Centos下DNS+NamedManager高可用部署方案完整记录

之前说到了NamedManager单机版的配置，下面说下DNS+NamedManager双机高可用的配置方案：

1）机器环境

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26

主机名            ip地址           dns01.kevin.cn   192.168.10.202   dns02.kevin.cn   192.168.10.203   VIP地址：192.168.10.190     两台机器做好主机名及hosts绑定 [root@dns01 ~]# vim /etc/hosts ...... 192.168.10.202   dns01.kevin.cn 192.168.10.203   dns02.kevin.cn 192.168.10.190   dns.kevin.cn         四台机器都是centos6.9系统 [root@dns01 ~]# cat /etc/redhat-release CentOS release 6.9 (Final)     关闭四台机器的iptables和selinux [root@dns01 ~]# /etc/init.d/iptables stop [root@dns01 ~]# setenforce 0 [root@dns01 ~]# vim /etc/sysconfig/selinux ...... SELINUX=disabled     同步四台机器的系统时间 [root@dns01 ~]# yum install -y ntpdate [root@dns01 ~]# ntpdate ntp1.aliyun.com

2）安装namedmanager（在192.168.10.202和192.168.10.203两台机器上同样操作）

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42

[root@dns01 ~]# yum install perl httpd mod_ssl mysql-server php php-intl php-ldap php-mysql php-soap php-xml   修改/etc/httpd/conf/httpd.conf ....... ServerName dns.kevin.cn:80   [root@dns01 ~]# service mysqld start [root@dns01 ~]# service httpd start [root@dns01 ~]# lsof -i:3306 [root@dns01 ~]# lsof -i:80   [root@dns01 ~]# chkconfig mysqld on [root@dns01 ~]# chkconfig httpd on   [root@dns02 ~]# mysqladmin -u root password 123456 [root@dns02 ~]# mysql -p123456                      #验证下是否能登录进去   下载并安装namedmanager [root@dns01 ~]# cd /usr/local/src/ [root@dns01 src]# wget http://repos.jethrocarr.com/pub/amberdms/linux/centos/6/amberdms-custom/i386/namedmanager-www-1.8.0-1.el6.noarch.rpm [root@dns01 src]# rpm -Uvh namedmanager-www-1.8.0-1.el6.noarch.rpm --force [root@dns01 src]# cd /usr/share/namedmanager/resources/ [root@dns01 resources]# ./autoinstall.pl autoinstall.pl   This script setups the NamedManager database components:  * NamedManager MySQL user               #默认会创建登录Mysql的用户名NamedManager  * NamedManager database                 #默认会创建NamedManager数据库名  * NamedManager configuration files      #默认会创建NamedManager的配置文件   THIS SCRIPT ONLY NEEDS TO BE RUN FOR THE VERY FIRST INSTALL OF NAMEDMANAGER. DO NOT RUN FOR ANY OTHER REASON   Please enter MySQL root password (if any): 123456               #输入上面设置的mysql密码 Searching ../sql/ for latest install schema... ../sql//version_20131222_install.sql is the latest file and will be used for the install. Importing file ../sql//version_20131222_install.sql Creating user... Updating configuration file... DB installation complete!   You can now login with the default username/password of setup/setup123 at http://localhost/namedmanager

