ps:下面是一个ldap Mirror Mode的实例,做主主复制,如果对此不是太熟悉的话,可以参考:http://407711169.blog.51cto.com/6616996/1529506 。这里只做了主主模型2台机器,未在下面做slave的操作。只用keepalived做了高可用。
一、keepalived环境搭建
如上图,实体ip为253与254 虚ip为255 如果对keepalived不太熟悉,参见google
2台机器keepalived都需要装,且只有配置文件不同,所以安装流程只进行一次演示:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
cd /usr/local/src
wget yum -y install openssl-devel #安装过程中可能会报openssl依赖库找不到,所以直接安装
tar xf keepalived-1.2.13.tar.gz
cd keepalived-1.2.13
./configure
make && make install
#添加开机启动选项cp /usr/local/etc/rc.d/init.d/keepalived /etc/rc.d/init.d/
cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/ # 这里可以在这个文件里面 添加下 -f /etc/keepalived/keepalived.conf
chkconfig --add keepalivedchkconfig keepalived onln -sv /usr/local/etc/keepalived/ /etc/keepalived #软连接
#cd /etc/keepalived/
mkdir scripts #为后续检查脚本做铺垫
|
到这里,就要进行具体的配置了:
192.168.100.253:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
vim /etc/keepalived/keepalived.conf
#下面为配置文件内容! Configuration File for keepalived
#全局配置global_defs { notification_email {
}
notification_email_from [email protected]
smtp_server localhost
smtp_connect_timeout 30
router_id NodeAa
}#检查规则的步骤vrrp_script chk_url_fw {script "sh /etc/keepalived/scripts/urltest.sh" #两边脚本内容可完全相同,
interval 10weight -2fall 2rise 2}vrrp_instance VI_1 { state MASTER #设置为主
interface eth0 #监听网卡
virtual_router_id 128 #2台keepalived的相同id,用于标示
priority 100 #优先级
advert_int 1
authentication { #认证方式
auth_type PASS
auth_pass 7758521
}
virtual_ipaddress { #虚ip
192.168.100.255/24 dev eth0 label eth0:0
}
track_script { #检查健康状态
chk_url_fw
}
notify_master "/etc/keepalived/scripts/notify.sh master" #notify脚本,注:253与254的脚本不同!只是名字相同而已
notify_backup "/etc/keepalived/scripts/notify.sh backup"
notify_fault "/etc/keepalived/scripts/notify.sh failed"
} |
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
vim /etc/keepalived/scripts/notify.sh
#下面为内容#!/bin/bash#file:100.253source /etc/profile &> /dev/null
basedir=$(cd `dirname $0`;pwd)
function master() {
echo "[INFO]-[`date`]-[MASTER]--" >> $basedir/log
echo "[INFO]-[`date`]-[MASTER]-Start the [sldap server] on 192.168.100.253 " >> $basedir/log
echo "[INFO]-[`date`]-[MASTER]-Send sms to user : 【info】100.253 start server..." >> $basedir/log
/usr/bin/expect $basedir/expect.ex "$PHONE" "【info】ldap [100.253]开始运行。" #发送短信的方式,这里不做具体解释了
echo "[INFO]-[`date`]-[MASTER]---" >> $basedir/log
}function backup() {
echo "[INFO]-[`date`]-[SLAVE]--" >> $basedir/log
echo "[INFO]-[`date`]-[SLAVE]-Close the [sldap server] on 192.168.100.253 " >> $basedir/log
echo "[INFO]-[`date`]-[SLAVE]-Send sms to user : 【info】100.254 start server..." >> $basedir/log
/usr/bin/expect $basedir/expect.ex "$PHONE" "【info】passport [100.254]开始运行。"
echo "[INFO]-[`date`]-[SLAVE]---" >> $basedir/log
}function failed() {
/usr/bin/expect $basedir/expect.ex "$PHONE" "【warning】ldap 2台机器都无法访问!!!!"
