3、基于heartbeat v2 crm实现HA LAMP组合;要求,部署wordpress,用于编辑的文章中的任何数据在节点切换后都能正常访问;
组网介绍:
所有设备使用CentOS 6.8操作系统
两台服务器配置LAMP,IP地址为192.168.255.128和192.168.255.129
虚拟ip地址为:192.168.255.200
两台服务器的心跳地址为192.168.126.128和192.168.126.129
配置一台NFS服务器,mysql也安装在此服务器上,ip地址为192.168.255.130
配置LAMP
http配置,服务器192.168.255.128上的配置与服务器192.168.255.129上的配置相同,具体配置如下:
#安装httpd
[root@node1 ~]# yum install httpd
#安装httpd的fcgi模块,以及mysql连接驱动
[root@node1 ~]# yum install php php-mysql
#启动httpd服务
[root@node1 ~]# service httpd start
正在启动 httpd:httpd: apr_sockaddr_info_get() failed for node2
httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
[确定]
在192.168.255.130服务器上,安装mysql;
#安装mysql数据库服务
[root@nfs-mysql ~]# yum install mysql-server
[root@nfs-mysql ~]# service mysqld start
初始化 MySQL 数据库: WARNING: The host 'nfs-mysql' could not be looked up with resolveip.
This probably means that your libc libraries are not 100 % compatible
with this binary MySQL version. The MySQL daemon, mysqld, should work
normally with the exception that host name resolving will not work.
This means that you should use IP addresses instead of hostnames
when specifying MySQL privileges !
Installing MySQL system tables...
OK
Filling help tables...
OK
To start mysqld at boot time you have to copy
support-files/mysql.server to the right place for your system
PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !
To do so, start the server, then issue the following commands:
/usr/bin/mysqladmin -u root password 'new-password'
/usr/bin/mysqladmin -u root -h nfs-mysql password 'new-password'
Alternatively you can run:
/usr/bin/mysql_secure_installation
which will also give you the option of removing the test
databases and anonymous user created by default. This is
strongly recommended for production servers.
See the manual for more instructions.
You can start the MySQL daemon with:
cd /usr ; /usr/bin/mysqld_safe &
You can test the MySQL daemon with mysql-test-run.pl
cd /usr/mysql-test ; perl mysql-test-run.pl
Please report any problems with the /usr/bin/mysqlbug script!
[确定]
正在启动 mysqld: [确定]
#创建数据库wpdata,并赋予用户名为wordpress所有的权限;
[root@nfs-mysql ~]# mysql
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 2
Server version: 5.1.73 Source distribution
Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
mysql>
mysql> create database wpdata;
Query OK, 1 row affected (0.00 sec)
mysql> grant all on wpdata.* to wordpress@'%' identified by "wordpress";
Query OK, 0 rows affected (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
mysql> \q
Bye
搭建共享存储
#在192.168.255.130服务器上安装NFS服务,并启动;
[root@nfs-mysql ~]# rpm -qa | grep nfs-utils
nfs-utils-1.3.0-0.33.el7_3.x86_64
[root@nfs-mysql ~]# service nfs start
启动 NFS 服务: [确定]
关掉 NFS 配额: [确定]
启动 NFS mountd: [确定]
启动 NFS 守护进程: [确定]
正在启动 RPC idmapd: [确定]
#创建共享文件系统目录
[root@nfs-mysql ~]# mkdir /data/html -pv
mkdir: 已创建目录 "/data"
mkdir: 已创建目录 "/data/html"
#编辑共享文件系统的NFS配置文件,并重新加载配置文件;
[root@nfs-mysql ~]# vim /etc/exports.d/wordpress.exports
[root@nfs-mysql ~]# cat /etc/exports.d/wordpress.exports
/data/html 192.168.255.0/24(rw,async)
[root@nfs-mysql ~]# exportfs -r
#在192.168.255.128上查看共享的文件系统
[root@node1 ~]# showmount -e 192.168.255.130
Export list for 192.168.255.130:
/data/html 192.168.255.0/24
#查看apache用户的UID
[root@node1 ~]# id apache
uid=48(apache) gid=48(apache) 组=48(apache)
#在nfs服务器上创建apache用户,UID为48
[root@nfs-mysql ~]# useradd -r apache -u 48
useradd:用户“apache”已存在
[root@nfs-mysql ~]# id apache
uid=48(apache) gid=48(apache) 组=48(apache)
#在两台httpd服务器上挂载共享的文件系统
[root@node2 ~]# mount -t nfs 192.168.255.130:/data/html /var/www/html
[root@node1 ~]# mount -t nfs 192.168.255.130:/data/html /var/www/html
[root@node1 ~]# mount
……
192.168.255.130:/data/html on /var/www/html type nfs (rw,vers=4,addr=192.168.255.130,clientaddr=192.168.255.128)
[root@node2 ~]# mount
……
192.168.255.130:/data/html on /var/www/html type nfs (rw,vers=4,addr=192.168.255.130,clientaddr=192.168.255.129)
