1、结合图形描述LVS的工作原理;
LVS (Linux Virtual Server)是一种集群(Cluster)技术,采用IP负载均衡技术和基于内容请求分发技术。调度器具有很好的吞吐率,将请求均衡地转移到不同的服务器上执行,且调度器自动屏蔽掉服务器的故障,从而将一组服务器构成一个高性能的、高可用的虚拟服务器。整个服务器集群的结构对客户是透明的,而且无需修改客户端和服务器端的程序。
为此,在设计时需要考虑系统的透明性、可伸缩性、高可用性和易管理性。一般来说,LVS集群采用三层结构,其体系结构如图所示:
LVS主要的组成部分为负载调度器,它是整个集群对外面的前端机,负责将客户的请求发送到一组服务器上执行,而客户认为服务是来自一个IP地址上的;服务器池,是一组真正执行客户请求的服务器,执行的服务一般有WEB、MAIL、FTP和DNS等;共享存储,它为服务器池提供一个共享的存储区,这样很容易使得服务器池拥有相同的内容,提供相同的服务。 LVS负载均衡分为三种方式,分别是NAT、TUN、DR。下面我分别进行介绍:
1、NAT是一种最简单的方式,所有的RealServer只需要将自己的网关指向Director即可。客户端可以是任意操作系统,但此方式下,一个Director能够带动的RealServer比较有限。在VS/NAT的方式下,Director也可以兼为一台RealServer。VS/NAT的体系结构如下图所示:
2、IP隧道(IP tunneling)是将一个IP报文封装在另一个IP报文的技术,这可以使得目标为一个IP地址的数据报文能被封装和转发到另一个IP地址。IP隧道技术亦称为IP封装技术(IP encapsulation)。IP隧道主要用于移动主机和虚拟私有网络(Virtual Private Network),在其中隧道都是静态建立的,隧道一端有一个IP地址,另一端也有唯一的IP地址。它的连接调度和管理与VS/NAT中的一样,只是它的报文转发方法不同。调度器根据各个服务器的负载情况,动态地选择一台服务器,将请求报文封装在另一个IP报文中,再将封装后的IP报文转发给选出的服务器;服务器收到报文后,先将报文解封获得原来目标地址为 VIP 的报文,服务器发现VIP地址被配置在本地的IP隧道设备上,所以就处理这个请求,然后根据路由表将响应报文直接返回给客户,如下图所示:
3、DR方式是通过改写请求报文中的MAC地址部分来实现的。Director和RealServer必需在物理上有一个网卡通过不间断的局域网相连。 RealServer上绑定的VIP配置在各自Non-ARP的网络设备上(如lo或tunl),Director的VIP地址对外可见,而RealServer的VIP对外是不可见的。RealServer的地址即可以是内部地址,也可以是真实地址,如下图所示:
2、搭建一套LVS-DR模型的高性能集群,并实现以下功能:
(1)、wordpress程序通过nfs共享给各个realserver;
(2)、后端realserver中的nginx和php分离
一、安装Nginx
先把iptables或者selinux关闭了,再把各个节点的服务器时间同步一下,命令# ntpdate cn.ntp.org.cn 然后再把C++和zlib、openssl、openssl-devel、pcre、pcre-devel等包先装好,以免过程中出错,用yum安装就可以 [root@realserver1 ~]# groupadd www [root@realserver1 ~]# useradd -r -g www www -s /sbin/nologin #运行nginx的用户和用户组 [root@realserver1 nginx-1.8.1]# mkdir -pv /opt/application/nginxmkdir: created directory `/opt/application'mkdir: created directory `/opt/application/nginx' [root@realserver1 tools]# tar -xf nginx-1.8.1.tar.gz [root@realserver1 tools]# cd nginx-1.8.1 [root@realserver1 nginx-1.8.1]# ./configure --prefix=/opt/application/nginx/ --user=www --group=www --with-http_stub_status_module --with-http_ssl_module --with-http_spdy_module --with-http_gzip_static_module --with-http_realip_module --with-ipv6 # --with-http_stub_status_module 启用nginx状态监控 # --with-http_ssl_module 启用HTTPS加密 # --with-http_spdy_module 启用spdy支持,缩短为网页加载时间 # --with-http_gzip_static_module 启用静态压缩 # --with-http_realip_module 做代理时获取客户端真实IP # --with-ipv6 支持ipv6 [root@realserver1 nginx-1.8.1]# make ;make install
创建nginx启动脚本
[root@realserver1 ~]# vim /etc/rc.d/init.d/nginx [root@realserver1 ~]# chmod 755 /etc/rc.d/init.d/nginx [root@realserver1 ~]# service nginx start Starting nginx: [ OK ] [root@realserver1 ~]# chkconfig --add nginx [root@realserver1 ~]# chkconfig nginx on [root@realserver1 ~]# chkconfig --list nginx nginx 0:off 1:off 2:on 3:on 4:on 5:on 6:off
测试成功:
[root@realserver1 ~]# curl -I http://192.168.2.212 HTTP/1.1 200 OK Server: nginx/1.8.1 Date: Thu, 11 Aug 2016 20:26:13 GMT Content-Type: text/html Content-Length: 612 Last-Modified: Thu, 11 Aug 2016 19:21:49 GMT Connection: keep-alive ETag: "57acd04d-264" Accept-Ranges: bytes
Nginx脚本如下:
#!/bin/sh # # nginx - this script starts and stops the nginx daemin # # chkconfig: - 85 15 # description: Nginx is an HTTP(S) server, HTTP(S) reverse \ # proxy and IMAP/POP3 proxy server # processname: nginx # config: /usr/local/nginx/conf/nginx.conf # pidfile: /usr/local/nginx/logs/nginx.pid # Source function library. . /etc/rc.d/init.d/functions # Source networking configuration. . /etc/sysconfig/network # Check that networking is up. [ "$NETWORKING" = "no" ] && exit 0 nginx="/opt/application/nginx/sbin/nginx" prog=$(basename $nginx) NGINX_CONF_FILE="/opt/application/nginx/conf/nginx.conf"lockfile=/var/lock/subsys/nginx start() { [ -x $nginx ] || exit 5 [ -f $NGINX_CONF_FILE ] || exit 6 echo -n $"Starting $prog: " daemon $nginx -c $NGINX_CONF_FILE retval=$? echo [ $retval -eq 0 ] && touch $lockfile return $retval } stop() { echo -n $"Stopping $prog: " killproc $prog -QUIT retval=$? echo [ $retval -eq 0 ] && rm -f $lockfile return $retval } restart() { configtest || return $? stop start } reload() { configtest || return $? echo -n $"Reloading $prog: " killproc $nginx -HUP RETVAL=$? echo } force_reload() { restart } configtest() { $nginx -t -c $NGINX_CONF_FILE } rh_status() { status $prog } rh_status_q() { rh_status >/dev/null 2>&1 } case "$1" in start) rh_status_q && exit 0 $1 ;; stop) rh_status_q || exit 0 $1 ;; restart|configtest) $1 ;; reload) rh_status_q || exit 7 $1 ;; force-reload) force_reload ;; status) rh_status ;; condrestart|try-restart) rh_status_q || exit 0 ;; *) echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}" exit 2 esac
192.168.2.213(realserver2) :如同realserver1配置。
二、安装Mysql
192.168.2.215(mysql-server):
[root@mysql-server ~]# wget http://ftp.jaist.ac.jp/pub/mysql/Downloads/MySQL-5.6/mysql-5.6.31.tar.gz [root@mysql-server ~]# tar -zxf mysql-5.6.31.tar.gz [root@mysql-server mysql-5.6.31]# groupadd mysql [root@mysql-server mysql-5.6.31]# useradd -r -g mysql mysql -s /sbin/nologin [root@mysql-server mysql-5.6.31]# cmake . \ -DCMAKE_INSTALL_PREFIX=/opt/application/mysql/ \ -DMYSQL_DATADIR=/opt/application/mysql/data \ -DMYSQL_UNIX_ADDR=/var/lib/mysql/mysql.sock \ -DSYSCONFDIR=/etc \ -DMYSQL_TCP_PORT=3306 \ -DWITH_MYISAM_STORAGE_ENGINE=1 \ -DWITH_INNOBASE_STORAGE_ENGINE=1 \ -DWITH_MEMORY_STORAGE_ENGINE=1 \ -DWITH_READLINE=1 \ -DENABLED_LOCAL_INFILE=1 \ -DWITH_PARTITION_STORAGE_ENGINE=1 \ -DEXTRA_CHARSETS=all \ -DDEFAULT_CHARSET=utf8 \ -DDEFAULT_COLLATION=utf8_general_ci #编译时间很长,耐心等待... #DCMAKE_INSTALL_PREFIX 安装根目录 #DMYSQL_DATADIR 数据存储目录 #DMYSQL_UNIX_ADDR 连接数据库socket路径 #DSYSCONFDIR 配置文件(my.cnf)目录 #DMYSQL_TCP_PORT mysql启用的TCP/IP端口 #DWITH_MYISAM_STORAGE_ENGINE 启用MYISAM引擎支持 #DWITH_INNOBASE_STORAGE_ENGINE 启用INNOBASE引擎支持 #DWITH_MEMORY_STORAGE_ENGINE 启用Memory引擎支持 #DWITH_READLINE 快捷键功能 #DENABLED_LOCAL_INFILE 允许从本地导入数据 #DWITH_PARTITION_STORAGE_ENGINE 安装支持数据库分区 #DEXTRA_CHARSETS 安装所有的字符集 #DDEFAULT_CHARSET 默认字符集 #DDEFAULT_COLLATION 默认编码 Mysql官方参考文件:http://dev.mysql.com/doc/refman/5.6/en/source-configuration-options.html # make -j 4 # make install # chown -R mysql.mysql /opt/application/mysql #改变目录所有者 # /opt/application/mysql/scripts/mysql_install_db --user=mysql --basedir=/opt/application/mysql --datadir=/opt/application/mysql/data #初始化数据库 [root@mysql-server support-files]# cp /opt/application/mysql/support-files/my-default.cnf /etc/my.cnf [root@mysql-server support-files]# cp /opt/application/mysql/support-files/mysql.server /etc/rc.d/init.d/mysql [root@mysql-server support-files]# chkconfig --add mysql [root@mysql-server support-files]# chkconfig mysql on #添加开机启动 [root@mysql-server support-files]# service mysql start #启动mysql服务 Starting MySQL. SUCCESS! [root@mysql-server support-files]# netstat -tunlpa |grep 3306 tcp 0 0 :::3306 :::* LISTEN 24982/mysqld [root@mysql-server ~]# vim /etc/bashrc #把mysql的bin命令添加到path PATH=/opt/application/mysql/bin:$PATH export PATH
三、安装PHP