3）安装和配置bind9（在192.168.10.202和192.168.10.203两台机器上同样操作）

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97

[root@dns01 ~]# cd /usr/local/src/ [root@dns01 src]# yum install bind php-process [root@dns01 src]# wget http://repos.jethrocarr.com/pub/amberdms/linux/centos/6/amberdms-custom/i386/namedmanager-bind-1.8.0-1.el6.noarch.rpm [root@dns01 src]# rpm -Uvh namedmanager-bind-1.8.0-1.el6.noarch.rpm --force   修改/etc/named.conf [root@dns01 src]# cp /etc/named.conf /etc/named.conf.bak [root@dns01 src]# vim /etc/named.conf options {         listen-on port 53 { any; };         directory "/var/named";         dump-file       "/var/named/data/cache_dump.db";         statistics-file "/var/named/data/named_stats.txt";         memstatistics-file "/var/named/data/named_mem_stats.txt";         allow-query     { any; };         allow-query-cache     { any; };         recursion yes;         forward first;         forwarders {             223.5.5.5;             223.6.6.6;             8.8.8.8;             8.8.4.4;           };            dnssec-enable yes;         dnssec-validation yes;         dnssec-lookaside auto;            bindkeys-file "/etc/named.iscdlv.key";         managed-keys-directory "/var/named/dynamic";            };     logging {                                   channel default_debug {         file "data/named.run";         severity dynamic;         }; };     zone "." {         type hint;              file "named.ca";         };     include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; include "/etc/named.namedmanager.conf";   启动named服务 [root@dns01 src]# service named start Generating /etc/rndc.key:                                  [  OK  ] Starting named:                                            [  OK  ]   -------------------------------------------------------------------------- 上面已经提前关闭了iptables和selinux。 如果防火墙打开了，则需要开启下面策略： [root@dns01 src]# iptables -F [root@dns01 src]# iptables -P INPUT DROP [root@dns01 src]# iptables -P FORWARD DROP [root@dns01 src]# iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT [root@dns01 src]# iptables -A INPUT -i lo -p all -j ACCEPT [root@dns01 src]# iptables -A INPUT -p icmp -j ACCEPT [root@dns01 src]# iptables -A INPUT -p tcp --dport 22 -j ACCEPT [root@dns01 src]# iptables -A INPUT -p tcp --dport 53 -j ACCEPT [root@dns01 src]# iptables -A INPUT -p udp --dport 53 -j ACCEPT [root@dns01 src]# iptables -A INPUT -p tcp --dport 80 -j ACCEPT [root@dns01 src]# iptables -A INPUT -p tcp --dport 443 -j ACCEPT --------------------------------------------------------------------------   禁用IPV6。添加域名记录（正向解析与反向解析）。设置开机启动服务，并重启服务器。 [root@dns01 src]# vim /etc/modprobe.d/dist.conf ....... alias net-pf-10 off alias ipv6 off chkconfig ip6tables off   [root@dns01 src]# chkconfig httpd on [root@dns01 src]# chkconfig mysqld on [root@dns01 src]# chkconfig named on [root@dns01 src]# init 6                     #重启机器   重启之后，登录机器验证下httpd、mysqld和named服务是否如实开机启动了 [root@dns01 ~]# ps -ef|grep mysql [root@dns01 ~]# ps -ef|grep http [root@dns01 ~]# ps -ef|grep named   测试登录mysql [root@dns01 ~]# mysql -p123456 ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) [root@dns01 ~]# ll /var/lib/mysql/mysql.sock ls: cannot access /var/lib/mysql/mysql.sock: No such file or directory [root@dns01 ~]# ln -s /usr/local/mysql/var/mysql.sock /var/lib/mysql/mysql.sock [root@dns01 ~]# ll /var/lib/mysql/mysql.sock lrwxrwxrwx. 1 root root 31 Jun  1 17:14 /var/lib/mysql/mysql.sock -> /usr/local/mysql/var/mysql.sock [root@dns01 ~]# mysql -p123456         #这时就能顺利登录mysql数据库了

