Centos7.2 下DNS+NamedManager高可用部署方案完整记录
Centos7.2 下DNS+NamedManager高可用部署方案完整记录
之前说到了NamedManager单机版的配置,下面说下DNS+NamedManager双机高可用的配置方案:
1)机器环境
主机名 ip地址
dns01.kevin.cn 172.22.51.65
dns02.kevin.cn 172.22.51.74
VIP地址:172.22.51.75
两台机器做好主机名及hosts绑定
[root@dns01 ~]# vim /etc/hosts
......
172.22.51.65 dns01.kevin.cn
172.22.51.74 dns02.kevin.cn
172.22.51.75 dns.kevin.cn
四台机器都是Centos7.2系统
[root@dns01 ~]# cat /etc/redhat-release
CentOS Linux release 7.2.1511 (Core)
关闭四台机器的iptables和selinux
[root@dns01 ~]# systemctl stop firewalld
[root@dns01 ~]# setenforce 0
[root@dns01 ~]# vim /etc/sysconfig/selinux
......
SELINUX=disabled
同步四台机器的系统时间
[root@dns01 ~]# yum install -y ntpdate
[root@dns01 ~]# ntpdate ntp1.aliyun.com
2)安装namedmanager(在172.22.51.65和172.22.51.74两台机器上同样操作)
[root@dns01 ~]# yum install perl perl-DBD-MySQL perl-DBI httpd mod_ssl php php-intl php-ldap php-mysql php-soap php-xml lsof wget lrzsz rsync
修改/etc/httpd/conf/httpd.conf
.......
ServerName dns.kevin.cn:80
使用MySQL Yum仓库时,默认选择安装最新的MySQL版本。如果需要使用低版本请按如下操作。
1.安装MySQL仓库源
[root@dns01~]# rpm -ivh https://dev.mysql.com/get/mysql80-community-release-el7-1.noarch.rpm
2.选择并启用适合当前平台的发行包
//列出所有MySQL发行版仓库
[root@dns01~]# yum repolist all|grep mysql
//禁用8.0发行版仓库,启用5.7发行版仓库
[root@dns01~]# yum install yum-utils
[root@dns01~]# yum-config-manager --disable mysql80-community
[root@dns01~]# yum-config-manager --enable mysql57-community
注意
可以手动编辑/etc/yum.repos.d/mysql-community.repo 文件配置仓库
[mysql57-community]
name=MySQL 5.7 Community Server
baseurl=http://repo.mysql.com/yum/mysql-5.7-community/el/6/$basearch/
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-mysql
3.通过以下命令安装MySQL, 并启动MySQL
[root@dns01~]# yum install -y mysql-community-server
[root@dns01~]# systemctl start mysqld
[root@dns01~]# systemctl enable mysqld
MySQL服务器初始化(仅适用于MySQL 5.7)在服务器初始启动时,如果服务器的数据目录为空,则会发生以下情况:
- 服务器已初始化。
- 在数据目录中生成SSL证书和密钥文件。
- validate_password插件安装并启用。
- 超级用户帐户'root'@'localhost'已创建。
超级用户的密码被设置并存储在错误日志文件中。要显示它,请使用以下命令:
[root@dns01~]# grep "password" /var/log/mysqld.log
2018-04-28T07:11:51.589629Z1[Note] A temporary passwordisgeneratedforroot@localhost: jHlRHucap3+7
通过使用生成的临时密码登录并尽快更改root密码并为超级用户帐户设置自定义密码
[root@dns01~]# mysql -uroot -pjHlRHucap3+7
mysql> ALTER USER'root'@'localhost'IDENTIFIED BY'Bgx123.com';
注意
MySQL的validate_password插件默认安装。将要求密码至少包含大写、小写、数字、特殊字符、并且总密码长度至少为8个字符。
[root@dns01 ~]# systemctl restart mysqld
[root@dns01 ~]# systemctl restart httpd
[root@dns01 ~]# lsof -i:3306
[root@dns01 ~]# lsof -i:80
[root@dns01 ~]# systemctl enable httpd
[root@dns02 ~]# mysqladmin -u root -p
Password:Bgx123.com
#验证下是否能登录进去
下载并安装namedmanager
[root@dns01 ~]# cd /usr/local/src/
[root@dns01 src]# wget https://repos.jethrocarr.com/pub/amberdms/linux/centos/7/jethrocarr-custom/x86_64/namedmanager-www-1.9.0-2.el7.centos.noarch.rpm
[root@dns01 src]# rpm -Uvh namedmanager-www-1.9.0-2.el7.centos.noarch.rpm
[root@dns01 src]# cd /usr/share/namedmanager/resources/
注意:
这里要注意,对于mysql5.7因为默认有强密码模块要求,导致生成数据库账号密码不安全从而登录不了数据库,所以在执行autoinstall.pl脚本前要先禁用数据库的强密码模块,再执行脚本就不会报错。
[root@dns01 resources]# ./autoinstall.pl
autoinstall.pl
This script setups the NamedManager database components:
* NamedManager MySQL user
* NamedManager database
* NamedManager configuration files
THIS SCRIPT ONLY NEEDS TO BE RUN FOR THE VERY FIRST INSTALL OF NAMEDMANAGER.