[root@php-server ~]# groupadd www [root@php-server ~]# useradd -r -g www www -s /sbin/nologin #运行php-fpm的用户和用户组 [root@php-server ~]# wget http://cn.php.net/distributions/php-5.6.24.tar.gz [root@php-server ~]# tar -zxf php-5.6.24.tar.gz [root@php-server ~]# cd php-5.6.24 [root@php-server php-5.6.24]# mkdir -pv /opt/application/php mkdir: created directory `/opt/application' mkdir: created directory `/opt/application/php' [root@php-server php-5.6.24]# ./configure \ --prefix=/opt/application/php \ --with-config-file-path=/etc \ --with-fpm-user=www \ --with-fpm-group=www \ --enable-fpm \ --enable-ftp \ --enable-zip \ --enable-soap \ --enable-xml \ --enable-bcmath \ --enable-shmop \ --enable-exif \ --enable-pcntl \ --enable-opcache \ --enable-sysvsem \ --enable-mbregex \ --enable-mbstring \ --enable-sockets \ --enable-gd-native-ttf \ --enable-inline-optimization \ --with-zlib \ --with-curl \ --with-gd \ --with-mcrypt \ --with-openssl \ --with-mhash \ --with-xmlrpc \ --with-gettext \ --with-iconv-dir \ --with-freetype-dir \ --with-mysql=mysqlnd \ --with-mysqli=mysqlnd \ --with-libxml-dir=/usr \ --with-pdo-mysql=mysqlnd \ --disable-rpath \ --disable-ipv6 \ --disable-debug \ --disable-fileinfo \
#这里可能报错:configure: error: mcrypt.h not found. Please reinstall libmcrypt,解决方法如下:
1、安装第三方yum源wget http://www.atomicorp.com/installers/atomicsh ./atomic 2、使用yum命令安装yum install php-mcrypt libmcrypt libmcrypt-devel
四、修改nginx和php的配置文件
192.168.2.212(realserver1):如下图;
192.168.2.213(realserver2):参照192.168.2.212(realserver1)
[root@realserver1 ~]# cp /opt/application/nginx/conf/nginx.conf /opt/application/nginx/conf/nginx.confbak #备份 [root@realserver1 ~]# vim /opt/application/nginx/conf/nginx.conf location / { root /data/www;#第1处修改 index index.html index.htm; } location ~ \.php$ { root /data/www;#第2处修改 fastcgi_pass 192.168.2.214:9000; #第3处修改 fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; }
五、安装NFS挂载wordpress
192.168.2.214(php-server):
[root@php-server ~]# yum install -y nfs-utils.x86_64 nfs-utils-lib.x86_64 nfs-utils-lib-devel.x86_64 # yum安装nfs程序 [root@php-server ~]# /etc/init.d/rpcbind start Starting rpcbind: [ OK ] [root@php-server ~]# /etc/init.d/nfs start Starting NFS services: [ OK ] Starting NFS mountd: [ OK ] Starting NFS daemon: [ OK ] Starting RPC idmapd: [ OK ] [root@php-server ~]# netstat -tulnp |grep -E '(rpc|nfs)' tcp 0 0 0.0.0.0:48254 0.0.0.0:* LISTEN 65830/rpc.mountd tcp 0 0 0.0.0.0:54949 0.0.0.0:* LISTEN 65830/rpc.mountd tcp 0 0 0.0.0.0:39822 0.0.0.0:* LISTEN 65830/rpc.mountd tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 65785/rpcbind tcp 0 0 :::37923 :::* LISTEN 65830/rpc.mountd tcp 0 0 :::47075 :::* LISTEN 65830/rpc.mountd tcp 0 0 :::111 :::* LISTEN 65785/rpcbind tcp 0 0 :::46353 :::* LISTEN 65830/rpc.mountd udp 0 0 0.0.0.0:664 0.0.0.0:* 65785/rpcbind udp 0 0 0.0.0.0:59076 0.0.0.0:* 65830/rpc.mountd udp 0 0 0.0.0.0:59472 0.0.0.0:* 65830/rpc.mountd udp 0 0 0.0.0.0:49502 0.0.0.0:* 65830/rpc.mountd udp 0 0 0.0.0.0:111 0.0.0.0:* 65785/rpcbind udp 0 0 :::664 :::* 65785/rpcbind udp 0 0 :::36008 :::* 65830/rpc.mountd udp 0 0 :::54987 :::* 65830/rpc.mountd udp 0 0 :::44906 :::* 65830/rpc.mountd udp 0 0 :::111 :::* 65785/rpcbind [root@php-server data]# mkdir -pv /data/www mkdir: created directory `/data' mkdir: created directory `/data/www' [root@php-server data]# cat /etc/exports /data/www 192.168.2.0/24(rw,no_root_squash) [root@php-server data]# ll -d /data/www/ drwxrwxrwx 2 root root 4096 Aug 13 04:02 /data/www/ [root@php-server data]# service nfs restart shell-init: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory chdir: error retrieving current directory: getcwd: cannot access parent directories: No such file or directory Shutting down NFS daemon: [ OK ] Shutting down NFS mountd: [ OK ] Shutting down RPC idmapd: [ OK ] Starting NFS services: [ OK ] Starting NFS mountd: [ OK ] Starting NFS daemon: [ OK ] Starting RPC idmapd: [ OK ] [root@php-server data]# showmount -e 192.168.2.214 Export list for 192.168.2.214: /data/www 192.168.2.0/24 #下载wordpress到php-server并解压缩 [root@php-server www]# chown -R www.www *
