野火烧不尽
春风吹又生
当前位置:自由阿草 > 操作系统 > Linux > 正文

Centos下DNS+NamedManager高可用部署方案完整记录

2020-12-12 分类:Linux / 服务器 阅读(1580) 评论(0)

1)机器环境

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
主机名            ip地址          
dns01.kevin.cn   192.168.10.202  
dns02.kevin.cn   192.168.10.203  
VIP地址:192.168.10.190
  
两台机器做好主机名及hosts绑定
[root@dns01 ~]# vim /etc/hosts
......
192.168.10.202   dns01.kevin.cn
192.168.10.203   dns02.kevin.cn
192.168.10.190   dns.kevin.cn    
  
四台机器都是centos6.9系统
[root@dns01 ~]# cat /etc/redhat-release
CentOS release 6.9 (Final)
  
关闭四台机器的iptables和selinux
[root@dns01 ~]# /etc/init.d/iptables stop
[root@dns01 ~]# setenforce 0
[root@dns01 ~]# vim /etc/sysconfig/selinux
......
SELINUX=disabled
  
同步四台机器的系统时间
[root@dns01 ~]# yum install -y ntpdate
[root@dns01 ~]# ntpdate ntp1.aliyun.com

2)安装namedmanager(在192.168.10.202和192.168.10.203两台机器上同样操作)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
[root@dns01 ~]# yum install perl httpd mod_ssl mysql-server php php-intl php-ldap php-mysql php-soap php-xml
修改/etc/httpd/conf/httpd.conf
.......
ServerName dns.kevin.cn:80
[root@dns01 ~]# service mysqld start
[root@dns01 ~]# service httpd start
[root@dns01 ~]# lsof -i:3306
[root@dns01 ~]# lsof -i:80
[root@dns01 ~]# chkconfig mysqld on
[root@dns01 ~]# chkconfig httpd on
[root@dns02 ~]# mysqladmin -u root password 123456
[root@dns02 ~]# mysql -p123456                      #验证下是否能登录进去
下载并安装namedmanager
[root@dns01 ~]# cd /usr/local/src/
[root@dns01 src]# wget http://repos.jethrocarr.com/pub/amberdms/linux/centos/6/amberdms-custom/i386/namedmanager-www-1.8.0-1.el6.noarch.rpm
[root@dns01 src]# rpm -Uvh namedmanager-www-1.8.0-1.el6.noarch.rpm --force
[root@dns01 src]# cd /usr/share/namedmanager/resources/
[root@dns01 resources]# ./autoinstall.pl
autoinstall.pl
This script setups the NamedManager database components:
 * NamedManager MySQL user               #默认会创建登录Mysql的用户名NamedManager
 * NamedManager database                 #默认会创建NamedManager数据库名
 * NamedManager configuration files      #默认会创建NamedManager的配置文件
THIS SCRIPT ONLY NEEDS TO BE RUN FOR THE VERY FIRST INSTALL OF NAMEDMANAGER.
DO NOT RUN FOR ANY OTHER REASON
Please enter MySQL root password (if any): 123456               #输入上面设置的mysql密码
Searching ../sql/ for latest install schema...
../sql//version_20131222_install.sql is the latest file and will be used for the install.
Importing file ../sql//version_20131222_install.sql
Creating user...
Updating configuration file...
DB installation complete!
You can now login with the default username/password of setup/setup123 at http://localhost/namedmanager

3)安装和配置bind9(在192.168.10.202和192.168.10.203两台机器上同样操作)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
[root@dns01 ~]# cd /usr/local/src/
[root@dns01 src]# yum install bind php-process
[root@dns01 src]# wget http://repos.jethrocarr.com/pub/amberdms/linux/centos/6/amberdms-custom/i386/namedmanager-bind-1.8.0-1.el6.noarch.rpm
[root@dns01 src]# rpm -Uvh namedmanager-bind-1.8.0-1.el6.noarch.rpm --force
修改/etc/named.conf
[root@dns01 src]# cp /etc/named.conf /etc/named.conf.bak
[root@dns01 src]# vim /etc/named.conf
options {
        listen-on port 53 { any; };
        directory "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { any; };
        allow-query-cache     { any; };
        recursion yes;
        forward first;
        forwarders {
            223.5.5.5;
            223.6.6.6;
            8.8.8.8;
            8.8.4.4;
          };
 
        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;
 
        bindkeys-file "/etc/named.iscdlv.key";
        managed-keys-directory "/var/named/dynamic";
 