DO NOT RUN FOR ANY OTHER REASON
Please enter MySQL root password (if any): Bgx123.com
Searching ../sql/ for latest install schema...
../sql//version_20131222_install.sql is the latest file and will be used for the install.
Importing file ../sql//version_20131222_install.sql
Creating user...
DBD::mysql::db do failed: Your password does not satisfy the current policy requirements at ./autoinstall.pl line 288, <SQL> line 2.
DBD::mysql::db do failed: Your password does not satisfy the current policy requirements at ./autoinstall.pl line 288, <SQL> line 2.
Updating configuration file...
DB installation complete!
You can now login with the default username/password of setup/setup123 at http://localhost/namedmanager
这里要注意,对于mysql5.7因为默认有强密码模块要求,导致生成数据库账号密码不安全从而登录不了数据库,所以在执行autoinstall.pl脚本前要先禁用数据库的强密码模块,再执行脚本就不会报错。
3)安装和配置bind9(在172.22.51.65和172.22.51.74两台机器上同样操作)
[root@dns01 ~]# cd /usr/local/src/
[root@dns01 src]# yum install bind php-process
[root@dns01 src]# wget https://repos.jethrocarr.com/pub/amberdms/linux/centos/7/jethrocarr-custom/x86_64/namedmanager-bind-1.9.0-2.el7.centos.noarch.rpm
[root@dns01 src]# rpm -Uvh namedmanager-bind-1.9.0-2.el7.centos.noarch.rpm
warning: namedmanager-bind-1.9.0-2.el7.centos.noarch.rpm: Header V4 DSA/SHA1 Signature, key ID 55e8661e: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:namedmanager-bind-1.9.0-2.el7.cen################################# [100%]
BIND/NAMED CONFIGURATION
NamedManager BIND components have been installed, you will need to install
and configure bind/named to use the configuration file by adding the
following to /etc/named.conf:
#
# Include NamedManager Configuration
#
include "/etc/named.namedmanager.conf";
NAMEDMANAGER BIND CONFIGURATION
You need to set the application configuration in /etc/namedmanager/config-bind.php
修改/etc/named.conf
[root@dns01 src]# cp /etc/named.conf /etc/named.conf.bak
[root@dns01 src]# vim /etc/named.conf
options {
listen-on port 53 { any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
forward first;
forwarders {
223.5.5.5;
223.6.6.6;
8.8.8.8;
8.8.4.4;
};
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
include "/etc/named.namedmanager.conf";
==========================================================
如果要bind可以在chroot的模式下运行
[root@dns src]# yum install bind-chroot
建立“/etc/named.namedmanager.conf”文件的硬连接
[root@dns src]# ln /etc/named.namedmanager.conf /var/named/chroot/etc/named.namedmanager.conf
如果不建立硬连接named启动时,会提示找不到“/etc/named.namedmanager.conf”。
这是因为:
bind-chroot是bind的一个功能,使bind可以在一个chroot的模式下运行。也就是说,bind运行时的/(根)目录,并不是系统真正的/(根)目录,只是系统中的一个子目录而已。
这样做的目的是为了提高安全性。因为在chroot的模式下,bind可以访问的范围仅限于这个子目录的范围里,无法进一步提升,进入到系统的其他目录中。
chroot可以改变程序运行时所参考的根目录(/)位置,即将某个特定的子目录作为程序的虚拟根目录,并且对程序运行时可以使用的系统资源,用户权限和所在目录进行严格控制,程序只在这个虚拟的根目录下具有权限,一旦跳出该目录就无任何权限。例如在centos中,/var/name/chroot实际上是根目录(/)的虚拟目录,所以虚拟目录中的/etc目录实际上/var/named/chroot/etc目录,而/var/named目录实际上/var/named/chroot/var/named目录。chroot功能的优点是:如果有黑客通过Bind侵入系统,也只能被限定在chroot目录及其子目录中,其破坏力也仅局限在该虚拟目录中,不会威胁到整个服务器的安全
==========================================================
启动named服务
[root@dns01 src]# systemctl start named
cat /etc/rndc.key #rndc.key已自动生成
--------------------------------------------------------------------------
添加域名记录(正向解析与反向解析)。设置开机启动服务,并重启服务器。
[root@dns01 src]# systemctl enable httpd
[root@dns01 src]# systemctl enable mysqld
[root@dns01 src]# systemctl enable named
查询是否设置开机自启成功命令:
[root@dns01 ~]# systemctl list-unit-files | grep named.service
named.service enabled
systemd-hostnamed.service static
[root@dns01 src]# init 6 #重启机器
重启之后,登录机器验证下httpd、mysqld和named服务是否如实开机启动了
[root@dns01 ~]# ps -ef|grep mysqld
[root@dns01 ~]# ps -ef|grep httpd
