之前說到了NamedManager單機版的配置,下面說下DNS+NamedManager雙機高可用的配置方案:
1)機器環境
主機名 ip地址 dns01.kevin.cn 192.168.10.202 dns02.kevin.cn 192.168.10.203 VIP地址:192.168.10.190 兩臺機器做好主機名及hosts繫結 [root@dns01 ~]# vim /etc/hosts ...... 192.168.10.202 dns01.kevin.cn 192.168.10.203 dns02.kevin.cn 192.168.10.190 dns.kevin.cn 四臺機器都是centos6.9系統 [root@dns01 ~]# cat /etc/redhat-release CentOS release 6.9 (Final) 關閉四臺機器的iptables和selinux [root@dns01 ~]# /etc/init.d/iptables stop [root@dns01 ~]# setenforce 0 [root@dns01 ~]# vim /etc/sysconfig/selinux ...... SELINUX=disabled 同步四臺機器的系統時間 [root@dns01 ~]# yum install -y ntpdate [root@dns01 ~]# ntpdate ntp1.aliyun.com
2)安裝namedmanager(在192.168.10.202和192.168.10.203兩臺機器上同樣操作)
[root@dns01 ~]# yum install perl httpd mod_ssl mysql-server php php-intl php-ldap php-mysql php-soap php-xml 修改/etc/httpd/conf/httpd.conf ....... ServerName dns.kevin.cn:80 [root@dns01 ~]# service mysqld start [root@dns01 ~]# service httpd start [root@dns01 ~]# lsof -i:3306 [root@dns01 ~]# lsof -i:80 [root@dns01 ~]# chkconfig mysqld on [root@dns01 ~]# chkconfig httpd on [root@dns02 ~]# mysqladmin -u root password 123456 [root@dns02 ~]# mysql -p123456 #驗證下是否能登入進去 下載並安裝namedmanager [root@dns01 ~]# cd /usr/local/src/ [root@dns01 src]# wget http://repos.jethrocarr.com/pub/amberdms/linux/centos/6/amberdms-custom/i386/namedmanager-www-1.8.0-1.el6.noarch.rpm [root@dns01 src]# rpm -Uvh namedmanager-www-1.8.0-1.el6.noarch.rpm --force [root@dns01 src]# cd /usr/share/namedmanager/resources/ [root@dns01 resources]# ./autoinstall.pl autoinstall.pl This script setups the NamedManager database components: * NamedManager MySQL user #預設會建立登入Mysql的使用者名稱NamedManager * NamedManager database #預設會建立NamedManager資料庫名 * NamedManager configuration files #預設會建立NamedManager的配置檔案 THIS SCRIPT ONLY NEEDS TO BE RUN FOR THE VERY FIRST INSTALL OF NAMEDMANAGER. DO NOT RUN FOR ANY OTHER REASON Please enter MySQL root password (if any): 123456 #輸入上面設定的mysql密碼 Searching ../sql/ for latest install schema... ../sql//version_20131222_install.sql is the latest file and will be used for the install. Importing file ../sql//version_20131222_install.sql Creating user... Updating configuration file... DB installation complete! You can now login with the default username/password of setup/setup123 at http://localhost/namedmanager
3)安裝和配置bind9(在192.168.10.202和192.168.10.203兩臺機器上同樣操作)
[root@dns01 ~]# cd /usr/local/src/
[root@dns01 src]# yum install bind php-process
[root@dns01 src]# wget http://repos.jethrocarr.com/pub/amberdms/linux/centos/6/amberdms-custom/i386/namedmanager-bind-1.8.0-1.el6.noarch.rpm
[root@dns01 src]# rpm -Uvh namedmanager-bind-1.8.0-1.el6.noarch.rpm --force
修改/etc/named.conf
[root@dns01 src]# cp /etc/named.conf /etc/named.conf.bak
[root@dns01 src]# vim /etc/named.conf
options {
listen-on port 53 { any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
allow-query-cache { any; };
recursion yes;
forward first;
forwarders {
223.5.5.5;
223.6.6.6;
8.8.8.8;
8.8.4.4;
};
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
include "/etc/named.namedmanager.conf";
啟動named服務
[root@dns01 src]# service named start
Generating /etc/rndc.key: [ OK ]
Starting named: [ OK ]
--------------------------------------------------------------------------
上面已經提前關閉了iptables和selinux。
如果防火牆開啟了,則需要開啟下面策略:
[root@dns01 src]# iptables -F
[root@dns01 src]# iptables -P INPUT DROP
[root@dns01 src]# iptables -P FORWARD DROP
[root@dns01 src]# iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
[root@dns01 src]# iptables -A INPUT -i lo -p all -j ACCEPT
[root@dns01 src]# iptables -A INPUT -p icmp -j ACCEPT
[root@dns01 src]# iptables -A INPUT -p tcp --dport 22 -j ACCEPT
[root@dns01 src]# iptables -A INPUT -p tcp --dport 53 -j ACCEPT
[root@dns01 src]# iptables -A INPUT -p udp --dport 53 -j ACCEPT
[root@dns01 src]# iptables -A INPUT -p tcp --dport 80 -j ACCEPT
[root@dns01 src]# iptables -A INPUT -p tcp --dport 443 -j ACCEPT
--------------------------------------------------------------------------
禁用IPV6。新增域名記錄(正向解析與反向解析)。設定開機啟動服務,並重啟伺服器。
[root@dns01 src]# vim /etc/modprobe.d/dist.conf
.......