        };
  
logging {                          
        channel default_debug {
        file "data/named.run";
        severity dynamic;
        };
};
  
zone "." {
        type hint;     
        file "named.ca";
        };
  
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
include "/etc/named.namedmanager.conf";
启动named服务
[root@dns01 src]# service named start
Generating /etc/rndc.key:                                  [  OK  ]
Starting named:                                            [  OK  ]
--------------------------------------------------------------------------
上面已经提前关闭了iptables和selinux。
如果防火墙打开了,则需要开启下面策略:
[root@dns01 src]# iptables -F
[root@dns01 src]# iptables -P INPUT DROP
[root@dns01 src]# iptables -P FORWARD DROP
[root@dns01 src]# iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
[root@dns01 src]# iptables -A INPUT -i lo -p all -j ACCEPT
[root@dns01 src]# iptables -A INPUT -p icmp -j ACCEPT
[root@dns01 src]# iptables -A INPUT -p tcp --dport 22 -j ACCEPT
[root@dns01 src]# iptables -A INPUT -p tcp --dport 53 -j ACCEPT
[root@dns01 src]# iptables -A INPUT -p udp --dport 53 -j ACCEPT
[root@dns01 src]# iptables -A INPUT -p tcp --dport 80 -j ACCEPT
[root@dns01 src]# iptables -A INPUT -p tcp --dport 443 -j ACCEPT
--------------------------------------------------------------------------
禁用IPV6。添加域名记录(正向解析与反向解析)。设置开机启动服务,并重启服务器。
[root@dns01 src]# vim /etc/modprobe.d/dist.conf
.......
alias net-pf-10 off
alias ipv6 off
chkconfig ip6tables off
[root@dns01 src]# chkconfig httpd on
[root@dns01 src]# chkconfig mysqld on
[root@dns01 src]# chkconfig named on
[root@dns01 src]# init 6                     #重启机器
重启之后,登录机器验证下httpd、mysqld和named服务是否如实开机启动了
[root@dns01 ~]# ps -ef|grep mysql
[root@dns01 ~]# ps -ef|grep http
[root@dns01 ~]# ps -ef|grep named
测试登录mysql
[root@dns01 ~]# mysql -p123456
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2)
[root@dns01 ~]# ll /var/lib/mysql/mysql.sock
ls: cannot access /var/lib/mysql/mysql.sock: No such file or directory
[root@dns01 ~]# ln -s /usr/local/mysql/var/mysql.sock /var/lib/mysql/mysql.sock
[root@dns01 ~]# ll /var/lib/mysql/mysql.sock
lrwxrwxrwx. 1 root root 31 Jun  1 17:14 /var/lib/mysql/mysql.sock -> /usr/local/mysql/var/mysql.sock
[root@dns01 ~]# mysql -p123456         #这时就能顺利登录mysql数据库了

4)安装keepalived(192.168.10.202和192.168.10.203两台机器上同样操作)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
[root@dns01 ~]# cd /usr/local/src/
[root@dns01 src]# wget http://www.keepalived.org/software/keepalived-1.3.2.tar.gz
[root@dns01 src]# tar -zvxf keepalived-1.3.2.tar.gz
[root@dns01 src]# cd keepalived-1.3.2
[root@dns01 keepalived-1.3.2]# ./configure && make && make install
[root@dns01 keepalived-1.3.2]# cp /usr/local/src/keepalived-1.3.2/keepalived/etc/init.d/keepalived /etc/rc.d/init.d/
[root@dns01 keepalived-1.3.2]# cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/
[root@dns01 keepalived-1.3.2]# mkdir /etc/keepalived
[root@dns01 keepalived-1.3.2]# cp /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/
[root@dns01 keepalived-1.3.2]# cp /usr/local/sbin/keepalived /usr/sbin/
[root@dns01 keepalived-1.3.2]# echo "/etc/init.d/keepalived start" >> /etc/rc.local
keepalived.conf配置
------------------------------------------
192.168.10.202机器的keepalived.conf配置
[root@dns01 ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
[root@dns01 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived     #全局定义
  
global_defs {
notification_email {
ops@kevin.cn
}
  
notification_email_from ops@kevin.cn
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id master-node
}
  
vrrp_script chk_http_port {
    script "/opt/chk_http.sh"
    interval 2
    weight -5
    fall 2
    rise 1
}
  
vrrp_instance VI_1 {
    state MASTER
    interface eth0
    mcast_src_ip 192.168.10.202
    virtual_router_id 51
    priority 101
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.10.190
    }
 
