Centos下DNS+NamedManager高可用部署方案完整記錄

散盡浮華發表於2018-06-03

 

之前說到了NamedManager單機版的配置,下面說下DNS+NamedManager雙機高可用的配置方案:

1)機器環境

主機名            ip地址           
dns01.kevin.cn   192.168.10.202   
dns02.kevin.cn   192.168.10.203   
VIP地址:192.168.10.190
  
兩臺機器做好主機名及hosts繫結
[root@dns01 ~]# vim /etc/hosts
......
192.168.10.202   dns01.kevin.cn
192.168.10.203   dns02.kevin.cn
192.168.10.190   dns.kevin.cn     
  
四臺機器都是centos6.9系統
[root@dns01 ~]# cat /etc/redhat-release
CentOS release 6.9 (Final)
  
關閉四臺機器的iptables和selinux
[root@dns01 ~]# /etc/init.d/iptables stop
[root@dns01 ~]# setenforce 0
[root@dns01 ~]# vim /etc/sysconfig/selinux
......
SELINUX=disabled
  
同步四臺機器的系統時間
[root@dns01 ~]# yum install -y ntpdate
[root@dns01 ~]# ntpdate ntp1.aliyun.com

2)安裝namedmanager(在192.168.10.202和192.168.10.203兩臺機器上同樣操作)

[root@dns01 ~]# yum install perl httpd mod_ssl mysql-server php php-intl php-ldap php-mysql php-soap php-xml

修改/etc/httpd/conf/httpd.conf
.......
ServerName dns.kevin.cn:80

[root@dns01 ~]# service mysqld start
[root@dns01 ~]# service httpd start
[root@dns01 ~]# lsof -i:3306
[root@dns01 ~]# lsof -i:80

[root@dns01 ~]# chkconfig mysqld on
[root@dns01 ~]# chkconfig httpd on

[root@dns02 ~]# mysqladmin -u root password 123456
[root@dns02 ~]# mysql -p123456                      #驗證下是否能登入進去

下載並安裝namedmanager
[root@dns01 ~]# cd /usr/local/src/
[root@dns01 src]# wget http://repos.jethrocarr.com/pub/amberdms/linux/centos/6/amberdms-custom/i386/namedmanager-www-1.8.0-1.el6.noarch.rpm
[root@dns01 src]# rpm -Uvh namedmanager-www-1.8.0-1.el6.noarch.rpm --force
[root@dns01 src]# cd /usr/share/namedmanager/resources/
[root@dns01 resources]# ./autoinstall.pl
autoinstall.pl

This script setups the NamedManager database components:
 * NamedManager MySQL user               #預設會建立登入Mysql的使用者名稱NamedManager
 * NamedManager database                 #預設會建立NamedManager資料庫名
 * NamedManager configuration files      #預設會建立NamedManager的配置檔案

THIS SCRIPT ONLY NEEDS TO BE RUN FOR THE VERY FIRST INSTALL OF NAMEDMANAGER.
DO NOT RUN FOR ANY OTHER REASON

Please enter MySQL root password (if any): 123456               #輸入上面設定的mysql密碼
Searching ../sql/ for latest install schema...
../sql//version_20131222_install.sql is the latest file and will be used for the install.
Importing file ../sql//version_20131222_install.sql
Creating user...
Updating configuration file...
DB installation complete!

You can now login with the default username/password of setup/setup123 at http://localhost/namedmanager

3)安裝和配置bind9(在192.168.10.202和192.168.10.203兩臺機器上同樣操作)

[root@dns01 ~]# cd /usr/local/src/
[root@dns01 src]# yum install bind php-process
[root@dns01 src]# wget http://repos.jethrocarr.com/pub/amberdms/linux/centos/6/amberdms-custom/i386/namedmanager-bind-1.8.0-1.el6.noarch.rpm
[root@dns01 src]# rpm -Uvh namedmanager-bind-1.8.0-1.el6.noarch.rpm --force

修改/etc/named.conf
[root@dns01 src]# cp /etc/named.conf /etc/named.conf.bak
[root@dns01 src]# vim /etc/named.conf
options {
        listen-on port 53 { any; };
        directory "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { any; };
        allow-query-cache     { any; };
        recursion yes;
        forward first;
        forwarders {
            223.5.5.5;
            223.6.6.6;
            8.8.8.8;
            8.8.4.4;
          };
 
        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;
 
        bindkeys-file "/etc/named.iscdlv.key";
        managed-keys-directory "/var/named/dynamic";
 
