Centos下DNS+NamedManager高可用部署方案完整记录-白红宇

Centos下DNS+NamedManager高可用部署方案完整记录

阅读量：6592 次

发布时间：2019-06-24

本文共 29410 字，大约阅读时间需要 98 分钟。

之前说到了NamedManager单机版的配置，下面说下DNS+NamedManager双机高可用的配置方案：

1）机器环境

主机名            ip地址           dns01.kevin.cn   192.168.10.202   dns02.kevin.cn   192.168.10.203   VIP地址：192.168.10.190  两台机器做好主机名及hosts绑定[root@dns01 ~]# vim /etc/hosts......192.168.10.202   dns01.kevin.cn192.168.10.203   dns02.kevin.cn192.168.10.190   dns.kevin.cn       四台机器都是centos6.9系统[root@dns01 ~]# cat /etc/redhat-releaseCentOS release 6.9 (Final)  关闭四台机器的iptables和selinux[root@dns01 ~]# /etc/init.d/iptables stop[root@dns01 ~]# setenforce 0[root@dns01 ~]# vim /etc/sysconfig/selinux......SELINUX=disabled  同步四台机器的系统时间[root@dns01 ~]# yum install -y ntpdate[root@dns01 ~]# ntpdate ntp1.aliyun.com

2）安装namedmanager（在192.168.10.202和192.168.10.203两台机器上同样操作）

[root@dns01 ~]# yum install perl httpd mod_ssl mysql-server php php-intl php-ldap php-mysql php-soap php-xml修改/etc/httpd/conf/httpd.conf.......ServerName dns.kevin.cn:80[root@dns01 ~]# service mysqld start[root@dns01 ~]# service httpd start[root@dns01 ~]# lsof -i:3306[root@dns01 ~]# lsof -i:80[root@dns01 ~]# chkconfig mysqld on[root@dns01 ~]# chkconfig httpd on[root@dns02 ~]# mysqladmin -u root password 123456[root@dns02 ~]# mysql -p123456                      #验证下是否能登录进去下载并安装namedmanager[root@dns01 ~]# cd /usr/local/src/[root@dns01 src]# wget http://repos.jethrocarr.com/pub/amberdms/linux/centos/6/amberdms-custom/i386/namedmanager-www-1.8.0-1.el6.noarch.rpm[root@dns01 src]# rpm -Uvh namedmanager-www-1.8.0-1.el6.noarch.rpm --force[root@dns01 src]# cd /usr/share/namedmanager/resources/[root@dns01 resources]# ./autoinstall.plautoinstall.plThis script setups the NamedManager database components: * NamedManager MySQL user               #默认会创建登录Mysql的用户名NamedManager * NamedManager database                 #默认会创建NamedManager数据库名 * NamedManager configuration files      #默认会创建NamedManager的配置文件THIS SCRIPT ONLY NEEDS TO BE RUN FOR THE VERY FIRST INSTALL OF NAMEDMANAGER.DO NOT RUN FOR ANY OTHER REASONPlease enter MySQL root password (if any): 123456               #输入上面设置的mysql密码Searching ../sql/ for latest install schema...../sql//version_20131222_install.sql is the latest file and will be used for the install.Importing file ../sql//version_20131222_install.sqlCreating user...Updating configuration file...DB installation complete!You can now login with the default username/password of setup/setup123 at http://localhost/namedmanager