192.168.2.211(realserver1):
#安装nfs [root@realserver1 html]# yum install -y nfs-utils.x86_64 nfs-utils-lib.x86_64 nfs-utils-lib-devel.x86_64 #把192.168.2.214上的程序挂载到realserver1、realserver2对应目录上 [root@realserver1 html]# mount -t nfs 192.168.2.214:/data/www/ /data/www/ #查看realserver1的mount信息 [root@realserver1 html]# mount /dev/mapper/VolGroup-lv_root on / type ext4 (rw) proc on /proc type proc (rw) sysfs on /sys type sysfs (rw) devpts on /dev/pts type devpts (rw,gid=5,mode=620) tmpfs on /dev/shm type tmpfs (rw,rootcontext="system_u:object_r:tmpfs_t:s0") /dev/sda1 on /boot type ext4 (rw) none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw) 192.168.2.214:/data/www/ on /data/www/ type nfs (rw,vers=4,addr=192.168.2.214,clientaddr=192.168.2.212)
192.168.2.212(realserver2): 参考192.168.2.211(realserver1),具体操作这里忽略;
192.168.2.214(mysql-server):
root@mysql-server ~]# mysql mysql> CREATE DATABASE `wordpress` CHARACTER SET utf8 COLLATE utf8_general_ci; mysql> GRANT ALL ON wordpress.* TO 'wordpress'@'192.168.2.214' IDENTIFIED BY '123456'; mysql> flush privileges;
浏览器输入:http://192.168.2.212;
六、LVS安装
192.168.2.211:
[root@lvs-dr ~]# yum install -y ipvsadm [root@lvs-dr ~]# ifconfig eth0:0 192.168.2.210/24 broadcast 192.168.2.210 up [root@lvs-dr ~]# route add -host 192.168.2.210 dev eth0:0 [root@lvs-dr ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:3d:6a:9d brd ff:ff:ff:ff:ff:ff inet 192.168.2.211/24 brd 192.168.2.255 scope global eth0 inet 192.168.2.210/24 brd 192.168.2.210 scope global secondary eth0:0 inet6 fe80::20c:29ff:fe3d:6a9d/64 scope link valid_lft forever preferred_lft forever [root@lvs-dr ~]#
192.168.2.212(realserver1):
[root@realserver1 ~]# echo "1" > /proc/sys/net/ipv4/conf/all/arp_ignore [root@realserver1 ~]# echo "1" > /proc/sys/net/ipv4/conf/lo/arp_ignore [root@realserver1 ~]# echo "2" > /proc/sys/net/ipv4/conf/lo/arp_announce [root@realserver1 ~]# echo "2" > /proc/sys/net/ipv4/conf/all/arp_announce [root@realserver1 ~]# ifconfig lo:0 192.168.2.210 netmask 255.255.255.255 broadcast 192.168.2.210 [root@realserver1 ~]# route add -host 192.168.2.210 dev lo:0 [root@realserver1 ~]# ifconfig eth0 Link encap:Ethernet HWaddr 00:0C:29:B8:03:1C inet addr:192.168.2.212 Bcast:192.168.2.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:feb8:31c/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:9435 errors:0 dropped:0 overruns:0 frame:0 TX packets:6582 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:2278123 (2.1 MiB) TX bytes:2171329 (2.0 MiB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:144 errors:0 dropped:0 overruns:0 frame:0 TX packets:144 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:12523 (12.2 KiB) TX bytes:12523 (12.2 KiB) lo:0 Link encap:Local Loopback inet addr:192.168.2.210 Mask:255.255.255.255 UP LOOPBACK RUNNING MTU:65536 Metric:1 [root@realserver1 ~]#
192.168.2.213(realserver2):参考192.168.2.212
192.168.2.211(lvs-dr):
[root@lvs-dr ~]# ipvsadm -a -t 192.168.2.210:80 -r 192.168.2.112 -g -w 1 [root@lvs-dr ~]# ipvsadm -a -t 192.168.2.210:80 -r 192.168.2.213 -g -w 2 [root@lvs-dr ~]# ipvsadm -L -n IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.2.210:80 rr -> 192.168.2.112:80 Route 1 0 0 -> 192.168.2.213:80 Route 2 0 0
3、基于heartbeat v2 crm实现HA LAMP组合;要求,部署wordpress,用于编辑的文章中的任何数据在节点切换后都能正常访问;