4）安装keepalived（192.168.10.202和192.168.10.203两台机器上同样操作）

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261

[root@dns01 ~]# cd /usr/local/src/ [root@dns01 src]# wget http://www.keepalived.org/software/keepalived-1.3.2.tar.gz [root@dns01 src]# tar -zvxf keepalived-1.3.2.tar.gz [root@dns01 src]# cd keepalived-1.3.2 [root@dns01 keepalived-1.3.2]# ./configure && make && make install [root@dns01 keepalived-1.3.2]# cp /usr/local/src/keepalived-1.3.2/keepalived/etc/init.d/keepalived /etc/rc.d/init.d/ [root@dns01 keepalived-1.3.2]# cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/ [root@dns01 keepalived-1.3.2]# mkdir /etc/keepalived [root@dns01 keepalived-1.3.2]# cp /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/ [root@dns01 keepalived-1.3.2]# cp /usr/local/sbin/keepalived /usr/sbin/ [root@dns01 keepalived-1.3.2]# echo "/etc/init.d/keepalived start" >> /etc/rc.local   keepalived.conf配置 ------------------------------------------ 192.168.10.202机器的keepalived.conf配置 [root@dns01 ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak [root@dns01 ~]# vim /etc/keepalived/keepalived.conf ! Configuration File for keepalived     #全局定义     global_defs { notification_email { ops@kevin.cn }     notification_email_from ops@kevin.cn smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id master-node }     vrrp_script chk_http_port {     script "/opt/chk_http.sh"     interval 2     weight -5     fall 2     rise 1 }     vrrp_instance VI_1 {     state MASTER     interface eth0     mcast_src_ip 192.168.10.202     virtual_router_id 51     priority 101     advert_int 1     authentication {         auth_type PASS         auth_pass 1111     }     virtual_ipaddress {         192.168.10.190     }    track_script {    chk_http_port } }   编写httpd监控脚本 [root@dns01 ~]# vim /opt/chk_http.sh #!/bin/bash counter=$(netstat -na|grep "LISTEN"|grep "80"|wc -l) if [ "${counter}" = "0" ]; then        service httpd start >/dev/null 2>&1     sleep 2     counter=$(netstat -na|grep "LISTEN"|grep "80"|wc -l)     if [ "${counter}" = "0" ]; then        /etc/init.d/keepalived stop     fi fi   必须要给此脚本授予执行权限 [root@dns01 ~]# chmod 755 /opt/chk_http.sh   ----------------------------------------- 192.168.10.203机器的keepalived.conf配置 [root@dns02 ~]# cp /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.bak [root@dns02 ~]# vim /etc/keepalived/keepalived.conf ! Configuration File for keepalived        global_defs { notification_email {                ops@kevin.cn                     }     notification_email_from ops@kevin.cn  smtp_server 127.0.0.1                    smtp_connect_timeout 30                 router_id slave-node                    }     vrrp_script chk_http_port {             script "/opt/chk_http.sh"       interval 2                          weight -5                           fall 2                       rise 1                  }     vrrp_instance VI_1 {                state BACKUP               interface eth0                mcast_src_ip 192.168.10.203     virtual_router_id 51            priority 99                   advert_int 1                   authentication {                    auth_type PASS                 auth_pass 1111              }     virtual_ipaddress {                192.168.10.190     }    track_script {                        chk_http_port                 }    }   编写httpd监控脚本 [root@dns02 ~]# vim /opt/chk_http.sh #!/bin/bash counter=$(netstat -na|grep "LISTEN"|grep "80"|wc -l) if [ "${counter}" = "0" ]; then        service httpd start >/dev/null 2>&1     sleep 2     counter=$(netstat -na|grep "LISTEN"|grep "80"|wc -l)     if [ "${counter}" = "0" ]; then        /etc/init.d/keepalived stop     fi fi   必须要给此脚本授予执行权限 [root@dns02 ~]# chmod 755 /opt/chk_http.sh   ----------------------------------------------------- 分别启动两台机器的keepalived服务 [root@dns01 ~]# /etc/init.d/keepalived start [root@dns01 ~]# ps -ef|grep keep   [root@dns02 ~]# /etc/init.d/keepalived start [root@dns02 ~]# ps -ef|grep keepalived   检查两台机器的ip，发现vip此时已经漂到192.168.10.202这台机器上 [root@dns01 ~]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00     inet 127.0.0.1/8 scope host lo     inet6 ::1/128 scope host        valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000     link/ether 52:54:00:6f:a5:e3 brd ff:ff:ff:ff:ff:ff     inet 192.168.10.202/24 brd 192.168.10.255 scope global eth0     inet 192.168.10.190/32 scope global eth0     inet6 fe80::5054:ff:fe6f:a5e3/64 scope link        valid_lft forever preferred_lft forever   [root@dns02 ~]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00     inet 127.0.0.1/8 scope host lo     inet6 ::1/128 scope host        valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000     link/ether 52:54:00:e2:01:9b brd ff:ff:ff:ff:ff:ff     inet 192.168.10.203/24 brd 192.168.10.255 scope global eth0     inet6 fe80::5054:ff:fee2:19b/64 scope link        valid_lft forever preferred_lft forever   ------------------------------------------------- 测试下故障转移 先关闭192.168.10.202机器的httpd程序，发现关闭后会很快重启起来（最多2秒钟），这是因为keepalived程序里引用了/opt/chk_http.sh监控脚本。 