#在NFS服务器上上传wordpress程序,并修改目录权限,可以使php模块能够有写权限;
[root@nfs-mysql html]# unzip wordpress-4.7.4-zh_CN.zip
[root@nfs-mysql html]# chown -R apache:apache wordpress
#在两台httpd上查看文件;
[root@node1 ~]# ll /var/www/html/wordpress
总用量 184
-rw-r--r-- 1 apache apache 418 9月 25 2013 index.php
-rw-r--r-- 1 apache apache 19935 1月 3 2017 license.txt
-rw-r--r-- 1 apache apache 6956 4月 23 21:24 readme.html
-rw-r--r-- 1 apache apache 5447 9月 28 2016 wp-activate.php
drwxr-xr-x 9 apache apache 4096 4月 23 21:24 wp-admin
-rw-r--r-- 1 apache apache 364 12月 19 2015 wp-blog-header.php
-rw-r--r-- 1 apache apache 1627 8月 29 2016 wp-comments-post.php
-rw-r--r-- 1 apache apache 2930 4月 23 21:24 wp-config-sample.php
drwxr-xr-x 5 apache apache 69 4月 23 21:24 wp-content
-rw-r--r-- 1 apache apache 3286 5月 25 2015 wp-cron.php
drwxr-xr-x 18 apache apache 8192 4月 23 21:24 wp-includes
-rw-r--r-- 1 apache apache 2422 11月 21 2016 wp-links-opml.php
-rw-r--r-- 1 apache apache 3301 10月 25 2016 wp-load.php
-rw-r--r-- 1 apache apache 33939 11月 21 2016 wp-login.php
-rw-r--r-- 1 apache apache 8048 1月 11 2017 wp-mail.php
-rw-r--r-- 1 apache apache 16255 4月 7 02:23 wp-settings.php
-rw-r--r-- 1 apache apache 29896 10月 19 2016 wp-signup.php
-rw-r--r-- 1 apache apache 4513 10月 15 2016 wp-trackback.php
-rw-r--r-- 1 apache apache 3065 9月 1 2016 xmlrpc.php
#编辑两台httpd的配置文件,修改根目录为/var/www/html/wordpress
#重新载入httpd配置
[root@node1 ~]# service httpd reload
重新载入 httpd:
[root@node2 ~]# service httpd reload
重新载入 httpd:
配置高可用HA:
配置前的准备
#设置两台web服务的主机名
[root@nfs-mysql html]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.255.128 node1.magedu.com
192.168.255.129 node2.magedu.com
[root@node1 ~]# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=node1.magedu.com
NTPSERVERARGS=iburst
[root@node2 ~]# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=node2.magedu.com
NTPSERVERARGS=iburst
You have new mail in /var/spool/mail/root
#重新启动操作系统,并通过uname -n查看
[root@node1 ~]# reboot
[root@node2 ~]# reboot
[root@node1 ~]# uname -n
node1.magedu.com
[root@node2 ~]# uname -n
node2.magedu.com
#配置ssh的密钥认证
[root@node1 ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
46:c3:78:78:ff:07:56:44:83:3c:45:42:60:b6:71:7c [email protected]
The key's randomart image is:
+--[ RSA 2048]----+
| ==+=* |
| + o +=oE. |
| o * . o. |
| + o . |
| S . o |
| . o . |
| . . |
| . |
| |
+-----------------+
[root@node1 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@node2
The authenticity of host 'node2 (192.168.255.129)' can't be established.
RSA key fingerprint is 2d:bc:64:d8:4b:c3:a1:1d:84:69:4d:dc:b5:fd:d5:af.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'node2' (RSA) to the list of known hosts.
root@node2's password:
Now try logging into the machine, with "ssh 'root@node2'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
[root@node2 ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
05:a6:cf:2a:7f:e9:b0:e2:0a:bd:db:88:fb:db:ac:3c [email protected]
The key's randomart image is:
+--[ RSA 2048]----+
| o |
| o . |
| . . |
| o . |
| S |
| . . |
|. . . o . |
| +E*.o oo |
|ooXB=.oo. |
+-----------------+
[root@node2 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@node1
The authenticity of host 'node1 (192.168.255.128)' can't be established.
RSA key fingerprint is 2d:bc:64:d8:4b:c3:a1:1d:84:69:4d:dc:b5:fd:d5:af.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'node1' (RSA) to the list of known hosts.
root@node1's password:
Now try logging into the machine, with "ssh 'root@node1'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
时间同步配置:
#配置时间同步
[root@node1 ~]# yum install ntp
[root@node1 ~]# service ntpd start
#其他节点,配置计划任务,每5分钟同步一次时间
[root@node1 ~]# crontab -e
no crontab for root - using an empty one
crontab: installing new crontab
[root@node1 ~]# crontab -l
*/5 * * * * /sbin/utpdate 172.18.0.1 &> /dev/null
[root@node1 ~]# service crond status
crond (pid 2170) 正在运行...
