……
3 月 272014
3 月 262014
heartbeat – Messaging and membership subsystem for High-Availability Linux
heartbeat-devel – Heartbeat development package
heartbeat-libs – Heartbeat libraries
修改主机名和hosts指向
[root@localhost ~]# vi /etc/sysconfig/network
NETWORKING=yes
#HOSTNAME=localhost.localdomain
HOSTNAME=ha01
[root@localhost ~]# vi /etc/hosts
192.168.2.217 ha01
192.168.2.218 ha02
[root@localhost ~]# init 6
[root@ha01 ~]# yum install httpd mysql-server
[root@ha01 ~]# yum install epel-release-6-8.noarch.rpm
[root@ha01 ~]# yum install heartbeat
查看说明文档并复制示例配置文件
[root@ha01 ~]# ls /usr/share/doc/heartbeat-3.0.4/
apphbd.cf AUTHORS COPYING ha.cf README
authkeys ChangeLog COPYING.LGPL haresources
[root@ha01 ~]#
[root@ha01 ~]# cd /usr/share/doc/heartbeat-3.0.4/
[root@ha01 heartbeat-3.0.4]# cp authkeys /etc/ha.d/
[root@ha01 heartbeat-3.0.4]# cp ha.cf /etc/ha.d/
[root@ha01 heartbeat-3.0.4]# cp haresources /etc/ha.d/
[root@ha02 ~]# vi /etc/ha.d/ha.cf
debugfile /var/log/ha-debug
logfile /var/log/ha-log
logfacility local0
keepalive 2
deadtime 30
warntime 10
initdead 120
udpport 694
bcast eth0
auto_failback on
watchdog /dev/watchdog
node ha01
node ha02
ping 192.168.1.254
respawn hacluster /usr/lib64/heartbeat/ipfail
apiauth ipfail gid=haclient uid=hacluster
[root@ha01 ~]# vi /etc/ha.d/haresources
ha01 192.168.2.100 mysqld httpd
[root@ha02 ~]# vi /etc/ha.d/authkeys
#auth 1
#1 crc
#2 sha1 HI!
#3 md5 Hello!
auth 1
1 crc
[root@ha02 ~]# chmod 600 /etc/ha.d/authkeys
错误分析
heartbeat: udpport setting must precede media statementsheartbeat[1495]: 2014/03/28_17:24:50 ERROR: Bad permissions on keyfile
[/etc/ha.d//authkeys], 600 recommended.
[root@ha01 ~]# echo “hello ha01 is here” >/var/www/html/index.html
[root@ha02 ~]# echo “hello ha02 is here” >/var/www/html/index.html
启动heartbeat服务
[root@ha01 log]# service heartbeat start
Starting High-Availability services: INFO: Resource is stopped
Done.
[root@ha01 log]#
确认虚拟IP的生成和服务的启动
C:\Users\Harvey Mei>ping 192.168.2.100 -t
正在 Ping 192.168.2.100 具有 32 字节的数据:
来自 192.168.3.10 的回复: 无法访问目标主机。
来自 192.168.3.10 的回复: 无法访问目标主机。
来自 192.168.3.10 的回复: 无法访问目标主机。
来自 192.168.3.10 的回复: 无法访问目标主机。
来自 192.168.3.10 的回复: 无法访问目标主机。
来自 192.168.2.100 的回复: 字节=32 时间=2478ms TTL=64
来自 192.168.2.100 的回复: 字节=32 时间<1ms TTL=64
来自 192.168.2.100 的回复: 字节=32 时间<1ms TTL=64
来自 192.168.2.100 的回复: 字节=32 时间<1ms TTL=64
来自 192.168.2.100 的回复: 字节=32 时间<1ms TTL=64
来自 192.168.2.100 的回复: 字节=32 时间<1ms TTL=64
来自 192.168.2.100 的回复: 字节=32 时间<1ms TTL=64
来自 192.168.2.100 的回复: 字节=32 时间=1ms TTL=64
来自 192.168.2.100 的回复: 字节=32 时间<1ms TTL=64
来自 192.168.2.100 的回复: 字节=32 时间<1ms TTL=64
192.168.2.100 的 Ping 统计信息:
数据包: 已发送 = 46,已接收 = 46,丢失 = 0 (0% 丢失),
往返行程的估计时间(以毫秒为单位):
最短 = 0ms,最长 = 2478ms,平均 = 247ms
Control-C
^C
C:\Users\Harvey Mei>
通过日志确认heartbeat工作状态
[root@ha01 ~]# less /var/log/ha-debug
获取虚拟IP和启动后台服务
