keepalived+openldap主主模式(Mirror Mode)模式實例
keepalived+openldap主主模式(Mirror Mode)模式實例java
ps:下面是一個ldap Mirror Mode的實例,作主主複製,若是對此不是太熟悉的話,能夠參考:http://407711169.blog.51cto.com/6616996/1529506 。這裏只作了主主模型2臺機器,未在下面作slave的操做。只用keepalived作了高可用。web
1、keepalived環境搭建vim
如上圖,實體ip爲253與254 虛ip爲255 若是對keepalived不太熟悉,參見google緩存
2臺機器keepalived都須要裝,且只有配置文件不一樣,因此安裝流程只進行一次演示:bash
cd /usr/local/src wget yum -y install openssl-devel #安裝過程當中可能會報openssl依賴庫找不到,因此直接安裝 tar xf keepalived-1.2.13.tar.gz cd keepalived-1.2.13 ./configure make && make install #添加開機啓動選項 cp /usr/local/etc/rc.d/init.d/keepalived /etc/rc.d/init.d/ cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/ # 這裏能夠在這個文件裏面 添加下 -f /etc/keepalived/keepalived.conf chkconfig --add keepalived chkconfig keepalived on ln -sv /usr/local/etc/keepalived/ /etc/keepalived #軟鏈接 # cd /etc/keepalived/ mkdir scripts #爲後續檢查腳本作鋪墊
到這裏,就要進行具體的配置了:服務器
192.168.100.253:
session
vim /etc/keepalived/keepalived.conf
#下面爲配置文件內容
! Configuration File for keepalived
#全局配置
global_defs {
notification_email {
root@localhost
}
notification_email_from root@localhost
smtp_server localhost
smtp_connect_timeout 30
router_id NodeAa
}
#檢查規則的步驟
vrrp_script chk_url_fw {
script "sh /etc/keepalived/scripts/urltest.sh" #兩邊腳本內容可徹底相同,
interval 10
weight -2
fall 2
rise 2
}
vrrp_instance VI_1 {
state MASTER #設置爲主
interface eth0 #監聽網卡
virtual_router_id 128 #2臺keepalived的相同id,用於標示
priority 100 #優先級
advert_int 1
authentication { #認證方式
auth_type PASS
auth_pass 7758521
}
virtual_ipaddress { #虛ip
192.168.100.255/24 dev eth0 label eth0:0
}
track_script { #檢查健康狀態
chk_url_fw
}
notify_master "/etc/keepalived/scripts/notify.sh master" #notify腳本,注:253與254的腳本不一樣!只是名字相同而已
notify_backup "/etc/keepalived/scripts/notify.sh backup"
notify_fault "/etc/keepalived/scripts/notify.sh failed"
}
vim /etc/keepalived/scripts/notify.sh
#下面爲內容
#!/bin/bash
#file:100.253
source /etc/profile &> /dev/null
basedir=$(cd `dirname $0`;pwd)
function master() {
echo "[INFO]-[`date`]-[MASTER]--" >> $basedir/log
echo "[INFO]-[`date`]-[MASTER]-Start the [sldap server] on 192.168.100.253 " >> $basedir/log
echo "[INFO]-[`date`]-[MASTER]-Send sms to user : 【info】100.253 start server..." >> $basedir/log
/usr/bin/expect $basedir/expect.ex "$PHONE" "【info】ldap [100.253]開始運行。" #發送短信的方式,這裏不作具體解釋了
echo "[INFO]-[`date`]-[MASTER]---" >> $basedir/log
}
function backup() {
echo "[INFO]-[`date`]-[SLAVE]--" >> $basedir/log
echo "[INFO]-[`date`]-[SLAVE]-Close the [sldap server] on 192.168.100.253 " >> $basedir/log
echo "[INFO]-[`date`]-[SLAVE]-Send sms to user : 【info】100.254 start server..." >> $basedir/log
/usr/bin/expect $basedir/expect.ex "$PHONE" "【info】passport [100.254]開始運行。"
echo "[INFO]-[`date`]-[SLAVE]---" >> $basedir/log
}
function failed() {
/usr/bin/expect $basedir/expect.ex "$PHONE" "【warning】ldap 2臺機器都沒法訪問!!!!"
