• Centos下DNS+NamedManager高可用部署方案完整记录


    之前说到了NamedManager单机版的配置,下面说下DNS+NamedManager双机高可用的配置方案:

    1)机器环境

    主机名            ip地址           
    dns01.kevin.cn   192.168.10.202   
    dns02.kevin.cn   192.168.10.203   
    VIP地址:192.168.10.190
      
    两台机器做好主机名及hosts绑定
    [root@dns01 ~]# vim /etc/hosts
    ......
    192.168.10.202   dns01.kevin.cn
    192.168.10.203   dns02.kevin.cn
    192.168.10.190   dns.kevin.cn     
      
    四台机器都是centos6.9系统
    [root@dns01 ~]# cat /etc/redhat-release
    CentOS release 6.9 (Final)
      
    关闭四台机器的iptables和selinux
    [root@dns01 ~]# /etc/init.d/iptables stop
    [root@dns01 ~]# setenforce 0
    [root@dns01 ~]# vim /etc/sysconfig/selinux
    ......
    SELINUX=disabled
      
    同步四台机器的系统时间
    [root@dns01 ~]# yum install -y ntpdate
    [root@dns01 ~]# ntpdate ntp1.aliyun.com
    

    2)安装namedmanager(在192.168.10.202和192.168.10.203两台机器上同样操作)

    [root@dns01 ~]# yum install perl httpd mod_ssl mysql-server php php-intl php-ldap php-mysql php-soap php-xml
    
    修改/etc/httpd/conf/httpd.conf
    .......
    ServerName dns.kevin.cn:80
    
    [root@dns01 ~]# service mysqld start
    [root@dns01 ~]# service httpd start
    [root@dns01 ~]# lsof -i:3306
    [root@dns01 ~]# lsof -i:80
    
    [root@dns01 ~]# chkconfig mysqld on
    [root@dns01 ~]# chkconfig httpd on
    
    [root@dns02 ~]# mysqladmin -u root password 123456
    [root@dns02 ~]# mysql -p123456                      #验证下是否能登录进去
    
    下载并安装namedmanager
    [root@dns01 ~]# cd /usr/local/src/
    [root@dns01 src]# wget http://repos.jethrocarr.com/pub/amberdms/linux/centos/6/amberdms-custom/i386/namedmanager-www-1.8.0-1.el6.noarch.rpm
    [root@dns01 src]# rpm -Uvh namedmanager-www-1.8.0-1.el6.noarch.rpm --force
    [root@dns01 src]# cd /usr/share/namedmanager/resources/
    [root@dns01 resources]# ./autoinstall.pl
    autoinstall.pl
    
    This script setups the NamedManager database components:
     * NamedManager MySQL user               #默认会创建登录Mysql的用户名NamedManager
     * NamedManager database                 #默认会创建NamedManager数据库名
     * NamedManager configuration files      #默认会创建NamedManager的配置文件
    
    THIS SCRIPT ONLY NEEDS TO BE RUN FOR THE VERY FIRST INSTALL OF NAMEDMANAGER.
    DO NOT RUN FOR ANY OTHER REASON
    
    Please enter MySQL root password (if any): 123456               #输入上面设置的mysql密码
    Searching ../sql/ for latest install schema...
    ../sql//version_20131222_install.sql is the latest file and will be used for the install.
    Importing file ../sql//version_20131222_install.sql
    Creating user...
    Updating configuration file...
    DB installation complete!
    
    You can now login with the default username/password of setup/setup123 at http://localhost/namedmanager
    

    3)安装和配置bind9(在192.168.10.202和192.168.10.203两台机器上同样操作)

    [root@dns01 ~]# cd /usr/local/src/
    [root@dns01 src]# yum install bind php-process
    [root@dns01 src]# wget http://repos.jethrocarr.com/pub/amberdms/linux/centos/6/amberdms-custom/i386/namedmanager-bind-1.8.0-1.el6.noarch.rpm
    [root@dns01 src]# rpm -Uvh namedmanager-bind-1.8.0-1.el6.noarch.rpm --force
    
    修改/etc/named.conf
    [root@dns01 src]# cp /etc/named.conf /etc/named.conf.bak
    [root@dns01 src]# vim /etc/named.conf
    options {
            listen-on port 53 { any; };
            directory "/var/named";
            dump-file       "/var/named/data/cache_dump.db";
            statistics-file "/var/named/data/named_stats.txt";
            memstatistics-file "/var/named/data/named_mem_stats.txt";
            allow-query     { any; };
            allow-query-cache     { any; };
            recursion yes;
            forward first;
            forwarders {
                223.5.5.5;
                223.6.6.6;
                8.8.8.8;
                8.8.4.4;
              };
     
            dnssec-enable yes;
            dnssec-validation yes;
            dnssec-lookaside auto;
     
            bindkeys-file "/etc/named.iscdlv.key";
            managed-keys-directory "/var/named/dynamic";
     
