NFS+keepalive+Rsync高可用
服务器信息:(centos7)
fs01:192.168.29.177
fs02:192.168.29.178
vip:192.168.29.176
client:192.168.29.198
1.安装所需工具
yum install -y rsync inotify-tools nfs-utils rpcbind keepalived
2.配好相互公钥
用于rsync免密文件同步 略…
3.防火墙&selinux…
setenforce 0
sed -i '/^SELINUX=/c SELINUX=disabled' /etc/selinux/config
systemctl stop firewalld
systemctl disable firewalld
ulimit -n
echo "* - nofile 50000" >> /etc/security/limits.conf
------hosts解析-------
192.168.29.177 fs01 node01 master
192.168.29.178 fs02 node02 slave
4.上传脚本
chmod +x *.sh
check_nfs.sh
#!/bin/bash
systemctl status nfs &> /dev/null
if [ $? -eq 0 ];then
exit 0
else
systemctl restart nfs &> /dev/null
fi
sleep 1
systemctl status nfs &> /dev/null
if [ $? -eq 0 ];then
exit 0
else
cat /etc/keepalived/rsync.pid | xargs kill -9
ps -ef | grep -v grep |grep /etc/keepalived/rsync.sh | awk '{printf $2}' | xargs kill -9
exit 1
fi
notify.sh
#!/bin/bash
FS_DIR=/opt/fs
case $1 in
master)
nohup sh /etc/keepalived/rsync.sh &>/dev/null &
;;
backup)
ps -ef | grep -v grep |grep /etc/keepalived/rsync.sh | awk '{printf $2}' | xargs kill -9
cat /etc/keepalived/rsync.pid | xargs kill -9
ps -ef | grep -v grep |grep inotifywait | grep "$FS_DIR" | awk '{printf $2}'| xargs kill -9
;;
*)
echo "Usage: $(basename $0) {master|backup|fault}"
exit 1
;;
esac
rsync.sh
#!/bin/bash
cat /etc/keepalived/rsync.pid | xargs kill -9
ps -ef | grep -v grep |grep -E "inotifywait|/opt/fs" | awk '{printf $2}' | xargs kill -9
echo $$ > /etc/keepalived/rsync.pid
dir_src=/opt/fs
inotifywait -mrq --format '%T%e%w%f' --timefmt '%d/%m/%y %H:%M' -e modify,create,attrib ${dir_src} |\
while read line
do
rsync -zva ${dir_src}/ fs@fs02:${dir_src}
done
exit 1
5.配置keepalived
master配置177
! Configuration File for keepalived
global_defs {
notification_email {
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id UMEET_NFS
}
vrrp_script chk_nfs {
script "/etc/keepalived/check_nfs.sh"
interval 2
weight -30
}
vrrp_instance VI_1 {
state MASTER
nopreempt
interface ens160
virtual_router_id 66
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 6666
}
track_script {
chk_nfs
}
virtual_ipaddress {
192.168.29.176
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
}
backup配置178
! Configuration File for keepalived
global_defs {
notification_email {
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id UMEET_NFS
}
vrrp_script chk_nfs {
script "/etc/keepalived/check_nfs.sh"
interval 2
weight -30
}
vrrp_instance VI_1 {
state BACKUP
#nopreempt
interface ens160
virtual_router_id 66
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 6666
}
track_script {
chk_nfs
}
virtual_ipaddress {
192.168.29.176
}
notify_master "/etc/keepalived/notify.sh master"
notify_backup "/etc/keepalived/notify.sh backup"
}
注.记录keepalived日志
sed -ir '/^KEEPALIVED_OPTIONS=/s#-D#-D -d -S 0#' /etc/sysconfig/keepalived
echo "local0.* /var/log/keepalived.log" >> /etc/rsyslog.conf
systemctl restart rsyslog
systemctl restart keepalived
systemctl enable keepalived
6.配置NFS
[root@fs01 keepalived]# cat /etc/exports
/opt/fs 192.168.29.0/24(rw,sync,no_root_squash)
systemctl enable nfs
systemctl restart nfs
7.客户端挂载
[root@localhost ~]# yum install -y nfs-utils #客户端也需安装
[root@localhost ~]# showmount -e 192.168.29.176
Export list for 192.168.29.176:
/opt/fs 192.168.29.0/24
[root@localhost ~]# mount.nfs 192.168.29.176:/opt/fs /opt/mount/
[root@localhost ~]# df -h
Filesystem Size Used Avail Use% Mounted on
devtmpfs 4.0G 0 4.0G 0% /dev
tmpfs 4.0G 0 4.0G 0% /dev/shm
tmpfs 4.0G 25M 3.9G 1% /run
tmpfs 4.0G 0 4.0G 0% /sys/fs/cgroup
/dev/mapper/centos-root 90G 1.6G 89G 2% /
/dev/sda1 237M 106M 131M 45% /boot
tmpfs 802M 0 802M 0% /run/user/0
192.168.29.176:/opt/fs 90G 1.5G 89G 2% /opt/mount
开机挂载
echo "mount.nfs 192.168.29.176:/opt/fs /opt/mount/" >> /etc/rc.d/rc.local
chmod +x /etc/rc.d/rc.local
尝试读写
[root@localhost ~]# echo client > /opt/mount/client.txt
[root@localhost ~]# cat /opt/mount/client.txt
client
8.NFS安全
黑白名单限制(两台都要配置)
[root@fs01 ~]# cat /etc/hosts.allow
mountd:192.168.29.181,192.168.29.33,192.168.29.44:allow
rpcbind:192.168.29.181,192.168.29.33,192.168.29.44:allow
[root@fs01 ~]# cat /etc/hosts.deny
mountd:all:deny
rpcbind:ALL:deny