corosync + pacemaker 安裝配置,實現httpd高可用
corosync是一個Messaging Layer。它和pacemaker組合,被各個linux系統用來實現服務高可。corosync的歷史自己google瞭解下就行了。高可用叢集原理,不明白的可檢視之前總結的文章。
##實現httpd高可用
規劃:
機器一:ip地址=172.16.100.7
機器二:ip地址=172.16.100.2
機器三:時間伺服器 ip=172.16.0.1
我們假設使用172.16.100.1多為對外提供服務的地址——即VIP
1、兩臺機器安裝web服務,並在工作目錄下提供測試頁面
yum install httpd -y
chkconfig httpd off ##關閉httpd服務自啟動。
cd /var/www/html
vim 1.html ###為了測試效果,我們在兩臺機器的web工作目錄中提供名字一樣但內容不一樣的頁面1.html 。因此隨意寫點東西。
2、安裝corosync和pacemaker。並安裝crmsh配置高可用叢集的工具。這裡直接使用這個命令列工具。
yum info corosync ##檢視corosync是否安裝
yum install corosync ##安裝corosync
yum info pacemaker ##檢視pacemaker是否安裝
yum install pacemaker ##安裝pacemaker
vim /etc/yum.repos.d/HA.repo ##新增安裝crmsh用的yum源。可能網速有點慢,超時的話,多安兩遍。
[network_ha-clustering_Stable] name=Stable High Availability/Clustering packages (CentOS_CentOS-6) type=rpm-md baseurl=http://download.opensuse.org/repositories/network:/ha-clustering:/Stable/CentOS_CentOS-6/ gpgcheck=1 gpgkey=http://download.opensuse.org/repositories/network:/ha-clustering:/Stable/CentOS_CentOS-6//repodata/repomd.xml.key enabled=1
