NFS双机热备

1. 需求及思路

• 1.解决了nfs单点故障；
• 2.使用nfs+keepalived做了主备；
• 3.两个ningx翻译顾客需求处理任务，通过rsync+inotify实现主备之间的共享目录 实时备份进行同步。
• 4.nfs上的共享目录都是通过挂载，使共享目录有扩展性
• 5.rsync+crontab crontab数据备份到master­nfs存储客户写入的静态资源
• 6.首先NFS挂载在web服务器上，可以访问写入NFS静态资源(例如图片Mp3还有 附件等)，第二个NFS备份服务器和NFS主服务器进行利用rsync+inotify进行实时 备份，并且顾客写入的数据也会在从数据库备份到第二台NFS备份服务器上

2. 环境

服务	IP	主机名
NFS+rsync	192.168.157.10	nfs-master
NFS+rsync	192.168.157.11	nfs-backup

3. 项目实施

3.1 搭建keepalived服务

//master和backup都安装keepalived服务

[root@nfs-master ~]# vim /etc/keepalived/keepalived.conf  ! Configuration File for keepalived 
	 
! Configuration File for keepalived
	
global_defs {
   notification_email {
	        acassen@firewall.loc
	        failover@firewall.loc
	        sysadmin@firewall.loc
	  }
	
    notification_email_from Alexandre.Cassen@firewall.loc
    smtp_server 192.168.200.1
	smtp_connect_timeout 30
    router_id nfs-master
    vrrp_skip_check_adv_addr
    	 #  vrrp_strict
	    vrrp_garp_interval 0
	    vrrp_gna_interval 0
	}
	vrrp_instance VI_1 {
	        state MASTER
	        interface ens32
	        virtual_router_id 51
	        priority 110
	        advert_int 1
	        authentication {
	                auth_type PASS
	                auth_pass 1111
	        }
	
	         virtual_ipaddress {
	                 192.168.157.100/24
	        }
	}
#backup端配置一样，只需修改state和router-id

//开启两端服务并查看VIP

	[root@nfs-master ~]# systemctl start keepalived
	[root@nfs-master ~]# systemctl enable keepalived
	Created symlink from /etc/systemd/system/multi-user.target.wants/keepalived.service to /usr/lib/systemd/system/keepalived.service.
	
	[root@nfs-master ~]# ip a show ens32
	2: ens32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
	    link/ether 00:0c:29:00:aa:cb brd ff:ff:ff:ff:ff:ff
	    inet 192.168.157.10/24 brd 192.168.157.255 scope global ens32
	       valid_lft forever preferred_lft forever
	    inet 192.168.157.100/24 scope global secondary ens32
	       valid_lft forever preferred_lft forever
	    inet6 fe80::9509:9f65:52e2:2dc5/64 scope link 
	       valid_lft forever preferred_lft forever
	    inet6 fe80::8671:628d:d171:6929/64 scope link tentative dadfailed 
	       valid_lft forever preferred_lft forever

3.2 nfs+rsync配置

3.2.1 创建共享目录

//在nfs-backup上创建共享目录

	#关机添加一块硬盘/dev/sdb
	[root@nfs-backup ~]# pvcreate /dev/sdb 
	  Physical volume "/dev/sdb" successfully created.
	  
	[root@nfs-backup ~]# vgcreate nfs /dev/sdb
	  Volume group "nfs" successfully created
	  
	[root@nfs-backup ~]# lvcreate -L 500M -n pj1 nfs
	  Logical volume "pj1" created.
	  
	[root@nfs-backup ~]# mkfs.xfs /dev/nfs/pj1 
	meta-data=/dev/nfs/pj1           isize=512    agcount=4, agsize=32000 blks
	         =                       sectsz=512   attr=2, projid32bit=1
	         =                       crc=1        finobt=0, sparse=0
	data     =                       bsize=4096   blocks=128000, imaxpct=25
	         =                       sunit=0      swidth=0 blks
	naming   =version 2              bsize=4096   ascii-ci=0 ftype=1
	log      =internal log           bsize=4096   blocks=855, version=2
	         =                       sectsz=512   sunit=0 blks, lazy-count=1
	realtime =none                   extsz=4096   blocks=0, rtextents=0
	
	[root@nfs-backup ~]# mkdir /share
	[root@nfs-backup ~]# mount /dev/nfs/pj1 /share/
	
	[root@nfs-backup ~]# df -h
	文件系统               容量  已用  可用 已用% 挂载点
	/dev/mapper/rhel-root   17G  1.4G   16G    8% /
	devtmpfs               901M     0  901M    0% /dev
	tmpfs                  912M     0  912M    0% /dev/shm
	tmpfs                  912M  8.5M  904M    1% /run
	tmpfs                  912M     0  912M    0% /sys/fs/cgroup
	/dev/sda1             1014M  143M  872M   15% /boot
	tmpfs                  183M     0  183M    0% /run/user/0
	/dev/mapper/nfs-pj1    497M   26M  472M    6% /share
	
	#永久挂载
	[root@nfs-backup ~]# blkid|grep /dev/mapper/nfs-pj1 
	/dev/mapper/nfs-pj1: UUID="c2d8cdaf-1f9c-4d5f-a5fe-ef25d254fc9c" TYPE="xfs" 

	[root@nfs-backup ~]# vim /etc/fstab 
	UUID="c2d8cdaf-1f9c-4d5f-a5fe-ef25d254fc9c" /share xfs defaults 0 0
	[root@nfs-backup ~]# mount -a 

3.2.2 共享目录资源同步

//在nfs-backup上安装rsync

	[root@nfs-backup ~]# yum -y install rsync
	[root@nfs-backup ~]# vim /etc/rsyncd.conf 

	log file = /var/log/rsyncd.log
	pidfile = /var/run/rsyncd.pid
	lock file = /var/run/rsync.lock
	secrets file = /etc/rsync.password
	
	[etc_from_client]
	        path = /share/
	        comment = sync etc from client
	        uid = root
	        gid = root
	        port = 873
	        ignore errors
	        use chroot = no
	        read only = no
	        list = no
	        max connections = 200
	        timeout = 600
	        
	[root@nfs-backup ~]# systemctl restart rsyncd

	#创建用户认证文件
	[root@nfs-backup ~]# vim /etc/rysnc.password
	JauLi:123456
	#修改权限为600，并开启服务
	[root@nfs-backup ~]# chmod 600 /etc/rysncd.password
	[root@nfs-backup ~]# systemctl restart rsyncd
	[root@nfs-backup ~]# systemctl enable rsyncd
	Created symlink from /etc/systemd/system/multi-user.target.wants/rsyncd.service to /usr/lib/systemd/system/rsyncd.service.

//nfs-master上安装rsync+inotify

	[root@nfs-master ~]# yum -y install rsync inotify-tools 
	#生成认证文件，要与backup端一致
	[root@nfs-master ~]# vim /etc/rsyncd.password
	123456
	
	[root@nfs-master ~]# ll /etc/rsync.password 
	-rw-------. 1 root root 7 5月  14 11:35 /etc/rsync.password

	[root@nfs-master ~]# mkdir -pv project/test/

	[root@nfs-master ~]# rsync -avH --port 873 --progress --delete /root/project/ JauLi@192.168.157.11::etc_from_client --password-file=/etc/rsync.password
	sending incremental file list
	./
	test/
	
	sent 75 bytes  received 27 bytes  204.00 bytes/sec
	total size is 0  speedup is 0.00

//写同步脚本，这是最最重要的一步，请慎之又慎。让脚本自动去检测我们制定的目录下

//文件发生的变化，然后再执行rsync的命令把它同步到我们的服务器端去

 [root@nfs-master ~]# mkdir /scripts
 [root@nfs-master ~]# touch /scripts/inotify.sh
 [root@nfs-master ~]# chmod +x /scripts/inotify.sh 
 [root@nfs-master ~]# ll /scripts/inotify.sh 
 -rwxr-xr-x. 1 root root 0 5月  14 11:52 /scripts/inotify.sh

