Jumpserver3.0 安装部署文档
一、安装
https://github.com/jumpserver/jumpserver/wiki/%E5%9F%BA%E4%BA%8E-RedHat-%E7%9A%84%E7%B3%BB%E7%BB%9F
二、配置
https://github.com/jumpserver/jumpserver/wiki/%E5%BA%94%E7%94%A8%E5%9B%BE%E8%A7%A3
注意:
使用不同账户,执行执行脚本时候sudo经常会碰到 sudo: sorry, you must have a tty to run sudo这个情况,其实修改一下sudo的配置就好了
vi /etc/sudoers (最好用visudo命令)
注释掉 Default requiretty 一行
Default requiretty
意思就是sudo默认需要tty终端。注释掉就可以在后台执行了。
执行:
sed -i ‘s/Default.*requiretty/#Default requiretty/g’ /etc/sudoers
三、集群
node1: 10.0.70.242:8000
node2: 10.0.70.243:8000
vip: 10.0.70.245:8000
node1
yum install -y ipvsadm keepalived
vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
[email protected]
}
notification_email_from mail.zipeiyi.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_instance VI_1 { #对于只有一个vip加一个vrrp_instance即可。如果两个vip可加VI_2
state BACKUP
interface eth0
virtual_router_id 55
priority 100 #权重
advert_int 1
nopreempt #设置不抢占资源
authentication {
auth_type PASS
auth_pass 1111 #认证
}
virtual_ipaddress {
10.0.70.245
}
}
virtual_server 10.0.70.245 8000 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 120
protocol TCP
real_server 10.0.70.242 8000 {
weight 3
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 8000
}
}
real_server 10.0.70.243 8000 {
weight 3
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 8000
}
}
}
/etc/init.d/keepalived start
node2
yum install -y ipvsadm keepalived
vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 55
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.70.245
}
}
virtual_server 10.0.70.245 8000 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 10.0.70.242 8000 {
weight 3
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 8000
}
}
real_server 10.0.70.243 8000 {
weight 3
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 8000
}
}
}
/etc/init.d/keepalived start
检测
node1
arping 10.0.70.245
ARPING 10.0.70.245 from 10.0.70.245 eth0
证明vip是在node1上的
node2
arping 10.0.70.245
Unicast reply from 10.0.70.245 [00:50:56:9D:3B:42] 0.795ms
node1
/etc/init.d/keepalived stop
arping 10.0.70.245
Unicast reply from 10.0.70.245 [00:50:56:9D:3A:AD] 0.815ms
证明vip是在node2上的
/etc/init.d/keepalived start
此时即使启动node1的keepalived也不会拉回vip资源,vip还是在node2上,知道node2 standby,vip会切回node1上。
node2
/etc/init.d/keepalived stop
arping 10.0.70.245
Unicast reply from 10.0.70.245 [00:50:56:9D:3B:42] 0.795ms
vip自动切回到node1
/etc/init.d/keepalived start
部署应用监控脚本
node1
vim /etc/keepalived/check_server.sh
!/bin/bash
DIR=/opt/jumpserver/
while true
do
check_num=lsof -i :8000 | grep '*:irdmi' | wc -l
if [ checknum−eq0];thencd c h e c k n u m − e q 0 ] ; t h e n c d DIR
sh service.sh restart
sleep 5
check_num=lsof -i :8000 | grep '*:irdmi' | wc -l
if [ $check_num -eq 0 ];then
/etc/init.d/keepalived stop
exit
fi
fi
sleep 5
done
vim /etc/rc.local
/etc/init.d/keepalived restart
/opt/jumpserver/service.sh restart
sh /etc/keepalived/check_service.sh &
node2
vim /etc/keepalived/check_server.sh
!/bin/bash
DIR=/opt/jumpserver/
while true
do
check_num=lsof -i :8000 | grep '*:irdmi' | wc -l
if [ checknum−eq0];thencd c h e c k n u m − e q 0 ] ; t h e n c d DIR
sh service.sh restart
sleep 5
check_num=lsof -i :8000 | grep '*:irdmi' | wc -l
if [ $check_num -eq 0 ];then
/etc/init.d/keepalived stop
exit
fi
fi
sleep 5
done
vim /etc/rc.local
/etc/init.d/keepalived restart
/opt/jumpserver/service.sh restart
sh /etc/keepalived/check_service.sh &