您当前的位置： 首页 > 学无止境 > 心得笔记 网站首页心得笔记

搭建一个简单的web高可用集群

发布时间：2019-05-02 18:45:16编辑：雪饮阅读（）

规划:

node1:192.168.2.173

node2:192.168.2.191

nfs：192.168.2.189

vip:192.168.2.139

(1)为各节点配置主机名

[root@localhost ~]# hostname node1.magedu.com

[root@localhost ~]# uname -n

node1.magedu.com

[root@localhost ~]# cat /etc/sysconfig/network

NETWORKING=yes

NETWORKING_IPV6=yes

HOSTNAME=node1.magedu.com

(2)配置双机互信

[root@localhost ~]# ssh-keygen -t rsa -f ~/.ssh/id_rsa -P ''

Generating public/private rsa key pair.

Created directory '/root/.ssh'.

Your identification has been saved in /root/.ssh/id_rsa.

Your public key has been saved in /root/.ssh/id_rsa.pub.

The key fingerprint is:

66:04:43:03:a5:4e:f2:49:88:ab:a7:58:17:b8:3b:86 root@node1.magedu.com

[root@localhost ~]# ssh-copy-id -i .ssh/id_rsa.pub root@192.168.2.191

15

The authenticity of host '192.168.2.191 (192.168.2.191)' can't be established.

RSA key fingerprint is 96:98:49:30:9c:13:b0:60:1b:2b:88:b1:6e:84:99:72.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '192.168.2.191' (RSA) to the list of known hosts.

root@192.168.2.191's password:

Now try logging into the machine, with "ssh 'root@192.168.2.191'", and check in:

 

  .ssh/authorized_keys

 

to make sure we haven't added extra keys that you weren't expecting.

(3)配置本地hosts解析

[root@localhost ~]# cat /etc/hosts

# Do not remove the following line, or various programs

# that require network functionality will fail.

127.0.0.1               localhost.localdomain localhost

::1             localhost6.localdomain6 localhost6

192.168.2.173   node1.magedu.com node1

192.168.2.191   node2.magedu.com node2

(4)准备时间服务器与文件共享服务器

时间服务器

在nfs上修改/etc/ntp.conf配置文件在“restrict -6 default kod nomodify notrap nopeer noquery”条目前添加"restrict -4 default kod notrap nomodify"意思是 允许IPV4 查询 拒绝修改

然后重启ntpd服务

nfs文件共享服务器

[root@localhost ~]# mkdir -pv /web/htdocs

mkdir: created directory `/web'

mkdir: created directory `/web/htdocs'

[root@localhost ~]# cat /web/htdocs/index.html

this is nfs

[root@localhost ~]# cat /etc/exports

/web/htdocs 192.168.2.0/255.255.255.0(ro)

You have mail in /var/spool/mail/root

[root@localhost ~]# service nfs restart

Shutting down NFS mountd:                                  [FAILED]

Shutting down NFS daemon:                                  [FAILED]

Shutting down NFS quotas:                                  [FAILED]

Starting NFS services:                                     [  OK  ]

Starting NFS quotas:                                       [  OK  ]

Starting NFS daemon:                                       [  OK  ]

Starting NFS mountd:                                       [  OK  ]

(5)各节点配置时间同步

[root@localhost ~]# crontab -e

no crontab for root - using an empty one

crontab: installing new crontab

[root@localhost ~]# crontab -l

*/5 * * * * /sbin/ntpdate 192.168.2.189 &> /dev/null

这里需要注意：末尾的"&> /dev/null "是将标准输出到空设备，因为crontab会每次给root用户发送邮件。。。。，这样岂不是很烦

(6)各节点安装heartbeat v2

将所要安装的软件包:

heartbeat-2.1.4-9.el5.i386.rpm

heartbeat-gui-2.1.4-9.el5.i386.rpm

heartbeat-pils-2.1.4-10.el5.i386.rpm

heartbeat-stonith-2.1.4-1.0.el5.i386.rpm

libnet-1.1.4-3.el5.i386.rpm

heartbeat-ldirectord-2.1.4-9.el5.i386.rpm

perl-MailTools-1.77-1.el5.noarch.rpm

heartbeat-devel-2.1.4-9.el5.i386.rpm

都拷贝到当前目录，然后安装

[root@localhost ~]# yum --nogpgcheck localinstall *.rpm

(7)配置各节点的heartbeat

[root@localhost ~]# cp -p /usr/share/doc/heartbeat-2.1.4/{authkeys,ha.cf,haresources} /etc/ha.d/