alias net-pf-10 off
alias ipv6 off
chkconfig ip6tables off
[root@dns01 src]# chkconfig httpd on
[root@dns01 src]# chkconfig mysqld on
[root@dns01 src]# chkconfig named on
[root@dns01 src]# init 6 #重啟機器
重啟之後,登入機器驗證下httpd、mysqld和named服務是否如實開機啟動了
[root@dns01 ~]# ps -ef|grep mysql
[root@dns01 ~]# ps -ef|grep http
[root@dns01 ~]# ps -ef|grep named
測試登入mysql
[root@dns01 ~]# mysql -p123456
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2)
[root@dns01 ~]# ll /var/lib/mysql/mysql.sock
ls: cannot access /var/lib/mysql/mysql.sock: No such file or directory
[root@dns01 ~]# ln -s /usr/local/mysql/var/mysql.sock /var/lib/mysql/mysql.sock
[root@dns01 ~]# ll /var/lib/mysql/mysql.sock
lrwxrwxrwx. 1 root root 31 Jun 1 17:14 /var/lib/mysql/mysql.sock -> /usr/local/mysql/var/mysql.sock
[root@dns01 ~]# mysql -p123456 #這時就能順利登入mysql資料庫了
4)安裝keepalived(192.168.10.202和192.168.10.203兩臺機器上同樣操作)
[root@dns01 ~]# cd /usr/local/src/
[root@dns01 src]# wget http://www.keepalived.org/software/keepalived-1.3.2.tar.gz
[root@dns01 src]# tar -zvxf keepalived-1.3.2.tar.gz
[root@dns01 src]# cd keepalived-1.3.2
[root@dns01 keepalived-1.3.2]# ./configure && make && make install
[root@dns01 keepalived-1.3.2]# cp /usr/local/src/keepalived-1.3.2/keepalived/etc/init.d/keepalived /etc/rc.d/init.d/
[root@dns01 keepalived-1.3.2]# cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/
[root@dns01 keepalived-1.3.2]# mkdir /etc/keepalived
[root@dns01 keepalived-1.3.2]# cp /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/
[root@dns01 keepalived-1.3.2]# cp /usr/local/sbin/keepalived /usr/sbin/
[root@dns01 keepalived-1.3.2]# echo "/etc/init.d/keepalived start" >> /etc/rc.local
keepalived.conf配置
------------------------------------------
192.168.10.202機器的keepalived.conf配置
[root@dns01 ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
[root@dns01 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived #全域性定義
global_defs {
notification_email {
ops@kevin.cn
}
notification_email_from ops@kevin.cn
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id master-node
}
vrrp_script chk_http_port {
script "/opt/chk_http.sh"
interval 2
weight -5
fall 2
rise 1
}
vrrp_instance VI_1 {
state MASTER
interface eth0
mcast_src_ip 192.168.10.202
virtual_router_id 51
priority 101
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.10.190
}
track_script {
chk_http_port
}
}
編寫httpd監控指令碼
[root@dns01 ~]# vim /opt/chk_http.sh
#!/bin/bash
counter=$(netstat -na|grep "LISTEN"|grep "80"|wc -l)
if [ "${counter}" = "0" ]; then
service httpd start >/dev/null 2>&1
sleep 2
counter=$(netstat -na|grep "LISTEN"|grep "80"|wc -l)
if [ "${counter}" = "0" ]; then
/etc/init.d/keepalived stop
fi
fi
必須要給此指令碼授予執行許可權
[root@dns01 ~]# chmod 755 /opt/chk_http.sh
-----------------------------------------
192.168.10.203機器的keepalived.conf配置
[root@dns02 ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