[root@node1 ~]# 配置heartbeat
#安装heartbeat
[root@node1 ~]# yum install epel-release
[root@node1 ~]# yum install net-snmp-libs libnet PyXML
[root@node1 ~]# rpm -ivh heartbeat-2.1.4-12.el6.x86_64.rpm heartbeat-pils-2.1.4-12.el6.x86_64.rpm heartbeat-stonith-2.1.4-12.el6.x86_64.rpm
Preparing... ########################################### [100%]
1:heartbeat-pils ########################################### [ 33%]
2:heartbeat-stonith ########################################### [ 67%]
3:heartbeat ########################################### [100%]
#为heartbeat程序提供配置文件
[root@node1 ~]# cp /usr/share/doc/heartbeat-2.1.4/{ha.cf,authkeys,haresources} /etc/ha.d/
#编辑ha.cf
[root@node1 ~]# grep -v "^\s*#\|^\s*$" /etc/ha.d/ha.cf
logfacility local0
mcast eth1 225.0.0.1 694 1 0
auto_failback on
node node1
node node2
ping 192.168.255.130
crm on
#编辑authkeys
[root@node1 ~]# cd /etc/ha.d/
[root@node1 ha.d]# chmod 600 authkeys
[root@node1 ha.d]# openssl rand -base64 8
cT0kpIGU/wo=
[root@node1 ha.d]# vim authkeys
[root@node1 ha.d]# cat authkeys
#
# Authentication file. Must be mode 600
#
#
# Must have exactly one auth directive at the front.
# auth send authentication using this method-id
#
# Then, list the method and key that go with that method-id
#
# Available methods: crc sha1, md5. Crc doesn't need/want a key.
#
# You normally only have one authentication method-id listed in this file
#
# Put more than one to make a smooth transition when changing auth
# methods and/or keys.
#
#
# sha1 is believed to be the "best", md5 next best.
#
# crc adds no security, except from packet corruption.
# Use only on physically secure networks.
#
auth 2
#1 crc
2 sha1 cT0kpIGU/wo
#3 md5 Hello!
#将authkeys,ha.cf配置文件拷贝到node2上一份;
[root@node1 ~]# scp /etc/ha.d/{authkeys,ha.cf} [email protected]:/etc/ha.d
#启动服务
[root@node1 ~]# service heartbeat start; ssh node2.magedu.com 'service heartbeat start'
logd is already running
Starting High-Availability services:
Done.
logd is already running
Starting High-Availability services:
Done.
#查看状态
[root@node1 ~]# crm_mon
============
Last updated: Sun Jul 16 21:02:04 2017
Current DC: node2.magedu.com (77a02f08-075c-41fa-a2a6-1123c0176ea0)
2 Nodes configured.
0 Resources configured.
============
Node: node2.magedu.com (77a02f08-075c-41fa-a2a6-1123c0176ea0): online
Node: node1.magedu.com (c34b36ad-30d9-4b77-9f25-a4a3bf5cf484): online通过heartbeat-gui来设备备用服务器接管的资源,以及资源的启动顺序;
[root@node1 ~]# rpm -ivh heartbeat-gui-2.1.4-12.el6.x86_64.rpm
Preparing... ########################################### [100%]
1:heartbeat-gui ########################################### [100%]
[root@node1 ~]# echo "magedu" | passwd --stdin hacluster
更改用户 hacluster 的密码 。
passwd: 所有的身份验证令牌已经成功更新。
[root@node2 ~]# rpm -ivh heartbeat-gui-2.1.4-12.el6.x86_64.rpm
Preparing... ########################################### [100%]
1:heartbeat-gui ########################################### [100%]
[root@node2 ~]#
[root@node2 ~]#
[root@node2 ~]# echo "magedu" | passwd --stdin hacluster
更改用户 hacluster 的密码 。
passwd: 所有的身份验证令牌已经成功更新。
[root@node1 ~]# hb_gui &根据配置的密码登录至heartbeat-gui;每台linux服务器的密码可以不一样;
策略配置要求
1.配置linux-HA的虚拟IP地址,http服务启动的时候必须有可用ip地址;
2.要求nfs需要先挂载然后才能启动httpd,
3.启动httpd
定义测量组,组内有控制策略顺序启动机制;
添加虚拟IP策略配置
添加NFS共享文件系统挂载策略
添加httpd服务启动策略
启动策略并查看
模拟主节点故障,查看服务运行
另外也可以通过修改haresources文件,编辑备节点接管资源的脚本;此脚本必须可以接收“start”和“stop”参数;
[root@node1 ~]# grep -v "^#" /etc/ha.d/haresources
node2.magedu.com 192.168.255.200 myha.sh #!/bin/bash
vip=192.168.255.200
broadcast=192.168.255.255
netmask=255.255.255.0
case $1 in
start)
ifconfig eth1:0 $vip broadcast $broadcast netmask $netmask
mount -t nfs 192.168.255.130:/data/html /var/www/html
service httpd start
;;
stop)
ifconfig eth1:0 down
umount /var/www/html
service httpd stop
;;
*)
echo $0 "start|stop"
;;
esac