track_script {
   chk_http_port
}
}
编写httpd监控脚本
[root@dns01 ~]# vim /opt/chk_http.sh
#!/bin/bash
counter=$(netstat -na|grep "LISTEN"|grep "80"|wc -l)
if "${counter}" "0" ]; then
       service httpd start >/dev/null 2>&1
    sleep 2
    counter=$(netstat -na|grep "LISTEN"|grep "80"|wc -l)
    if "${counter}" "0" ]; then
       /etc/init.d/keepalived stop
    fi
fi
必须要给此脚本授予执行权限
[root@dns01 ~]# chmod 755 /opt/chk_http.sh
-----------------------------------------
192.168.10.203机器的keepalived.conf配置
[root@dns02 ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak
[root@dns02 ~]# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived   
  
global_defs {
notification_email {               
ops@kevin.cn                    
}
  
notification_email_from ops@kevin.cn 
smtp_server 127.0.0.1                   
smtp_connect_timeout 30                
router_id slave-node                   
}
  
vrrp_script chk_http_port {        
    script "/opt/chk_http.sh"
    interval 2                     
    weight -5                      
    fall 2                  
    rise 1                 
}
  
vrrp_instance VI_1 {           
    state BACKUP          
    interface eth0           
    mcast_src_ip 192.168.10.203
    virtual_router_id 51       
    priority 99              
    advert_int 1              
    authentication {           
        auth_type PASS        
        auth_pass 1111         
    }
    virtual_ipaddress {       
        192.168.10.190
    }
 
track_script {                    
   chk_http_port                
}
 
}
编写httpd监控脚本
[root@dns02 ~]# vim /opt/chk_http.sh
#!/bin/bash
counter=$(netstat -na|grep "LISTEN"|grep "80"|wc -l)
if "${counter}" "0" ]; then
       service httpd start >/dev/null 2>&1
    sleep 2
    counter=$(netstat -na|grep "LISTEN"|grep "80"|wc -l)
    if "${counter}" "0" ]; then
       /etc/init.d/keepalived stop
    fi
fi
必须要给此脚本授予执行权限
[root@dns02 ~]# chmod 755 /opt/chk_http.sh
-----------------------------------------------------
分别启动两台机器的keepalived服务
[root@dns01 ~]# /etc/init.d/keepalived start
[root@dns01 ~]# ps -ef|grep keep
[root@dns02 ~]# /etc/init.d/keepalived start
[root@dns02 ~]# ps -ef|grep keepalived
检查两台机器的ip,发现vip此时已经漂到192.168.10.202这台机器上
[root@dns01 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 52:54:00:6f:a5:e3 brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.202/24 brd 192.168.10.255 scope global eth0
    inet 192.168.10.190/32 scope global eth0
    inet6 fe80::5054:ff:fe6f:a5e3/64 scope link
       valid_lft forever preferred_lft forever
[root@dns02 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 52:54:00:e2:01:9b brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.203/24 brd 192.168.10.255 scope global eth0
    inet6 fe80::5054:ff:fee2:19b/64 scope link
       valid_lft forever preferred_lft forever
-------------------------------------------------
测试下故障转移
先关闭192.168.10.202机器的httpd程序,发现关闭后会很快重启起来(最多2秒钟),这是因为keepalived程序里引用了/opt/chk_http.sh监控脚本。
同样关闭192168.10.203机器的httpd程序,也是很快重启起来。
根据/opt/chk_httpd.sh脚本可知,httpd程序挂掉后会自动重启,只有当httpd程序重启失败后,才会强制kill掉keepalived服务,这时vip也会转移到另一台节点。
[root@dns01 keepalived]# killall -9 httpd
