之前說到了NamedManager單機版的配置,下面說下DNS+NamedManager雙機高可用的配置方案:
1)機器環境
主機名 ip地址 dns01.kevin.cn 192.168.10.202 dns02.kevin.cn 192.168.10.203 VIP地址:192.168.10.190 兩台機器做好主機名及hosts綁定 [root@dns01 ~]# vim /etc/hosts ...... 192.168.10.202 dns01.kevin.cn 192.168.10.203 dns02.kevin.cn 192.168.10.190 dns.kevin.cn 四台機器都是centos6.9系統 [root@dns01 ~]# cat /etc/redhat-release CentOS release 6.9 (Final) 關閉四台機器的iptables和selinux [root@dns01 ~]# /etc/init.d/iptables stop [root@dns01 ~]# setenforce 0 [root@dns01 ~]# vim /etc/sysconfig/selinux ...... SELINUX=disabled 同步四台機器的系統時間 [root@dns01 ~]# yum install -y ntpdate [root@dns01 ~]# ntpdate ntp1.aliyun.com
2)安裝namedmanager(在192.168.10.202和192.168.10.203兩台機器上同樣操作)
[root@dns01 ~]# yum install perl httpd mod_ssl mysql-server php php-intl php-ldap php-mysql php-soap php-xml 修改/etc/httpd/conf/httpd.conf ....... ServerName dns.kevin.cn:80 [root@dns01 ~]# service mysqld start [root@dns01 ~]# service httpd start [root@dns01 ~]# lsof -i:3306 [root@dns01 ~]# lsof -i:80 [root@dns01 ~]# chkconfig mysqld on [root@dns01 ~]# chkconfig httpd on [root@dns02 ~]# mysqladmin -u root password 123456 [root@dns02 ~]# mysql -p123456 #驗證下是否能登錄進去 下載並安裝namedmanager [root@dns01 ~]# cd /usr/local/src/ [root@dns01 src]# wget http://repos.jethrocarr.com/pub/amberdms/linux/centos/6/amberdms-custom/i386/namedmanager-www-1.8.0-1.el6.noarch.rpm [root@dns01 src]# rpm -Uvh namedmanager-www-1.8.0-1.el6.noarch.rpm --force [root@dns01 src]# cd /usr/share/namedmanager/resources/ [root@dns01 resources]# ./autoinstall.pl autoinstall.pl This script setups the NamedManager database components: * NamedManager MySQL user #默認會創建登錄Mysql的用戶名NamedManager * NamedManager database #默認會創建NamedManager數據庫名 * NamedManager configuration files #默認會創建NamedManager的配置文件 THIS SCRIPT ONLY NEEDS TO BE RUN FOR THE VERY FIRST INSTALL OF NAMEDMANAGER. DO NOT RUN FOR ANY OTHER REASON Please enter MySQL root password (if any): 123456 #輸入上面設置的mysql密碼 Searching ../sql/ for latest install schema... ../sql//version_20131222_install.sql is the latest file and will be used for the install. Importing file ../sql//version_20131222_install.sql Creating user... Updating configuration file... DB installation complete! You can now login with the default username/password of setup/setup123 at http://localhost/namedmanager
3)安裝和配置bind9(在192.168.10.202和192.168.10.203兩台機器上同樣操作)
[root@dns01 ~]# cd /usr/local/src/
[root@dns01 src]# yum install bind php-process
[root@dns01 src]# wget http://repos.jethrocarr.com/pub/amberdms/linux/centos/6/amberdms-custom/i386/namedmanager-bind-1.8.0-1.el6.noarch.rpm
[root@dns01 src]# rpm -Uvh namedmanager-bind-1.8.0-1.el6.noarch.rpm --force
修改/etc/named.conf
[root@dns01 src]# cp /etc/named.conf /etc/named.conf.bak
[root@dns01 src]# vim /etc/named.conf
options {
listen-on port 53 { any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
allow-query-cache { any; };
recursion yes;
forward first;
forwarders {
223.5.5.5;
223.6.6.6;
8.8.8.8;
8.8.4.4;
};
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
include "/etc/named.namedmanager.conf";
啟動named服務
[root@dns01 src]# service named start
Generating /etc/rndc.key: [ OK ]
Starting named: [ OK ]
--------------------------------------------------------------------------
上面已經提前關閉了iptables和selinux。
如果防火牆打開了,則需要開啟下面策略:
[root@dns01 src]# iptables -F
[root@dns01 src]# iptables -P INPUT DROP
[root@dns01 src]# iptables -P FORWARD DROP
[root@dns01 src]# iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
[root@dns01 src]# iptables -A INPUT -i lo -p all -j ACCEPT
[root@dns01 src]# iptables -A INPUT -p icmp -j ACCEPT
[root@dns01 src]# iptables -A INPUT -p tcp --dport 22 -j ACCEPT
[root@dns01 src]# iptables -A INPUT -p tcp --dport 53 -j ACCEPT
[root@dns01 src]# iptables -A INPUT -p udp --dport 53 -j ACCEPT
[root@dns01 src]# iptables -A INPUT -p tcp --dport 80 -j ACCEPT
[root@dns01 src]# iptables -A INPUT -p tcp --dport 443 -j ACCEPT
--------------------------------------------------------------------------
禁用IPV6。添加域名記錄(正向解析與反向解析)。設置開機啟動服務,並重啟服務器。
[root@dns01 src]# vim /etc/modprobe.d/dist.conf
.......
