keepalived+openldap主主模式（Mirror Mode）模式實例

keepalived+openldap主主模式（Mirror Mode）模式實例

---

ps:下面是一個ldap Mirror Mode的實例，做主主複製，如果對此不是太熟悉的話，可以參考：http://407711169.blog.51cto.com/6616996/1529506 。這裏只做了主主模型2臺機器，未在下面做slave的操作。只用keepalived做了高可用。

---

一、keepalived環境搭建

  如上圖，實體ip爲253與254 虛ip爲255 如果對keepalived不太熟悉，參見google

  2臺機器keepalived都需要裝，且只有配置文件不同，所以安裝流程只進行一次演示：

cd /usr/local/src
wget yum -y install openssl-devel    #安裝過程中可能會報openssl依賴庫找不到，所以直接安裝
tar xf keepalived-1.2.13.tar.gz
cd keepalived-1.2.13
./configure
make && make install

#添加開機啓動選項
cp /usr/local/etc/rc.d/init.d/keepalived /etc/rc.d/init.d/
cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/   # 這裏可以在這個文件裏面 添加下 -f /etc/keepalived/keepalived.conf
chkconfig --add keepalived
chkconfig keepalived on

ln -sv /usr/local/etc/keepalived/ /etc/keepalived      #軟連接
#
cd /etc/keepalived/
mkdir scripts        #爲後續檢查腳本做鋪墊

  到這裏，就要進行具體的配置了：

192.168.100.253：

vim /etc/keepalived/keepalived.conf
#下面爲配置文件內容
! Configuration File for keepalived

#全局配置
global_defs {
   notification_email {
        root@localhost
   }
   notification_email_from root@localhost
   smtp_server localhost
   smtp_connect_timeout 30
   router_id NodeAa
}

#檢查規則的步驟
vrrp_script chk_url_fw {
script "sh /etc/keepalived/scripts/urltest.sh"    #兩邊腳本內容可完全相同，
interval 10
weight -2
fall 2
rise 2
}


vrrp_instance VI_1 {
    state MASTER      #設置爲主
    interface eth0    #監聽網卡
    virtual_router_id 128   #2臺keepalived的相同id，用於標示
    priority 100            #優先級
    advert_int 1
    authentication {        #認證方式
        auth_type PASS
        auth_pass 7758521
    }
    virtual_ipaddress {      #虛ip
        192.168.100.255/24 dev eth0 label eth0:0
    }

    track_script {         #檢查健康狀態
    chk_url_fw
    }
  notify_master "/etc/keepalived/scripts/notify.sh master"            #notify腳本，注：253與254的腳本不同！只是名字相同而已
  notify_backup "/etc/keepalived/scripts/notify.sh backup"
  notify_fault "/etc/keepalived/scripts/notify.sh failed"
}

vim /etc/keepalived/scripts/notify.sh
#下面爲內容
#!/bin/bash
#file:100.253
source /etc/profile &> /dev/null
basedir=$(cd `dirname $0`;pwd)

function master() {
        echo "[INFO]-[`date`]-[MASTER]--" >> $basedir/log
        echo "[INFO]-[`date`]-[MASTER]-Start the [sldap server] on 192.168.100.253 " >> $basedir/log
        echo "[INFO]-[`date`]-[MASTER]-Send sms to user : 【info】100.253 start server..." >> $basedir/log
        /usr/bin/expect $basedir/expect.ex "$PHONE" "【info】ldap [100.253]開始運行。"          #發送短信的方式，這裏不做具體解釋了
        echo "[INFO]-[`date`]-[MASTER]---" >> $basedir/log
}

function backup() {
        echo "[INFO]-[`date`]-[SLAVE]--" >> $basedir/log
        echo "[INFO]-[`date`]-[SLAVE]-Close the [sldap server] on 192.168.100.253 " >> $basedir/log
        echo "[INFO]-[`date`]-[SLAVE]-Send sms to user : 【info】100.254 start server..." >> $basedir/log
        /usr/bin/expect $basedir/expect.ex "$PHONE" "【info】passport [100.254]開始運行。"
        echo "[INFO]-[`date`]-[SLAVE]---" >> $basedir/log