[root@dns01 keepalived]# ps -ef|grep http
root     23661 23660  0 21:30 ?        00:00:00 /bin/bash /opt/chk_http.sh
root     23682     1  1 21:30 ?        00:00:00 /usr/sbin/httpd
apache   23685 23682  0 21:30 ?        00:00:00 /usr/sbin/httpd
apache   23686 23682  0 21:30 ?        00:00:00 /usr/sbin/httpd
apache   23687 23682  0 21:30 ?        00:00:00 /usr/sbin/httpd
apache   23688 23682  0 21:30 ?        00:00:00 /usr/sbin/httpd
apache   23689 23682  0 21:30 ?        00:00:00 /usr/sbin/httpd
apache   23690 23682  0 21:30 ?        00:00:00 /usr/sbin/httpd
apache   23691 23682  0 21:30 ?        00:00:00 /usr/sbin/httpd
apache   23692 23682  0 21:30 ?        00:00:00 /usr/sbin/httpd
root     23694 21411  0 21:30 pts/1    00:00:00 grep http
在测试关闭192.168.10.202机器的keepalived服务,发现vip资源会自动漂移到192.168.10.203机器上。
当192.168.10.202机器的keepalived服务恢复后,vip资源会再次转移回来。
[root@dns01 ~]# /etc/init.d/keepalived stop
[root@dns01 ~]# ps -ef|grep keeplived
root     24854 21411  0 21:36 pts/1    00:00:00 grep keeplived
[root@dns01 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 52:54:00:6f:a5:e3 brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.202/24 brd 192.168.10.255 scope global eth0
    inet6 fe80::5054:ff:fe6f:a5e3/64 scope link
       valid_lft forever preferred_lft forever
[root@dns02 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 52:54:00:e2:01:9b brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.203/24 brd 192.168.10.255 scope global eth0
    inet 192.168.10.190/32 scope global eth0
    inet6 fe80::5054:ff:fee2:19b/64 scope link
       valid_lft forever preferred_lft forever
可以查看两台机器的/var/log/messages日志,可以看到vip资源的转移过程。
[root@dns01 ~]# /etc/init.d/keepalived start
Starting keepalived:                                       [  OK  ]
[root@dns01 ~]# ps -ef|grep keepalived
root     24877     1  0 21:37 ?        00:00:00 keepalived -D
root     24878 24877  0 21:37 ?        00:00:00 keepalived -D
root     24879 24877  0 21:37 ?        00:00:00 keepalived -D
root     24939 21411  0 21:38 pts/1    00:00:00 grep keepalived
192.168.10.202机器的keepalived服务恢复后,vip资源会再次转移回来。
[root@dns01 ~]# /etc/init.d/keepalived start
Starting keepalived:                                       [  OK  ]
[root@dns01 ~]# ps -ef|grep keepalived
root     24877     1  0 21:37 ?        00:00:00 keepalived -D
root     24878 24877  0 21:37 ?        00:00:00 keepalived -D
root     24879 24877  0 21:37 ?        00:00:00 keepalived -D
root     24939 21411  0 21:38 pts/1    00:00:00 grep keepalived
[root@dns01 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 52:54:00:6f:a5:e3 brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.202/24 brd 192.168.10.255 scope global eth0
    inet 192.168.10.190/32 scope global eth0
    inet6 fe80::5054:ff:fe6f:a5e3/64 scope link
       valid_lft forever preferred_lft forever
[root@dns02 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 52:54:00:e2:01:9b brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.203/24 brd 192.168.10.255 scope global eth0
    inet6 fe80::5054:ff:fee2:19b/64 scope link
       valid_lft forever preferred_lft forever

