httpd 服务的两个节点的HA

实验目的是：实现两个节点的http和nfs服务的HA集群。

实现条件：准备两个节点。node1,node2作为HA1,HA2提供集群服务。在node1和node2分别按照httpd服务、挂载nfs服务的客户端，另外在要求有一个节点提供

nfs服务。

对node1和node2节点要求。

（1）node1:192.168.176.6 node2:192.168.176.7

修改node1的主机名称：node1.magedu.com，

为了防止服务器重启后，名称失效，可以在配置文件里对其修改。vim /etc/sysconfig/network

[root@node1 ~]# hostname node1.magedu.com
[root@node1 ~]# vim /etc/sysconfig/network

NETWORKING=yes
HOSTNAME=node1.magedu.com

保证uname -n 显示的结果如下：

[root@node1 ~]# uname -n
node1.magedu.com

用同样的方法，修改node2的主机名称：

[root@node2 ~]# hostname node2.magedu.com
[root@node2 ~]# vim /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=node2.magedu.com
：wq
[root@node2 ~]# uname -n
node2.magedu.com

（2）修改node1,node2主机的/etc/hosts文件。（这里不是用DNS对节点的IP进行解析，因为DNS是运行过程也可以宕机）

所以选在/etc/hosts添加对应的主机名及对应的IP

node1:

[root@node1 ~]# vim /etc/hosts    添加两行
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.176.6 node1 node1.magedu.com
192.168.176.7 node2 node2.magedu.com

：wq

node2和node1配置一样

[root@node1 ~]# vim /etc/hosts    添加两行
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.176.6 node1 node1.magedu.com
192.168.176.7 node2 node2.magedu.com

：wq

（3）配置node1和node2 互信通信。通信过程可以不用使用密码。（使用ssh-keyen工具。）

[root@node1 ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):    回车
Enter passphrase (empty for no passphrase): 回车
Enter same passphrase again:回车
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
77:7d:09:dc:9c:d5:dd:41:d3:66:3e:0b:e9:98:dc:32 root@node1.magedu.com
The key's randomart image is:
+--[ RSA 2048]----+
|              .+B|
|            . o @|
|             o.B |
|             +..o|
|        S o * o.+|
|         . E o o |
|            o    |
|                 |
|                 |
+-----------------+

#j将生成的公钥拷贝至远程主机node2上
[root@node1 ~]# ssh-copy-id -i .ssh/id_rsa.pub root@192.168.176.7
The authenticity of host '192.168.176.7 (192.168.176.7)' can't be established.
RSA key fingerprint is da:6d:09:5a:86:fa:17:6b:e4:1d:2d:57:1e:cc:32:1b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.176.7' (RSA) to the list of known hosts.
root@192.168.176.7's password:
Now try logging into the machine, with "ssh 'root@192.168.176.7'", and check in:

.ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

#y验证下可以不需要密码登录至node2(192.168.176.7)
[root@node1 heartbeat]# ssh node2
The authenticity of host 'node2 (192.168.176.7)' can't be established.
RSA key fingerprint is da:6d:09:5a:86:fa:17:6b:e4:1d:2d:57:1e:cc:32:1b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'node2' (RSA) to the list of known hosts.
Last login: Fri Apr 22 10:29:40 2016 from node1

对于节点node2
可以用同样的方式 ssh-keygen -t rsa,然后将生成的公钥拷贝至node1上，这里不再赘述

（4）在node1和nodenode2分别安装管理集群的软件heartbeat组件和在node1和nodenode2上分别安装httpd服务

（4.1）

node1:

[root@node1 heartbeat]# yum install -y heartbeat
Downloading Packages:
(1/2): heartbeat-3.0.4-2.el6.i686.rpm                                                                          | 161 kB     00:00
(2/2): heartbeat-libs-3.0.4-2.el6.i686.rpm                                                                     | 260 kB     00:00
--------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                 200 kB/s | 421 kB     00:02
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : heartbeat-libs-3.0.4-2.el6.i686                                                                                    1/2
Installing : heartbeat-3.0.4-2.el6.i686                                                                                         2/2
Verifying  : heartbeat-3.0.4-2.el6.i686                                                                                         1/2
Verifying  : heartbeat-libs-3.0.4-2.el6.i686                                                                                    2/2

Installed:
heartbeat.i686 0:3.0.4-2.el6

Dependency Installed:
heartbeat-libs.i686 0:3.0.4-2.el6

[root@node1 .ssh]# yum install -y httpd

[root@node1 ha.d]# echo "<h1>node1.magedu.com</h1>" >/var/www/html/index.html

node2:

[root@node2 .ssh]# yum install -y heartbeat

可以用命令rpm –ql heartbeat 安装后有的路径有哪些。

[root@node2 .ssh]# yum install -y httpd

[root@node2 ha.d]# echo "<h1>node2.magedu.com</h1>" >/var/www/html/index.html

node1:

[root@node1 heartbeat]# cd /usr/share/doc/heartbeat-3.0.4
[root@node1 heartbeat-3.0.4]# ls
apphbd.cf  authkeys  AUTHORS  ChangeLog  COPYING  COPYING.LGPL  ha.cf  haresources  README
[root@node1 heartbeat-3.0.4]# cp authkeys ha.cf  haresources  /etc/ha.d/
cp：是否覆盖"/etc/ha.d/authkeys"？ y
cp：是否覆盖"/etc/ha.d/ha.cf"？ y
cp：是否覆盖"/etc/ha.d/haresources"？ y

因为之前安装过heartbeat，所以会出现“是否覆盖”的提示

（5）开始配置/etc/ha.d目录下三个文件authkeys、 ha.cf 、haresources

authkeys：是通信过程的加密配置文件。vim /etc/ha.d/authkeys

文件的原内容是如下

#auth 1
#1 crc
#2 sha1 HI!
#3 md5 Hello!

三种加密算法，推荐使用第三种，然后将Hell！的位置修改为随机的字符串。

auth 3
#1 crc
#2 sha1 HI!
3 md5 Helloasfsdfsd!

wq

文件authkeys的权限是：600

再修改ha.cf的配置文件vim /etc/ha.d/ha.cf，需要添加三个地方。

（5.1）设定广播的心跳信息的接口

#       What interfaces to broadcast heartbeats over?   #哪个接口去广播心跳
#
bcast   eth1            # Linux                             #选择eth1是因为HA1主机做实验的时候只有一块网卡eth1
#bcast  eth0            # Linux

（5.2）设定仲裁的ping节点

#       Less common options...
#
#       Treats 10.10.10.254 as a psuedo-cluster-member
#       Used together with ipfail below...
#       note: don't use a cluster node as ping node
#
ping 192.168.176.1
#ping 10.10.10.254

（5.3）设定集群的所有节点 注意这里node 对于一定使用uname –n 命令显示结果一致。

#       Tell what machines are in the cluster
#       node    nodename ...    -- must match uname -n
node    node1.magedu.com
node    node2.magedu.com
#node   ken3
#node   kathy

保存退出完成。

配置资源管理文件vim /etc/ha.d/haresources

#       One service address, with the subnet, interface and bcast addr
#       explicitly defined.
#
#just.linux-ha.org      135.9.216.3/28/eth0/135.9.216.12 httpd
node1.magedu.com        192.168.176.10/24/eth1:0 httpd

这里指定主节点是node1.magedu.com 虚拟IP是192.168.176.10 配置在主节点的eth1网卡上，其中135.9.216.12是广播地址，而下面的广播地址不做指定。

注意：有的时候配置后配置文件的样例可以直接192.168.176.10/24/eth1，但是不知道为什么，有时候必须要取别名192.168.176.10/24/eth1:0.这样之后才能正常启动heartbeat服务，虚拟ip才正常出现。（所以一般先按照测试样例写，如果不行再取别名）

(5.4)将node1节点的三个配置文件远程拷贝至node2的/etc/ha.d/目录下。

[root@node1 ha.d]# scp authkeys ha.cf haresources node2:/etc/ha.d/
authkeys                                                                         100%  651     0.6KB/s   00:00
ha.cf                                                                            100%   10KB  10.3KB/s   00:00
haresources                                                                      100% 5951     5.8KB/s   00:00

（6）authkeys 、ha.cf 、haresource 这三配置文件修改完成之后。

先启动主机node1上heartbeat服务，在启动从节点上heartbeat服务。

然后清除node1和node2上iptables –F 规则，确保httpd系统自启动是关闭的状态。chkconfig httpd off

node1：service heartbeat start

ifconfig

ps –ef |heartbeat

ps –ef |grep httpd

可以用tail –f /var/log/message 监控启动heartbeat服务的日志信息

在启动node2：service heartbeart start

（7）实验测试：

node1: service heartbeat stop #停止node1的heartbeart服务，这里查看node2的httpd服务是否启动，已经ifconfig查看虚拟vip地址。

node1: service heartbeat start # 重启动node1的heartbeat服务，查看node1的heartbeat服务时候重新接管http资源

node1: 断掉node1的网卡eth1连接，是的ping节点192.168.176.1无法ping通主节点node1，这里在查看node2时候接管httpd资源

[root@node1 ~]# service heartbeat start
Starting High-Availability services: INFO:  Resource is stopped
Done.