alias net-pf-10 off
alias ipv6 off
chkconfig ip6tables off
[root@dns01 src]# chkconfig httpd on
[root@dns01 src]# chkconfig mysqld on
[root@dns01 src]# chkconfig named on
[root@dns01 src]# init 6 #重啟機器
重啟之后,登錄機器驗證下httpd、mysqld和named服務是否如實開機啟動了
[root@dns01 ~]# ps -ef|grep mysql
[root@dns01 ~]# ps -ef|grep http
[root@dns01 ~]# ps -ef|grep named
測試登錄mysql
[root@dns01 ~]# mysql -p123456
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2)
[root@dns01 ~]# ll /var/lib/mysql/mysql.sock
ls: cannot access /var/lib/mysql/mysql.sock: No such file or directory
[root@dns01 ~]# ln -s /usr/local/mysql/var/mysql.sock /var/lib/mysql/mysql.sock
[root@dns01 ~]# ll /var/lib/mysql/mysql.sock
lrwxrwxrwx. 1 root root 31 Jun 1 17:14 /var/lib/mysql/mysql.sock -> /usr/local/mysql/var/mysql.sock
[root@dns01 ~]# mysql -p123456 #這時就能順利登錄mysql數據庫了
4)安裝keepalived(192.168.10.202和192.168.10.203兩台機器上同樣操作)
[root@dns01 ~]# cd /usr/local/src/
[root@dns01 src]# wget http://www.keepalived.org/software/keepalived-1.3.2.tar.gz
[root@dns01 src]# tar -zvxf keepalived-1.3.2.tar.gz
[root@dns01 src]# cd keepalived-1.3.2
[root@dns01 keepalived-1.3.2]# ./configure && make && make install
[root@dns01 keepalived-1.3.2]# cp /usr/local/src/keepalived-1.3.2/keepalived/etc/init.d/keepalived /etc/rc.d/init.d/
[root@dns01 keepalived-1.3.2]# cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/
[root@dns01 keepalived-1.3.2]# mkdir /etc/keepalived
[root@dns01 keepalived-1.3.2]# cp /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/
[root@dns01 keepalived-1.3.2]# cp /usr/local/sbin/keepalived /usr/sbin/
[root@dns01 keepalived-1.3.2]# echo "/etc/init.d/keepalived start" >> /etc/rc.local
keepalived.conf配置
------------------------------------------
192.168.10.202機器的keepalived.conf配置
[root@dns01 ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
[root@dns01 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived #全局定義
global_defs {
notification_email {
ops@kevin.cn
}
notification_email_from ops@kevin.cn
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id master-node
}
vrrp_script chk_http_port {
script "/opt/chk_http.sh"
interval 2
weight -5
fall 2
rise 1
}
vrrp_instance VI_1 {
state MASTER
interface eth0
mcast_src_ip 192.168.10.202
virtual_router_id 51
priority 101
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.10.190
}
track_script {
chk_http_port
}
}
編寫httpd監控腳本
[root@dns01 ~]# vim /opt/chk_http.sh
#!/bin/bash
counter=$(netstat -na|grep "LISTEN"|grep "80"|wc -l)
if [ "${counter}" = "0" ]; then
service httpd start >/dev/null 2>&1
sleep 2
counter=$(netstat -na|grep "LISTEN"|grep "80"|wc -l)
if [ "${counter}" = "0" ]; then
/etc/init.d/keepalived stop
fi
fi
必須要給此腳本授予執行權限
[root@dns01 ~]# chmod 755 /opt/chk_http.sh
-----------------------------------------
192.168.10.203機器的keepalived.conf配置
[root@dns02 ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
