keepalived+openldap主主模式(Mirror Mode)模式实例
ps:下面是一个ldap Mirror Mode的实例,做主主复制,如果对此不是太熟悉的话,可以参考:http://407711169.blog.51cto.com/6616996/1529506 。这里只做了主主模型2台机器,未在下面做slave的操作。只用keepalived做了高可用。
一、keepalived环境搭建
如上图,实体ip为253与254 虚ip为255 如果对keepalived不太熟悉,参见google
2台机器keepalived都需要装,且只有配置文件不同,所以安装流程只进行一次演示:
cd /usr/local/src wget yum -y install openssl-devel #安装过程中可能会报openssl依赖库找不到,所以直接安装 tar xf keepalived-1.2.13.tar.gz cd keepalived-1.2.13 ./configure make && make install #添加开机启动选项 cp /usr/local/etc/rc.d/init.d/keepalived /etc/rc.d/init.d/ cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/ # 这里可以在这个文件里面 添加下 -f /etc/keepalived/keepalived.conf chkconfig --add keepalived chkconfig keepalived on ln -sv /usr/local/etc/keepalived/ /etc/keepalived #软连接 # cd /etc/keepalived/ mkdir scripts #为后续检查脚本做铺垫
到这里,就要进行具体的配置了:
192.168.100.253:
vim /etc/keepalived/keepalived.conf
#下面为配置文件内容
! Configuration File for keepalived
#全局配置
global_defs {
notification_email {
root@localhost
}
notification_email_from root@localhost
smtp_server localhost
smtp_connect_timeout 30
router_id NodeAa
}
#检查规则的步骤
vrrp_script chk_url_fw {
script "sh /etc/keepalived/scripts/urltest.sh" #两边脚本内容可完全相同,
interval 10
weight -2
fall 2
rise 2
}
vrrp_instance VI_1 {
state MASTER #设置为主
interface eth0 #监听网卡
virtual_router_id 128 #2台keepalived的相同id,用于标示
priority 100 #优先级
advert_int 1
authentication { #认证方式
auth_type PASS
auth_pass 7758521
}
virtual_ipaddress { #虚ip
192.168.100.255/24 dev eth0 label eth0:0
}
track_script { #检查健康状态
chk_url_fw
}
notify_master "/etc/keepalived/scripts/notify.sh master" #notify脚本,注:253与254的脚本不同!只是名字相同而已
notify_backup "/etc/keepalived/scripts/notify.sh backup"
notify_fault "/etc/keepalived/scripts/notify.sh failed"
}
vim /etc/keepalived/scripts/notify.sh
#下面为内容
#!/bin/bash
#file:100.253
source /etc/profile &> /dev/null
basedir=$(cd `dirname $0`;pwd)
function master() {
echo "[INFO]-[`date`]-[MASTER]--" >> $basedir/log
echo "[INFO]-[`date`]-[MASTER]-Start the [sldap server] on 192.168.100.253 " >> $basedir/log
echo "[INFO]-[`date`]-[MASTER]-Send sms to user : 【info】100.253 start server..." >> $basedir/log
/usr/bin/expect $basedir/expect.ex "$PHONE" "【info】ldap [100.253]开始运行。" #发送短信的方式,这里不做具体解释了
echo "[INFO]-[`date`]-[MASTER]---" >> $basedir/log
}
function backup() {
echo "[INFO]-[`date`]-[SLAVE]--" >> $basedir/log
echo "[INFO]-[`date`]-[SLAVE]-Close the [sldap server] on 192.168.100.253 " >> $basedir/log
echo "[INFO]-[`date`]-[SLAVE]-Send sms to user : 【info】100.254 start server..." >> $basedir/log
/usr/bin/expect $basedir/expect.ex "$PHONE" "【info】passport [100.254]开始运行。"
echo "[INFO]-[`date`]-[SLAVE]---" >> $basedir/log
}
function failed() {
/usr/bin/expect $basedir/expect.ex "$PHONE" "【warning】ldap 2台机器都无法访问!!!!"