[root@dns02 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
ops@kevin.cn
}
notification_email_from ops@kevin.cn
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id slave-node
}
vrrp_script chk_http_port {
script "/opt/chk_http.sh"
interval 2
weight -5
fall 2
rise 1
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
mcast_src_ip 192.168.10.203
virtual_router_id 51
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.10.190
}
track_script {
chk_http_port
}
}
編寫httpd監控指令碼
[root@dns02 ~]# vim /opt/chk_http.sh
#!/bin/bash
counter=$(netstat -na|grep "LISTEN"|grep "80"|wc -l)
if [ "${counter}" = "0" ]; then
service httpd start >/dev/null 2>&1
sleep 2
counter=$(netstat -na|grep "LISTEN"|grep "80"|wc -l)
if [ "${counter}" = "0" ]; then
/etc/init.d/keepalived stop
fi
fi
必須要給此指令碼授予執行許可權
[root@dns02 ~]# chmod 755 /opt/chk_http.sh
-----------------------------------------------------
分別啟動兩臺機器的keepalived服務
[root@dns01 ~]# /etc/init.d/keepalived start
[root@dns01 ~]# ps -ef|grep keep
[root@dns02 ~]# /etc/init.d/keepalived start
[root@dns02 ~]# ps -ef|grep keepalived
檢查兩臺機器的ip,發現vip此時已經漂到192.168.10.202這臺機器上
[root@dns01 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:6f:a5:e3 brd ff:ff:ff:ff:ff:ff
inet 192.168.10.202/24 brd 192.168.10.255 scope global eth0
inet 192.168.10.190/32 scope global eth0
inet6 fe80::5054:ff:fe6f:a5e3/64 scope link
valid_lft forever preferred_lft forever
[root@dns02 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:e2:01:9b brd ff:ff:ff:ff:ff:ff
inet 192.168.10.203/24 brd 192.168.10.255 scope global eth0
inet6 fe80::5054:ff:fee2:19b/64 scope link
valid_lft forever preferred_lft forever
-------------------------------------------------
測試下故障轉移
先關閉192.168.10.202機器的httpd程式,發現關閉後會很快重啟起來(最多2秒鐘),這是因為keepalived程式裡引用了/opt/chk_http.sh監控指令碼。
同樣關閉192168.10.203機器的httpd程式,也是很快重啟起來。
根據/opt/chk_httpd.sh指令碼可知,httpd程式掛掉後會自動重啟,只有當httpd程式重啟失敗後,才會強制kill掉keepalived服務,這時vip也會轉移到另一臺節點。
[root@dns01 keepalived]# killall -9 httpd
[root@dns01 keepalived]# ps -ef|grep http
root 23661 23660 0 21:30 ? 00:00:00 /bin/bash /opt/chk_http.sh
root 23682 1 1 21:30 ? 00:00:00 /usr/sbin/httpd
apache 23685 23682 0 21:30 ? 00:00:00 /usr/sbin/httpd
apache 23686 23682 0 21:30 ? 00:00:00 /usr/sbin/httpd
apache 23687 23682 0 21:30 ? 00:00:00 /usr/sbin/httpd
apache 23688 23682 0 21:30 ? 00:00:00 /usr/sbin/httpd
apache 23689 23682 0 21:30 ? 00:00:00 /usr/sbin/httpd
apache 23690 23682 0 21:30 ? 00:00:00 /usr/sbin/httpd
apache 23691 23682 0 21:30 ? 00:00:00 /usr/sbin/httpd
apache 23692 23682 0 21:30 ? 00:00:00 /usr/sbin/httpd
root 23694 21411 0 21:30 pts/1 00:00:00 grep http
在測試關閉192.168.10.202機器的keepalived服務,發現vip資源會自動漂移到192.168.10.203機器上。
當192.168.10.202機器的keepalived服務恢復後,vip資源會再次轉移回來。
[root@dns01 ~]# /etc/init.d/keepalived stop
[root@dns01 ~]# ps -ef|grep keeplived
root 24854 21411 0 21:36 pts/1 00:00:00 grep keeplived