3）安装和配置bind9（在192.168.10.202和192.168.10.203两台机器上同样操作）

[root@dns01 ~]# cd /usr/local/src/[root@dns01 src]# yum install bind php-process[root@dns01 src]# wget http://repos.jethrocarr.com/pub/amberdms/linux/centos/6/amberdms-custom/i386/namedmanager-bind-1.8.0-1.el6.noarch.rpm[root@dns01 src]# rpm -Uvh namedmanager-bind-1.8.0-1.el6.noarch.rpm --force修改/etc/named.conf[root@dns01 src]# cp /etc/named.conf /etc/named.conf.bak[root@dns01 src]# vim /etc/named.confoptions {        listen-on port 53 { any; };        directory "/var/named";        dump-file       "/var/named/data/cache_dump.db";        statistics-file "/var/named/data/named_stats.txt";        memstatistics-file "/var/named/data/named_mem_stats.txt";        allow-query     { any; };        allow-query-cache     { any; };        recursion yes;        forward first;        forwarders {            223.5.5.5;            223.6.6.6;            8.8.8.8;            8.8.4.4;          };         dnssec-enable yes;        dnssec-validation yes;        dnssec-lookaside auto;         bindkeys-file "/etc/named.iscdlv.key";        managed-keys-directory "/var/named/dynamic";         };  logging {                                   channel default_debug {        file "data/named.run";        severity dynamic;        };};  zone "." {        type hint;              file "named.ca";        };  include "/etc/named.rfc1912.zones";include "/etc/named.root.key";include "/etc/named.namedmanager.conf";启动named服务[root@dns01 src]# service named startGenerating /etc/rndc.key:                                  [  OK  ]Starting named:                                            [  OK  ]--------------------------------------------------------------------------上面已经提前关闭了iptables和selinux。如果防火墙打开了，则需要开启下面策略：[root@dns01 src]# iptables -F[root@dns01 src]# iptables -P INPUT DROP[root@dns01 src]# iptables -P FORWARD DROP[root@dns01 src]# iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT[root@dns01 src]# iptables -A INPUT -i lo -p all -j ACCEPT[root@dns01 src]# iptables -A INPUT -p icmp -j ACCEPT[root@dns01 src]# iptables -A INPUT -p tcp --dport 22 -j ACCEPT[root@dns01 src]# iptables -A INPUT -p tcp --dport 53 -j ACCEPT[root@dns01 src]# iptables -A INPUT -p udp --dport 53 -j ACCEPT[root@dns01 src]# iptables -A INPUT -p tcp --dport 80 -j ACCEPT[root@dns01 src]# iptables -A INPUT -p tcp --dport 443 -j ACCEPT--------------------------------------------------------------------------禁用IPV6。添加域名记录（正向解析与反向解析）。设置开机启动服务，并重启服务器。[root@dns01 src]# vim /etc/modprobe.d/dist.conf.......alias net-pf-10 offalias ipv6 offchkconfig ip6tables off[root@dns01 src]# chkconfig httpd on[root@dns01 src]# chkconfig mysqld on[root@dns01 src]# chkconfig named on[root@dns01 src]# init 6                     #重启机器重启之后，登录机器验证下httpd、mysqld和named服务是否如实开机启动了[root@dns01 ~]# ps -ef|grep mysql[root@dns01 ~]# ps -ef|grep http[root@dns01 ~]# ps -ef|grep named测试登录mysql[root@dns01 ~]# mysql -p123456ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2)[root@dns01 ~]# ll /var/lib/mysql/mysql.sockls: cannot access /var/lib/mysql/mysql.sock: No such file or directory[root@dns01 ~]# ln -s /usr/local/mysql/var/mysql.sock /var/lib/mysql/mysql.sock[root@dns01 ~]# ll /var/lib/mysql/mysql.socklrwxrwxrwx. 1 root root 31 Jun  1 17:14 /var/lib/mysql/mysql.sock -> /usr/local/mysql/var/mysql.sock[root@dns01 ~]# mysql -p123456         #这时就能顺利登录mysql数据库了

