3、基於heartbeat v2 crm實現HA LAMP組合;要求,部署wordpress,用於編輯的文章中的任何數據在節點切換後都能正常訪問;
組網介紹:
所有設備使用CentOS 6.8操作系統
兩臺服務器配置LAMP,IP地址爲192.168.255.128和192.168.255.129
虛擬ip地址爲:192.168.255.200
兩臺服務器的心跳地址爲192.168.126.128和192.168.126.129
配置一臺NFS服務器,mysql也安裝在此服務器上,ip地址爲192.168.255.130
配置LAMP
http配置,服務器192.168.255.128上的配置與服務器192.168.255.129上的配置相同,具體配置如下:
#安裝httpd
[root@node1 ~]# yum install httpd
#安裝httpd的fcgi模塊,以及mysql連接驅動
[root@node1 ~]# yum install php php-mysql
#啓動httpd服務
[root@node1 ~]# service httpd start
正在啓動 httpd:httpd: apr_sockaddr_info_get() failed for node2
httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
[確定]
在192.168.255.130服務器上,安裝mysql;
#安裝mysql數據庫服務
[root@nfs-mysql ~]# yum install mysql-server
[root@nfs-mysql ~]# service mysqld start
初始化 MySQL 數據庫: WARNING: The host 'nfs-mysql' could not be looked up with resolveip.
This probably means that your libc libraries are not 100 % compatible
with this binary MySQL version. The MySQL daemon, mysqld, should work
normally with the exception that host name resolving will not work.
This means that you should use IP addresses instead of hostnames
when specifying MySQL privileges !
Installing MySQL system tables...
OK
Filling help tables...
OK
To start mysqld at boot time you have to copy
support-files/mysql.server to the right place for your system
PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !
To do so, start the server, then issue the following commands:
/usr/bin/mysqladmin -u root password 'new-password'
/usr/bin/mysqladmin -u root -h nfs-mysql password 'new-password'
Alternatively you can run:
/usr/bin/mysql_secure_installation
which will also give you the option of removing the test
databases and anonymous user created by default. This is
strongly recommended for production servers.
See the manual for more instructions.
You can start the MySQL daemon with:
cd /usr ; /usr/bin/mysqld_safe &
You can test the MySQL daemon with mysql-test-run.pl
cd /usr/mysql-test ; perl mysql-test-run.pl
Please report any problems with the /usr/bin/mysqlbug script!
[確定]
正在啓動 mysqld: [確定]
#創建數據庫wpdata,並賦予用戶名爲wordpress所有的權限;
[root@nfs-mysql ~]# mysql
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 2
Server version: 5.1.73 Source distribution
Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
mysql>
mysql> create database wpdata;
Query OK, 1 row affected (0.00 sec)
mysql> grant all on wpdata.* to wordpress@'%' identified by "wordpress";
Query OK, 0 rows affected (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
mysql> \q
Bye
搭建共享存儲
#在192.168.255.130服務器上安裝NFS服務,並啓動;
[root@nfs-mysql ~]# rpm -qa | grep nfs-utils
nfs-utils-1.3.0-0.33.el7_3.x86_64
[root@nfs-mysql ~]# service nfs start
啓動 NFS 服務: [確定]
關掉 NFS 配額: [確定]
啓動 NFS mountd: [確定]
啓動 NFS 守護進程: [確定]
正在啓動 RPC idmapd: [確定]
#創建共享文件系統目錄
[root@nfs-mysql ~]# mkdir /data/html -pv
mkdir: 已創建目錄 "/data"
mkdir: 已創建目錄 "/data/html"
#編輯共享文件系統的NFS配置文件,並重新加載配置文件;
[root@nfs-mysql ~]# vim /etc/exports.d/wordpress.exports
[root@nfs-mysql ~]# cat /etc/exports.d/wordpress.exports
/data/html 192.168.255.0/24(rw,async)
[root@nfs-mysql ~]# exportfs -r
#在192.168.255.128上查看共享的文件系統
[root@node1 ~]# showmount -e 192.168.255.130
Export list for 192.168.255.130:
/data/html 192.168.255.0/24
#查看apache用戶的UID
[root@node1 ~]# id apache
uid=48(apache) gid=48(apache) 組=48(apache)
#在nfs服務器上創建apache用戶,UID爲48
[root@nfs-mysql ~]# useradd -r apache -u 48
useradd:用戶“apache”已存在
[root@nfs-mysql ~]# id apache
uid=48(apache) gid=48(apache) 組=48(apache)
#在兩臺httpd服務器上掛載共享的文件系統
[root@node2 ~]# mount -t nfs 192.168.255.130:/data/html /var/www/html
[root@node1 ~]# mount -t nfs 192.168.255.130:/data/html /var/www/html
[root@node1 ~]# mount
……
192.168.255.130:/data/html on /var/www/html type nfs (rw,vers=4,addr=192.168.255.130,clientaddr=192.168.255.128)
[root@node2 ~]# mount
……
192.168.255.130:/data/html on /var/www/html type nfs (rw,vers=4,addr=192.168.255.130,clientaddr=192.168.255.129)