[root@dns01 ~]# ps -ef|grep named
测试登录mysql
[root@dns01 ~]# mysql –uroot –p
Password:Bgx123.com #这时就能顺利登录mysql数据库了
4)安装keepalived(172.22.51.65和172.22.51.74两台机器上同样操作)
[root@dns01 ~]# cd /usr/local/src/
[root@dns01 src]# wget http://www.keepalived.org/software/keepalived-2.0.10.tar.gz
[root@dns01 src]# tar -zvxf keepalived-2.0.10.tar.gz
[root@dns01 src]# cd keepalived-2.0.10
[root@dns01 keepalived-2.0.10]# ./configure && make && make install
缺少头文件,只需要安装openssl和openssl-devel即可
yum install –y openssl openssl-devel gcc gcc++
[root@dns01 keepalived-2.0.10]# cp /usr/local/src/keepalived-2.0.10/keepalived/etc/init.d/keepalived /etc/rc.d/init.d/
[root@dns01 keepalived-2.0.10]# cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/
[root@dns01 keepalived-2.0.10]# mkdir /etc/keepalived
[root@dns01 keepalived-2.0.10]# cp /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/
[root@dns01 keepalived-2.0.10]# cp /usr/local/sbin/keepalived /usr/sbin/
[root@dns01 keepalived-2.0.10]# echo "/etc/init.d/keepalived start" >> /etc/rc.local
两台都要操作:
+++++++检查keepalived进程是否成功设置开机启动
1、cat /etc/rc.local #看启动命令是否成功插入到配置文件
2、ll /etc/rc.local #查看该文件是否软链接
3、ll /etc/rc.d/rc.local #查看源文件是否有可执行权限
keepalived.conf配置
------------------------------------------
172.22.51.65机器的keepalived.conf配置
[root@dns01 ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
[root@dns01 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived #全局定义
global_defs {
notification_email {
ops@kevin.cn
}
notification_email_from ops@kevin.cn
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id master-node
}
vrrp_script chk_http_port {
script "/opt/chk_http.sh"
interval 2
weight -5
fall 2
rise 1
}
vrrp_instance VI_1 {
state MASTER
interface eth0
mcast_src_ip 172.22.51.65
virtual_router_id 51
priority 101
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.22.51.75
}
track_script {
chk_http_port
}
}
编写httpd监控脚本
[root@dns01 ~]# vim /opt/chk_http.sh
#!/bin/bash
counter=$(netstat -na|grep "LISTEN"|grep "80"|wc -l)
if [ "${counter}" = "0" ]; then
systemctl start httpd >/dev/null 2>&1
sleep 2
counter=$(netstat -na|grep "LISTEN"|grep "80"|wc -l)
if [ "${counter}" = "0" ]; then
/etc/init.d/keepalived stop
fi
fi
必须要给此脚本授予执行权限
[root@dns01 ~]# chmod 755 /opt/chk_http.sh
-----------------------------------------
172.22.51.74机器的keepalived.conf配置
[root@dns02 ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
[root@dns02 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
ops@kevin.cn
}
notification_email_from ops@kevin.cn
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id slave-node
}
vrrp_script chk_http_port {
script "/opt/chk_http.sh"
interval 2
weight -5
fall 2
rise 1
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
mcast_src_ip 172.22.51.74
virtual_router_id 51
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
172.22.51.75
}
track_script {
chk_http_port
}
}
编写httpd监控脚本
[root@dns02 ~]# vim /opt/chk_http.sh
#!/bin/bash
counter=$(netstat -na|grep "LISTEN"|grep "80"|wc -l)
if [ "${counter}" = "0" ]; then
systemctl start httpd >/dev/null 2>&1
sleep 2
counter=$(netstat -na|grep "LISTEN"|grep "80"|wc -l)
if [ "${counter}" = "0" ]; then
/etc/init.d/keepalived stop
fi
fi
必须要给此脚本授予执行权限
[root@dns02 ~]# chmod 755 /opt/chk_http.sh
-----------------------------------------------------
分别启动两台机器的keepalived服务
[root@dns01 ~]# /etc/init.d/keepalived start
[root@dns01 ~]# ps -ef|grep keep
[root@dns02 ~]# /etc/init.d/keepalived start
[root@dns02 ~]# ps -ef|grep keepalived
检查两台机器的ip,发现vip此时已经漂到172.22.51.65这台机器上
[root@dns01 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:6f:a5:e3 brd ff:ff:ff:ff:ff:ff
