drbd+keepalived高可用nfs
[email protected]黑暗陽光
實驗環境:三臺centos7.2虛擬機器
網路配置:192.168.1.73 (測試主機),192.168.1.74和192.168.1.75 (用來實現高可用nfs)
實驗前配置:關閉iptables和selinux服務,主機要時間同步,配置nfs的兩臺主機要實現基於金鑰的ssh認證。
#192.168.1.74主機上的配置
一.配置nfs服務
1.安裝nfs管理工具nfs-utils(因為nfs是編譯進核心的,所以不用單獨安裝)
[[email protected] ~]# yum install nfs-utils -y
2.建立nfs共享目錄
[
3.編輯nfs配置檔案(/etc/exports檔案)
檔案中的配置:
/data 192.168.1.0/24(rw)
4.啟動nfs
[[email protected] ~]# systemctl start nfs
二.配置drbd (這裡利用兩塊大小相同分割槽來實驗)
在192.168.1.74主機上做以下配置
1.用fdisk建立一塊5G大小的分割槽
2.用yum命令安裝drbd84-utils和kmod-drbd84軟體包,因為這兩個軟體包在elrepo源,所以先要安裝elrepo源
[[email protected]
[[email protected] ~]# rpm -Uvh https://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm
[[email protected] ~]# yum install drbd84-utils kmod-drbd84 -y
安裝elrepo源時若遇到這個錯誤提示,curl: (60) Peer’s Certificate has expired.說明主機時間不對,需要同步時間
[
3.重啟系統,載入新核心
4.編輯drbd配置檔案,一共要編輯兩個檔案,/etc/drbd.d/global_common.conf和/etc/drbd.d/nfs.res
/etc/drbd.d/global_common.conf檔案內容如下:
global {
usage-count no; (關閉drbd的自動報告功能,它會連線drbd官方,自動傳送使用中的一些問題情況)
}
common {
handlers {
該配置段不要設定什麼,都為註釋內容,因為太多了,這裡就不展示了
}
startup {
# wfc-timeout degr-wfc-timeout outdated-wfc-timeout wait-after-sb
}
options {
# cpu-mask on-no-data-accessible
# RECOMMENDED for three or more storage nodes with DRBD 9:
# quorum majority;
# on-no-quorum suspend-io | io-error;
}
disk {
# size on-io-error fencing disk-barrier disk-flushes
# disk-drain md-flushes resync-rate resync-after al-extents
# c-plan-ahead c-delay-target c-fill-target c-max-rate
# c-min-rate disk-timeout
on-io-error detach; (當磁碟發生錯誤時,立即拆除)
}
net {
# protocol timeout max-epoch-size max-buffers
# connect-int ping-int sndbuf-size rcvbuf-size ko-count
# allow-two-primaries cram-hmac-alg shared-secret after-sb-0pri
# after-sb-1pri after-sb-2pri always-asbp rr-conflict
# ping-timeout data-integrity-alg tcp-cork on-congestion
# congestion-fill congestion-extents csums-alg verify-alg
# use-rle
cram-hmac-alg "sha1"; (設定加密演算法)
shared-secret "e9Up/JhEjhV9Cw"; (設定加密時的金鑰)
}
syncer {
rate 1024M; (設定磁碟同步時的速率)
}
}
/etc/drbd.d/nfs.res檔案內容如下:
resource nfs {
device /dev/drbd0; (drbd裝置名稱,其中0代表第一組裝置)
disk /dev/sda4; (用來做drbd的磁碟裝置名稱)
meta-disk internal; (drbd裝置的元資料也儲存在該磁碟裝置上)
on nfs1.oldboy.com {
address 192.168.1.74:7789 (drbd服務監聽的IP地址和埠號)
}
on nfs2.oldboy.com {
address 192.168.1.75:7789
}
}
5.初始化drbd裝置資訊
[[email protected] ~]# drbdadm create-md nfs
initializing activity log
initializing bitmap (160 KB) to all zero
Writing meta data…
New drbd meta data block successfully created.
以上所有配置步驟要在192.168.1.75主機上執行一遍,再配置下面的操作
6.在兩臺主機上分別啟動drbd服務
在192.168.1.74上
[[email protected] ~]# systemctl start drbd (啟動時會等待另一臺主機也要開啟服務)
在192.168.1.75上
[[email protected] ~]# systemctl start drbd
檢視啟動狀態:
[[email protected] ~]# drbd-overview (也可以使用cat /proc/drbd)
NOTE: drbd-overview will be deprecated soon.
Please consider using drbdtop.
0:nfs/0 Connected Secondary/Secondary Inconsistent/Inconsistent
(其中Secondary代表兩臺裝置還都是從節點,Inconsistent代表兩臺裝置還沒有進行資料同步)
7.設定192.168.1.74主機為drbd主節點
[[email protected] ~]# drbdadm primary --force nfs
此時再用drbd-overview命令檢視drbd狀態資訊,發現正在同步磁碟資訊
[[email protected] ~]# drbd-overview
NOTE: drbd-overview will be deprecated soon.