[root@dns02 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
ops@kevin.cn
}
notification_email_from ops@kevin.cn
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id slave-node
}
vrrp_script chk_http_port {
script "/opt/chk_http.sh"
interval 2
weight -5
fall 2
rise 1
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
mcast_src_ip 192.168.10.203
virtual_router_id 51
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.10.190
}
track_script {
chk_http_port
}
}
編寫httpd監控腳本
[root@dns02 ~]# vim /opt/chk_http.sh
#!/bin/bash
counter=$(netstat -na|grep "LISTEN"|grep "80"|wc -l)
if [ "${counter}" = "0" ]; then
service httpd start >/dev/null 2>&1
sleep 2
counter=$(netstat -na|grep "LISTEN"|grep "80"|wc -l)
if [ "${counter}" = "0" ]; then
/etc/init.d/keepalived stop
fi
fi
必須要給此腳本授予執行權限
[root@dns02 ~]# chmod 755 /opt/chk_http.sh
-----------------------------------------------------
分別啟動兩台機器的keepalived服務
[root@dns01 ~]# /etc/init.d/keepalived start
[root@dns01 ~]# ps -ef|grep keep
[root@dns02 ~]# /etc/init.d/keepalived start
[root@dns02 ~]# ps -ef|grep keepalived
檢查兩台機器的ip,發現vip此時已經漂到192.168.10.202這台機器上
[root@dns01 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:6f:a5:e3 brd ff:ff:ff:ff:ff:ff
inet 192.168.10.202/24 brd 192.168.10.255 scope global eth0
inet 192.168.10.190/32 scope global eth0
inet6 fe80::5054:ff:fe6f:a5e3/64 scope link
valid_lft forever preferred_lft forever
[root@dns02 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:e2:01:9b brd ff:ff:ff:ff:ff:ff
inet 192.168.10.203/24 brd 192.168.10.255 scope global eth0
inet6 fe80::5054:ff:fee2:19b/64 scope link
valid_lft forever preferred_lft forever
-------------------------------------------------
測試下故障轉移
先關閉192.168.10.202機器的httpd程序,發現關閉后會很快重啟起來(最多2秒鍾),這是因為keepalived程序里引用了/opt/chk_http.sh監控腳本。
同樣關閉192168.10.203機器的httpd程序,也是很快重啟起來。
根據/opt/chk_httpd.sh腳本可知,httpd程序掛掉后會自動重啟,只有當httpd程序重啟失敗后,才會強制kill掉keepalived服務,這時vip也會轉移到另一台節點。
[root@dns01 keepalived]# killall -9 httpd
[root@dns01 keepalived]# ps -ef|grep http
root 23661 23660 0 21:30 ? 00:00:00 /bin/bash /opt/chk_http.sh
root 23682 1 1 21:30 ? 00:00:00 /usr/sbin/httpd
apache 23685 23682 0 21:30 ? 00:00:00 /usr/sbin/httpd
apache 23686 23682 0 21:30 ? 00:00:00 /usr/sbin/httpd
apache 23687 23682 0 21:30 ? 00:00:00 /usr/sbin/httpd
apache 23688 23682 0 21:30 ? 00:00:00 /usr/sbin/httpd
apache 23689 23682 0 21:30 ? 00:00:00 /usr/sbin/httpd
apache 23690 23682 0 21:30 ? 00:00:00 /usr/sbin/httpd
apache 23691 23682 0 21:30 ? 00:00:00 /usr/sbin/httpd
apache 23692 23682 0 21:30 ? 00:00:00 /usr/sbin/httpd
root 23694 21411 0 21:30 pts/1 00:00:00 grep http
在測試關閉192.168.10.202機器的keepalived服務,發現vip資源會自動漂移到192.168.10.203機器上。
當192.168.10.202機器的keepalived服務恢復后,vip資源會再次轉移回來。
[root@dns01 ~]# /etc/init.d/keepalived stop
[root@dns01 ~]# ps -ef|grep keeplived
root 24854 21411 0 21:36 pts/1 00:00:00 grep keeplived