Mar 28 16:26:41 ha01 heartbeat: [2605]: debug: notify_world: setting SIGCHLD Han
dler to SIG_DFL
harc(default)[2605]: 2014/03/28_16:26:41 info: Running /etc/ha.d//rc.d/ip-req
uest-resp ip-request-resp
ip-request-resp(default)[2605]: 2014/03/28_16:26:41 received ip-request-resp 192.168.2.100 OK yes
ResourceManager(default)[2628]: 2014/03/28_16:26:41 info: Acquiring resource group: ha01 192.168.2.100 mysqld httpd
Mar 28 16:26:41 ha01 ipfail: [2449]: debug: Setting message filter mode
/usr/lib/ocf/resource.d//heartbeat/IPaddr(IPaddr_192.168.2.100)[2656]: 2014/03/28_16:26:41 INFO: Resource is stopped
ResourceManager(default)[2628]: 2014/03/28_16:26:41 info: Running /etc/ha.d/resource.d/IPaddr 192.168.2.100 start
IPaddr(IPaddr_192.168.2.100)[2754]: 2014/03/28_16:26:42 INFO: Adding inet address 192.168.2.100/22 with broadcast address
192.168.3.255 to device eth0
IPaddr(IPaddr_192.168.2.100)[2754]: 2014/03/28_16:26:42 INFO: Bringing device eth0 up
IPaddr(IPaddr_192.168.2.100)[2754]: 2014/03/28_16:26:42 INFO: /usr/libexec/heartbeat/send_arp -i 200 -r 5 -p
/var/run/resource-agents/send_arp-192.168.2.100 eth0 192.168.2.100 auto not_used not_used
/usr/lib/ocf/resource.d//heartbeat/IPaddr(IPaddr_192.168.2.100)[2740]: 2014/03/28_16:26:42 INFO: Success
INFO: Success
ResourceManager(default)[2628]: 2014/03/28_16:26:42 info: Running /etc/init.d/mysqld start
Mar 28 16:26:42 ha01 ipfail: [2449]: debug: Starting node walk
Mar 28 16:26:42 ha01 ipfail: [2449]: debug: Cluster node: 192.168.1.254: status: ping
Starting mysqld: [ OK ]
ResourceManager(default)[2628]: 2014/03/28_16:26:43 info: Running /etc/init.d/httpd start
Starting httpd: httpd: Could not reliably determine the server’s fully qualified domain name, using 192.168.2.217 for
ServerName
[ OK ]
在启动ha01后检测h01与ha02状态
Mar 28 16:26:43 ha01 ipfail: [2449]: debug: Cluster node: ha02: status: dead
Mar 28 16:26:43 ha01 ipfail: [2449]: debug: [They are ha02]
Mar 28 16:26:44 ha01 ipfail: [2449]: debug: Cluster node: ha01: status: active
启动Ha02后通过日志查看对ha01的检测状态
Mar 28 17:25:17 ha02 ipfail: [1635]: debug: [We are ha02]
Mar 28 17:25:18 ha02 heartbeat: [1624]: info: Status update for node ha01: status active
Mar 28 17:25:18 ha02 heartbeat: [1624]: info: ha01 wants to go standby [foreign]
Mar 28 17:25:20 ha02 ipfail: [1635]: debug: [They are ha01]
Mar 28 17:25:20 ha02 ipfail: [1635]: debug: Setting message signal
Mar 28 17:25:21 ha02 ipfail: [1635]: debug: Waiting for messages…
Mar 28 17:25:22 ha02 ipfail: [1635]: debug: Other side is now stable.
Mar 28 17:25:22 ha02 ipfail: [1635]: info: Status update: Node ha01 now has status active
切换测试
持续ping 192.168.2.100并切断ha01网络连接
[root@ha01 ~]# ifdown eth0
通过日志确认ha02发现ha01不可达并接管服务
Mar 28 17:34:16 ha02 heartbeat: [1624]: WARN: node ha01: is dead
Mar 28 17:34:16 ha02 heartbeat: [1624]: WARN: No STONITH device configured.
