Prepare two devices to work as the active and passive nodes of the Kaspersky Security Center Linux failover cluster.
Failover cluster deployment fails when you have either both arping and iputils-arping packages or only the arping package installed. Before deploying a failover cluster, ensure that you only have the iputils-arping package installed on both nodes.
To prepare nodes for the Kaspersky Security Center Linux failover cluster:
sudo yum install nfs-utils
sudo apt install nfs-kernel-server
sudo mkdir -p /mnt/KlFocStateShare
sudo mkdir -p /mnt/KlFocDataShare_klfoc
sudo sh -c "echo {server
}:{path to the KlFocStateShare folder
} /mnt/KlFocStateShare nfs vers=4,soft,timeo=50,retrans=2,auto,user,rw 0 0 >> /etc/fstab"
sudo sh -c "echo {server
}:{path to the KlFocDataShare_klfoc folder
} /mnt/KlFocDataShare_klfoc nfs vers=4,noauto,user,rw,exec 0 0 >> /etc/fstab"
Here, {server
}:{path to the KlFocStateShare folder
} and {server
}:{path to the KlFocDataShare_klfoc folder
} are the network paths to the shared folders on the file server.
mount /mnt/KlFocStateShare
mount /mnt/KlFocDataShare_klfoc
Run the following command:
sudo ls -la /mnt/
A secondary network adapter can be physical or virtual. If you want to use a physical network adapter, connect and configure it with standard operating system tools. If you want to use a virtual network adapter, create it by using third-party software.
Do one of the following:
nmcli device status
If the physical adapter is shown as unmanaged in the output, configure NetworkManager to manage the physical adapter. The exact configuration steps depend on your distribution.
ip a
nmcli connection add type macvlan dev <physical interface
> mode bridge ifname <virtual interface
> ipv4.addresses <address mask
> ipv4.method manual autoconnect no
nmcli con del <connection name
>
Use the following command to check if the target interface has connections:
nmcli con show
[keyfile]
unmanaged-devices=interface-name:<interface name
>
systemctl reload NetworkManager
Use the following command to verify that the target interface is unmanaged:
nmcli dev status
If you want to use the klakaut utility for automation, you must also open the TCP 13291 port.
The nodes are prepared. To deploy Kaspersky Security Center Linux failover cluster, follow the further instructions of the scenario.