同样关闭192168.10.203机器的httpd程序，也是很快重启起来。 根据/opt/chk_httpd.sh脚本可知，httpd程序挂掉后会自动重启，只有当httpd程序重启失败后，才会强制kill掉keepalived服务，这时vip也会转移到另一台节点。 [root@dns01 keepalived]# killall -9 httpd [root@dns01 keepalived]# ps -ef|grep http root     23661 23660  0 21:30 ?        00:00:00 /bin/bash /opt/chk_http.sh root     23682     1  1 21:30 ?        00:00:00 /usr/sbin/httpd apache   23685 23682  0 21:30 ?        00:00:00 /usr/sbin/httpd apache   23686 23682  0 21:30 ?        00:00:00 /usr/sbin/httpd apache   23687 23682  0 21:30 ?        00:00:00 /usr/sbin/httpd apache   23688 23682  0 21:30 ?        00:00:00 /usr/sbin/httpd apache   23689 23682  0 21:30 ?        00:00:00 /usr/sbin/httpd apache   23690 23682  0 21:30 ?        00:00:00 /usr/sbin/httpd apache   23691 23682  0 21:30 ?        00:00:00 /usr/sbin/httpd apache   23692 23682  0 21:30 ?        00:00:00 /usr/sbin/httpd root     23694 21411  0 21:30 pts/1    00:00:00 grep http   在测试关闭192.168.10.202机器的keepalived服务，发现vip资源会自动漂移到192.168.10.203机器上。 当192.168.10.202机器的keepalived服务恢复后，vip资源会再次转移回来。 [root@dns01 ~]# /etc/init.d/keepalived stop [root@dns01 ~]# ps -ef|grep keeplived root     24854 21411  0 21:36 pts/1    00:00:00 grep keeplived [root@dns01 ~]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00     inet 127.0.0.1/8 scope host lo     inet6 ::1/128 scope host        valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000     link/ether 52:54:00:6f:a5:e3 brd ff:ff:ff:ff:ff:ff     inet 192.168.10.202/24 brd 192.168.10.255 scope global eth0     inet6 fe80::5054:ff:fe6f:a5e3/64 scope link        valid_lft forever preferred_lft forever   [root@dns02 ~]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00     inet 127.0.0.1/8 scope host lo     inet6 ::1/128 scope host        valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000     link/ether 52:54:00:e2:01:9b brd ff:ff:ff:ff:ff:ff     inet 192.168.10.203/24 brd 192.168.10.255 scope global eth0     inet 192.168.10.190/32 scope global eth0     inet6 fe80::5054:ff:fee2:19b/64 scope link        valid_lft forever preferred_lft forever   可以查看两台机器的/var/log/messages日志，可以看到vip资源的转移过程。   [root@dns01 ~]# /etc/init.d/keepalived start Starting keepalived:                                       [  OK  ] [root@dns01 ~]# ps -ef|grep keepalived root     24877     1  0 21:37 ?        00:00:00 keepalived -D root     24878 24877  0 21:37 ?        00:00:00 keepalived -D root     24879 24877  0 21:37 ?        00:00:00 keepalived -D root     24939 21411  0 21:38 pts/1    00:00:00 grep keepalived   192.168.10.202机器的keepalived服务恢复后，vip资源会再次转移回来。 [root@dns01 ~]# /etc/init.d/keepalived start Starting keepalived:                                       [  OK  ] [root@dns01 ~]# ps -ef|grep keepalived root     24877     1  0 21:37 ?        00:00:00 keepalived -D root     24878 24877  0 21:37 ?        00:00:00 keepalived -D root     24879 24877  0 21:37 ?        00:00:00 keepalived -D root     24939 21411  0 21:38 pts/1    00:00:00 grep keepalived [root@dns01 ~]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00     inet 127.0.0.1/8 scope host lo     inet6 ::1/128 scope host        valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000     link/ether 52:54:00:6f:a5:e3 brd ff:ff:ff:ff:ff:ff     inet 192.168.10.202/24 brd 192.168.10.255 scope global eth0     inet 192.168.10.190/32 scope global eth0     inet6 fe80::5054:ff:fe6f:a5e3/64 scope link        valid_lft forever preferred_lft forever   [root@dns02 ~]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00     inet 127.0.0.1/8 scope host lo     inet6 ::1/128 scope host        valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000     link/ether 52:54:00:e2:01:9b brd ff:ff:ff:ff:ff:ff     inet 192.168.10.203/24 brd 192.168.10.255 scope global eth0     inet6 fe80::5054:ff:fee2:19b/64 scope link        valid_lft forever preferred_lft forever

