On Tuesday 15 September 2020 at 13:07:22, martin doc wrote:
On Tuesday 15 September 2020, Antony Stone wrote:
Firewall rules?
I was thinking about that ... it would requiring sync'ing iptables rules with VIP movement.
Why? If the connection comes from the VIP, it's constant as far as the single servers are concerned.
Then I could selectively NAT to force outgoing connections to appear as if they come from the VIP.
Is it possible to run a script when a VIP moves as some kind of event based action?
That depends on what HA system you're using to maintain the VIP, but the ones I've used (heartbeat, corosync, vrrpd, keepalived) all support running scripts as part of the failover process. Antony. -- 90% of networking problems are routing problems. 9 of the remaining 10% are routing problems in the other direction. The remaining 1% might be something else, but check the routing anyway. Please reply to the list; please *don't* CC me.