Centos7.2 下DNS+NamedManager高可用部署方案完整記錄
之前說到了NamedManager單機版的配置,下面說下DNS+NamedManager雙機高可用的配置方案:
1)機器環境
主機名 ip地址
dns01.kevin.cn 172.22.51.65
dns02.kevin.cn 172.22.51.74
VIP地址:172.22.51.75
兩台機器做好主機名及hosts綁定
[root@dns01 ~]# vim /etc/hosts
......
172.22.51.65 dns01.kevin.cn
172.22.51.74 dns02.kevin.cn
172.22.51.75 dns.kevin.cn
四台機器都是Centos7.2系統
[root@dns01 ~]# cat /etc/redhat-release
CentOS Linux release 7.2.1511 (Core)
關閉四台機器的iptables和selinux
[root@dns01 ~]# systemctl stop firewalld
[root@dns01 ~]# setenforce 0
[root@dns01 ~]# vim /etc/sysconfig/selinux
......
SELINUX=disabled
同步四台機器的系統時間
[root@dns01 ~]# yum install -y ntpdate
[root@dns01 ~]# ntpdate ntp1.aliyun.com
2)安裝namedmanager(在172.22.51.65和172.22.51.74兩台機器上同樣操作)
[root@dns01 ~]# yum install perl perl-DBD-MySQL perl-DBI httpd mod_ssl php php-intl php-ldap php-mysql php-soap php-xml lsof wget lrzsz rsync
修改/etc/httpd/conf/httpd.conf
.......
ServerName dns.kevin.cn:80
使用MySQL Yum倉庫時,默認選擇安裝最新的MySQL版本。如果需要使用低版本請按如下操作。
1.安裝MySQL倉庫源
[root@dns01~]# rpm -ivh https://dev.mysql.com/get/mysql80-community-release-el7-1.noarch.rpm
2.選擇並啟用適合當前平台的發行包
//列出所有MySQL發行版倉庫
[root@dns01~]# yum repolist all|grep mysql
//禁用8.0發行版倉庫,啟用5.7發行版倉庫
[root@dns01~]# yum install yum-utils
[root@dns01~]# yum-config-manager --disable mysql80-community
[root@dns01~]# yum-config-manager --enable mysql57-community
注意
可以手動編輯/etc/yum.repos.d/mysql-community.repo 文件配置倉庫
[mysql57-community]
name=MySQL 5.7 Community Server
baseurl=http://repo.mysql.com/yum/mysql-5.7-community/el/6/$basearch/
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql
3.通過以下命令安裝MySQL, 並啟動MySQL
[root@dns01~]# yum install -y mysql-community-server
[root@dns01~]# systemctl start mysqld
[root@dns01~]# systemctl enable mysqld
MySQL服務器初始化(僅適用於MySQL 5.7)在服務器初始啟動時,如果服務器的數據目錄為空,則會發生以下情況:
- 服務器已初始化。
- 在數據目錄中生成SSL證書和密鑰文件。
- validate_password插件安裝並啟用。
- 超級用戶帳戶'root'@'localhost'已創建。
超級用戶的密碼被設置並存儲在錯誤日志文件中。要顯示它,請使用以下命令:
[root@dns01~]# grep "password" /var/log/mysqld.log
2018-04-28T07:11:51.589629Z1[Note] A temporary passwordisgeneratedforroot@localhost: jHlRHucap3+7
通過使用生成的臨時密碼登錄並盡快更改root密碼並為超級用戶帳戶設置自定義密碼
[root@dns01~]# mysql -uroot -pjHlRHucap3+7
mysql> ALTER USER'root'@'localhost'IDENTIFIED BY'Bgx123.com';
注意
MySQL的validate_password插件默認安裝。將要求密碼至少包含大寫、小寫、數字、特殊字符、並且總密碼長度至少為8個字符。
[root@dns01 ~]# systemctl restart mysqld
[root@dns01 ~]# systemctl restart httpd
[root@dns01 ~]# lsof -i:3306
[root@dns01 ~]# lsof -i:80
[root@dns01 ~]# systemctl enable httpd
[root@dns02 ~]# mysqladmin -u root -p
Password:Bgx123.com
#驗證下是否能登錄進去
下載並安裝namedmanager
[root@dns01 ~]# cd /usr/local/src/
[root@dns01 src]# wget https://repos.jethrocarr.com/pub/amberdms/linux/centos/7/jethrocarr-custom/x86_64/namedmanager-www-1.9.0-2.el7.centos.noarch.rpm
[root@dns01 src]# rpm -Uvh namedmanager-www-1.9.0-2.el7.centos.noarch.rpm
[root@dns01 src]# cd /usr/share/namedmanager/resources/
注意:
這里要注意,對於mysql5.7因為默認有強密碼模塊要求,導致生成數據庫賬號密碼不安全從而登錄不了數據庫,所以在執行autoinstall.pl腳本前要先禁用數據庫的強密碼模塊,再執行腳本就不會報錯。
[root@dns01 resources]# ./autoinstall.pl
autoinstall.pl
This script setups the NamedManager database components:
* NamedManager MySQL user
* NamedManager database
* NamedManager configuration files
THIS SCRIPT ONLY NEEDS TO BE RUN FOR THE VERY FIRST INSTALL OF NAMEDMANAGER.
DO NOT RUN FOR ANY OTHER REASON
Please enter MySQL root password (if any): Bgx123.com
Searching ../sql/ for latest install schema...
../sql//version_20131222_install.sql is the latest file and will be used for the install.
Importing file ../sql//version_20131222_install.sql
Creating user...
DBD::mysql::db do failed: Your password does not satisfy the current policy requirements at ./autoinstall.pl line 288, <SQL> line 2.
DBD::mysql::db do failed: Your password does not satisfy the current policy requirements at ./autoinstall.pl line 288, <SQL> line 2.
Updating configuration file...
DB installation complete!
You can now login with the default username/password of setup/setup123 at http://localhost/namedmanager
這里要注意,對於mysql5.7因為默認有強密碼模塊要求,導致生成數據庫賬號密碼不安全從而登錄不了數據庫,所以在執行autoinstall.pl腳本前要先禁用數據庫的強密碼模塊,再執行腳本就不會報錯。
3)安裝和配置bind9(在172.22.51.65和172.22.51.74兩台機器上同樣操作)
[root@dns01 ~]# cd /usr/local/src/
[root@dns01 src]# yum install bind php-process
[root@dns01 src]# wget https://repos.jethrocarr.com/pub/amberdms/linux/centos/7/jethrocarr-custom/x86_64/namedmanager-bind-1.9.0-2.el7.centos.noarch.rpm
[root@dns01 src]# rpm -Uvh namedmanager-bind-1.9.0-2.el7.centos.noarch.rpm
warning: namedmanager-bind-1.9.0-2.el7.centos.noarch.rpm: Header V4 DSA/SHA1 Signature, key ID 55e8661e: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:namedmanager-bind-1.9.0-2.el7.cen################################# [100%]
BIND/NAMED CONFIGURATION
NamedManager BIND components have been installed, you will need to install
and configure bind/named to use the configuration file by adding the
following to /etc/named.conf:
#
# Include NamedManager Configuration
#
include "/etc/named.namedmanager.conf";
NAMEDMANAGER BIND CONFIGURATION
You need to set the application configuration in /etc/namedmanager/config-bind.php
修改/etc/named.conf
[root@dns01 src]# cp /etc/named.conf /etc/named.conf.bak
[root@dns01 src]# vim /etc/named.conf
options {
listen-on port 53 { any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
forward first;
forwarders {
223.5.5.5;
223.6.6.6;
8.8.8.8;
8.8.4.4;
};
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
include "/etc/named.namedmanager.conf";
==========================================================
如果要bind可以在chroot的模式下運行
[root@dns src]# yum install bind-chroot
建立“/etc/named.namedmanager.conf”文件的硬連接
[root@dns src]# ln /etc/named.namedmanager.conf /var/named/chroot/etc/named.namedmanager.conf
如果不建立硬連接named啟動時,會提示找不到“/etc/named.namedmanager.conf”。
這是因為:
bind-chroot是bind的一個功能,使bind可以在一個chroot的模式下運行。也就是說,bind運行時的/(根)目錄,並不是系統真正的/(根)目錄,只是系統中的一個子目錄而已。
這樣做的目的是為了提高安全性。因為在chroot的模式下,bind可以訪問的范圍僅限於這個子目錄的范圍里,無法進一步提升,進入到系統的其他目錄中。
chroot可以改變程序運行時所參考的根目錄(/)位置,即將某個特定的子目錄作為程序的虛擬根目錄,並且對程序運行時可以使用的系統資源,用戶權限和所在目錄進行嚴格控制,程序只在這個虛擬的根目錄下具有權限,一旦跳出該目錄就無任何權限。例如在centos中,/var/name/chroot實際上是根目錄(/)的虛擬目錄,所以虛擬目錄中的/etc目錄實際上/var/named/chroot/etc目錄,而/var/named目錄實際上/var/named/chroot/var/named目錄。chroot功能的優點是:如果有黑客通過Bind侵入系統,也只能被限定在chroot目錄及其子目錄中,其破壞力也僅局限在該虛擬目錄中,不會威脅到整個服務器的安全
==========================================================
啟動named服務
[root@dns01 src]# systemctl start named
cat /etc/rndc.key #rndc.key已自動生成
--------------------------------------------------------------------------
添加域名記錄(正向解析與反向解析)。設置開機啟動服務,並重啟服務器。
[root@dns01 src]# systemctl enable httpd
[root@dns01 src]# systemctl enable mysqld
[root@dns01 src]# systemctl enable named
查詢是否設置開機自啟成功命令:
[root@dns01 ~]# systemctl list-unit-files | grep named.service
named.service enabled
systemd-hostnamed.service static
[root@dns01 src]# init 6 #重啟機器
重啟之后,登錄機器驗證下httpd、mysqld和named服務是否如實開機啟動了
[root@dns01 ~]# ps -ef|grep mysqld
[root@dns01 ~]# ps -ef|grep httpd
