Это старая версия документа.
Научиться настраивать отказоустойчивую конфигурацию сервисов Linux.
nodeN# cat /etc/hostname
nodeN.corpX.un
nodeN# cat /etc/hosts
127.0.0.1 localhost 192.168.X.1 node1.corpX.un node1 192.168.X.2 node2.corpX.un node2 10.5.7.254 proxy
nodeN# cat /etc/resolv.conf
search corpX.un nameserver 192.168.X.1 nameserver 192.168.X.2
nodeN# cat /etc/network/interfaces
auto lo iface lo inet loopback auto eth0 iface eth0 inet static address 192.168.X.N netmask 255.255.255.0 auto eth1 iface eth1 inet manual up ip link set eth1 up auto eth2 iface eth2 inet static address 10.5.7.N*100+X netmask 255.255.255.0 auto eth3 iface eth3 inet manual up ip link set eth3 up
nodeN# cat /etc/sysctl.conf
... net.ipv4.ip_forward=1 ...
nodeN# cat .bashrc
... export http_proxy=http://proxy:3128/ ...
nodeN# init 6 ... nodeN# apt update
nodeN# ping node1 nodeN# ping node2 nodeN# ping proxy
node1# ssh-keygen ... Enter passphrase (empty for no passphrase): Пароль на ключ пустой!!! ... node1# ssh-copy-id node2
Проверка:
node1# scp /etc/hosts node2:/etc/
Сценарий: настроить DNS на node1, на node2 конфигурация появится автоматически
node1# sh dns.sh node1# cat /etc/bind/corpX.un
$TTL 3h @ SOA ns root.ns 1 1d 12h 1w 3h NS ns ns A 192.168.X.1 ns A 192.168.X.2 node1 A 192.168.X.1 node2 A 192.168.X.2 gate A 192.168.X.254
node2# apt install bind9
node1# csync2 -xvv node1# host node1 node1# host node2 node1# host ns
Сценарий: на обоих узлах создаем пользователя user1 с uid=10001
Примечание: выполнить в 5-м модуле
nodeN# sh dhcp.sh
Примечания:
# ntpdate -u proxy # grep dhcp /var/log/syslog
C:\>ping gate
Сценарий:
nodeN# apt install fake nodeN# cat /usr/share/ucarp/vip-up
#!/bin/sh /sbin/ifup $1:ucarp ip addr add 172.16.1.X/24 dev eth1 send_arp 172.16.1.X `cat /sys/class/net/eth1/address` 172.16.1.254 ff:ff:ff:ff:ff:ff eth1 route delete default route add default gw 172.16.1.254
nodeN# cat /usr/share/ucarp/vip-down
#!/bin/sh /sbin/ifdown $1:ucarp ip addr del 172.16.1.X/24 dev eth1 route add default gw 192.168.X.254
masternode# killall -USR2 ucarp или masternode# init 6
root@nodeN:~# cat /etc/network/interfaces
... auto eth3 iface eth3 inet manual up ip link set eth3 up
# cat named.conf
... forwarders { 172.16.1.254; 172.16.2.254; }; ...
nodeN# cat /usr/share/ucarp/vip-up
#!/bin/sh ... ip addr add 172.16.2.X/24 dev eth3 send_arp 172.16.2.X `cat /sys/class/net/eth3/address` 172.16.2.254 ff:ff:ff:ff:ff:ff eth3 ... route delete default #route add default gw 172.16.1.254
nodeN# cat /usr/share/ucarp/vip-down
... ip addr del 172.16.2.X/24 dev eth3 ...