4）安装keepalived（192.168.10.202和192.168.10.203两台机器上同样操作）

[root@dns01 ~]# cd /usr/local/src/[root@dns01 src]# wget http://www.keepalived.org/software/keepalived-1.3.2.tar.gz[root@dns01 src]# tar -zvxf keepalived-1.3.2.tar.gz[root@dns01 src]# cd keepalived-1.3.2[root@dns01 keepalived-1.3.2]# ./configure && make && make install[root@dns01 keepalived-1.3.2]# cp /usr/local/src/keepalived-1.3.2/keepalived/etc/init.d/keepalived /etc/rc.d/init.d/[root@dns01 keepalived-1.3.2]# cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/[root@dns01 keepalived-1.3.2]# mkdir /etc/keepalived[root@dns01 keepalived-1.3.2]# cp /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/[root@dns01 keepalived-1.3.2]# cp /usr/local/sbin/keepalived /usr/sbin/[root@dns01 keepalived-1.3.2]# echo "/etc/init.d/keepalived start" >> /etc/rc.localkeepalived.conf配置------------------------------------------192.168.10.202机器的keepalived.conf配置[root@dns01 ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak[root@dns01 ~]# vim /etc/keepalived/keepalived.conf! Configuration File for keepalived     #全局定义  global_defs {notification_email {ops@kevin.cn}  notification_email_from ops@kevin.cnsmtp_server 127.0.0.1smtp_connect_timeout 30router_id master-node}  vrrp_script chk_http_port {    script "/opt/chk_http.sh"    interval 2    weight -5    fall 2    rise 1}  vrrp_instance VI_1 {    state MASTER    interface eth0    mcast_src_ip 192.168.10.202    virtual_router_id 51    priority 101    advert_int 1    authentication {        auth_type PASS        auth_pass 1111    }    virtual_ipaddress {        192.168.10.190    } track_script {   chk_http_port}}编写httpd监控脚本[root@dns01 ~]# vim /opt/chk_http.sh#!/bin/bashcounter=$(netstat -na|grep "LISTEN"|grep "80"|wc -l)if [ "${counter}" = "0" ]; then       service httpd start >/dev/null 2>&1    sleep 2    counter=$(netstat -na|grep "LISTEN"|grep "80"|wc -l)    if [ "${counter}" = "0" ]; then       /etc/init.d/keepalived stop    fifi必须要给此脚本授予执行权限[root@dns01 ~]# chmod 755 /opt/chk_http.sh-----------------------------------------192.168.10.203机器的keepalived.conf配置[root@dns02 ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak[root@dns02 ~]# vim /etc/keepalived/keepalived.conf! Configuration File for keepalived      global_defs {notification_email {                ops@kevin.cn                     }  notification_email_from ops@kevin.cn  smtp_server 127.0.0.1                    smtp_connect_timeout 30                 router_id slave-node                    }  vrrp_script chk_http_port {             script "/opt/chk_http.sh"       interval 2                          weight -5                           fall 2                       rise 1                  }  vrrp_instance VI_1 {                state BACKUP               interface eth0                mcast_src_ip 192.168.10.203     virtual_router_id 51            priority 99                   advert_int 1                   authentication {                    auth_type PASS                 auth_pass 1111              }    virtual_ipaddress {                192.168.10.190    } track_script {                        chk_http_port                 } }编写httpd监控脚本[root@dns02 ~]# vim /opt/chk_http.sh#!/bin/bashcounter=$(netstat -na|grep "LISTEN"|grep "80"|wc -l)if [ "${counter}" = "0" ]; then       service httpd start >/dev/null 2>&1    sleep 2    counter=$(netstat -na|grep "LISTEN"|grep "80"|wc -l)    if [ "${counter}" = "0" ]; then       /etc/init.d/keepalived stop    fifi必须要给此脚本授予执行权限[root@dns02 ~]# chmod 755 /opt/chk_http.sh-----------------------------------------------------分别启动两台机器的keepalived服务[root@dns01 ~]# /etc/init.d/keepalived start[root@dns01 ~]# ps -ef|grep keep[root@dns02 ~]# /etc/init.d/keepalived start[root@dns02 ~]# ps -ef|grep keepalived检查两台机器的ip，发现vip此时已经漂到192.168.10.202这台机器上[root@dns01 ~]# ip addr1: lo: 
     
       mtu 65536 qdisc noqueue state UNKNOWN     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00    inet 127.0.0.1/8 scope host lo    inet6 ::1/128 scope host        valid_lft forever preferred_lft forever2: eth0: 
      
        mtu 1500 qdisc pfifo_fast state UP qlen 1000    link/ether 52:54:00:6f:a5:e3 brd ff:ff:ff:ff:ff:ff    inet 192.168.10.202/24 brd 192.168.10.255 scope global eth0    inet 192.168.10.190/32 scope global eth0    inet6 fe80::5054:ff:fe6f:a5e3/64 scope link        valid_lft forever preferred_lft forever[root@dns02 ~]# ip addr1: lo: 
       
         mtu 65536 qdisc noqueue state UNKNOWN     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00    inet 127.0.0.1/8 scope host lo    inet6 ::1/128 scope host        valid_lft forever preferred_lft forever2: eth0: 
        
