之前说到了NamedManager单机版的配置,下面说下DNS+NamedManager双机高可用的配置方案:
1)机器环境
主机名 ip地址 dns01.kevin.cn 192.168.10.202 dns02.kevin.cn 192.168.10.203 VIP地址:192.168.10.190 两台机器做好主机名及hosts绑定 [root@dns01 ~]# vim /etc/hosts ...... 192.168.10.202 dns01.kevin.cn 192.168.10.203 dns02.kevin.cn 192.168.10.190 dns.kevin.cn 四台机器都是centos6.9系统 [root@dns01 ~]# cat /etc/redhat-release CentOS release 6.9 (Final) 关闭四台机器的iptables和selinux [root@dns01 ~]# /etc/init.d/iptables stop [root@dns01 ~]# setenforce 0 [root@dns01 ~]# vim /etc/sysconfig/selinux ...... SELINUX=disabled 同步四台机器的系统时间 [root@dns01 ~]# yum install -y ntpdate [root@dns01 ~]# ntpdate ntp1.aliyun.com
2)安装namedmanager(在192.168.10.202和192.168.10.203两台机器上同样操作)
[root@dns01 ~]# yum install perl httpd mod_ssl mysql-server php php-intl php-ldap php-mysql php-soap php-xml 修改/etc/httpd/conf/httpd.conf ....... ServerName dns.kevin.cn:80 [root@dns01 ~]# service mysqld start [root@dns01 ~]# service httpd start [root@dns01 ~]# lsof -i:3306 [root@dns01 ~]# lsof -i:80 [root@dns01 ~]# chkconfig mysqld on [root@dns01 ~]# chkconfig httpd on [root@dns02 ~]# mysqladmin -u root password 123456 [root@dns02 ~]# mysql -p123456 #验证下是否能登录进去 下载并安装namedmanager [root@dns01 ~]# cd /usr/local/src/ [root@dns01 src]# wget http://repos.jethrocarr.com/pub/amberdms/linux/centos/6/amberdms-custom/i386/namedmanager-www-1.8.0-1.el6.noarch.rpm [root@dns01 src]# rpm -Uvh namedmanager-www-1.8.0-1.el6.noarch.rpm --force [root@dns01 src]# cd /usr/share/namedmanager/resources/ [root@dns01 resources]# ./autoinstall.pl autoinstall.pl This script setups the NamedManager database components: * NamedManager MySQL user #默认会创建登录Mysql的用户名NamedManager * NamedManager database #默认会创建NamedManager数据库名 * NamedManager configuration files #默认会创建NamedManager的配置文件 THIS SCRIPT ONLY NEEDS TO BE RUN FOR THE VERY FIRST INSTALL OF NAMEDMANAGER. DO NOT RUN FOR ANY OTHER REASON Please enter MySQL root password (if any): 123456 #输入上面设置的mysql密码 Searching ../sql/ for latest install schema... ../sql//version_20131222_install.sql is the latest file and will be used for the install. Importing file ../sql//version_20131222_install.sql Creating user... Updating configuration file... DB installation complete! You can now login with the default username/password of setup/setup123 at http://localhost/namedmanager
3)安装和配置bind9(在192.168.10.202和192.168.10.203两台机器上同样操作)
[root@dns01 ~]# cd /usr/local/src/ [root@dns01 src]# yum install bind php-process [root@dns01 src]# wget http://repos.jethrocarr.com/pub/amberdms/linux/centos/6/amberdms-custom/i386/namedmanager-bind-1.8.0-1.el6.noarch.rpm [root@dns01 src]# rpm -Uvh namedmanager-bind-1.8.0-1.el6.noarch.rpm --force 修改/etc/named.conf [root@dns01 src]# cp /etc/named.conf /etc/named.conf.bak [root@dns01 src]# vim /etc/named.conf options { listen-on port 53 { any; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; allow-query-cache { any; }; recursion yes; forward first; forwarders { 223.5.5.5; 223.6.6.6; 8.8.8.8; 8.8.4.4; }; dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; include "/etc/named.namedmanager.conf"; 启动named服务 [root@dns01 src]# service named start Generating /etc/rndc.key: [ OK ] Starting named: [ OK ] -------------------------------------------------------------------------- 上面已经提前关闭了iptables和selinux。 