        };
  
logging {                           
        channel default_debug {
        file "data/named.run";
        severity dynamic;
        };
};
  
zone "." {
        type hint;      
        file "named.ca";
        };
  
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
include "/etc/named.namedmanager.conf";

啟動named服務
[root@dns01 src]# service named start
Generating /etc/rndc.key:                                  [  OK  ]
Starting named:                                            [  OK  ]

--------------------------------------------------------------------------
上面已經提前關閉了iptables和selinux。
如果防火牆開啟了,則需要開啟下面策略:
[root@dns01 src]# iptables -F
[root@dns01 src]# iptables -P INPUT DROP
[root@dns01 src]# iptables -P FORWARD DROP
[root@dns01 src]# iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
[root@dns01 src]# iptables -A INPUT -i lo -p all -j ACCEPT
[root@dns01 src]# iptables -A INPUT -p icmp -j ACCEPT
[root@dns01 src]# iptables -A INPUT -p tcp --dport 22 -j ACCEPT
[root@dns01 src]# iptables -A INPUT -p tcp --dport 53 -j ACCEPT
[root@dns01 src]# iptables -A INPUT -p udp --dport 53 -j ACCEPT
[root@dns01 src]# iptables -A INPUT -p tcp --dport 80 -j ACCEPT
[root@dns01 src]# iptables -A INPUT -p tcp --dport 443 -j ACCEPT
--------------------------------------------------------------------------

禁用IPV6。新增域名記錄(正向解析與反向解析)。設定開機啟動服務,並重啟伺服器。
[root@dns01 src]# vim /etc/modprobe.d/dist.conf
.......
alias net-pf-10 off
alias ipv6 off
chkconfig ip6tables off

[root@dns01 src]# chkconfig httpd on
[root@dns01 src]# chkconfig mysqld on
[root@dns01 src]# chkconfig named on
[root@dns01 src]# init 6                     #重啟機器

重啟之後,登入機器驗證下httpd、mysqld和named服務是否如實開機啟動了
[root@dns01 ~]# ps -ef|grep mysql
[root@dns01 ~]# ps -ef|grep http
[root@dns01 ~]# ps -ef|grep named

測試登入mysql
[root@dns01 ~]# mysql -p123456
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2)
[root@dns01 ~]# ll /var/lib/mysql/mysql.sock
ls: cannot access /var/lib/mysql/mysql.sock: No such file or directory
[root@dns01 ~]# ln -s /usr/local/mysql/var/mysql.sock /var/lib/mysql/mysql.sock
[root@dns01 ~]# ll /var/lib/mysql/mysql.sock
lrwxrwxrwx. 1 root root 31 Jun  1 17:14 /var/lib/mysql/mysql.sock -> /usr/local/mysql/var/mysql.sock
[root@dns01 ~]# mysql -p123456         #這時就能順利登入mysql資料庫了

4)安裝keepalived(192.168.10.202和192.168.10.203兩臺機器上同樣操作)

[root@dns01 ~]# cd /usr/local/src/
[root@dns01 src]# wget http://www.keepalived.org/software/keepalived-1.3.2.tar.gz
[root@dns01 src]# tar -zvxf keepalived-1.3.2.tar.gz
[root@dns01 src]# cd keepalived-1.3.2
[root@dns01 keepalived-1.3.2]# ./configure && make && make install
[root@dns01 keepalived-1.3.2]# cp /usr/local/src/keepalived-1.3.2/keepalived/etc/init.d/keepalived /etc/rc.d/init.d/
[root@dns01 keepalived-1.3.2]# cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/
[root@dns01 keepalived-1.3.2]# mkdir /etc/keepalived
[root@dns01 keepalived-1.3.2]# cp /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/
[root@dns01 keepalived-1.3.2]# cp /usr/local/sbin/keepalived /usr/sbin/
[root@dns01 keepalived-1.3.2]# echo "/etc/init.d/keepalived start" >> /etc/rc.local

keepalived.conf配置
------------------------------------------
192.168.10.202機器的keepalived.conf配置
[root@dns01 ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
[root@dns01 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived     #全域性定義
  
global_defs {
notification_email {
ops@kevin.cn
}
  
notification_email_from ops@kevin.cn
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id master-node
}
  
vrrp_script chk_http_port {
    script "/opt/chk_http.sh"
    interval 2
    weight -5
    fall 2
    rise 1
}
  