Please consider using drbdtop.
0:nfs/0 SyncSource Primary/Secondary UpToDate/Inconsistent
[>…] sync’ed: 7.9% (4720/5116)M
可以使用watch -n1 $(cat /proc/drbd)命令實時檢視同步的進度
8.只在主節點格式化drbd裝置即可,會自動同步到另一臺主機
[[email protected] ~]# mke2fs -t ext4 /dev/drbd0
三.驗證drbd的效果
1.在192.168.1.74主節點上掛載/dev/drbd0裝置到nfs共享目錄/data下
[[email protected] ~]# mount /dev/drbd0 /data
2.修改/data目錄屬主和屬組為nfsnobody使用者
[[email protected] data]# chown nfsnobody.nfsnobody /data
[[email protected] data]# ll -d /data
drwxr-xr-x 3 nfsnobody nfsnobody 4096 Nov 20 22:37 /data
(這裡要特別說明一點:一定到先掛載/dev/drbd0裝置,然後再修改目錄/data的屬主和屬組,因為如果先修改,之後再掛載,屬主和屬組又會發生改變)
3.在192.168.1.73測試主機上掛載192.168.1.74主機上的nfs共享目錄,並建立檔案a.txt
[[email protected] ~]# mount -t nfs 192.168.1.74:/data /mnt
[[email protected] ~]# cd /mnt
[[email protected] mnt]# touch a.txt
[[email protected] mnt]# ls
a.txt lost+found
4.在192.168.1.73主機上解除安裝/mnt
[[email protected] ~]# umount /mnt
5.在192.168.1.74主機上解除安裝/dev/drbd0裝置,並設定該節點為從節點
[[email protected] ~]# systemctl stop nfs (此時解除安裝需要先關閉nfs服務,否則總提示裝置繁忙不能解除安裝)
[[email protected] ~]# umount /drbd0
[[email protected] ~]# drbdadm secondary nfs
[[email protected] ~]# drbd-overview
NOTE: drbd-overview will be deprecated soon.
Please consider using drbdtop.
0:nfs/0 Connected Secondary/Secondary UpToDate/UpToDate
6.在192.168.1.75主機上設定該節點為drbd主節點,並掛載/dev/drbd0裝置到nfs共享目錄/data下
[[email protected] ~]# drbdadm primary nfs
[[email protected] ~]# drbd-overview
NOTE: drbd-overview will be deprecated soon.
Please consider using drbdtop.
0:nfs/0 Connected Primary/Secondary UpToDate/UpToDate
[[email protected] ~]# mount /dev/drbd0 /data
7.檢視/data目錄下
[[email protected] ~]# ls /data
a.txt lost+found (已有a.txt,說明drbd同步成功)
四.配置keepalived
1.在192.168.1.74主機上配置:
/etc/keepalived/keepalived.conf檔案內容如下:
global_defs {
notification_email {
[email protected]
[email protected]
[email protected]
}
notification_email_from [email protected]
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id NFS (id修改為NFS,也可以是其他名字,只是一個標識)
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18 (這條指令可以不設定,因為預設使用的組播地址就是該地址)
}
vrrp_script chk_nfs { (這裡定義指令碼配置段)
script "/etc/keepalived/chk_nfs.sh" (指令碼檔案的路徑)
interval 1 (多長時間檢測一次)
}
vrrp_instance VI_1 {
state MASTER
interface eno16777736
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass AVBHKWRKn+aamk9x
}
virtual_ipaddress {
192.168.1.200 dev eno16777736 iflabel eno16777736:0
}
track_script { (指令碼生效配置段)
chk_nfs (這裡是vrrp_script配置段的名字)
}
notify_master "/etc/keepalived/notify_ms.sh master" (定義當切換為master時執行的指令碼)
}
/etc/keeplived/chk_nfs.sh指令碼檔案內容: (該指令碼是用來監視nfs服務狀態的)
#!/bin/bash
#
/usr/bin/systemctl status nfs (檢查nfs服務的狀態)
if [ $? -ne 0 ] (判斷上一條指令執行後的返回值,0代表nfs正在執行,1代表nfs已停止)
then
/usr/bin/umount /dev/drbd0 (解除安裝/dev/drbd0裝置)
/usr/sbin/drbdadm secondary nfs (設定該主機drbd狀態為從裝置)
/usr/bin/systemctl stop keepalived (停止keepalived服務)
fi
/etc/keepalived/notify_ms.sh指令碼檔案內容: (此指令碼是用來當該節點變為master狀態時,要執行的命令)
#!/bin/bash
#
if [[ "$1" == master ]] (判斷當主機的keepalived狀態為master時)
then
/usr/sbin/iptables -F (清空iptables表)
/usr/sbin/drbdadm primary nfs (設定當前主機drbd狀態為主)
/usr/bin/mount /dev/drbd0 /data (掛載/dev/drbd0到nfs共享目錄/data下)
fi
(這裡解釋一下上面為什麼要清空iptables表,因為keepalived啟動時,會自動在iptables表內新增一條規則,DROP all -- 0.0.0.0/0 0.0.0.0/0 match-set keepalived dst)