          mtu 1500 qdisc pfifo_fast state UP qlen 1000    link/ether 52:54:00:e2:01:9b brd ff:ff:ff:ff:ff:ff    inet 192.168.10.203/24 brd 192.168.10.255 scope global eth0    inet6 fe80::5054:ff:fee2:19b/64 scope link        valid_lft forever preferred_lft forever-------------------------------------------------测试下故障转移先关闭192.168.10.202机器的httpd程序，发现关闭后会很快重启起来（最多2秒钟），这是因为keepalived程序里引用了/opt/chk_http.sh监控脚本。同样关闭192168.10.203机器的httpd程序，也是很快重启起来。根据/opt/chk_httpd.sh脚本可知，httpd程序挂掉后会自动重启，只有当httpd程序重启失败后，才会强制kill掉keepalived服务，这时vip也会转移到另一台节点。[root@dns01 keepalived]# killall -9 httpd[root@dns01 keepalived]# ps -ef|grep httproot     23661 23660  0 21:30 ?        00:00:00 /bin/bash /opt/chk_http.shroot     23682     1  1 21:30 ?        00:00:00 /usr/sbin/httpdapache   23685 23682  0 21:30 ?        00:00:00 /usr/sbin/httpdapache   23686 23682  0 21:30 ?        00:00:00 /usr/sbin/httpdapache   23687 23682  0 21:30 ?        00:00:00 /usr/sbin/httpdapache   23688 23682  0 21:30 ?        00:00:00 /usr/sbin/httpdapache   23689 23682  0 21:30 ?        00:00:00 /usr/sbin/httpdapache   23690 23682  0 21:30 ?        00:00:00 /usr/sbin/httpdapache   23691 23682  0 21:30 ?        00:00:00 /usr/sbin/httpdapache   23692 23682  0 21:30 ?        00:00:00 /usr/sbin/httpdroot     23694 21411  0 21:30 pts/1    00:00:00 grep http在测试关闭192.168.10.202机器的keepalived服务，发现vip资源会自动漂移到192.168.10.203机器上。当192.168.10.202机器的keepalived服务恢复后，vip资源会再次转移回来。[root@dns01 ~]# /etc/init.d/keepalived stop[root@dns01 ~]# ps -ef|grep keeplivedroot     24854 21411  0 21:36 pts/1    00:00:00 grep keeplived[root@dns01 ~]# ip addr1: lo: 
         
           mtu 65536 qdisc noqueue state UNKNOWN     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00    inet 127.0.0.1/8 scope host lo    inet6 ::1/128 scope host        valid_lft forever preferred_lft forever2: eth0: 
          
            mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 52:54:00:6f:a5:e3 brd ff:ff:ff:ff:ff:ff inet 192.168.10.202/24 brd 192.168.10.255 scope global eth0 inet6 fe80::5054:ff:fe6f:a5e3/64 scope link valid_lft forever preferred_lft forever[root@dns02 ~]# ip addr1: lo: 
           
             mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever2: eth0: 
            
              mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 52:54:00:e2:01:9b brd ff:ff:ff:ff:ff:ff inet 192.168.10.203/24 brd 192.168.10.255 scope global eth0 inet 192.168.10.190/32 scope global eth0 inet6 fe80::5054:ff:fee2:19b/64 scope link valid_lft forever preferred_lft forever可以查看两台机器的/var/log/messages日志，可以看到vip资源的转移过程。[root@dns01 ~]# /etc/init.d/keepalived startStarting keepalived: [ OK ][root@dns01 ~]# ps -ef|grep keepalivedroot 24877 1 0 21:37 ? 00:00:00 keepalived -Droot 24878 24877 0 21:37 ? 00:00:00 keepalived -Droot 24879 24877 0 21:37 ? 00:00:00 keepalived -Droot 24939 21411 0 21:38 pts/1 00:00:00 grep keepalived192.168.10.202机器的keepalived服务恢复后，vip资源会再次转移回来。[root@dns01 ~]# /etc/init.d/keepalived startStarting keepalived: [ OK ][root@dns01 ~]# ps -ef|grep keepalivedroot 24877 1 0 21:37 ? 00:00:00 keepalived -Droot 24878 24877 0 21:37 ? 00:00:00 keepalived -Droot 24879 24877 0 21:37 ? 00:00:00 keepalived -Droot 24939 21411 0 21:38 pts/1 00:00:00 grep keepalived[root@dns01 ~]# ip addr1: lo: 
             
               mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever2: eth0: 
              
                mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 52:54:00:6f:a5:e3 brd ff:ff:ff:ff:ff:ff inet 192.168.10.202/24 brd 192.168.10.255 scope global eth0 inet 192.168.10.190/32 scope global eth0 inet6 fe80::5054:ff:fe6f:a5e3/64 scope link valid_lft forever preferred_lft forever[root@dns02 ~]# ip addr1: lo: 
               
                 mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever2: eth0: 
                
                  mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 52:54:00:e2:01:9b brd ff:ff:ff:ff:ff:ff inet 192.168.10.203/24 brd 192.168.10.255 scope global eth0 inet6 fe80::5054:ff:fee2:19b/64 scope link valid_lft forever preferred_lft forever

5）配置namedmanager（两台机器都要操作）

[root@dns01 ~]# cp /etc/namedmanager/config-bind.php /etc/namedmanager/config-bind.php.bak[root@dns01 ~]# vim /etc/namedmanager/config-bind.php......$config["api_url"]      = "http://192.168.10.190/namedmanager";$config["api_server_name"]  = "dns.kevin.cn";$config["api_auth_key"]     = "DNS";