5)配置namedmanager(两台机器都要操作)

1
2
3
4
5
6
[root@dns01 ~]# cp /etc/namedmanager/config-bind.php /etc/namedmanager/config-bind.php.bak
[root@dns01 ~]# vim /etc/namedmanager/config-bind.php
......
$config["api_url"]      = "http://192.168.10.190/namedmanager";
$config["api_server_name"]  = "dns.kevin.cn";
$config["api_auth_key"]     = "DNS";  

6)配置两台机器的mysql主主关系

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
首先确保两台机器能使用上面创建的NamedManager用户名和123456密码登录,如果登录不了,则访问NamedManager界面时会失败。
[root@dns02 ~]# mysql -hlocalhost -uNamedManager -p123456
ERROR 1045 (28000): Access denied for user 'NamedManager'@'localhost' (using password: YES)
这就需要授权mysql登录
[root@dns01 ~]# mysql -p123456
.......
mysql> grant all on *.* to NamedManager@192.168.10.202 identified by "123456";
Query OK, 0 rows affected (0.11 sec)
mysql> grant all on *.* to NamedManager@localhost identified by "123456";
Query OK, 0 rows affected (0.02 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.04 sec)
验证登录
[root@dns01 ~]# mysql -hlocalhost -uNamedManager -p123456
......
mysql>
-------------------------------------------------------------
192.168.10.202机器上的mysql设置
[root@dns01 ~]# cp /etc/my.cnf /etc/my.cnf.bak
[root@dns01 ~]# vim /etc/my.cnf                  #在[mysqld]区域里添加下面几行内容
......
server-id = 1        
log-bin = mysql-bin    
sync_binlog = 1
binlog_format = mixed
auto-increment-increment = 2    
auto-increment-offset = 1   
slave-skip-errors = all
重启mysqld服务
[root@dns01 log]# /etc/init.d/mysqld restart
Stopping mysqld:                                           [  OK  ]
Starting mysqld:                                           [  OK  ]
数据同步授权,这样I/O线程就可以以这个用户的身份连接到主服务器,并且读取它的二进制日志。
[root@dns01 log]# mysql -p123456
......
mysql> grant replication slave,replication client on *.* to kevin@'192.168.10.%' identified by "kevin@123";
mysql> flush privileges;
最好将库锁住,仅仅允许读,以保证数据一致性;待主主同步环境部署后再解锁;
锁住后,就不能往表里写数据,但是重启mysql服务后就会自动解锁!
mysql> flush tables with read lock;
mysql> show master status;
+------------------+----------+--------------+------------------+
| File             | Position | Binlog_Do_DB | Binlog_Ignore_DB |
+------------------+----------+--------------+------------------+
| mysql-bin.000001 |      365 |              |                  |
+------------------+----------+--------------+------------------+
1 row in set (0.00 sec)
--------------------------------------------------------------------
192.168.10.203机器上的mysql设置
[root@dns02 ~]# cp /etc/my.cnf /etc/my.cnf.bak
[root@dns02 ~]# vim /etc/my.cnf
.......
server-id = 2       
log-bin = mysql-bin   
sync_binlog = 1
binlog_format = mixed
auto-increment-increment = 2    
auto-increment-offset = 2   
slave-skip-errors = all
[root@dns02 ~]# /etc/init.d/mysqld restart
Stopping mysqld:                                           [  OK  ]
Starting mysqld:                                           [  OK  ]
[root@dns02 ~]# mysql -p123456
.......
mysql> grant replication slave,replication client on *.* to kevin@'192.168.10.%' identified by "kevin@123";
mysql> flush privileges;
mysql> flush tables with read lock;
mysql> show master status;
+------------------+----------+--------------+------------------+
| File             | Position | Binlog_Do_DB | Binlog_Ignore_DB |
+------------------+----------+--------------+------------------+
| mysql-bin.000001 |      365 |              |                  |
+------------------+----------+--------------+------------------+
1 row in set (0.00 sec)
---------------192.168.10.202服务器做同步操作---------------
mysql> unlock tables;
Query OK, 0 rows affected (0.00 sec)
mysql> slave stop;
Query OK, 0 rows affected, 1 warning (0.00 sec)
mysql> change  master to master_host='192.168.10.203',master_user='kevin',master_password='kevin@123',master_log_file='mysql-bin.000001',master_log_pos=365;
Query OK, 0 rows affected (0.20 sec)
mysql> start slave;
Query OK, 0 rows affected (0.00 sec)
mysql> show slave status \G;
.......
*************************** 1. row ***************************
               Slave_IO_State: Waiting for master to send event
                  Master_Host: 192.168.10.203
                  Master_User: kevin
                  Master_Port: 3306
                Connect_Retry: 60
              Master_Log_File: mysql-bin.000001
          Read_Master_Log_Pos: 365
               Relay_Log_File: mysqld-relay-bin.000002
                Relay_Log_Pos: 251
        Relay_Master_Log_File: mysql-bin.000001
             Slave_IO_Running: Yes
            Slave_SQL_Running: Yes
.......
.......
---------------192.168.10.203服务器做同步操作---------------
mysql> unlock tables;
Query OK, 0 rows affected (0.00 sec)
mysql> slave stop;
Query OK, 0 rows affected, 1 warning (0.00 sec)
mysql> change  master to master_host='192.168.10.202',master_user='kevin',master_password='kevin@123',master_log_file='mysql-bin.000001',master_log_pos=365;
Query OK, 0 rows affected (0.18 sec)
mysql> start slave;
Query OK, 0 rows affected (0.00 sec)
mysql> show slave status \G;
*************************** 1. row ***************************
               Slave_IO_State: Waiting for master to send event
                  Master_Host: 192.168.10.202
                  Master_User: kevin
                  Master_Port: 3306
                Connect_Retry: 60
              Master_Log_File: mysql-bin.000001
          Read_Master_Log_Pos: 365
               Relay_Log_File: mysqld-relay-bin.000002
                Relay_Log_Pos: 251
        Relay_Master_Log_File: mysql-bin.000001
             Slave_IO_Running: Yes
            Slave_SQL_Running: Yes
.......
.......
到这里,192.168.10.202和192.168.10.203两台机器的mysql主主关系就配置成功了。下面测试下:
首先在192.168.10.202的mysql数据库上添加数据:
[root@dns01 log]# mysql -p123456
.....
mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| namedmanager       |
test               |
+--------------------+
4 rows in set (0.00 sec)
mysql> create database kevin;
Query OK, 1 row affected (0.04 sec)
然后到192.168.10.203机器的mysql数据库上验证并变更数据
[root@dns02 ~]# mysql -p123456
.......
mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| kevin              |
| mysql              |
| namedmanager       |
test               |
+--------------------+
5 rows in set (0.00 sec)
mysql> drop database kevin;
Query OK, 0 rows affected (0.03 sec)
mysql> create database bobo;
Query OK, 1 row affected (0.08 sec)
再到192.168.10.202机器的mysql数据库上验证
[root@dns01 log]# mysql -p123456
......
mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| bobo               |
| mysql              |
| namedmanager       |
test               |
+--------------------+
5 rows in set (0.00 sec)
mysql> drop database bobo;
Query OK, 0 rows affected (0.05 sec)

