openldap主從數據同步-基於debain 9
我的看法:syncrepl=Synchronization+replication,即同步複製
前言
做爲數據副本受支持的後端數據庫php
- bdb
- hdb
- mdb
必須引用的schema文件:html
- core.schema
很是有用的schema文件:node
- cosine.schema
- inetorgperson.schema
同步方式
openldap有如下5種中同步複製方式,適應不一樣場景,持續更新ing數據庫
- syncrepl,主從同步,基於主機屬性值改變
- Delta-syncrepl,主從同步,基於日誌更新
- N-Way Multi-Master,N路多主(provider)同步
- MirrorMode,二主(provider)同步
- Syncrepl Proxy,代理
詳見:http://www.openldap.org/doc/admin24/replication.html#Delta-syncrepl後端
中文:http://wiki.jabbercn.org/index.php/OpenLDAP2.4%E7%AE%A1%E7%90%86%E5%91%98%E6%8C%87%E5%8D%97centos
配置
可利用命令:slaptest -u -f slapd.conf測試slapd.conf的正確性,根據提示修改錯誤session
syncrepl配置(主從)
前置條件:app
- 從consumer(192.168.0.228)能夠訪問主provider(192.168.0.227)
provider機配置(主)ide
1 # Give the replica DN unlimited read access. This ACL needs to be 2 # merged with other ACL statements, and/or moved within the scope 3 # of a database. The "by * break" portion causes evaluation of 4 # subsequent rules. See slapd.access(5) for details. 5 6 #schema 7 include /etc/ldap/schema/core.schema 8 include /etc/ldap/schema/cosine.schema 9 include /etc/ldap/schema/nis.schema 10 include /etc/ldap/schema/inetorgperson.schema 11 include /etc/ldap/schema/openldap.schema 12 13 #pid file 14 pidfile /var/run/slapd/slapd.pid 15 16 #args file 17 argsfile /var/run/slapd/slapd.args 18 19 # Set the module path location 20 modulepath /usr/lib/ldap/ 21 # Load the hdb backend 22 moduleload back_hdb.la 23 24 # Load the accesslog overlay 25 moduleload accesslog.la 26 27 #Load the syncprov overlay 28 moduleload syncprov.la 29 30 31 # Primary database definitions 32 database hdb 33 suffix "dc=provider,dc=com" 34 directory /var/openldap-data/ 35 rootdn "cn=root,dc=provider,dc=com" 36 rootpw secret 37 index objectClass,entryCSN,entryUUID eq 38 39 # syncrepl Provider for primary db 40 overlay syncprov 41 syncprov-checkpoint 100 10 42 syncprov-sessionlog 100
consumer機配置(從)測試
1 #schema 2 include /etc/ldap/schema/core.schema 3 include /etc/ldap/schema/cosine.schema 4 include /etc/ldap/schema/nis.schema 5 include /etc/ldap/schema/inetorgperson.schema 6 include /etc/ldap/schema/openldap.schema 7 8 #pid file 9 pidfile /var/run/slapd/slapd.pid 10 11 #args file 12 argsfile /var/run/slapd/slapd.args 13 14 modulepath /usr/lib/ldap/ 15 moduleload syncprov.la 16 moduleload back_hdb.la 17 moduleload accesslog.la 18 19 #replica database configuration 20 database hdb 21 suffix "dc=provider,dc=com" 22 directory "/var/openldap-data" 23 rootdn "cn=root,dc=provider,dc=com" 24 rootpw secret 25 26 # syncrepl specific indices 27 index objectClass,entryCSN,entryUUID eq 28 29 #syncrepl directives 30 syncrepl rid=007 31 provider=ldap://192.168.0.227 32 type=refreshonly 33 #輪詢間隔時間,這裏是一天 34 interval=01:00:00:00 35 searchbase="dc=provider,dc=com" 36 scope=sub 37 schemachecking=off 38 bindmethod=simple 39 binddn="cn=root,dc=provider,dc=com" 40 credentials=secret
注意
- 從機不能夠對數據進行更改
- 若需從可更新需加入:updateref ldap://[provider hostname]
Delta-syncrepl配置(主從)
前置條件:
- 從consumer(192.168.0.228)能夠訪問主provider(192.168.0.227)
主機provider配置:
