Skip to content

Commit ba9062b

Browse files
gsanchiettigsanchietti
committed
ns-ha: improve readme
1 parent 9950c32 commit ba9062b

File tree

1 file changed

+8
-12
lines changed

1 file changed

+8
-12
lines changed

packages/ns-ha/README.md

Lines changed: 8 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -17,8 +17,8 @@ In this example:
1717
- Name the primary firewall `main`
1818
- Set `br-lan` (LAN) to static IP: `192.168.100.238/24`
1919
- Set `eth1` (WAN) to DHCP (no PPPoE)
20-
- The `eth2` interface will be used for the HA configuration
21-
- Setup the configuration that will create the `ha` zone and setupt keepalived:
20+
- The `eth2` interface will be used for the HA configuration, it must not configured in the network settings
21+
- Setup the configuration that will: create the `ha` zone, configure the IP for the HA interface, setup keepalived:
2222
```sh
2323
echo '{"role": "main", "lan_interface": "br-lan", "ha_interface": "eth2", "virtual_ip": "192.168.100.240", "ha_main_ipaddress": "10.12.12.1", "ha_secondary_ipaddress": "10.12.12.2"}' | /usr/libexec/rpcd/ns.ha call setup
2424
```
@@ -30,6 +30,8 @@ In this example:
3030
- Apply the configuration:
3131
```
3232
uci commit
33+
/etc/init.d/network restart
34+
/etc/init.d/firewall restart
3335
/etc/init.d/keepalived restart
3436
```
3537

@@ -38,17 +40,11 @@ In this example:
3840
- Set `eth0` (LAN) to static IP: `192.168.100.237/24`
3941
- Set `eth1` (WAN) to DHCP (no PPPoE)
4042
- The `eth2` interface will be used for the HA configuration
41-
42-
- Create a zone `HA`:
43-
- No forwarding from/to other zones
44-
- Traffic to WAN: disabled
45-
- Traffic to firewall: enabled
46-
- Traffic within the same zone: reject
47-
- Create an interface `eth2` named `ha`, with static IP `10.12.12.2/24`
48-
- Execute:
43+
- Setup the configuration that will: create the `ha` zone, configure the IP for the HA interface, setup keepalived. Use the `password` and `pubkey` from the primary node:
4944
```sh
50-
echo '{"role": "main", "lan_interface": "br-lan", "ha_interface": "eth2", "virtual_ip": "192.168.100.240", "ha_main_ipaddress": "10.12.12.1", "ha_secondary_ipaddress": "10.12.12.2", "password": "5aeab1d8", "pubkey": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDF7MYY8vfgE/JgJT8mOejwIhB4UYKS4g/QSA7fwntCbN0LQ3nTA6LO3AzqhUCHd6LBS5P9aefTqDcG+cJQiGbXReqX1z4trQGs7QkBLbjlXb2Vock17UIGbm5ao8jyPsD4ADNdMF8p0S2xDvnfsOh7MXLy5N7QZGp1G3ISB6JVw0mdCn3GXYg1X9XB7Pqu0OJm7+n2SJvA1KXn9fKUDX92U1fGQcid05C3yRBS5QXB7VAAP55KKYp4RmQMCOcJDhDoHGB6Ia/fTxfhnLdXJcAHU2MTtyaEY7NWoPjKZ3769GIu4KLLDPB8aH9emg23Mej+eiMRIg0vFXsaJWVPuZzj root@primary"}' | /usr/libexec/rpcd/ns.ha call setup
45+
echo '{"role": "secondary", "lan_interface": "br-lan", "ha_interface": "eth2", "virtual_ip": "192.168.100.240", "ha_main_ipaddress": "10.12.12.1", "ha_secondary_ipaddress": "10.12.12.2", "password": "5aeab1d8", "pubkey": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDF7MYY8vfgE/JgJT8mOejwIhB4UYKS4g/QSA7fwntCbN0LQ3nTA6LO3AzqhUCHd6LBS5P9aefTqDcG+cJQiGbXReqX1z4trQGs7QkBLbjlXb2Vock17UIGbm5ao8jyPsD4ADNdMF8p0S2xDvnfsOh7MXLy5N7QZGp1G3ISB6JVw0mdCn3GXYg1X9XB7Pqu0OJm7+n2SJvA1KXn9fKUDX92U1fGQcid05C3yRBS5QXB7VAAP55KKYp4RmQMCOcJDhDoHGB6Ia/fTxfhnLdXJcAHU2MTtyaEY7NWoPjKZ3769GIu4KLLDPB8aH9emg23Mej+eiMRIg0vFXsaJWVPuZzj root@primary"}' | /usr/libexec/rpcd/ns.ha call setup
5146
uci commit
52-
./keepalived-config secondary br-lan eth2 192.168.100.240 10.12.12.1 10.12.12.2
47+
/etc/init.d/network restart
48+
/etc/init.d/firewall restart
5349
/etc/init.d/keepalived restart
5450
```

0 commit comments

Comments
 (0)