如果防火墙打开了,则需要开启下面策略: [root@dns01 src]# iptables -F [root@dns01 src]# iptables -P INPUT DROP [root@dns01 src]# iptables -P FORWARD DROP [root@dns01 src]# iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT [root@dns01 src]# iptables -A INPUT -i lo -p all -j ACCEPT [root@dns01 src]# iptables -A INPUT -p icmp -j ACCEPT [root@dns01 src]# iptables -A INPUT -p tcp --dport 22 -j ACCEPT [root@dns01 src]# iptables -A INPUT -p tcp --dport 53 -j ACCEPT [root@dns01 src]# iptables -A INPUT -p udp --dport 53 -j ACCEPT [root@dns01 src]# iptables -A INPUT -p tcp --dport 80 -j ACCEPT [root@dns01 src]# iptables -A INPUT -p tcp --dport 443 -j ACCEPT -------------------------------------------------------------------------- 禁用IPV6。添加域名记录(正向解析与反向解析)。设置开机启动服务,并重启服务器。 [root@dns01 src]# vim /etc/modprobe.d/dist.conf ....... alias net-pf-10 off alias ipv6 off chkconfig ip6tables off [root@dns01 src]# chkconfig httpd on [root@dns01 src]# chkconfig mysqld on [root@dns01 src]# chkconfig named on [root@dns01 src]# init 6 #重启机器 重启之后,登录机器验证下httpd、mysqld和named服务是否如实开机启动了 [root@dns01 ~]# ps -ef|grep mysql [root@dns01 ~]# ps -ef|grep http [root@dns01 ~]# ps -ef|grep named 测试登录mysql [root@dns01 ~]# mysql -p123456 ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) [root@dns01 ~]# ll /var/lib/mysql/mysql.sock ls: cannot access /var/lib/mysql/mysql.sock: No such file or directory [root@dns01 ~]# ln -s /usr/local/mysql/var/mysql.sock /var/lib/mysql/mysql.sock [root@dns01 ~]# ll /var/lib/mysql/mysql.sock lrwxrwxrwx. 1 root root 31 Jun 1 17:14 /var/lib/mysql/mysql.sock -> /usr/local/mysql/var/mysql.sock [root@dns01 ~]# mysql -p123456 #这时就能顺利登录mysql数据库了
4)安装keepalived(192.168.10.202和192.168.10.203两台机器上同样操作)
[root@dns01 ~]# cd /usr/local/src/ [root@dns01 src]# wget http://www.keepalived.org/software/keepalived-1.3.2.tar.gz [root@dns01 src]# tar -zvxf keepalived-1.3.2.tar.gz [root@dns01 src]# cd keepalived-1.3.2 [root@dns01 keepalived-1.3.2]# ./configure && make && make install [root@dns01 keepalived-1.3.2]# cp /usr/local/src/keepalived-1.3.2/keepalived/etc/init.d/keepalived /etc/rc.d/init.d/ [root@dns01 keepalived-1.3.2]# cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/ [root@dns01 keepalived-1.3.2]# mkdir /etc/keepalived [root@dns01 keepalived-1.3.2]# cp /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/ [root@dns01 keepalived-1.3.2]# cp /usr/local/sbin/keepalived /usr/sbin/ [root@dns01 keepalived-1.3.2]# echo "/etc/init.d/keepalived start" >> /etc/rc.local keepalived.conf配置 ------------------------------------------ 192.168.10.202机器的keepalived.conf配置 [root@dns01 ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak [root@dns01 ~]# vim /etc/keepalived/keepalived.conf ! Configuration File for keepalived #全局定义 global_defs { notification_email { ops@kevin.cn } notification_email_from ops@kevin.cn smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id master-node } vrrp_script chk_http_port { script "/opt/chk_http.sh" interval 2 weight -5 fall 2 rise 1 } vrrp_instance VI_1 { state MASTER interface eth0 mcast_src_ip 192.168.10.202 virtual_router_id 51 priority 101 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.10.190 } track_script { chk_http_port } } 编写httpd监控脚本 [root@dns01 ~]# vim /opt/chk_http.sh #!