6）配置两台机器的mysql主主关系

首先确保两台机器能使用上面创建的NamedManager用户名和123456密码登录，如果登录不了，则访问NamedManager界面时会失败。[root@dns02 ~]# mysql -hlocalhost -uNamedManager -p123456ERROR 1045 (28000): Access denied for user 'NamedManager'@'localhost' (using password: YES)这就需要授权mysql登录[root@dns01 ~]# mysql -p123456.......mysql> grant all on *.* to NamedManager@192.168.10.202 identified by "123456";Query OK, 0 rows affected (0.11 sec)mysql> grant all on *.* to NamedManager@localhost identified by "123456";Query OK, 0 rows affected (0.02 sec)mysql> flush privileges;Query OK, 0 rows affected (0.04 sec)验证登录[root@dns01 ~]# mysql -hlocalhost -uNamedManager -p123456......mysql>-------------------------------------------------------------192.168.10.202机器上的mysql设置[root@dns01 ~]# cp /etc/my.cnf /etc/my.cnf.bak[root@dns01 ~]# vim /etc/my.cnf                  #在[mysqld]区域里添加下面几行内容......server-id = 1         log-bin = mysql-bin     sync_binlog = 1binlog_format = mixedauto-increment-increment = 2     auto-increment-offset = 1    slave-skip-errors = all重启mysqld服务[root@dns01 log]# /etc/init.d/mysqld restartStopping mysqld:                                           [  OK  ]Starting mysqld:                                           [  OK  ]数据同步授权,这样I/O线程就可以以这个用户的身份连接到主服务器，并且读取它的二进制日志。[root@dns01 log]# mysql -p123456......mysql> grant replication slave,replication client on *.* to kevin@'192.168.10.%' identified by "kevin@123";mysql> flush privileges;最好将库锁住，仅仅允许读，以保证数据一致性；待主主同步环境部署后再解锁；锁住后，就不能往表里写数据，但是重启mysql服务后就会自动解锁！mysql> flush tables with read lock;mysql> show master status;+------------------+----------+--------------+------------------+| File             | Position | Binlog_Do_DB | Binlog_Ignore_DB |+------------------+----------+--------------+------------------+| mysql-bin.000001 |      365 |              |                  |+------------------+----------+--------------+------------------+1 row in set (0.00 sec)--------------------------------------------------------------------192.168.10.203机器上的mysql设置[root@dns02 ~]# cp /etc/my.cnf /etc/my.cnf.bak[root@dns02 ~]# vim /etc/my.cnf.......server-id = 2        log-bin = mysql-bin    sync_binlog = 1binlog_format = mixedauto-increment-increment = 2     auto-increment-offset = 2    slave-skip-errors = all[root@dns02 ~]# /etc/init.d/mysqld restartStopping mysqld:                                           [  OK  ]Starting mysqld:                                           [  OK  ][root@dns02 ~]# mysql -p123456.......mysql> grant replication slave,replication client on *.* to kevin@'192.168.10.%' identified by "kevin@123";mysql> flush privileges;mysql> flush tables with read lock;mysql> show master status;+------------------+----------+--------------+------------------+| File             | Position | Binlog_Do_DB | Binlog_Ignore_DB |+------------------+----------+--------------+------------------+| mysql-bin.000001 |      365 |              |                  |+------------------+----------+--------------+------------------+1 row in set (0.00 sec)---------------192.168.10.202服务器做同步操作---------------mysql> unlock tables; Query OK, 0 rows affected (0.00 sec)mysql> slave stop;Query OK, 0 rows affected, 1 warning (0.00 sec)mysql> change  master to master_host='192.168.10.203',master_user='kevin',master_password='kevin@123',master_log_file='mysql-bin.000001',master_log_pos=365; Query OK, 0 rows affected (0.20 sec)mysql> start slave;Query OK, 0 rows affected (0.00 sec)mysql> show slave status \G;.......*************************** 1. row ***************************               Slave_IO_State: Waiting for master to send event                  Master_Host: 192.168.10.203                  Master_User: kevin                  Master_Port: 3306                Connect_Retry: 60              Master_Log_File: mysql-bin.000001          Read_Master_Log_Pos: 365               Relay_Log_File: mysqld-relay-bin.000002                Relay_Log_Pos: 251        Relay_Master_Log_File: mysql-bin.000001             Slave_IO_Running: Yes            Slave_SQL_Running: Yes..............---------------192.168.10.203服务器做同步操作---------------mysql> unlock tables;Query OK, 0 rows affected (0.00 sec)mysql> slave stop;Query OK, 0 rows affected, 1 warning (0.00 sec)mysql> change  master to master_host='192.168.10.202',master_user='kevin',master_password='kevin@123',master_log_file='mysql-bin.000001',master_log_pos=365; Query OK, 0 rows affected (0.18 sec)mysql> start slave;Query OK, 0 rows affected (0.00 sec)mysql> show slave status \G;*************************** 1. row ***************************               Slave_IO_State: Waiting for master to send event                  Master_Host: 192.168.10.202                  Master_User: kevin                  Master_Port: 3306                Connect_Retry: 60              Master_Log_File: mysql-bin.000001          Read_Master_Log_Pos: 365               Relay_Log_File: mysqld-relay-bin.000002                Relay_Log_Pos: 251        Relay_Master_Log_File: mysql-bin.000001             Slave_IO_Running: Yes            Slave_SQL_Running: Yes..............到这里，192.168.10.202和192.168.10.203两台机器的mysql主主关系就配置成功了。下面测试下：首先在192.168.10.202的mysql数据库上添加数据：[root@dns01 log]# mysql -p123456.....mysql> show databases;+--------------------+| Database           |+--------------------+| information_schema || mysql              || namedmanager       || test               |+--------------------+4 rows in set (0.00 sec)mysql> create database kevin;Query OK, 1 row affected (0.04 sec)然后到192.168.10.203机器的mysql数据库上验证并变更数据[root@dns02 ~]# mysql -p123456.......mysql> show databases;+--------------------+| Database           |+--------------------+| information_schema || kevin              || mysql              || namedmanager       || test               |+--------------------+5 rows in set (0.00 sec)mysql> drop database kevin;Query OK, 0 rows affected (0.03 sec)mysql> create database bobo;Query OK, 1 row affected (0.08 sec)再到192.168.10.202机器的mysql数据库上验证[root@dns01 log]# mysql -p123456......mysql> show databases;+--------------------+| Database           |+--------------------+| information_schema || bobo               || mysql              || namedmanager       || test               |+--------------------+5 rows in set (0.00 sec)mysql> drop database bobo;Query OK, 0 rows affected (0.05 sec)