[root@dns01 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:6f:a5:e3 brd ff:ff:ff:ff:ff:ff
inet 192.168.10.202/24 brd 192.168.10.255 scope global eth0
inet6 fe80::5054:ff:fe6f:a5e3/64 scope link
valid_lft forever preferred_lft forever
[root@dns02 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:e2:01:9b brd ff:ff:ff:ff:ff:ff
inet 192.168.10.203/24 brd 192.168.10.255 scope global eth0
inet 192.168.10.190/32 scope global eth0
inet6 fe80::5054:ff:fee2:19b/64 scope link
valid_lft forever preferred_lft forever
可以檢視兩臺機器的/var/log/messages日誌,可以看到vip資源的轉移過程。
[root@dns01 ~]# /etc/init.d/keepalived start
Starting keepalived: [ OK ]
[root@dns01 ~]# ps -ef|grep keepalived
root 24877 1 0 21:37 ? 00:00:00 keepalived -D
root 24878 24877 0 21:37 ? 00:00:00 keepalived -D
root 24879 24877 0 21:37 ? 00:00:00 keepalived -D
root 24939 21411 0 21:38 pts/1 00:00:00 grep keepalived
192.168.10.202機器的keepalived服務恢復後,vip資源會再次轉移回來。
[root@dns01 ~]# /etc/init.d/keepalived start
Starting keepalived: [ OK ]
[root@dns01 ~]# ps -ef|grep keepalived
root 24877 1 0 21:37 ? 00:00:00 keepalived -D
root 24878 24877 0 21:37 ? 00:00:00 keepalived -D
root 24879 24877 0 21:37 ? 00:00:00 keepalived -D
root 24939 21411 0 21:38 pts/1 00:00:00 grep keepalived
[root@dns01 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:6f:a5:e3 brd ff:ff:ff:ff:ff:ff
inet 192.168.10.202/24 brd 192.168.10.255 scope global eth0
inet 192.168.10.190/32 scope global eth0
inet6 fe80::5054:ff:fe6f:a5e3/64 scope link
valid_lft forever preferred_lft forever
[root@dns02 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:e2:01:9b brd ff:ff:ff:ff:ff:ff
inet 192.168.10.203/24 brd 192.168.10.255 scope global eth0
inet6 fe80::5054:ff:fee2:19b/64 scope link
valid_lft forever preferred_lft forever
5)配置namedmanager(兩臺機器都要操作)
[root@dns01 ~]# cp /etc/namedmanager/config-bind.php /etc/namedmanager/config-bind.php.bak [root@dns01 ~]# vim /etc/namedmanager/config-bind.php ...... $config["api_url"] = "http://192.168.10.190/namedmanager"; $config["api_server_name"] = "dns.kevin.cn"; $config["api_auth_key"] = "DNS";
6)配置兩臺機器的mysql主主關係
首先確保兩臺機器能使用上面建立的NamedManager使用者名稱和123456密碼登入,如果登入不了,則訪問NamedManager介面時會失敗。
[root@dns02 ~]# mysql -hlocalhost -uNamedManager -p123456
ERROR 1045 (28000): Access denied for user 'NamedManager'@'localhost' (using password: YES)
這就需要授權mysql登入
[root@dns01 ~]# mysql -p123456
.......
mysql> grant all on *.* to NamedManager@192.168.10.202 identified by "123456";
Query OK, 0 rows affected (0.11 sec)
mysql> grant all on *.* to NamedManager@localhost identified by "123456";
Query OK, 0 rows affected (0.02 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.04 sec)
驗證登入
[root@dns01 ~]# mysql -hlocalhost -uNamedManager -p123456
......
mysql>
-------------------------------------------------------------
192.168.10.202機器上的mysql設定
[root@dns01 ~]# cp /etc/my.cnf /etc/my.cnf.bak
[root@dns01 ~]# vim /etc/my.cnf #在[mysqld]區域裡新增下面幾行內容
......
