#### environment to deploy ###
1. Snapshot 6.5 three virtual machines
2. Import virtual machine, modifying the host name, set the network, address resolution
vim / etc / sysconfig / network # modify the host name
vim / etc / sysconfig / network- script / ifcfg-eth0 # configure network
vim / etc / hosts # increasing address resolve
getenforce = disabled # turn off SELinux
/etc/init.d/iptables STOP # turn off the firewall
3.generic1 and generic2 to build advanced yum source
4. download on generic1 ricci (graphics cluster management), luci (GUI), set ricci password and open ricci and luci set the boot from Kai
[root@generic1 ~]# yum install -y luci ricci ##安装ricci、luci
[root@generic1 ~]# getenforce #查看selinux
Disabled #关闭
[root@generic1 ~]# /etc/init.d/iptables status #查看火墙状态
iptables: Firewall is not running. #关闭
[root@generic1 ~]# id ricci #安装好的ricci会自动生成id
uid=140(ricci) gid=140(ricci) groups=140(ricci)
[root@generic1 ~]# passwd ricci #设置ricci的密码
Changing password for user ricci.
New password: #输入密码
BAD PASSWORD: it is based on a dictionary word
BAD PASSWORD: is too simple
Retype new password: #再次输入密码
passwd: all authentication tokens updated successfully.
[root@generic1 ~]# /etc/init.d/ricci start #打开ricci
Starting system message bus: [ OK ]
Starting oddjobd: [ OK ]
generating SSL certificates... done
Generating NSS database... done
Starting ricci: [ OK ]
[root@generic1 ~]# /etc/init.d/luci start #打开luci
Adding following auto-detected host IDs (IP addresses/domain names), corresponding to `generic1' address, to the configuration of self-managed certificate `/var/lib/luci/etc/cacert.config' (you can change them by editing `/var/lib/luci/etc/cacert.config', removing the generated certificate `/var/lib/luci/certs/host.pem' and restarting luci):
(none suitable found, you can still do it manually as mentioned above)
Generating a 2048 bit RSA private key
writing new private key to '/var/lib/luci/certs/host.pem'
Start luci... [ OK ]
Point your web browser to https://generic1:8084 (or equivalent) to access luci
[root@generic1 ~]# chkconfig ricci on #设置开机自启
[root@generic1 ~]# chkconfig luci on ##设置开机自启
[root@generic1 ~]# netstat -antlp ##查看端口
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:8084 0.0.0.0:* LISTEN ##生成8084端口
generic2 only download ricci password and boot from Kai
[root@generic2 ~]# yum install -y ricci
[root@generic2 ~]# id ricci
uid=140(ricci) gid=140(ricci) groups=140(ricci)
[root@generic2 ~]# passwd
Changing password for user root.
New password:
BAD PASSWORD: it is based on a dictionary word
BAD PASSWORD: is too simple
Retype new password:
passwd: all authentication tokens updated successfully.
[root@generic2 ~]# /etc/init.d/ricci start
Starting system message bus: [ OK ]
Starting oddjobd: [ OK ]
generating SSL certificates... done
Generating NSS database... done
Starting ricci: [ OK ]
[root@generic2 ~]# chkconfig ricci on
## graphical interface to create a cluster ###
1.) access https://172.25.40.110:8084 in the browser, because it is https visit, so authentication is required, click on Advanced-> Add Expection ...
Click Confirm Security Expextion
enter the login user and password (generic1 the root user and password)
click Manager Clusters-> create
Creating a cluster
after creating click create cluster, waiting to enter the page will automatically install software packages used and restart generic1 and generci2 node is added successfully, the following figure will appear
at this time two the hosts also can view the cluster information
### ### configuration fence
principle of fence:
Configuration:
1. fence installed on the host, edit fence profile
[foundation40 the root @ ~] # yum fence Search
[foundation40 the root @ ~] # yum the install-virtd.x86_64 fence fence -Y-virtd-libvirt.x86_64 fence- multicast.x86_64-virtd
[foundation40 the root @ ~] # fence_virtd -C
Module1 Search path [/ usr / the lib64 / fence the virt-]:
Available backends:
libvirt 0.1
Available listeners:
multicast 1.2
Listener modules are responsible for accepting requests
from fencing clients.
Listener module [multicast]:
The multicast listener module is designed for use environments
where the guests and hosts may communicate over a network using
multicast.
The multicast address is the address that a client will use to
send fencing requests to fence_virtd.
Multicast IP Address [225.0.0.12]:
Using ipv4 as family.
Multicast IP Port [1229]:
Setting a preferred interface causes fence_virtd to listen only
on that interface. Normally, it listens on all interfaces.
In environments where the virtual machines are using the host
machine as a gateway, this must be set (typically to virbr0).
Set to ‘none’ for no interface.
Interface [virbr0]: br0 ## into br0 only change this, the rest are the Enter key
at The Key File IS IS at The Shared Key Information Which Used to
the authenticate fencing at The Contents of the this File Requests the MUST.
BE PHYSICAL Distributed to the each and the WITHIN Virtual Machine Host
A Cluster.
Key File [/etc/cluster/fence_xvm.key]:
Backend modules are responsible for routing requests to
the appropriate hypervisor or management layer.
Backend module [libvirt]:
Configuration complete.