7)在192.168.10.202和12.168.10.203两台机器上配置相关数据的同步关系。 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
先做好两台机器的ssh相互信任关系。
[root@dns01 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub '-p22 root@192.168.10.203'
[root@dns02 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub '-p22 root@192.168.10.202'
验证两机之间的ssh互信
[root@dns01 ~]# ssh -p22 root@192.168.10.203
[root@dns02 ~]#
[root@dns02 httpd]# ssh -p22 root@192.168.10.202
[root@dns01 ~]#
------------------------------------------------------------
现在192.168.10.202机器上做同步,判断VIP资源是否存在本机,如果存在就同步到另一台机器上。
[root@dns01 ~]# vim /opt/rsync_dns.sh
#!/bin/bash
while "1" "1" ]
do
  NUM=`ip addr|grep 192.168.10.190|wc -l`
  if [ $NUM -eq 0 ];then
     echo "vip is not at this server" >/dev/null 2>&1
  fi
 
  if [ $NUM -eq 1 ];then
     /usr/bin/rsync -e "ssh -p22" -avpgolr /etc/named.conf root@192.168.10.203:/etc/
     /usr/bin/rsync -e "ssh -p22" -avpgolr /var/named/*.zone root@192.168.10.203:/var/named/
  fi
done
授予脚本执行权限,并启动脚本
[root@dns01 ~]# chmod 755 /opt/rsync_dns.sh
[root@dns01 ~]# nohup sh /opt/rsync_dns.sh &
[root@dns01 ~]# ps -ef|grep rsync_dns.sh
root      6310 21411  0 22:33 pts/1    00:00:00 sh /opt/rsync_dns.sh
root      6508 21411  0 22:33 pts/1    00:00:00 grep rsync_dns.sh
-----------------------------------------------------------------
然后在192.168.10.203机器上做同步:
[root@dns02 httpd]# vim /opt/rsync_dns.sh
#!/bin/bash
while "1" "1" ]
do
  NUM=`ip addr|grep 192.168.10.190|wc -l`
  if [ $NUM -eq 0 ];then
     echo "vip is not at this server" >/dev/null 2>&1
  fi
 
  if [ $NUM -eq 1 ];then
     /usr/bin/rsync -e "ssh -p22" -avpgolr /etc/named.conf root@192.168.10.202:/etc/
     /usr/bin/rsync -e "ssh -p22" -avpgolr /var/named/*.zone root@192.168.10.202:/var/named/
  fi
done
授予脚本执行权限,并启动脚本
[root@dns02 httpd]# chmod 755 /opt/rsync_dns.sh
[root@dns02 httpd]# nohup sh /opt/rsync_dns.sh &
[root@dns02 httpd]# ps -ef|grep rsync_dns.sh
root     12578  5466  0 22:35 pts/1    00:00:00 grep rsync_dns.sh
root     32124  5466  8 22:35 pts/1    00:00:00 sh /opt/rsync_dns.sh

8)访问namedmanager(https://192.168.10.190/namedmanager)进行界面配置。(由于此时vip资源在192.168.10.202机器上,故配置信息从192.168.10.202机器同步到192.168.10.203机器)。默认用户名和密码(setup,setup123)。不要忘记在用户管理中修改用户名和密码。