inet 172.22.51.65/24 brd 192.168.10.255 scope global eth0
inet 172.22.51.75/32 scope global eth0
inet6 fe80::5054:ff:fe6f:a5e3/64 scope link
valid_lft forever preferred_lft forever
[root@dns02 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:e2:01:9b brd ff:ff:ff:ff:ff:ff
inet 172.22.51.74/24 brd 192.168.10.255 scope global eth0
inet6 fe80::5054:ff:fee2:19b/64 scope link
valid_lft forever preferred_lft forever
-------------------------------------------------
测试下故障转移
先关闭172.22.51.65机器的httpd程序,发现关闭后会很快重启起来(最多2秒钟),这是因为keepalived程序里引用了/opt/chk_http.sh监控脚本。
同样关闭172.22.51.74机器的httpd程序,也是很快重启起来。
根据/opt/chk_httpd.sh脚本可知,httpd程序挂掉后会自动重启,只有当httpd程序重启失败后,才会强制kill掉keepalived服务,这时vip也会转移到另一台节点。
[root@dns01 keepalived]# killall -9 httpd
两台都要操作:
killall命令并不是Centos7自带的,需要安装,在centos下安装方法如下:
yum install psmisc -y
[root@dns01 keepalived]# ps -ef|grep http
root 23661 23660 0 21:30 ? 00:00:00 /bin/bash /opt/chk_http.sh
root 23682 1 1 21:30 ? 00:00:00 /usr/sbin/httpd
apache 23685 23682 0 21:30 ? 00:00:00 /usr/sbin/httpd
apache 23686 23682 0 21:30 ? 00:00:00 /usr/sbin/httpd
apache 23687 23682 0 21:30 ? 00:00:00 /usr/sbin/httpd
apache 23688 23682 0 21:30 ? 00:00:00 /usr/sbin/httpd
apache 23689 23682 0 21:30 ? 00:00:00 /usr/sbin/httpd
apache 23690 23682 0 21:30 ? 00:00:00 /usr/sbin/httpd
apache 23691 23682 0 21:30 ? 00:00:00 /usr/sbin/httpd
apache 23692 23682 0 21:30 ? 00:00:00 /usr/sbin/httpd
root 23694 21411 0 21:30 pts/1 00:00:00 grep http
在测试关闭172.22.51.65机器的keepalived服务,发现vip资源会自动漂移到172.22.51.74机器上。
当172.22.51.65机器的keepalived服务恢复后,vip资源会再次转移回来。
[root@dns01 ~]# /etc/init.d/keepalived stop
[root@dns01 ~]# ps -ef|grep keeplived
root 24854 21411 0 21:36 pts/1 00:00:00 grep keeplived
[root@dns01 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:6f:a5:e3 brd ff:ff:ff:ff:ff:ff
inet 172.22.51.65/24 brd 192.168.10.255 scope global eth0
inet6 fe80::5054:ff:fe6f:a5e3/64 scope link
valid_lft forever preferred_lft forever
[root@dns02 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:e2:01:9b brd ff:ff:ff:ff:ff:ff
inet 172.22.51.74/24 brd 192.168.10.255 scope global eth0
inet 172.22.51.75/32 scope global eth0
inet6 fe80::5054:ff:fee2:19b/64 scope link
valid_lft forever preferred_lft forever
可以查看两台机器的/var/log/messages日志,可以看到vip资源的转移过程。
[root@dns01 ~]# /etc/init.d/keepalived start
Starting keepalived: [ OK ]
[root@dns01 ~]# ps -ef|grep keepalived
root 24877 1 0 21:37 ? 00:00:00 keepalived -D
root 24878 24877 0 21:37 ? 00:00:00 keepalived -D
root 24879 24877 0 21:37 ? 00:00:00 keepalived -D
root 24939 21411 0 21:38 pts/1 00:00:00 grep keepalived
172.22.51.65机器的keepalived服务恢复后,vip资源会再次转移回来。
[root@dns01 ~]# /etc/init.d/keepalived start
Starting keepalived: [ OK ]
[root@dns01 ~]# ps -ef|grep keepalived
root 24877 1 0 21:37 ? 00:00:00 keepalived -D
root 24878 24877 0 21:37 ? 00:00:00 keepalived -D
root 24879 24877 0 21:37 ? 00:00:00 keepalived -D
root 24939 21411 0 21:38 pts/1 00:00:00 grep keepalived
[root@dns01 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:6f:a5:e3 brd ff:ff:ff:ff:ff:ff
inet 172.22.51.65/24 brd 192.168.10.255 scope global eth0
inet 172.22.51.75/32 scope global eth0
inet6 fe80::5054:ff:fe6f:a5e3/64 scope link
valid_lft forever preferred_lft forever
[root@dns02 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:e2:01:9b brd ff:ff:ff:ff:ff:ff
inet 172.22.51.74/24 brd 192.168.10.255 scope global eth0
inet6 fe80::5054:ff:fee2:19b/64 scope link
valid_lft forever preferred_lft forever
5)配置namedmanager(两台机器都要操作)
[root@dns01 ~]# cp /etc/namedmanager/config-bind.php /etc/namedmanager/config-bind.php.bak
[root@dns01 ~]# vim /etc/namedmanager/config-bind.php
......