            };
      
    logging {                           
            channel default_debug {
            file "data/named.run";
            severity dynamic;
            };
    };
      
    zone "." {
            type hint;      
            file "named.ca";
            };
      
    include "/etc/named.rfc1912.zones";
    include "/etc/named.root.key";
    include "/etc/named.namedmanager.conf";
    
    启动named服务
    [root@dns01 src]# service named start
    Generating /etc/rndc.key:                                  [  OK  ]
    Starting named:                                            [  OK  ]
    
    --------------------------------------------------------------------------
    上面已经提前关闭了iptables和selinux。
    如果防火墙打开了,则需要开启下面策略:
    [root@dns01 src]# iptables -F
    [root@dns01 src]# iptables -P INPUT DROP
    [root@dns01 src]# iptables -P FORWARD DROP
    [root@dns01 src]# iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    [root@dns01 src]# iptables -A INPUT -i lo -p all -j ACCEPT
    [root@dns01 src]# iptables -A INPUT -p icmp -j ACCEPT
    [root@dns01 src]# iptables -A INPUT -p tcp --dport 22 -j ACCEPT
    [root@dns01 src]# iptables -A INPUT -p tcp --dport 53 -j ACCEPT
    [root@dns01 src]# iptables -A INPUT -p udp --dport 53 -j ACCEPT
    [root@dns01 src]# iptables -A INPUT -p tcp --dport 80 -j ACCEPT
    [root@dns01 src]# iptables -A INPUT -p tcp --dport 443 -j ACCEPT
    --------------------------------------------------------------------------
    
    禁用IPV6。添加域名记录(正向解析与反向解析)。设置开机启动服务,并重启服务器。
    [root@dns01 src]# vim /etc/modprobe.d/dist.conf
    .......
    alias net-pf-10 off
    alias ipv6 off
    chkconfig ip6tables off
    
    [root@dns01 src]# chkconfig httpd on
    [root@dns01 src]# chkconfig mysqld on
    [root@dns01 src]# chkconfig named on
    [root@dns01 src]# init 6                     #重启机器
    
    重启之后,登录机器验证下httpd、mysqld和named服务是否如实开机启动了
    [root@dns01 ~]# ps -ef|grep mysql
    [root@dns01 ~]# ps -ef|grep http
    [root@dns01 ~]# ps -ef|grep named
    
    测试登录mysql
    [root@dns01 ~]# mysql -p123456
    ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2)
    [root@dns01 ~]# ll /var/lib/mysql/mysql.sock
    ls: cannot access /var/lib/mysql/mysql.sock: No such file or directory
    [root@dns01 ~]# ln -s /usr/local/mysql/var/mysql.sock /var/lib/mysql/mysql.sock
    [root@dns01 ~]# ll /var/lib/mysql/mysql.sock
    lrwxrwxrwx. 1 root root 31 Jun  1 17:14 /var/lib/mysql/mysql.sock -> /usr/local/mysql/var/mysql.sock
    [root@dns01 ~]# mysql -p123456         #这时就能顺利登录mysql数据库了

    4)安装keepalived(192.168.10.202和192.168.10.203两台机器上同样操作)

    [root@dns01 ~]# cd /usr/local/src/
    [root@dns01 src]# wget http://www.keepalived.org/software/keepalived-1.3.2.tar.gz
    [root@dns01 src]# tar -zvxf keepalived-1.3.2.tar.gz
    [root@dns01 src]# cd keepalived-1.3.2
    [root@dns01 keepalived-1.3.2]# ./configure && make && make install
    [root@dns01 keepalived-1.3.2]# cp /usr/local/src/keepalived-1.3.2/keepalived/etc/init.d/keepalived /etc/rc.d/init.d/
    [root@dns01 keepalived-1.3.2]# cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/
    [root@dns01 keepalived-1.3.2]# mkdir /etc/keepalived
    [root@dns01 keepalived-1.3.2]# cp /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/
    [root@dns01 keepalived-1.3.2]# cp /usr/local/sbin/keepalived /usr/sbin/
    [root@dns01 keepalived-1.3.2]# echo "/etc/init.d/keepalived start" >> /etc/rc.local
    
    keepalived.conf配置
    ------------------------------------------
    192.168.10.202机器的keepalived.conf配置
    [root@dns01 ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
    [root@dns01 ~]# vim /etc/keepalived/keepalived.conf
    ! Configuration File for keepalived     #全局定义
      
    global_defs {
    notification_email {
    ops@kevin.cn
    }
      
    notification_email_from ops@kevin.cn
    smtp_server 127.0.0.1
    smtp_connect_timeout 30
    router_id master-node
    }
      
    vrrp_script chk_http_port {
        script "/opt/chk_http.sh"
        interval 2
        weight -5
        fall 2
        rise 1
    }
      
    vrrp_instance VI_1 {
        state MASTER
        interface eth0
        mcast_src_ip 192.168.10.202
        virtual_router_id 51
        priority 101
        advert_int 1
        authentication {
            auth_type PASS
            auth_pass 1111
        }
        virtual_ipaddress {
            192.168.10.190
        }
     
    track_script {
       chk_http_port
    }
    }
    
    编写httpd监控脚本
    [root@dns01 ~]# vim /opt/chk_http.sh
    #!/bin/bash
    counter=$(netstat -na|grep "LISTEN"|grep "80"|wc -l)
    if [ "${counter}" = "0" ]; then
           service httpd start >/dev/null 2>&1
        sleep 2
        counter=$(netstat -na|grep "LISTEN"|grep "80"|wc -l)
        if [ "${counter}" = "0" ]; then
           /etc/init.d/keepalived stop
        fi
    fi
    