7）在192.168.10.202和12.168.10.203两台机器上配置相关数据的同步关系。

先做好两台机器的ssh相互信任关系。[root@dns01 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub '-p22 root@192.168.10.203'[root@dns02 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub '-p22 root@192.168.10.202'验证两机之间的ssh互信[root@dns01 ~]# ssh -p22 root@192.168.10.203[root@dns02 ~]#[root@dns02 httpd]# ssh -p22 root@192.168.10.202[root@dns01 ~]#------------------------------------------------------------现在192.168.10.202机器上做同步，判断VIP资源是否存在本机，如果存在就同步到另一台机器上。[root@dns01 ~]# vim /opt/rsync_dns.sh#!/bin/bashwhile [ "1" = "1" ]do  NUM=`ip addr|grep 192.168.10.190|wc -l`  if [ $NUM -eq 0 ];then     echo "vip is not at this server" >/dev/null 2>&1  fi   if [ $NUM -eq 1 ];then     /usr/bin/rsync -e "ssh -p22" -avpgolr /etc/named.conf root@192.168.10.203:/etc/     /usr/bin/rsync -e "ssh -p22" -avpgolr /var/named/*.zone root@192.168.10.203:/var/named/  fidone授予脚本执行权限，并启动脚本[root@dns01 ~]# chmod 755 /opt/rsync_dns.sh[root@dns01 ~]# nohup sh /opt/rsync_dns.sh &[root@dns01 ~]# ps -ef|grep rsync_dns.shroot      6310 21411  0 22:33 pts/1    00:00:00 sh /opt/rsync_dns.shroot      6508 21411  0 22:33 pts/1    00:00:00 grep rsync_dns.sh-----------------------------------------------------------------然后在192.168.10.203机器上做同步：[root@dns02 httpd]# vim /opt/rsync_dns.sh#!/bin/bashwhile [ "1" = "1" ]do  NUM=`ip addr|grep 192.168.10.190|wc -l`  if [ $NUM -eq 0 ];then     echo "vip is not at this server" >/dev/null 2>&1  fi   if [ $NUM -eq 1 ];then     /usr/bin/rsync -e "ssh -p22" -avpgolr /etc/named.conf root@192.168.10.202:/etc/     /usr/bin/rsync -e "ssh -p22" -avpgolr /var/named/*.zone root@192.168.10.202:/var/named/  fidone授予脚本执行权限，并启动脚本[root@dns02 httpd]# chmod 755 /opt/rsync_dns.sh[root@dns02 httpd]# nohup sh /opt/rsync_dns.sh &[root@dns02 httpd]# ps -ef|grep rsync_dns.shroot     12578  5466  0 22:35 pts/1    00:00:00 grep rsync_dns.shroot     32124  5466  8 22:35 pts/1    00:00:00 sh /opt/rsync_dns.sh