5）配置namedmanager（两台机器都要操作）

1 2 3 4 5 6

[root@dns01 ~]# cp /etc/namedmanager/config-bind.php /etc/namedmanager/config-bind.php.bak [root@dns01 ~]# vim /etc/namedmanager/config-bind.php ...... $config["api_url"]      = "http://192.168.10.190/namedmanager"; $config["api_server_name"]  = "dns.kevin.cn"; $config["api_auth_key"]     = "DNS";

6）配置两台机器的mysql主主关系

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203

首先确保两台机器能使用上面创建的NamedManager用户名和123456密码登录，如果登录不了，则访问NamedManager界面时会失败。 [root@dns02 ~]# mysql -hlocalhost -uNamedManager -p123456 ERROR 1045 (28000): Access denied for user 'NamedManager'@'localhost' (using password: YES)   这就需要授权mysql登录 [root@dns01 ~]# mysql -p123456 ....... mysql> grant all on *.* to NamedManager@192.168.10.202 identified by "123456"; Query OK, 0 rows affected (0.11 sec)   mysql> grant all on *.* to NamedManager@localhost identified by "123456"; Query OK, 0 rows affected (0.02 sec)   mysql> flush privileges; Query OK, 0 rows affected (0.04 sec)   验证登录 [root@dns01 ~]# mysql -hlocalhost -uNamedManager -p123456 ...... mysql>   ------------------------------------------------------------- 192.168.10.202机器上的mysql设置 [root@dns01 ~]# cp /etc/my.cnf /etc/my.cnf.bak [root@dns01 ~]# vim /etc/my.cnf                  #在[mysqld]区域里添加下面几行内容 ...... server-id = 1         log-bin = mysql-bin     sync_binlog = 1 binlog_format = mixed auto-increment-increment = 2     auto-increment-offset = 1    slave-skip-errors = all   重启mysqld服务 [root@dns01 log]# /etc/init.d/mysqld restart Stopping mysqld:                                           [  OK  ] Starting mysqld:                                           [  OK  ]   数据同步授权,这样I/O线程就可以以这个用户的身份连接到主服务器，并且读取它的二进制日志。 [root@dns01 log]# mysql -p123456 ...... mysql> grant replication slave,replication client on *.* to kevin@'192.168.10.%' identified by "kevin@123"; mysql> flush privileges;   最好将库锁住，仅仅允许读，以保证数据一致性；待主主同步环境部署后再解锁； 锁住后，就不能往表里写数据，但是重启mysql服务后就会自动解锁！ mysql> flush tables with read lock; mysql> show master status; +------------------+----------+--------------+------------------+ | File             | Position | Binlog_Do_DB | Binlog_Ignore_DB | +------------------+----------+--------------+------------------+ | mysql-bin.000001 |      365 |              |                  | +------------------+----------+--------------+------------------+ 1 row in set (0.00 sec)   -------------------------------------------------------------------- 192.168.10.203机器上的mysql设置 [root@dns02 ~]# cp /etc/my.cnf /etc/my.cnf.bak [root@dns02 ~]# vim /etc/my.cnf ....... server-id = 2        log-bin = mysql-bin    sync_binlog = 1 binlog_format = mixed auto-increment-increment = 2     auto-increment-offset = 2    slave-skip-errors = all   [root@dns02 ~]# /etc/init.d/mysqld restart Stopping mysqld:                                           [  OK  ] Starting mysqld:                                           [  OK  ]   [root@dns02 ~]# mysql -p123456 ....... mysql> grant replication slave,replication client on *.* to kevin@'192.168.10.%' identified by "kevin@123"; mysql> flush privileges; mysql> flush tables with read lock; mysql> show master status; +------------------+----------+--------------+------------------+ | File             | Position | Binlog_Do_DB | Binlog_Ignore_DB | +------------------+----------+--------------+------------------+ | mysql-bin.000001 |      365 |              |                  | +------------------+----------+--------------+------------------+ 1 row in set (0.00 sec)   ---------------192.168.10.202服务器做同步操作--------------- mysql> unlock tables; Query OK, 0 rows affected (0.00 sec)   mysql> slave stop; Query OK, 0 rows affected, 1 warning (0.00 sec)   mysql> change  master to master_host='192.168.10.203',master_user='kevin',master_password='kevin@123',master_log_file='mysql-bin.000001',master_log_pos=365; Query OK, 0 rows affected (0.20 sec)   mysql> start slave; Query OK, 0 rows affected (0.00 sec)   mysql> show slave status \G; ....... *************************** 1. row ***************************                Slave_IO_State: Waiting for master to send event                   Master_Host: 192.168.10.203                   Master_User: kevin                   Master_Port: 3306                 Connect_Retry: 60               Master_Log_File: mysql-bin.000001           Read_Master_Log_Pos: 365                Relay_Log_File: mysqld-relay-bin.000002                 Relay_Log_Pos: 251         Relay_Master_Log_File: mysql-bin.000001              Slave_IO_Running: Yes             Slave_SQL_Running: Yes ....... .......   ---------------192.168.10.203服务器做同步操作--------------- mysql> unlock tables; Query OK, 0 rows affected (0.00 sec)   mysql> slave stop; Query OK, 0 rows affected, 1 warning (0.00 sec)   mysql> change  master to master_host='192.168.10.202',master_user='kevin',master_password='kevin@123',master_log_file='mysql-bin.000001',master_log_pos=365; Query OK, 0 rows affected (0.18 sec)   mysql> start slave; Query OK, 0 rows affected (0.00 sec)   mysql> show slave status \G; *************************** 1. row ***************************                Slave_IO_State: Waiting for master to send event                   Master_Host: 192.168.10.202                   Master_User: kevin                   Master_Port: 3306                 Connect_Retry: 60               Master_Log_File: mysql-bin.000001           Read_Master_Log_Pos: 365                Relay_Log_File: mysqld-relay-bin.000002                 Relay_Log_Pos: 251         Relay_Master_Log_File: mysql-bin.000001              Slave_IO_Running: Yes             Slave_SQL_Running: Yes ....... .......   到这里，192.168.10.202和192.168.10.203两台机器的mysql主主关系就配置成功了。下面测试下： 首先在192.168.10.202的mysql数据库上添加数据： [root@dns01 log]# mysql -p123456 ..... mysql> show databases; +--------------------+ | Database           | +--------------------+ | information_schema | | mysql              | | namedmanager       | | test               | +--------------------+ 4 rows in set (0.00 sec)   mysql> create database kevin; Query OK, 1 row affected (0.04 sec)   然后到192.168.10.203机器的mysql数据库上验证并变更数据 [root@dns02 ~]# mysql -p123456 ....... mysql> show databases; +--------------------+ | Database           | +--------------------+ | information_schema | | kevin              | | mysql              | | namedmanager       | | test               | +--------------------+ 5 rows in set (0.00 sec)   mysql> drop database kevin; Query OK, 0 rows affected (0.03 sec)   mysql> create database bobo; Query OK, 1 row affected (0.08 sec)   再到192.168.10.202机器的mysql数据库上验证 [root@dns01 log]# mysql -p123456 ...... mysql> show databases; +--------------------+ | Database           | +--------------------+ | information_schema | | bobo               | | mysql              | | namedmanager       | | test               | +--------------------+ 5 rows in set (0.00 sec)   mysql> drop database bobo; Query OK, 0 rows affected (0.05 sec)