/bin/bash counter=$(netstat -na|grep "LISTEN"|grep "80"|wc -l) if [ "${counter}" = "0" ]; then service httpd start >/dev/null 2>&1 sleep 2 counter=$(netstat -na|grep "LISTEN"|grep "80"|wc -l) if [ "${counter}" = "0" ]; then /etc/init.d/keepalived stop fi fi 必须要给此脚本授予执行权限 [root@dns01 ~]# chmod 755 /opt/chk_http.sh ----------------------------------------- 192.168.10.203机器的keepalived.conf配置 [root@dns02 ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak [root@dns02 ~]# vim /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { notification_email { ops@kevin.cn } notification_email_from ops@kevin.cn smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id slave-node } vrrp_script chk_http_port { script "/opt/chk_http.sh" interval 2 weight -5 fall 2 rise 1 } vrrp_instance VI_1 { state BACKUP interface eth0 mcast_src_ip 192.168.10.203 virtual_router_id 51 priority 99 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.10.190 } track_script { chk_http_port } } 编写httpd监控脚本 [root@dns02 ~]# vim /opt/chk_http.sh #!/bin/bash counter=$(netstat -na|grep "LISTEN"|grep "80"|wc -l) if [ "${counter}" = "0" ]; then service httpd start >/dev/null 2>&1 sleep 2 counter=$(netstat -na|grep "LISTEN"|grep "80"|wc -l) if [ "${counter}" = "0" ]; then /etc/init.d/keepalived stop fi fi 必须要给此脚本授予执行权限 [root@dns02 ~]# chmod 755 /opt/chk_http.sh ----------------------------------------------------- 分别启动两台机器的keepalived服务 [root@dns01 ~]# /etc/init.d/keepalived start [root@dns01 ~]# ps -ef|grep keep [root@dns02 ~]# /etc/init.d/keepalived start [root@dns02 ~]# ps -ef|grep keepalived 检查两台机器的ip,发现vip此时已经漂到192.168.10.202这台机器上 [root@dns01 ~]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 52:54:00:6f:a5:e3 brd ff:ff:ff:ff:ff:ff inet 192.168.10.202/24 brd 192.168.10.255 scope global eth0 inet 192.168.10.190/32 scope global eth0 inet6 fe80::5054:ff:fe6f:a5e3/64 scope link valid_lft forever preferred_lft forever [root@dns02 ~]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 52:54:00:e2:01:9b brd ff:ff:ff:ff:ff:ff inet 192.168.10.203/24 brd 192.168.10.255 scope global eth0 inet6 fe80::5054:ff:fee2:19b/64 scope link valid_lft forever preferred_lft forever ------------------------------------------------- 测试下故障转移 先关闭192.168.10.202机器的httpd程序,发现关闭后会很快重启起来(最多2秒钟),这是因为keepalived程序里引用了/opt/chk_http.sh监控脚本。 同样关闭192168.10.203机器的httpd程序,也是很快重启起来。 根据/opt/chk_httpd.sh脚本可知,httpd程序挂掉后会自动重启,只有当httpd程序重启失败后,才会强制kill掉keepalived服务,这时vip也会转移到另一台节点。 [root@dns01 keepalived]# killall -9 httpd [root@dns01 keepalived]# ps -ef|grep http root 23661 23660 0 21:30 ? 00:00:00 /bin/bash /opt/chk_http.sh root 23682 1 1 21:30 ? 00:00:00 /usr/sbin/httpd apache 23685 23682 0 21:30 ? 00:00:00 /usr/sbin/httpd apache 23686 23682 0 21:30 ? 00:00:00 /usr/sbin/httpd apache 23687 23682 0 21:30 ? 