ClusterStorage-236-5-配置灾备geo-replication

0.实验环境图

1.配置灾复存储卷

直接格式化磁盘，创建挂载目录，编辑挂载配置文件，挂载，查看文件系统。创建存储卷，启动存储卷。

[root@servere ~]# mkfs.xfs -i size=512 /dev/vdb2
meta-data=/dev/vdb2              isize=512    agcount=4, agsize=655296 blks
         =                       sectsz=512   attr=2, projid32bit=1
         =                       crc=0        finobt=0
data     =                       bsize=4096   blocks=2621184, imaxpct=25
         =                       sunit=0      swidth=0 blks
naming   =version 2              bsize=4096   ascii-ci=0 ftype=0
log      =internal log           bsize=4096   blocks=2560, version=2
         =                       sectsz=512   sunit=0 blks, lazy-count=1
realtime =none                   extsz=4096   blocks=0, rtextents=0
[root@servere ~]# mkdir -p /bricks/copy
[root@servere ~]# echo "/dev/vdb2 /bricks/copy xfs defaults 0 0" >> /etc/fstab
[root@servere ~]# mount -a
[root@servere ~]# df -Th
Filesystem     Type      Size  Used Avail Use% Mounted on
/dev/vda1      xfs        10G  1.6G  8.5G  16% /
devtmpfs       devtmpfs  902M     0  902M   0% /dev
tmpfs          tmpfs     920M     0  920M   0% /dev/shm
tmpfs          tmpfs     920M  109M  812M  12% /run
tmpfs          tmpfs     920M     0  920M   0% /sys/fs/cgroup
tmpfs          tmpfs     184M     0  184M   0% /run/user/0
/dev/vdb2      xfs        10G   33M   10G   1% /bricks/copy
[root@servere ~]# gluster volume create testcopy servere:/bricks/copy/testcopy
volume create: testcopy: success: please start the volume to access data
[root@servere ~]# gluster volume start testcopy
volume start: testcopy: success

2.配置服务授权

创建用户组，创建用户，设置密码（后面连接时验证用），创建控制非特权用户挂载的服务目录，将非特权挂载服务指向该目录，指定日志的访问属组，开启非安全访问规则，指定操作存储卷的用户，修改服务目录的授权和属组，修改日志目录的授权和属组，重新启动服务。
[root@servere ~]# groupadd repgrp
[root@servere ~]# useradd -G repgrp georep
[root@servere ~]# echo "redhat" | passwd --stdin georep
Changing password for user georep.
passwd: all authentication tokens updated successfully.
[root@servere ~]# mkdir -m 0711 /var/mountbroker-root
[root@servere ~]# gluster system:: execute mountbroker opt mountbroker-root /var/mountbroker-root
Command executed successfully.
[root@servere ~]# gluster system:: execute mountbroker opt geo-replication-log-group repgrp
Command executed successfully.
[root@servere ~]# gluster system:: execute mountbroker opt rpc-allow-allow-insecure on
Command executed successfully.
[root@servere ~]# gluster system:: execute mountbroker user georep testcopy
Command executed successfully.
[root@servere ~]# chmod -R 770 /var/lib/glusterd/geo-replication/
[root@servere ~]# chmod -R 770 /var/log/glusterfs/geo-replication-slaves/
[root@servere ~]# chgrp -R repgrp /var/lib/glusterd/geo-replication/
[root@servere ~]# chgrp -R repgrp /var/log/glusterfs/geo-replication-slaves/
[root@servere ~]# systemctl restart glusterd
 

3.配置加密

生成SSH密钥，传递SSH密钥，生成会话通讯密钥，传递会话通讯密钥，执行脚本移动密钥到正确位置。

[root@servera ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
bf:8a:de:38:fe:b6:35:eb:ff:cb:92:fb:5d:a9:13:13 [email protected]
The key's randomart image is:
+--[ RSA 2048]----+
|                 |
|                 |
|                 |
|             E   |
|        S     .  |
|         .   o  .|
|          +  .o..|
|      .+.. +oo...|
|     o=+=++.o**..|
+-----------------+
[root@servera ~]# ssh-copy-id georep@servere
The authenticity of host 'servere (172.25.250.14)' can't be established.
ECDSA key fingerprint is f3:3a:20:c9:5a:cc:cc:f0:44:f7:00:90:03:18:b1:8d.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
georep@servere's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'georep@servere'"
and check to make sure that only the key(s) you wanted were added.

[root@servera ~]# gluster system:: execute gsec_create
Common secret pub file present at /var/lib/glusterd/geo-replication/common_secret.pem.pub
[root@servera ~]# gluster volume geo-replication testvol georep@servere::testcopy create push-pem
Creating geo-replication session between testvol & georep@servere::testcopy has been successful
[root@servere ~]# /usr/libexec/glusterfs/set_geo_rep_pem_keys.sh georep testvol testcopy
Successfully copied file.
Command executed successfully.
 

4.启动服务

指定主节点，指定管理从节点的账户和从节点，并进行启动。启动后对状态进行查验以确认启动完成。

[root@servera ~]# gluster volume geo-replication testvol georep@servere::testcopy start
Starting geo-replication session between testvol & georep@servere::testcopy has been successful
[root@servera ~]# gluster volume geo-replication testvol georep@servere::testcopy status
 
MASTER NODE                MASTER VOL    MASTER BRICK               SLAVE USER    SLAVE                       SLAVE NODE    STATUS    CRAWL STATUS       LAST_SYNCED                  
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------
servera.lab.example.com    testvol       /bricks/test/testvol_n1    georep        georep@servere::testcopy    servere       Active    Changelog Crawl    2019-03-11 20:02:01          
serverb.lab.example.com    testvol       /bricks/test/testvol_n2    georep        georep@servere::testcopy    servere       Active    Changelog Crawl    2019-03-11 20:02:04