vrrp_instance VI_1 {
    state MASTER
    interface eth0
    mcast_src_ip 192.168.10.202
    virtual_router_id 51
    priority 101
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.10.190
    }
 
track_script {
   chk_http_port
}
}

編寫httpd監控指令碼
[root@dns01 ~]# vim /opt/chk_http.sh
#!/bin/bash
counter=$(netstat -na|grep "LISTEN"|grep "80"|wc -l)
if [ "${counter}" = "0" ]; then
       service httpd start >/dev/null 2>&1
    sleep 2
    counter=$(netstat -na|grep "LISTEN"|grep "80"|wc -l)
    if [ "${counter}" = "0" ]; then
       /etc/init.d/keepalived stop
    fi
fi

必須要給此指令碼授予執行許可權
[root@dns01 ~]# chmod 755 /opt/chk_http.sh

-----------------------------------------
192.168.10.203機器的keepalived.conf配置
[root@dns02 ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
[root@dns02 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived    
  
global_defs {
notification_email {                
ops@kevin.cn                     
}
  
notification_email_from ops@kevin.cn  
smtp_server 127.0.0.1                    
smtp_connect_timeout 30                 
router_id slave-node                    
}
  
vrrp_script chk_http_port {         
    script "/opt/chk_http.sh"   
    interval 2                      
    weight -5                       
    fall 2                   
    rise 1                  
}
  
vrrp_instance VI_1 {            
    state BACKUP           
    interface eth0            
    mcast_src_ip 192.168.10.203 
    virtual_router_id 51        
    priority 99               
    advert_int 1               
    authentication {            
        auth_type PASS         
        auth_pass 1111          
    }
    virtual_ipaddress {        
        192.168.10.190
    }
 
track_script {                     
   chk_http_port                 
}
 
}

編寫httpd監控指令碼
[root@dns02 ~]# vim /opt/chk_http.sh
#!/bin/bash
counter=$(netstat -na|grep "LISTEN"|grep "80"|wc -l)
if [ "${counter}" = "0" ]; then
       service httpd start >/dev/null 2>&1
    sleep 2
    counter=$(netstat -na|grep "LISTEN"|grep "80"|wc -l)
    if [ "${counter}" = "0" ]; then
       /etc/init.d/keepalived stop
    fi
fi

必須要給此指令碼授予執行許可權
[root@dns02 ~]# chmod 755 /opt/chk_http.sh

-----------------------------------------------------
分別啟動兩臺機器的keepalived服務
[root@dns01 ~]# /etc/init.d/keepalived start
[root@dns01 ~]# ps -ef|grep keep

[root@dns02 ~]# /etc/init.d/keepalived start
[root@dns02 ~]# ps -ef|grep keepalived

檢查兩臺機器的ip,發現vip此時已經漂到192.168.10.202這臺機器上
[root@dns01 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 52:54:00:6f:a5:e3 brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.202/24 brd 192.168.10.255 scope global eth0
    inet 192.168.10.190/32 scope global eth0
    inet6 fe80::5054:ff:fe6f:a5e3/64 scope link 
       valid_lft forever preferred_lft forever

[root@dns02 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 52:54:00:e2:01:9b brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.203/24 brd 192.168.10.255 scope global eth0
    inet6 fe80::5054:ff:fee2:19b/64 scope link 
       valid_lft forever preferred_lft forever

-------------------------------------------------
測試下故障轉移
先關閉192.168.10.202機器的httpd程式,發現關閉後會很快重啟起來(最多2秒鐘),這是因為keepalived程式裡引用了/opt/chk_http.sh監控指令碼。
同樣關閉192168.10.203機器的httpd程式,也是很快重啟起來。
根據/opt/chk_httpd.sh指令碼可知,httpd程式掛掉後會自動重啟,只有當httpd程式重啟失敗後,才會強制kill掉keepalived服務,這時vip也會轉移到另一臺節點。
[root@dns01 keepalived]# killall -9 httpd
[root@dns01 keepalived]# ps -ef|grep http
root     23661 23660  0 21:30 ?        00:00:00 /bin/bash /opt/chk_http.sh
root     23682     1  1 21:30 ?        00:00:00 /usr/sbin/httpd
apache   23685 23682  0 21:30 ?        00:00:00 /usr/sbin/httpd
apache   23686 23682  0 21:30 ?        00:00:00 /usr/sbin/httpd
apache   23687 23682  0 21:30 ?        00:00:00 /usr/sbin/httpd
apache   23688 23682  0 21:30 ?        00:00:00 /usr/sbin/httpd
apache   23689 23682  0 21:30 ?        00:00:00 /usr/sbin/httpd
apache   23690 23682  0 21:30 ?        00:00:00 /usr/sbin/httpd
apache   23691 23682  0 21:30 ?        00:00:00 /usr/sbin/httpd
apache   23692 23682  0 21:30 ?        00:00:00 /usr/sbin/httpd
root     23694 21411  0 21:30 pts/1    00:00:00 grep http