00:00:00 /usr/sbin/httpd apache 23688 23682 0 21:30 ? 00:00:00 /usr/sbin/httpd apache 23689 23682 0 21:30 ? 00:00:00 /usr/sbin/httpd apache 23690 23682 0 21:30 ? 00:00:00 /usr/sbin/httpd apache 23691 23682 0 21:30 ? 00:00:00 /usr/sbin/httpd apache 23692 23682 0 21:30 ? 00:00:00 /usr/sbin/httpd root 23694 21411 0 21:30 pts/1 00:00:00 grep http 在测试关闭192.168.10.202机器的keepalived服务,发现vip资源会自动漂移到192.168.10.203机器上。 当192.168.10.202机器的keepalived服务恢复后,vip资源会再次转移回来。 [root@dns01 ~]# /etc/init.d/keepalived stop [root@dns01 ~]# ps -ef|grep keeplived root 24854 21411 0 21:36 pts/1 00:00:00 grep keeplived [root@dns01 ~]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 52:54:00:6f:a5:e3 brd ff:ff:ff:ff:ff:ff inet 192.168.10.202/24 brd 192.168.10.255 scope global eth0 inet6 fe80::5054:ff:fe6f:a5e3/64 scope link valid_lft forever preferred_lft forever [root@dns02 ~]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 52:54:00:e2:01:9b brd ff:ff:ff:ff:ff:ff inet 192.168.10.203/24 brd 192.168.10.255 scope global eth0 inet 192.168.10.190/32 scope global eth0 inet6 fe80::5054:ff:fee2:19b/64 scope link valid_lft forever preferred_lft forever 可以查看两台机器的/var/log/messages日志,可以看到vip资源的转移过程。 [root@dns01 ~]# /etc/init.d/keepalived start Starting keepalived: [ OK ] [root@dns01 ~]# ps -ef|grep keepalived root 24877 1 0 21:37 ? 00:00:00 keepalived -D root 24878 24877 0 21:37 ? 00:00:00 keepalived -D root 24879 24877 0 21:37 ? 00:00:00 keepalived -D root 24939 21411 0 21:38 pts/1 00:00:00 grep keepalived 192.168.10.202机器的keepalived服务恢复后,vip资源会再次转移回来。 [root@dns01 ~]# /etc/init.d/keepalived start Starting keepalived: [ OK ] [root@dns01 ~]# ps -ef|grep keepalived root 24877 1 0 21:37 ? 00:00:00 keepalived -D root 24878 24877 0 21:37 ? 00:00:00 keepalived -D root 24879 24877 0 21:37 ? 00:00:00 keepalived -D root 24939 21411 0 21:38 pts/1 00:00:00 grep keepalived [root@dns01 ~]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 52:54:00:6f:a5:e3 brd ff:ff:ff:ff:ff:ff inet 192.168.10.202/24 brd 192.168.10.255 scope global eth0 inet 192.168.10.190/32 scope global eth0 inet6 fe80::5054:ff:fe6f:a5e3/64 scope link valid_lft forever preferred_lft forever [root@dns02 ~]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 52:54:00:e2:01:9b brd ff:ff:ff:ff:ff:ff inet 192.168.10.203/24 brd 192.168.10.255 scope global eth0 inet6 fe80::5054:ff:fee2:19b/64 scope link valid_lft forever preferred_lft forever
5)配置namedmanager(两台机器都要操作)
[root@dns01 ~]# cp /etc/namedmanager/config-bind.php /etc/namedmanager/config-bind.php.bak [root@dns01 ~]# vim /etc/namedmanager/config-bind.php ...... $config["api_url"] = "http://192.168.10.190/namedmanager"; $config["api_server_name"] = "dns.kevin.cn"; $config["api_auth_key"] = "DNS";
6)配置两台机器的mysql主主关系