Mar 28 17:34:16 ha02 heartbeat: [1624]: WARN: Shared disks are not protected.
Mar 28 17:34:16 ha02 heartbeat: [1624]: info: Resources being acquired from ha01.
Mar 28 17:34:16 ha02 heartbeat: [1624]: info: Link ha01:eth0 dead.
Mar 28 17:34:16 ha02 ipfail: [1635]: info: Status update: Node ha01 now has status dead
harc(default)[2130]: 2014/03/28_17:34:16 info: Running /etc/ha.d//rc.d/status status
mach_down(default)[2167]: 2014/03/28_17:34:16 info: /usr/share/heartbeat/mach_down: nice_failback: foreign resources
acquired
mach_down(default)[2167]: 2014/03/28_17:34:16 info: mach_down takeover complete for node ha01.
Mar 28 17:34:16 ha02 heartbeat: [1624]: info: mach_down takeover complete.
Mar 28 17:34:16 ha02 ipfail: [1635]: info: NS: We are still alive!
/usr/lib/ocf/resource.d//heartbeat/IPaddr(IPaddr_192.168.2.100)[2198]: 2014/03/28_17:34:16 INFO: Running OK
Mar 28 17:34:16 ha02 heartbeat: [2131]: info: Local Resource acquisition completed.
Mar 28 17:34:16 ha02 ipfail: [1635]: info: Link Status update: Link ha01/eth0 now has status dead
Mar 28 17:34:18 ha02 ipfail: [1635]: info: Asking other side for ping node count.
Mar 28 17:34:18 ha02 ipfail: [1635]: info: Checking remote count of ping nodes.
ha01的日志记录
Mar 28 17:34:23 ha01 heartbeat: [2446]: ERROR: glib: Error sending packet: Network is unreachable
Mar 28 17:34:23 ha01 heartbeat: [2446]: info: glib: euid=0 egid=0
Mar 28 17:34:23 ha01 heartbeat: [2446]: ERROR: write_child: write failure on ping 192.168.1.254.: Network is unreachable
Mar 28 17:34:25 ha01 heartbeat: [2446]: ERROR: glib: Error sending packet: Network is unreachable
3 月 202014
[root@localhost ~]# ping 192.168.197.200 -c 4
PING 192.168.197.200 (192.168.197.200) 56(84) bytes of data.