在測試關閉192.168.10.202機器的keepalived服務,發現vip資源會自動漂移到192.168.10.203機器上。
當192.168.10.202機器的keepalived服務恢復後,vip資源會再次轉移回來。
[root@dns01 ~]# /etc/init.d/keepalived stop
[root@dns01 ~]# ps -ef|grep keeplived
root     24854 21411  0 21:36 pts/1    00:00:00 grep keeplived
[root@dns01 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 52:54:00:6f:a5:e3 brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.202/24 brd 192.168.10.255 scope global eth0
    inet6 fe80::5054:ff:fe6f:a5e3/64 scope link 
       valid_lft forever preferred_lft forever

[root@dns02 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 52:54:00:e2:01:9b brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.203/24 brd 192.168.10.255 scope global eth0
    inet 192.168.10.190/32 scope global eth0
    inet6 fe80::5054:ff:fee2:19b/64 scope link 
       valid_lft forever preferred_lft forever

可以檢視兩臺機器的/var/log/messages日誌,可以看到vip資源的轉移過程。

[root@dns01 ~]# /etc/init.d/keepalived start
Starting keepalived:                                       [  OK  ]
[root@dns01 ~]# ps -ef|grep keepalived
root     24877     1  0 21:37 ?        00:00:00 keepalived -D
root     24878 24877  0 21:37 ?        00:00:00 keepalived -D
root     24879 24877  0 21:37 ?        00:00:00 keepalived -D
root     24939 21411  0 21:38 pts/1    00:00:00 grep keepalived

192.168.10.202機器的keepalived服務恢復後,vip資源會再次轉移回來。
[root@dns01 ~]# /etc/init.d/keepalived start
Starting keepalived:                                       [  OK  ]
[root@dns01 ~]# ps -ef|grep keepalived
root     24877     1  0 21:37 ?        00:00:00 keepalived -D
root     24878 24877  0 21:37 ?        00:00:00 keepalived -D
root     24879 24877  0 21:37 ?        00:00:00 keepalived -D
root     24939 21411  0 21:38 pts/1    00:00:00 grep keepalived
[root@dns01 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 52:54:00:6f:a5:e3 brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.202/24 brd 192.168.10.255 scope global eth0
    inet 192.168.10.190/32 scope global eth0
    inet6 fe80::5054:ff:fe6f:a5e3/64 scope link 
       valid_lft forever preferred_lft forever

[root@dns02 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 52:54:00:e2:01:9b brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.203/24 brd 192.168.10.255 scope global eth0
    inet6 fe80::5054:ff:fee2:19b/64 scope link 
       valid_lft forever preferred_lft forever

5)配置namedmanager(兩臺機器都要操作)

[root@dns01 ~]# cp /etc/namedmanager/config-bind.php /etc/namedmanager/config-bind.php.bak
[root@dns01 ~]# vim /etc/namedmanager/config-bind.php
......
$config["api_url"]      = "http://192.168.10.190/namedmanager";
$config["api_server_name"]  = "dns.kevin.cn";
$config["api_auth_key"]     = "DNS";   

6)配置兩臺機器的mysql主主關係

首先確保兩臺機器能使用上面建立的NamedManager使用者名稱和123456密碼登入,如果登入不了,則訪問NamedManager介面時會失敗。
[root@dns02 ~]# mysql -hlocalhost -uNamedManager -p123456
ERROR 1045 (28000): Access denied for user 'NamedManager'@'localhost' (using password: YES)

這就需要授權mysql登入
[root@dns01 ~]# mysql -p123456
.......
mysql> grant all on *.* to NamedManager@192.168.10.202 identified by "123456";
Query OK, 0 rows affected (0.11 sec)

mysql> grant all on *.* to NamedManager@localhost identified by "123456";
Query OK, 0 rows affected (0.02 sec)

mysql> flush privileges;
Query OK, 0 rows affected (0.04 sec)