[root@dns01 ~]# ps -ef|grep named
測試登錄mysql
[root@dns01 ~]# mysql –uroot –p
Password:Bgx123.com #這時就能順利登錄mysql數據庫了
4)安裝keepalived(172.22.51.65和172.22.51.74兩台機器上同樣操作)
[root@dns01 ~]# cd /usr/local/src/
[root@dns01 src]# wget http://www.keepalived.org/software/keepalived-2.0.10.tar.gz
[root@dns01 src]# tar -zvxf keepalived-2.0.10.tar.gz
[root@dns01 src]# cd keepalived-2.0.10
[root@dns01 keepalived-2.0.10]# ./configure && make && make install
缺少頭文件,只需要安裝openssl和openssl-devel即可
yum install –y openssl openssl-devel gcc gcc++
[root@dns01 keepalived-2.0.10]# cp /usr/local/src/keepalived-2.0.10/keepalived/etc/init.d/keepalived /etc/rc.d/init.d/
[root@dns01 keepalived-2.0.10]# cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/
[root@dns01 keepalived-2.0.10]# mkdir /etc/keepalived
[root@dns01 keepalived-2.0.10]# cp /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/
[root@dns01 keepalived-2.0.10]# cp /usr/local/sbin/keepalived /usr/sbin/
[root@dns01 keepalived-2.0.10]# echo "/etc/init.d/keepalived start" >> /etc/rc.local
兩台都要操作:
+++++++檢查keepalived進程是否成功設置開機啟動
1、cat /etc/rc.local #看啟動命令是否成功插入到配置文件
2、ll /etc/rc.local #查看該文件是否軟鏈接
3、ll /etc/rc.d/rc.local #查看源文件是否有可執行權限
keepalived.conf配置
------------------------------------------
172.22.51.65機器的keepalived.conf配置
[root@dns01 ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
[root@dns01 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived #全局定義
global_defs {
notification_email {
ops@kevin.cn
}
notification_email_from ops@kevin.cn
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id master-node
}
vrrp_script chk_http_port {
script "/opt/chk_http.sh"
interval 2
weight -5
fall 2
rise 1
}
vrrp_instance VI_1 {
state MASTER
interface eth0
mcast_src_ip 172.22.51.65
virtual_router_id 51
priority 101
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.22.51.75
}
track_script {
chk_http_port
}
}
編寫httpd監控腳本
[root@dns01 ~]# vim /opt/chk_http.sh
#!/bin/bash
counter=$(netstat -na|grep "LISTEN"|grep "80"|wc -l)
if [ "${counter}" = "0" ]; then
systemctl start httpd >/dev/null 2>&1
sleep 2
counter=$(netstat -na|grep "LISTEN"|grep "80"|wc -l)
if [ "${counter}" = "0" ]; then
/etc/init.d/keepalived stop
fi
fi
必須要給此腳本授予執行權限
[root@dns01 ~]# chmod 755 /opt/chk_http.sh
-----------------------------------------
172.22.51.74機器的keepalived.conf配置
[root@dns02 ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
[root@dns02 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
ops@kevin.cn
}
notification_email_from ops@kevin.cn
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id slave-node
}
vrrp_script chk_http_port {
script "/opt/chk_http.sh"
interval 2
weight -5
fall 2
rise 1
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
mcast_src_ip 172.22.51.74
virtual_router_id 51
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.22.51.75
}
track_script {
chk_http_port
}
}
編寫httpd監控腳本
[root@dns02 ~]# vim /opt/chk_http.sh
#!/bin/bash
counter=$(netstat -na|grep "LISTEN"|grep "80"|wc -l)
if [ "${counter}" = "0" ]; then
systemctl start httpd >/dev/null 2>&1
sleep 2
counter=$(netstat -na|grep "LISTEN"|grep "80"|wc -l)
if [ "${counter}" = "0" ]; then
/etc/init.d/keepalived stop
fi
fi
必須要給此腳本授予執行權限
[root@dns02 ~]# chmod 755 /opt/chk_http.sh
-----------------------------------------------------
分別啟動兩台機器的keepalived服務
[root@dns01 ~]# /etc/init.d/keepalived start
[root@dns01 ~]# ps -ef|grep keep
[root@dns02 ~]# /etc/init.d/keepalived start
[root@dns02 ~]# ps -ef|grep keepalived
檢查兩台機器的ip,發現vip此時已經漂到172.22.51.65這台機器上
[root@dns01 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:6f:a5:e3 brd ff:ff:ff:ff:ff:ff
