[root@rs1 ~]# yum install -y ntp #安装服务
[root@rs1 ~]# ntpdate time.windows.com #同步时间(前提是虚拟机可以联网)
[root@rs1 ~]# crontab -e #修改cron表,设置每30分钟更新矫正一次时间
*/30 * * * * /sbin/ntpdate time.windows.com &> /dev/null
[root@rs1 ~]# systemctl restart ntpd
#下面的可以省略,也可以直接ntpdate IP地址
[root@rs1 ~]# vim /etc/hosts
…
192.168.43.10 rs1
192.168.43.20 rs2
[root@rs2 ~]# yum install -y ntp
[root@rs2 ~]# vi /etc/hosts
…
192.168.43.10 rs1
192.168.43.20 rs2
[root@rs2 ~]# crontab -e
*/30 * * * * /sbin/ntpdate rs1
[root@rs2 ~]# ntpdate rs1
7 May 11:22:15 ntpdate[4434]: adjust time server 192.168.43.10 offset 0.046371 sec
测试:
[root@rs1 ~]# ssh rs2 ‘date’;date
root@rs2’s password:
Thu May 7 11:26:54 EDT 2020
Thu May 7 11:26:54 EDT 2020
3.配置防火墙允许集群组件通过(rs1和rs2都做)
[root@rs1 ~]# systemctl start firewalld
[root@rs1 ~]# systemctl enable firewalld
Created symlink from /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service to /usr/lib/systemd/system/firewalld.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/firewalld.service to /usr/lib/systemd/system/firewalld.service.
[root@rs1 ~]# firewall-cmd --permanent --add-service=high-availability
success
[root@rs1 ~]# firewall-cmd --reload
success
4.配置pcs守护程序
[root@rs1 ~]# systemctl start pcsd
[root@rs1 ~]# systemctl enable pcsd
Created symlink from /etc/systemd/system/multi-user.target.wants/pcsd.service to /usr/lib/systemd/system/pcsd.service.
[root@rs2 ~]# systemctl start pcsd
[root@rs2 ~]# systemctl enable pcsd
Created symlink from /etc/systemd/system/multi-user.target.wants/pcsd.service to /usr/lib/systemd/system/pcsd.service.
5.配置hacluster账户密码
安装软件包的时候会自动创建一个hacluster账户,它的密码是禁用的。这个用户用于群集间通信的身份验证
必须在每个节点上设置密码以启用此账户。
[root@rs1 ~]# echo “a” | passwd --stdin hacluster
Changing password for user hacluster.
passwd: all authentication tokens updated successfully.
[root@rs2 ~]# echo “a” | passwd --stdin hacluster
Changing password for user hacluster.
passwd: all authentication tokens updated successfully.
6.集群及Pacemaker配置文件
群集的创建
1认证组成集群的节点
2配置和同步集群节点
3在集群节点中启动集群服务
1认证组成集群的节点
在任意一个节点上验证所有的节点
使用前面设置的hacluster账户
注意iptables规则
语法:pcs cluster auth node1 node2 noden -u username -p passwd
例:[root@rs1 ~]# pcs cluster auth rs1 rs2
Username: hacluster
Password:
rs1: Authorized
rs2: Authorized