驗證登入
[root@dns01 ~]# mysql -hlocalhost -uNamedManager -p123456
......
mysql>

-------------------------------------------------------------
192.168.10.202機器上的mysql設定
[root@dns01 ~]# cp /etc/my.cnf /etc/my.cnf.bak
[root@dns01 ~]# vim /etc/my.cnf                  #在[mysqld]區域裡新增下面幾行內容
......
server-id = 1         
log-bin = mysql-bin     
sync_binlog = 1
binlog_format = mixed
auto-increment-increment = 2     
auto-increment-offset = 1    
slave-skip-errors = all

重啟mysqld服務
[root@dns01 log]# /etc/init.d/mysqld restart
Stopping mysqld:                                           [  OK  ]
Starting mysqld:                                           [  OK  ]

資料同步授權,這樣I/O執行緒就可以以這個使用者的身份連線到主伺服器,並且讀取它的二進位制日誌。
[root@dns01 log]# mysql -p123456
......
mysql> grant replication slave,replication client on *.* to kevin@'192.168.10.%' identified by "kevin@123";
mysql> flush privileges;

最好將庫鎖住,僅僅允許讀,以保證資料一致性;待主主同步環境部署後再解鎖;
鎖住後,就不能往表裡寫資料,但是重啟mysql服務後就會自動解鎖!
mysql> flush tables with read lock;
mysql> show master status;
+------------------+----------+--------------+------------------+
| File             | Position | Binlog_Do_DB | Binlog_Ignore_DB |
+------------------+----------+--------------+------------------+
| mysql-bin.000001 |      365 |              |                  |
+------------------+----------+--------------+------------------+
1 row in set (0.00 sec)

--------------------------------------------------------------------
192.168.10.203機器上的mysql設定
[root@dns02 ~]# cp /etc/my.cnf /etc/my.cnf.bak
[root@dns02 ~]# vim /etc/my.cnf
.......
server-id = 2        
log-bin = mysql-bin    
sync_binlog = 1
binlog_format = mixed
auto-increment-increment = 2     
auto-increment-offset = 2    
slave-skip-errors = all

[root@dns02 ~]# /etc/init.d/mysqld restart
Stopping mysqld:                                           [  OK  ]
Starting mysqld:                                           [  OK  ]

[root@dns02 ~]# mysql -p123456
.......
mysql> grant replication slave,replication client on *.* to kevin@'192.168.10.%' identified by "kevin@123";
mysql> flush privileges;
mysql> flush tables with read lock;
mysql> show master status;
+------------------+----------+--------------+------------------+
| File             | Position | Binlog_Do_DB | Binlog_Ignore_DB |
+------------------+----------+--------------+------------------+
| mysql-bin.000001 |      365 |              |                  |
+------------------+----------+--------------+------------------+
1 row in set (0.00 sec)

---------------192.168.10.202伺服器做同步操作---------------
mysql> unlock tables; 
Query OK, 0 rows affected (0.00 sec)

mysql> slave stop;
Query OK, 0 rows affected, 1 warning (0.00 sec)

mysql> change  master to master_host='192.168.10.203',master_user='kevin',master_password='kevin@123',master_log_file='mysql-bin.000001',master_log_pos=365; 
Query OK, 0 rows affected (0.20 sec)

mysql> start slave;
Query OK, 0 rows affected (0.00 sec)

mysql> show slave status \G;
.......
*************************** 1. row ***************************
               Slave_IO_State: Waiting for master to send event
                  Master_Host: 192.168.10.203
                  Master_User: kevin
                  Master_Port: 3306
                Connect_Retry: 60
              Master_Log_File: mysql-bin.000001
          Read_Master_Log_Pos: 365
               Relay_Log_File: mysqld-relay-bin.000002
                Relay_Log_Pos: 251
        Relay_Master_Log_File: mysql-bin.000001
             Slave_IO_Running: Yes
            Slave_SQL_Running: Yes
.......
.......

---------------192.168.10.203伺服器做同步操作---------------
mysql> unlock tables;
Query OK, 0 rows affected (0.00 sec)

mysql> slave stop;
Query OK, 0 rows affected, 1 warning (0.00 sec)

mysql> change  master to master_host='192.168.10.202',master_user='kevin',master_password='kevin@123',master_log_file='mysql-bin.000001',master_log_pos=365; 
Query OK, 0 rows affected (0.18 sec)

mysql> start slave;
Query OK, 0 rows affected (0.00 sec)

mysql> show slave status \G;
*************************** 1. row ***************************
               Slave_IO_State: Waiting for master to send event
                  Master_Host: 192.168.10.202
                  Master_User: kevin
                  Master_Port: 3306
                Connect_Retry: 60
              Master_Log_File: mysql-bin.000001
          Read_Master_Log_Pos: 365
               Relay_Log_File: mysqld-relay-bin.000002
                Relay_Log_Pos: 251
        Relay_Master_Log_File: mysql-bin.000001
             Slave_IO_Running: Yes
            Slave_SQL_Running: Yes
.......
.......