 
 [root@nfs-master ~]# vim /scripts/inotify.sh
 #!/bin/bash 
 host=192.168.157.11		//目标服务器的ip(备份服务器)
 src=project/*		//在源服务器上所要监控的备份目录（此处可以自定义，但是要保证存在）
 des=etc_from_client		//自定义的模块名，需要与目标服务器上定义的同步名称一致
 password=/etc/rsync.password		//执行数据同步的密码文件
 user=JauLi		//执行数据同步的用户名
 inotifywait=/usr/bin/inotifywait
 
 $inotifywait -mrq --timefmt '%Y%m%d %H:%M' --format '%T %w%f%e' -e modify,delete,create,attrib $src 	\
 
 | while read files ;do
     rsync -avzP --delete  --timeout=100 --password-file=${password} $src $user@$host::$des
 echo "${files} was rsynced" >>/tmp/rsync.log 2>&1
 done

//检查脚本语法是否有错，如果没错则先手动启动脚本

	[root@nfs-master scripts]# bash -s inotify.sh 
	[root@nfs-master scripts]# nohup bash inotify.sh &
	[1] 1440
	[root@nfs-master scripts]# nohup: 忽略输入并把输出追加到"nohup.out"
	[1]+  完成                  nohup bash inotify.sh

//验证

	#在源服务器上创建一个test文件
	[root@nfs-master ~]# echo "This is a test" > project/test/test 
	[root@nfs-master ~]# cat project/test/test 
	This is a test

	#在目标服务器上查看
	[root@nfs-backup ~]# cat /share/test/test 
	This is a test

//设置脚本开机自动启动

	[root@nfs-master ~]# chmod +x /etc/rc.d/rc.local 
	[root@nfs-master ~]# ll /etc/rc.d/rc.local 
	-rwxr-xr-x. 1 root root 473 6月  27 2017 /etc/rc.d/rc.local
	[root@nfs-master ~]# echo 'nohup /bin/bash /scripts/inotify.sh' >> /etc/rc.d/rc.local
	[root@nfs-master ~]# tail /etc/rc.d/rc.local
	# to run scripts during boot instead of using this file.
	#
	# In contrast to previous versions due to parallel execution during boot
	# this script will NOT be run after all other services.
	#
	# Please note that you must run 'chmod +x /etc/rc.d/rc.local' to ensure
	# that this script will be executed during boot.
	
	touch /var/lock/subsys/local
	nohup /bin/bash /scripts/inotify.sh

//开放/nfs/upload目录为192.168.157.0/24网段的数据上传目录

	[root@nfs-master ~]# yum -y install nfs-utils
	[root@nfs-master share]# vim /etc/exports
	/share  192.168.157.0/24(rw,sync)
	[root@nfs-master share]# exportfs -ar
	[root@nfs-master share]# systemctl restart nfs
	[root@nfs-master share]# systemctl enable nfs
	Created symlink from /etc/systemd/system/multi-user.target.wants/nfs-server.service to /usr/lib/systemd/system/nfs-server.service.

//keepalived健康检查，监控nfs

	[root@nfs-master scripts]# vim check_nfs.sh
	[root@nfs-master scripts]# chmod +x check_nfs.sh 

	#!/bin/bash
	
	A=`ps -C nfsd --no-header | wc -l`
	
	if [ $A -eq 0 ];then
	
	        systemctl restart nfs-server.service
	        sleep 2
	if [ `ps -C nfsd --no-header| wc -l` -eq 0 ];then  
	         pkill keepalived
	   fi
	fi


	[root@nfs-master ~]# vim /etc/keepalived/keepalived.conf 
	#在global_defs{}下添加以下内容
	vrrp_script chk_nfs {
        script "/scripts/check_nfs.sh"
        interval 2
        weight 2
	}
	
	[root@nfs-master ~]# systemctl restart keepalived