[root@php-server www]service iptables stop [root@php-server www]chkconfig iptables off [root@php-server www]getenforce 0 安装并同步各个节点的时间,例如 [root@lvs-dr ~]# yum install -y ntpdate.x86_64 [root@lvs-dr ~]# ntpdate cn.ntp.org.cn 一、修改主机名 复制代码 [root@node1 ~]# more /etc/hosts hosts hosts.allow hosts.deny [root@node1 ~]# more /etc/hosts 127.0.0.1 localhost node1 node1.test.com localhost4 localhost4.localdomain4 ::1 localhost node1 node1.test.com localhost6 localhost6.localdomain6 [root@node1 ~]# more /etc/sysconfig/network NETWORKING=yes HOSTNAME=node1 复制代码 二、安装apahce 复制代码 [root@node1 ~]# yum install -y httpd [root@node1 ~]# vim /var/www/html/index.html [root@node1 ~]# service httpd restart [root@node1 ~]# curl -I http://192.168.2.216 HTTP/1.1 200 OK Date: Sat, 13 Aug 2016 16:32:38 GMT Server: Apache/2.2.15 (CentOS) Last-Modified: Sat, 13 Aug 2016 16:30:22 GMT ETag: "260270-f-539f683fbfea1" Accept-Ranges: bytes Content-Length: 15 Connection: close Content-Type: text/html; charset=UTF-8 三、SSH免密钥登录 [root@node1 ~]# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Created directory '/root/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: f0:33:40:f4:f1:83:3d:7d:1e:5b:67:a2:a8:08:44:b3 root@node1.test.com The key's randomart image is: +--[ RSA 2048]----+ | o.o . | | . + . = . | | E o o = . + +| | . + + + *.| | . S . . o | | . . + | | . . | | | | | +-----------------+ [root@node1 ~]# ssh-copy-id 192.168.2.217 The authenticity of host '192.168.2.217 (192.168.2.217)' can't be established. RSA key fingerprint is bc:71:16:97:d8:ce:a0:3e:8b:4a:b9:da:ca:bd:dd:07. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.2.217' (RSA) to the list of known hosts. root@192.168.2.217's password: Now try logging into the machine, with "ssh '192.168.2.217'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting. [root@node1 ~]# ssh root@192.168.2.217 Last login: Sun Aug 14 00:24:50 2016 from 192.168.2.106 [root@node2 ~]# 四、安装heartbeat [root@node1 ~]# wget http://mirrors.aliyun.com/epel/6/x86_64/epel-release-6-8.noarch.rpm [root@node1 ~]# rpm -ivh epel-release-6-8.noarch.rpm warning: epel-release-6-8.noarch.rpm: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY Preparing... ########################################### [100%] 1:epel-release ########################################### [100%] #直接安装rpm heartbeat会报依赖错误,这里我们先解决依赖关系 [root@node1 ~]#yum -y install perl-TimeDate net-snmp-libs libnet PyXML #再安装就可以了 [root@node1 heartbeat]# rpm -ivh *.rpm --nodeps --force warning: heartbeat-2.1.4-11.el5.x86_64.rpm: Header V3 DSA/SHA1 Signature, key ID 217521f6: NOKEY warning: heartbeat-pils-2.1.4-9.el5.x86_64.rpm: Header V3 DSA/SHA1 Signature, key ID 192a7d7d: NOKEY Preparing... ########################################### [100%] 1:heartbeat-pils ########################################### [ 25%] 2:heartbeat-stonith ########################################### [ 50%] 3:heartbeat warning: /etc/ha.d/shellfuncs created as /etc/ha.d/shellfuncs.rpmnew ########################################### [ 75%] 4:heartbeat-devel ########################################### [100%] [root@node1 heartbeat]# ll /etc/ha.d/ total 24 -rwxr-xr-x 1 root root 745 Mar 21 2010 harc drwxr-xr-x 2 root root 4096 Aug 14 17:14 rc.d -rw-r--r-- 1 root root 692 Mar 21 2010 README.config drwxr-xr-x 2 root root 4096 Aug 14 17:14 resource.d -rw-r--r-- 1 root root 7864 Mar 21 2010 shellfuncs [root@node1 ha.d]# cp -r /usr/share/doc/heartbeat-2.1.4/ /etc/ha.d/ [root@node1 ha.d]# ll total 28 -rwxr-xr-x 1 root root 745 Mar 21 2010 harc drwxr-xr-x 2 root root 4096 Aug 14 04:24 heartbeat-2.1.4 drwxr-xr-x 2 root root 4096 Aug 14 04:20 rc.d -rw-r--r-- 1 root root 692 Mar 21 2010 README.config drwxr-xr-x 2 root root 4096 Aug 14 04:20 resource.d -rw-r--r-- 1 root root 7864 Mar 21 2010 shellfuncs [root@node1 ha.d]# cp ./heartbeat-2.1.4/{ha.cf,authkeys,haresources} ./ [root@node1 ha.d]# chmod 600 authkeys /etc/ha.d目录下: #ha.cf :主配置文件,定义各节点上的heartbeat HA集群的基本属性; #authkeys :集群内节点间彼此传递消息时使用加密算法及密钥; #haresources :为heartbeat v1的提供资源管理器配置接口: v1版本专用的配置接口 [root@node1 ha.d]# ll total 52 -rw------- 1 root root 666 Aug 14 04:27 authkeys -rw-r--r-- 1 root root 10770 Aug 14 04:29 ha.cf -rwxr-xr-x 1 root root 745 Mar 21 2010 harc -rw-r--r-- 1 root root 5970 Aug 14 04:54 haresources drwxr-xr-x 2 root root 4096 Aug 14 04:24 heartbeat-2.1.4 drwxr-xr-x 2 root root 4096 Aug 14 22:39 rc.d -rw-r--r-- 1 root root 692 Mar 21 2010 README.config drwxr-xr-x 2 root root 4096 Aug 14 22:39 resource.d -rw-r--r-- 1 root root 7864 Mar 21 2010 shellfuncs 这里要注意的是:如何在网络中我们期望的节点集群成为我们所需要的节点,在集群中信息不能随便传递,而心跳节点是基于组播地址传递的,如果别人也装了heartbeat也连接到这个组播地址上来,这都不安全,基于这种情况,我们各节点这间信息传递是需要认证的,这种认证基于HMAC 配置heartbeat,它的配置文件在/etc/ha.d/的目录下,但是安装完程序之后这个目录下没有这个配置文件,只有/usr/share/doc/heartbeat-2.1.4/目录下有ha.cf的主配置文件样本,复制到/etc下修改配置文件即可使用;还有一个authkeys的认证文件,这个文件就是我们各节点认证时所保存的认证密码和认证机制,所以这个文件的权限至关重要,必须是600,否则启动不了服务;第三个haresources,定义资源时需要资源管理器来读取这个文件,所以这个也得有; [root@node1 ha.d]# vim authkeys auth 2 2 sha1 be45617e827e7a7d [root@node1 ha.d]# vim ha.cf debugfile /var/log/ha-debug keepalive 2 deadtime 30 warntime 10 udpport 694 mcast eth0 225.10.0.1 694 1 0 auto_failback on node node1.test.com node node2.test.com crm on ping 192.168.2.217 compression bz2 compression_threshold 2 #logfile /var/log/ha-log #日志文件,正常日志信息记录到哪去的 #keepalive 2 #每隔2s发送一次心跳信息的,单位是秒,毫秒用ms #deadtime 30 #隔多长时间探测到对方不在线就kill掉的时间间隔 #warntime 10 #警告时间 #udpport 694 #mcast eth0 225.10.0.1 694 1 0 #定义组播地址 #auto_failback on #开启故障转回功能 #node node1.test.com #定义两个节点 #node node2.test.com #crm on #启用crm功能 #ping 192.168.2.218 #ping节点 #compression bz2 #压缩格式 #compression_threshold 2 #表示小于2K时不压缩传输 [root@node1 ha.d]# scp -p ha.cf haresources authkeys node2:/etc/ha.d/ The authenticity of host 'node2 (192.168.2.217)' can't be established. RSA key fingerprint is bc:71:16:97:d8:ce:a0:3e:8b:4a:b9:da:ca:bd:dd:07. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'node2' (RSA) to the list of known hosts. ha.cf 100% 11KB 10.5KB/s 00:00 haresources 100% 5970 5.8KB/s 00:00 authkeys 100% 666 0.7KB/s 00:00 [root@node1 ha.d]# node1.test.com 192.168.2.218/24/eth0/192.168.255.255 httpd [root@node1 ha.d]# service heartbeat start [root@node1 ha.d]# service heartbeat start logd is already running Starting High-Availability services: Done. [root@node1 ~]# Message from syslogd@node1 at Aug 15 01:32:04 ... heartbeat: [1439]: EMERG: Rebooting system. Reason: /usr/lib64/heartbeat/cibatu Connection closed by foreign host. 网上有说改hearbeat文件的用户和组,没用~~,后注释ha.cf的#crm on 恢复。 [root@node1 ha.d]# service heartbeat restart Stopping High-Availability services: Done. Waiting to allow resource takeover to complete: Done. Starting High-Availability services: 2016/08/14_18:08:55 INFO: Resource is stopped Done. 检测运行状态,所有资源在node1上 ,node2 上只有heartbeat服务 [root@node1 ha.d]# ifconfig eth0 Link encap:Ethernet HWaddr 00:0C:29:46:B1:B7 inet addr:192.168.2.216 Bcast:192.168.2.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fe46:b1b7/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2522 errors:0 dropped:0 overruns:0 frame:0 TX packets:4289 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:320135 (312.6 KiB) TX bytes:2902096 (2.7 MiB) eth0:0 Link encap:Ethernet HWaddr 00:0C:29:46:B1:B7 inet addr:192.168.2.218 Bcast:10.10.10.254 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) [root@node1 ha.d]# ps -ef |grep httpd root 2635 1 0 18:10 ? 00:00:00 /usr/sbin/httpd apache 2640 2635 0 18:10 ? 00:00:00 /usr/sbin/httpd apache 2641 2635 0 18:10 ? 00:00:00 /usr/sbin/httpd apache 2642 2635 0 18:10 ? 00:00:00 /usr/sbin/httpd apache 2643 2635 0 18:10 ? 00:00:00 /usr/sbin/httpd apache 2644 2635 0 18:10 ? 