inet 172.22.51.65/24 brd 192.168.10.255 scope global eth0
inet 172.22.51.75/32 scope global eth0
inet6 fe80::5054:ff:fe6f:a5e3/64 scope link
valid_lft forever preferred_lft forever
[root@dns02 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:e2:01:9b brd ff:ff:ff:ff:ff:ff
inet 172.22.51.74/24 brd 192.168.10.255 scope global eth0
inet6 fe80::5054:ff:fee2:19b/64 scope link
valid_lft forever preferred_lft forever
-------------------------------------------------
測試下故障轉移
先關閉172.22.51.65機器的httpd程序,發現關閉后會很快重啟起來(最多2秒鍾),這是因為keepalived程序里引用了/opt/chk_http.sh監控腳本。
同樣關閉172.22.51.74機器的httpd程序,也是很快重啟起來。
根據/opt/chk_httpd.sh腳本可知,httpd程序掛掉后會自動重啟,只有當httpd程序重啟失敗后,才會強制kill掉keepalived服務,這時vip也會轉移到另一台節點。
[root@dns01 keepalived]# killall -9 httpd
兩台都要操作:
killall命令並不是Centos7自帶的,需要安裝,在centos下安裝方法如下:
yum install psmisc -y
[root@dns01 keepalived]# ps -ef|grep http
root 23661 23660 0 21:30 ? 00:00:00 /bin/bash /opt/chk_http.sh
root 23682 1 1 21:30 ? 00:00:00 /usr/sbin/httpd
apache 23685 23682 0 21:30 ? 00:00:00 /usr/sbin/httpd
apache 23686 23682 0 21:30 ? 00:00:00 /usr/sbin/httpd
apache 23687 23682 0 21:30 ? 00:00:00 /usr/sbin/httpd
apache 23688 23682 0 21:30 ? 00:00:00 /usr/sbin/httpd
apache 23689 23682 0 21:30 ? 00:00:00 /usr/sbin/httpd
apache 23690 23682 0 21:30 ? 00:00:00 /usr/sbin/httpd
apache 23691 23682 0 21:30 ? 00:00:00 /usr/sbin/httpd
apache 23692 23682 0 21:30 ? 00:00:00 /usr/sbin/httpd
root 23694 21411 0 21:30 pts/1 00:00:00 grep http
在測試關閉172.22.51.65機器的keepalived服務,發現vip資源會自動漂移到172.22.51.74機器上。
當172.22.51.65機器的keepalived服務恢復后,vip資源會再次轉移回來。
[root@dns01 ~]# /etc/init.d/keepalived stop
[root@dns01 ~]# ps -ef|grep keeplived
root 24854 21411 0 21:36 pts/1 00:00:00 grep keeplived
[root@dns01 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:6f:a5:e3 brd ff:ff:ff:ff:ff:ff
inet 172.22.51.65/24 brd 192.168.10.255 scope global eth0
inet6 fe80::5054:ff:fe6f:a5e3/64 scope link
valid_lft forever preferred_lft forever
[root@dns02 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:e2:01:9b brd ff:ff:ff:ff:ff:ff
inet 172.22.51.74/24 brd 192.168.10.255 scope global eth0
inet 172.22.51.75/32 scope global eth0
inet6 fe80::5054:ff:fee2:19b/64 scope link
valid_lft forever preferred_lft forever
可以查看兩台機器的/var/log/messages日志,可以看到vip資源的轉移過程。
[root@dns01 ~]# /etc/init.d/keepalived start
Starting keepalived: [ OK ]
[root@dns01 ~]# ps -ef|grep keepalived
root 24877 1 0 21:37 ? 00:00:00 keepalived -D
root 24878 24877 0 21:37 ? 00:00:00 keepalived -D
root 24879 24877 0 21:37 ? 00:00:00 keepalived -D
root 24939 21411 0 21:38 pts/1 00:00:00 grep keepalived
172.22.51.65機器的keepalived服務恢復后,vip資源會再次轉移回來。
[root@dns01 ~]# /etc/init.d/keepalived start
Starting keepalived: [ OK ]
[root@dns01 ~]# ps -ef|grep keepalived
root 24877 1 0 21:37 ? 00:00:00 keepalived -D
root 24878 24877 0 21:37 ? 00:00:00 keepalived -D
root 24879 24877 0 21:37 ? 00:00:00 keepalived -D
root 24939 21411 0 21:38 pts/1 00:00:00 grep keepalived
[root@dns01 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:6f:a5:e3 brd ff:ff:ff:ff:ff:ff
inet 172.22.51.65/24 brd 192.168.10.255 scope global eth0
inet 172.22.51.75/32 scope global eth0
inet6 fe80::5054:ff:fe6f:a5e3/64 scope link
valid_lft forever preferred_lft forever
[root@dns02 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:e2:01:9b brd ff:ff:ff:ff:ff:ff
inet 172.22.51.74/24 brd 192.168.10.255 scope global eth0
inet6 fe80::5054:ff:fee2:19b/64 scope link
valid_lft forever preferred_lft forever
5)配置namedmanager(兩台機器都要操作)
[root@dns01 ~]# cp /etc/namedmanager/config-bind.php /etc/namedmanager/config-bind.php.bak
[root@dns01 ~]# vim /etc/namedmanager/config-bind.php
......