echo "[INFO]-[`date`]-[ALL]--two machine down!!!!" >> $basedir/log
}case $1 in
master)
master
;;
backup)
backup
;;
failed)
failed
;;
esac |
|
1
2
3
4
5
6
7
8
9
10
11
12
13
|
vim /etc/keepalived/scripts/urltest.sh
##!/bin/bash#/usr/bin/curl --user user:pass http://localhost >/tmp/status 2>/dev/null
/bin/grep "auth ok" /tmp/status &> /dev/null
if [ $? -ne 0 ];then
exit 5
else exit 0
fi |
192.168.100.254:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs { notification_email {
}
notification_email_from [email protected]
smtp_server localhost
smtp_connect_timeout 30
router_id NodeAa
}vrrp_script chk_url_fw {script "sh /etc/keepalived/scripts/urltest.sh"
interval 10weight -2fall 2rise 2}vrrp_instance VI_1 { state BACKUP #########从节点
interface eth0
virtual_router_id 128
priority 99 ###优先级
advert_int 1
authentication {
auth_type PASS
auth_pass 7758521
}
virtual_ipaddress {
192.168.100.255/24 dev eth0 label eth0:0
}
track_script {
chk_url_fw
}
notify_master "/etc/keepalived/scripts/notify.sh master"
notify_backup "/etc/keepalived/scripts/notify.sh backup"
notify_fault "/etc/keepalived/scripts/notify.sh failed"
} |
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
vim /etc/keepalived/scripts/notify.sh
#下面为内容#!/bin/bash#source /etc/profile &> /dev/null
basedir=$(cd `dirname $0`;pwd)
function master() {
echo "[INFO]-[`date`]-[SLAVE]--" >> $basedir/log
echo "[INFO]-[`date`]-[SLAVE]-Start the [sldap server] on 192.168.100.254 " >> $basedir/log
echo "[INFO]-[`date`]-[SLAVE]-Send sms to user : 【info】100.254 start server..." >> $basedir/log
echo "[INFO]-[`date`]-[SLAVE]---" >> $basedir/log
}function backup() {
echo "[INFO]-[`date`]-[MASTER]--" >> $basedir/log
echo "[INFO]-[`date`]-[MASTER]-Close the [sldap server] on 192.168.100.254 " >> $basedir/log
echo "[INFO]-[`date`]-[MASTER]-Send sms to user : 【info】100.253 start server..." >> $basedir/log
echo "[INFO]-[`date`]-[MASTER]---" >> $basedir/log
}function failed() {
echo "[INFO]-[`date`]-[ALL]--two machine down!!!!" >> $basedir/log
}case $1 in
master)
master
;;
backup)
backup
;;
failed)
failed
;;
esac |
254的/etc/keepalived/scripts/urltest.sh 与253的相同。
此刻,keepalived已经配置好,先不启动,先配置ldap。
ldap安装的流程这里就不做演示了,很简单(yum一下)
重点在配置文件!
192.168.100.253:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
|
vim /etc/openldap/slapd.conf
#下面是精简的配置,其他的都已经过滤!include /etc/openldap/schema/corba.schema
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/duaconf.schema
include /etc/openldap/schema/dyngroup.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/java.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/ppolicy.schema
include /etc/openldap/schema/collective.schema
allow bind_v2pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
modulepath /usr/lib/openldap
modulepath /usr/lib64/openldap
moduleload syncprov.laTLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
TLSCertificateFile /etc/pki/tls/certs/slapd.pem
TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem
include /etc/openldap/access.conf
database bdbsuffix "dc=***,dc=com" #请将***替换为你需要的,下同
rootdn "cn=Manager,dc=***,dc=com"
rootpw {SSHA}XVu6fPl/7cFuA8Q8rCQ158wQ32btncGq #密码 ,当然可以是明文的 哈哈
directory /var/lib/ldap
loglevel 256index objectclass,entryCSN,entryUUID eq
#####这里才是重点overlay syncprovsyncprov-checkpoint 100 10syncprov-sessionlog 100serverID 1syncrepl rid=002 provider=ldap://192.168.100.254
bindmethod=simple
binddn="cn=Manager,dc=***,dc=com"
credentials=密码 #明文
searchbase="dc=****,dc=com"
schemachecking=on
filter="(objectClass=*)"
scope=sub
schemachecking=off
type=refreshAndPersist
retry="60 +"
mirrormode on |
192.168.100.254:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
|
vim /etc/openldap/slapd.conf
#下面是精简的配置,其他的都已经过滤!include /etc/openldap/schema/corba.schema
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/duaconf.schema
include /etc/openldap/schema/dyngroup.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/java.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/ppolicy.schema
include /etc/openldap/schema/collective.schema
allow bind_v2pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
modulepath /usr/lib/openldap
modulepath /usr/lib64/openldap
moduleload syncprov.laTLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
TLSCertificateFile /etc/pki/tls/certs/slapd.pem
TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem
include /etc/openldap/access.conf
database bdbsuffix "dc=***,dc=com"
rootdn "cn=Manager,dc=***,dc=com"
rootpw {SSHA}XVu6fPl/7cFuA8Q8rCQ158wQ32btncGq
directory /var/lib/ldap
loglevel 256index objectclass,entryCSN,entryUUID eq
overlay syncprovsyncprov-checkpoint 100 10syncprov-sessionlog 100serverID 2syncrepl rid=002 provider=ldap://192.168.100.253
bindmethod=simple
binddn="cn=Manager,dc=***,dc=com"
credentials=密码 #明文
searchbase="dc=***,dc=com"
schemachecking=on
filter="(objectClass=*)"
scope=sub
schemachecking=off
type=refreshAndPersist
retry="60 +"
mirrormode on |
配置好,重点来了!!!
你直接启动ldap(/etc/init.d/slapd start)是不读新的配置的,以我暂且的阅历来讲是发现这么个情况的!
所以,要这样
|
1
2
3
4
5
|
#删除就得配置缓存(暂且这么理解吧)rm -rf /etc/openldap/slapd.d/*
#生成新的slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/
chown -R ldap.ldap /etc/openldap/slapd.d
|
然后就好了,然后你就可以启动ldap服务啦,
然后你就可以启动keepalived服务啦。
然后你就可以停掉一遍测试服务啦。
PS:2台服务器都需搭建http服务,同样也是搞2套一模一样的即可!如果你使用web服务工具的话!
本文转自 陈延宗 51CTO博客,原文链接:http://blog.51cto.com/407711169/1535578,如需转载请自行联系原作者