#schema and objectClass definitions include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/inetorgperson.schema pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args modulepath /usr/lib/ldap/ moduleload syncprov.la moduleload back_hdb.la moduleload accesslog.la #accesslog database def database hdb suffix cn=accesslog directory /var/lib/ldap/delta-data/accesslog rootdn cn=accesslog rootpw secret index default eq index entryCSN,objectClass,reqEnd,reqResult,reqStart #master database def database hdb suffix "dc=delta,dc=com" rootdn "cn=root,dc=delta,dc=com" rootpw secret directory /var/lib/ldap/delta-data/ #syncprov def as a provider index entryCSN eq index entryUUID eq overlay syncprov syncprov-nopresent TRUE syncprov-reloadhint true syncprov-checkpoint 100 10 #accesslog overlay for master db overlay accesslog logdb cn=accesslog logops writes logsuccess true #7天清理一第二天志,天天掃描一第二天志 logpurge 07+00:00 01+00:00
從機consumer配置:
1 #schema 2 include /etc/ldap/schema/core.schema 3 include /etc/ldap/schema/cosine.schema 4 include /etc/ldap/schema/nis.schema 5 include /etc/ldap/schema/inetorgperson.schema 6 include /etc/ldap/schema/openldap.schema 7 8 #pid file 9 pidfile /var/run/slapd/slapd.pid 10 11 #args file 12 argsfile /var/run/slapd/slapd.args 13 14 modulepath /usr/lib/ldap/ 15 moduleload syncprov.la 16 moduleload back_hdb.la 17 moduleload accesslog.la 18 19 #replica database configuration 20 database hdb 21 suffix "dc=delta,dc=com" 22 directory "/var/lib/ldap/delta-data" 23 rootdn "cn=root,dc=delta,dc=com" 24 rootpw secret 25 26 # syncrepl specific indices 27 index entryUUID eq 28 29 syncrepl rid=007 30 provider=ldap://192.168.0.227 31 bindmethod=simple 32 binddn="cn=root,dc=delta,dc=com" 33 credentials=secret 34 searchbase="dc=delta,dc=com" 35 logbase="cn=accesslog" 36 logfilter="(&(objectclass=auditWriteObject)(reqResult=0))" 37 type=refreshonly 38 interval=00:00:01:00 39 scope=sub 40 schemachecking=off 41 42 #consumer的更改會提交到provider並作更改 43 updateref ldap://192.168.0.227
注意:
- 從機不能夠對數據進行更改
- 若需從可更新,需在配置文件中加入:updateref ldap://[provider hostname]
MirrorMode配置(node)
前置條件:
- 兩主A、B機互通
- 兩主機均配置好openldap,並初始化了根entry
注意:如下配置基於centos 7,debain 9同理,只是文件位置略有不一樣
主機A配置slapd.conf
1 # This is the main slapd configuration file. See slapd.conf(5) for more 2 # info on the configuration options. 3 4 ####################################################################### 5 # Global Directives: 6 serverID 1 7 8 # Schema and objectClass definitions 9 include /etc/openldap/schema/core.schema 10 include /etc/openldap/schema/cosine.schema 11 include /etc/openldap/schema/nis.schema 12 include /etc/openldap/schema/inetorgperson.schema 13 include /etc/openldap/schema/openldap.schema 14 15 # Where the pid file is put. The init.d script 16 # will not stop the server if you change this. 17 pidfile /var/run/openldap/slapd.pid 18 19 # List of arguments that were passed to the server 20 argsfile /var/run/openldap/slapd.args 21 22 # Where the dynamically loaded modules are stored 23 modulepath /usr/lib64/openldap 24 moduleload syncprov.la 25 26 ####################################################################### 27 # Specific Directives for database #1, of type @BACKEND@: 28 # Database specific directives apply to this databasse until another 29 # 'database' directive occurs 30 database mdb 31 maxsize 1073741824 32 # The base of your directory in database #1 33 suffix "dc=test,dc=com" 34 35 # rootdn directive for specifying a superuser on the database. This is needed 36 # for syncrepl. 