到這裡,192.168.10.202和192.168.10.203兩臺機器的mysql主主關係就配置成功了。下面測試下:
首先在192.168.10.202的mysql資料庫上新增資料:
[root@dns01 log]# mysql -p123456
.....
mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| namedmanager       |
| test               |
+--------------------+
4 rows in set (0.00 sec)

mysql> create database kevin;
Query OK, 1 row affected (0.04 sec)

然後到192.168.10.203機器的mysql資料庫上驗證並變更資料
[root@dns02 ~]# mysql -p123456
.......
mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| kevin              |
| mysql              |
| namedmanager       |
| test               |
+--------------------+
5 rows in set (0.00 sec)

mysql> drop database kevin;
Query OK, 0 rows affected (0.03 sec)

mysql> create database bobo;
Query OK, 1 row affected (0.08 sec)

再到192.168.10.202機器的mysql資料庫上驗證
[root@dns01 log]# mysql -p123456
......
mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| bobo               |
| mysql              |
| namedmanager       |
| test               |
+--------------------+
5 rows in set (0.00 sec)

mysql> drop database bobo;
Query OK, 0 rows affected (0.05 sec)

7)在192.168.10.202和12.168.10.203兩臺機器上配置相關資料的同步關係。 

先做好兩臺機器的ssh相互信任關係。
[root@dns01 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub '-p22 root@192.168.10.203'
[root@dns02 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub '-p22 root@192.168.10.202'

驗證兩機之間的ssh互信
[root@dns01 ~]# ssh -p22 root@192.168.10.203
[root@dns02 ~]#

[root@dns02 httpd]# ssh -p22 root@192.168.10.202
[root@dns01 ~]#

------------------------------------------------------------
現在192.168.10.202機器上做同步,判斷VIP資源是否存在本機,如果存在就同步到另一臺機器上。
[root@dns01 ~]# vim /opt/rsync_dns.sh
#!/bin/bash
while [ "1" = "1" ]
do
  NUM=`ip addr|grep 192.168.10.190|wc -l`
  if [ $NUM -eq 0 ];then
     echo "vip is not at this server" >/dev/null 2>&1
  fi
 
  if [ $NUM -eq 1 ];then
     /usr/bin/rsync -e "ssh -p22" -avpgolr /etc/named.conf root@192.168.10.203:/etc/
     /usr/bin/rsync -e "ssh -p22" -avpgolr /var/named/*.zone root@192.168.10.203:/var/named/
  fi
done

授予指令碼執行許可權,並啟動指令碼
[root@dns01 ~]# chmod 755 /opt/rsync_dns.sh
[root@dns01 ~]# nohup sh /opt/rsync_dns.sh &
[root@dns01 ~]# ps -ef|grep rsync_dns.sh
root      6310 21411  0 22:33 pts/1    00:00:00 sh /opt/rsync_dns.sh
root      6508 21411  0 22:33 pts/1    00:00:00 grep rsync_dns.sh

-----------------------------------------------------------------
然後在192.168.10.203機器上做同步:
[root@dns02 httpd]# vim /opt/rsync_dns.sh
#!/bin/bash
while [ "1" = "1" ]
do
  NUM=`ip addr|grep 192.168.10.190|wc -l`
  if [ $NUM -eq 0 ];then
     echo "vip is not at this server" >/dev/null 2>&1
  fi
 
  if [ $NUM -eq 1 ];then
     /usr/bin/rsync -e "ssh -p22" -avpgolr /etc/named.conf root@192.168.10.202:/etc/
     /usr/bin/rsync -e "ssh -p22" -avpgolr /var/named/*.zone root@192.168.10.202:/var/named/
  fi
done

授予指令碼執行許可權,並啟動指令碼
[root@dns02 httpd]# chmod 755 /opt/rsync_dns.sh
[root@dns02 httpd]# nohup sh /opt/rsync_dns.sh &
[root@dns02 httpd]# ps -ef|grep rsync_dns.sh
root     12578  5466  0 22:35 pts/1    00:00:00 grep rsync_dns.sh
root     32124  5466  8 22:35 pts/1    00:00:00 sh /opt/rsync_dns.sh