#在NFS服務器上上傳wordpress程序,並修改目錄權限,可以使php模塊能夠有寫權限;
[root@nfs-mysql html]# unzip wordpress-4.7.4-zh_CN.zip
[root@nfs-mysql html]# chown -R apache:apache wordpress
#在兩臺httpd上查看文件;
[root@node1 ~]# ll /var/www/html/wordpress
總用量 184
-rw-r--r-- 1 apache apache 418 9月 25 2013 index.php
-rw-r--r-- 1 apache apache 19935 1月 3 2017 license.txt
-rw-r--r-- 1 apache apache 6956 4月 23 21:24 readme.html
-rw-r--r-- 1 apache apache 5447 9月 28 2016 wp-activate.php
drwxr-xr-x 9 apache apache 4096 4月 23 21:24 wp-admin
-rw-r--r-- 1 apache apache 364 12月 19 2015 wp-blog-header.php
-rw-r--r-- 1 apache apache 1627 8月 29 2016 wp-comments-post.php
-rw-r--r-- 1 apache apache 2930 4月 23 21:24 wp-config-sample.php
drwxr-xr-x 5 apache apache 69 4月 23 21:24 wp-content
-rw-r--r-- 1 apache apache 3286 5月 25 2015 wp-cron.php
drwxr-xr-x 18 apache apache 8192 4月 23 21:24 wp-includes
-rw-r--r-- 1 apache apache 2422 11月 21 2016 wp-links-opml.php
-rw-r--r-- 1 apache apache 3301 10月 25 2016 wp-load.php
-rw-r--r-- 1 apache apache 33939 11月 21 2016 wp-login.php
-rw-r--r-- 1 apache apache 8048 1月 11 2017 wp-mail.php
-rw-r--r-- 1 apache apache 16255 4月 7 02:23 wp-settings.php
-rw-r--r-- 1 apache apache 29896 10月 19 2016 wp-signup.php
-rw-r--r-- 1 apache apache 4513 10月 15 2016 wp-trackback.php
-rw-r--r-- 1 apache apache 3065 9月 1 2016 xmlrpc.php
#編輯兩臺httpd的配置文件,修改根目錄爲/var/www/html/wordpress
#重新載入httpd配置
[root@node1 ~]# service httpd reload
重新載入 httpd:
[root@node2 ~]# service httpd reload
重新載入 httpd:
配置高可用HA:
配置前的準備
#設置兩臺web服務的主機名
[root@nfs-mysql html]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.255.128 node1.magedu.com
192.168.255.129 node2.magedu.com
[root@node1 ~]# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=node1.magedu.com
NTPSERVERARGS=iburst
[root@node2 ~]# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=node2.magedu.com
NTPSERVERARGS=iburst
You have new mail in /var/spool/mail/root
#重新啓動操作系統,並通過uname -n查看
[root@node1 ~]# reboot
[root@node2 ~]# reboot
[root@node1 ~]# uname -n
node1.magedu.com
[root@node2 ~]# uname -n
node2.magedu.com
#配置ssh的密鑰認證
[root@node1 ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
46:c3:78:78:ff:07:56:44:83:3c:45:42:60:b6:71:7c [email protected]
The key's randomart image is:
+--[ RSA 2048]----+
| ==+=* |
| + o +=oE. |
| o * . o. |
| + o . |
| S . o |
| . o . |
| . . |
| . |
| |
+-----------------+
[root@node1 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@node2
The authenticity of host 'node2 (192.168.255.129)' can't be established.
RSA key fingerprint is 2d:bc:64:d8:4b:c3:a1:1d:84:69:4d:dc:b5:fd:d5:af.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'node2' (RSA) to the list of known hosts.
root@node2's password:
Now try logging into the machine, with "ssh 'root@node2'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
[root@node2 ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
05:a6:cf:2a:7f:e9:b0:e2:0a:bd:db:88:fb:db:ac:3c [email protected]
The key's randomart image is:
+--[ RSA 2048]----+
| o |
| o . |
| . . |
| o . |
| S |
| . . |
|. . . o . |
| +E*.o oo |
|ooXB=.oo. |
+-----------------+
[root@node2 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@node1
The authenticity of host 'node1 (192.168.255.128)' can't be established.
RSA key fingerprint is 2d:bc:64:d8:4b:c3:a1:1d:84:69:4d:dc:b5:fd:d5:af.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'node1' (RSA) to the list of known hosts.
root@node1's password:
Now try logging into the machine, with "ssh 'root@node1'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
時間同步配置:
#配置時間同步
[root@node1 ~]# yum install ntp
[root@node1 ~]# service ntpd start
#其他節點,配置計劃任務,每5分鐘同步一次時間
[root@node1 ~]# crontab -e
no crontab for root - using an empty one
crontab: installing new crontab
[root@node1 ~]# crontab -l
*/5 * * * * /sbin/utpdate 172.18.0.1 &> /dev/null
[root@node1 ~]# service crond status
crond (pid 2170) 正在運行...