}

function failed() {
        /usr/bin/expect $basedir/expect.ex "$PHONE" "【warning】ldap 2臺機器都無法訪問！！！！"
        echo "[INFO]-[`date`]-[ALL]--two machine down!!!!" >> $basedir/log
}

case $1 in
        master)
                master
                ;;
        backup)
                backup
                ;;
        failed)
                failed
                ;;
esac

vim /etc/keepalived/scripts/urltest.sh
#
#!/bin/bash
#
/usr/bin/curl --user user:pass  http://localhost >/tmp/status 2>/dev/null

/bin/grep "auth ok" /tmp/status &> /dev/null

if [ $? -ne 0 ];then
        exit 5
else
        exit 0
fi

192.168.100.254：

 vim /etc/keepalived/keepalived.conf
 ! Configuration File for keepalived

global_defs {
   notification_email {
        root@localhost
   }
   notification_email_from root@localhost
   smtp_server localhost
   smtp_connect_timeout 30
   router_id NodeAa
}

vrrp_script chk_url_fw {
script "sh /etc/keepalived/scripts/urltest.sh"
interval 10
weight -2
fall 2
rise 2
}


vrrp_instance VI_1 {
    state BACKUP        #########從節點
    interface eth0
    virtual_router_id 128
    priority 99            ###優先級
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 7758521
    }
    virtual_ipaddress {
        192.168.100.255/24 dev eth0 label eth0:0
    }

    track_script {
    chk_url_fw
    }
  notify_master "/etc/keepalived/scripts/notify.sh master"
  notify_backup "/etc/keepalived/scripts/notify.sh backup"
  notify_fault "/etc/keepalived/scripts/notify.sh failed"
}

vim /etc/keepalived/scripts/notify.sh
#下面爲內容
#!/bin/bash
#
source /etc/profile &> /dev/null
basedir=$(cd `dirname $0`;pwd)

function master() {
        echo "[INFO]-[`date`]-[SLAVE]--" >> $basedir/log
        echo "[INFO]-[`date`]-[SLAVE]-Start the [sldap server] on 192.168.100.254 " >> $basedir/log
        echo "[INFO]-[`date`]-[SLAVE]-Send sms to user : 【info】100.254 start server..." >> $basedir/log
        echo "[INFO]-[`date`]-[SLAVE]---" >> $basedir/log
}

function backup() {
        echo "[INFO]-[`date`]-[MASTER]--" >> $basedir/log
        echo "[INFO]-[`date`]-[MASTER]-Close the [sldap server] on 192.168.100.254 " >> $basedir/log
        echo "[INFO]-[`date`]-[MASTER]-Send sms to user : 【info】100.253 start server..." >> $basedir/log
        echo "[INFO]-[`date`]-[MASTER]---" >> $basedir/log
}

function failed() {
        echo "[INFO]-[`date`]-[ALL]--two machine down!!!!" >> $basedir/log
}

case $1 in
        master)
                master
                ;;
        backup)
                backup
                ;;
        failed)
                failed
                ;;
esac

  254的/etc/keepalived/scripts/urltest.sh 與253的相同。

此刻，keepalived已經配置好，先不啓動，先配置ldap。

---

---

ldap安裝的流程這裏就不做演示了，很簡單(yum一下)

