配置前提:
1.时间必须同步,建议使用ntp协议
2.节点之间必须要通过主机名互相通信;通信中使用的名字必须与其节点上"uname -n"命令展示出的名字一致
3.需要仲裁设备
4.双方root用户能基于ssh密钥方式进行通信
5.本地资源必须能够正常运行,本文将使用httpd作为案例
注意:定义为集群服务中的任意资源都不能开机自动启动,因为他们将由CRM启动
安装方法:
[root@nod1 heartbeat1]# yum -y install net-snmp-libs libnet PyXML libltdl 注意配置epel源 [root@nod1 heartbeat1]# rpm -ivh heartbeat-2.1.4-12.el6.i686.rpm heartbeat-stonith-2.1.4-12.el6.i686.rpm heartbeat-pils-2.1.4-12.el6.i686.rpm Preparing... ########################################### [100%] 1:heartbeat-pils ########################################### [ 33%] 2:heartbeat-stonith ########################################### [ 67%] 3:heartbeat ########################################### [100%]
同步时间:
crontab */3 * * * * /usr/sbin/ntpdate 172.16.0.1 &> /dev/null
节点1:建立加密关联
ssh-keygen -P ''ssh-copey-id -i .ssh/id_rsa.pub root@node2
[root@nod1 ~]# ssh nod2 'date';date 保持两个节点时间同步Mon Oct 5 17:38:47 HKT 2015Mon Oct 5 17:38:47 HKT 2015
[root@nod1 ~]# scp /etc/hosts nod2:/etc/hosts 两个节点的hosts文件保持一致hosts 100% 228 0.2KB/s 00:00
[root@nod2 ~]# ssh-keygen -t rsa -P '' 确保nod2加密连接到nod1 Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: b0:bc:2e:44:88:6e:7b:a7:d0:63:f6:9f:4f:f8:4d:55 [email protected] The key's randomart image is: +--[ RSA 2048]----+ | | | | | . . . E | |. . .. o . | |. . o S . | | o. . .. . | |...* .. . . | | .+.+o + o | | ..oooo.o . | +-----------------+[root@nod2 ~]# ssh-copy-id -i .ssh/id_rsa.pub root@nod1The authenticity of host 'nod1 (192.168.1.10)' can't be established.RSA key fingerprint is 41:26:a8:88:6a:93:f6:56:aa:87:6b:d7:62:46:83:0d.Are you sure you want to continue connecting (yes/no)? yesWarning: Permanently added 'nod1,192.168.1.10' (RSA) to the list of known hosts.root@nod1's password: Now try logging into the machine, with "ssh 'root@nod1'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting. [root@nod2 ~]# ssh nod1 'date';dateMon Oct 5 17:45:26 HKT 2015Mon Oct 5 17:45:26 HKT 2015
配置文件设置;
cd /usr/share/doc/heartbeat-2.1.4cp -p authkeys haresources ha.cf /etc/ha.d #将备用的配置文件拷贝到配置目录中 ha.cf:heartbeat的主配置文件,authkeys:集群信息加密算法及密钥,haresources:heartbeat v1的CRM配置接口cd /etc/ha.d/chmod 600 authkeys 修改权限400或600
修改ha.cf配置:
vim ha.cflogfile /var/log/ha-log#logfacility local0mcast eth0 228.203.101.1 694 1 0 采用多播地址,本地组播地址:239.0.0.0-239.255.255.255,仅在特定的本地范围内有效 node nod1.mageedu.comnode nod2.mageedu.com 加入高可用集群的计算机ping 192.168.1.1 仲裁设备,判断计算机是否可用的标准compression bz2 选择压缩
vim authkeys auth 1 1 sha1 343434349 设置加密,可以使用openssl rand -hex 6生成加密密码
vim haresouces: nod1.mageedu.com 192.168.1.15/24/eth0/192.168.1.255 httpd Haresources文件用于指定双机系统的主节点、集群IP、子网掩码、广播地址以及启动的服务等集群资源s
scp -p authkeys haresouces ha.cf node2:/etc/ha.d/ 确保主机2 配置,文件属性相同-p
service heartbeart start; ssh node2 'service heartbeat start'启动服务,访问外网地址能正常访问
tail /var/log/ha-log 查看日志
cd /usr/lib64/heartbeat/ ./hb_standby 不作为主 ./hb_takeover 作为主 资源转化用