首先确保两台机器能使用上面创建的NamedManager用户名和123456密码登录,如果登录不了,则访问NamedManager界面时会失败。 [root@dns02 ~]# mysql -hlocalhost -uNamedManager -p123456 ERROR 1045 (28000): Access denied for user 'NamedManager'@'localhost' (using password: YES) 这就需要授权mysql登录 [root@dns01 ~]# mysql -p123456 ....... mysql> grant all on *.* to NamedManager@192.168.10.202 identified by "123456"; Query OK, 0 rows affected (0.11 sec) mysql> grant all on *.* to NamedManager@localhost identified by "123456"; Query OK, 0 rows affected (0.02 sec) mysql> flush privileges; Query OK, 0 rows affected (0.04 sec) 验证登录 [root@dns01 ~]# mysql -hlocalhost -uNamedManager -p123456 ...... mysql> ------------------------------------------------------------- 192.168.10.202机器上的mysql设置 [root@dns01 ~]# cp /etc/my.cnf /etc/my.cnf.bak [root@dns01 ~]# vim /etc/my.cnf #在[mysqld]区域里添加下面几行内容 ...... server-id = 1 log-bin = mysql-bin sync_binlog = 1 binlog_format = mixed auto-increment-increment = 2 auto-increment-offset = 1 slave-skip-errors = all 重启mysqld服务 [root@dns01 log]# /etc/init.d/mysqld restart Stopping mysqld: [ OK ] Starting mysqld: [ OK ] 数据同步授权,这样I/O线程就可以以这个用户的身份连接到主服务器,并且读取它的二进制日志。 [root@dns01 log]# mysql -p123456 ...... mysql> grant replication slave,replication client on *.* to kevin@'192.168.10.%' identified by "kevin@123"; mysql> flush privileges; 最好将库锁住,仅仅允许读,以保证数据一致性;待主主同步环境部署后再解锁; 锁住后,就不能往表里写数据,但是重启mysql服务后就会自动解锁! mysql> flush tables with read lock; mysql> show master status; +------------------+----------+--------------+------------------+ | File | Position | Binlog_Do_DB | Binlog_Ignore_DB | +------------------+----------+--------------+------------------+ | mysql-bin.000001 | 365 | | | +------------------+----------+--------------+------------------+ 1 row in set (0.00 sec) -------------------------------------------------------------------- 192.168.10.203机器上的mysql设置 [root@dns02 ~]# cp /etc/my.cnf /etc/my.cnf.bak [root@dns02 ~]# vim /etc/my.cnf ....... server-id = 2 log-bin = mysql-bin sync_binlog = 1 binlog_format = mixed auto-increment-increment = 2 auto-increment-offset = 2 slave-skip-errors = all [root@dns02 ~]# /etc/init.d/mysqld restart Stopping mysqld: [ OK ] Starting mysqld: [ OK ] [root@dns02 ~]# mysql -p123456 ....... mysql> grant replication slave,replication client on *.* to kevin@'192.168.10.%' identified by "kevin@123"; mysql> flush privileges; mysql> flush tables with read lock; mysql> show master status; +------------------+----------+--------------+------------------+ | File | Position | Binlog_Do_DB | Binlog_Ignore_DB | +------------------+----------+--------------+------------------+ | mysql-bin.000001 | 365 | | | +------------------+----------+--------------+------------------+ 1 row in set (0.00 sec) ---------------192.168.10.202服务器做同步操作--------------- mysql> unlock tables; Query OK, 0 rows affected (0.00 sec) mysql> slave stop; Query OK, 0 rows affected, 1 warning (0.00 sec) mysql> change master to master_host='192.168.10.203',master_user='kevin',master_password='kevin@123',master_log_file='mysql-bin.000001',master_log_pos=365; Query OK, 0 rows affected (0.20 sec) mysql> start slave; Query OK, 0 rows affected (0.00 sec) mysql> show slave status G; ....... *************************** 1. row *************************** Slave_IO_State: Waiting for master to send event Master_Host: 192.168.10.203 Master_User: kevin Master_Port: 3306 Connect_Retry: 60 Master_Log_File: mysql-bin.000001 Read_Master_Log_Pos: 365 Relay_Log_File: mysqld-relay-bin.000002 Relay_Log_Pos: 251 Relay_Master_Log_File: mysql-bin.000001 Slave_IO_Running: Yes Slave_SQL_Running: Yes ....... ....... ---------------192.168.10.203服务器做同步操作--------------- mysql> unlock tables; Query OK, 0 rows affected (0.00 sec) mysql> slave stop; Query OK, 0 rows affected, 1 warning (0.00 sec) mysql> change master to master_host='192.168.10.202',master_user='kevin',master_password='kevin@123',master_log_file='mysql-bin.000001',master_log_pos=365; Query OK, 0 rows affected (0.18 sec) mysql> start slave; Query OK, 0 rows affected (0.00 sec) mysql> show slave status G; *************************** 1. row *************************** Slave_IO_State: Waiting for master to send event Master_Host: 192.168.10.202 Master_User: kevin Master_Port: 3306 Connect_Retry: 60 Master_Log_File: mysql-bin.000001 Read_Master_Log_Pos: 365 Relay_Log_File: mysqld-relay-bin.000002 Relay_Log_Pos: 251 Relay_Master_Log_File: mysql-bin.000001 Slave_IO_Running: Yes Slave_SQL_Running: Yes ....... ....... 到这里,192.168.10.202和192.168.10.203两台机器的mysql主主关系就配置成功了。下面测试下: 首先在192.168.10.202的mysql数据库上添加数据: [root@dns01 log]# mysql -p123456 ..... mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | mysql | | namedmanager | | test | +--------------------+ 4 rows in set (0.00 sec) mysql> create database kevin; Query OK, 1 row affected (0.04 sec) 然后到192.168.10.203机器的mysql数据库上验证并变更数据 [root@dns02 ~]# mysql -p123456 ....... mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | kevin | | mysql | | namedmanager | | test | +--------------------+ 5 rows in set (0.00 sec) mysql> drop database kevin; Query OK, 0 rows affected (0.03 sec) mysql> create database bobo; Query OK, 1 row affected (0.08 sec) 再到192.168.10.202机器的mysql数据库上验证 [root@dns01 log]# mysql -p123456 ...... mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | bobo | | mysql | | namedmanager | | test | +--------------------+ 5 rows in set (0.00 sec) mysql> drop database bobo; Query OK, 0 rows affected (0.05 sec)
7)在192.168.10.202和12.168.10.203两台机器上配置相关数据的同步关系。
先做好两台机器的ssh相互信任关系。 [root@dns01 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub '-p22 root@192.168.10.203' [root@dns02 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub '-p22 root@192.168.10.202' 验证两机之间的ssh互信 [root@dns01 ~]# ssh -p22 root@192.168.10.203 [root@dns02 ~]# [root@dns02 httpd]# ssh -p22 root@192.168.10.202 [root@dns01 ~]# ------------------------------------------------------------ 现在192.168.10.202机器上做同步,判断VIP资源是否存在本机,如果存在就同步到另一台机器上。 [root@dns01 ~]# vim /opt/rsync_dns.sh #!/bin/bash while [ "1" = "1" ] do NUM=`ip addr|grep 192.168.10.190|wc -l` if [ $NUM -eq 0 ];then echo "vip is not at this server" >/dev/null 2>&1 fi if [ $NUM -eq 1 ];then /usr/bin/rsync -e "ssh -p22" -avpgolr /etc/named.conf root@192.168.10.203:/etc/ /usr/bin/rsync -e "ssh -p22" -avpgolr /var/named/*.zone root@192.168.10.203:/var/named/ fi done 授予脚本执行权限,并启动脚本 [root@dns01 ~]# chmod 755 /opt/rsync_dns.sh [root@dns01 ~]# nohup sh /opt/rsync_dns.sh & [root@dns01 ~]# ps -ef|grep rsync_dns.sh root 6310 21411 0 22:33 pts/1 00:00:00 sh /opt/rsync_dns.sh root 6508 21411 0 22:33 pts/1 00:00:00 grep rsync_dns.sh ----------------------------------------------------------------- 然后在192.168.10.203机器上做同步: [root@dns02 httpd]# vim /opt/rsync_dns.sh #!