    必须要给此脚本授予执行权限
    [root@dns01 ~]# chmod 755 /opt/chk_http.sh
    
    -----------------------------------------
    192.168.10.203机器的keepalived.conf配置
    [root@dns02 ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
    [root@dns02 ~]# vim /etc/keepalived/keepalived.conf
    ! Configuration File for keepalived    
      
    global_defs {
    notification_email {                
    ops@kevin.cn                     
    }
      
    notification_email_from ops@kevin.cn  
    smtp_server 127.0.0.1                    
    smtp_connect_timeout 30                 
    router_id slave-node                    
    }
      
    vrrp_script chk_http_port {         
        script "/opt/chk_http.sh"   
        interval 2                      
        weight -5                       
        fall 2                   
        rise 1                  
    }
      
    vrrp_instance VI_1 {            
        state BACKUP           
        interface eth0            
        mcast_src_ip 192.168.10.203 
        virtual_router_id 51        
        priority 99               
        advert_int 1               
        authentication {            
            auth_type PASS         
            auth_pass 1111          
        }
        virtual_ipaddress {        
            192.168.10.190
        }
     
    track_script {                     
       chk_http_port                 
    }
     
    }
    
    编写httpd监控脚本
    [root@dns02 ~]# vim /opt/chk_http.sh
    #!/bin/bash
    counter=$(netstat -na|grep "LISTEN"|grep "80"|wc -l)
    if [ "${counter}" = "0" ]; then
           service httpd start >/dev/null 2>&1
        sleep 2
        counter=$(netstat -na|grep "LISTEN"|grep "80"|wc -l)
        if [ "${counter}" = "0" ]; then
           /etc/init.d/keepalived stop
        fi
    fi
    
    必须要给此脚本授予执行权限
    [root@dns02 ~]# chmod 755 /opt/chk_http.sh
    
    -----------------------------------------------------
    分别启动两台机器的keepalived服务
    [root@dns01 ~]# /etc/init.d/keepalived start
    [root@dns01 ~]# ps -ef|grep keep
    
    [root@dns02 ~]# /etc/init.d/keepalived start
    [root@dns02 ~]# ps -ef|grep keepalived
    
    检查两台机器的ip,发现vip此时已经漂到192.168.10.202这台机器上
    [root@dns01 ~]# ip addr
    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
        inet 127.0.0.1/8 scope host lo
        inet6 ::1/128 scope host 
           valid_lft forever preferred_lft forever
    2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
        link/ether 52:54:00:6f:a5:e3 brd ff:ff:ff:ff:ff:ff
        inet 192.168.10.202/24 brd 192.168.10.255 scope global eth0
        inet 192.168.10.190/32 scope global eth0
        inet6 fe80::5054:ff:fe6f:a5e3/64 scope link 
           valid_lft forever preferred_lft forever
    
    [root@dns02 ~]# ip addr
    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
        inet 127.0.0.1/8 scope host lo
        inet6 ::1/128 scope host 
           valid_lft forever preferred_lft forever
    2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
        link/ether 52:54:00:e2:01:9b brd ff:ff:ff:ff:ff:ff
        inet 192.168.10.203/24 brd 192.168.10.255 scope global eth0
        inet6 fe80::5054:ff:fee2:19b/64 scope link 
           valid_lft forever preferred_lft forever
    
    -------------------------------------------------
    测试下故障转移
    先关闭192.168.10.202机器的httpd程序,发现关闭后会很快重启起来(最多2秒钟),这是因为keepalived程序里引用了/opt/chk_http.sh监控脚本。
    同样关闭192168.10.203机器的httpd程序,也是很快重启起来。
    根据/opt/chk_httpd.sh脚本可知,httpd程序挂掉后会自动重启,只有当httpd程序重启失败后,才会强制kill掉keepalived服务,这时vip也会转移到另一台节点。
    [root@dns01 keepalived]# killall -9 httpd
    [root@dns01 keepalived]# ps -ef|grep http
    root     23661 23660  0 21:30 ?        00:00:00 /bin/bash /opt/chk_http.sh
    root     23682     1  1 21:30 ?        00:00:00 /usr/sbin/httpd
    apache   23685 23682  0 21:30 ?        00:00:00 /usr/sbin/httpd
    apache   23686 23682  0 21:30 ?        00:00:00 /usr/sbin/httpd
    apache   23687 23682  0 21:30 ?        00:00:00 /usr/sbin/httpd
    apache   23688 23682  0 21:30 ?        00:00:00 /usr/sbin/httpd
    apache   23689 23682  0 21:30 ?        00:00:00 /usr/sbin/httpd
    apache   23690 23682  0 21:30 ?        00:00:00 /usr/sbin/httpd
    apache   23691 23682  0 21:30 ?        00:00:00 /usr/sbin/httpd
    apache   23692 23682  0 21:30 ?        00:00:00 /usr/sbin/httpd
    root     23694 21411  0 21:30 pts/1    00:00:00 grep http
    