8)訪問namedmanager(https://192.168.10.190/namedmanager)進行介面配置。(由於此時vip資源在192.168.10.202機器上,故配置資訊從192.168.10.202機器同步到192.168.10.203機器)。預設使用者名稱和密碼(setup,setup123)。不要忘記在使用者管理中修改使用者名稱和密碼。

重置管理員使用者名稱和密碼(由於兩臺伺服器的mysql做了主主關係,修改後的資訊同樣會同步到另一臺機器的mysql資料庫裡,即修改後的管理員賬號密碼同樣適用於另一臺機器的namedmanager登入)

接著設定API key(如下圖。設定郵箱地址和API key,這個key是在上面的/etc/namedmanager/config-bind.php檔案中設定的) 

新增伺服器。Name Server FQDN的名稱要和httpd中的ServerName一致。(如下新增部署機的主機名或者ip地址都可以)

確保下面的"Zonefile Status"和"Logging Status"的狀態是綠色的。

新增正向域名解析

新增反向域名解析(如果有多個ip段的客戶機,那麼就如下圖新增多個反向解析配置)

檢視正反向解析域名新增情況

上面已經成功新增了正反向解析域名,現在嘗試新增一些域名的A記錄和PTR記錄
先新增A正向解析記錄

由於上面在新增A正向解析的時候,已經勾選了PTR反向解析(如果沒有勾選,則需要手動新增PTR反向解析記錄),故這時候已經有了上面那幾個域名的反向解析記錄了:

如上,已經新增了幾個正反向解析記錄,可以訪問https://192.168.10.203/namedmanager,發現訪問另一臺機器的namedmanager(使用上面重置後的admin使用者)也會看到上面設定的正反向解析配置資訊。這就說明雙機同步已經生效。

可以登入到兩臺機器本機上檢視相關的正反向解析配置:

[root@dns01 ~]# cd /var/named/
[root@dns01 named]# ll
total 36
-rw-r--r--. 1 root  root   614 Jun  3 23:42 10.168.192.in-addr.arpa.zone
drwxrwx---. 2 named named 4096 Jun  3 03:21 data
drwxrwx---. 2 named named 4096 Jun  3 23:05 dynamic
-rw-r--r--. 1 root  root   575 Jun  3 23:42 kevin.cn.zone
-rw-r-----. 1 root  named 3289 Apr 11  2017 named.ca
-rw-r-----. 1 root  named  152 Dec 15  2009 named.empty
-rw-r-----. 1 root  named  152 Jun 21  2007 named.localhost
-rw-r-----. 1 root  named  168 Dec 15  2009 named.loopback
drwxrwx---. 2 named named 4096 Jan 22 20:57 slaves

[root@dns01 ~]# cat /etc/named.namedmanager.conf 
//
// NamedManager Configuration
//
// This file is automatically generated any manual changes will be lost.
//
zone "kevin.cn" IN {
    type master;
    file "kevin.cn.zone";
    allow-update { none; };
};
zone "10.168.192.in-addr.arpa" IN {
    type master;
    file "10.168.192.in-addr.arpa.zone";
    allow-update { none; };
};

[root@dns01 named]# cat kevin.cn.zone
$ORIGIN kevin.cn.
$TTL 120
@       IN SOA dns.kevin.cn. wangshbo.veredholdings.com. (
            2018060311 ; serial
            21600 ; refresh
            3600 ; retry
            604800 ; expiry
            120 ; minimum ttl
        )
 
; Nameservers
 
kevin.cn.   86400 IN NS dns.kevin.cn.
 
; Mailservers
 
 
; Reverse DNS Records (PTR)
 
 
; CNAME
 
 
; HOST RECORDS
 
db01    120 IN A 192.168.10.239
db02    120 IN A 192.168.10.212
dns 120 IN A 192.168.10.190
dns01   120 IN A 192.168.10.202
dns02   120 IN A 192.168.10.203
ftp01   120 IN A 192.168.10.209
nc-app  120 IN A 192.168.10.210
web01   120 IN A 192.168.10.214
web02   120 IN A 192.168.10.215
[root@dns01 named]# cat 10.168.192.in-addr.arpa.zone
$ORIGIN 10.168.192.in-addr.arpa.
$TTL 120
@       IN SOA dns.kevin.cn. wangshbo.veredholdings.com. (
            2018060310 ; serial
            21600 ; refresh
            3600 ; retry
            604800 ; expiry
            120 ; minimum ttl
        )
 
; Nameservers
 
10.168.192.in-addr.arpa.    86400 IN NS dns.kevin.cn.
 