masternode# killall -USR2 ucarp ... masternode# grep carp /var/log/syslog masternode# ip a | grep 172.16.2
masternode# ping 172.16.2.254 masternode# ip route add default via 172.16.2.254 masternode# ping ya.ru masternode# ip route delete default
Сценарий:
nodeN# cat /usr/share/ucarp/vip-up
... ip route add default via 172.16.1.254 table 101 ip route add default via 172.16.2.254 table 102
masternode# killall -USR2 ucarp ... masternode# grep carp /var/log/syslog masternode# ip route show table all | grep 'table 10[12]'
# cat set_isp.sh
#!/bin/sh case $1 in ISP1) ip rule del from 192.168.X/24 to 192.168.X/24 table main while ip rule del from any table 101;do true;done while ip rule del from any table 102;do true;done ip rule add from 192.168.X.0/24 table 101 ip rule add from 192.168.X/24 to 192.168.X/24 table main /sbin/ip route flush cache /usr/sbin/conntrack -F ;; ISP2) ip rule del from 192.168.X/24 to 192.168.X/24 table main while ip rule del from any table 101;do true;done while ip rule del from any table 102;do true;done ip rule add from 192.168.X.0/24 table 102 ip rule add from 192.168.X/24 to 192.168.X/24 table main /sbin/ip route flush cache /usr/sbin/conntrack -F ;; ISP1ISP2) ip rule del from 192.168.X/24 to 192.168.X/24 table main while ip rule del from any table 101;do true;done while ip rule del from any table 102;do true;done ip rule add from 192.168.X.0/25 table 101 ip rule add from 192.168.X.128/25 table 102 ip rule add from 192.168.X/24 to 192.168.X/24 table main /sbin/ip route flush cache /usr/sbin/conntrack -F ;; esac
nodeN# chmod +x set_isp.sh masternode# grep carp /var/log/syslog masternode# /root/set_isp.sh ISP1ISP2 backupnode# traceroute -n ya.ru C:\Users\student>tracert ya.ru nodeN# cat select_isp.sh
#!/bin/sh export PATH=/bin:/sbin:/usr/bin:/usr/sbin:$PATH ifconfig | grep -q 192.168.X.254 || exit 0 route delete default ISP='' route add default gw 172.16.1.254 || exit 0 ping -c3 ya.ru && ISP=ISP1 route delete default route add default gw 172.16.2.254 ping -c3 ya.ru && ISP=${ISP}ISP2 route delete default echo $ISP #exit 0 touch /tmp/current_isp test $ISP = "`cat /tmp/current_isp`" && exit 0 echo $ISP > /tmp/current_isp /root/set_isp.sh $ISP
nodeN# chmod +x select_isp.sh masternode# /root/select_isp.sh nodeN# crontab -l
* * * * * /root/select_isp.sh >/dev/null 2>&1
master_node# ip route show table 101 master_node# ip route show table 102 master_node# ip rule show
Сценарий: отказоустойчивый www хостинг
node1# cat corpX.un
... www A 192.168.X.10
node1# csync2 -xvv
nodeN# service proftpd stop nodeN# update-rc.d -f proftpd remove или nodeN# systemctl disable proftpd
nodeN# crontab -l
... * * * * * ps ax | grep -v grep | grep -q 'proftpd: (accepting connections)' && /usr/bin/rsync -az --delete /home/ nodeM:/home/
Сценарий: Создаем отказоустойчивый корпоративный файловый сервер. Первый узел кластера должен использоваться сервером по умолчанию.
nodeN# systemctl disable istgt node1# crm configure crm(live)configure# primitive pr_istgt lsb:istgt crm(live)configure# primitive pr_ip ocf:heartbeat:IPaddr2 params ip=192.168.X.15 cidr_netmask=32 nic=eth0 crm(live)configure# group gr_ip_fs pr_ip pr_fs_r0 pr_istgt crm(live)configure# commit
root@nodeN:~# service smbd stop root@nodeN:~# service nmbd stop root@nodeN:~# systemctl disable smbd root@nodeN:~# systemctl disable nmbd
crm(live)configure# primitive pr_smbd systemd:smbd crm(live)configure# edit gr_ip_fs crm(live)configure# commit
master# cat /proc/drbd
node1# crm resource stop pr_ip pr_istgt pr_smbd node1# crm configure delete pr_ip pr_istgt pr_smbd gr_ip_fs
nodeN# cat /etc/network/interfaces
... auto br0 iface br0 inet static address 192.168.X.N netmask 255.255.255.0 ucarp-vid 1 ucarp-vip 192.168.X.254 ucarp-password secret bridge_ports eth0 iface br0:ucarp inet static address 192.168.X.254 netmask 255.255.255.255 ...