    在测试关闭192.168.10.202机器的keepalived服务,发现vip资源会自动漂移到192.168.10.203机器上。
    当192.168.10.202机器的keepalived服务恢复后,vip资源会再次转移回来。
    [root@dns01 ~]# /etc/init.d/keepalived stop
    [root@dns01 ~]# ps -ef|grep keeplived
    root     24854 21411  0 21:36 pts/1    00:00:00 grep keeplived
    [root@dns01 ~]# ip addr
    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
        inet 127.0.0.1/8 scope host lo
        inet6 ::1/128 scope host 
           valid_lft forever preferred_lft forever
    2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
        link/ether 52:54:00:6f:a5:e3 brd ff:ff:ff:ff:ff:ff
        inet 192.168.10.202/24 brd 192.168.10.255 scope global eth0
        inet6 fe80::5054:ff:fe6f:a5e3/64 scope link 
           valid_lft forever preferred_lft forever
    
    [root@dns02 ~]# ip addr
    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
        inet 127.0.0.1/8 scope host lo
        inet6 ::1/128 scope host 
           valid_lft forever preferred_lft forever
    2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
        link/ether 52:54:00:e2:01:9b brd ff:ff:ff:ff:ff:ff
        inet 192.168.10.203/24 brd 192.168.10.255 scope global eth0
        inet 192.168.10.190/32 scope global eth0
        inet6 fe80::5054:ff:fee2:19b/64 scope link 
           valid_lft forever preferred_lft forever
    
    可以查看两台机器的/var/log/messages日志,可以看到vip资源的转移过程。
    
    [root@dns01 ~]# /etc/init.d/keepalived start
    Starting keepalived:                                       [  OK  ]
    [root@dns01 ~]# ps -ef|grep keepalived
    root     24877     1  0 21:37 ?        00:00:00 keepalived -D
    root     24878 24877  0 21:37 ?        00:00:00 keepalived -D
    root     24879 24877  0 21:37 ?        00:00:00 keepalived -D
    root     24939 21411  0 21:38 pts/1    00:00:00 grep keepalived
    
    192.168.10.202机器的keepalived服务恢复后,vip资源会再次转移回来。
    [root@dns01 ~]# /etc/init.d/keepalived start
    Starting keepalived:                                       [  OK  ]
    [root@dns01 ~]# ps -ef|grep keepalived
    root     24877     1  0 21:37 ?        00:00:00 keepalived -D
    root     24878 24877  0 21:37 ?        00:00:00 keepalived -D
    root     24879 24877  0 21:37 ?        00:00:00 keepalived -D
    root     24939 21411  0 21:38 pts/1    00:00:00 grep keepalived
    [root@dns01 ~]# ip addr
    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
        inet 127.0.0.1/8 scope host lo
        inet6 ::1/128 scope host 
           valid_lft forever preferred_lft forever
    2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
        link/ether 52:54:00:6f:a5:e3 brd ff:ff:ff:ff:ff:ff
        inet 192.168.10.202/24 brd 192.168.10.255 scope global eth0
        inet 192.168.10.190/32 scope global eth0
        inet6 fe80::5054:ff:fe6f:a5e3/64 scope link 
           valid_lft forever preferred_lft forever
    
    [root@dns02 ~]# ip addr
    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
        inet 127.0.0.1/8 scope host lo
        inet6 ::1/128 scope host 
           valid_lft forever preferred_lft forever
    2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
        link/ether 52:54:00:e2:01:9b brd ff:ff:ff:ff:ff:ff
        inet 192.168.10.203/24 brd 192.168.10.255 scope global eth0
        inet6 fe80::5054:ff:fee2:19b/64 scope link 
           valid_lft forever preferred_lft forever
    

    5)配置namedmanager(两台机器都要操作)

    [root@dns01 ~]# cp /etc/namedmanager/config-bind.php /etc/namedmanager/config-bind.php.bak
    [root@dns01 ~]# vim /etc/namedmanager/config-bind.php
    ......
    $config["api_url"]      = "http://192.168.10.190/namedmanager";
    $config["api_server_name"]  = "dns.kevin.cn";
    $config["api_auth_key"]     = "DNS";   
    

    6)配置两台机器的mysql主主关系

    首先确保两台机器能使用上面创建的NamedManager用户名和123456密码登录,如果登录不了,则访问NamedManager界面时会失败。
    [root@dns02 ~]# mysql -hlocalhost -uNamedManager -p123456
    ERROR 1045 (28000): Access denied for user 'NamedManager'@'localhost' (using password: YES)
    
