Before continuing, ensure that you completed the previous steps in the Scenario: Deployment of Kaspersky failover cluster.
Prepare two devices to work as the active and passive nodes of the Kaspersky Security Center Linux failover cluster.
Common folders configuration
sudo yum install nfs-utils
sudo apt install nfs-kernel-server
sudo mkdir -p /mnt/KlFocStateShare
sudo mkdir -p /mnt/KlFocDataShare_klfoc
sudo sh -c "echo {
file server
}:/mnt/KlFocStateShare /mnt/KlFocStateShare nfs vers=4,soft,timeo=50,retrans=2,auto,user,rw 0 0 >> /etc/fstab"
sudo sh -c "echo {
file server
}:/mnt/KlFocDataShare_klfoc /mnt/KlFocDataShare_klfoc nfs vers=4,noauto,user,rw,exec 0 0 >> /etc/fstab"
Here, {
file server
}
is the FQDN of the file server with shared folders.
mount /mnt/KlFocStateShare
mount /mnt/KlFocDataShare_klfoc
Run the following command:
sudo ls -la /mnt/
Network adapters configuration
A secondary network adapter can be physical or virtual. If you chose a deployment schema with a secondary network adapter, perform the corresponding procedure on both nodes:
sudo yum install iputils
or
apt install iputils-arping
nmcli device status
If the command output shows the physical network adapter as not being managed, configure the NetworkManager to manage the physical network adapter. The exact configuration steps depend on your Linux distributive.
ip a
nmcli connection add type macvlan dev <physical interface> mode bridge ifname <virtual interface> ipv4.addresses <address mask> ipv4.method manual autoconnect no
sudo yum install iputils
or
apt install iputils-arping
nmcli con del <connection name>
Use the following command to check connections to the target interface:
nmcli con show
unmanaged-devices
parameter:[keyfile]
unmanaged-devices=interface-name:<interface name>
systemctl reload NetworkManager
Use the following command to ensure that the target interface is no longer managed:
nmcli dev status
Load balancer configuration
If you chose a deployment schema with a load balancer, perform the following steps:
To deploy Kaspersky Security Center Linux failover cluster, follow the further instructions of the scenario.
The availability of the failover cluster nodes should be determined by the availability of the main connection ports to the Administration Server. The passive node does not accept any external connections until a switch occurs.