0.實驗前的環境檢查與配置
[student@workstation ~]$ lab ganesha setup
1.配置環境
systemctl stop glusterd停止服務。killall glusterfs關閉進程。killall glusterfsd關閉進程。 yum -y install glusterfs-ganesha安裝軟件包。serverb參照servera操作。
[root@servera ~]# systemctl stop glusterd
[root@servera ~]# killall glusterfs
[root@servera ~]# killall glusterfsd
[root@servera ~]# yum -y install glusterfs-ganesha
[root@serverb ~]# systemctl stop glusterd
[root@serverb ~]# killall glusterfs
[root@serverb ~]# killall glusterfsd
[root@serverb ~]# yum -y install glusterfs-ganesha
2.配置防火牆
firewall-cmd --add-service放行服務。firewall-cmd --runtime-to-permanent讓防火牆配置永久生效。serverb參照servera操作。
[root@servera ~]# firewall-cmd --add-service=high-availability \
> --add-service=nfs \
> --add-service=rpc-bind \
> --add-service=mountd
success
[root@servera ~]# firewall-cmd --runtime-to-permanent
success
[root@serverb ~]# firewall-cmd --add-service=high-availability \
> --add-service=nfs \
> --add-service=rpc-bind \
> --add-service=mountd
success
[root@serverb ~]# firewall-cmd --runtime-to-permanent
success
3.配置Ganesha
cp /etc/ganesha/ganesha-ha.conf{.sample,}從樣本創建配置文件。 vim /etc/ganesha/ganesha-ha.conf編輯配置文件。grep -v ^# /etc/ganesha/ganesha-ha.conf查看配置文件。
[root@servera ~]# ll /etc/ganesha/ganesha*
-rw-r--r--. 1 root root 1170 Dec 16 2015 /etc/ganesha/ganesha.conf
-rw-r--r--. 1 root root 867 Feb 8 2016 /etc/ganesha/ganesha-ha.conf.sample
[root@servera ~]# cp /etc/ganesha/ganesha-ha.conf{.sample,}
[root@servera ~]# ll /etc/ganesha/ganesha*
-rw-r--r--. 1 root root 1170 Dec 16 2015 /etc/ganesha/ganesha.conf
-rw-r--r--. 1 root root 867 Jan 29 11:00 /etc/ganesha/ganesha-ha.conf
-rw-r--r--. 1 root root 867 Feb 8 2016 /etc/ganesha/ganesha-ha.conf.sample
[root@servera ~]# vim /etc/ganesha/ganesha-ha.conf
[root@servera ~]# grep -v ^# /etc/ganesha/ganesha-ha.conf
HA_NAME="gls-ganesha"
HA_VOL_SERVER="servera"
HA_CLUSTER_NODES="servera.lab.example.com,serverb.lab.example.com"
VIP_servera_lab_example_com="172.25.250.16"
VIP_serverb_lab_example_com="172.25.250.17"
[root@servera ~]# scp /etc/ganesha/ganesha-ha.conf serverb:/etc/ganesha/
The authenticity of host 'serverb (172.25.250.11)' can't be established.
ECDSA key fingerprint is f3:3a:20:c9:5a:cc:cc:f0:44:f7:00:90:03:18:b1:8d.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'serverb,172.25.250.11' (ECDSA) to the list of known hosts.
root@serverb's password:
ganesha-ha.conf 100% 934 0.9KB/s 00:00
4.配置服務
systemctl enable pacemaker pcsd載入啓動項。systemctl start pcsd啓動服務。echo redhat | passwd --stdin hacluster創建用戶。serverb參照servera操作。pcs cluster auth -u hacluster -p redhat登陸服務操作。
[root@servera ~]# systemctl enable pacemaker pcsd
Created symlink from /etc/systemd/system/multi-user.target.wants/pacemaker.service to /usr/lib/systemd/system/pacemaker.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/pcsd.service to /usr/lib/systemd/system/pcsd.service.
[root@servera ~]# systemctl start pcsd
[root@servera ~]# echo redhat | passwd --stdin hacluster
Changing password for user hacluster.
passwd: all authentication tokens updated successfully.
[root@serverb ~]# systemctl enable pacemaker pcsd
Created symlink from /etc/systemd/system/multi-user.target.wants/pacemaker.service to /usr/lib/systemd/system/pacemaker.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/pcsd.service to /usr/lib/systemd/system/pcsd.service.
