0.实验环境图
1.配置灾复存储卷
直接格式化磁盘,创建挂载目录,编辑挂载配置文件,挂载,查看文件系统。创建存储卷,启动存储卷。
[root@servere ~]# mkfs.xfs -i size=512 /dev/vdb2
meta-data=/dev/vdb2 isize=512 agcount=4, agsize=655296 blks
= sectsz=512 attr=2, projid32bit=1
= crc=0 finobt=0
data = bsize=4096 blocks=2621184, imaxpct=25
= sunit=0 swidth=0 blks
naming =version 2 bsize=4096 ascii-ci=0 ftype=0
log =internal log bsize=4096 blocks=2560, version=2
= sectsz=512 sunit=0 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0
[root@servere ~]# mkdir -p /bricks/copy
[root@servere ~]# echo "/dev/vdb2 /bricks/copy xfs defaults 0 0" >> /etc/fstab
[root@servere ~]# mount -a
[root@servere ~]# df -Th
Filesystem Type Size Used Avail Use% Mounted on
/dev/vda1 xfs 10G 1.6G 8.5G 16% /
devtmpfs devtmpfs 902M 0 902M 0% /dev
tmpfs tmpfs 920M 0 920M 0% /dev/shm
tmpfs tmpfs 920M 109M 812M 12% /run
tmpfs tmpfs 920M 0 920M 0% /sys/fs/cgroup
tmpfs tmpfs 184M 0 184M 0% /run/user/0
/dev/vdb2 xfs 10G 33M 10G 1% /bricks/copy
[root@servere ~]# gluster volume create testcopy servere:/bricks/copy/testcopy
volume create: testcopy: success: please start the volume to access data
[root@servere ~]# gluster volume start testcopy
volume start: testcopy: success
2.配置服务授权
创建用户组,创建用户,设置密码(后面连接时验证用),创建控制非特权用户挂载的服务目录,将非特权挂载服务指向该目录,指定日志的访问属组,开启非安全访问规则,指定操作存储卷的用户,修改服务目录的授权和属组,修改日志目录的授权和属组,重新启动服务。
[root@servere ~]# groupadd repgrp
[root@servere ~]# useradd -G repgrp georep
[root@servere ~]# echo "redhat" | passwd --stdin georep
Changing password for user georep.
passwd: all authentication tokens updated successfully.
[root@servere ~]# mkdir -m 0711 /var/mountbroker-root
[root@servere ~]# gluster system:: execute mountbroker opt mountbroker-root /var/mountbroker-root
Command executed successfully.
[root@servere ~]# gluster system:: execute mountbroker opt geo-replication-log-group repgrp
Command executed successfully.
[root@servere ~]# gluster system:: execute mountbroker opt rpc-allow-allow-insecure on
Command executed successfully.
[root@servere ~]# gluster system:: execute mountbroker user georep testcopy
Command executed successfully.
[root@servere ~]# chmod -R 770 /var/lib/glusterd/geo-replication/
[root@servere ~]# chmod -R 770 /var/log/glusterfs/geo-replication-slaves/
[root@servere ~]# chgrp -R repgrp /var/lib/glusterd/geo-replication/
[root@servere ~]# chgrp -R repgrp /var/log/glusterfs/geo-replication-slaves/
[root@servere ~]# systemctl restart glusterd
3.配置加密
生成SSH密钥,传递SSH密钥,生成会话通讯密钥,传递会话通讯密钥,执行脚本移动密钥到正确位置。
[root@servera ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
bf:8a:de:38:fe:b6:35:eb:ff:cb:92:fb:5d:a9:13:13 root@servera.lab.example.com
The key's randomart image is:
+--[ RSA 2048]----+
| |
| |
| |
| E |
| S . |
| . o .|
| + .o..|
| .+.. +oo...|
| o=+=++.o**..|
+-----------------+
[root@servera ~]# ssh-copy-id georep@servere
The authenticity of host 'servere (172.25.250.14)' can't be established.
ECDSA key fingerprint is f3:3a:20:c9:5a:cc:cc:f0:44:f7:00:90:03:18:b1:8d.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
georep@servere's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'georep@servere'"
and check to make sure that only the key(s) you wanted were added.
[root@servera ~]# gluster system:: execute gsec_create
Common secret pub file present at /var/lib/glusterd/geo-replication/common_secret.pem.pub
[root@servera ~]# gluster volume geo-replication testvol georep@servere::testcopy create push-pem
Creating geo-replication session between testvol & georep@servere::testcopy has been successful
[root@servere ~]# /usr/libexec/glusterfs/set_geo_rep_pem_keys.sh georep testvol testcopy
Successfully copied file.
Command executed successfully.
4.启动服务
指定主节点,指定管理从节点的账户和从节点,并进行启动。启动后对状态进行查验以确认启动完成。
[root@servera ~]# gluster volume geo-replication testvol georep@servere::testcopy start
Starting geo-replication session between testvol & georep@servere::testcopy has been successful
[root@servera ~]# gluster volume geo-replication testvol georep@servere::testcopy status
MASTER NODE MASTER VOL MASTER BRICK SLAVE USER SLAVE SLAVE NODE STATUS CRAWL STATUS LAST_SYNCED
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------
servera.lab.example.com testvol /bricks/test/testvol_n1 georep georep@servere::testcopy servere Active Changelog Crawl 2019-03-11 20:02:01
serverb.lab.example.com testvol /bricks/test/testvol_n2 georep georep@servere::testcopy servere Active Changelog Crawl 2019-03-11 20:02:04