nodeN# cat /etc/default/isc-dhcp-server
... INTERFACES="br0"
nodeN# init 0
nodeN# ps ax | grep carp nodeN# ifconfig | grep carp nodeN# ps ax | grep dh nodeN# ps ax | grep he nodeN# mount | grep ext
root@nodeN:~# rmdir /var/lib/lxc/ root@nodeN:~# ln -s /disk2/var/lib/lxc/ /var/lib/lxc
root@node1.corpX.un:~# mkdir -p /disk2/var/lib/lxc/ root@node1.corpX.un:~# lxc-create -t debian -n server
root@node1.corpX.un:~# cp /etc/ssh/sshd_config /var/lib/lxc/server/rootfs/etc/ssh/sshd_config root@node1.corpX.un:~# cp /etc/hosts /var/lib/lxc/server/rootfs/etc/hosts root@node1.corpX.un:~# chroot /var/lib/lxc/server/rootfs/ /bin/bash root@node1:/# PS1='server:\w# ' server:/# apt update server:/# apt purge resolvconf isc-dhcp-client server:/# apt install nano vim iputils-ping
server:/# cat /etc/hostname
server.corpX.un
server:/# cat /etc/hosts
127.0.0.1 localhost 192.168.X.30 server.corpX.un 10.Z.M.254 proxy
server:/# rm /etc/resolv.conf server:/# cat /etc/resolv.conf
search corpX.un nameserver 192.168.X.1 nameserver 192.168.X.2
server:/# passwd
root@node1.corpX.un:~# cat /var/lib/lxc/server/config
... lxc.network.type = veth lxc.network.link = br0 lxc.network.flags = up lxc.network.ipv4 = 192.168.X.30/24 lxc.network.ipv4.gateway = 192.168.X.254 ...
root@node1.corpX.un:~# lxc-info -n server root@node1.corpX.un:~# lxc-start -n server root@node1.corpX.un:~# lxc-info -n server root@node1.corpX.un:~# lxc-attach -n server -- ps ax root@node1.corpX.un:~# ssh server root@node1.corpX.un:~# lxc-stop -n server root@node1.corpX.un:~# systemctl start lxc@server debian9_nodeN# mkdir /etc/systemd/system/lxc@server.service.d/ debian9_nodeN# cat /etc/systemd/system/lxc@server.service.d/kill_signal_fix.conf
[Service] KillSignal=SIGRTMIN+3
root@node1.corpX.un:~# systemctl stop lxc@server
NEW primitive pr_lxc_server systemd:lxc@server group gr_fs_lxc pr_fs_r0 pr_lxc_server OLD primitive pr_lxc_server systemd:lxc@server primitive pr_lxc_server ocf:heartbeat:lxc params container=server config=/var/lib/lxc/server/config order or_lxc_after_fs pr_fs_r0 pr_lxc_server colocation col_lxc_on_drbd inf: pr_lxc_server ms_drbd_r0:Master !!! Похоже порядок в группе имеет значение и здесь ошибка !!! group gr_lxc_fs pr_lxc_server pr_fs_r0 crm_resource --resource pr_lxc_server --cleanup --node node45.bmstu.ru crm resource stop pr_lxc_server crm resource move pr_lxc_server node46.bmstu.ru crm resource move pr_fs_r0 node45.bmstu.ru systemctl start lxc@server /etc/init.d/lxc start server