7）在192.168.10.202和12.168.10.203两台机器上配置相关数据的同步关系。 

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58

先做好两台机器的ssh相互信任关系。 [root@dns01 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub '-p22 root@192.168.10.203' [root@dns02 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub '-p22 root@192.168.10.202'   验证两机之间的ssh互信 [root@dns01 ~]# ssh -p22 root@192.168.10.203 [root@dns02 ~]#   [root@dns02 httpd]# ssh -p22 root@192.168.10.202 [root@dns01 ~]#   ------------------------------------------------------------ 现在192.168.10.202机器上做同步，判断VIP资源是否存在本机，如果存在就同步到另一台机器上。 [root@dns01 ~]# vim /opt/rsync_dns.sh #!/bin/bash while [ "1" = "1" ] do   NUM=`ip addr|grep 192.168.10.190|wc -l`   if [ $NUM -eq 0 ];then      echo "vip is not at this server" >/dev/null 2>&1   fi      if [ $NUM -eq 1 ];then      /usr/bin/rsync -e "ssh -p22" -avpgolr /etc/named.conf root@192.168.10.203:/etc/      /usr/bin/rsync -e "ssh -p22" -avpgolr /var/named/*.zone root@192.168.10.203:/var/named/   fi done   授予脚本执行权限，并启动脚本 [root@dns01 ~]# chmod 755 /opt/rsync_dns.sh [root@dns01 ~]# nohup sh /opt/rsync_dns.sh & [root@dns01 ~]# ps -ef|grep rsync_dns.sh root      6310 21411  0 22:33 pts/1    00:00:00 sh /opt/rsync_dns.sh root      6508 21411  0 22:33 pts/1    00:00:00 grep rsync_dns.sh   ----------------------------------------------------------------- 然后在192.168.10.203机器上做同步： [root@dns02 httpd]# vim /opt/rsync_dns.sh #!/bin/bash while [ "1" = "1" ] do   NUM=`ip addr|grep 192.168.10.190|wc -l`   if [ $NUM -eq 0 ];then      echo "vip is not at this server" >/dev/null 2>&1   fi      if [ $NUM -eq 1 ];then      /usr/bin/rsync -e "ssh -p22" -avpgolr /etc/named.conf root@192.168.10.202:/etc/      /usr/bin/rsync -e "ssh -p22" -avpgolr /var/named/*.zone root@192.168.10.202:/var/named/   fi done   授予脚本执行权限，并启动脚本 [root@dns02 httpd]# chmod 755 /opt/rsync_dns.sh [root@dns02 httpd]# nohup sh /opt/rsync_dns.sh & [root@dns02 httpd]# ps -ef|grep rsync_dns.sh root     12578  5466  0 22:35 pts/1    00:00:00 grep rsync_dns.sh root     32124  5466  8 22:35 pts/1    00:00:00 sh /opt/rsync_dns.sh

