基礎環境
| 主機名 | IP地址 | 備註 |
| node201 | 172.20.20.201 | |
| node202 | 172.20.20.202 |
說明:這裏均是root用戶操作
1、基礎環境、LDAP、phpLDAPAdmin 部署(2臺均部署)
注意事項:
a.在兩臺都配置hosts
cat >> /etc/hosts << EOF 172.20.20.201 node201.com www.node201.com node201 172.20.20.202 node202.com www.node202.com node202 EOF
b.各個節點的 ROOT DN和Manager都要統一,不一樣,可能出現問題
例如:node201上的dc=node201,dc=com,node202上的也是一樣,dc=node201,dc=com
c.注意各個node節點上在使用 slappasswd命令時,密碼會不一樣,其他的配置,請參見《LDAP及phpLDAPAdmin部署》
2、啓用syncprov模塊(2臺均操作)
shell> cd /etc/openldap/
shell> vi syncprov_mod.ldif
dn: cn=module,cn=config objectClass: olcModuleList cn: module olcModulePath: /usr/lib64/openldap olcModuleLoad: syncprov.la |
shell> ldapadd -Y EXTERNAL -H ldapi:/// -f syncprov_mod.ldif
shell> vi configrep.ldif
| ### Update Server ID with LDAP URL ### dn: cn=config changetype: modify replace: olcServerID olcServerID: 1 ldap://172.20.20.201 olcServerID: 2 ldap://172.20.20.202 ### Enable replication ### dn: olcOverlay=syncprov,olcDatabase={2}hdb,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: syncprov ### Adding details for replication ### dn: olcDatabase={2}hdb,cn=config changetype: modify add: olcSyncRepl olcSyncRepl: rid=001 provider=ldap://172.20.20.201 binddn="cn=Manager,dc=node201,dc=com" bindmethod=simple credentials=root searchbase="dc=node201,dc=com" type=refreshAndPersist retry="5 5 300 5" timeout=1 olcSyncRepl: rid=002 provider=ldap://172.20.20.202 binddn="cn=Manager,dc=node201,dc=com" bindmethod=simple credentials=root searchbase="dc=node201,dc=com" type=refreshAndPersist retry="5 5 300 5" timeout=1 - add: olcMirrorMode olcMirrorMode: TRUE |
shell> ldapmodify -Y EXTERNAL -H ldapi:/// -f configrep.ldif
3.配置node201的slapd文件(node201上操作)
shell> vi /etc/sysconfig/slapd
# OpenLDAP server configuration # see 'man slapd' for additional information # Where the server will run (-h option) # - ldapi:/// is required for on-the-fly configuration using client tools # (use SASL with EXTERNAL mechanism for authentication) # - default: ldapi:/// ldap:/// # - example: ldapi:/// ldap://127.0.0.1/ ldap://10.0.0.1:1389/ ldaps:/// SLAPD_URLS="ldapi:/// ldap://172.20.20.201 ldap://127.0.0.1" # Any custom options #SLAPD_OPTIONS="" # Keytab location for GSSAPI Kerberos authentication #KRB5_KTNAME="FILE:/etc/openldap/ldap.keytab" |
4.配置node202的slapd文件(node202上操作)
shell> vi /etc/sysconfig/slapd
# OpenLDAP server configuration # see 'man slapd' for additional information # Where the server will run (-h option) # - ldapi:/// is required for on-the-fly configuration using client tools # (use SASL with EXTERNAL mechanism for authentication) # - default: ldapi:/// ldap:/// # - example: ldapi:/// ldap://127.0.0.1/ ldap://10.0.0.1:1389/ ldaps:/// SLAPD_URLS="ldapi:/// ldap://172.20.20.202 ldap://127.0.0.1" # Any custom options #SLAPD_OPTIONS="" # Keytab location for GSSAPI Kerberos authentication #KRB5_KTNAME="FILE:/etc/openldap/ldap.keytab" |
5.重啓slapd服務(2臺均操作)
shell> systemctl restart slapd
6.插入數據驗證
在node201上新增一條記錄,然後查看node202上已經同步過來了
a.在node201上新增記錄
b.在node202上查看記錄
到這裏node201和node202兩個節點同步架構已經部署完成。
最後:
在其兩節點上游,接入LVS/Nginx/HAProxy/阿里雲SLB(建議接入層也是HA架構)。