server-id = 1
log-bin = mysql-bin
sync_binlog = 1
binlog_format = mixed
auto-increment-increment = 2
auto-increment-offset = 1
slave-skip-errors = all
重啟mysqld服務
[root@dns01 log]# /etc/init.d/mysqld restart
Stopping mysqld: [ OK ]
Starting mysqld: [ OK ]
資料同步授權,這樣I/O執行緒就可以以這個使用者的身份連線到主伺服器,並且讀取它的二進位制日誌。
[root@dns01 log]# mysql -p123456
......
mysql> grant replication slave,replication client on *.* to kevin@'192.168.10.%' identified by "kevin@123";
mysql> flush privileges;
最好將庫鎖住,僅僅允許讀,以保證資料一致性;待主主同步環境部署後再解鎖;
鎖住後,就不能往表裡寫資料,但是重啟mysql服務後就會自動解鎖!
mysql> flush tables with read lock;
mysql> show master status;
+------------------+----------+--------------+------------------+
| File | Position | Binlog_Do_DB | Binlog_Ignore_DB |
+------------------+----------+--------------+------------------+
| mysql-bin.000001 | 365 | | |
+------------------+----------+--------------+------------------+
1 row in set (0.00 sec)
--------------------------------------------------------------------
192.168.10.203機器上的mysql設定
[root@dns02 ~]# cp /etc/my.cnf /etc/my.cnf.bak
[root@dns02 ~]# vim /etc/my.cnf
.......
server-id = 2
log-bin = mysql-bin
sync_binlog = 1
binlog_format = mixed
auto-increment-increment = 2
auto-increment-offset = 2
slave-skip-errors = all
[root@dns02 ~]# /etc/init.d/mysqld restart
Stopping mysqld: [ OK ]
Starting mysqld: [ OK ]
[root@dns02 ~]# mysql -p123456
.......
mysql> grant replication slave,replication client on *.* to kevin@'192.168.10.%' identified by "kevin@123";
mysql> flush privileges;
mysql> flush tables with read lock;
mysql> show master status;
+------------------+----------+--------------+------------------+
| File | Position | Binlog_Do_DB | Binlog_Ignore_DB |
+------------------+----------+--------------+------------------+
| mysql-bin.000001 | 365 | | |
+------------------+----------+--------------+------------------+
1 row in set (0.00 sec)
---------------192.168.10.202伺服器做同步操作---------------
mysql> unlock tables;
Query OK, 0 rows affected (0.00 sec)
mysql> slave stop;
Query OK, 0 rows affected, 1 warning (0.00 sec)
mysql> change master to master_host='192.168.10.203',master_user='kevin',master_password='kevin@123',master_log_file='mysql-bin.000001',master_log_pos=365;
Query OK, 0 rows affected (0.20 sec)
mysql> start slave;
Query OK, 0 rows affected (0.00 sec)
mysql> show slave status \G;
.......
*************************** 1. row ***************************
Slave_IO_State: Waiting for master to send event
Master_Host: 192.168.10.203
Master_User: kevin
Master_Port: 3306
Connect_Retry: 60
Master_Log_File: mysql-bin.000001
Read_Master_Log_Pos: 365
Relay_Log_File: mysqld-relay-bin.000002
Relay_Log_Pos: 251
Relay_Master_Log_File: mysql-bin.000001
Slave_IO_Running: Yes
Slave_SQL_Running: Yes
.......
.......
---------------192.168.10.203伺服器做同步操作---------------
mysql> unlock tables;
Query OK, 0 rows affected (0.00 sec)
mysql> slave stop;
Query OK, 0 rows affected, 1 warning (0.00 sec)
mysql> change master to master_host='192.168.10.202',master_user='kevin',master_password='kevin@123',master_log_file='mysql-bin.000001',master_log_pos=365;
Query OK, 0 rows affected (0.18 sec)
mysql> start slave;
Query OK, 0 rows affected (0.00 sec)
mysql> show slave status \G;
*************************** 1. row ***************************
Slave_IO_State: Waiting for master to send event
Master_Host: 192.168.10.202
Master_User: kevin
Master_Port: 3306
Connect_Retry: 60
Master_Log_File: mysql-bin.000001
Read_Master_Log_Pos: 365
Relay_Log_File: mysqld-relay-bin.000002
Relay_Log_Pos: 251
Relay_Master_Log_File: mysql-bin.000001
Slave_IO_Running: Yes
Slave_SQL_Running: Yes
.......
