3. Implement HA-LAMP combination based on heartbeat v2 crm; Require that wordpress be deployed, and any data in the edited articles can be accessed normally after node switching;
Introduce networking:
All devices use CentOS 6.8 operating system
Two servers are configured with LAMP, IP addresses 192.168.255.128 and 192.168.255.129
Virtual ip address: 192.168.255.200
The heartbeat addresses of the two servers are 192.168.126.128 and 192.168.126.129.
Configure an NFS server and install mysql on the server with an ip address of 192.168.255.130
Configure LAMP
http configuration, server 192.168.255.128 configuration and server 192.168.255.129 configuration is the same, the specific configuration is as follows:
#Install httpd
[root@node1 ~]# yum install httpd
#Install the fcgi module of httpd and mysql connection driver
[root@node1 ~]# yum install php php-mysql
#service httpd start
[root@node1 ~]# service httpd start
//Starting httpd: httpd: apr_sockaddr_info_get() failed for node2
httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
[Determine]
On the 192.168.255.130 server, install mysql;
#Install mysql database service
[root@nfs-mysql ~]# yum install mysql-server
[root@nfs-mysql ~]# service mysqld start
//Initialize MySQL database: WARNING: The host 'nfs-mysql' could not be looked up with resolveip.
This probably means that your libc libraries are not 100 % compatible
with this binary MySQL version. The MySQL daemon, mysqld, should work
normally with the exception that host name resolving will not work.
This means that you should use IP addresses instead of hostnames
when specifying MySQL privileges !
Installing MySQL system tables...
OK
Filling help tables...
OK
To start mysqld at boot time you have to copy
support-files/mysql.server to the right place for your system
PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !
To do so, start the server, then issue the following commands:
/usr/bin/mysqladmin -u root password 'new-password'
/usr/bin/mysqladmin -u root -h nfs-mysql password 'new-password'
Alternatively you can run:
/usr/bin/mysql_secure_installation
which will also give you the option of removing the test
databases and anonymous user created by default. This is
strongly recommended for production servers.
See the manual for more instructions.
You can start the MySQL daemon with:
cd /usr ; /usr/bin/mysqld_safe &
You can test the MySQL daemon with mysql-test-run.pl
cd /usr/mysql-test ; perl mysql-test-run.pl
Please report any problems with the /usr/bin/mysqlbug script!
[Determine]
//Starting mysqld:[OK]
#Create the database wpdata, and give the user name wordpress all the permissions;
[root@nfs-mysql ~]# mysql
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 2
Server version: 5.1.73 Source distribution
Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
mysql>
mysql> create database wpdata;
Query OK, 1 row affected (0.00 sec)
mysql> grant all on wpdata.* to wordpress@'%' identified by "wordpress";
Query OK, 0 rows affected (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
mysql> \q
Bye
Building Shared Storage
#Install and start NFS service on 192.168.255.130 server.
[root@nfs-mysql ~]# rpm -qa | grep nfs-utils
nfs-utils-1.3.0-0.33.el7_3.x86_64
[root@nfs-mysql ~]# service nfs start
//Start the NFS service: [OK]
//Turn off the NFS quota: [confirm]
//Start NFS mountd: [Determine]
//Start the NFS daemon: [OK]
//RPC idmapd: [OK]
#Create shared file system directories
[root@nfs-mysql ~]# mkdir /data/html -pv
mkdir: Created directory "/data"
mkdir: Created directory "/data/html"
#Edit the NFS configuration file of the shared file system and reload the configuration file.
[root@nfs-mysql ~]# vim /etc/exports.d/wordpress.exports
[root@nfs-mysql ~]# cat /etc/exports.d/wordpress.exports
/data/html 192.168.255.0/24(rw,async)
[root@nfs-mysql ~]# exportfs -r
#View the shared file system on 192.168.255.128
[root@node1 ~]# showmount -e 192.168.255.130
Export list for 192.168.255.130:
/data/html 192.168.255.0/24
#View the UID of apache users
[root@node1 ~]# id apache
uid=48(apache) gid=48(apache) group=48(apache)
#Create apache users on nfs servers, UID 48
[root@nfs-mysql ~]# useradd -r apache -u 48
useradd: Users“ apache"Existing
[root@nfs-mysql ~]# id apache
uid=48(apache) gid=48(apache) group=48(apache)
#Mount the shared file system on two httpd servers
[root@node2 ~]# mount -t nfs 192.168.255.130:/data/html /var/www/html
[root@node1 ~]# mount -t nfs 192.168.255.130:/data/html /var/www/html
[root@node1 ~]# mount
......
192.168.255.130:/data/html on /var/www/html type nfs (rw,vers=4,addr=192.168.255.130,clientaddr=192.168.255.128)
[root@node2 ~]# mount
......
192.168.255.130:/data/html on /var/www/html type nfs (rw,vers=4,addr=192.168.255.130,clientaddr=192.168.255.129)
#Uploading wordpress program on NFS server and modifying directory permissions can enable php module to have write permissions.
[root@nfs-mysql html]# unzip wordpress-4.7.4-zh_CN.zip
[root@nfs-mysql html]# chown -R apache:apache wordpress
#View files on two httpd s;
[root@node1 ~]# ll /var/www/html/wordpress
//Total dosage 184
-rw-r--r-- 1 apache apache 418 9month 25 2013 index.php
-rw-r--r-- 1 apache apache 19935 1month 3 2017 license.txt
-rw-r--r-- 1 apache apache 6956 4month 23 21:24 readme.html
-rw-r--r-- 1 apache apache 5447 9month 28 2016 wp-activate.php
drwxr-xr-x 9 apache apache 4096 4month 23 21:24 wp-admin
-rw-r--r-- 1 apache apache 364 12month 19 2015 wp-blog-header.php
-rw-r--r-- 1 apache apache 1627 8month 29 2016 wp-comments-post.php
-rw-r--r-- 1 apache apache 2930 4month 23 21:24 wp-config-sample.php
drwxr-xr-x 5 apache apache 69 4month 23 21:24 wp-content
-rw-r--r-- 1 apache apache 3286 5month 25 2015 wp-cron.php
drwxr-xr-x 18 apache apache 8192 4month 23 21:24 wp-includes
-rw-r--r-- 1 apache apache 2422 11month 21 2016 wp-links-opml.php
-rw-r--r-- 1 apache apache 3301 10month 25 2016 wp-load.php
-rw-r--r-- 1 apache apache 33939 11month 21 2016 wp-login.php
-rw-r--r-- 1 apache apache 8048 1month 11 2017 wp-mail.php
-rw-r--r-- 1 apache apache 16255 4month 7 02:23 wp-settings.php
-rw-r--r-- 1 apache apache 29896 10month 19 2016 wp-signup.php
-rw-r--r-- 1 apache apache 4513 10month 15 2016 wp-trackback.php
-rw-r--r-- 1 apache apache 3065 9month 1 2016 xmlrpc.php
#Edit two httpd configuration files and modify the root directory to / var/www/html/wordpress
#Reload httpd configuration
[root@node1 ~]# service httpd reload
//Reload httpd:
[root@node2 ~]# service httpd reload
//Reload httpd:
Configure highly available HA:
Pre-configuration preparation
#Setting the hostname of two web services
[root@nfs-mysql html]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.255.128 node1.magedu.com
192.168.255.129 node2.magedu.com
[root@node1 ~]# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=node1.magedu.com
NTPSERVERARGS=iburst
[root@node2 ~]# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=node2.magedu.com
NTPSERVERARGS=iburst
You have new mail in /var/spool/mail/root
#Restart the operating system and view it through uname-n
[root@node1 ~]# reboot
[root@node2 ~]# reboot
[root@node1 ~]# uname -n
node1.magedu.com
[root@node2 ~]# uname -n
node2.magedu.com
#Configuring ssh key authentication
[root@node1 ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
46:c3:78:78:ff:07:56:44:83:3c:45:42:60:b6:71:7c root@localhost.localdomain
The key's randomart image is:
+--[ RSA 2048]----+
| ==+=* |
| + o +=oE. |
| o * . o. |
| + o . |
| S . o |
| . o . |
| . . |
| . |
| |
+-----------------+
[root@node1 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@node2
The authenticity of host 'node2 (192.168.255.129)' can't be established.
RSA key fingerprint is 2d:bc:64:d8:4b:c3:a1:1d:84:69:4d:dc:b5:fd:d5:af.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'node2' (RSA) to the list of known hosts.
root@node2's password:
Now try logging into the machine, with "ssh 'root@node2'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
[root@node2 ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
05:a6:cf:2a:7f:e9:b0:e2:0a:bd:db:88:fb:db:ac:3c root@localhost.localdomain
The key's randomart image is:
+--[ RSA 2048]----+
| o |
| o . |
| . . |
| o . |
| S |
| . . |
|. . . o . |
| +E*.o oo |
|ooXB=.oo. |
+-----------------+
[root@node2 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@node1
The authenticity of host 'node1 (192.168.255.128)' can't be established.
RSA key fingerprint is 2d:bc:64:d8:4b:c3:a1:1d:84:69:4d:dc:b5:fd:d5:af.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'node1' (RSA) to the list of known hosts.
root@node1's password:
Now try logging into the machine, with "ssh 'root@node1'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
Time synchronization configuration:
#Configure time synchronization
[root@node1 ~]# yum install ntp
[root@node1 ~]# service ntpd start
#Other nodes, configure scheduled tasks, synchronize time every 5 minutes
[root@node1 ~]# crontab -e
no crontab for root - using an empty one
crontab: installing new crontab
[root@node1 ~]# crontab -l
*/5 * * * * /sbin/utpdate 172.18.0.1 &> /dev/null
[root@node1 ~]# service crond status
crond (pid 2170) Running...
[root@node1 ~]#
Configure heartbeat
#Install heartbeat
[root@node1 ~]# yum install epel-release
[root@node1 ~]# yum install net-snmp-libs libnet PyXML
[root@node1 ~]# rpm -ivh heartbeat-2.1.4-12.el6.x86_64.rpm heartbeat-pils-2.1.4-12.el6.x86_64.rpm heartbeat-stonith-2.1.4-12.el6.x86_64.rpm
Preparing... ########################################### [100%]
1:heartbeat-pils ########################################### [ 33%]
2:heartbeat-stonith ########################################### [ 67%]
3:heartbeat ########################################### [100%]
#Provide configuration files for heartbeat programs
[root@node1 ~]# cp /usr/share/doc/heartbeat-2.1.4/{ha.cf,authkeys,haresources} /etc/ha.d/
#Edit ha.cf
[root@node1 ~]# grep -v "^\s*#\|^\s*$" /etc/ha.d/ha.cf
logfacility local0
mcast eth1 225.0.0.1 694 1 0
auto_failback on
node node1
node node2
ping 192.168.255.130
crm on
#Edit authkeys
[root@node1 ~]# cd /etc/ha.d/
[root@node1 ha.d]# chmod 600 authkeys
[root@node1 ha.d]# openssl rand -base64 8
cT0kpIGU/wo=
[root@node1 ha.d]# vim authkeys
[root@node1 ha.d]# cat authkeys
#
# Authentication file. Must be mode 600
#
#
# Must have exactly one auth directive at the front.
# auth send authentication using this method-id
#
# Then, list the method and key that go with that method-id
#
# Available methods: crc sha1, md5. Crc doesn't need/want a key.
#
# You normally only have one authentication method-id listed in this file
#
# Put more than one to make a smooth transition when changing auth
# methods and/or keys.
#
#
# sha1 is believed to be the "best", md5 next best.
#
# crc adds no security, except from packet corruption.
# Use only on physically secure networks.
#
auth 2
#1 crc
2 sha1 cT0kpIGU/wo
#3 md5 Hello!
#Copy authkeys, ha.cf configuration file to node 2.
[root@node1 ~]# scp /etc/ha.d/{authkeys,ha.cf} root@node2.magedu.com:/etc/ha.d
#Start up service
[root@node1 ~]# service heartbeat start; ssh node2.magedu.com 'service heartbeat start'
logd is already running
Starting High-Availability services:
Done.
logd is already running
Starting High-Availability services:
Done.
#View status
[root@node1 ~]# crm_mon
============
Last updated: Sun Jul 16 21:02:04 2017
Current DC: node2.magedu.com (77a02f08-075c-41fa-a2a6-1123c0176ea0)
2 Nodes configured.
0 Resources configured.
============
Node: node2.magedu.com (77a02f08-075c-41fa-a2a6-1123c0176ea0): online
Node: node1.magedu.com (c34b36ad-30d9-4b77-9f25-a4a3bf5cf484): online
Through heartbeat-gui, we can set up the resources taken over by the standby server and the starting sequence of the resources.
[root@node1 ~]# rpm -ivh heartbeat-gui-2.1.4-12.el6.x86_64.rpm
Preparing... ########################################### [100%]
1:heartbeat-gui ########################################### [100%]
[root@node1 ~]# echo "magedu" | passwd --stdin hacluster
//Change the password of the user hacluster.
passwd: All authentication tokens have been successfully updated.
[root@node2 ~]# rpm -ivh heartbeat-gui-2.1.4-12.el6.x86_64.rpm
Preparing... ########################################### [100%]
1:heartbeat-gui ########################################### [100%]
[root@node2 ~]#
[root@node2 ~]#
[root@node2 ~]# echo "magedu" | passwd --stdin hacluster
//Change the password of the user hacluster.
passwd: All authentication tokens have been successfully updated.
[root@node1 ~]# hb_gui &
Log in to heartbeat-gui according to the configuration password; the password of each linux server can be different;
Policy configuration requirements
1. Configure the virtual IP address of linux-HA. When http service starts, it must have available IP address.
2. Require nfs to be mounted before starting httpd.
3. Start httpd
The measurement group is defined, and there is a sequential start-up mechanism of control strategy in the group.
Adding Virtual IP Policy Configuration
Adding NFS Shared File System Mounting Policy
Add httpd service startup strategy
Start the policy and view it
Simulate the main node failure and view the service running
In addition, you can edit the script for the standby node to take over resources by modifying the haresources file, which must accept the "start" and "stop" parameters.
[root@node1 ~]# grep -v "^#" /etc/ha.d/haresources
node2.magedu.com 192.168.255.200 myha.sh
#!/bin/bash
vip=192.168.255.200
broadcast=192.168.255.255
netmask=255.255.255.0
case $1 in
start)
ifconfig eth1:0 $vip broadcast $broadcast netmask $netmask
mount -t nfs 192.168.255.130:/data/html /var/www/html
service httpd start
;;
stop)
ifconfig eth1:0 down
umount /var/www/html
service httpd stop
;;
*)
echo $0 "start|stop"
;;
esac