yum install crmsh -y ##安裝crmsh
3、配置兩個機器的主機名字。必須配置,叢集間通訊基於此。
hostname node1.magedu.com ###機器1上執行 ,臨時生效
vim /etc/sysconfig/network ###機器1上執行,永久生效
hostname node2.magedu.com ###機器2上執行,臨時生效
vim /etc/sysconfig/network ##機器2上執行,永久生效
4、配置兩臺機器的名稱解析(兩臺機器都執行相同操作),不能基於DNS,來進行主機名《=》ip地址的轉換
vim /etc/hosts
172.16.100.7 node1.magedu.com
172.16.100.2 node2.magedu.com
5、將我們規劃的ip配置到兩臺機器上,並互相ping,是否能ping同
ifconfig eth0 172.16.100.7/16 ##機器一配置ip
ifconfig eth0 172.16.100.2/16 ##機器二配置ip
ping node2.magedu.com ##在node1上
6、配置ssh互信通訊。
ssh -keygen -t rsa -P '' ##製作祕鑰,機器一上執行
ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected] ##把公鑰拷貝到機器二上
然後到機器二上,執行上邊相同的操作,把公鑰複製到機器一上。
7、時間同步,必須。叢集間需要基於這個標準來進行判斷,叢集中各節點是否有問題、是否隔離該節點。
service ntpd stop ##兩臺機器上都需要關閉ntpd服務
chkconfig ntpd off ##兩臺機器都關閉開機自啟動ntpd服務
ntpdate 172.16.0.1 ##從172.16.0.1那臺機器同步時間,隨便找臺機器配置上ip,作為ntpd伺服器就行。
crontab -e ##兩臺機器上都做成計劃任務,每5分鐘同步一次。必須 。crontab -l ##檢視計劃任務
*/5 * * * * /usr/sbin/ntpdate 172.16.0.1 &> /dev/null
8、配置corosync,綠色字型為配置檔案內容。英文好的man corosync.conf
vim /etc/corosync/corosync.conf ##修改配置檔案
# Please read the corosync.conf.5 manual page
compatibility: whitetank
totem {
version: 2 ##這裡不用改,指的是配置檔案版本。不能修改
# secauth: Enable mutual node authentication. If you choose to
# enable this ("on"), then do remember to create a shared
# secret with "corosync-keygen".
secauth: on ##指的是叢集間認證開啟,防止其他主機加入叢集
threads: 2 ##併發開啟的執行緒數。一般單核cpu修改下即可。多核cpu不需要修改
# interface: define at least one interface to communicate
# over. If you define more than one interface stanza, you must
# also set rrp_mode.
interface {
# Rings must be consecutively numbered, starting at 0.
ringnumber: 0
# This is normally the *network* address of the
# interface to bind to. This ensures that you can use
# identical instances of this configuration file
# across all your cluster nodes, without having to
# modify this option.
bindnetaddr: 172.16.0.0 ##叢集工作的網段
# However, if you have multiple physical network
# interfaces configured for the same subnet, then the
# network address alone is not sufficient to identify
# the interface Corosync should bind to. In that case,
# configure the *host* address of the interface
# instead:
# bindnetaddr: 192.168.1.1
# When selecting a multicast address, consider RFC
# 2365 (which, among other things, specifies that
# 239.255.x.x addresses are left to the discretion of
# the network administrator). Do not reuse multicast
# addresses across multiple Corosync clusters sharing
# the same network.
mcastaddr: 239.255.1.1 ##多播的地址。叢集節點間通訊使用這個多播地址。具體多播地址有哪些可以用。自己查查。
# Corosync uses the port you specify here for UDP
# messaging, and also the immediately preceding
# port. Thus if you set this to 5405, Corosync sends
# messages over UDP ports 5405 and 5404.
mcastport: 5405 ##多播埠號,保持預設即可
# Time-to-live for cluster communication packets. The
# number of hops (routers) that this ring will allow
# itself to pass. Note that multicast routing must be
# specifically enabled on most network routers.
ttl: 1
}
}
logging { ##配置日誌儲存的部分,不說了
# Log the source file and line where messages are being
# generated. When in doubt, leave off. Potentially useful for
# debugging.
fileline: off
# Log to standard error. When in doubt, set to no. Useful when
# running in the foreground (when invoking "corosync -f")
to_stderr: no
# Log to a log file. When set to "no", the "logfile" option
# must not be set.
to_logfile: yes
logfile: /var/log/cluster/corosync.log
# Log to the system log daemon. When in doubt, set to yes.
to_syslog: yes
# Log debug messages (very verbose). When in doubt, leave off.
debug: off
# Log messages with time stamps. When in doubt, set to on
# (unless you are only logging to syslog, where double
# timestamps can be annoying).
timestamp: on
logger_subsys {
subsys: AMF
debug: off
}
}
amf{
mode:disabled
}
service { ##啟動corosync完成後,就啟動pacemaker。
ver:0
name:pacemaker
}
9、生成認證祕鑰,並且每個節點都有一份
corosync-keygen
scp authkey corosync.conf node2.magedu.com:/etc/corosync/
10、啟動corosync
service iptables stop ##關閉防火牆
setenforce 0 ##關閉selinux防止影響我們
node1上:service corosync start
node2上:在node1上執行,ssh node2.magedu.com 'service corosync start'
11、檢視啟動是否有錯誤
(1).檢視corosync引擎是否正常啟動
| 1 2 3 |
[[email protected] ~]# grep -e "Corosync Cluster Engine" -e "configuration file" /var/log/cluster/corosync.log
Aug 17 17:31:20 corosync [MAIN ] Corosync Cluster Engine ('1.4.1'): started and ready to provide service.
Aug 17 17:31:20 corosync [MAIN ] Successfullyread
main configurationfile
'/etc/corosync/corosync.conf'.
|
(2).檢視初始化成員節點通知是否正常發出
| 1 2 3 4 5 |
[[email protected] ~]# grep TOTEM /var/log/cluster/corosync.log
Aug 17 17:31:20 corosync [TOTEM ] Initializing transport (UDP/IPMulticast).
Aug 17 17:31:20 corosync [TOTEM ] Initializing transmit/receivesecurity: libtomcrypt SOBER128/SHA1HMAC(mode
0).
Aug 17 17:31:21 corosync [TOTEM ] The network interface [192.168.1.201] is now up.
Aug 17 17:31:21 corosync [TOTEM ] A processor joined or left the membership and a new membership was formed.
|
(3).檢查啟動過程中是否有錯誤產生
| 1 2 3 |
[[email protected] ~]# grep ERROR: /var/log/cluster/corosync.log
Aug 17 17:31:21 corosync [pcmk ] ERROR: process_ais_conf: You have configured a cluster using the Pacemaker pluginfor
Corosync. The plugin is not supportedin
this environment and will be removed very soon.