/bin/bash while [ "1" = "1" ] do NUM=`ip addr|grep 192.168.10.190|wc -l` if [ $NUM -eq 0 ];then echo "vip is not at this server" >/dev/null 2>&1 fi if [ $NUM -eq 1 ];then /usr/bin/rsync -e "ssh -p22" -avpgolr /etc/named.conf root@192.168.10.202:/etc/ /usr/bin/rsync -e "ssh -p22" -avpgolr /var/named/*.zone root@192.168.10.202:/var/named/ fi done 授予脚本执行权限,并启动脚本 [root@dns02 httpd]# chmod 755 /opt/rsync_dns.sh [root@dns02 httpd]# nohup sh /opt/rsync_dns.sh & [root@dns02 httpd]# ps -ef|grep rsync_dns.sh root 12578 5466 0 22:35 pts/1 00:00:00 grep rsync_dns.sh root 32124 5466 8 22:35 pts/1 00:00:00 sh /opt/rsync_dns.sh
8)访问namedmanager(https://192.168.10.190/namedmanager)进行界面配置。(由于此时vip资源在192.168.10.202机器上,故配置信息从192.168.10.202机器同步到192.168.10.203机器)。默认用户名和密码(setup,setup123)。不要忘记在用户管理中修改用户名和密码。
重置管理员用户名和密码(由于两台服务器的mysql做了主主关系,修改后的信息同样会同步到另一台机器的mysql数据库里,即修改后的管理员账号密码同样适用于另一台机器的namedmanager登录)
接着设置API key(如下图。设置邮箱地址和API key,这个key是在上面的/etc/namedmanager/config-bind.php文件中设置的)
添加服务器。Name Server FQDN的名称要和httpd中的ServerName一致。(如下添加部署机的主机名或者ip地址都可以)
确保下面的"Zonefile Status"和"Logging Status"的状态是绿色的。
添加正向域名解析
添加反向域名解析(如果有多个ip段的客户机,那么就如下图添加多个反向解析配置)
查看正反向解析域名添加情况
上面已经成功添加了正反向解析域名,现在尝试添加一些域名的A记录和PTR记录
先添加A正向解析记录
由于上面在添加A正向解析的时候,已经勾选了PTR反向解析(如果没有勾选,则需要手动添加PTR反向解析记录),故这时候已经有了上面那几个域名的反向解析记录了:
如上,已经添加了几个正反向解析记录,可以访问https://192.168.10.203/namedmanager,发现访问另一台机器的namedmanager(使用上面重置后的admin用户)也会看到上面设置的正反向解析配置信息。这就说明双机同步已经生效。
可以登录到两台机器本机上查看相关的正反向解析配置:
[root@dns01 ~]# cd /var/named/ [root@dns01 named]# ll total 36 -rw-r--r--. 1 root root 614 Jun 3 23:42 10.168.192.in-addr.arpa.zone drwxrwx---. 2 named named 4096 Jun 3 03:21 data drwxrwx---. 2 named named 4096 Jun 3 23:05 dynamic -rw-r--r--. 1 root root 575 Jun 3 23:42 kevin.cn.zone -rw-r-----. 1 root named 3289 Apr 11 2017 named.ca -rw-r-----. 1 root named 152 Dec 15 2009 named.empty -rw-r-----. 1 root named 152 Jun 21 2007 named.localhost -rw-r-----. 1 root named 168 Dec 15 2009 named.loopback drwxrwx---. 2 named named 4096 Jan 22 20:57 slaves [root@dns01 ~]# cat /etc/named.namedmanager.conf // // NamedManager Configuration // // This file is automatically generated any manual changes will be lost. // zone "kevin.cn" IN { type master; file "kevin.cn.zone"; allow-update { none; }; }; zone "10.168.192.in-addr.arpa" IN { type master; file "10.168.192.in-addr.arpa.zone"; allow-update { none; }; }; [root@dns01 named]# cat kevin.cn.zone $ORIGIN kevin.cn. $TTL 120 @ IN SOA dns.kevin.cn. wangshbo.veredholdings.com. ( 2018060311 ; serial 21600 ; refresh 3600 ; retry 604800 ; expiry 120 ; minimum ttl ) ; Nameservers kevin.cn. 86400 IN NS dns.kevin.cn. ; Mailservers ; Reverse DNS Records (PTR) ; CNAME ; HOST RECORDS db01 120 IN A 192.168.10.239 db02 120 IN A 192.168.10.212 dns 120 IN A 192.168.10.190 dns01 120 IN A 192.168.10.202 dns02 120 IN A 192.168.10.203 ftp01 120 IN A 192.168.10.209 nc-app 120 IN A 192.168.10.210 web01 120 IN A 192.168.10.214 