *.* TO 'haproxy_check'@'172.16.0.75';<br>
> *<br>
> *GRANT ALL PRIVILEGES ON *.* TO 'haproxy_root'@'172.16.0.75' IDENTIFIED<br>
> BY PASSWORD '*<wbr>7A3F28E9F3E3AEFDFF87BCFE119DCF<wbr>830101DD71' WITH GRANT OPTION;*<br>
<span class="gmail-">><br>
> When i try to connect to the MySQL server using floating IP :- 172.16.0.75,<br>
> I get access denied inspite of giving grant access as per the above<br>
> mentioned command. When i try to use the static IP to connect to the<br>
> MySQL server using LAN IP :- 172.16.0.20, it works as expected. is it<br>
> because eth0 has two IPs :- 172.16.0.20 and 172.16.0.75?<br></span></blockquote><div><br></div><div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">Might be. Try by giving privileges to both IPs.</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">Also you could try "seeing" from which IP you are exactly login from.</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><a href="http://serverfault.com/questions/65255/log-mysql-login-attempts">http://serverfault.com/questions/65255/log-mysql-login-attempts</a></div></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><span class="gmail-">
><br>
> Please do let me know if you need any additional information.<br>
><br>
> Regards,<br>
><br>
> Kaushal<br>
<br>
</span>People on this list tend to be more familiar with pacemaker clusters<br>
than keepalived, but my guess is that mysql's privileges apply to the IP<br>
address that the user is connecting *from*. Try giving the same<br>
privileges to the user at all other local IPs (or @'%' if you don't mind<br>
allowing connections from anywhere, and use a firewall to block unwanted<br>
connections instead).<br>
<br>
______________________________<wbr>_________________<br>
Users mailing list: <a href="mailto:Users@clusterlabs.org">Users@clusterlabs.org</a><br>
<a href="http://lists.clusterlabs.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.clusterlabs.org/<wbr>mailman/listinfo/users</a><br>
<br>
Project Home: <a href="http://www.clusterlabs.org" rel="noreferrer" target="_blank">http://www.clusterlabs.org</a><br>
Getting started: <a href="http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf" rel="noreferrer" target="_blank">http://www.clusterlabs.org/<wbr>doc/Cluster_from_Scratch.pdf</a><br>
Bugs: <a href="http://bugs.clusterlabs.org" rel="noreferrer" target="_blank">http://bugs.clusterlabs.org</a><br>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><br></div><div><br>Erick.</div><div><br><br>-------------------------------------------<br>IRC : zerick<br>Blog : <a href="http://zerick.me" target="_blank">http://zerick.me</a><br>About : <a href="http://about.me/zerick" target="_blank">http://about.me/zerick</a><br>Linux User ID : 549567</div></div></div></div></div></div></div>
</div></div>