.......
到這裡,192.168.10.202和192.168.10.203兩臺機器的mysql主主關係就配置成功了。下面測試下:
首先在192.168.10.202的mysql資料庫上新增資料:
[root@dns01 log]# mysql -p123456
.....
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| namedmanager |
| test |
+--------------------+
4 rows in set (0.00 sec)
mysql> create database kevin;
Query OK, 1 row affected (0.04 sec)
然後到192.168.10.203機器的mysql資料庫上驗證並變更資料
[root@dns02 ~]# mysql -p123456
.......
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| kevin |
| mysql |
| namedmanager |
| test |
+--------------------+
5 rows in set (0.00 sec)
mysql> drop database kevin;
Query OK, 0 rows affected (0.03 sec)
mysql> create database bobo;
Query OK, 1 row affected (0.08 sec)
再到192.168.10.202機器的mysql資料庫上驗證
[root@dns01 log]# mysql -p123456
......
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| bobo |
| mysql |
| namedmanager |
| test |
+--------------------+
5 rows in set (0.00 sec)
mysql> drop database bobo;
Query OK, 0 rows affected (0.05 sec)
7)在192.168.10.202和12.168.10.203兩臺機器上配置相關資料的同步關係。
先做好兩臺機器的ssh相互信任關係。
[root@dns01 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub '-p22 root@192.168.10.203'
[root@dns02 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub '-p22 root@192.168.10.202'
驗證兩機之間的ssh互信
[root@dns01 ~]# ssh -p22 root@192.168.10.203
[root@dns02 ~]#
[root@dns02 httpd]# ssh -p22 root@192.168.10.202
[root@dns01 ~]#
------------------------------------------------------------
現在192.168.10.202機器上做同步,判斷VIP資源是否存在本機,如果存在就同步到另一臺機器上。
[root@dns01 ~]# vim /opt/rsync_dns.sh
#!/bin/bash
while [ "1" = "1" ]
do
NUM=`ip addr|grep 192.168.10.190|wc -l`
if [ $NUM -eq 0 ];then
echo "vip is not at this server" >/dev/null 2>&1
fi
if [ $NUM -eq 1 ];then
/usr/bin/rsync -e "ssh -p22" -avpgolr /etc/named.conf root@192.168.10.203:/etc/
/usr/bin/rsync -e "ssh -p22" -avpgolr /var/named/*.zone root@192.168.10.203:/var/named/
fi
done
授予指令碼執行許可權,並啟動指令碼
[root@dns01 ~]# chmod 755 /opt/rsync_dns.sh
[root@dns01 ~]# nohup sh /opt/rsync_dns.sh &
[root@dns01 ~]# ps -ef|grep rsync_dns.sh
root 6310 21411 0 22:33 pts/1 00:00:00 sh /opt/rsync_dns.sh
root 6508 21411 0 22:33 pts/1 00:00:00 grep rsync_dns.sh
-----------------------------------------------------------------
然後在192.168.10.203機器上做同步:
[root@dns02 httpd]# vim /opt/rsync_dns.sh
#!/bin/bash
while [ "1" = "1" ]
do
NUM=`ip addr|grep 192.168.10.190|wc -l`
if [ $NUM -eq 0 ];then
echo "vip is not at this server" >/dev/null 2>&1
fi
if [ $NUM -eq 1 ];then
/usr/bin/rsync -e "ssh -p22" -avpgolr /etc/named.conf root@192.168.10.202:/etc/
/usr/bin/rsync -e "ssh -p22" -avpgolr /var/named/*.zone root@192.168.10.202:/var/named/
fi
done
授予指令碼執行許可權,並啟動指令碼
[root@dns02 httpd]# chmod 755 /opt/rsync_dns.sh
[root@dns02 httpd]# nohup sh /opt/rsync_dns.sh &
[root@dns02 httpd]# ps -ef|grep rsync_dns.sh