00:00:00 /usr/sbin/httpd apache 2645 2635 0 18:10 ? 00:00:00 /usr/sbin/httpd apache 2646 2635 0 18:10 ? 00:00:00 /usr/sbin/httpd apache 2647 2635 0 18:10 ? 00:00:00 /usr/sbin/httpd root 2900 1592 0 18:12 pts/0 00:00:00 grep httpd [root@node1 ha.d]# pa aux |grep heartbeat -bash: pa: command not found [root@node1 ha.d]# ps aux |grep heartbeat root 2338 0.0 1.4 69608 14364 ? SLs 18:10 0:00 heartbeat: master control process nobody 2341 0.0 0.7 62876 7632 ? SL 18:10 0:00 heartbeat: FIFO reader nobody 2342 0.0 0.7 63004 7760 ? SL 18:10 0:00 heartbeat: write: mcast eth0 nobody 2343 0.0 0.7 63004 7760 ? SL 18:10 0:00 heartbeat: read: mcast eth0 nobody 2344 0.0 0.7 63004 7760 ? SL 18:10 0:00 heartbeat: write: ping 192.168.2.217 nobody 2345 0.0 0.7 63004 7760 ? SL 18:10 0:00 heartbeat: read: ping 192.168.2.217 root 2904 0.0 0.0 103312 876 pts/0 S+ 18:13 0:00 grep heartbeat [root@node2 ha.d]# ifconfig eth0 Link encap:Ethernet HWaddr 00:0C:29:2D:5B:EC inet addr:192.168.2.217 Bcast:192.168.2.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fe2d:5bec/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:11766 errors:0 dropped:0 overruns:0 frame:0 TX packets:5494 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:3603815 (3.4 MiB) TX bytes:837732 (818.0 KiB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:355 errors:0 dropped:0 overruns:0 frame:0 TX packets:355 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:49398 (48.2 KiB) TX bytes:49398 (48.2 KiB) [root@node2 ha.d]# netstat -nlptu|grep 80 tcp 0 0 :::80 :::* LISTEN 3198/httpd [root@node2 ha.d]# ps -ef |grep httpd root 3198 1 0 18:11 ? 00:00:00 /usr/sbin/httpd apache 3200 3198 0 18:11 ? 00:00:00 /usr/sbin/httpd apache 3201 3198 0 18:11 ? 00:00:00 /usr/sbin/httpd apache 3202 3198 0 18:11 ? 00:00:00 /usr/sbin/httpd apache 3203 3198 0 18:11 ? 00:00:00 /usr/sbin/httpd apache 3204 3198 0 18:11 ? 00:00:00 /usr/sbin/httpd apache 3205 3198 0 18:11 ? 00:00:00 /usr/sbin/httpd apache 3206 3198 0 18:11 ? 00:00:00 /usr/sbin/httpd apache 3207 3198 0 18:11 ? 00:00:00 /usr/sbin/httpd root 3217 1811 0 18:14 pts/0 00:00:00 grep httpd [root@node2 ha.d]# [root@node2 ha.d]# ifconfig eth0 Link encap:Ethernet HWaddr 00:0C:29:2D:5B:EC inet addr:192.168.2.217 Bcast:192.168.2.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fe2d:5bec/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:12689 errors:0 dropped:0 overruns:0 frame:0 TX packets:6338 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:3701251 (3.5 MiB) TX bytes:980188 (957.2 KiB) eth0:0 Link encap:Ethernet HWaddr 00:0C:29:2D:5B:EC inet addr:192.168.2.218 Bcast:192.168.2.254 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:413 errors:0 dropped:0 overruns:0 frame:0 TX packets:413 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:57576 (56.2 KiB) TX bytes:57576 (56.2 KiB) [root@node2 ha.d]# ps -ef |grep httpd root 4452 1 0 18:21 ? 00:00:00 /usr/sbin/httpd apache 4454 4452 0 18:21 ? 00:00:00 /usr/sbin/httpd apache 4455 4452 0 18:21 ? 00:00:00 /usr/sbin/httpd apache 4456 4452 0 18:21 ? 00:00:00 /usr/sbin/httpd apache 4457 4452 0 18:21 ? 00:00:00 /usr/sbin/httpd apache 4458 4452 0 18:21 ? 00:00:00 /usr/sbin/httpd apache 4459 4452 0 18:21 ? 00:00:00 /usr/sbin/httpd apache 4460 4452 0 18:21 ? 00:00:00 /usr/sbin/httpd apache 4461 4452 0 18:21 ? 00:00:00 /usr/sbin/httpd root 4468 1811 0 18:21 pts/0 00:00:00 grep httpd [root@node2 ha.d]# ps -ef |grep heartbeat root 4022 1 0 18:20 ? 00:00:00 heartbeat: master control process nobody 4024 4022 0 18:20 ? 00:00:00 heartbeat: FIFO reader nobody 4025 4022 0 18:20 ? 00:00:00 heartbeat: write: mcast eth0 nobody 4026 4022 0 18:20 ? 