echo "[INFO]-[`date`]-[ALL]--two machine down!!!!" >> $basedir/log
}
case $1 in
master)
master
;;
backup)
backup
;;
failed)
failed
;;
esac
vim /etc/keepalived/scripts/urltest.sh # #!/bin/bash # /usr/bin/curl --user user:pass http://localhost >/tmp/status 2>/dev/null /bin/grep "auth ok" /tmp/status &> /dev/null if [ $? -ne 0 ];then exit 5 else exit 0 fi
192.168.100.254:curl
vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from root@localhost
smtp_server localhost
smtp_connect_timeout 30
router_id NodeAa
}
vrrp_script chk_url_fw {
script "sh /etc/keepalived/scripts/urltest.sh"
interval 10
weight -2
fall 2
rise 2
}
vrrp_instance VI_1 {
state BACKUP #########從節點
interface eth0
virtual_router_id 128
priority 99 ###優先級
advert_int 1
authentication {
auth_type PASS
auth_pass 7758521
}
virtual_ipaddress {
192.168.100.255/24 dev eth0 label eth0:0
}
track_script {
chk_url_fw
}
notify_master "/etc/keepalived/scripts/notify.sh master"
notify_backup "/etc/keepalived/scripts/notify.sh backup"
notify_fault "/etc/keepalived/scripts/notify.sh failed"
}
vim /etc/keepalived/scripts/notify.sh
#下面爲內容
#!/bin/bash
#
source /etc/profile &> /dev/null
basedir=$(cd `dirname $0`;pwd)
function master() {
echo "[INFO]-[`date`]-[SLAVE]--" >> $basedir/log
echo "[INFO]-[`date`]-[SLAVE]-Start the [sldap server] on 192.168.100.254 " >> $basedir/log
echo "[INFO]-[`date`]-[SLAVE]-Send sms to user : 【info】100.254 start server..." >> $basedir/log
echo "[INFO]-[`date`]-[SLAVE]---" >> $basedir/log
}
function backup() {
echo "[INFO]-[`date`]-[MASTER]--" >> $basedir/log
echo "[INFO]-[`date`]-[MASTER]-Close the [sldap server] on 192.168.100.254 " >> $basedir/log
echo "[INFO]-[`date`]-[MASTER]-Send sms to user : 【info】100.253 start server..." >> $basedir/log
echo "[INFO]-[`date`]-[MASTER]---" >> $basedir/log
}
function failed() {
echo "[INFO]-[`date`]-[ALL]--two machine down!!!!" >> $basedir/log
}
case $1 in
master)
master
;;
backup)
backup
;;
failed)
failed
;;
esac
254的/etc/keepalived/scripts/urltest.sh 與253的相同。ide
此刻,keepalived已經配置好,先不啓動,先配置ldap。工具
ldap安裝的流程這裏就不作演示了,很簡單(yum一下)
重點在配置文件!
192.168.100.253:
vim /etc/openldap/slapd.conf
#下面是精簡的配置,其餘的都已通過濾!
include /etc/openldap/schema/corba.schema
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/duaconf.schema
include /etc/openldap/schema/dyngroup.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/java.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/ppolicy.schema
include /etc/openldap/schema/collective.schema
allow bind_v2
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
modulepath /usr/lib/openldap
modulepath /usr/lib64/openldap
moduleload syncprov.la
TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
TLSCertificateFile /etc/pki/tls/certs/slapd.pem
TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem
include /etc/openldap/access.conf
database bdb
suffix "dc=***,dc=com" #請將***替換爲你須要的,下同
rootdn "cn=Manager,dc=***,dc=com"
rootpw {SSHA}XVu6fPl/7cFuA8Q8rCQ158wQ32btncGq #密碼 ,固然能夠是明文的 哈哈
directory /var/lib/ldap
loglevel 256
index objectclass,entryCSN,entryUUID eq
#####這裏纔是重點
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
serverID 1
syncrepl rid=002
provider=ldap://192.168.100.254
bindmethod=simple
binddn="cn=Manager,dc=***,dc=com"
credentials=密碼 #明文
searchbase="dc=****,dc=com"
schemachecking=on
filter="(objectClass=*)"
scope=sub
schemachecking=off
type=refreshAndPersist
retry="60 +"
mirrormode on
192.168.100.254:
vim /etc/openldap/slapd.conf
#下面是精簡的配置,其餘的都已通過濾!