重置管理员用户名和密码(由于两台服务器的mysql做了主主关系,修改后的信息同样会同步到另一台机器的mysql数据库里,即修改后的管理员账号密码同样适用于另一台机器的namedmanager登录)

接着设置API key(如下图。设置邮箱地址和API key,这个key是在上面的/etc/namedmanager/config-bind.php文件中设置的)

添加服务器。Name Server FQDN的名称要和httpd中的ServerName一致。(如下添加部署机的主机名或者ip地址都可以)

确保下面的”Zonefile Status”和”Logging Status”的状态是绿色的。

添加正向域名解析

添加反向域名解析(如果有多个ip段的客户机,那么就如下图添加多个反向解析配置)

查看正反向解析域名添加情况

上面已经成功添加了正反向解析域名,现在尝试添加一些域名的A记录和PTR记录
先添加A正向解析记录

由于上面在添加A正向解析的时候,已经勾选了PTR反向解析(如果没有勾选,则需要手动添加PTR反向解析记录),故这时候已经有了上面那几个域名的反向解析记录了:

如上,已经添加了几个正反向解析记录,可以访问https://192.168.10.203/namedmanager,发现访问另一台机器的namedmanager(使用上面重置后的admin用户)也会看到上面设置的正反向解析配置信息。这就说明双机同步已经生效。

可以登录到两台机器本机上查看相关的正反向解析配置:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
[root@dns01 ~]# cd /var/named/
[root@dns01 named]# ll
total 36
-rw-r--r--. 1 root  root   614 Jun  3 23:42 10.168.192.in-addr.arpa.zone
drwxrwx---. 2 named named 4096 Jun  3 03:21 data
drwxrwx---. 2 named named 4096 Jun  3 23:05 dynamic
-rw-r--r--. 1 root  root   575 Jun  3 23:42 kevin.cn.zone
-rw-r-----. 1 root  named 3289 Apr 11  2017 named.ca
-rw-r-----. 1 root  named  152 Dec 15  2009 named.empty
-rw-r-----. 1 root  named  152 Jun 21  2007 named.localhost
-rw-r-----. 1 root  named  168 Dec 15  2009 named.loopback
drwxrwx---. 2 named named 4096 Jan 22 20:57 slaves
[root@dns01 ~]# cat /etc/named.namedmanager.conf
//
// NamedManager Configuration
//
// This file is automatically generated any manual changes will be lost.
//
zone "kevin.cn" IN {
    type master;
    file "kevin.cn.zone";
    allow-update { none; };
};
zone "10.168.192.in-addr.arpa" IN {
    type master;
    file "10.168.192.in-addr.arpa.zone";
    allow-update { none; };
};
[root@dns01 named]# cat kevin.cn.zone
$ORIGIN kevin.cn.
$TTL 120
@       IN SOA dns.kevin.cn. wangshbo.veredholdings.com. (
            2018060311 ; serial
            21600 ; refresh
            3600 ; retry
            604800 ; expiry
            120 ; minimum ttl
        )
 
; Nameservers
 
kevin.cn.   86400 IN NS dns.kevin.cn.
 
; Mailservers
 
 
; Reverse DNS Records (PTR)
 
 
; CNAME
 
 
; HOST RECORDS
 
db01    120 IN A 192.168.10.239
db02    120 IN A 192.168.10.212
dns 120 IN A 192.168.10.190
dns01   120 IN A 192.168.10.202
dns02   120 IN A 192.168.10.203
ftp01   120 IN A 192.168.10.209
nc-app  120 IN A 192.168.10.210
web01   120 IN A 192.168.10.214
web02   120 IN A 192.168.10.215
[root@dns01 named]# cat 10.168.192.in-addr.arpa.zone
$ORIGIN 10.168.192.in-addr.arpa.
$TTL 120
@       IN SOA dns.kevin.cn. wangshbo.veredholdings.com. (
            2018060310 ; serial
            21600 ; refresh
            3600 ; retry
            604800 ; expiry
            120 ; minimum ttl
        )
 
; Nameservers
 
10.168.192.in-addr.arpa.    86400 IN NS dns.kevin.cn.
 
; Mailservers
 
 
; Reverse DNS Records (PTR)
 
190 120 IN PTR dns.kevin.cn.
202 120 IN PTR dns01.kevin.cn.
203 120 IN PTR dns02.kevin.cn.
209 120 IN PTR ftp01.kevin.cn.
210 120 IN PTR nc-app.kevin.cn.
212 120 IN PTR db02.kevin.cn.
214 120 IN PTR web01.kevin.cn.
215 120 IN PTR web02.kevin.cn.
239 120 IN PTR db01.kevin.cn.
 