; Mailservers
 
 
; Reverse DNS Records (PTR)
 
190 120 IN PTR dns.kevin.cn.
202 120 IN PTR dns01.kevin.cn.
203 120 IN PTR dns02.kevin.cn.
209 120 IN PTR ftp01.kevin.cn.
210 120 IN PTR nc-app.kevin.cn.
212 120 IN PTR db02.kevin.cn.
214 120 IN PTR web01.kevin.cn.
215 120 IN PTR web02.kevin.cn.
239 120 IN PTR db01.kevin.cn.
 
; CNAME
 
 
; HOST RECORDS

9)客戶機的DNS配置

root@localhost ~]# ifconfig|grep 192
          inet addr:192.168.10.207  Bcast:192.168.10.255  Mask:255.255.255.0

[root@localhost ~]# vim /etc/resolv.conf
domain kevin.cn
search kevin.cn
nameserver 192.168.10.190

[root@localhost ~]# ping www.baidu.com
PING www.a.shifen.com (61.135.169.121) 56(84) bytes of data.
64 bytes from 61.135.169.121: icmp_seq=1 ttl=55 time=2.23 ms
64 bytes from 61.135.169.121: icmp_seq=2 ttl=55 time=2.71 ms
64 bytes from 61.135.169.121: icmp_seq=1 ttl=55 time=2.23 ms
64 bytes from 61.135.169.121: icmp_seq=2 ttl=55 time=2.71 ms
......
......

[root@localhost ~]# ping ftp01.kevin.cn
PING ftp01.kevin.cn (192.168.10.209) 56(84) bytes of data.
64 bytes from ftp01.kevin.cn (192.168.10.209): icmp_seq=1 ttl=64 time=1.25 ms
64 bytes from ftp01.kevin.cn (192.168.10.209): icmp_seq=2 ttl=64 time=0.121 ms

[root@localhost ~]# ping db02.kevin.cn
PING db02.kevin.cn (192.168.10.212) 56(84) bytes of data.
64 bytes from db02.kevin.cn (192.168.10.212): icmp_seq=1 ttl=64 time=0.408 ms
64 bytes from db02.kevin.cn (192.168.10.212): icmp_seq=2 ttl=64 time=0.199 ms

故障切換驗證:
關閉192.168.10.202上的keepalived服務,當vip資源切換到192.168.10.203機器上後,
再次在客戶機上測試

[root@dns01 ~]# /etc/init.d/keepalived stop
Stopping keepalived:                                       [  OK  ]
[root@dns01 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 52:54:00:6f:a5:e3 brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.202/24 brd 192.168.10.255 scope global eth0
    inet6 fe80::5054:ff:fe6f:a5e3/64 scope link 
       valid_lft forever preferred_lft forever

[root@dns02 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 52:54:00:e2:01:9b brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.203/24 brd 192.168.10.255 scope global eth0
    inet 192.168.10.190/32 scope global eth0
    inet6 fe80::5054:ff:fee2:19b/64 scope link 
       valid_lft forever preferred_lft forever

當vip資源轉移到另一臺機器後,客戶機上的DNS就會繼續生效了。
[root@localhost ~]# ping www.qq.com
PING news.qq.com (125.39.52.26) 56(84) bytes of data.
64 bytes from no-data (125.39.52.26): icmp_seq=1 ttl=52 time=4.32 ms
64 bytes from no-data (125.39.52.26): icmp_seq=2 ttl=52 time=4.15 ms

[root@localhost ~]# ping web02.kevin.cn
PING web02.kevin.cn (192.168.10.215) 56(84) bytes of data.
64 bytes from web02.kevin.cn (192.168.10.215): icmp_seq=1 ttl=64 time=2.14 ms
64 bytes from web02.kevin.cn (192.168.10.215): icmp_seq=2 ttl=64 time=0.143 ms

如果上面不做兩臺機器的mysql主主以及那些dns相關同步配置,那麼要想實現主機高可用(提供統一的vip訪問地址),就需要將DNS的解析配置在192.168.10.202和192.168.10.203
兩臺機器的namedmanager介面裡同樣操作,即每次都要操作兩遍。

相關文章