8）访问namedmanager（https://192.168.10.190/namedmanager）进行界面配置。（由于此时vip资源在192.168.10.202机器上，故配置信息从192.168.10.202机器同步到192.168.10.203机器）。默认用户名和密码（setup，setup123）。不要忘记在用户管理中修改用户名和密码。

重置管理员用户名和密码（由于两台服务器的mysql做了主主关系，修改后的信息同样会同步到另一台机器的mysql数据库里，即修改后的管理员账号密码同样适用于另一台机器的namedmanager登录）

接着设置API key（如下图。设置邮箱地址和API key，这个key是在上面的/etc/namedmanager/config-bind.php文件中设置的）

添加服务器。Name Server FQDN的名称要和httpd中的ServerName一致。（如下添加部署机的主机名或者ip地址都可以）

确保下面的"Zonefile Status"和"Logging Status"的状态是绿色的。

添加正向域名解析

添加反向域名解析（如果有多个ip段的客户机，那么就如下图添加多个反向解析配置）

查看正反向解析域名添加情况

上面已经成功添加了正反向解析域名，现在尝试添加一些域名的A记录和PTR记录

先添加A正向解析记录

由于上面在添加A正向解析的时候，已经勾选了PTR反向解析（如果没有勾选，则需要手动添加PTR反向解析记录），故这时候已经有了上面那几个域名的反向解析记录了：

如上，已经添加了几个正反向解析记录，可以访问https://192.168.10.203/namedmanager，发现访问另一台机器的namedmanager（使用上面重置后的admin用户）也会看到上面设置的正反向解析配置信息。这就说明双机同步已经生效。

可以登录到两台机器本机上查看相关的正反向解析配置：

[root@dns01 ~]# cd /var/named/[root@dns01 named]# lltotal 36-rw-r--r--. 1 root  root   614 Jun  3 23:42 10.168.192.in-addr.arpa.zonedrwxrwx---. 2 named named 4096 Jun  3 03:21 datadrwxrwx---. 2 named named 4096 Jun  3 23:05 dynamic-rw-r--r--. 1 root  root   575 Jun  3 23:42 kevin.cn.zone-rw-r-----. 1 root  named 3289 Apr 11  2017 named.ca-rw-r-----. 1 root  named  152 Dec 15  2009 named.empty-rw-r-----. 1 root  named  152 Jun 21  2007 named.localhost-rw-r-----. 1 root  named  168 Dec 15  2009 named.loopbackdrwxrwx---. 2 named named 4096 Jan 22 20:57 slaves[root@dns01 ~]# cat /etc/named.namedmanager.conf //// NamedManager Configuration//// This file is automatically generated any manual changes will be lost.//zone "kevin.cn" IN {    type master;    file "kevin.cn.zone";    allow-update { none; };};zone "10.168.192.in-addr.arpa" IN {    type master;    file "10.168.192.in-addr.arpa.zone";    allow-update { none; };};[root@dns01 named]# cat kevin.cn.zone$ORIGIN kevin.cn.$TTL 120@       IN SOA dns.kevin.cn. wangshbo.veredholdings.com. (            2018060311 ; serial            21600 ; refresh            3600 ; retry            604800 ; expiry            120 ; minimum ttl        ) ; Nameservers kevin.cn.   86400 IN NS dns.kevin.cn. ; Mailservers  ; Reverse DNS Records (PTR)  ; CNAME  ; HOST RECORDS db01    120 IN A 192.168.10.239db02    120 IN A 192.168.10.212dns 120 IN A 192.168.10.190dns01   120 IN A 192.168.10.202dns02   120 IN A 192.168.10.203ftp01   120 IN A 192.168.10.209nc-app  120 IN A 192.168.10.210web01   120 IN A 192.168.10.214web02   120 IN A 192.168.10.215[root@dns01 named]# cat 10.168.192.in-addr.arpa.zone$ORIGIN 10.168.192.in-addr.arpa.$TTL 120@       IN SOA dns.kevin.cn. wangshbo.veredholdings.com. (            2018060310 ; serial            21600 ; refresh            3600 ; retry            604800 ; expiry            120 ; minimum ttl        ) ; Nameservers 10.168.192.in-addr.arpa.    86400 IN NS dns.kevin.cn. ; Mailservers  ; Reverse DNS Records (PTR) 190 120 IN PTR dns.kevin.cn.202 120 IN PTR dns01.kevin.cn.203 120 IN PTR dns02.kevin.cn.209 120 IN PTR ftp01.kevin.cn.210 120 IN PTR nc-app.kevin.cn.212 120 IN PTR db02.kevin.cn.214 120 IN PTR web01.kevin.cn.215 120 IN PTR web02.kevin.cn.239 120 IN PTR db01.kevin.cn. ; CNAME  ; HOST RECORDS