8）访问namedmanager（https://192.168.10.190/namedmanager）进行界面配置。（由于此时vip资源在192.168.10.202机器上，故配置信息从192.168.10.202机器同步到192.168.10.203机器）。默认用户名和密码（setup，setup123）。不要忘记在用户管理中修改用户名和密码。

重置管理员用户名和密码（由于两台服务器的mysql做了主主关系，修改后的信息同样会同步到另一台机器的mysql数据库里，即修改后的管理员账号密码同样适用于另一台机器的namedmanager登录）

接着设置API key（如下图。设置邮箱地址和API key，这个key是在上面的/etc/namedmanager/config-bind.php文件中设置的） 

添加服务器。Name Server FQDN的名称要和httpd中的ServerName一致。（如下添加部署机的主机名或者ip地址都可以）

确保下面的"Zonefile Status"和"Logging Status"的状态是绿色的。

添加正向域名解析

添加反向域名解析（如果有多个ip段的客户机，那么就如下图添加多个反向解析配置）

查看正反向解析域名添加情况

上面已经成功添加了正反向解析域名，现在尝试添加一些域名的A记录和PTR记录
先添加A正向解析记录

由于上面在添加A正向解析的时候，已经勾选了PTR反向解析（如果没有勾选，则需要手动添加PTR反向解析记录），故这时候已经有了上面那几个域名的反向解析记录了：

如上，已经添加了几个正反向解析记录，可以访问https://192.168.10.203/namedmanager，发现访问另一台机器的namedmanager（使用上面重置后的admin用户）也会看到上面设置的正反向解析配置信息。这就说明双机同步已经生效。

可以登录到两台机器本机上查看相关的正反向解析配置：

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99

[root@dns01 ~]# cd /var/named/ [root@dns01 named]# ll total 36 -rw-r--r--. 1 root  root   614 Jun  3 23:42 10.168.192.in-addr.arpa.zone drwxrwx---. 2 named named 4096 Jun  3 03:21 data drwxrwx---. 2 named named 4096 Jun  3 23:05 dynamic -rw-r--r--. 1 root  root   575 Jun  3 23:42 kevin.cn.zone -rw-r-----. 1 root  named 3289 Apr 11  2017 named.ca -rw-r-----. 1 root  named  152 Dec 15  2009 named.empty -rw-r-----. 1 root  named  152 Jun 21  2007 named.localhost -rw-r-----. 1 root  named  168 Dec 15  2009 named.loopback drwxrwx---. 2 named named 4096 Jan 22 20:57 slaves   [root@dns01 ~]# cat /etc/named.namedmanager.conf // // NamedManager Configuration // // This file is automatically generated any manual changes will be lost. // zone "kevin.cn" IN {     type master;     file "kevin.cn.zone";     allow-update { none; }; }; zone "10.168.192.in-addr.arpa" IN {     type master;     file "10.168.192.in-addr.arpa.zone";     allow-update { none; }; };   [root@dns01 named]# cat kevin.cn.zone $ORIGIN kevin.cn. $TTL 120 @       IN SOA dns.kevin.cn. wangshbo.veredholdings.com. (             2018060311 ; serial             21600 ; refresh             3600 ; retry             604800 ; expiry             120 ; minimum ttl         )    ; Nameservers    kevin.cn.   86400 IN NS dns.kevin.cn.    ; Mailservers       ; Reverse DNS Records (PTR)       ; CNAME       ; HOST RECORDS    db01    120 IN A 192.168.10.239 db02    120 IN A 192.168.10.212 dns 120 IN A 192.168.10.190 dns01   120 IN A 192.168.10.202 dns02   120 IN A 192.168.10.203 ftp01   120 IN A 192.168.10.209 nc-app  120 IN A 192.168.10.210 web01   120 IN A 192.168.10.214 web02   120 IN A 192.168.10.215 [root@dns01 named]# cat 10.168.192.in-addr.arpa.zone $ORIGIN 10.168.192.in-addr.arpa. $TTL 120 @       IN SOA dns.kevin.cn. wangshbo.veredholdings.com. (             2018060310 ; serial             21600 ; refresh             3600 ; retry             604800 ; expiry             120 ; minimum ttl         )    ; Nameservers    10.168.192.in-addr.arpa.    86400 IN NS dns.kevin.cn.    ; Mailservers       ; Reverse DNS Records (PTR)    190 120 IN PTR dns.kevin.cn. 202 120 IN PTR dns01.kevin.cn. 203 120 IN PTR dns02.kevin.cn. 209 120 IN PTR ftp01.kevin.cn. 210 120 IN PTR nc-app.kevin.cn. 212 120 IN PTR db02.kevin.cn. 214 120 IN PTR web01.kevin.cn. 215 120 IN PTR web02.kevin.cn. 239 120 IN PTR db01.kevin.cn.    ; CNAME       ; HOST RECORDS

