HA-web-services

一、HA部署

 本次实验的程序选型为heartbeat v1 + hearesources。资源有IP和httpd，filesystem

    配置HA集群的前提：

        （1）各节点资源一致，硬件或软件环境一致

        （2）各节点时间保持一致，便于心跳传递，使用ntp协议实现

#使用ntpdate命令同步时间，并建立周期性任务
#可使用任意节点服务器作为ntp时间服务器，如各节点可上公网，可直接指定公网ntp服务器
 
1、安装ntp
[root@jymlinux ~]# yum install -y ntp
[root@jymlinux ~]# vim /etc/ntp.conf           #修改配置文件允许本网段客户端获取地址
将下面的语句
restrict default kod nomodify notrap nopeer noquery
修改为
restrict default nomodify 
restrict 192.168.0.0 mask 255.255.255.0 nomodify
 
[root@jymlinux ~]# service ntpd start
Starting ntpd:                                             [  OK  ]
 
查看同步过程
[root@jymlinux ~]# ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
*202.118.1.81    202.118.1.47     2 u   30   64    1   92.249    8.602   0.714
 202.112.31.197  .INIT.          16 u    -   64    0    0.000    0.000   0.000
 
2、客户端创建周期任务，每3秒同步时间
[root@centfils ~]# crontab -e
*/3 * * * * /usr/sbin/ntpdate 192.168.0.16 &> /dev/null
[root@centfils ~]# service crond start
 
 
#手动同步成功，因ntp一般为自动，手动前kill掉所有ntp进程即可
[root@centfils ~]# ntpdate 192.168.0.16
14 Nov 20:26:09 ntpdate[3786]: adjust time server 192.168.0.16 offset -0.004440 sec
 
3、时间同步
[root@jymlinux ~]# date; ssh 192.168.0.15 'date'
Mon Nov 14 20:36:17 CST 2016
root@192.168.0.15's password: 
Mon Nov 14 20:36:20 CST 2016

       （3）节点间需要通过主机名互相通信，必须解析主机至IP地址

            （a）建议名称解析功能使用hosts文件来实现

            （b）通信中使用的名字与节点名字必须保持一致 “uname -n” 或hostname展示出的名字保持一致

 

[root@jymlinux ~]# vim /etc/hosts
192.168.0.15   centfils
192.168.0.16   jymlinux

 

　　（4）关于仲裁设备（共享硬盘或网关），如有偶数个节点，比如2个，应启用仲裁设备，奇数无需启用，大偶数也可以无需仲裁设备

       （5）配置各节点之间的root用户能够给予密钥认证

1、生成密钥对
[root@centfils ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
a8:ad:2c:23:83:60:ff:36:73:9d:09:24:37:ae:da:c9 root@centfils
The key's randomart image is:
+--[ RSA 2048]----+
|                 |
|                 |
|                 |
|     . =         |
|      * S        |
|..   o o         |
|+ . . o o o      |
|+ ooo*.. +       |
| o +*E+          |
+-----------------+
 
2、把公钥传输至远程服务器对应用户的家目录
[root@centfils ~]# ssh-copy-id -i .ssh/id_rsa.pub root@192.168.0.16
The authenticity of host '192.168.0.16 (192.168.0.16)' can't be established.
RSA key fingerprint is e5:84:6c:f7:c0:60:3d:0b:39:b6:1e:12:0d:48:8b:07.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.0.16' (RSA) to the list of known hosts.
root@192.168.0.16's password: 
Now try logging into the machine, with "ssh 'root@192.168.0.16'", and check in:
 
  .ssh/authorized_keys
 
to make sure we haven't added extra keys that you weren't expecting.
 
3、测试
[root@jymlinux ~]# date; ssh root@192.168.0.15 'date'
Mon Nov 14 21:02:30 CST 2016
Mon Nov 14 21:02:30 CST 2016

密钥认证