2

I have SSH installed, and UCARP configured to fail over a virtual IP when one of the two boxes goes down. The problem that I'm having is when a VM is running, and the ucarp interface is active (eth0:ucarp), I cannnot ssh to the VM using the eth0 address; I can only get to it using the eth0:ucarp address.

I used this guide to set up UCARP: http://laurentbel.com/2012/04/04/simple-failover-cluster-on-ubuntu-using-carp/

Is there a way to configure ssh to only run on eth0, or make eth0 the 'primary' interface for ssh? Right now, if I try to ssh to the eth0 address, there is no response (the connection times out).

Here is my /etc/networking/interfaces file:

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
    ###
    # standard config
    ###
    address 192.168.1.7
    netmask 255.255.255.0
    gateway 192.168.1.1
    network 192.168.1.0
    broadcast 192.168.1.255

    ###
    # ucarp config
    ###
    # vid: the ID of the virtual server [1-255]
    ucarp-vid 1
    # vip: the virtual IP
    ucarp-vip 192.168.1.3
    # password
    ucarp-password info322
    # advskew: Advertisement skew [1-255]
    ucarp-advskew 1
    # advbase: Interval in seconds that advertisements will occur
    ucarp-advbase 1
    # master: determine if this server is the master
    ucarp-master yes

# The carp network interface, on top of eth1
iface eth0:ucarp inet static
    address 192.168.1.3
    netmask 255.255.255.0
EGr
  • 575
  • 3
  • 12
  • 29
  • Do you get any errors from the firewall mentioning martians or that something is blocked in /var/log/messages, syslog or dmesg? – Jure1873 Nov 06 '13 at 20:19
  • 2
    If you really need it to listen to one ip only you can put ListenAddress 192.168.1.100 into the sshd configuration file. – Jure1873 Nov 06 '13 at 20:21
  • Does ucarp make eth0 unavailable when a node is the primary? I can't ping eth0 unless I take eth0:ucarp down. – EGr Nov 11 '13 at 15:56
  • 1
    You will have another problem with SSH hostkeys. You may want to install the same hostkey on each ssh server or otherwise tell your clients to ignore the problems/mismatches. – dmourati Nov 11 '13 at 18:10
  • 1
    ucarp shouldn't make the main interface unavailable. What messages do you get when you ping? Do you have a firewall enabled? This is strange. You could try keepalived and see if you have more luck with that. – Jure1873 Nov 11 '13 at 20:05
  • I get "Request timed out." messages when pinging from other systems. If I ping the IP from the actual VM, there is a response; but only when done from the VM itself. – EGr Nov 11 '13 at 22:46
  • Where is this VM? Some hypervisors can block multiple ips. – Jure1873 Nov 13 '13 at 15:41
  • I have two VMs running in VMware Player on my laptop – EGr Nov 13 '13 at 16:32
  • Can you try this in a non-virtualized environment? (Even if you only set up one half of the CARP pair it should be enough to test with.) My suspicion is that this is an issue with VMWare Player and it's networking functionality but the only way to know for sure is to test :) – voretaq7 Nov 15 '13 at 07:58
  • Do you define an own MAC-address for UCARP, or are you using eth0 for both? Has the network-team implemented MAC-based security? – Nils Nov 17 '13 at 21:49

0 Answers0