echo "[INFO]-[`date`]-[ALL]--two machine down!!!!" >> $basedir/log
}
case $1 in
master)
master
;;
backup)
backup
;;
failed)
failed
;;
esac
vim /etc/keepalived/scripts/urltest.sh # #!/bin/bash # /usr/bin/curl --user user:pass http://localhost >/tmp/status 2>/dev/null /bin/grep "auth ok" /tmp/status &> /dev/null if [ $? -ne 0 ];then exit 5 else exit 0 fi
192.168.100.254:
vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from root@localhost
smtp_server localhost
smtp_connect_timeout 30
router_id NodeAa
}
vrrp_script chk_url_fw {
script "sh /etc/keepalived/scripts/urltest.sh"
interval 10
weight -2
fall 2
rise 2
}
vrrp_instance VI_1 {
state BACKUP #########从节点
interface eth0
virtual_router_id 128
priority 99 ###优先级
advert_int 1
authentication {
auth_type PASS
auth_pass 7758521
}
virtual_ipaddress {
192.168.100.255/24 dev eth0 label eth0:0
}
track_script {
chk_url_fw
}
notify_master "/etc/keepalived/scripts/notify.sh master"
notify_backup "/etc/keepalived/scripts/notify.sh backup"
notify_fault "/etc/keepalived/scripts/notify.sh failed"
}
vim /etc/keepalived/scripts/notify.sh
#下面为内容
#!/bin/bash
#
source /etc/profile &> /dev/null
basedir=$(cd `dirname $0`;pwd)
function master() {
echo "[INFO]-[`date`]-[SLAVE]--" >> $basedir/log
echo "[INFO]-[`date`]-[SLAVE]-Start the [sldap server] on 192.168.100.254 " >> $basedir/log
echo "[INFO]-[`date`]-[SLAVE]-Send sms to user : 【info】100.254 start server..." >> $basedir/log
echo "[INFO]-[`date`]-[SLAVE]---" >> $basedir/log
}
function backup() {
echo "[INFO]-[`date`]-[MASTER]--" >> $basedir/log
echo "[INFO]-[`date`]-[MASTER]-Close the [sldap server] on 192.168.100.254 " >> $basedir/log
echo "[INFO]-[`date`]-[MASTER]-Send sms to user : 【info】100.253 start server..." >> $basedir/log
echo "[INFO]-[`date`]-[MASTER]---" >> $basedir/log
}
function failed() {
echo "[INFO]-[`date`]-[ALL]--two machine down!!!!" >> $basedir/log
}
case $1 in
master)
master
;;
backup)
backup
;;
failed)
failed
;;
esac
254的/etc/keepalived/scripts/urltest.sh 与253的相同。
此刻,keepalived已经配置好,先不启动,先配置ldap。
ldap安装的流程这里就不做演示了,很简单(yum一下)
重点在配置文件!
192.168.100.253:
vim /etc/openldap/slapd.conf
#下面是精简的配置,其他的都已经过滤!
include /etc/openldap/schema/corba.schema
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/duaconf.schema
include /etc/openldap/schema/dyngroup.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/java.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/ppolicy.schema
include /etc/openldap/schema/collective.schema
allow bind_v2
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
modulepath /usr/lib/openldap
modulepath /usr/lib64/openldap
moduleload syncprov.la
TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
TLSCertificateFile /etc/pki/tls/certs/slapd.pem
TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem
include /etc/openldap/access.conf
database bdb
suffix "dc=***,dc=com" #请将***替换为你需要的,下同
rootdn "cn=Manager,dc=***,dc=com"
rootpw {SSHA}XVu6fPl/7cFuA8Q8rCQ158wQ32btncGq #密码 ,当然可以是明文的 哈哈
directory /var/lib/ldap
loglevel 256
index objectclass,entryCSN,entryUUID eq
#####这里才是重点
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
serverID 1
syncrepl rid=002
provider=ldap://192.168.100.254
bindmethod=simple
binddn="cn=Manager,dc=***,dc=com"
credentials=密码 #明文
searchbase="dc=****,dc=com"
schemachecking=on
filter="(objectClass=*)"
scope=sub
schemachecking=off
type=refreshAndPersist
retry="60 +"
mirrormode on
192.168.100.254:
vim /etc/openldap/slapd.conf
#下面是精简的配置,其他的都已经过滤!
include /etc/openldap/schema/corba.schema
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/duaconf.schema
include /etc/openldap/schema/dyngroup.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/java.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/ppolicy.schema
include /etc/openldap/schema/collective.schema
allow bind_v2
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
modulepath /usr/lib/openldap
modulepath /usr/lib64/openldap
moduleload syncprov.la
TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
TLSCertificateFile /etc/pki/tls/certs/slapd.pem
TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem
include /etc/openldap/access.conf
database bdb
suffix "dc=***,dc=com"
rootdn "cn=Manager,dc=***,dc=com"
rootpw {SSHA}XVu6fPl/7cFuA8Q8rCQ158wQ32btncGq
directory /var/lib/ldap
loglevel 256
index objectclass,entryCSN,entryUUID eq
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
serverID 2
syncrepl rid=002
provider=ldap://192.168.100.253
bindmethod=simple
binddn="cn=Manager,dc=***,dc=com"
credentials=密码 #明文
searchbase="dc=***,dc=com"
schemachecking=on
filter="(objectClass=*)"
scope=sub
schemachecking=off
type=refreshAndPersist
retry="60 +"
mirrormode on
配置好,重点来了!!!
你直接启动ldap(/etc/init.d/slapd start)是不读新的配置的,以我暂且的阅历来讲是发现这么个情况的!
所以,要这样
#删除就得配置缓存(暂且这么理解吧) rm -rf /etc/openldap/slapd.d/* #生成新的 slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/ chown -R ldap.ldap /etc/openldap/slapd.d
然后就好了,然后你就可以启动ldap服务啦,
然后你就可以启动keepalived服务啦。
然后你就可以停掉一遍测试服务啦。
PS:2台服务器都需搭建http服务,同样也是搞2套一模一样的即可!如果你使用web服务工具的话!