$config["api_url"] = "http://172.22.51.75/namedmanager";
$config["api_server_name"] = "dns.kevin.cn";
$config["api_auth_key"] = "DNS";
6)配置两台机器的mysql主主关系
++++++++++++172.22.51.65这台+++++++++++++++++++++
验证登录
[root@dns01 ~]# mysql -hlocalhost -unamedmanager -p
Password:查看配置文件vi /etc/namedmanager/config.php(上面安装namedmanager时,脚本自动生成数据库以及数据库账号密码以及权限的)
......
mysql>
++++++++++++172.22.51.74这台+++++++++++++++++++++
验证登录:因172.22.51.65和172.22.51.74做了mysql主-主,新创建的用户namedmanager的账号密码也同步到74这台,但namedmanager配置文件并没有自动修改,所以需要65上的namedmanage用户的数据库密码更新到74namedmanager的配置上面,保持一致,否则登录74 namedmanager页面会提示数据库连接失败。
[root@dns01 ~]# mysql -hlocalhost -unamedmanager -p
Password:查看配置文件vi /etc/namedmanager/config.php(上面安装namedmanager时,脚本自动生成数据库以及数据库账号密码以及权限的,因为和65是不一样的,所以需要更新成65一样才行)
......
mysql>
-------------------------------------------------------------
172.22.51.65机器上的mysql设置
[root@dns01 ~]# cp /etc/my.cnf /etc/my.cnf.bak
[root@dns01 ~]# vim /etc/my.cnf #在[mysqld]区域里添加下面几行内容
......
server-id = 1
log-bin = mysql-bin
sync_binlog = 1
binlog_format = mixed
auto-increment-increment = 2
auto-increment-offset = 1
slave-skip-errors = all
重启mysqld服务
[root@dns01 log]# systemctl restart mysqld
数据同步授权,这样I/O线程就可以以这个用户的身份连接到主服务器,并且读取它的二进制日志。
[root@dns01 log]# mysql -uroot -p
......
mysql> grant replication slave,replication client on *.* to kevin@'172.22.51.%' identified by "Kevin@123";
mysql> flush privileges;
最好将库锁住,仅仅允许读,以保证数据一致性;待主主同步环境部署后再解锁;
锁住后,就不能往表里写数据,但是重启mysql服务后就会自动解锁!
mysql> flush tables with read lock;
mysql> show master status;
+------------------+----------+--------------+------------------+
| File | Position | Binlog_Do_DB | Binlog_Ignore_DB |
+------------------+----------+--------------+------------------+
| mysql-bin.000001 | 154 | | |
+------------------+----------+--------------+------------------+
1 row in set (0.00 sec)
--------------------------------------------------------------------
172.22.51.74机器上的mysql设置
[root@dns02 ~]# cp /etc/my.cnf /etc/my.cnf.bak
[root@dns02 ~]# vim /etc/my.cnf
.......
server-id = 2
log-bin = mysql-bin
sync_binlog = 1
binlog_format = mixed
auto-increment-increment = 2
auto-increment-offset = 2
slave-skip-errors = all
[root@dns02 ~]# systemctl restart mysqld
[root@dns02 ~]# mysql –uroot -p
.......
mysql> grant replication slave,replication client on *.* to kevin@'172.22.51.%' identified by "Kevin@123";
mysql> flush privileges;
mysql> flush tables with read lock;
mysql> show master status;
+------------------+----------+--------------+------------------+
| File | Position | Binlog_Do_DB | Binlog_Ignore_DB |
+------------------+----------+--------------+------------------+
| mysql-bin.000001 | 630 | | |
+------------------+----------+--------------+------------------+
1 row in set (0.00 sec)
---------------172.22.51.65服务器做同步操作---------------
mysql> unlock tables;
Query OK, 0 rows affected (0.00 sec)
mysql> stop slave;
Query OK, 0 rows affected, 1 warning (0.00 sec)
mysql> change master to master_host='172.22.51.74',master_user='kevin',master_password='Kevin@123',master_log_file='mysql-bin.000001',master_log_pos=794;
Query OK, 0 rows affected (0.20 sec)
mysql> start slave;
Query OK, 0 rows affected (0.00 sec)
mysql> show slave status \G;
.......