[root@serverb ~]# systemctl start pcsd
[root@serverb ~]# echo redhat | passwd --stdin hacluster
Changing password for user hacluster.
passwd: all authentication tokens updated successfully.
[root@servera ~]# pcs cluster auth -u hacluster -p redhat \
> servera.lab.example.com serverb.lab.example.com
servera.lab.example.com: Authorized
serverb.lab.example.com: Authorized
5.配置密鑰
ssh-keygen -f /var/lib/glusterd/nfs/secret.pem -t rsa -N ''生成密鑰。 ll /var/lib/glusterd/nfs/secret.pem*查看密鑰。scp /var/lib/glusterd/nfs/secret.pem* serverb:/var/lib/glusterd/nfs/遠程複製。ssh-copy-id -i /var/lib/glusterd/nfs/secret.pem.pub root@servera複製給servera。ssh-copy-id -i /var/lib/glusterd/nfs/secret.pem.pub root@serverb複製給serverb。
[root@servera ~]# ssh-keygen -f /var/lib/glusterd/nfs/secret.pem -t rsa -N ''
Generating public/private rsa key pair.
Your identification has been saved in /var/lib/glusterd/nfs/secret.pem.
Your public key has been saved in /var/lib/glusterd/nfs/secret.pem.pub.
The key fingerprint is:
ba:4d:cd:48:e5:65:d7:65:20:4c:b7:af:2f:21:59:d8 [email protected]
The key's randomart image is:
+--[ RSA 2048]----+
| oo o.o|
| .o +.|
| . ooo .|
| o o..E. |
| S . o .|
| o + o .. |
| . o o ... |
| + .. |
| . . ..|
+-----------------+
[root@servera ~]# ll /var/lib/glusterd/nfs/secret.pem*
-rw-------. 1 root root 1675 Jan 29 11:13 /var/lib/glusterd/nfs/secret.pem
-rw-r--r--. 1 root root 410 Jan 29 11:13 /var/lib/glusterd/nfs/secret.pem.pub
[root@servera ~]# scp /var/lib/glusterd/nfs/secret.pem* serverb:/var/lib/glusterd/nfs/
root@serverb's password:
secret.pem 100% 1675 1.6KB/s 00:00
secret.pem.pub 100% 410 0.4KB/s 00:00
[root@serverb ~]# ll /var/lib/glusterd/nfs/secret.pem*
-rw-------. 1 root root 1675 Jan 29 11:15 /var/lib/glusterd/nfs/secret.pem
-rw-r--r--. 1 root root 410 Jan 29 11:15 /var/lib/glusterd/nfs/secret.pem.pub
[root@servera ~]# ssh-copy-id -i /var/lib/glusterd/nfs/secret.pem.pub root@servera
The authenticity of host 'servera (172.25.250.10)' can't be established.
ECDSA key fingerprint is f3:3a:20:c9:5a:cc:cc:f0:44:f7:00:90:03:18:b1:8d.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@servera's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@servera'"
and check to make sure that only the key(s) you wanted were added.
[root@servera ~]# ssh-copy-id -i /var/lib/glusterd/nfs/secret.pem.pub root@serverb
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@serverb's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@serverb'"
and check to make sure that only the key(s) you wanted were added.
6.啓動服務
systemctl start glusterd啓動服務。serverb參照servera操作。gluster volume set all cluster.enable-shared-storage enable啓動共享功能。
[root@servera ~]# systemctl start glusterd
[root@serverb ~]# systemctl start glusterd
[root@servera ~]# gluster volume set all cluster.enable-shared-storage enable
volume set: success
7.配置端口
grep ^NFS_Core_Param /etc/ganesha/ganesha.conf -A7查看模塊。vim /etc/ganesha/ganesha.conf編輯配置文件。grep ^NFS_Core_Param /etc/ganesha/ganesha.conf -A8確認信息(增加MNT_Port信息)。
[root@servera ~]# grep ^NFS_Core_Param /etc/ganesha/ganesha.conf -A7
NFS_Core_Param {
#Use supplied name other tha IP In NSM operations
NSM_Use_Caller_Name = true;
#Copy lock states into "/var/lib/nfs/ganesha" dir
Clustered = false;
#Use a non-privileged port for RQuota
Rquota_Port = 4501;
}
[root@servera ~]# vim /etc/ganesha/ganesha.conf
[root@servera ~]# grep ^NFS_Core_Param /etc/ganesha/ganesha.conf -A8
NFS_Core_Param {
#Use supplied name other tha IP In NSM operations
NSM_Use_Caller_Name = true;
#Copy lock states into "/var/lib/nfs/ganesha" dir
Clustered = false;
#Use a non-privileged port for RQuota
Rquota_Port = 4501;
MNT_Port = 20048;
}
[root@serverb ~]# vim /etc/ganesha/ganesha.conf
[root@serverb ~]# grep ^NFS_Core_Param /etc/ganesha/ganesha.conf -A8
NFS_Core_Param {
#Use supplied name other tha IP In NSM operations
NSM_Use_Caller_Name = true;
#Copy lock states into "/var/lib/nfs/ganesha" dir
Clustered = false;
#Use a non-privileged port for RQuota
Rquota_Port = 4501;
MNT_Port = 20048;
}
8.啓動服務
gluster nfs-ganesha enable啓動服務。gluster volume set custdata ganesha.enable on設置存儲卷的功能開啓。
[root@servera ~]# gluster nfs-ganesha enable
Enabling NFS-Ganesha requires Gluster-NFS to be disabled across the trusted pool. Do you still want to continue?
