OpenShift requires a load balancer for providing access to the hosted applications. Although I can run a three node cluster, I need a fourth location to provide a load balancer that can then provide access to the cluster.
For my home lab set up, this means I want to run one on my bastion host….but it is already running HTTP and (FreeIPA) Red Hat IdM. I don’t want to break that. So, I want to add a second IP address to the bastion host, and have all of the existing services make use of the existing IP address. Only the new HA Proxy instance will use the new IP address.
This would be trivial for a simple Ethernet port, but I am using a Bridge, which makes it a touch trickier, but not terribly so.
Adding an IP address can be done using the following command:
sudo ip addr add 192.168.123.6/24 dev br0 |
The IP Address comes from the same subnet as both the bastion host and the OpenShift cluster machines already use. The DHCP server does not allocate addresses below .100 So this is a safe static value to use. br0 already has the address 192.168.123.1.
In fact, that IP address is visible in the network scripts:
$ cat /etc/sysconfig/network-scripts/ifcfg-br0 STP=yes BRIDGING_OPTS=priority=32768 TYPE=Bridge PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=none DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME=br0 UUID=4ca027d3-c472-4471-888b-12c295ad2cc1 DEVICE=br0 ONBOOT=yes IPADDR=192.168.123.1 PREFIX=24 |
However, I want this to persist over a reboot. If I bring the br0 connection down and then back up again, it is gone.
Well, if I am dumb and I bring it down when I am logged on over it, I lock myself out, but fortunately the device also has a Wireless connection.
I can use the nmcli command to add the additional address like this:
sudo nmcli con mod br0 +ipv4.addresses "192.168.123.6/24" |
Which does not make the change immediately, but rather requires that I bring the device down and back up.
And I freeze myself out of the Bastion host on that interface. What is wrong?
$ ping nuzleaf PING nuzleaf.home.younglogic.net (192.168.123.1) 56(84) bytes of data. From ayoungP40 (192.168.123.2) icmp_seq=8 Destination Host Unreachable |
Looking at the routing table:
$ ip route default via 10.0.0.1 dev wlp2s0 proto dhcp metric 600 10.0.0.0/24 dev wlp2s0 proto kernel scope link src 10.0.0.240 metric 600 10.88.0.0/16 dev cni-podman0 proto kernel scope link src 10.88.0.1 linkdown 192.168.100.0/24 dev virbr0 proto kernel scope link src 192.168.100.1 linkdown 192.168.123.0/24 dev br0 proto kernel scope link src 192.168.123.1 metric 425 192.168.123.0/24 dev br0 proto kernel scope link src 192.168.123.6 metric 425 192.168.130.0/24 dev virbr1 proto kernel scope link src 192.168.130.1 linkdown |
We have two entries for the 192.168.123.0/24 network. I know that I want the .1 entry. If I delete both, and add back in one, I get ping responses:
sudo ip route del 192.168.123.0/24 sudo ip route del 192.168.123.0/24 sudo ip route add 192.168.123.0/24 via 192.168.123.1 |
Can I add this as a static route? I try
sudo nmcli connection modify br0 +ipv4.routes "192.168.123.0/24 192.168.123.1" |
But Now I have 3 routes. I need to get rid of that DEFROUTE=yes value. I resist the urge to do this via a text editor and instead turn again to nmcli:
sudo nmcli connection modify br0 ipv4.never-default yes |
Bring the device down and back up again. It takes a moment for the route information to settle, but I start getting ping response again after a few seconds. But can I log in? ssh to the machine….yes. Eventually.
Going back to the routing table:
$ ip route default via 10.0.0.1 dev wlp2s0 proto dhcp metric 600 10.0.0.0/24 dev wlp2s0 proto kernel scope link src 10.0.0.240 metric 600 10.88.0.0/16 dev cni-podman0 proto kernel scope link src 10.88.0.1 linkdown 192.168.100.0/24 dev virbr0 proto kernel scope link src 192.168.100.1 linkdown 192.168.123.0/24 dev br0 proto kernel scope link src 192.168.123.1 metric 425 192.168.123.0/24 dev br0 proto kernel scope link src 192.168.123.6 metric 425 192.168.123.0/24 via 192.168.123.1 dev br0 proto static metric 425 192.168.130.0/24 dev virbr1 proto kernel scope link src 192.168.130.1 linkdown |
Once I again, I delete all of the routes for the 192.168.123.0/24 network. I run the following command three times:
sudo ip route del 192.168.123.0/24 |
Then recycle the bridge interface:
$ sudo nmcli conn down br0 Connection 'br0' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/19) $ sudo nmcli conn up br0 Connection successfully activated (master waiting for slaves) (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/21) |
They are still there…but I can still connect over the wired interface. I think the static route takes precedence. I’m going to leave it as is for now.
EDIT: SSH is taking forever to connect, even though pings are returned. Not sure if it is the routing, or DNS. It is always DNS, isn’t it?