    这就需要授权mysql登录
    [root@dns01 ~]# mysql -p123456
    .......
    mysql> grant all on *.* to NamedManager@192.168.10.202 identified by "123456";
    Query OK, 0 rows affected (0.11 sec)
    
    mysql> grant all on *.* to NamedManager@localhost identified by "123456";
    Query OK, 0 rows affected (0.02 sec)
    
    mysql> flush privileges;
    Query OK, 0 rows affected (0.04 sec)
    
    验证登录
    [root@dns01 ~]# mysql -hlocalhost -uNamedManager -p123456
    ......
    mysql>
    
    -------------------------------------------------------------
    192.168.10.202机器上的mysql设置
    [root@dns01 ~]# cp /etc/my.cnf /etc/my.cnf.bak
    [root@dns01 ~]# vim /etc/my.cnf                  #在[mysqld]区域里添加下面几行内容
    ......
    server-id = 1         
    log-bin = mysql-bin     
    sync_binlog = 1
    binlog_format = mixed
    auto-increment-increment = 2     
    auto-increment-offset = 1    
    slave-skip-errors = all
    
    重启mysqld服务
    [root@dns01 log]# /etc/init.d/mysqld restart
    Stopping mysqld:                                           [  OK  ]
    Starting mysqld:                                           [  OK  ]
    
    数据同步授权,这样I/O线程就可以以这个用户的身份连接到主服务器,并且读取它的二进制日志。
    [root@dns01 log]# mysql -p123456
    ......
    mysql> grant replication slave,replication client on *.* to kevin@'192.168.10.%' identified by "kevin@123";
    mysql> flush privileges;
    
    最好将库锁住,仅仅允许读,以保证数据一致性;待主主同步环境部署后再解锁;
    锁住后,就不能往表里写数据,但是重启mysql服务后就会自动解锁!
    mysql> flush tables with read lock;
    mysql> show master status;
    +------------------+----------+--------------+------------------+
    | File             | Position | Binlog_Do_DB | Binlog_Ignore_DB |
    +------------------+----------+--------------+------------------+
    | mysql-bin.000001 |      365 |              |                  |
    +------------------+----------+--------------+------------------+
    1 row in set (0.00 sec)
    
    --------------------------------------------------------------------
    192.168.10.203机器上的mysql设置
    [root@dns02 ~]# cp /etc/my.cnf /etc/my.cnf.bak
    [root@dns02 ~]# vim /etc/my.cnf
    .......
    server-id = 2        
    log-bin = mysql-bin    
    sync_binlog = 1
    binlog_format = mixed
    auto-increment-increment = 2     
    auto-increment-offset = 2    
    slave-skip-errors = all
    
    [root@dns02 ~]# /etc/init.d/mysqld restart
    Stopping mysqld:                                           [  OK  ]
    Starting mysqld:                                           [  OK  ]
    
    [root@dns02 ~]# mysql -p123456
    .......
    mysql> grant replication slave,replication client on *.* to kevin@'192.168.10.%' identified by "kevin@123";
    mysql> flush privileges;
    mysql> flush tables with read lock;
    mysql> show master status;
    +------------------+----------+--------------+------------------+
    | File             | Position | Binlog_Do_DB | Binlog_Ignore_DB |
    +------------------+----------+--------------+------------------+
    | mysql-bin.000001 |      365 |              |                  |
    +------------------+----------+--------------+------------------+
    1 row in set (0.00 sec)
    
    ---------------192.168.10.202服务器做同步操作---------------
    mysql> unlock tables; 
    Query OK, 0 rows affected (0.00 sec)
    
    mysql> slave stop;
    Query OK, 0 rows affected, 1 warning (0.00 sec)
    
    mysql> change  master to master_host='192.168.10.203',master_user='kevin',master_password='kevin@123',master_log_file='mysql-bin.000001',master_log_pos=365; 
    Query OK, 0 rows affected (0.20 sec)
    
    mysql> start slave;
    Query OK, 0 rows affected (0.00 sec)
    
    mysql> show slave status G;
    .......
    *************************** 1. row ***************************
                   Slave_IO_State: Waiting for master to send event
                      Master_Host: 192.168.10.203
                      Master_User: kevin
                      Master_Port: 3306
                    Connect_Retry: 60
                  Master_Log_File: mysql-bin.000001
              Read_Master_Log_Pos: 365
                   Relay_Log_File: mysqld-relay-bin.000002
                    Relay_Log_Pos: 251
            Relay_Master_Log_File: mysql-bin.000001
                 Slave_IO_Running: Yes
                Slave_SQL_Running: Yes
    .......
    .......
    
    ---------------192.168.10.203服务器做同步操作---------------
    mysql> unlock tables;
    Query OK, 0 rows affected (0.00 sec)
    
    mysql> slave stop;
    Query OK, 0 rows affected, 1 warning (0.00 sec)
    
    mysql> change  master to master_host='192.168.10.202',master_user='kevin',master_password='kevin@123',master_log_file='mysql-bin.000001',master_log_pos=365; 
    Query OK, 0 rows affected (0.18 sec)
    
    mysql> start slave;
    Query OK, 0 rows affected (0.00 sec)
    
    mysql> show slave status G;
    *************************** 1. row ***************************
                   Slave_IO_State: Waiting for master to send event
                      Master_Host: 192.168.10.202
                      Master_User: kevin
                      Master_Port: 3306
                    Connect_Retry: 60
                  Master_Log_File: mysql-bin.000001
              Read_Master_Log_Pos: 365
                   Relay_Log_File: mysqld-relay-bin.000002
                    Relay_Log_Pos: 251
            Relay_Master_Log_File: mysql-bin.000001
                 Slave_IO_Running: Yes
                Slave_SQL_Running: Yes
    .......
    .......
    