web02 120 IN A 192.168.10.215 [root@dns01 named]# cat 10.168.192.in-addr.arpa.zone $ORIGIN 10.168.192.in-addr.arpa. $TTL 120 @ IN SOA dns.kevin.cn. wangshbo.veredholdings.com. ( 2018060310 ; serial 21600 ; refresh 3600 ; retry 604800 ; expiry 120 ; minimum ttl ) ; Nameservers 10.168.192.in-addr.arpa. 86400 IN NS dns.kevin.cn. ; Mailservers ; Reverse DNS Records (PTR) 190 120 IN PTR dns.kevin.cn. 202 120 IN PTR dns01.kevin.cn. 203 120 IN PTR dns02.kevin.cn. 209 120 IN PTR ftp01.kevin.cn. 210 120 IN PTR nc-app.kevin.cn. 212 120 IN PTR db02.kevin.cn. 214 120 IN PTR web01.kevin.cn. 215 120 IN PTR web02.kevin.cn. 239 120 IN PTR db01.kevin.cn. ; CNAME ; HOST RECORDS
9)客户机的DNS配置
root@localhost ~]# ifconfig|grep 192 inet addr:192.168.10.207 Bcast:192.168.10.255 Mask:255.255.255.0 [root@localhost ~]# vim /etc/resolv.conf domain kevin.cn search kevin.cn nameserver 192.168.10.190 [root@localhost ~]# ping www.baidu.com PING www.a.shifen.com (61.135.169.121) 56(84) bytes of data. 64 bytes from 61.135.169.121: icmp_seq=1 ttl=55 time=2.23 ms 64 bytes from 61.135.169.121: icmp_seq=2 ttl=55 time=2.71 ms 64 bytes from 61.135.169.121: icmp_seq=1 ttl=55 time=2.23 ms 64 bytes from 61.135.169.121: icmp_seq=2 ttl=55 time=2.71 ms ...... ...... [root@localhost ~]# ping ftp01.kevin.cn PING ftp01.kevin.cn (192.168.10.209) 56(84) bytes of data. 64 bytes from ftp01.kevin.cn (192.168.10.209): icmp_seq=1 ttl=64 time=1.25 ms 64 bytes from ftp01.kevin.cn (192.168.10.209): icmp_seq=2 ttl=64 time=0.121 ms [root@localhost ~]# ping db02.kevin.cn PING db02.kevin.cn (192.168.10.212) 56(84) bytes of data. 64 bytes from db02.kevin.cn (192.168.10.212): icmp_seq=1 ttl=64 time=0.408 ms 64 bytes from db02.kevin.cn (192.168.10.212): icmp_seq=2 ttl=64 time=0.199 ms 故障切换验证: 关闭192.168.10.202上的keepalived服务,当vip资源切换到192.168.10.203机器上后, 再次在客户机上测试 [root@dns01 ~]# /etc/init.d/keepalived stop Stopping keepalived: [ OK ] [root@dns01 ~]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 52:54:00:6f:a5:e3 brd ff:ff:ff:ff:ff:ff inet 192.168.10.202/24 brd 192.168.10.255 scope global eth0 inet6 fe80::5054:ff:fe6f:a5e3/64 scope link valid_lft forever preferred_lft forever [root@dns02 ~]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 52:54:00:e2:01:9b brd ff:ff:ff:ff:ff:ff inet 192.168.10.203/24 brd 192.168.10.255 scope global eth0 inet 192.168.10.190/32 scope global eth0 inet6 fe80::5054:ff:fee2:19b/64 scope link valid_lft forever preferred_lft forever 当vip资源转移到另一台机器后,客户机上的DNS就会继续生效了。 [root@localhost ~]# ping www.qq.com PING news.qq.com (125.39.52.26) 56(84) bytes of data. 64 bytes from no-data (125.39.52.26): icmp_seq=1 ttl=52 time=4.32 ms 64 bytes from no-data (125.39.52.26): icmp_seq=2 ttl=52 time=4.15 ms [root@localhost ~]# ping web02.kevin.cn PING web02.kevin.cn (192.168.10.215) 56(84) bytes of data. 64 bytes from web02.kevin.cn (192.168.10.215): icmp_seq=1 ttl=64 time=2.14 ms 64 bytes from web02.kevin.cn (192.168.10.215): icmp_seq=2 ttl=64 time=0.143 ms 如果上面不做两台机器的mysql主主以及那些dns相关同步配置,那么要想实现主机高可用(提供统一的vip访问地址),就需要将DNS的解析配置在192.168.10.202和192.168.10.203 两台机器的namedmanager界面里同样操作,即每次都要操作两遍。