37 rootdn "cn=root,dc=test,dc=com" 38 rootpw {SSHA}DE7AfmQ8unP8CYhYDHgiRCQekEyFHViv 39 40 # Where the database file are physically stored for database #1 41 directory "/var/lib/ldap" 42 43 # Indexing options for database #1 44 index objectClass eq 45 index entryCSN,entryUUID eq 46 47 #mirrorMode syncrepl 48 overlay syncprov 49 syncprov-checkpoint 100 10 50 syncprov-sessionlog 100 51 syncrepl rid=001 52 provider=ldap://master2.test.com 53 bindmethod=simple 54 binddn="cn=root,dc=test,dc=com" 55 credentials=mirrormode 56 searchbase="dc=test,dc=com" 57 schemachecking=on 58 type=refreshAndPersist 59 retry="60 +" 60 mirrormode on
主機B配置slapd.conf
1 # This is the main slapd configuration file. See slapd.conf(5) for more 2 # info on the configuration options. 3 4 ####################################################################### 5 # Global Directives: 6 serverID 2 7 8 # Schema and objectClass definitions 9 include /etc/openldap/schema/core.schema 10 include /etc/openldap/schema/cosine.schema 11 include /etc/openldap/schema/nis.schema 12 include /etc/openldap/schema/inetorgperson.schema 13 include /etc/openldap/schema/openldap.schema 14 15 # Where the pid file is put. The init.d script 16 # will not stop the server if you change this. 17 pidfile /var/run/openldap/slapd.pid 18 19 # List of arguments that were passed to the server 20 argsfile /var/run/openldap/slapd.args 21 22 # Where the dynamically loaded modules are stored 23 modulepath /usr/lib64/openldap 24 moduleload syncprov.la 25 26 ####################################################################### 27 # Specific Directives for database #1, of type @BACKEND@: 28 # Database specific directives apply to this databasse until another 29 # 'database' directive occurs 30 database mdb 31 maxsize 1073741824 32 # The base of your directory in database #1 33 suffix "dc=test,dc=com" 34 35 # rootdn directive for specifying a superuser on the database. This is needed 36 # for syncrepl. 37 rootdn "cn=root,dc=test,dc=com" 38 rootpw {SSHA}DE7AfmQ8unP8CYhYDHgiRCQekEyFHViv 39 40 # Where the database file are physically stored for database #1 41 directory "/var/lib/ldap" 42 43 # Indexing options for database #1 44 index objectClass eq 45 index entryCSN,entryUUID eq 46 47 #mirrorMode syncrepl 48 overlay syncprov 49 syncprov-checkpoint 100 10 50 syncprov-sessionlog 100 51 syncrepl rid=001 52 provider=ldap://masterA.test.com 53 bindmethod=simple 54 binddn="cn=root,dc=test,dc=com" 55 credentials=mirrormode 56 searchbase="dc=test,dc=com" 57 schemachecking=on 58 type=refreshAndPersist 59 retry="60 +" 60 mirrormode on
不一樣點
- serverID
- provider值不一樣,是彼此的
注意點
- serverID必定在配置文件最開始位置,且惟一
- 須要syncprov.la模塊
相關文章
- 1. 11-OpenLDAP主從同步
- 2. openldap的多主同步
- 3. mysql數據主從同步
- 4. 基於MySQL實現數據庫的半同步主從複製
- 5. SQL SERVER 基於數據庫鏡像的主從同步
- 6. MySQL基於GTID的主從同步(一)
- 7. MySQL數據庫實現主從同步(基於MySQL8.0.11)
- 8. 基於k8s搭建mysql主從同步
- 9. memcached基於magent 多主多從,主主同步,主從備份,導入,導出大於2M數據。
- 10. openldap同步 syncrepl
- 更多相關文章...
- • Spring基於Annotation裝配Bean - Spring教程
- • Spring基於XML裝配Bean - Spring教程
- • Flink 數據傳輸及反壓詳解
- • ☆基於Java Instrument的Agent實現
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