root 12578 5466 0 22:35 pts/1 00:00:00 grep rsync_dns.sh
root 32124 5466 8 22:35 pts/1 00:00:00 sh /opt/rsync_dns.sh
8)訪問namedmanager(https://192.168.10.190/namedmanager)進行介面配置。(由於此時vip資源在192.168.10.202機器上,故配置資訊從192.168.10.202機器同步到192.168.10.203機器)。預設使用者名稱和密碼(setup,setup123)。不要忘記在使用者管理中修改使用者名稱和密碼。
重置管理員使用者名稱和密碼(由於兩臺伺服器的mysql做了主主關係,修改後的資訊同樣會同步到另一臺機器的mysql資料庫裡,即修改後的管理員賬號密碼同樣適用於另一臺機器的namedmanager登入)
接著設定API key(如下圖。設定郵箱地址和API key,這個key是在上面的/etc/namedmanager/config-bind.php檔案中設定的)
新增伺服器。Name Server FQDN的名稱要和httpd中的ServerName一致。(如下新增部署機的主機名或者ip地址都可以)
確保下面的"Zonefile Status"和"Logging Status"的狀態是綠色的。
新增正向域名解析
新增反向域名解析(如果有多個ip段的客戶機,那麼就如下圖新增多個反向解析配置)
檢視正反向解析域名新增情況
上面已經成功新增了正反向解析域名,現在嘗試新增一些域名的A記錄和PTR記錄
先新增A正向解析記錄
由於上面在新增A正向解析的時候,已經勾選了PTR反向解析(如果沒有勾選,則需要手動新增PTR反向解析記錄),故這時候已經有了上面那幾個域名的反向解析記錄了:
如上,已經新增了幾個正反向解析記錄,可以訪問https://192.168.10.203/namedmanager,發現訪問另一臺機器的namedmanager(使用上面重置後的admin使用者)也會看到上面設定的正反向解析配置資訊。這就說明雙機同步已經生效。
可以登入到兩臺機器本機上檢視相關的正反向解析配置:
[root@dns01 ~]# cd /var/named/
[root@dns01 named]# ll
total 36
-rw-r--r--. 1 root root 614 Jun 3 23:42 10.168.192.in-addr.arpa.zone
drwxrwx---. 2 named named 4096 Jun 3 03:21 data
drwxrwx---. 2 named named 4096 Jun 3 23:05 dynamic
-rw-r--r--. 1 root root 575 Jun 3 23:42 kevin.cn.zone
-rw-r-----. 1 root named 3289 Apr 11 2017 named.ca
-rw-r-----. 1 root named 152 Dec 15 2009 named.empty
-rw-r-----. 1 root named 152 Jun 21 2007 named.localhost
-rw-r-----. 1 root named 168 Dec 15 2009 named.loopback
drwxrwx---. 2 named named 4096 Jan 22 20:57 slaves
[root@dns01 ~]# cat /etc/named.namedmanager.conf
//
// NamedManager Configuration
//
// This file is automatically generated any manual changes will be lost.
//
zone "kevin.cn" IN {
type master;
file "kevin.cn.zone";
allow-update { none; };
};
zone "10.168.192.in-addr.arpa" IN {
type master;
file "10.168.192.in-addr.arpa.zone";
allow-update { none; };
};
[root@dns01 named]# cat kevin.cn.zone
$ORIGIN kevin.cn.
$TTL 120
@ IN SOA dns.kevin.cn. wangshbo.veredholdings.com. (
2018060311 ; serial
21600 ; refresh
3600 ; retry
604800 ; expiry
120 ; minimum ttl
)
; Nameservers
kevin.cn. 86400 IN NS dns.kevin.cn.
; Mailservers
; Reverse DNS Records (PTR)
; CNAME
; HOST RECORDS
db01 120 IN A 192.168.10.239
db02 120 IN A 192.168.10.212
dns 120 IN A 192.168.10.190
dns01 120 IN A 192.168.10.202
dns02 120 IN A 192.168.10.203
ftp01 120 IN A 192.168.10.209
nc-app 120 IN A 192.168.10.210
web01 120 IN A 192.168.10.214
web02 120 IN A 192.168.10.215
[root@dns01 named]# cat 10.168.192.in-addr.arpa.zone
$ORIGIN 10.168.192.in-addr.arpa.
$TTL 120
@ IN SOA dns.kevin.cn. wangshbo.veredholdings.com. (
2018060310 ; serial
21600 ; refresh
3600 ; retry
604800 ; expiry
120 ; minimum ttl
)
; Nameservers
10.168.192.in-addr.arpa. 86400 IN NS dns.kevin.cn.