; CNAME
 
 
; HOST RECORDS

9)客户机的DNS配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
root@localhost ~]# ifconfig|grep 192
          inet addr:192.168.10.207  Bcast:192.168.10.255  Mask:255.255.255.0
[root@localhost ~]# vim /etc/resolv.conf
domain kevin.cn
search kevin.cn
nameserver 192.168.10.190
[root@localhost ~]# ping www.baidu.com
PING www.a.shifen.com (61.135.169.121) 56(84) bytes of data.
64 bytes from 61.135.169.121: icmp_seq=1 ttl=55 time=2.23 ms
64 bytes from 61.135.169.121: icmp_seq=2 ttl=55 time=2.71 ms
64 bytes from 61.135.169.121: icmp_seq=1 ttl=55 time=2.23 ms
64 bytes from 61.135.169.121: icmp_seq=2 ttl=55 time=2.71 ms
......
......
[root@localhost ~]# ping ftp01.kevin.cn
PING ftp01.kevin.cn (192.168.10.209) 56(84) bytes of data.
64 bytes from ftp01.kevin.cn (192.168.10.209): icmp_seq=1 ttl=64 time=1.25 ms
64 bytes from ftp01.kevin.cn (192.168.10.209): icmp_seq=2 ttl=64 time=0.121 ms
[root@localhost ~]# ping db02.kevin.cn
PING db02.kevin.cn (192.168.10.212) 56(84) bytes of data.
64 bytes from db02.kevin.cn (192.168.10.212): icmp_seq=1 ttl=64 time=0.408 ms
64 bytes from db02.kevin.cn (192.168.10.212): icmp_seq=2 ttl=64 time=0.199 ms
故障切换验证:
关闭192.168.10.202上的keepalived服务,当vip资源切换到192.168.10.203机器上后,
再次在客户机上测试
[root@dns01 ~]# /etc/init.d/keepalived stop
Stopping keepalived:                                       [  OK  ]
[root@dns01 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 52:54:00:6f:a5:e3 brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.202/24 brd 192.168.10.255 scope global eth0
    inet6 fe80::5054:ff:fe6f:a5e3/64 scope link
       valid_lft forever preferred_lft forever
[root@dns02 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 52:54:00:e2:01:9b brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.203/24 brd 192.168.10.255 scope global eth0
    inet 192.168.10.190/32 scope global eth0
    inet6 fe80::5054:ff:fee2:19b/64 scope link
       valid_lft forever preferred_lft forever
当vip资源转移到另一台机器后,客户机上的DNS就会继续生效了。
[root@localhost ~]# ping www.qq.com
PING news.qq.com (125.39.52.26) 56(84) bytes of data.
64 bytes from no-data (125.39.52.26): icmp_seq=1 ttl=52 time=4.32 ms
64 bytes from no-data (125.39.52.26): icmp_seq=2 ttl=52 time=4.15 ms
[root@localhost ~]# ping web02.kevin.cn
PING web02.kevin.cn (192.168.10.215) 56(84) bytes of data.
64 bytes from web02.kevin.cn (192.168.10.215): icmp_seq=1 ttl=64 time=2.14 ms
64 bytes from web02.kevin.cn (192.168.10.215): icmp_seq=2 ttl=64 time=0.143 ms
如果上面不做两台机器的mysql主主以及那些dns相关同步配置,那么要想实现主机高可用(提供统一的vip访问地址),就需要将DNS的解析配置在192.168.10.202和192.168.10.203
两台机器的namedmanager界面里同样操作,即每次都要操作两遍。
赞(3)
未经允许不得转载:自由阿草 » Centos下DNS+NamedManager高可用部署方案完整记录

相关推荐

置顶推荐

网站统计

  • 日志总数:132
  • 页面总数:0
  • 分类总数:28
  • 最后更新:2024-11-14

近期文章

Docker (16)Python (14)AI (6)Deepin (3)等保2.0 (3)IPv6 (2)macOS (2)华为 (1)函数 (1)Linux (1)UOS (1)音乐 (1)伴奏 (1)杜甫 (1)DNS (1)黑洞 (1)照片 (1)LTSC (1)任正非 (1)vCenter (1)root (1)密码策略 (1)小说 (1)黑群晖 (1)群晖 (1)Video Station (1)偷拍 (1)装饰器 (1)自适应布局 (1)移动端 (1)

自由阿草

联系我们联系我们