9）客户机的DNS配置

root@localhost ~]# ifconfig|grep 192          inet addr:192.168.10.207  Bcast:192.168.10.255  Mask:255.255.255.0[root@localhost ~]# vim /etc/resolv.confdomain kevin.cnsearch kevin.cnnameserver 192.168.10.190[root@localhost ~]# ping www.baidu.comPING www.a.shifen.com (61.135.169.121) 56(84) bytes of data.64 bytes from 61.135.169.121: icmp_seq=1 ttl=55 time=2.23 ms64 bytes from 61.135.169.121: icmp_seq=2 ttl=55 time=2.71 ms64 bytes from 61.135.169.121: icmp_seq=1 ttl=55 time=2.23 ms64 bytes from 61.135.169.121: icmp_seq=2 ttl=55 time=2.71 ms............[root@localhost ~]# ping ftp01.kevin.cnPING ftp01.kevin.cn (192.168.10.209) 56(84) bytes of data.64 bytes from ftp01.kevin.cn (192.168.10.209): icmp_seq=1 ttl=64 time=1.25 ms64 bytes from ftp01.kevin.cn (192.168.10.209): icmp_seq=2 ttl=64 time=0.121 ms[root@localhost ~]# ping db02.kevin.cnPING db02.kevin.cn (192.168.10.212) 56(84) bytes of data.64 bytes from db02.kevin.cn (192.168.10.212): icmp_seq=1 ttl=64 time=0.408 ms64 bytes from db02.kevin.cn (192.168.10.212): icmp_seq=2 ttl=64 time=0.199 ms故障切换验证：关闭192.168.10.202上的keepalived服务，当vip资源切换到192.168.10.203机器上后，再次在客户机上测试[root@dns01 ~]# /etc/init.d/keepalived stopStopping keepalived:                                       [  OK  ][root@dns01 ~]# ip addr1: lo: 
     
       mtu 65536 qdisc noqueue state UNKNOWN     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00    inet 127.0.0.1/8 scope host lo    inet6 ::1/128 scope host        valid_lft forever preferred_lft forever2: eth0: 
      
        mtu 1500 qdisc pfifo_fast state UP qlen 1000    link/ether 52:54:00:6f:a5:e3 brd ff:ff:ff:ff:ff:ff    inet 192.168.10.202/24 brd 192.168.10.255 scope global eth0    inet6 fe80::5054:ff:fe6f:a5e3/64 scope link        valid_lft forever preferred_lft forever[root@dns02 ~]# ip addr1: lo: 
       
         mtu 65536 qdisc noqueue state UNKNOWN     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00    inet 127.0.0.1/8 scope host lo    inet6 ::1/128 scope host        valid_lft forever preferred_lft forever2: eth0: 
        
          mtu 1500 qdisc pfifo_fast state UP qlen 1000    link/ether 52:54:00:e2:01:9b brd ff:ff:ff:ff:ff:ff    inet 192.168.10.203/24 brd 192.168.10.255 scope global eth0    inet 192.168.10.190/32 scope global eth0    inet6 fe80::5054:ff:fee2:19b/64 scope link        valid_lft forever preferred_lft forever当vip资源转移到另一台机器后，客户机上的DNS就会继续生效了。[root@localhost ~]# ping www.qq.comPING news.qq.com (125.39.52.26) 56(84) bytes of data.64 bytes from no-data (125.39.52.26): icmp_seq=1 ttl=52 time=4.32 ms64 bytes from no-data (125.39.52.26): icmp_seq=2 ttl=52 time=4.15 ms[root@localhost ~]# ping web02.kevin.cnPING web02.kevin.cn (192.168.10.215) 56(84) bytes of data.64 bytes from web02.kevin.cn (192.168.10.215): icmp_seq=1 ttl=64 time=2.14 ms64 bytes from web02.kevin.cn (192.168.10.215): icmp_seq=2 ttl=64 time=0.143 ms如果上面不做两台机器的mysql主主以及那些dns相关同步配置，那么要想实现主机高可用（提供统一的vip访问地址），就需要将DNS的解析配置在192.168.10.202和192.168.10.203两台机器的namedmanager界面里同样操作，即每次都要操作两遍。

转载地址：http://nucio.baihongyu.com/

你可能感兴趣的文章