00:00:00 heartbeat: read: mcast eth0 nobody 4027 4022 0 18:20 ? 00:00:00 heartbeat: write: ping 192.168.2.216 nobody 4028 4022 0 18:20 ? 00:00:00 heartbeat: read: ping 192.168.2.216 root 4470 1811 0 18:21 pts/0 00:00:00 grep heartbeat [root@node1 ha.d]# tail -f /var/log/ha-debug heartbeat[2338]: 2016/08/14_18:16:23 info: killing HBWRITE process 2342 with signal 15 heartbeat[2338]: 2016/08/14_18:16:23 info: killing HBREAD process 2343 with signal 15 heartbeat[2338]: 2016/08/14_18:16:23 info: killing HBWRITE process 2344 with signal 15 heartbeat[2338]: 2016/08/14_18:16:23 info: killing HBREAD process 2345 with signal 15 heartbeat[2338]: 2016/08/14_18:16:23 info: Core process 2342 exited. 5 remaining heartbeat[2338]: 2016/08/14_18:16:23 info: Core process 2341 exited. 4 remaining heartbeat[2338]: 2016/08/14_18:16:23 info: Core process 2345 exited. 3 remaining heartbeat[2338]: 2016/08/14_18:16:23 info: Core process 2344 exited. 2 remaining heartbeat[2338]: 2016/08/14_18:16:23 info: Core process 2343 exited. 1 remaining heartbeat[2338]: 2016/08/14_18:16:23 info: node1.test.com Heartbeat shutdown complete. [root@node2 ha.d]# tail -f /var/log/ha-debug IPaddr[4294]:2016/08/14_18:21:13 INFO: Success INFO: Success ResourceManager[4196]:2016/08/14_18:21:13 debug: /etc/ha.d/resource.d/IPaddr 192.168.2.218/24/eth0/192.168.2.254 start done. RC=0 ResourceManager[4196]:2016/08/14_18:21:13 info: Running /etc/init.d/httpd start ResourceManager[4196]:2016/08/14_18:21:13 debug: Starting /etc/init.d/httpd start Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using node2.test.com for ServerName [ OK ] ResourceManager[4196]:2016/08/14_18:21:13 debug: /etc/init.d/httpd start done. RC=0 heartbeat[4022]: 2016/08/14_18:21:23 info: Local Resource acquisition completed. (none) heartbeat[4022]: 2016/08/14_18:21:23 info: local resource transition completed. 安装 heartbeat CRM LAMP WordPress [root@node1 ha.d]# yum install mysql-server php php-mysql -y [root@node1 ha.d]# vim /var/www/html/info.php [root@node1 ha.d]# service httpd restart Stopping httpd: [ OK ] Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using node1.test.com for ServerName [ OK ] 打卡node1节点httpd,已经配置好php了 [root@node1 ha.d]# mysql Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 2 Server version: 5.1.73 Source distribution Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | mysql | | test | +--------------------+ 3 rows in set (0.00 sec) mysql> nfs服务器上: [root@php-server ~]# mkdir /data/mysql node1上: [root@node1 ha.d]# more /etc/my.cnf [mysqld] datadir=/data/ mount -t nfs 192.168.2.216:/data/mysql /data /usr/bin/mysql_install_db --user=mysql --datadir=/data/ socket=/var/lib/mysql/mysql.sock user=mysql # Disabling symbolic-links is recommended to prevent assorted security risks symbolic-links=0 [mysqld_safe] log-error=/var/log/mysqld.log pid-file=/var/run/mysqld/mysqld.pid [root@node1 ha.d]# service mysqld start Starting mysqld: [ OK ] [root@node1 ha.d]#mysql mysql> CREATE DATABASE `wordpress` CHARACTER SET utf8 COLLATE utf8_general_ci; Query OK, 1 row affected (0.00 sec) mysql> GRANT ALL PRIVILEGES ON wordpress.* TO 'wordpress'@'%' IDENTIFIED BY '123456' WITH GRANT OPTION;FLUSH PRIVILEGES; Query OK, 0 rows affected (0.00 sec) Query OK, 0 rows affected (0.00 sec) mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | mysql | | test | | wordpress | +--------------------+ 4 rows in set (0.00 sec) 安装 heartbeat-gui [root@node1 ~]# yum -y install pygtk2-libglade xorg-x11-xauth [root@node1 ~]# rpm -ivh heartbeat-gui-2.1.4-12.el6.x86_64.rpm [root@node1 ~]# echo "password" | passwd --stdin hacluster
原创文章,作者:oranix,如若转载,请注明出处:http://www.178linux.com/76632