ClusterStorage-7-配置災備地址（ NFS Ganesha ）

0.實驗前的環境檢查與配置

[student@workstation ~]$ lab ganesha setup
 

1.配置環境

systemctl stop glusterd停止服務。killall glusterfs關閉進程。killall glusterfsd關閉進程。 yum -y install glusterfs-ganesha安裝軟件包。serverb參照servera操作。

[root@servera ~]# systemctl stop glusterd
[root@servera ~]# killall glusterfs
[root@servera ~]# killall glusterfsd

[root@servera ~]# yum -y install glusterfs-ganesha
[root@serverb ~]# systemctl stop glusterd
[root@serverb ~]# killall glusterfs
[root@serverb ~]# killall glusterfsd

[root@serverb ~]# yum -y install glusterfs-ganesha
 

2.配置防火牆

firewall-cmd --add-service放行服務。firewall-cmd --runtime-to-permanent讓防火牆配置永久生效。serverb參照servera操作。

[root@servera ~]# firewall-cmd --add-service=high-availability \
> --add-service=nfs \
> --add-service=rpc-bind \
> --add-service=mountd
success
[root@servera ~]# firewall-cmd --runtime-to-permanent
success
[root@serverb ~]# firewall-cmd --add-service=high-availability \
> --add-service=nfs \
> --add-service=rpc-bind \
> --add-service=mountd
success
[root@serverb ~]# firewall-cmd --runtime-to-permanent
success
 

3.配置Ganesha

cp /etc/ganesha/ganesha-ha.conf{.sample,}從樣本創建配置文件。 vim /etc/ganesha/ganesha-ha.conf編輯配置文件。grep -v ^# /etc/ganesha/ganesha-ha.conf查看配置文件。

[root@servera ~]# ll /etc/ganesha/ganesha*
-rw-r--r--. 1 root root 1170 Dec 16  2015 /etc/ganesha/ganesha.conf
-rw-r--r--. 1 root root  867 Feb  8  2016 /etc/ganesha/ganesha-ha.conf.sample
[root@servera ~]# cp /etc/ganesha/ganesha-ha.conf{.sample,}
[root@servera ~]# ll /etc/ganesha/ganesha*
-rw-r--r--. 1 root root 1170 Dec 16  2015 /etc/ganesha/ganesha.conf
-rw-r--r--. 1 root root  867 Jan 29 11:00 /etc/ganesha/ganesha-ha.conf
-rw-r--r--. 1 root root  867 Feb  8  2016 /etc/ganesha/ganesha-ha.conf.sample
[root@servera ~]# vim /etc/ganesha/ganesha-ha.conf
[root@servera ~]# grep -v ^# /etc/ganesha/ganesha-ha.conf
HA_NAME="gls-ganesha"
HA_VOL_SERVER="servera"
HA_CLUSTER_NODES="servera.lab.example.com,serverb.lab.example.com"
VIP_servera_lab_example_com="172.25.250.16"
VIP_serverb_lab_example_com="172.25.250.17"
[root@servera ~]# scp /etc/ganesha/ganesha-ha.conf serverb:/etc/ganesha/
The authenticity of host 'serverb (172.25.250.11)' can't be established.
ECDSA key fingerprint is f3:3a:20:c9:5a:cc:cc:f0:44:f7:00:90:03:18:b1:8d.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'serverb,172.25.250.11' (ECDSA) to the list of known hosts.
root@serverb's password: 
ganesha-ha.conf                                                                                                100%  934     0.9KB/s   00:00

 

4.配置服務

systemctl enable pacemaker pcsd載入啓動項。systemctl start pcsd啓動服務。echo redhat | passwd --stdin hacluster創建用戶。serverb參照servera操作。pcs cluster auth -u hacluster -p redhat登陸服務操作。

[root@servera ~]# systemctl enable pacemaker pcsd
Created symlink from /etc/systemd/system/multi-user.target.wants/pacemaker.service to /usr/lib/systemd/system/pacemaker.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/pcsd.service to /usr/lib/systemd/system/pcsd.service.
[root@servera ~]# systemctl start pcsd
[root@servera ~]# echo redhat | passwd --stdin hacluster
Changing password for user hacluster.
passwd: all authentication tokens updated successfully.
[root@serverb ~]# systemctl enable pacemaker pcsd
Created symlink from /etc/systemd/system/multi-user.target.wants/pacemaker.service to /usr/lib/systemd/system/pacemaker.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/pcsd.service to /usr/lib/systemd/system/pcsd.service.
[root@serverb ~]# systemctl start pcsd
[root@serverb ~]# echo redhat | passwd --stdin hacluster
Changing password for user hacluster.
passwd: all authentication tokens updated successfully.
[root@servera ~]# pcs cluster auth -u hacluster -p redhat \
> servera.lab.example.com serverb.lab.example.com
servera.lab.example.com: Authorized
serverb.lab.example.com: Authorized
 

5.配置密鑰

ssh-keygen -f /var/lib/glusterd/nfs/secret.pem -t rsa -N ''生成密鑰。 ll /var/lib/glusterd/nfs/secret.pem*查看密鑰。scp /var/lib/glusterd/nfs/secret.pem* serverb:/var/lib/glusterd/nfs/遠程複製。ssh-copy-id -i /var/lib/glusterd/nfs/secret.pem.pub root@servera複製給servera。ssh-copy-id -i /var/lib/glusterd/nfs/secret.pem.pub root@serverb複製給serverb。

[root@servera ~]# ssh-keygen -f /var/lib/glusterd/nfs/secret.pem -t rsa -N ''
Generating public/private rsa key pair.
Your identification has been saved in /var/lib/glusterd/nfs/secret.pem.
Your public key has been saved in /var/lib/glusterd/nfs/secret.pem.pub.
The key fingerprint is:
ba:4d:cd:48:e5:65:d7:65:20:4c:b7:af:2f:21:59:d8 [email protected]
The key's randomart image is:
+--[ RSA 2048]----+
|           oo o.o|
|            .o +.|
|          . ooo .|
|         o o..E. |
|        S .  o  .|
|       o +  o .. |
|      . o o  ... |
|       +      .. |
|      . .      ..|
+-----------------+
[root@servera ~]# ll /var/lib/glusterd/nfs/secret.pem*
-rw-------. 1 root root 1675 Jan 29 11:13 /var/lib/glusterd/nfs/secret.pem
-rw-r--r--. 1 root root  410 Jan 29 11:13 /var/lib/glusterd/nfs/secret.pem.pub
[root@servera ~]# scp /var/lib/glusterd/nfs/secret.pem* serverb:/var/lib/glusterd/nfs/
root@serverb's password: 
secret.pem                                                                                                     100% 1675     1.6KB/s   00:00    
secret.pem.pub                                                                                                 100%  410     0.4KB/s   00:00

[root@serverb ~]# ll /var/lib/glusterd/nfs/secret.pem*
-rw-------. 1 root root 1675 Jan 29 11:15 /var/lib/glusterd/nfs/secret.pem
-rw-r--r--. 1 root root  410 Jan 29 11:15 /var/lib/glusterd/nfs/secret.pem.pub

[root@servera ~]# ssh-copy-id -i /var/lib/glusterd/nfs/secret.pem.pub root@servera
The authenticity of host 'servera (172.25.250.10)' can't be established.
ECDSA key fingerprint is f3:3a:20:c9:5a:cc:cc:f0:44:f7:00:90:03:18:b1:8d.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@servera's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@servera'"
and check to make sure that only the key(s) you wanted were added.

[root@servera ~]# ssh-copy-id -i /var/lib/glusterd/nfs/secret.pem.pub root@serverb
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@serverb's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@serverb'"
and check to make sure that only the key(s) you wanted were added.
 

6.啓動服務

systemctl start glusterd啓動服務。serverb參照servera操作。gluster volume set all cluster.enable-shared-storage enable啓動共享功能。

[root@servera ~]# systemctl start glusterd
[root@serverb ~]# systemctl start glusterd
[root@servera ~]# gluster volume set all cluster.enable-shared-storage enable
volume set: success
 

7.配置端口

grep ^NFS_Core_Param /etc/ganesha/ganesha.conf -A7查看模塊。vim /etc/ganesha/ganesha.conf編輯配置文件。grep ^NFS_Core_Param /etc/ganesha/ganesha.conf -A8確認信息（增加MNT_Port信息）。

[root@servera ~]# grep ^NFS_Core_Param /etc/ganesha/ganesha.conf -A7
NFS_Core_Param {
        #Use supplied name other tha IP In NSM operations
        NSM_Use_Caller_Name = true;
        #Copy lock states into "/var/lib/nfs/ganesha" dir
        Clustered = false;
        #Use a non-privileged port for RQuota
        Rquota_Port = 4501;
}
[root@servera ~]# vim /etc/ganesha/ganesha.conf
[root@servera ~]# grep ^NFS_Core_Param /etc/ganesha/ganesha.conf -A8
NFS_Core_Param {
        #Use supplied name other tha IP In NSM operations
        NSM_Use_Caller_Name = true;
        #Copy lock states into "/var/lib/nfs/ganesha" dir
        Clustered = false;
        #Use a non-privileged port for RQuota
        Rquota_Port = 4501;
        MNT_Port = 20048;
}

[root@serverb ~]#  vim /etc/ganesha/ganesha.conf
[root@serverb ~]# grep ^NFS_Core_Param /etc/ganesha/ganesha.conf -A8
NFS_Core_Param {
        #Use supplied name other tha IP In NSM operations
        NSM_Use_Caller_Name = true;
        #Copy lock states into "/var/lib/nfs/ganesha" dir
        Clustered = false;
        #Use a non-privileged port for RQuota
        Rquota_Port = 4501;
        MNT_Port = 20048;
}
 

8.啓動服務

gluster nfs-ganesha enable啓動服務。gluster volume set custdata ganesha.enable on設置存儲卷的功能開啓。

[root@servera ~]# gluster nfs-ganesha enable
Enabling NFS-Ganesha requires Gluster-NFS to be disabled across the trusted pool. Do you still want to continue?
 (y/n) y
This will take a few minutes to complete. Please wait ..
nfs-ganesha : success 
[root@servera ~]# gluster volume set custdata ganesha.enable on
volume set: success

 

9.配置掛載

showmount -e 172.25.250.16掛載輸出。mkdir /mnt/nfs創建掛載目錄。echo "172.25.250.16:/custdata /mnt/nfs nfs rw,vers=4 0 0" >> /etc/fstab掛載信息寫入配置文件。tail -1 /etc/fstab查看配置文件。 mount /mnt/nfs進行掛載。mount | grep custdata查看掛載。df -Th | grep custdata查看文件系統。

[root@workstation ~]# showmount -e 172.25.250.16
Export list for 172.25.250.16:
/custdata (everyone)
[root@workstation ~]# mkdir /mnt/nfs
[root@workstation ~]# echo "172.25.250.16:/custdata /mnt/nfs nfs rw,vers=4 0 0" >> /etc/fstab
[root@workstation ~]# tail -1 /etc/fstab
172.25.250.16:/custdata /mnt/nfs nfs rw,vers=4 0 0
[root@workstation ~]# mount /mnt/nfs
[root@workstation ~]# mount | grep custdata
172.25.250.16:/custdata on /mnt/nfs type nfs4 (rw,relatime,vers=4.0,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=172.25.250.254,local_lock=none,addr=172.25.250.16)
[root@workstation ~]# df -Th | grep custdata
172.25.250.16:/custdata nfs4      2.0G   33M  2.0G   2% /mnt/nfs
 

10.任務測評。

lab ganesha grade進行測評。包括：防火牆配置，掛載目錄，掛載與取消掛載，集羣狀態，虛擬IP，地址輸出等。

[student@workstation ~]$ lab ganesha grade

Grading the student's work:

 · Testing if all hosts are reachable..........................  SUCCESS
 · Testing runtime firewall on servera for nfs.................  PASS
 · Testing permanent firewall on servera for nfs...............  PASS
 · Testing runtime firewall on servera for rpc-bind............  PASS
 · Testing permanent firewall on servera for rpc-bind..........  PASS
 · Testing runtime firewall on servera for high-availability...  PASS
 · Testing permanent firewall on servera for high-availability.  PASS
 · Testing runtime firewall on servera for mountd..............  PASS
 · Testing permanent firewall on servera for mountd............  PASS
 · Testing runtime firewall on serverb for nfs.................  PASS
 · Testing permanent firewall on serverb for nfs...............  PASS
 · Testing runtime firewall on serverb for rpc-bind............  PASS
 · Testing permanent firewall on serverb for rpc-bind..........  PASS
 · Testing runtime firewall on serverb for high-availability...  PASS
 · Testing permanent firewall on serverb for high-availability.  PASS
 · Testing runtime firewall on serverb for mountd..............  PASS
 · Testing permanent firewall on serverb for mountd............  PASS
 · Checking for current mount on /mnt/nfs on workstation.......  PASS
 · Checking if /mnt/nfs on workstation is in use...............  PASS
 · Unmounting /mnt/nfs.........................................  PASS
 · Mounting /mnt/nfs...........................................  PASS
 · Checking for current mount on /mnt/nfs on workstation.......  PASS
 · Checking mount options for /mnt/nfs in /etc/fstab...........  PASS
 · Checking cluster status.....................................  PASS
 · Checking cluster name.......................................  PASS
 · Pinging virtual IPs.........................................  PASS
 · Checking available exports on 172.25.250.16.................  PASS
 · Checking available exports on 172.25.250.17.................  PASS

Overall lab grade..............................................  PASS