Rocky 8 + LVS + KeepAlived + Galera =================================== ---------------------------------------------------------- ]# cat /etc/keepalived/master #!/bin/sh echo "Keepalived : Master" > /etc/keepalived/keepalived.status ]# cat /etc/keepalived/backup #!/bin/sh echo "Keepalived : Backup" > /etc/keepalived/keepalived.status ---------------------------------------------------------- し Active Node ]# cat /etc/keepalived/keepalived.conf global_defs { notification_email { } router_id LVS_NAT_1306 } vrrp_instance VI_1 { state MASTER interface ens19 virtual_router_id 200 priority 200 advert_int 1 authentication { auth_type PASS auth_pass Pass_LVS_NAT_1306 } virtual_ipaddress { 10.11.0.47 } notify_backup /etc/keepalived/backup notify_master /etc/keepalived/master } virtual_server 10.11.0.47 30306 { delay_loop 3 lb_algo wlc lb_kind DR protocol TCP # persistence_timeout 3600 real_server 10.11.0.81 30306 { weight 10 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 10.11.0.82 30306 { weight 10 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 10.11.0.83 30306 { weight 10 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 10.11.0.84 30306 { weight 10 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } } virtual_server 10.11.0.47 8009 { delay_loop 3 lb_algo wlc lb_kind DR protocol TCP # persistence_timeout 3600 real_server 192.168.5.91 8080 { weight 10 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 192.168.5.92 8080 { weight 10 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } } ---------------------------------------------------------- し Backup Node ]# cat /etc/keepalived/keepalived.conf global_defs { notification_email { } router_id LVS_NAT_1306 } vrrp_instance VI_1 { state BACKUP interface ens19 virtual_router_id 200 priority 100 advert_int 1 authentication { auth_type PASS auth_pass Pass_LVS_NAT_1306 } virtual_ipaddress { 10.11.0.47 } notify_backup /etc/keepalived/backup notify_master /etc/keepalived/master } virtual_server 10.11.0.47 30306 { delay_loop 3 lb_algo rr lb_kind DR protocol TCP # persistence_timeout 3600 real_server 10.11.0.81 30306 { weight 10 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 10.11.0.82 30306 { weight 10 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 10.11.0.83 30306 { weight 10 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 10.11.0.84 30306 { weight 10 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } } virtual_server 10.11.0.47 8009 { delay_loop 3 lb_algo wlc lb_kind DR protocol TCP # persistence_timeout 3600 real_server 192.168.5.91 8080 { weight 10 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 192.168.5.92 8080 { weight 10 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } } ---------------------------------------------------------- し Active Node ]# ip a (......) 3: ens19: mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 0a:64:4d:cb:55:15 brd ff:ff:ff:ff:ff:ff inet 10.11.0.48/24 brd 10.11.0.255 scope global noprefixroute ens19 valid_lft forever preferred_lft forever inet 10.11.0.47/32 scope global ens19 valid_lft forever preferred_lft forever inet6 fe80::864:4dff:fecb:5515/64 scope link valid_lft forever preferred_lft forever ---------------------------------------------------------- し Backup Node ]# ip a (......) 3: ens19: mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 5a:1a:b9:2b:5c:fd brd ff:ff:ff:ff:ff:ff inet 10.11.0.49/24 brd 10.11.0.255 scope global noprefixroute ens19 valid_lft forever preferred_lft forever inet6 fe80::581a:b9ff:fe2b:5cfd/64 scope link valid_lft forever preferred_lft forever ---------------------------------------------------------- し VRRP 買遂 iptables -A INPUT -p vrrp -j ACCEPT iptables -A OUTPUT -p vrrp -j ACCEPT or ]# firewall-cmd --add-rich-rule='rule protocol value="vrrp" accept' --permanent ]# firewall-cmd --reload ]# firewall-cmd --info-zone=public public (active) target: default icmp-block-inversion: no interfaces: ens18 ens19 sources: services: cockpit dhcpv6-client http https ssh ports: protocols: forward: no masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule protocol value="vrrp" accept