重點在配置文件！

192.168.100.253：

vim /etc/openldap/slapd.conf
#下面是精簡的配置，其他的都已經過濾！
include		/etc/openldap/schema/corba.schema
include		/etc/openldap/schema/core.schema
include		/etc/openldap/schema/cosine.schema
include		/etc/openldap/schema/duaconf.schema
include		/etc/openldap/schema/dyngroup.schema
include		/etc/openldap/schema/inetorgperson.schema
include		/etc/openldap/schema/java.schema
include		/etc/openldap/schema/misc.schema
include		/etc/openldap/schema/nis.schema
include		/etc/openldap/schema/openldap.schema
include		/etc/openldap/schema/ppolicy.schema
include		/etc/openldap/schema/collective.schema
allow bind_v2
pidfile		/var/run/openldap/slapd.pid
argsfile	/var/run/openldap/slapd.args
modulepath /usr/lib/openldap
modulepath /usr/lib64/openldap
moduleload syncprov.la
TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
TLSCertificateFile /etc/pki/tls/certs/slapd.pem
TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem
include /etc/openldap/access.conf
database	bdb
suffix		"dc=***,dc=com"                        #請將***替換爲你需要的，下同
rootdn		"cn=Manager,dc=***,dc=com"
rootpw		{SSHA}XVu6fPl/7cFuA8Q8rCQ158wQ32btncGq       #密碼 ，當然可以是明文的 哈哈
directory	/var/lib/ldap
loglevel        256
index objectclass,entryCSN,entryUUID eq


#####這裏纔是重點
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100

serverID    1
syncrepl      rid=002
                     provider=ldap://192.168.100.254
                     bindmethod=simple
                     binddn="cn=Manager,dc=***,dc=com"
                     credentials=密碼   #明文
                     searchbase="dc=****,dc=com"
                     schemachecking=on
                     filter="(objectClass=*)"
                     scope=sub
                     schemachecking=off
                     type=refreshAndPersist
                     retry="60 +"
mirrormode on

192.168.100.254：

vim /etc/openldap/slapd.conf
#下面是精簡的配置，其他的都已經過濾！
include		/etc/openldap/schema/corba.schema
include		/etc/openldap/schema/core.schema
include		/etc/openldap/schema/cosine.schema
include		/etc/openldap/schema/duaconf.schema
include		/etc/openldap/schema/dyngroup.schema
include		/etc/openldap/schema/inetorgperson.schema
include		/etc/openldap/schema/java.schema
include		/etc/openldap/schema/misc.schema
include		/etc/openldap/schema/nis.schema
include		/etc/openldap/schema/openldap.schema
include		/etc/openldap/schema/ppolicy.schema
include		/etc/openldap/schema/collective.schema
allow bind_v2
pidfile		/var/run/openldap/slapd.pid
argsfile	/var/run/openldap/slapd.args
modulepath /usr/lib/openldap
modulepath /usr/lib64/openldap
moduleload syncprov.la
TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
TLSCertificateFile /etc/pki/tls/certs/slapd.pem
TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem
include /etc/openldap/access.conf
database	bdb
suffix		"dc=***,dc=com"
rootdn		"cn=Manager,dc=***,dc=com"
rootpw		{SSHA}XVu6fPl/7cFuA8Q8rCQ158wQ32btncGq
directory	/var/lib/ldap
loglevel        256
index objectclass,entryCSN,entryUUID eq




overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
serverID    2


syncrepl      rid=002
                     provider=ldap://192.168.100.253
                     bindmethod=simple
                     binddn="cn=Manager,dc=***,dc=com"
                     credentials=密碼  #明文
                     searchbase="dc=***,dc=com"
                     schemachecking=on
                     filter="(objectClass=*)"
                     scope=sub
                     schemachecking=off
                     type=refreshAndPersist
                     retry="60 +"
mirrormode on

---

---

配置好，重點來了！！！

  你直接啓動ldap(/etc/init.d/slapd start)是不讀新的配置的，以我暫且的閱歷來講是發現這麼個情況的！

所以，要這樣

#刪除就得配置緩存（暫且這麼理解吧）
rm -rf /etc/openldap/slapd.d/*
#生成新的
slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/
chown -R ldap.ldap /etc/openldap/slapd.d

然後就好了，然後你就可以啓動ldap服務啦，

然後你就可以啓動keepalived服務啦。

然後你就可以停掉一遍測試服務啦。

PS：2臺服務器都需搭建http服務，同樣也是搞2套一模一樣的即可！如果你使用web服務工具的話！