$config["api_url"] = "http://172.22.51.75/namedmanager";
$config["api_server_name"] = "dns.kevin.cn";
$config["api_auth_key"] = "DNS";
6)配置兩台機器的mysql主主關系
++++++++++++172.22.51.65這台+++++++++++++++++++++
驗證登錄
[root@dns01 ~]# mysql -hlocalhost -unamedmanager -p
Password:查看配置文件vi /etc/namedmanager/config.php(上面安裝namedmanager時,腳本自動生成數據庫以及數據庫賬號密碼以及權限的)
......
mysql>
++++++++++++172.22.51.74這台+++++++++++++++++++++
驗證登錄:因172.22.51.65和172.22.51.74做了mysql主-主,新創建的用戶namedmanager的賬號密碼也同步到74這台,但namedmanager配置文件並沒有自動修改,所以需要65上的namedmanage用戶的數據庫密碼更新到74namedmanager的配置上面,保持一致,否則登錄74 namedmanager頁面會提示數據庫連接失敗。
[root@dns01 ~]# mysql -hlocalhost -unamedmanager -p
Password:查看配置文件vi /etc/namedmanager/config.php(上面安裝namedmanager時,腳本自動生成數據庫以及數據庫賬號密碼以及權限的,因為和65是不一樣的,所以需要更新成65一樣才行)
......
mysql>
-------------------------------------------------------------
172.22.51.65機器上的mysql設置
[root@dns01 ~]# cp /etc/my.cnf /etc/my.cnf.bak
[root@dns01 ~]# vim /etc/my.cnf #在[mysqld]區域里添加下面幾行內容
......
server-id = 1
log-bin = mysql-bin
sync_binlog = 1
binlog_format = mixed
auto-increment-increment = 2
auto-increment-offset = 1
slave-skip-errors = all
重啟mysqld服務
[root@dns01 log]# systemctl restart mysqld
數據同步授權,這樣I/O線程就可以以這個用戶的身份連接到主服務器,並且讀取它的二進制日志。
[root@dns01 log]# mysql -uroot -p
......
mysql> grant replication slave,replication client on *.* to kevin@'172.22.51.%' identified by "Kevin@123";
mysql> flush privileges;
最好將庫鎖住,僅僅允許讀,以保證數據一致性;待主主同步環境部署后再解鎖;
鎖住后,就不能往表里寫數據,但是重啟mysql服務后就會自動解鎖!
mysql> flush tables with read lock;
mysql> show master status;
+------------------+----------+--------------+------------------+
| File | Position | Binlog_Do_DB | Binlog_Ignore_DB |
+------------------+----------+--------------+------------------+
| mysql-bin.000001 | 154 | | |
+------------------+----------+--------------+------------------+
1 row in set (0.00 sec)
--------------------------------------------------------------------
172.22.51.74機器上的mysql設置
[root@dns02 ~]# cp /etc/my.cnf /etc/my.cnf.bak
[root@dns02 ~]# vim /etc/my.cnf
.......
server-id = 2
log-bin = mysql-bin
sync_binlog = 1
binlog_format = mixed
auto-increment-increment = 2
auto-increment-offset = 2
slave-skip-errors = all
[root@dns02 ~]# systemctl restart mysqld
[root@dns02 ~]# mysql –uroot -p
.......
mysql> grant replication slave,replication client on *.* to kevin@'172.22.51.%' identified by "Kevin@123";
mysql> flush privileges;
mysql> flush tables with read lock;
mysql> show master status;
+------------------+----------+--------------+------------------+
| File | Position | Binlog_Do_DB | Binlog_Ignore_DB |
+------------------+----------+--------------+------------------+
| mysql-bin.000001 | 630 | | |
+------------------+----------+--------------+------------------+
1 row in set (0.00 sec)
---------------172.22.51.65服務器做同步操作---------------
mysql> unlock tables;
Query OK, 0 rows affected (0.00 sec)
mysql> stop slave;
Query OK, 0 rows affected, 1 warning (0.00 sec)
mysql> change master to master_host='172.22.51.74',master_user='kevin',master_password='Kevin@123',master_log_file='mysql-bin.000001',master_log_pos=794;
Query OK, 0 rows affected (0.20 sec)
mysql> start slave;
Query OK, 0 rows affected (0.00 sec)
mysql> show slave status \G;
.......