[root@node1 ~]#
配置heartbeat
#安裝heartbeat
[root@node1 ~]# yum install epel-release
[root@node1 ~]# yum install net-snmp-libs libnet PyXML
[root@node1 ~]# rpm -ivh heartbeat-2.1.4-12.el6.x86_64.rpm heartbeat-pils-2.1.4-12.el6.x86_64.rpm heartbeat-stonith-2.1.4-12.el6.x86_64.rpm
Preparing... ########################################### [100%]
1:heartbeat-pils ########################################### [ 33%]
2:heartbeat-stonith ########################################### [ 67%]
3:heartbeat ########################################### [100%]
#爲heartbeat程序提供配置文件
[root@node1 ~]# cp /usr/share/doc/heartbeat-2.1.4/{ha.cf,authkeys,haresources} /etc/ha.d/
#編輯ha.cf
[root@node1 ~]# grep -v "^\s*#\|^\s*$" /etc/ha.d/ha.cf
logfacility local0
mcast eth1 225.0.0.1 694 1 0
auto_failback on
node node1
node node2
ping 192.168.255.130
crm on
#編輯authkeys
[root@node1 ~]# cd /etc/ha.d/
[root@node1 ha.d]# chmod 600 authkeys
[root@node1 ha.d]# openssl rand -base64 8
cT0kpIGU/wo=
[root@node1 ha.d]# vim authkeys
[root@node1 ha.d]# cat authkeys
#
# Authentication file. Must be mode 600
#
#
# Must have exactly one auth directive at the front.
# auth send authentication using this method-id
#
# Then, list the method and key that go with that method-id
#
# Available methods: crc sha1, md5. Crc doesn't need/want a key.
#
# You normally only have one authentication method-id listed in this file
#
# Put more than one to make a smooth transition when changing auth
# methods and/or keys.
#
#
# sha1 is believed to be the "best", md5 next best.
#
# crc adds no security, except from packet corruption.
# Use only on physically secure networks.
#
auth 2
#1 crc
2 sha1 cT0kpIGU/wo
#3 md5 Hello!
#將authkeys,ha.cf配置文件拷貝到node2上一份;
[root@node1 ~]# scp /etc/ha.d/{authkeys,ha.cf} [email protected]:/etc/ha.d
#啓動服務
[root@node1 ~]# service heartbeat start; ssh node2.magedu.com 'service heartbeat start'
logd is already running
Starting High-Availability services:
Done.
logd is already running
Starting High-Availability services:
Done.
#查看狀態
[root@node1 ~]# crm_mon
============
Last updated: Sun Jul 16 21:02:04 2017
Current DC: node2.magedu.com (77a02f08-075c-41fa-a2a6-1123c0176ea0)
2 Nodes configured.
0 Resources configured.
============
Node: node2.magedu.com (77a02f08-075c-41fa-a2a6-1123c0176ea0): online
Node: node1.magedu.com (c34b36ad-30d9-4b77-9f25-a4a3bf5cf484): online
通過heartbeat-gui來設備備用服務器接管的資源,以及資源的啓動順序;
[root@node1 ~]# rpm -ivh heartbeat-gui-2.1.4-12.el6.x86_64.rpm
Preparing... ########################################### [100%]
1:heartbeat-gui ########################################### [100%]
[root@node1 ~]# echo "magedu" | passwd --stdin hacluster
更改用戶 hacluster 的密碼 。
passwd: 所有的身份驗證令牌已經成功更新。
[root@node2 ~]# rpm -ivh heartbeat-gui-2.1.4-12.el6.x86_64.rpm
Preparing... ########################################### [100%]
1:heartbeat-gui ########################################### [100%]
[root@node2 ~]#
[root@node2 ~]#
[root@node2 ~]# echo "magedu" | passwd --stdin hacluster
更改用戶 hacluster 的密碼 。
passwd: 所有的身份驗證令牌已經成功更新。
[root@node1 ~]# hb_gui &
根據配置的密碼登錄至heartbeat-gui;每臺linux服務器的密碼可以不一樣;
策略配置要求
1.配置linux-HA的虛擬IP地址,http服務啓動的時候必須有可用ip地址;
2.要求nfs需要先掛載然後才能啓動httpd,
3.啓動httpd
定義測量組,組內有控制策略順序啓動機制;
添加虛擬IP策略配置
添加NFS共享文件系統掛載策略
添加httpd服務啓動策略
啓動策略並查看
模擬主節點故障,查看服務運行
另外也可以通過修改haresources文件,編輯備節點接管資源的腳本;此腳本必須可以接收“start”和“stop”參數;
[root@node1 ~]# grep -v "^#" /etc/ha.d/haresources
node2.magedu.com 192.168.255.200 myha.sh
#!/bin/bash
vip=192.168.255.200
broadcast=192.168.255.255
netmask=255.255.255.0
case $1 in
start)
ifconfig eth1:0 $vip broadcast $broadcast netmask $netmask
mount -t nfs 192.168.255.130:/data/html /var/www/html
service httpd start
;;
stop)
ifconfig eth1:0 down
umount /var/www/html
service httpd stop
;;
*)
echo $0 "start|stop"
;;
esac