9）客户机的DNS配置

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71

root@localhost ~]# ifconfig|grep 192           inet addr:192.168.10.207  Bcast:192.168.10.255  Mask:255.255.255.0   [root@localhost ~]# vim /etc/resolv.conf domain kevin.cn search kevin.cn nameserver 192.168.10.190   [root@localhost ~]# ping www.baidu.com PING www.a.shifen.com (61.135.169.121) 56(84) bytes of data. 64 bytes from 61.135.169.121: icmp_seq=1 ttl=55 time=2.23 ms 64 bytes from 61.135.169.121: icmp_seq=2 ttl=55 time=2.71 ms 64 bytes from 61.135.169.121: icmp_seq=1 ttl=55 time=2.23 ms 64 bytes from 61.135.169.121: icmp_seq=2 ttl=55 time=2.71 ms ...... ......   [root@localhost ~]# ping ftp01.kevin.cn PING ftp01.kevin.cn (192.168.10.209) 56(84) bytes of data. 64 bytes from ftp01.kevin.cn (192.168.10.209): icmp_seq=1 ttl=64 time=1.25 ms 64 bytes from ftp01.kevin.cn (192.168.10.209): icmp_seq=2 ttl=64 time=0.121 ms   [root@localhost ~]# ping db02.kevin.cn PING db02.kevin.cn (192.168.10.212) 56(84) bytes of data. 64 bytes from db02.kevin.cn (192.168.10.212): icmp_seq=1 ttl=64 time=0.408 ms 64 bytes from db02.kevin.cn (192.168.10.212): icmp_seq=2 ttl=64 time=0.199 ms   故障切换验证： 关闭192.168.10.202上的keepalived服务，当vip资源切换到192.168.10.203机器上后， 再次在客户机上测试   [root@dns01 ~]# /etc/init.d/keepalived stop Stopping keepalived:                                       [  OK  ] [root@dns01 ~]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00     inet 127.0.0.1/8 scope host lo     inet6 ::1/128 scope host        valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000     link/ether 52:54:00:6f:a5:e3 brd ff:ff:ff:ff:ff:ff     inet 192.168.10.202/24 brd 192.168.10.255 scope global eth0     inet6 fe80::5054:ff:fe6f:a5e3/64 scope link        valid_lft forever preferred_lft forever   [root@dns02 ~]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00     inet 127.0.0.1/8 scope host lo     inet6 ::1/128 scope host        valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000     link/ether 52:54:00:e2:01:9b brd ff:ff:ff:ff:ff:ff     inet 192.168.10.203/24 brd 192.168.10.255 scope global eth0     inet 192.168.10.190/32 scope global eth0     inet6 fe80::5054:ff:fee2:19b/64 scope link        valid_lft forever preferred_lft forever   当vip资源转移到另一台机器后，客户机上的DNS就会继续生效了。 [root@localhost ~]# ping www.qq.com PING news.qq.com (125.39.52.26) 56(84) bytes of data. 64 bytes from no-data (125.39.52.26): icmp_seq=1 ttl=52 time=4.32 ms 64 bytes from no-data (125.39.52.26): icmp_seq=2 ttl=52 time=4.15 ms   [root@localhost ~]# ping web02.kevin.cn PING web02.kevin.cn (192.168.10.215) 56(84) bytes of data. 64 bytes from web02.kevin.cn (192.168.10.215): icmp_seq=1 ttl=64 time=2.14 ms 64 bytes from web02.kevin.cn (192.168.10.215): icmp_seq=2 ttl=64 time=0.143 ms   如果上面不做两台机器的mysql主主以及那些dns相关同步配置，那么要想实现主机高可用（提供统一的vip访问地址），就需要将DNS的解析配置在192.168.10.202和192.168.10.203 两台机器的namedmanager界面里同样操作，即每次都要操作两遍。

*************** 当你发现自己的才华撑不起野心时，就请安静下来学习吧！***************