; Mailservers
; Reverse DNS Records (PTR)
190 120 IN PTR dns.kevin.cn.
202 120 IN PTR dns01.kevin.cn.
203 120 IN PTR dns02.kevin.cn.
209 120 IN PTR ftp01.kevin.cn.
210 120 IN PTR nc-app.kevin.cn.
212 120 IN PTR db02.kevin.cn.
214 120 IN PTR web01.kevin.cn.
215 120 IN PTR web02.kevin.cn.
239 120 IN PTR db01.kevin.cn.
; CNAME
; HOST RECORDS
9)客戶機的DNS配置
root@localhost ~]# ifconfig|grep 192
inet addr:192.168.10.207 Bcast:192.168.10.255 Mask:255.255.255.0
[root@localhost ~]# vim /etc/resolv.conf
domain kevin.cn
search kevin.cn
nameserver 192.168.10.190
[root@localhost ~]# ping www.baidu.com
PING www.a.shifen.com (61.135.169.121) 56(84) bytes of data.
64 bytes from 61.135.169.121: icmp_seq=1 ttl=55 time=2.23 ms
64 bytes from 61.135.169.121: icmp_seq=2 ttl=55 time=2.71 ms
64 bytes from 61.135.169.121: icmp_seq=1 ttl=55 time=2.23 ms
64 bytes from 61.135.169.121: icmp_seq=2 ttl=55 time=2.71 ms
......
......
[root@localhost ~]# ping ftp01.kevin.cn
PING ftp01.kevin.cn (192.168.10.209) 56(84) bytes of data.
64 bytes from ftp01.kevin.cn (192.168.10.209): icmp_seq=1 ttl=64 time=1.25 ms
64 bytes from ftp01.kevin.cn (192.168.10.209): icmp_seq=2 ttl=64 time=0.121 ms
[root@localhost ~]# ping db02.kevin.cn
PING db02.kevin.cn (192.168.10.212) 56(84) bytes of data.
64 bytes from db02.kevin.cn (192.168.10.212): icmp_seq=1 ttl=64 time=0.408 ms
64 bytes from db02.kevin.cn (192.168.10.212): icmp_seq=2 ttl=64 time=0.199 ms
故障切換驗證:
關閉192.168.10.202上的keepalived服務,當vip資源切換到192.168.10.203機器上後,
再次在客戶機上測試
[root@dns01 ~]# /etc/init.d/keepalived stop
Stopping keepalived: [ OK ]
[root@dns01 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:6f:a5:e3 brd ff:ff:ff:ff:ff:ff
inet 192.168.10.202/24 brd 192.168.10.255 scope global eth0
inet6 fe80::5054:ff:fe6f:a5e3/64 scope link
valid_lft forever preferred_lft forever
[root@dns02 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:e2:01:9b brd ff:ff:ff:ff:ff:ff
inet 192.168.10.203/24 brd 192.168.10.255 scope global eth0
inet 192.168.10.190/32 scope global eth0
inet6 fe80::5054:ff:fee2:19b/64 scope link
valid_lft forever preferred_lft forever
當vip資源轉移到另一臺機器後,客戶機上的DNS就會繼續生效了。
[root@localhost ~]# ping www.qq.com
PING news.qq.com (125.39.52.26) 56(84) bytes of data.
64 bytes from no-data (125.39.52.26): icmp_seq=1 ttl=52 time=4.32 ms
64 bytes from no-data (125.39.52.26): icmp_seq=2 ttl=52 time=4.15 ms
[root@localhost ~]# ping web02.kevin.cn
PING web02.kevin.cn (192.168.10.215) 56(84) bytes of data.
64 bytes from web02.kevin.cn (192.168.10.215): icmp_seq=1 ttl=64 time=2.14 ms
64 bytes from web02.kevin.cn (192.168.10.215): icmp_seq=2 ttl=64 time=0.143 ms
如果上面不做兩臺機器的mysql主主以及那些dns相關同步配置,那麼要想實現主機高可用(提供統一的vip訪問地址),就需要將DNS的解析配置在192.168.10.202和192.168.10.203
兩臺機器的namedmanager介面裡同樣操作,即每次都要操作兩遍。