include /etc/openldap/schema/corba.schema
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/duaconf.schema
include /etc/openldap/schema/dyngroup.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/java.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/ppolicy.schema
include /etc/openldap/schema/collective.schema
allow bind_v2
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
modulepath /usr/lib/openldap
modulepath /usr/lib64/openldap
moduleload syncprov.la
TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
TLSCertificateFile /etc/pki/tls/certs/slapd.pem
TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem
include /etc/openldap/access.conf
database bdb
suffix "dc=***,dc=com"
rootdn "cn=Manager,dc=***,dc=com"
rootpw {SSHA}XVu6fPl/7cFuA8Q8rCQ158wQ32btncGq
directory /var/lib/ldap
loglevel 256
index objectclass,entryCSN,entryUUID eq
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
serverID 2
syncrepl rid=002
provider=ldap://192.168.100.253
bindmethod=simple
binddn="cn=Manager,dc=***,dc=com"
credentials=密碼 #明文
searchbase="dc=***,dc=com"
schemachecking=on
filter="(objectClass=*)"
scope=sub
schemachecking=off
type=refreshAndPersist
retry="60 +"
mirrormode on
配置好,重點來了!!!
你直接啓動ldap(/etc/init.d/slapd start)是不讀新的配置的,以我暫且的閱從來講是發現這麼個狀況的!
因此,要這樣
#刪除就得配置緩存(暫且這麼理解吧) rm -rf /etc/openldap/slapd.d/* #生成新的 slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/ chown -R ldap.ldap /etc/openldap/slapd.d
而後就行了,而後你就能夠啓動ldap服務啦,
而後你就能夠啓動keepalived服務啦。
而後你就能夠停掉一遍測試服務啦。
PS:2臺服務器都需搭建http服務,一樣也是搞2套如出一轍的便可!若是你使用web服務工具的話!
相關文章
- 1. keepalived+openldap主主模式(Mirror Mode)模式實例
- 2. openldap中的Mirror mode模式中的主主同步
- 3. ftp的主動模式(Active Mode)和被動模式(Passive Mode)
- 4. keepalived主主模式
- 5. MySQL主主模式
- 6. SANGFOR_AC主主、主備模式
- 7. Singleton Mode(單例模式)
- 8. mysql主主同步模式
- 9. mysql 主主模式(keepalived)
- 10. 主備 主從 主主模式
- 更多相關文章...
- • Scala 模式匹配 - Scala教程
- • SVN 啓動模式 - SVN 教程
- • 委託模式
- • IntelliJ IDEA代碼格式化設置
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
- 1. 融合阿里雲,牛客助您找到心儀好工作
- 2. 解決jdbc(jdbctemplate)在測試類時不報錯在TomCatb部署後報錯
- 3. 解決PyCharm GoLand IntelliJ 等 JetBrains 系列 IDE無法輸入中文
- 4. vue+ant design中關於圖片請求不顯示的問題。
- 5. insufficient memory && Native memory allocation (malloc) failed
- 6. 解決IDEA用Maven創建的Web工程不能創建Java Class文件的問題
- 7. [已解決] Error: Cannot download ‘https://start.spring.io/starter.zip?
- 8. 在idea讓java文件夾正常使用
- 9. Eclipse啓動提示「subversive connector discovery」
- 10. 帥某-技巧-快速轉帖博主文章(article_content)
歡迎關注本站公眾號,獲取更多信息