配置/etc/ha.d/authkeys

首先生成一个md5的随机key，注意，这里的key在每个节点上要相同

[root@localhost ~]# dd if=/dev/random count=1 bs=512 | md5sum

0+1 records in

0+1 records out

128 bytes (128 B) copied, 7.0268e-05 seconds, 1.8 MB/s

123cd761bd918c4e19365473f9a52201  -

[root@localhost ~]# cat /etc/ha.d/authkeys

#

#       Authentication file.  Must be mode 600

#

#

#       Must have exactly one auth directive at the front.

#       auth    send authentication using this method-id

#

#       Then, list the method and key that go with that method-id

#

#       Available methods: crc sha1, md5.  Crc doesn't need/want a key.

#

#       You normally only have one authentication method-id listed in this file

#

#       Put more than one to make a smooth transition when changing auth

#       methods and/or keys.

#

#

#       sha1 is believed to be the "best", md5 next best.

#

#       crc adds no security, except from packet corruption.

#               Use only on physically secure networks.

#

#auth 1

#1 crc

#2 sha1 HI!

#3 md5 Hello!

auth 1

1 md5 123cd761bd918c4e19365473f9a52201

配置/etc/ha.d/ha.cf

去除“bcast   eth0            # Linux”的注释

这步是为了实现eth0网卡的组播

 

在"#node   kathy"下一行添加配置如：

node node1.magedu.com

node node2.magedu.com

这是为了配置我们的集群节点

 

将“ping”这行为

ping 192.168.2.1

这是为了解决当解决当某个节点觉得另外一个节点有问题时候再次ping该地址，若ping该地址ok，则就判定的确是对方节点的问题

配置/etc/ha.d/haresources

将"/etc/ha.d/haresources "文件中node1所在行修改为：

node1.magedu.com IPaddr::192.168.2.139/24/eth0 Filesystem::192.168.2.189:/web/htdocs::/var/www/html::nfs httpd

这里需要解释下，这里只需要node1，不需要node2，这里第一个ip地址是vip，第二个ip地址是nfs共享的ip地址，第二个目录是我们即将要为各节点配置web服务的根目录

(8)准备web服务与启动heartbeat v2

准备web服务

首先各个节点都先将httpd安装，默认站点目录就是/var/www/html

[root@localhost ha.d]# yum --nogpgcheck localinstall /test/Server/httpd-2.2.3-63.el5.i386.rpm

各节点还要保证httpd服务关闭，且默认也不会自动启动

[root@localhost ha.d]# service httpd stop

Stopping httpd:                                            [  OK  ]

[root@localhost ha.d]# chkconfig httpd off

[root@localhost ha.d]# chkconfig --list httpd

httpd           0:off   1:off   2:off   3:off   4:off   5:off   6:off

启动heartbeat v2

先将各节点的/etc/ha.d/authkeys文件的权限配置为600

[root@localhost ha.d]# chmod 600 /etc/ha.d/authkeys

然后由节点1开始启动自己的服务与其它节点的服务

[root@localhost ha.d]# service heartbeat start

Starting High-Availability services:

2019/04/27_06:41:07 INFO:  Resource is stopped

                                                           [  OK  ]

[root@localhost ha.d]# ssh node2 'service heartbeat start'

Starting High-Availability services:

2019/04/27_06:44:35 INFO:  Resource is stopped

[  OK  ]

(9)测试

测试通过vip访问web服务是否正常

通过浏览器访问vip发现ok的



 

查看vip当前分配在上面节点上

此时在node1节点上能查看到vip

[root@localhost ha.d]# ifconfig

eth0      Link encap:Ethernet  HWaddr 00:0C:29:9B:D7:5E

          inet addr:192.168.2.173  Bcast:192.168.2.255  Mask:255.255.255.0

          inet6 addr: fe80::20c:29ff:fe9b:d75e/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:16171 errors:0 dropped:0 overruns:0 frame:0

          TX packets:16657 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:4053585 (3.8 MiB)  TX bytes:1968035 (1.8 MiB)

          Interrupt:67 Base address:0x2000

 

eth0:0    Link encap:Ethernet  HWaddr 00:0C:29:9B:D7:5E

          inet addr:192.168.2.139  Bcast:192.168.2.255  Mask:255.255.255.0

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          Interrupt:67 Base address:0x2000

 

lo        Link encap:Local Loopback

          inet addr:127.0.0.1  Mask:255.0.0.0

          inet6 addr: ::1/128 Scope:Host

          UP LOOPBACK RUNNING  MTU:16436  Metric:1

          RX packets:1109 errors:0 dropped:0 overruns:0 frame:0

          TX packets:1109 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0

          RX bytes:2817110 (2.6 MiB)  TX bytes:2817110 (2.6 MiB)

但在另外一个节点上看不到

这说明此时另外一个节点就是备节点

主备节点转移测试

在主节点上执行/usr/lib/heartbeat/hb_standby可以实现主备节点切换

转移后我们会发现另外一个节点又抢占了vip，而当前节点中的vip又不见了，但通过vip访问web服务仍然ok