[root@node1 ~]# ifconfig
eth1      Link encap:Ethernet  HWaddr 00:0C:29:DC:B6:9F
inet addr:192.168.176.6  Bcast:192.168.176.255  Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fedc:b69f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
RX packets:115672 errors:0 dropped:0 overruns:0 frame:0
TX packets:99379 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:48714317 (46.4 MiB)  TX bytes:17954573 (17.1 MiB)
Interrupt:19 Base address:0x2000

eth1:0    Link encap:Ethernet  HWaddr 00:0C:29:DC:B6:9F
inet addr:192.168.176.10  Bcast:192.168.176.255  Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
Interrupt:19 Base address:0x2000

lo        Link encap:Local Loopback
inet addr:127.0.0.1  Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING  MTU:16436  Metric:1
RX packets:1405 errors:0 dropped:0 overruns:0 frame:0
TX packets:1405 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:226530 (221.2 KiB)  TX bytes:226530 (221.2 KiB)

（8）测试挂载nfs服务的HA

再启动node2上heartbeat服务

ssh node2 ’service heartbeart start’

[root@node1 ~]# ssh node2 'service heartbeat start'
Starting High-Availability services: 2016/04/22_14:21:30 INFO:  Resource is stopped
Done.

安装主机192.168.176.128上安装nfs服务，可以提供192.168.176.6 和192.168.176.7,也就是node1和node2挂载。

然后,更改haresouces配置文件：

#node1  10.0.0.170 Filesystem::/dev/sda1::/data1::ext2
node1 192.168.176.10/24/eth1:0 Filesystem::192.168.176.128:/usr/local/apache/htdocs/::/var/www/html::nfs httpd

#其中httpd服务按照顺序是放在文件系统后续的服务。服务于服务之间空格，服务参数用：：隔开

重新拷贝修改文件至node2上：

[root@node1 ~]# scp /etc/ha.d/haresources node2:/etc/h
ha.d/        hal/         host.conf    hosts        hosts.allow  hosts.deny   httpd/
[root@node1 ~]# scp /etc/ha.d/haresources node2:/etc/ha.d/
haresources                                                                                         100% 6073     5.9KB/s   00:00

重新启node1和node2的heartbeat服务。

node2:service heartbeat stop

node1:service heartbeat stop

node1:service heartbeat start

node2:service heartbeat start

检验:

ifconfig #查看vip

df –h #查看nfs时候挂载

ps –ef |grep httpd #httpd 服务是否启动

eth1:0    Link encap:Ethernet  HWaddr 00:0C:29:DC:B6:9F
inet addr:192.168.176.10  Bcast:192.168.176.255  Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
Interrupt:19 Base address:0x2000

lo        Link encap:Local Loopback
inet addr:127.0.0.1  Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING  MTU:16436  Metric:1
RX packets:1405 errors:0 dropped:0 overruns:0 frame:0
TX packets:1405 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:226530 (221.2 KiB)  TX bytes:226530 (221.2 KiB)

[root@node1 ~]# ps -ef |grep httpd
root     11594     1  0 16:36 ?        00:00:00 /usr/sbin/httpd
apache   11596 11594  0 16:36 ?        00:00:00 /usr/sbin/httpd
apache   11597 11594  0 16:36 ?        00:00:00 /usr/sbin/httpd
apache   11598 11594  0 16:36 ?        00:00:00 /usr/sbin/httpd
apache   11599 11594  0 16:36 ?        00:00:00 /usr/sbin/httpd
apache   11600 11594  0 16:36 ?        00:00:00 /usr/sbin/httpd
apache   11601 11594  0 16:36 ?        00:00:00 /usr/sbin/httpd
apache   11602 11594  0 16:36 ?        00:00:00 /usr/sbin/httpd
apache   11603 11594  0 16:36 ?        00:00:00 /usr/sbin/httpd
root     11607 10299  1 16:36 pts/3    00:00:00 grep --color httpd
[root@node1 ~]# ps -ef |grep httpd^C
[root@node1 ~]# df
Filesystem                                1K-blocks    Used Available Use% Mounted on
/dev/sda2                                  18375548 4174508  13267616  24% /
tmpfs                                        515224       0    515224   0% /dev/shm
/dev/sda1                                    198337   26446    161651  15% /boot
192.168.176.128:/usr/local/apache/htdocs/  18375552 4085632  13356416  24% /var/www/html
[root@node1 ~]#