2.在192.168.1.75主機上的配置:
/etc/keepalived/keepalived.conf檔案內容如下:
global_defs {
notification_email {
[email protected]
[email protected]
[email protected]
}
notification_email_from [email protected]
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id NFS
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
vrrp_mcast_group4 224.0.0.18
}
vrrp_instance VI_1 {
state BACKUP (設定備用狀態)
interface eno16777736
virtual_router_id 51
priority 95 (優先順序要比主裝置低)
advert_int 1
authentication {
auth_type PASS
auth_pass AVBHKWRKn+aamk9x
}
virtual_ipaddress {
192.168.1.200 dev eno16777736 iflabel eno16777736:0
}
notify_master "/etc/keepalived/notify.sh master" (當該節點切換為master時,執行的指令碼)
notify_backup "/etc/keepalived/notify.sh backup" (當該節點切換為backup時,執行的指令碼)
}
/etc/keepalived/notify.sh master檔案內容如下:
if [[ "$1" == master ]] (判斷keepalived是否為master狀態)
then
/usr/sbin/drbdadm primary nfs (設定該主機的drbd為primary)
/usr/bin/mount /dev/drbd0 /data (掛載/dev/drbd0裝置到nfs共享目錄/data)
/usr/bin/systemctl start nfs (啟動nfs服務)
elif [[ "$1" == backup ]] (判斷keepalived是否為backup狀態)
then
/usr/bin/systemctl stop nfs (停止nfs服務)
/usr/bin/umount /dev/drbd0 (解除安裝/dev/drbd0裝置)
/usr/sbin/drbdadm secondary nfs (設定該主機的drbd為secondary)
fi
五.測試keepalived服務
應該實現的效果是:
(1)192.168.1.74主機(drbd主節點,keepalived主節點),當192.168.1.74主機停止nfs服務後,同時自動切換為drbd從節點,自動關閉keepalived服務。此時,192.168.1.75主機自動轉換為keepalived主裝置,自動設定drbd狀態為primary並啟動nfs
(2)當192.168.1.74主機重新恢復為keepalived主節點後,自動設定drbd狀態為primary,192.168.1.75主機自動關閉nfs服務,自動設定drbd狀態為secondary
1.在測試主機192.168.1.71上測試掛載nfs共享目錄到/mnt目錄
[[email protected] ~]# mount -t nfs 192.168.1.200:/data /mnt
2.檢視/mnt裡測試檔案a.txt內容
[[email protected] ~]# cat /mnt/a.txt
Testing (訪問正常)
3.在192.168.1.74主機上關閉nfs,檢視drbd和keepalived狀態
[[email protected] ~]# drbd-overview (狀態已切換為secondary)
NOTE: drbd-overview will be deprecated soon.
Please consider using drbdtop.
0:nfs/0 Connected Secondary/Primary UpToDate/UpToDate
[[email protected] ~]# systemctl status keepalived (keepalived服務已停止)
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; disabled; vendor preset: disabled)
Active: inactive (dead)
4.在192.168.1.75主機上檢視drbd和keepalived狀態
[[email protected] ~]# drbd-overview (drbd已轉換為primary狀態)
NOTE: drbd-overview will be deprecated soon.
Please consider using drbdtop.
0:nfs/0 Connected Primary/Secondary UpToDate/UpToDate /data ext4 4.8G 20M 4.6G 1%
[[email protected] ~]# ip addr sh eno16777736 (虛擬IP地址已轉換過來)
inet 192.168.1.200/32 scope global eno16777736
valid_lft forever preferred_lft forever
5.在192.168.1.71主機上再進行測試:
[[email protected] ~]# cat /mnt/a.txt (依然可以正常訪問)
Testing
6.在192.168.1.74主機上重新啟動nfs和keepalived服務
[[email protected] ~]# systemctl start nfs
[[email protected] ~]# systemctl start keepalived
[[email protected] ~]# drbd-overview (drbd已轉換為primary)
NOTE: drbd-overview will be deprecated soon.
Please consider using drbdtop.
0:nfs/0 Connected Primary/Secondary UpToDate/UpToDate /data ext4 4.8G 20M 4.6G 1%
[[email protected] ~]# ip addr sh eno16777736 (虛擬IP地址已轉換過來)
inet 192.168.1.200/32 scope global eno16777736
valid_lft forever preferred_lft forever
7.在192.168.1.71主機上再進行測試:
[[email protected] ~]# cat /mnt/a.txt (仍然可以正常訪問)
Testing