[root@dns01 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:6f:a5:e3 brd ff:ff:ff:ff:ff:ff
inet 192.168.10.202/24 brd 192.168.10.255 scope global eth0
inet6 fe80::5054:ff:fe6f:a5e3/64 scope link
valid_lft forever preferred_lft forever
[root@dns02 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:e2:01:9b brd ff:ff:ff:ff:ff:ff
inet 192.168.10.203/24 brd 192.168.10.255 scope global eth0
inet 192.168.10.190/32 scope global eth0
inet6 fe80::5054:ff:fee2:19b/64 scope link
valid_lft forever preferred_lft forever
可以查看兩台機器的/var/log/messages日志,可以看到vip資源的轉移過程。
[root@dns01 ~]# /etc/init.d/keepalived start
Starting keepalived: [ OK ]
[root@dns01 ~]# ps -ef|grep keepalived
root 24877 1 0 21:37 ? 00:00:00 keepalived -D
root 24878 24877 0 21:37 ? 00:00:00 keepalived -D
root 24879 24877 0 21:37 ? 00:00:00 keepalived -D
root 24939 21411 0 21:38 pts/1 00:00:00 grep keepalived
192.168.10.202機器的keepalived服務恢復后,vip資源會再次轉移回來。
[root@dns01 ~]# /etc/init.d/keepalived start
Starting keepalived: [ OK ]
[root@dns01 ~]# ps -ef|grep keepalived
root 24877 1 0 21:37 ? 00:00:00 keepalived -D
root 24878 24877 0 21:37 ? 00:00:00 keepalived -D
root 24879 24877 0 21:37 ? 00:00:00 keepalived -D
root 24939 21411 0 21:38 pts/1 00:00:00 grep keepalived
[root@dns01 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:6f:a5:e3 brd ff:ff:ff:ff:ff:ff
inet 192.168.10.202/24 brd 192.168.10.255 scope global eth0
inet 192.168.10.190/32 scope global eth0
inet6 fe80::5054:ff:fe6f:a5e3/64 scope link
valid_lft forever preferred_lft forever
[root@dns02 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:e2:01:9b brd ff:ff:ff:ff:ff:ff
inet 192.168.10.203/24 brd 192.168.10.255 scope global eth0
inet6 fe80::5054:ff:fee2:19b/64 scope link
valid_lft forever preferred_lft forever
5)配置namedmanager(兩台機器都要操作)
[root@dns01 ~]# cp /etc/namedmanager/config-bind.php /etc/namedmanager/config-bind.php.bak [root@dns01 ~]# vim /etc/namedmanager/config-bind.php ...... $config["api_url"] = "http://192.168.10.190/namedmanager"; $config["api_server_name"] = "dns.kevin.cn"; $config["api_auth_key"] = "DNS";
6)配置兩台機器的mysql主主關系
首先確保兩台機器能使用上面創建的NamedManager用戶名和123456密碼登錄,如果登錄不了,則訪問NamedManager界面時會失敗。
[root@dns02 ~]# mysql -hlocalhost -uNamedManager -p123456
ERROR 1045 (28000): Access denied for user 'NamedManager'@'localhost' (using password: YES)
這就需要授權mysql登錄
[root@dns01 ~]# mysql -p123456
.......
mysql> grant all on *.* to NamedManager@192.168.10.202 identified by "123456";
Query OK, 0 rows affected (0.11 sec)
mysql> grant all on *.* to NamedManager@localhost identified by "123456";
Query OK, 0 rows affected (0.02 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.04 sec)
驗證登錄
[root@dns01 ~]# mysql -hlocalhost -uNamedManager -p123456
......
mysql>
-------------------------------------------------------------
192.168.10.202機器上的mysql設置
[root@dns01 ~]# cp /etc/my.cnf /etc/my.cnf.bak
[root@dns01 ~]# vim /etc/my.cnf #在[mysqld]區域里添加下面幾行內容
......