*************************** 1. row ***************************
Slave_IO_State: Waiting for master to send event
Master_Host: 172.22.51.74
Master_User: kevin
Master_Port: 3306
Connect_Retry: 60
Master_Log_File: mysql-bin.000001
Read_Master_Log_Pos: 365
Relay_Log_File: mysqld-relay-bin.000002
Relay_Log_Pos: 251
Relay_Master_Log_File: mysql-bin.000001
Slave_IO_Running: Yes
Slave_SQL_Running: Yes
.......
.......
---------------172.22.51.74服务器做同步操作---------------
mysql> unlock tables;
Query OK, 0 rows affected (0.00 sec)
mysql> stop slave;
Query OK, 0 rows affected, 1 warning (0.00 sec)
mysql> change master to master_host='172.22.51.65',master_user='kevin',master_password='Kevin@123',master_log_file='mysql-bin.000001',master_log_pos=321;
Query OK, 0 rows affected (0.18 sec)
mysql> start slave;
Query OK, 0 rows affected (0.00 sec)
mysql> show slave status \G;
*************************** 1. row ***************************
Slave_IO_State: Waiting for master to send event
Master_Host: 172.22.51.65
Master_User: kevin
Master_Port: 3306
Connect_Retry: 60
Master_Log_File: mysql-bin.000001
Read_Master_Log_Pos: 365
Relay_Log_File: mysqld-relay-bin.000002
Relay_Log_Pos: 251
Relay_Master_Log_File: mysql-bin.000001
Slave_IO_Running: Yes
Slave_SQL_Running: Yes
.......
.......
到这里,172.22.51.65和172.22.51.74两台机器的mysql主主关系就配置成功了。下面测试下:
首先在172.22.51.65的mysql数据库上添加数据:
[root@dns01 log]# mysql –uroot -p
.....
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| namedmanager |
| test |
+--------------------+
4 rows in set (0.00 sec)
mysql> create database kevin;
Query OK, 1 row affected (0.04 sec)
然后到172.22.51.74机器的mysql数据库上验证并变更数据
[root@dns02 ~]# mysql –uroot -p
.......
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| kevin |
| mysql |
| namedmanager |
| test |
+--------------------+
5 rows in set (0.00 sec)
mysql> drop database kevin;
Query OK, 0 rows affected (0.03 sec)
mysql> create database bobo;
Query OK, 1 row affected (0.08 sec)
再到172.22.51.65机器的mysql数据库上验证
[root@dns01 log]# mysql –uroot -p
......
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| bobo |
| mysql |
| namedmanager |
| test |
+--------------------+
5 rows in set (0.00 sec)
mysql> drop database bobo;
Query OK, 0 rows affected (0.05 sec)
7)在172.22.51.65和172.22.51.74两台机器上配置相关数据的同步关系。
先做好两台机器的ssh相互信任关系。
[root@dns01 ~]#ssh-keygen -t rsa
[root@dns02 ~]#ssh-keygen -t rsa
[root@dns01 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub –p 22 root@172.22.51.74
[root@dns02 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub –p 22 root@172.22.51.65
验证两机之间的ssh互信
[root@dns01 ~]# ssh -p22 root@172.22.51.74
[root@dns02 ~]#
[root@dns02 httpd]# ssh -p22 root@172.22.51.65
[root@dns01 ~]#
------------------------------------------------------------
现在172.22.51.65机器上做同步,判断VIP资源是否存在本机,如果存在就同步到另一台机器上。
[root@dns01 ~]# vim /opt/rsync_dns.sh
#!/bin/bash
while [ "1" = "1" ]
do
NUM=`ip addr|grep 172.22.51.75|wc -l`
if [ $NUM -eq 0 ];then
echo "vip is not at this server" >/dev/null 2>&1
fi
if [ $NUM -eq 1 ];then
/usr/bin/rsync -e "ssh -p22" -avpgolr /etc/named.conf root@172.22.51.74:/etc/
/usr/bin/rsync -e "ssh -p22" -avpgolr /var/named/*.zone root@172.22.51.74:/var/named/
fi
done
授予脚本执行权限,并启动脚本
[root@dns01 ~]# chmod 755 /opt/rsync_dns.sh
[root@dns01 ~]# nohup sh /opt/rsync_dns.sh &
[root@dns01 ~]# ps -ef|grep rsync_dns.sh
root 6310 21411 0 22:33 pts/1 00:00:00 sh /opt/rsync_dns.sh
root 6508 21411 0 22:33 pts/1 00:00:00 grep rsync_dns.sh
-----------------------------------------------------------------
然后在172.22.51.74机器上做同步:
[root@dns02 httpd]# vim /opt/rsync_dns.sh
#!/bin/bash
while [ "1" = "1" ]
do
NUM=`ip addr|grep 172.22.51.75|wc -l`
if [ $NUM -eq 0 ];then
echo "vip is not at this server" >/dev/null 2>&1
fi
if [ $NUM -eq 1 ];then
/usr/bin/rsync -e "ssh -p22" -avpgolr /etc/named.conf root@172.22.51.65:/etc/
/usr/bin/rsync -e "ssh -p22" -avpgolr /var/named/*.zone root@172.22.51.65:/var/named/
fi
done
授予脚本执行权限,并启动脚本
[root@dns02 httpd]# chmod 755 /opt/rsync_dns.sh
[root@dns02 httpd]# nohup sh /opt/rsync_dns.sh &
[root@dns02 httpd]# ps -ef|grep rsync_dns.sh
root 12578 5466 0 22:35 pts/1 00:00:00 grep rsync_dns.sh
root 32124 5466 8 22:35 pts/1 00:00:00 sh /opt/rsync_dns.sh
8)访问namedmanager(https://172.22.51.75/namedmanager)进行界面配置。(由于此时vip资源在172.22.51.65机器上,故配置信息从172.22.51.65机器同步到172.22.51.74机器)。默认用户名和密码(setup,setup123)。不要忘记在用户管理中修改用户名和密码。
解决办法:vi /etc/httpd/conf/httpd.conf,修改如下:
重置管理员用户名和密码(由于两台服务器的mysql做了主主关系,修改后的信息同样会同步到另一台机器的mysql数据库里,即修改后的管理员账号密码同样适用于另一台机器的namedmanager登录)
接着设置API key(如下图。设置邮箱地址和API key,这个key是在上面的/etc/namedmanager/config-bind.php文件中设置的)
添加服务器。Name Server FQDN的名称要和httpd中的ServerName一致。(如下添加部署机的主机名或者ip地址都可以)
确保下面的"Zonefile Status"和"Logging Status"的状态是绿色的。
添加正向域名解析
添加反向域名解析(如果有多个ip段的客户机,那么就如下图添加多个反向解析配置)
查看正反向解析域名添加情况
上面已经成功添加了正反向解析域名,现在尝试添加一些域名的A记录和PTR记录
先添加A正向解析记录
由于上面在添加A正向解析的时候,已经勾选了PTR反向解析(如果没有勾选,则需要手动添加PTR反向解析记录),故这时候已经有了上面那几个域名的反向解析记录了:
如上,已经添加了几个正反向解析记录,可以访问https://172.22.51.74/namedmanager,发现访问另一台机器的namedmanager(使用上面重置后的admin用户)也会看到上面设置的正反向解析配置信息。这就说明双机同步已经生效。
可以登录到两台机器本机上查看相关的正反向解析配置:
[root@dns01 ~]# cd /var/named/
[root@dns01 named]# ll
total 36
-rw-r--r--. 1 root root 614 Jun 3 23:42 51.22.172.in-addr.arpa.zone
drwxrwx---. 2 named named 4096 Jun 3 03:21 data
drwxrwx---. 2 named named 4096 Jun 3 23:05 dynamic
-rw-r--r--. 1 root root 575 Jun 3 23:42 kevin.cn.zone
-rw-r-----. 1 root named 3289 Apr 11 2017 named.ca
-rw-r-----. 1 root named 152 Dec 15 2009 named.empty
-rw-r-----. 1 root named 152 Jun 21 2007 named.localhost
-rw-r-----. 1 root named 168 Dec 15 2009 named.loopback
drwxrwx---. 2 named named 4096 Jan 22 20:57 slaves
[root@dns01 ~]# cat /etc/named.namedmanager.conf
//
// NamedManager Configuration
//
// This file is automatically generated any manual changes will be lost.
//
zone "kevin.cn" IN {
type master;
file "kevin.cn.zone";
allow-update { none; };
};
zone "51.22.172.in-addr.arpa" IN {
type master;
file "51.22.172.in-addr.arpa.zone";
allow-update { none; };
};
[root@dns01 named]# cat kevin.cn.zone
$ORIGIN kevin.cn.
$TTL 120
@ IN SOA dns.kevin.cn. wangshbo.veredholdings.com. (
2018060311 ; serial
21600 ; refresh
3600 ; retry
604800 ; expiry
120 ; minimum ttl
)
; Nameservers
kevin.cn. 86400 IN NS dns.kevin.cn.