    到这里,192.168.10.202和192.168.10.203两台机器的mysql主主关系就配置成功了。下面测试下:
    首先在192.168.10.202的mysql数据库上添加数据:
    [root@dns01 log]# mysql -p123456
    .....
    mysql> show databases;
    +--------------------+
    | Database           |
    +--------------------+
    | information_schema |
    | mysql              |
    | namedmanager       |
    | test               |
    +--------------------+
    4 rows in set (0.00 sec)
    
    mysql> create database kevin;
    Query OK, 1 row affected (0.04 sec)
    
    然后到192.168.10.203机器的mysql数据库上验证并变更数据
    [root@dns02 ~]# mysql -p123456
    .......
    mysql> show databases;
    +--------------------+
    | Database           |
    +--------------------+
    | information_schema |
    | kevin              |
    | mysql              |
    | namedmanager       |
    | test               |
    +--------------------+
    5 rows in set (0.00 sec)
    
    mysql> drop database kevin;
    Query OK, 0 rows affected (0.03 sec)
    
    mysql> create database bobo;
    Query OK, 1 row affected (0.08 sec)
    
    再到192.168.10.202机器的mysql数据库上验证
    [root@dns01 log]# mysql -p123456
    ......
    mysql> show databases;
    +--------------------+
    | Database           |
    +--------------------+
    | information_schema |
    | bobo               |
    | mysql              |
    | namedmanager       |
    | test               |
    +--------------------+
    5 rows in set (0.00 sec)
    
    mysql> drop database bobo;
    Query OK, 0 rows affected (0.05 sec)
    

    7)在192.168.10.202和12.168.10.203两台机器上配置相关数据的同步关系。 

    先做好两台机器的ssh相互信任关系。
    [root@dns01 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub '-p22 root@192.168.10.203'
    [root@dns02 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub '-p22 root@192.168.10.202'
    
    验证两机之间的ssh互信
    [root@dns01 ~]# ssh -p22 root@192.168.10.203
    [root@dns02 ~]#
    
    [root@dns02 httpd]# ssh -p22 root@192.168.10.202
    [root@dns01 ~]#
    
    ------------------------------------------------------------
    现在192.168.10.202机器上做同步,判断VIP资源是否存在本机,如果存在就同步到另一台机器上。
    [root@dns01 ~]# vim /opt/rsync_dns.sh
    #!/bin/bash
    while [ "1" = "1" ]
    do
      NUM=`ip addr|grep 192.168.10.190|wc -l`
      if [ $NUM -eq 0 ];then
         echo "vip is not at this server" >/dev/null 2>&1
      fi
     
      if [ $NUM -eq 1 ];then
         /usr/bin/rsync -e "ssh -p22" -avpgolr /etc/named.conf root@192.168.10.203:/etc/
         /usr/bin/rsync -e "ssh -p22" -avpgolr /var/named/*.zone root@192.168.10.203:/var/named/
      fi
    done
    
    授予脚本执行权限,并启动脚本
    [root@dns01 ~]# chmod 755 /opt/rsync_dns.sh
    [root@dns01 ~]# nohup sh /opt/rsync_dns.sh &
    [root@dns01 ~]# ps -ef|grep rsync_dns.sh
    root      6310 21411  0 22:33 pts/1    00:00:00 sh /opt/rsync_dns.sh
    root      6508 21411  0 22:33 pts/1    00:00:00 grep rsync_dns.sh
    
    -----------------------------------------------------------------
    然后在192.168.10.203机器上做同步:
    [root@dns02 httpd]# vim /opt/rsync_dns.sh
    #!/bin/bash
    while [ "1" = "1" ]
    do
      NUM=`ip addr|grep 192.168.10.190|wc -l`
      if [ $NUM -eq 0 ];then
         echo "vip is not at this server" >/dev/null 2>&1
      fi
     
      if [ $NUM -eq 1 ];then
         /usr/bin/rsync -e "ssh -p22" -avpgolr /etc/named.conf root@192.168.10.202:/etc/
         /usr/bin/rsync -e "ssh -p22" -avpgolr /var/named/*.zone root@192.168.10.202:/var/named/
      fi
    done
    
    授予脚本执行权限,并启动脚本
    [root@dns02 httpd]# chmod 755 /opt/rsync_dns.sh
    [root@dns02 httpd]# nohup sh /opt/rsync_dns.sh &
    [root@dns02 httpd]# ps -ef|grep rsync_dns.sh
    root     12578  5466  0 22:35 pts/1    00:00:00 grep rsync_dns.sh
    root     32124  5466  8 22:35 pts/1    00:00:00 sh /opt/rsync_dns.sh
    