Aug 17 17:31:21 corosync [pcmk ] ERROR: process_ais_conf: Please see Chapter 8 of'Clusters from Scratch'
(http://www.clusterlabs.org/doc)for
details on using Pacemaker with CMAN
|
(4).檢視pacemaker是否正常啟動
| 1 2 3 4 5 6 |
[[email protected] ~]# grep pcmk_startup /var/log/cluster/corosync.log
Aug 17 17:31:21 corosync [pcmk ] info: pcmk_startup: CRM: Initialized
Aug 17 17:31:21 corosync [pcmk ] Logging: Initialized pcmk_startup
Aug 17 17:31:21 corosync [pcmk ] info: pcmk_startup: Maximum corefile
size is: 18446744073709551615
Aug 17 17:31:21 corosync [pcmk ] info: pcmk_startup: Service: 9
Aug 17 17:31:21 corosync [pcmk ] info: pcmk_startup: Localhostname: node1.test.com
|
12、crm新增叢集資源
crm: 兩種模式
互動式:
配置,執行commit命令以後才生效
批處理:
立即生效
##
crm ##鍵入crm命令
configure ##配置
primitive webip ocf:heartbeat:IPaddr params ip=172.16.100.1 nic=eth0 cid_netmask=16 新增vip資源(對外服務的ip地址) 。注意如果引數的值中有空格要用“” 引起來。
verify ##校驗是否有問題
commit ##提交才會生效,這就是“互動式”
show ##檢視下配置
show xml ##xml檔案格式檢視配置檔案
primitive httpd lsb:httpd op start timeout=20 ##新增httpd資源
show ##檢視下資源
commit ##提交生效
cd ..
status ##檢視各個資源服務執行情況
configure ##進入配置命令
group webservice webip httpd ##定義組資源
verify
cd ..
status ##檢視狀況,此時資源服務都會運行於一個node上
configure
property no-quorum-policy=ignore ##配置下預設策略,因為我們叢集只有兩個節點,一個down掉另一個是沒有法定票數的。需要設定成ignore才能有效。實際情況下,一般我們提供奇數個節點,或者即使是偶數保證節點多些也沒有問題。
cd ..
node standy ##測試下,停止一個節點。
status ##檢視下服務資源執行的幾點是不是變了
node online ##開啟剛才關閉的節點
####上邊已經完成了httpd高可用,用的方法是資源組來保證資源運行於同一個節點上,下邊使用資源約束來保證所有資源運行於同一節點上
resource stop webservice
configure delete webservice ##刪除資源組
commit ##提交生效
status 檢視下叢集資源服務執行狀態
configure colocation httpd_with_webip inf: httpd webip ##新增排列約束,保證httpd和webip資源運行於同一個node。
verify ##校驗
commit ##提交
status ##檢視狀態
configure order webip_before_httpd mandatory: webip httpd ##新增順序約束,保證節點先有ip才會有httpd
verify
status ##檢視狀態
configure location webip_on_node1 webip rule 100: #uname eq node1.magedu.com ##新增位置約束,保證服務更傾向於在node1節點執行
verify
commit
node standby ##停掉一個節點
status
node online ##在開啟停掉的哪個節點。是不是回來了。
常用命令:
verify 檢測配置檔案是否有問題
crm configure property stonith-enabled=false
property stonith-enables=false
verify
commit
內容有空格加雙引號
primitive webip ocf:heartbeat:IPaddr params ip=172.16.100.1 nic=eth0 cidr_netmask=16
verify
show
show xml
stop webip ##停用一個資源
resources
list
start webip
list
migrate ##遷移資源
crm_mon
ra
providers httpd 看看httpd這個ra是誰提供的
classes
list lsb
meta lsb:httpd ##擦看下
configure
primitive httpd lsb:httpd op start timeout=20
show
verify
commit
show
crm status
group webservice webip httpd
verify
crm status
crm node standby / online
crm status
crm configure property no-quorum-policy=ignore
crm show
resource
stop webservice
list
cleanup webservice
cleanup webip
cleanup httpd
cleanstate node1.magedu.com
cleanstate node2.magedu.com
resource
start webservice
edit
verify
show
quit
resource
migrate ##遷移資源
commit
crm status
crm node standby
crm resource
stop webservice
configure
delete webservice
show
commit
configure
help colocation
colocation httpd_with_webip inf: httpd webip
show xml
verify
commit
crm status
order webip_before_httpd mandatory: webip httpd
show xml
commit
crm status
crm node standby
crm_mon
crm node online
location webip_on_node1 webip rule 100: #uname eq node1.magedu.com
show xml
verify
commit
crm status
crm node standy
crm status
crm configure
rsc_defaults resource-stickiness=200 ##設定預設的粘滯性
verify
commit
crm node standby
crm node online
ra
meta ocf:heartbeat:Filesystem
附加:
REHL 6.x RHCS: corosync
RHEL 5.x RHCS: openais, cman, rgmanager
corosync: Messaging Layer
openais: AIS
corosync --> pacemaker
SUSE Linux Enterprise Server: Hawk, WebGUI
LCMC: Linux Cluster Management Console
RHCS: Conga(luci/ricci)
webGUI
keepalived: VRRP, 2節點
參考網址:http://freeloda.blog.51cto.com/2033581/1275528