*************************** 1. row ***************************
Slave_IO_State: Waiting for master to send event
Master_Host: 172.22.51.74
Master_User: kevin
Master_Port: 3306
Connect_Retry: 60
Master_Log_File: mysql-bin.000001
Read_Master_Log_Pos: 365
Relay_Log_File: mysqld-relay-bin.000002
Relay_Log_Pos: 251
Relay_Master_Log_File: mysql-bin.000001
Slave_IO_Running: Yes
Slave_SQL_Running: Yes
.......
.......
---------------172.22.51.74服務器做同步操作---------------
mysql> unlock tables;
Query OK, 0 rows affected (0.00 sec)
mysql> stop slave;
Query OK, 0 rows affected, 1 warning (0.00 sec)
mysql> change master to master_host='172.22.51.65',master_user='kevin',master_password='Kevin@123',master_log_file='mysql-bin.000001',master_log_pos=321;
Query OK, 0 rows affected (0.18 sec)
mysql> start slave;
Query OK, 0 rows affected (0.00 sec)
mysql> show slave status \G;
*************************** 1. row ***************************
Slave_IO_State: Waiting for master to send event
Master_Host: 172.22.51.65
Master_User: kevin
Master_Port: 3306
Connect_Retry: 60
Master_Log_File: mysql-bin.000001
Read_Master_Log_Pos: 365
Relay_Log_File: mysqld-relay-bin.000002
Relay_Log_Pos: 251
Relay_Master_Log_File: mysql-bin.000001
Slave_IO_Running: Yes
Slave_SQL_Running: Yes
.......
.......
到這里,172.22.51.65和172.22.51.74兩台機器的mysql主主關系就配置成功了。下面測試下:
首先在172.22.51.65的mysql數據庫上添加數據:
[root@dns01 log]# mysql –uroot -p
.....
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| namedmanager |
| test |
+--------------------+
4 rows in set (0.00 sec)
mysql> create database kevin;
Query OK, 1 row affected (0.04 sec)
然后到172.22.51.74機器的mysql數據庫上驗證並變更數據
[root@dns02 ~]# mysql –uroot -p
.......
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| kevin |
| mysql |
| namedmanager |
| test |
+--------------------+
5 rows in set (0.00 sec)
mysql> drop database kevin;
Query OK, 0 rows affected (0.03 sec)
mysql> create database bobo;
Query OK, 1 row affected (0.08 sec)
再到172.22.51.65機器的mysql數據庫上驗證
[root@dns01 log]# mysql –uroot -p
......
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| bobo |
| mysql |
| namedmanager |
| test |
+--------------------+
5 rows in set (0.00 sec)
mysql> drop database bobo;
Query OK, 0 rows affected (0.05 sec)
7)在172.22.51.65和172.22.51.74兩台機器上配置相關數據的同步關系。
先做好兩台機器的ssh相互信任關系。
[root@dns01 ~]#ssh-keygen -t rsa
[root@dns02 ~]#ssh-keygen -t rsa
[root@dns01 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub –p 22 root@172.22.51.74
[root@dns02 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub –p 22 root@172.22.51.65
驗證兩機之間的ssh互信
[root@dns01 ~]# ssh -p22 root@172.22.51.74
[root@dns02 ~]#
[root@dns02 httpd]# ssh -p22 root@172.22.51.65
[root@dns01 ~]#
------------------------------------------------------------
現在172.22.51.65機器上做同步,判斷VIP資源是否存在本機,如果存在就同步到另一台機器上。
[root@dns01 ~]# vim /opt/rsync_dns.sh
#!/bin/bash
while [ "1" = "1" ]
do
NUM=`ip addr|grep 172.22.51.75|wc -l`
if [ $NUM -eq 0 ];then
echo "vip is not at this server" >/dev/null 2>&1
fi
if [ $NUM -eq 1 ];then
/usr/bin/rsync -e "ssh -p22" -avpgolr /etc/named.conf root@172.22.51.74:/etc/