    8)访问namedmanager(https://192.168.10.190/namedmanager)进行界面配置。(由于此时vip资源在192.168.10.202机器上,故配置信息从192.168.10.202机器同步到192.168.10.203机器)。默认用户名和密码(setup,setup123)。不要忘记在用户管理中修改用户名和密码。

    重置管理员用户名和密码(由于两台服务器的mysql做了主主关系,修改后的信息同样会同步到另一台机器的mysql数据库里,即修改后的管理员账号密码同样适用于另一台机器的namedmanager登录)

    接着设置API key(如下图。设置邮箱地址和API key,这个key是在上面的/etc/namedmanager/config-bind.php文件中设置的) 

    添加服务器。Name Server FQDN的名称要和httpd中的ServerName一致。(如下添加部署机的主机名或者ip地址都可以)

    确保下面的"Zonefile Status"和"Logging Status"的状态是绿色的。

    添加正向域名解析

    添加反向域名解析(如果有多个ip段的客户机,那么就如下图添加多个反向解析配置)

    查看正反向解析域名添加情况

    上面已经成功添加了正反向解析域名,现在尝试添加一些域名的A记录和PTR记录
    先添加A正向解析记录

    由于上面在添加A正向解析的时候,已经勾选了PTR反向解析(如果没有勾选,则需要手动添加PTR反向解析记录),故这时候已经有了上面那几个域名的反向解析记录了:

    如上,已经添加了几个正反向解析记录,可以访问https://192.168.10.203/namedmanager,发现访问另一台机器的namedmanager(使用上面重置后的admin用户)也会看到上面设置的正反向解析配置信息。这就说明双机同步已经生效。

    可以登录到两台机器本机上查看相关的正反向解析配置:

    [root@dns01 ~]# cd /var/named/
    [root@dns01 named]# ll
    total 36
    -rw-r--r--. 1 root  root   614 Jun  3 23:42 10.168.192.in-addr.arpa.zone
    drwxrwx---. 2 named named 4096 Jun  3 03:21 data
    drwxrwx---. 2 named named 4096 Jun  3 23:05 dynamic
    -rw-r--r--. 1 root  root   575 Jun  3 23:42 kevin.cn.zone
    -rw-r-----. 1 root  named 3289 Apr 11  2017 named.ca
    -rw-r-----. 1 root  named  152 Dec 15  2009 named.empty
    -rw-r-----. 1 root  named  152 Jun 21  2007 named.localhost
    -rw-r-----. 1 root  named  168 Dec 15  2009 named.loopback
    drwxrwx---. 2 named named 4096 Jan 22 20:57 slaves
    
    [root@dns01 ~]# cat /etc/named.namedmanager.conf 
    //
    // NamedManager Configuration
    //
    // This file is automatically generated any manual changes will be lost.
    //
    zone "kevin.cn" IN {
        type master;
        file "kevin.cn.zone";
        allow-update { none; };
    };
    zone "10.168.192.in-addr.arpa" IN {
        type master;
        file "10.168.192.in-addr.arpa.zone";
        allow-update { none; };
    };
    
    [root@dns01 named]# cat kevin.cn.zone
    $ORIGIN kevin.cn.
    $TTL 120
    @       IN SOA dns.kevin.cn. wangshbo.veredholdings.com. (
                2018060311 ; serial
                21600 ; refresh
                3600 ; retry
                604800 ; expiry
                120 ; minimum ttl
            )
     
    ; Nameservers
     
    kevin.cn.   86400 IN NS dns.kevin.cn.
     
    ; Mailservers
     
     
    ; Reverse DNS Records (PTR)
     
     
    ; CNAME
     
     
    ; HOST RECORDS
     
    db01    120 IN A 192.168.10.239
    db02    120 IN A 192.168.10.212
    dns 120 IN A 192.168.10.190
    dns01   120 IN A 192.168.10.202
    dns02   120 IN A 192.168.10.203
    ftp01   120 IN A 192.168.10.209
    nc-app  120 IN A 192.168.10.210
    web01   120 IN A 192.168.10.214
    web02   120 IN A 192.168.10.215
    [root@dns01 named]# cat 10.168.192.in-addr.arpa.zone
    $ORIGIN 10.168.192.in-addr.arpa.
    $TTL 120
    @       IN SOA dns.kevin.cn. wangshbo.veredholdings.com. (
                2018060310 ; serial
                21600 ; refresh
                3600 ; retry
                604800 ; expiry
                120 ; minimum ttl
            )
     
    ; Nameservers
     
    10.168.192.in-addr.arpa.    86400 IN NS dns.kevin.cn.
     
    ; Mailservers
     
     
    ; Reverse DNS Records (PTR)
     
    190 120 IN PTR dns.kevin.cn.
    202 120 IN PTR dns01.kevin.cn.
    203 120 IN PTR dns02.kevin.cn.
    209 120 IN PTR ftp01.kevin.cn.
    210 120 IN PTR nc-app.kevin.cn.
    212 120 IN PTR db02.kevin.cn.
    214 120 IN PTR web01.kevin.cn.
    215 120 IN PTR web02.kevin.cn.
    239 120 IN PTR db01.kevin.cn.
     