server-id = 1
log-bin = mysql-bin
sync_binlog = 1
binlog_format = mixed
auto-increment-increment = 2
auto-increment-offset = 1
slave-skip-errors = all
重啟mysqld服務
[root@dns01 log]# /etc/init.d/mysqld restart
Stopping mysqld: [ OK ]
Starting mysqld: [ OK ]
數據同步授權,這樣I/O線程就可以以這個用戶的身份連接到主服務器,並且讀取它的二進制日志。
[root@dns01 log]# mysql -p123456
......
mysql> grant replication slave,replication client on *.* to kevin@'192.168.10.%' identified by "kevin@123";
mysql> flush privileges;
最好將庫鎖住,僅僅允許讀,以保證數據一致性;待主主同步環境部署后再解鎖;
鎖住后,就不能往表里寫數據,但是重啟mysql服務后就會自動解鎖!
mysql> flush tables with read lock;
mysql> show master status;
+------------------+----------+--------------+------------------+
| File | Position | Binlog_Do_DB | Binlog_Ignore_DB |
+------------------+----------+--------------+------------------+
| mysql-bin.000001 | 365 | | |
+------------------+----------+--------------+------------------+
1 row in set (0.00 sec)
--------------------------------------------------------------------
192.168.10.203機器上的mysql設置
[root@dns02 ~]# cp /etc/my.cnf /etc/my.cnf.bak
[root@dns02 ~]# vim /etc/my.cnf
.......
server-id = 2
log-bin = mysql-bin
sync_binlog = 1
binlog_format = mixed
auto-increment-increment = 2
auto-increment-offset = 2
slave-skip-errors = all
[root@dns02 ~]# /etc/init.d/mysqld restart
Stopping mysqld: [ OK ]
Starting mysqld: [ OK ]
[root@dns02 ~]# mysql -p123456
.......
mysql> grant replication slave,replication client on *.* to kevin@'192.168.10.%' identified by "kevin@123";
mysql> flush privileges;
mysql> flush tables with read lock;
mysql> show master status;
+------------------+----------+--------------+------------------+
| File | Position | Binlog_Do_DB | Binlog_Ignore_DB |
+------------------+----------+--------------+------------------+
| mysql-bin.000001 | 365 | | |
+------------------+----------+--------------+------------------+
1 row in set (0.00 sec)
---------------192.168.10.202服務器做同步操作---------------
mysql> unlock tables;
Query OK, 0 rows affected (0.00 sec)
mysql> slave stop;
Query OK, 0 rows affected, 1 warning (0.00 sec)
mysql> change master to master_host='192.168.10.203',master_user='kevin',master_password='kevin@123',master_log_file='mysql-bin.000001',master_log_pos=365;
Query OK, 0 rows affected (0.20 sec)
mysql> start slave;
Query OK, 0 rows affected (0.00 sec)
mysql> show slave status \G;
.......
*************************** 1. row ***************************
Slave_IO_State: Waiting for master to send event
Master_Host: 192.168.10.203
Master_User: kevin
Master_Port: 3306
Connect_Retry: 60
Master_Log_File: mysql-bin.000001
Read_Master_Log_Pos: 365
Relay_Log_File: mysqld-relay-bin.000002
Relay_Log_Pos: 251
Relay_Master_Log_File: mysql-bin.000001
Slave_IO_Running: Yes
Slave_SQL_Running: Yes
.......
.......
---------------192.168.10.203服務器做同步操作---------------
mysql> unlock tables;
Query OK, 0 rows affected (0.00 sec)
mysql> slave stop;
Query OK, 0 rows affected, 1 warning (0.00 sec)
mysql> change master to master_host='192.168.10.202',master_user='kevin',master_password='kevin@123',master_log_file='mysql-bin.000001',master_log_pos=365;
Query OK, 0 rows affected (0.18 sec)
mysql> start slave;
Query OK, 0 rows affected (0.00 sec)
mysql> show slave status \G;
*************************** 1. row ***************************
Slave_IO_State: Waiting for master to send event
Master_Host: 192.168.10.202
Master_User: kevin
Master_Port: 3306
Connect_Retry: 60
Master_Log_File: mysql-bin.000001
Read_Master_Log_Pos: 365
Relay_Log_File: mysqld-relay-bin.000002
Relay_Log_Pos: 251
Relay_Master_Log_File: mysql-bin.000001
Slave_IO_Running: Yes
Slave_SQL_Running: Yes
.......