/usr/bin/rsync -e "ssh -p22" -avpgolr /var/named/*.zone root@172.22.51.74:/var/named/
fi
done
授予腳本執行權限,並啟動腳本
[root@dns01 ~]# chmod 755 /opt/rsync_dns.sh
[root@dns01 ~]# nohup sh /opt/rsync_dns.sh &
[root@dns01 ~]# ps -ef|grep rsync_dns.sh
root 6310 21411 0 22:33 pts/1 00:00:00 sh /opt/rsync_dns.sh
root 6508 21411 0 22:33 pts/1 00:00:00 grep rsync_dns.sh
-----------------------------------------------------------------
然后在172.22.51.74機器上做同步:
[root@dns02 httpd]# vim /opt/rsync_dns.sh
#!/bin/bash
while [ "1" = "1" ]
do
NUM=`ip addr|grep 172.22.51.75|wc -l`
if [ $NUM -eq 0 ];then
echo "vip is not at this server" >/dev/null 2>&1
fi
if [ $NUM -eq 1 ];then
/usr/bin/rsync -e "ssh -p22" -avpgolr /etc/named.conf root@172.22.51.65:/etc/
/usr/bin/rsync -e "ssh -p22" -avpgolr /var/named/*.zone root@172.22.51.65:/var/named/
fi
done
授予腳本執行權限,並啟動腳本
[root@dns02 httpd]# chmod 755 /opt/rsync_dns.sh
[root@dns02 httpd]# nohup sh /opt/rsync_dns.sh &
[root@dns02 httpd]# ps -ef|grep rsync_dns.sh
root 12578 5466 0 22:35 pts/1 00:00:00 grep rsync_dns.sh
root 32124 5466 8 22:35 pts/1 00:00:00 sh /opt/rsync_dns.sh
8)訪問namedmanager(https://172.22.51.75/namedmanager)進行界面配置。(由於此時vip資源在172.22.51.65機器上,故配置信息從172.22.51.65機器同步到172.22.51.74機器)。默認用戶名和密碼(setup,setup123)。不要忘記在用戶管理中修改用戶名和密碼。
解決辦法:vi /etc/httpd/conf/httpd.conf,修改如下:
重置管理員用戶名和密碼(由於兩台服務器的mysql做了主主關系,修改后的信息同樣會同步到另一台機器的mysql數據庫里,即修改后的管理員賬號密碼同樣適用於另一台機器的namedmanager登錄)
接着設置API key(如下圖。設置郵箱地址和API key,這個key是在上面的/etc/namedmanager/config-bind.php文件中設置的)
添加服務器。Name Server FQDN的名稱要和httpd中的ServerName一致。(如下添加部署機的主機名或者ip地址都可以)
確保下面的"Zonefile Status"和"Logging Status"的狀態是綠色的。
添加正向域名解析
添加反向域名解析(如果有多個ip段的客戶機,那么就如下圖添加多個反向解析配置)
查看正反向解析域名添加情況
上面已經成功添加了正反向解析域名,現在嘗試添加一些域名的A記錄和PTR記錄
先添加A正向解析記錄
由於上面在添加A正向解析的時候,已經勾選了PTR反向解析(如果沒有勾選,則需要手動添加PTR反向解析記錄),故這時候已經有了上面那幾個域名的反向解析記錄了:
如上,已經添加了幾個正反向解析記錄,可以訪問https://172.22.51.74/namedmanager,發現訪問另一台機器的namedmanager(使用上面重置后的admin用戶)也會看到上面設置的正反向解析配置信息。這就說明雙機同步已經生效。
可以登錄到兩台機器本機上查看相關的正反向解析配置:
[root@dns01 ~]# cd /var/named/
[root@dns01 named]# ll
total 36
-rw-r--r--. 1 root root 614 Jun 3 23:42 51.22.172.in-addr.arpa.zone
drwxrwx---. 2 named named 4096 Jun 3 03:21 data
drwxrwx---. 2 named named 4096 Jun 3 23:05 dynamic
-rw-r--r--. 1 root root 575 Jun 3 23:42 kevin.cn.zone
-rw-r-----. 1 root named 3289 Apr 11 2017 named.ca
-rw-r-----. 1 root named 152 Dec 15 2009 named.empty
-rw-r-----. 1 root named 152 Jun 21 2007 named.localhost
-rw-r-----. 1 root named 168 Dec 15 2009 named.loopback
drwxrwx---. 2 named named 4096 Jan 22 20:57 slaves
[root@dns01 ~]# cat /etc/named.namedmanager.conf
//
// NamedManager Configuration
//
// This file is automatically generated any manual changes will be lost.
//
zone "kevin.cn" IN {
type master;
file "kevin.cn.zone";
allow-update { none; };
};
zone "51.22.172.in-addr.arpa" IN {
type master;
file "51.22.172.in-addr.arpa.zone";
allow-update { none; };
};
[root@dns01 named]# cat kevin.cn.zone
$ORIGIN kevin.cn.
$TTL 120
@ IN SOA dns.kevin.cn. wangshbo.veredholdings.com. (
2018060311 ; serial
21600 ; refresh
3600 ; retry
604800 ; expiry
120 ; minimum ttl
)
; Nameservers
kevin.cn. 86400 IN NS dns.kevin.cn.