    ; CNAME
     
     
    ; HOST RECORDS
    

    9)客户机的DNS配置

    root@localhost ~]# ifconfig|grep 192
              inet addr:192.168.10.207  Bcast:192.168.10.255  Mask:255.255.255.0
    
    [root@localhost ~]# vim /etc/resolv.conf
    domain kevin.cn
    search kevin.cn
    nameserver 192.168.10.190
    
    [root@localhost ~]# ping www.baidu.com
    PING www.a.shifen.com (61.135.169.121) 56(84) bytes of data.
    64 bytes from 61.135.169.121: icmp_seq=1 ttl=55 time=2.23 ms
    64 bytes from 61.135.169.121: icmp_seq=2 ttl=55 time=2.71 ms
    64 bytes from 61.135.169.121: icmp_seq=1 ttl=55 time=2.23 ms
    64 bytes from 61.135.169.121: icmp_seq=2 ttl=55 time=2.71 ms
    ......
    ......
    
    [root@localhost ~]# ping ftp01.kevin.cn
    PING ftp01.kevin.cn (192.168.10.209) 56(84) bytes of data.
    64 bytes from ftp01.kevin.cn (192.168.10.209): icmp_seq=1 ttl=64 time=1.25 ms
    64 bytes from ftp01.kevin.cn (192.168.10.209): icmp_seq=2 ttl=64 time=0.121 ms
    
    [root@localhost ~]# ping db02.kevin.cn
    PING db02.kevin.cn (192.168.10.212) 56(84) bytes of data.
    64 bytes from db02.kevin.cn (192.168.10.212): icmp_seq=1 ttl=64 time=0.408 ms
    64 bytes from db02.kevin.cn (192.168.10.212): icmp_seq=2 ttl=64 time=0.199 ms
    
    故障切换验证:
    关闭192.168.10.202上的keepalived服务,当vip资源切换到192.168.10.203机器上后,
    再次在客户机上测试
    
    [root@dns01 ~]# /etc/init.d/keepalived stop
    Stopping keepalived:                                       [  OK  ]
    [root@dns01 ~]# ip addr
    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
        inet 127.0.0.1/8 scope host lo
        inet6 ::1/128 scope host 
           valid_lft forever preferred_lft forever
    2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
        link/ether 52:54:00:6f:a5:e3 brd ff:ff:ff:ff:ff:ff
        inet 192.168.10.202/24 brd 192.168.10.255 scope global eth0
        inet6 fe80::5054:ff:fe6f:a5e3/64 scope link 
           valid_lft forever preferred_lft forever
    
    [root@dns02 ~]# ip addr
    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
        inet 127.0.0.1/8 scope host lo
        inet6 ::1/128 scope host 
           valid_lft forever preferred_lft forever
    2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
        link/ether 52:54:00:e2:01:9b brd ff:ff:ff:ff:ff:ff
        inet 192.168.10.203/24 brd 192.168.10.255 scope global eth0
        inet 192.168.10.190/32 scope global eth0
        inet6 fe80::5054:ff:fee2:19b/64 scope link 
           valid_lft forever preferred_lft forever
    
    当vip资源转移到另一台机器后,客户机上的DNS就会继续生效了。
    [root@localhost ~]# ping www.qq.com
    PING news.qq.com (125.39.52.26) 56(84) bytes of data.
    64 bytes from no-data (125.39.52.26): icmp_seq=1 ttl=52 time=4.32 ms
    64 bytes from no-data (125.39.52.26): icmp_seq=2 ttl=52 time=4.15 ms
    
    [root@localhost ~]# ping web02.kevin.cn
    PING web02.kevin.cn (192.168.10.215) 56(84) bytes of data.
    64 bytes from web02.kevin.cn (192.168.10.215): icmp_seq=1 ttl=64 time=2.14 ms
    64 bytes from web02.kevin.cn (192.168.10.215): icmp_seq=2 ttl=64 time=0.143 ms
    
    如果上面不做两台机器的mysql主主以及那些dns相关同步配置,那么要想实现主机高可用(提供统一的vip访问地址),就需要将DNS的解析配置在192.168.10.202和192.168.10.203
    两台机器的namedmanager界面里同样操作,即每次都要操作两遍。
  • 相关阅读:
    Visual Studio中View页面与Js页面用快捷键互相跳转
    使用NLog记录业务日志到数据库
    Js笛卡尔乘积
    多线程更新一个表里面的不同行也可能会死锁
    当请求参数与网站编码不一致时乱码解决方法
    WIN7下vs2010滑轮滚动不正确的解决方法
    VS 2017 代码报错编译正常
    C#表达式树
    .net core 学习 读取配置文件
    .net core 上传文件Demo
  • 原文地址:https://www.cnblogs.com/kevingrace/p/9131063.html
Copyright © 2020-2023  润新知