.......
到這里,192.168.10.202和192.168.10.203兩台機器的mysql主主關系就配置成功了。下面測試下:
首先在192.168.10.202的mysql數據庫上添加數據:
[root@dns01 log]# mysql -p123456
.....
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| namedmanager |
| test |
+--------------------+
4 rows in set (0.00 sec)
mysql> create database kevin;
Query OK, 1 row affected (0.04 sec)
然后到192.168.10.203機器的mysql數據庫上驗證並變更數據
[root@dns02 ~]# mysql -p123456
.......
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| kevin |
| mysql |
| namedmanager |
| test |
+--------------------+
5 rows in set (0.00 sec)
mysql> drop database kevin;
Query OK, 0 rows affected (0.03 sec)
mysql> create database bobo;
Query OK, 1 row affected (0.08 sec)
再到192.168.10.202機器的mysql數據庫上驗證
[root@dns01 log]# mysql -p123456
......
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| bobo |
| mysql |
| namedmanager |
| test |
+--------------------+
5 rows in set (0.00 sec)
mysql> drop database bobo;
Query OK, 0 rows affected (0.05 sec)
7)在192.168.10.202和12.168.10.203兩台機器上配置相關數據的同步關系。
先做好兩台機器的ssh相互信任關系。
[root@dns01 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub '-p22 root@192.168.10.203'
[root@dns02 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub '-p22 root@192.168.10.202'
驗證兩機之間的ssh互信
[root@dns01 ~]# ssh -p22 root@192.168.10.203
[root@dns02 ~]#
[root@dns02 httpd]# ssh -p22 root@192.168.10.202
[root@dns01 ~]#
------------------------------------------------------------
現在192.168.10.202機器上做同步,判斷VIP資源是否存在本機,如果存在就同步到另一台機器上。
[root@dns01 ~]# vim /opt/rsync_dns.sh
#!/bin/bash
while [ "1" = "1" ]
do
NUM=`ip addr|grep 192.168.10.190|wc -l`
if [ $NUM -eq 0 ];then
echo "vip is not at this server" >/dev/null 2>&1
fi
if [ $NUM -eq 1 ];then
/usr/bin/rsync -e "ssh -p22" -avpgolr /etc/named.conf root@192.168.10.203:/etc/
/usr/bin/rsync -e "ssh -p22" -avpgolr /var/named/*.zone root@192.168.10.203:/var/named/
fi
done
授予腳本執行權限,並啟動腳本
[root@dns01 ~]# chmod 755 /opt/rsync_dns.sh
[root@dns01 ~]# nohup sh /opt/rsync_dns.sh &
[root@dns01 ~]# ps -ef|grep rsync_dns.sh
root 6310 21411 0 22:33 pts/1 00:00:00 sh /opt/rsync_dns.sh
root 6508 21411 0 22:33 pts/1 00:00:00 grep rsync_dns.sh
-----------------------------------------------------------------
然后在192.168.10.203機器上做同步:
[root@dns02 httpd]# vim /opt/rsync_dns.sh
#!/bin/bash
while [ "1" = "1" ]
do
NUM=`ip addr|grep 192.168.10.190|wc -l`
if [ $NUM -eq 0 ];then
echo "vip is not at this server" >/dev/null 2>&1
fi
if [ $NUM -eq 1 ];then
/usr/bin/rsync -e "ssh -p22" -avpgolr /etc/named.conf root@192.168.10.202:/etc/
/usr/bin/rsync -e "ssh -p22" -avpgolr /var/named/*.zone root@192.168.10.202:/var/named/
fi
done
授予腳本執行權限,並啟動腳本
[root@dns02 httpd]# chmod 755 /opt/rsync_dns.sh
[root@dns02 httpd]# nohup sh /opt/rsync_dns.sh &
[root@dns02 httpd]# ps -ef|grep rsync_dns.sh
root 12578 5466 0 22:35 pts/1 00:00:00 grep rsync_dns.sh
root 32124 5466 8 22:35 pts/1 00:00:00 sh /opt/rsync_dns.sh
8)訪問namedmanager(https://192.168.10.190/namedmanager)進行界面配置。(由於此時vip資源在192.168.10.202機器上,故配置信息從192.168.10.202機器同步到192.168.10.203機器)。默認用戶名和密碼(setup,setup123)。不要忘記在用戶管理中修改用戶名和密碼。
重置管理員用戶名和密碼(由於兩台服務器的mysql做了主主關系,修改后的信息同樣會同步到另一台機器的mysql數據庫里,即修改后的管理員賬號密碼同樣適用於另一台機器的namedmanager登錄)
接着設置API key(如下圖。設置郵箱地址和API key,這個key是在上面的/etc/namedmanager/config-bind.php文件中設置的)
添加服務器。Name Server FQDN的名稱要和httpd中的ServerName一致。(如下添加部署機的主機名或者ip地址都可以)
確保下面的"Zonefile Status"和"Logging Status"的狀態是綠色的。
添加正向域名解析
添加反向域名解析(如果有多個ip段的客戶機,那么就如下圖添加多個反向解析配置)
查看正反向解析域名添加情況
上面已經成功添加了正反向解析域名,現在嘗試添加一些域名的A記錄和PTR記錄
先添加A正向解析記錄
由於上面在添加A正向解析的時候,已經勾選了PTR反向解析(如果沒有勾選,則需要手動添加PTR反向解析記錄),故這時候已經有了上面那幾個域名的反向解析記錄了:
如上,已經添加了幾個正反向解析記錄,可以訪問https://192.168.10.203/namedmanager,發現訪問另一台機器的namedmanager(使用上面重置后的admin用戶)也會看到上面設置的正反向解析配置信息。這就說明雙機同步已經生效。
可以登錄到兩台機器本機上查看相關的正反向解析配置:
[root@dns01 ~]# cd /var/named/
[root@dns01 named]# ll
total 36
-rw-r--r--. 1 root root 614 Jun 3 23:42 10.168.192.in-addr.arpa.zone
drwxrwx---. 2 named named 4096 Jun 3 03:21 data
drwxrwx---. 2 named named 4096 Jun 3 23:05 dynamic
-rw-r--r--. 1 root root 575 Jun 3 23:42 kevin.cn.zone
-rw-r-----. 1 root named 3289 Apr 11 2017 named.ca
-rw-r-----. 1 root named 152 Dec 15 2009 named.empty
-rw-r-----. 1 root named 152 Jun 21 2007 named.localhost
-rw-r-----. 1 root named 168 Dec 15 2009 named.loopback
drwxrwx---. 2 named named 4096 Jan 22 20:57 slaves
[root@dns01 ~]# cat /etc/named.namedmanager.conf
//
// NamedManager Configuration
//
// This file is automatically generated any manual changes will be lost.
//
zone "kevin.cn" IN {
type master;
file "kevin.cn.zone";
allow-update { none; };
};
zone "10.168.192.in-addr.arpa" IN {
type master;
file "10.168.192.in-addr.arpa.zone";
allow-update { none; };
};
[root@dns01 named]# cat kevin.cn.zone
$ORIGIN kevin.cn.
$TTL 120
@ IN SOA dns.kevin.cn. wangshbo.veredholdings.com. (
2018060311 ; serial
21600 ; refresh
3600 ; retry
604800 ; expiry
120 ; minimum ttl
)
; Nameservers
kevin.cn. 86400 IN NS dns.kevin.cn.
; Mailservers
; Reverse DNS Records (PTR)
; CNAME
; HOST RECORDS
db01 120 IN A 192.168.10.239
db02 120 IN A 192.168.10.212
dns 120 IN A 192.168.10.190
dns01 120 IN A 192.168.10.202
dns02 120 IN A 192.168.10.203
ftp01 120 IN A 192.168.10.209
nc-app 120 IN A 192.168.10.210
web01 120 IN A 192.168.10.214
web02 120 IN A 192.168.10.215
[root@dns01 named]# cat 10.168.192.in-addr.arpa.zone
$ORIGIN 10.168.192.in-addr.arpa.
$TTL 120
@ IN SOA dns.kevin.cn. wangshbo.veredholdings.com. (
2018060310 ; serial
21600 ; refresh
3600 ; retry
604800 ; expiry
120 ; minimum ttl
)
; Nameservers
10.168.192.in-addr.arpa. 86400 IN NS dns.kevin.cn.
; Mailservers
; Reverse DNS Records (PTR)
190 120 IN PTR dns.kevin.cn.
202 120 IN PTR dns01.kevin.cn.
203 120 IN PTR dns02.kevin.cn.
209 120 IN PTR ftp01.kevin.cn.
210 120 IN PTR nc-app.kevin.cn.
212 120 IN PTR db02.kevin.cn.
214 120 IN PTR web01.kevin.cn.
215 120 IN PTR web02.kevin.cn.
239 120 IN PTR db01.kevin.cn.
; CNAME
; HOST RECORDS
9)客戶機的DNS配置
root@localhost ~]# ifconfig|grep 192
inet addr:192.168.10.207 Bcast:192.168.10.255 Mask:255.255.255.0
[root@localhost ~]# vim /etc/resolv.conf
domain kevin.cn
search kevin.cn
nameserver 192.168.10.190
[root@localhost ~]# ping www.baidu.com
PING www.a.shifen.com (61.135.169.121) 56(84) bytes of data.
64 bytes from 61.135.169.121: icmp_seq=1 ttl=55 time=2.23 ms
64 bytes from 61.135.169.121: icmp_seq=2 ttl=55 time=2.71 ms
64 bytes from 61.135.169.121: icmp_seq=1 ttl=55 time=2.23 ms
64 bytes from 61.135.169.121: icmp_seq=2 ttl=55 time=2.71 ms
......
......
[root@localhost ~]# ping ftp01.kevin.cn
PING ftp01.kevin.cn (192.168.10.209) 56(84) bytes of data.
64 bytes from ftp01.kevin.cn (192.168.10.209): icmp_seq=1 ttl=64 time=1.25 ms
64 bytes from ftp01.kevin.cn (192.168.10.209): icmp_seq=2 ttl=64 time=0.121 ms
[root@localhost ~]# ping db02.kevin.cn
PING db02.kevin.cn (192.168.10.212) 56(84) bytes of data.
64 bytes from db02.kevin.cn (192.168.10.212): icmp_seq=1 ttl=64 time=0.408 ms
64 bytes from db02.kevin.cn (192.168.10.212): icmp_seq=2 ttl=64 time=0.199 ms
故障切換驗證:
關閉192.168.10.202上的keepalived服務,當vip資源切換到192.168.10.203機器上后,
再次在客戶機上測試
[root@dns01 ~]# /etc/init.d/keepalived stop
Stopping keepalived: [ OK ]
[root@dns01 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:6f:a5:e3 brd ff:ff:ff:ff:ff:ff
inet 192.168.10.202/24 brd 192.168.10.255 scope global eth0
inet6 fe80::5054:ff:fe6f:a5e3/64 scope link
valid_lft forever preferred_lft forever
[root@dns02 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:e2:01:9b brd ff:ff:ff:ff:ff:ff
inet 192.168.10.203/24 brd 192.168.10.255 scope global eth0
inet 192.168.10.190/32 scope global eth0
inet6 fe80::5054:ff:fee2:19b/64 scope link
valid_lft forever preferred_lft forever
當vip資源轉移到另一台機器后,客戶機上的DNS就會繼續生效了。
[root@localhost ~]# ping www.qq.com
PING news.qq.com (125.39.52.26) 56(84) bytes of data.
64 bytes from no-data (125.39.52.26): icmp_seq=1 ttl=52 time=4.32 ms
64 bytes from no-data (125.39.52.26): icmp_seq=2 ttl=52 time=4.15 ms
[root@localhost ~]# ping web02.kevin.cn
PING web02.kevin.cn (192.168.10.215) 56(84) bytes of data.
64 bytes from web02.kevin.cn (192.168.10.215): icmp_seq=1 ttl=64 time=2.14 ms
64 bytes from web02.kevin.cn (192.168.10.215): icmp_seq=2 ttl=64 time=0.143 ms
如果上面不做兩台機器的mysql主主以及那些dns相關同步配置,那么要想實現主機高可用(提供統一的vip訪問地址),就需要將DNS的解析配置在192.168.10.202和192.168.10.203
兩台機器的namedmanager界面里同樣操作,即每次都要操作兩遍。