64 bytes from 192.168.197.200: icmp_seq=0 ttl=255 time=0.496 ms
64 bytes from 192.168.197.200: icmp_seq=1 ttl=255 time=1.17 ms
64 bytes from 192.168.197.200: icmp_seq=2 ttl=255 time=0.483 ms
64 bytes from 192.168.197.200: icmp_seq=3 ttl=255 time=1.36 ms
— 192.168.197.200 ping statistics —
4 packets transmitted, 4 received, 0% packet loss, time 3001ms
rtt min/avg/max/mdev = 0.483/0.879/1.368/0.397 ms, pipe 2
[root@localhost ~]#
[root@localhost ~]# ping 113.106.92.180 -c 4
connect: Network is unreachable
[root@localhost ~]#
[root@localhost ~]# ping www.qq.com
ping: unknown host www.qq.com
[root@localhost ~]#
[root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
# Please read /usr/share/doc/initscripts-*/sysconfig.txt
# for the documentation of these parameters.
ONBOOT=yes
USERCTL=no
IPV6INIT=no
PEERDNS=yes
GATEWAY=192.168.197.200
TYPE=Ethernet
DEVICE=eth0
HWADDR=00:1a:64:6f:4f:33
BOOTPROTO=none
NETMASK=255.255.255.0
IPADDR=192.168.197.5
[root@localhost ~]#
[root@localhost ~]# cat /etc/resolv.conf
nameserver 8.8.8.8
nameserver 8.8.4.4
[root@localhost ~]#
[root@localhost ~]# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=localhost.com.hk
[root@localhost ~]#
[root@localhost ~]# ip route
192.168.197.0/24 dev eth0 proto kernel scope link src 192.168.197.5
[root@localhost ~]#
[root@lb01 conf]# ip route
192.168.197.0/24 dev eth0 proto kernel scope link src 192.168.197.65
169.254.0.0/16 dev eth0 scope link metric 1002
default via 192.168.197.200 dev eth0
[root@lb01 conf]#
[root@localhost ~]# service network restart
Shutting down interface eth0: [ OK ]
Shutting down loopback interface: [ OK ]
Setting network parameters: [ OK ]
Bringing up loopback interface: [ OK ]
Bringing up interface eth0: [ OK ]
[root@localhost ~]#
[root@localhost ~]# ip route
192.168.197.0/24 dev eth0 proto kernel scope link src 192.168.197.5
169.254.0.0/16 dev eth0 scope link
default via 192.168.197.200 dev eth0
[root@localhost ~]#
[root@localhost ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:1A:64:6F:4F:33
inet addr:192.168.197.5 Bcast:192.168.197.255 Mask:255.255.255.0
inet6 addr: fe80::21a:64ff:fe6f:4f33/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:670 errors:0 dropped:0 overruns:0 frame:0
TX packets:690 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:174196 (170.1 KiB) TX bytes:428433 (418.3 KiB)
Interrupt:169
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:266497 errors:0 dropped:0 overruns:0 frame:0
TX packets:266497 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:39985115 (38.1 MiB) TX bytes:39985115 (38.1 MiB)
[root@localhost ~]#
3 月 192014
使用IP 192.168.197.111主机上的浏览器访问
非正常前端与后端日志
192.168.197.111 - - [20/Mar/2014:16:11:47 +0800] "GET /tools/ajax/getNaviImgImage.ajax.php?file=19253527240ec31dd4a650e190f66cc28551d973.jpg HTTP/1.1" 200 24571 "http://hk.linuxcache.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.154 Safari/537.36"
192.168.197.65 - - [20/Mar/2014:16:11:40 +0800] "GET /tools/ajax/getNaviImgImage.ajax.php?file=19253527240ec31dd4a650e190f66cc28551d973.jpg HTTP/1.0" 200 24558 "http://hk.linuxcache.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.154 Safari/537.36"
正常前端与后端日志
192.168.197.111 - - [20/Mar/2014:17:52:42 +0800] "GET /fav2.ico HTTP/1.1" 200 3638 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.154 Safari/537.36"
192.168.197.111 - - [20/Mar/2014:17:52:35 +0800] "GET /fav2.ico HTTP/1.0" 200 3638 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.154 Safari/537.36"
Nginx主机配置文件部分
location / { #root html; #index index.html index.htm; proxy_pass http://apache; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; }
下载
http://www.stderr.net/apache/rpaf/download/mod_rpaf-0.6.tar.gz
[root@http02 mod_rpaf-0.6]# yum install httpd-devel
[root@http02 mod_rpaf-0.6]# apxs -i -c -n mod_rpaf-2.0.so mod_rpaf-2.0.c
[root@http02 mod_rpaf-0.6]# ls /usr/lib64/httpd/modules/mod_rpaf-2.0.so
/usr/lib64/httpd/modules/mod_rpaf-2.0.so
[root@http02 mod_rpaf-0.6]#
RPAFenable On
# Enable reverse proxy add forward
RPAFproxy_ips 127.0.0.1 10.0.0.1
# which ips are forwarding requests to us
RPAFsethostname On
# let rpaf update vhost settings
# allows to have the same hostnames as in the “real”
# configuration for the forwarding Apache
RPAFheader X-Forwarded-For
# Allows you to change which header mod_rpaf looks
# for when trying to find the ip the that is forwarding
# our requests
#201403191741 nginx proxy
LoadModule rpaf_module modules/mod_rpaf-2.0.so
RPAFenable On
RPAFproxy_ips 127.0.0.1 10.0.0.1
RPAFsethostname On
RPAFheader X-Forwarded-For
RPAFenable On
RPAFproxy_ips 192.168.197.65
RPAFsethostname On
RPAFheader X-Forwarded-For
[root@http02 mod_rpaf-0.6]# apachectl graceful
httpd: Could not reliably determine the server’s fully qualified domain name, using http02.hk.linuxcache-cloud.net for ServerName
[root@http02 mod_rpaf-0.6]#
3 月 192014
通过Nginx进行反向代理后,仅能访问基于主机名的多个Virtual Host中的默认主机
cn.linuxcache.com
tw.linuxcache.com
hk.linuxcache.com
location / {
#root html;
#index index.html index.htm;
proxy_pass http://apache;
proxy_set_header Host $host;
}
错误分析
2014/03/20 15:24:16 [error] 28803#0: *237 upstream sent too big header while reading response header from upstream, client: 192.168.197.111, server: 192.168.197.65, request: “GET / HTTP/1.1”, upstream: “http://192.168.197.62:80/”, host: “cn.linuxcache.com”
proxy_buffer_size 128k;
proxy_buffers 32 32k;
proxy_busy_buffers_size 128k;
错误分析
3 月 182014
[root@ftp vmware-tools-distrib]# ./vmware-install.pl
A previous installation of VMware Tools has been detected.