; Mailservers
; Reverse DNS Records (PTR)
; CNAME
; HOST RECORDS
db01 120 IN A 192.168.10.239
db02 120 IN A 192.168.10.212
dns 120 IN A 172.22.51.75
dns01 120 IN A 172.22.51.65
dns02 120 IN A 172.22.51.74
ftp01 120 IN A 192.168.10.209
nc-app 120 IN A 192.168.10.210
web01 120 IN A 192.168.10.214
web02 120 IN A 192.168.10.215
[root@dns01 named]# cat 51.22.172.in-addr.arpa.zone
$ORIGIN 51.22.172.in-addr.arpa.
$TTL 120
@ IN SOA dns.kevin.cn. wangshbo.veredholdings.com. (
2018060310 ; serial
21600 ; refresh
3600 ; retry
604800 ; expiry
120 ; minimum ttl
)
; Nameservers
51.22.172.in-addr.arpa. 86400 IN NS dns.kevin.cn.
; Mailservers
; Reverse DNS Records (PTR)
190 120 IN PTR dns.kevin.cn.
202 120 IN PTR dns01.kevin.cn.
203 120 IN PTR dns02.kevin.cn.
209 120 IN PTR ftp01.kevin.cn.
210 120 IN PTR nc-app.kevin.cn.
212 120 IN PTR db02.kevin.cn.
214 120 IN PTR web01.kevin.cn.
215 120 IN PTR web02.kevin.cn.
239 120 IN PTR db01.kevin.cn.
; CNAME
; HOST RECORDS
9)客户机的DNS配置
root@localhost ~]# ifconfig|grep 192
inet addr:192.168.10.207 Bcast:192.168.10.255 Mask:255.255.255.0
[root@localhost ~]# vim /etc/resolv.conf
domain kevin.cn
search kevin.cn
nameserver 172.22.51.75
[root@localhost ~]# ping www.baidu.com
PING www.a.shifen.com (61.135.169.121) 56(84) bytes of data.
64 bytes from 61.135.169.121: icmp_seq=1 ttl=55 time=2.23 ms
64 bytes from 61.135.169.121: icmp_seq=2 ttl=55 time=2.71 ms
64 bytes from 61.135.169.121: icmp_seq=1 ttl=55 time=2.23 ms
64 bytes from 61.135.169.121: icmp_seq=2 ttl=55 time=2.71 ms
......
......
[root@localhost ~]# ping ftp01.kevin.cn
PING ftp01.kevin.cn (192.168.10.209) 56(84) bytes of data.
64 bytes from ftp01.kevin.cn (192.168.10.209): icmp_seq=1 ttl=64 time=1.25 ms
64 bytes from ftp01.kevin.cn (192.168.10.209): icmp_seq=2 ttl=64 time=0.121 ms
[root@localhost ~]# ping db02.kevin.cn
PING db02.kevin.cn (192.168.10.212) 56(84) bytes of data.
64 bytes from db02.kevin.cn (192.168.10.212): icmp_seq=1 ttl=64 time=0.408 ms
64 bytes from db02.kevin.cn (192.168.10.212): icmp_seq=2 ttl=64 time=0.199 ms
故障切换验证:
关闭172.22.51.65上的keepalived服务,当vip资源切换到172.22.51.74机器上后,
再次在客户机上测试
[root@dns01 ~]# /etc/init.d/keepalived stop
Stopping keepalived: [ OK ]
[root@dns01 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:6f:a5:e3 brd ff:ff:ff:ff:ff:ff
inet 172.22.51.65/24 brd 192.168.10.255 scope global eth0
inet6 fe80::5054:ff:fe6f:a5e3/64 scope link
valid_lft forever preferred_lft forever
[root@dns02 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:e2:01:9b brd ff:ff:ff:ff:ff:ff
inet 172.22.51.74/24 brd 192.168.10.255 scope global eth0
inet 172.22.51.75/32 scope global eth0
inet6 fe80::5054:ff:fee2:19b/64 scope link
valid_lft forever preferred_lft forever
当vip资源转移到另一台机器后,客户机上的DNS就会继续生效了。
[root@localhost ~]# ping www.qq.com
PING news.qq.com (125.39.52.26) 56(84) bytes of data.
64 bytes from no-data (125.39.52.26): icmp_seq=1 ttl=52 time=4.32 ms
64 bytes from no-data (125.39.52.26): icmp_seq=2 ttl=52 time=4.15 ms
[root@localhost ~]# ping web02.kevin.cn
PING web02.kevin.cn (192.168.10.215) 56(84) bytes of data.
64 bytes from web02.kevin.cn (192.168.10.215): icmp_seq=1 ttl=64 time=2.14 ms
64 bytes from web02.kevin.cn (192.168.10.215): icmp_seq=2 ttl=64 time=0.143 ms
如果上面不做两台机器的mysql主主以及那些dns相关同步配置,那么要想实现主机高可用(提供统一的vip访问地址),就需要将DNS的解析配置在172.22.51.65和172.22.51.74
两台机器的namedmanager界面里同样操作,即每次都要操作两遍。