; Mailservers
; Reverse DNS Records (PTR)
; CNAME
; HOST RECORDS
db01 120 IN A 192.168.10.239
db02 120 IN A 192.168.10.212
dns 120 IN A 172.22.51.75
dns01 120 IN A 172.22.51.65
dns02 120 IN A 172.22.51.74
ftp01 120 IN A 192.168.10.209
nc-app 120 IN A 192.168.10.210
web01 120 IN A 192.168.10.214
web02 120 IN A 192.168.10.215
[root@dns01 named]# cat 51.22.172.in-addr.arpa.zone
$ORIGIN 51.22.172.in-addr.arpa.
$TTL 120
@ IN SOA dns.kevin.cn. wangshbo.veredholdings.com. (
2018060310 ; serial
21600 ; refresh
3600 ; retry
604800 ; expiry
120 ; minimum ttl
)
; Nameservers
51.22.172.in-addr.arpa. 86400 IN NS dns.kevin.cn.
; Mailservers
; Reverse DNS Records (PTR)
190 120 IN PTR dns.kevin.cn.
202 120 IN PTR dns01.kevin.cn.
203 120 IN PTR dns02.kevin.cn.
209 120 IN PTR ftp01.kevin.cn.
210 120 IN PTR nc-app.kevin.cn.
212 120 IN PTR db02.kevin.cn.
214 120 IN PTR web01.kevin.cn.
215 120 IN PTR web02.kevin.cn.
239 120 IN PTR db01.kevin.cn.
; CNAME
; HOST RECORDS
9)客戶機的DNS配置
root@localhost ~]# ifconfig|grep 192
inet addr:192.168.10.207 Bcast:192.168.10.255 Mask:255.255.255.0
[root@localhost ~]# vim /etc/resolv.conf
domain kevin.cn
search kevin.cn
nameserver 172.22.51.75
[root@localhost ~]# ping www.baidu.com
PING www.a.shifen.com (61.135.169.121) 56(84) bytes of data.
64 bytes from 61.135.169.121: icmp_seq=1 ttl=55 time=2.23 ms
64 bytes from 61.135.169.121: icmp_seq=2 ttl=55 time=2.71 ms
64 bytes from 61.135.169.121: icmp_seq=1 ttl=55 time=2.23 ms
64 bytes from 61.135.169.121: icmp_seq=2 ttl=55 time=2.71 ms
......
......
[root@localhost ~]# ping ftp01.kevin.cn
PING ftp01.kevin.cn (192.168.10.209) 56(84) bytes of data.
64 bytes from ftp01.kevin.cn (192.168.10.209): icmp_seq=1 ttl=64 time=1.25 ms
64 bytes from ftp01.kevin.cn (192.168.10.209): icmp_seq=2 ttl=64 time=0.121 ms
[root@localhost ~]# ping db02.kevin.cn
PING db02.kevin.cn (192.168.10.212) 56(84) bytes of data.
64 bytes from db02.kevin.cn (192.168.10.212): icmp_seq=1 ttl=64 time=0.408 ms
64 bytes from db02.kevin.cn (192.168.10.212): icmp_seq=2 ttl=64 time=0.199 ms
故障切換驗證:
關閉172.22.51.65上的keepalived服務,當vip資源切換到172.22.51.74機器上后,
再次在客戶機上測試
[root@dns01 ~]# /etc/init.d/keepalived stop
Stopping keepalived: [ OK ]
[root@dns01 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:6f:a5:e3 brd ff:ff:ff:ff:ff:ff
inet 172.22.51.65/24 brd 192.168.10.255 scope global eth0
inet6 fe80::5054:ff:fe6f:a5e3/64 scope link
valid_lft forever preferred_lft forever
[root@dns02 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:e2:01:9b brd ff:ff:ff:ff:ff:ff
inet 172.22.51.74/24 brd 192.168.10.255 scope global eth0
inet 172.22.51.75/32 scope global eth0
inet6 fe80::5054:ff:fee2:19b/64 scope link
valid_lft forever preferred_lft forever
當vip資源轉移到另一台機器后,客戶機上的DNS就會繼續生效了。
[root@localhost ~]# ping www.qq.com
PING news.qq.com (125.39.52.26) 56(84) bytes of data.
64 bytes from no-data (125.39.52.26): icmp_seq=1 ttl=52 time=4.32 ms
64 bytes from no-data (125.39.52.26): icmp_seq=2 ttl=52 time=4.15 ms
[root@localhost ~]# ping web02.kevin.cn
PING web02.kevin.cn (192.168.10.215) 56(84) bytes of data.
64 bytes from web02.kevin.cn (192.168.10.215): icmp_seq=1 ttl=64 time=2.14 ms
64 bytes from web02.kevin.cn (192.168.10.215): icmp_seq=2 ttl=64 time=0.143 ms
如果上面不做兩台機器的mysql主主以及那些dns相關同步配置,那么要想實現主機高可用(提供統一的vip訪問地址),就需要將DNS的解析配置在172.22.51.65和172.22.51.74
兩台機器的namedmanager界面里同樣操作,即每次都要操作兩遍。