Press Ctrl+ and K to search
请注意,本文编写于 544 天前,最后修改于 542 天前,其中某些信息可能已经过时。
目录
背景
这边需要用集群的方式部署一下JumpServer,因为堡垒机是为了对接所有服务器和交换机的,相对比较重要 所以这边使用的NFS就部署一下高可用环境。在这过程中踩了不少坑,网上的资料好像大多都是红帽的,这次想用Ubuntu的玩一下。 环境为Ubuntu2004
NFS
没什么好说的
bash#安装 NFS
apt-get install nfs-kernel-server -y
#创建共享目录
mkdir -p /opt/nfsdata
#编辑配置文件
vim /etc/exports
# 加一行
# /opt/nfsdata 192.168.0.*(rw,sync,no_subtree_check,all_squash,anonuid=0,anongid=0)
# 高版本NFS要加no_subtree_check参数 这个参数表示不检查父目录权限,或者subtree_check检查父目录权限
# 打开共享
exportfs -a
# 启动 NFS服务
systemctl start nfs-server.service
有什么报错调整什么,很容易。
DRBD
DRBD需要使用一个没有格式化的分区,使用fdisk分出一个分区后记住路径,然后安装DRBD管理工具
bashapt-get install -y drbd-utils
# 先修改下设备hosts
vim /etc/hosts
# 添加
# nfs01 192.168.0.150
# nfs02 192.168.0.151
# 添加DRBD配置文件
vim /etc/drbd.d/jumpserver.res
bash# jumpserver.res
resource jumpserver {
device minor 0;
disk "/dev/sdb1"; # 刚刚分区的设备名
meta-disk internal;
on nfs01 {
address ipv4 192.168.0.150:7700; # 客户端 1
}
on nfs02 {
address ipv4 192.168.0.151:7700; # 客户端 2
}
}
# /etc/drbd.d/global_common.conf
# DRBD is the result of over a decade of development by LINBIT.
# In case you need professional services for DRBD or have
# feature requests visit http://www.linbit.com
global {
usage-count no;
# Decide what kind of udev symlinks you want for "implicit" volumes
# (those without explicit volume <vnr> {} block, implied vnr=0):
# /dev/drbd/by-resource/<resource>/<vnr> (explicit volumes)
# /dev/drbd/by-resource/<resource> (default for implict)
udev-always-use-vnr; # treat implicit the same as explicit volumes
# minor-count dialog-refresh disable-ip-verification
# cmd-timeout-short 5; cmd-timeout-medium 121; cmd-timeout-long 600;
}
common {
protocol C;
handlers {
pri-on-incon-degr "/usr/lib/drbd/notify-pri-on-incon-degr.sh; /usr/lib/drbd/notify-emergency-reboot.sh; echo b > /proc/sysrq-trigger ; reboot -f";
pri-lost-after-sb "/usr/lib/drbd/notify-pri-lost-after-sb.sh; /usr/lib/drbd/notify-emergency-reboot.sh; echo b > /proc/sysrq-trigger ; reboot -f";
local-io-error "/usr/lib/drbd/notify-io-error.sh; /usr/lib/drbd/notify-emergency-shutdown.sh; echo o > /proc/sysrq-trigger ; halt -f";
}
disk {
on-io-error detach; #配置I/O错误处理策略为分离
rate 200M; #设置主备节点同步时的网络速率
}
net {
cram-hmac-alg "sha1";
shared-secret "123456";
}
}
# 网上简单抄了一点
bash# 初始化设备 开启设备
drbdadm create-md all
drbdadm up jumpserver
# 提升节点为主节点
drbdadm primary --force jumpserver
# 格式化存储
mkfs.ext4 /dev/drbd0
# 挂载
mount /dev/brdb0 /opt/nfsdata
至此就完成了主节点的配置,从节点则相同,安装以后只要开启设备就行,副节点使用
drbdadm secondary jumpserver
副节点不需要开启nfs与挂载目录(只有主节点需要挂载)
KeepAlive
KeepAlive的安装也相对比较简单,但是网上的脚本不太能直接使用,所以这边调试花费了大量的时间。 首先安装 KeepAlive
bashapt install -y keepalived vim /etc/keepalived/keepalived.conf
keepalived.conf
bash ! Configuration File for keepalived
global_defs {
router_id nfs01 #设备名副机需要更改
}
vrrp_script chk_nfs
{
script "/etc/keepalived/nfs_check.sh" #监控脚本
interval 2 # 2秒一次
weight -20 # keepalived部署了两台所以设为20,如果三台就设为30
}
vrrp_instance VI_1 {
state BACKUP # 两台主机都设为backup非抢占模式
interface ens160
virtual_router_id 51
priority 100
advert_int 1
nopreempt # 设置为非抢占模式必须要该参数
authentication {
auth_type PASS
auth_pass abcdef
}
track_script {
chk_nfs
}
notify_stop /etc/keepalived/notify_stop.sh # keepalived停服时调用的脚本
virtual_ipaddress {
192.168.0.153/23 #虚拟ip
}
}
bash# vim /etc/keepalived/nfs_chk.sh
#!/bin/bash
# 日志文件大于5M就只保留最后50行
[ `du -m /tmp/nfs-chk.log | awk '{print $1}'` -gt 5 ] && tail -50 /tmp/nfs-chk.log >/tmp/nfs-tmp && mv /tmp/nfs-tmp /tmp/nfs-chk.log
vip=`ip a |grep 0.153|wc -l`
if [ $vip -eq 1 ];then # 主keepalived机器检查
service nfs-server status &>/dev/null # 检查nfs可用性
if [ $? -ne 0 ];then # 如果服务状态不正常,先尝试重启服务
time=`date "+%F %H:%M:%S"`
echo -e "$time ------主机NFS服务故障,重启之!------\n" >>/tmp/nfs-chk.log
systemctl start nfs-server.service &>>/tmp/nfs-chk.log
fi
nfsStatus=`ps -C nfsd --no-header | wc -l`
if [ $nfsStatus -eq 0 ];then # 若重启nfs服务后,仍不正常
time=`date "+%F %H:%M:%S"`
echo -e "$time ------nfs服务故障且重启失败,切换到备用服务器------\n">>/tmp/nfs-chk.log
systemctl stop nfs-server.service &>>/tmp/nfs-chk.log # 停止nfs服务
umount /drbd0 &>>/tmp/nfs-chk.log # 卸载drbd设备
drbdadm secondary jumpserver &>>/tmp/nfs-chk.log # 将drbd主降级为备
systemctl stop keepalived &>>/tmp/nfs-chk.log # 关闭keepalived(切换)
time=`date "+%F %H:%M:%S"`
echo -e "$time ------切换结束!------\n" >>/tmp/nfs-chk.log
sleep 2
systemctl start keepalived &>>/tmp/nfs-chk.log # 再开启keepalived服务
else
# drbd置主没有,挂载没有
drbdadm role jumpserver |grep Secondary/Primary
if [ $? -eq 0 ];then # drbd未置Primary
time=`date "+%F %H:%M:%S"`
echo -e "$time ------将本机置为DRBD主机并挂载/nfs目录------\n" >>/tmp/nfs-chk.log
drbdadm primary jumpserver &>>/tmp/nfs-chk.log # 将drbd置为主
mount /dev/drbd0 /opt/nfsdata &>>/tmp/nfs-chk.log # 挂载drbd设备
fi
drbdadm role jumoserver |grep Secondary/Secondary
if [ $? -eq 0 ];then # drbd未置Primary
time=`date "+%F %H:%M:%S"`
echo -e "$time ------将本机置为DRBD主机并挂载/nfs目录------\n" >>/tmp/nfs-chk.log
drbdadm primary jumpserver &>>/tmp/nfs-chk.log # 将drbd置为主
mount /dev/drbd0 /opt/nfsdata &>>/tmp/nfs-chk.log # 挂载drbd设备
fi
fi
else # keepalived备机检查
service nfs-server status |grep inactive &>/dev/null
if [ $? -eq 1 ];then # NFS服务必须处于关闭状态
time=`date "+%F %H:%M:%S"`
echo -e "$time ------关闭备机NFS服务------\n" >>/tmp/nfs-chk.log
systemctl stop nfs-server &>>/tmp/nfs-chk.log
fi
drbdadm role jumoserver|grep Primary/Secondary &>/dev/null
if [ $? -eq 0 ];then # drbd必须置备并卸载drbd设备
time=`date "+%F %H:%M:%S"`
echo -e "$time ------备机置secondary并卸载备机drbd设备------\n" >>/tmp/nfs-chk.log
drbdadm secondary jumpserver &>>/tmp/nfs-chk.log
umount /dev/drbd0 &>>/tmp/nfs-chk.log &>>/tmp/nfs-chk.log
fi
fi
bash# vim /etc/keepalive/notify_stop.sh
#!/bin/bash
time=`date "+%F %H:%M:%S"`
echo -e "$time ------开始切换到备用服务器------\n" >>/tmp/nfs-chk.log
systemctl stop nfs-server &>>/tmp/nfs-chk.log # 停止nfs服务
umount /opt/nfsdata &>>/tmp/nfs-chk.log # 卸载drbd设备
drbdadm secondary jumoserver &>>/tmp/nfs-chk.log # 将drbd主降级为备
time=`date "+%F %H:%M:%S"`
echo -e "$time ------切换结束!------\n" >>/tmp/nfs-chk.log
sleep 2
systemctl start keepalived # 再开启keepalived
echo -e "$time ------开启Keepalived------\n" >>/tmp/nfs-chk.log
# keepalive停服的时候执行的 但是好像不能自己启动自己 除非是自己运行的这个脚本
目录