The previous installation was made by the tar installer (version 4).
Keeping the tar4 installer database format.
You have a version of VMware Tools installed. Continuing this install will
first uninstall the currently installed version. Do you wish to continue?
(yes/no) [yes]
Error: Unable to find the binary installation directory (answer BINDIR)
in the installer database file “/etc/vmware-tools/locations”.
Uninstall failed. Please correct the failure and re run the install.
Execution aborted.
[root@ftp vmware-tools-distrib]#
[root@ftp bin]# ./vmware-uninstall-tools.pl
Uninstalling the tar installation of VMware Tools.
The removal of VMware Tools 8.6.11 build-1310128 for Linux completed
successfully. Thank you for having tried this software.
[root@ftp bin]#
3 月 182014
3 月 182014
192.168.197.55
192.168.197.59
yum update
[root@localhost ~]# mkdir /ftpmount
[root@localhost ~]# mkdir -p /ftpmount/linuxcache/www
[root@localhost ~]# yum install nfs-utils
[root@localhost ~]# mount -t nfs 192.168.197.59:/data/linuxcache/www /ftpmount/linuxcache/www/
[root@localhost ~]# vi /etc/fstab
192.168.197.59:/data/linuxcache/www /ftpmount/linuxcahe/www nfs defaults 0 0
[root@localhost ~]# vi /etc/sysconfig/network
HOSTNAME=ftp.hk.linuxcache-cloud.net
192.168.197.55 ftp ftp.hk.linuxcache-cloud.net
[root@ftp ~]# yum install vsftpd
[root@ftp vsftpd]# cp vsftpd.conf vsftpd.conf.backup
#201403191322
guest_enable=YES
guest_username=nfsnobody
user_config_dir=/etc/vsftpd/users
[root@ftp vsftpd]# vi /etc/pam.d/vsftpd
#%PAM-1.0
#session optional pam_keyinit.so force revoke
#auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed
#auth required pam_shells.so
#auth include password-auth
#account include password-auth
#session required pam_loginuid.so
#session include password-auth
auth required pam_userdb.so db=/etc/vsftpd/vftpuser
account required pam_userdb.so db=/etc/vsftpd/vftpuser
[root@ftp vsftpd]# vi vftpuser.txt
vftpuser01
vftptgbyhn
[root@ftp vsftpd]# db_load -T -t hash -f /etc/vsftpd/vftpuser.txt /etc/vsftpd/vftpuser.db
[root@ftp vsftpd]#
[root@ftp vsftpd]# chmod 600 vftpuser.*
[root@ftp vsftpd]# pwd
/etc/vsftpd
[root@ftp vsftpd]# mkdir users
[root@ftp vsftpd]# vi users/vftpuser01
local_root=/ftpmount/linuxcache/www
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
anon_umask=022
[root@ftp ~]# chkconfig –list vsftpd
vsftpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
[root@ftp ~]# chkconfig –level 35 vsftpd on
[root@ftp ~]# iptables -I INPUT -p tcp –dport 21 -j ACCEPT
3 月 052014
……
[root@http01 ~]# yum install wget
[root@http01 ~]# wget http://cronolog.org/download/cronolog-1.6.2.tar.gz
[root@http01 cronolog-1.6.2]# yum install gcc
[root@http01 cronolog-1.6.2]# ./configure –prefix=/usr/local/cronolog
[root@http01 cronolog-1.6.2]# make
[root@http01 cronolog-1.6.2]# make install
相关下载:
(1) Cronolog 1.6.2
3 月 042014
ESXi主机网卡接口绑定并加入VLAN以后,虚拟机端口组也需要加入VLAN,否则虚拟机网络无法通信