(y/n) y
This will take a few minutes to complete. Please wait ..
nfs-ganesha : success
[root@servera ~]# gluster volume set custdata ganesha.enable on
volume set: success
9.配置掛載
showmount -e 172.25.250.16掛載輸出。mkdir /mnt/nfs創建掛載目錄。echo "172.25.250.16:/custdata /mnt/nfs nfs rw,vers=4 0 0" >> /etc/fstab掛載信息寫入配置文件。tail -1 /etc/fstab查看配置文件。 mount /mnt/nfs進行掛載。mount | grep custdata查看掛載。df -Th | grep custdata查看文件系統。
[root@workstation ~]# showmount -e 172.25.250.16
Export list for 172.25.250.16:
/custdata (everyone)
[root@workstation ~]# mkdir /mnt/nfs
[root@workstation ~]# echo "172.25.250.16:/custdata /mnt/nfs nfs rw,vers=4 0 0" >> /etc/fstab
[root@workstation ~]# tail -1 /etc/fstab
172.25.250.16:/custdata /mnt/nfs nfs rw,vers=4 0 0
[root@workstation ~]# mount /mnt/nfs
[root@workstation ~]# mount | grep custdata
172.25.250.16:/custdata on /mnt/nfs type nfs4 (rw,relatime,vers=4.0,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=172.25.250.254,local_lock=none,addr=172.25.250.16)
[root@workstation ~]# df -Th | grep custdata
172.25.250.16:/custdata nfs4 2.0G 33M 2.0G 2% /mnt/nfs
10.任務測評。
lab ganesha grade進行測評。包括:防火牆配置,掛載目錄,掛載與取消掛載,集羣狀態,虛擬IP,地址輸出等。
[student@workstation ~]$ lab ganesha grade
Grading the student's work:
· Testing if all hosts are reachable.......................... SUCCESS
· Testing runtime firewall on servera for nfs................. PASS
· Testing permanent firewall on servera for nfs............... PASS
· Testing runtime firewall on servera for rpc-bind............ PASS
· Testing permanent firewall on servera for rpc-bind.......... PASS
· Testing runtime firewall on servera for high-availability... PASS
· Testing permanent firewall on servera for high-availability. PASS
· Testing runtime firewall on servera for mountd.............. PASS
· Testing permanent firewall on servera for mountd............ PASS
· Testing runtime firewall on serverb for nfs................. PASS
· Testing permanent firewall on serverb for nfs............... PASS
· Testing runtime firewall on serverb for rpc-bind............ PASS
· Testing permanent firewall on serverb for rpc-bind.......... PASS
· Testing runtime firewall on serverb for high-availability... PASS
· Testing permanent firewall on serverb for high-availability. PASS
· Testing runtime firewall on serverb for mountd.............. PASS
· Testing permanent firewall on serverb for mountd............ PASS
· Checking for current mount on /mnt/nfs on workstation....... PASS
· Checking if /mnt/nfs on workstation is in use............... PASS
· Unmounting /mnt/nfs......................................... PASS
· Mounting /mnt/nfs........................................... PASS
· Checking for current mount on /mnt/nfs on workstation....... PASS
· Checking mount options for /mnt/nfs in /etc/fstab........... PASS
· Checking cluster status..................................... PASS
· Checking cluster name....................................... PASS
· Pinging virtual IPs......................................... PASS
· Checking available exports on 172.25.250.16................. PASS
· Checking available exports on 172.25.250.17................. PASS
Overall lab grade.............................................. PASS