=== Begin Configuration ===
fence_virtd {
listener = “multicast”;
backend = “libvirt”;
module_path = “/usr/lib64/fence-virt”;
}
listeners {
multicast {
key_file = “/etc/cluster/fence_xvm.key”;
address = “225.0.0.12”;
interface = “br0”;
family = “ipv4”;
port = “1229”;
}
}
backends {
libvirt {
uri = “qemu:///system”;
}
}
=== End Configuration ===
Replace /etc/fence_virt.conf with the above [y/N]? y
End change can go into br0 /etc/fence_virt.conf see whether
the establishment of a key directory, the file is sent to intercept the key and the key to generic1 node and generic2 node (two nodes use the same key)
[root@foundation40 ~]# mkdir /etc/cluster/ ##建立钥匙目录
[root@foundation40 ~]# dd if=/dev/urandom of=/etc/cluster/fence_xvm.key bs=128 count=1 #截取密钥
1+0 records in
1+0 records out
128 bytes (128 B) copied, 0.000226116 s, 566 kB/s
[root@foundation40 cluster]# scp /etc/cluster/fence_xvm.key [email protected]:/etc/cluster/ #将密钥发送给generic1
[root@foundation40 cluster]# scp /etc/cluster/fence_xvm.key [email protected]:/etc/cluster/ #将密钥发送给generic2
[root@foundation40 cluster]# systemctl start fence_virtd.service ##开启fence服务
[root@foundation40 cluster]# systemctl status fence_virtd.service
● fence_virtd.service - Fence-Virt system host daemon
Loaded: loaded (/usr/lib/systemd/system/fence_virtd.service; disabled; vendor preset: disabled)
Active: active (running) since Thu 2019-06-20 11:31:35 CST; 6s ago
Process: 7962 ExecStart=/usr/sbin/fence_virtd $FENCE_VIRTD_ARGS (code=exited, status=0/SUCCESS)
Main PID: 7967 (fence_virtd)
CGroup: /system.slice/fence_virtd.service
└─7967 /usr/sbin/fence_virtd -w
generic1 generic2 two nodes also can view the key
Add Fence Device
1. Click Devices Fence -> the Add
2.) Select the fence multicast mode, the establishment of a name
binding nodes (two nodes to be binding)
Click Nodes - -> generic1
Click the Add Fence Method, edit a method name
click on Fence Instance the Add
Domain address to add a virtual machine management interface UUID
after binding is successful
generic2 and generic1 operating as
3. Both nodes will bind the following profile
test:
on the fence in generic off generic2, power failure and take over the service for the success of
#### high-availability service configuration (httpd) ###
1.generic1 and generic2 required to install httpd, and write the default test page
[root@generic1 ~]# yum install -y httpd
[root@generic1 ~]# cd /var/www/html
[root@generic1 html]# vim index.html
[root@generic1 html]# cat index.html
generic1
[root@generic1 ~]# vim /etc/init.d/httpd ##httpd的启动脚本
[root@generic1 ~]# /etc/init.d/httpd status
httpd is stopped
2. Add the failover domain
will be added and Failover Domian geteric1 geteric2 -> add
When one node fails, it automatically switches to the normal; open service cluster falls on the high priority nodes (the lower the number, the priority the higher level)
display after successfully added
2. Add the service to use the resources Resources-> Add
Adding IP Adress (cluster external ip)
to add the service to use resources Resources-> Add-> select Script mode
to create a resource group
test:
real machine access 172.25.40.100
access to a generic1, then there will be less in the service generic1 show it at work
[root@generic1 html]# /etc/init.d/httpd status #httpd打开状态
httpd (pid 19375) is running...
[root@generic1 html]# clustat
Cluster Status for generic_dd @ Thu Jun 20 14:17:04 2019
Member Status: Quorate
Member Name ID Status
------ ---- ---- ------
generic1 1 Online, Local, rgmanager
generic2 2 Online, rgmanager
Service Name Owner (Last) State
------- ---- ----- ------ -----
service:apache generic1 started ##
[root@generic1 html]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:44:3b:8c brd ff:ff:ff:ff:ff:ff
inet 172.25.40.110/24 brd 172.25.40.255 scope global eth0
inet 172.25.40.150/24 scope global secondary eth0
inet6 fe80::5054:ff:fe44:3b8c/64 scope link
valid_lft forever preferred_lft forever
[root@generic1 html]# echo c >/proc/sysrq-trigger Write failed: Broken pipeWrite failed: Broken pipe
[kiosk@foundation40 ~]$
Real test:
geteric2:
[root@generic2 html]# clustat
Cluster Status for generic_dd @ Thu Jun 20 14:24:16 2019
Member Status: Quorate
Member Name ID Status
------ ---- ---- ------
generic1 1 Online, rgmanager
generic2 2 Online, Local, rgmanager
Service Name Owner (Last) State
------- ---- ----- ------ -----
service:apache generic2 started
[root@generic2 html]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:5f:fa:68 brd ff:ff:ff:ff:ff:ff
inet 172.25.40.111/24 brd 172.25.40.255 scope global eth0
inet 172.25.40.150/24 scope global secondary eth0
inet6 fe80::5054:ff:fe5f:fa68/64 scope link
valid_lft forever preferred_lft forever
[root@generic2 html]# /etc/init.d/httpd status
httpd (pid 10362) is running...
[root@generic2 html]# /etc/init.d/httpd stop
Stopping httpd:
test: