配置高可用性虚拟机

1、配置高可用性虚拟机(草稿)汤进软件RedHat 4.8 drbd-8.3.5heartbeat-2.1.3iscsitarget-0.4.17(VMESI5.0 ) HF0FD-F8155-5Z9C1-0L37M-03T1Z存储主机名称硬盘参数分区名称大小作用NAS02SCSI(1) 20G/dev/sda1/boot/dev/sda2/dev/sda3Linux swapSCSI(2)4G/dev/sdb1drbd0(Iscsi-target共享)SCSI(3)20G/dev/sdc1drbd1共享存储网络主机名称地址作用网卡交换机NAS011/24对上提供存储服务

2、,分别接不同的交换机Eth0VNet1(hostonly)Eth1VNet1(hostonly)1/24与对应的节点作Heartbeat心跳,和DRBD数据传输Eth2 VNet2(hostonly)Eth3VNet2(hostonly)NAS022/24对上提供存储服务,分别接不同的交换机Eth0VNet1(hostonly)Eth1VNet1(hostonly)2/24与对应的节点作Heartbeat心跳,和DRBD数据传输Eth2VNet2(hostonly)Eth3 VNet(hostonly)VM01

3、28/24作为Iscsi适配器数据传输(iSCSI1,iSCSI2)VNET129/24VNET128对外提供地址服务VNet3VM0238/24VNet139/24VNet138VNet3双方授权保证两台计算互相授信，拷贝文件不需要输入口令cd ssh-keygen -t rsa /生成密钥将id_rsa.pub拷贝到对方计算机相应目录并重新命名为authorized_keysscp id_rsa.pub rootNAS02:/root/.ssh/authorized_k

4、eys网卡绑定在/etc/sysconfig/network-scripts目录下创建文件ifcfg-bond0DEVICE=bond0BOOTPROTO=noneONBOOT=yesTYPE=EthernetIPIPADDR=1NETMASK=USERCTL=no编辑ifcfg-eth0DEVICE=eth0BOOTPROTO=noneONBOOT=yesTYPE=EthernetIPMASTER=bond0SLAVE=yesUSERCTL=no编辑ifcfg-eth1DEVICE=eth1BOOTPROTO=noneONBOOT=yesT

5、YPE=EthernetIPMASTER=bond0SLAVE=yesUSERCTL=no修改系统配置文件/etc/modprobe.conf在文件尾部加入alias bond0 bondingoptions bond0 miimon=100 mode=1 primary=eth0 /mode=1主备工作, 0负载均衡,miimon监测时间加入启动项,修改/etc/rc.d/rc.localifenslave bond0 eth0 eth1#modprobe bonding miimon=100 mode=1重启网络服务service network restart查看配置状态more /pr

6、oc/net/bonding/bond0Ethernet Channel Bonding Driver: v2.6.3-rh (June 8, 2005)Bonding Mode: fault-tolerance (active-backup)Primary Slave: eth0Currently Active Slave: eth0MII Status: upMII Polling Interval (ms): 100Up Delay (ms): 0Down Delay (ms): 0Slave Interface: eth0MII Status: upLink Failure Count

7、: 0Permanent HW addr: 00:0c:29:4d:2a:b8Slave Interface: eth1MII Status: upLink Failure Count: 0Permanent HW addr: 00:0c:29:4d:2a:c2添加第二个网卡绑定拷贝ifcfg-bond0到ifcfg-bond1并修改ifcfg-bond1cp /etc/sysconfig/network-scripts/ifcfg-bond0 /etc/sysconfig/network-scripts/ifcfg-bond1DEVICE=bond1BOOTPROTO=noneONBOOT=

8、yesTYPE=EthernetIPIPADDR=1NETMASK=USERCTL=noIPV6INIT=no修改ifcfg-eth2DEVICE=eth2ONBOOT=yesBOOTPROTO=noneHWADDR=00:0C:29:4D:2A:CCTYPE=EthernetMASTER=bond1SLAVE=yesUSERCTRL=no修改ifcfg-eth3DEVICE=eth3ONBOOT=yesBOOTPROTO=noneHWADDR=00:0C:29:4D:2A:D6TYPE=EthernetMASTER=bond1SLAVE=yes修改/

9、etc/modprobe.confalias bond0 bondingoptions bond0 miimon=100 mode=1 primary=eth0 max_bonds=2alias bond1 bondingoptions bond1 miimon=100 mode=1 primary=eth2 max_bonds=2注意：需要加入max_bonds参数为2，否则提示bond1不存在。修改/etc/rc.d/rc.local添加ifenslave bond1 eth2 eth3安装NAS02修改系统名称修改/etc/sysconfig/networkNETWORKING=yesH

10、OSTNAME=NAS02修改/etc/hosts NAS01 NAS01创建分区fdisk -lfdisk /dev/sdb ( n p 1 . w)fdisk /dev/sdcfdisk -l安装DRBD拷贝drbd-8.3.5.tar.gz 到/tmp并解压文件tar -zxvf drbd-8.3.5.tar.gzcd drbd-8.3.5编译源文件make安装make install加入启动项并暂时关闭chkconfig -add drbdchkconfig -levels 2345 drbd off编辑配置文件/etc/drbd.confgloba

11、l usage-count no;common syncer rate 100M; resource r0 protocol C; on NAS01 device /dev/drbd0; disk /dev/sdb1; address 1:7898; meta-disk internal; on NAS02 device /dev/drbd0; disk /dev/sdb1; address 2:7898; meta-disk internal; resource r1 protocol C; on NAS01 device /dev/drbd1; disk /

12、dev/sdc1; address 1:7899; meta-disk internal; on NAS02 device /dev/drbd1; disk /dev/sdc1; address 2:7899; meta-disk internal; 创建元设备drbdadm create-md r0drbdadm create-md r1初始化设备并同步service drbd startdrbdsetup /dev/drbd0 primary -odrbdsetup /dev/drbd1 primary -o维护drbdoverview安装iscsi-tar

13、get-0.4.17查看环境uname -r2.6.9-89.ELls -l /usr/src/kernels/设置编译变量KERNELSRCexport KERNELSRC=/usr/src/kernels/2.6.9-89.EL-x86_64make /编译make install /安装配置drbdadm primary r0mkfs -t ext3 /dev/drbd0mkdir /iscsiconfigmount /dev/drbd0 /iscsiconfigmv /etc/ietd.conf /iscsiconfig/ietd.confln -s /iscsiconfig/ietd

14、.conf /etc/ietd.confls -l ietd.confheartbeat 安装安装heartbeat需要安装libnet.tar和heartbeat安装编译支持库tar -zxvf libnet.tar.gzcd libnet./configure /配置编译环境make /编译make install /安装增加用户groupadd haclientuseradd -g haclient hacluster安装heartbeattar -zxvf heartbeat-2.1.3.tar.gz /解压./ConfigureMe configure /配置编译环境make /编译

15、make install /安装chkconfig -add heartbeat /添加启动项chkconfig -levels 2345 heartbeat off /临时关闭修改目录/var/lib/heartbeat/cores/hacluster权限chown hacluster:haclient /var/lib/heartbeat/cores/hacluster配置heartbeatcp doc/authkeys /etc/ha.d/cp doc/ha.cf /etc/ha.d/关闭防火墙chkconfig -levels iptablesservice iptables stop

16、修改authkeys访问权限为600chmod 600 authkeys修改authkeys文件采用crc加密auth 11 crc#2 sha1 HI!#3 md5 Hello!编辑/etc/ha.d/ha.cf文件debugfile /var/log/ha-debuglogfile /var/log/ha-loglogfacility local0keepalive 2deadtime 30warntime 10initdead 120udpport 694bcast bond1 # Linux#bcast eth1 eth2 # Linuxauto_failback onnode NAS

17、01node NAS02ping respawn hacluster /usr/lib64/heartbeat/ipfailapiauth ipfail gid=haclient uid=hacluster编辑/etc/ha.d/haresources#NAS01 drbddisk:r0 Filesystem:/dev/drbd0:/iscsiconfig iscsi-target 0NAS01 drbddisk Filesystem:/dev/drbd0:/iscsiconfig iscsi-target 0测试i

18、fdown bond0ifup bond0tail -f /var/log/ha-log /监视日志VM Server 安装ISCSI存储设备器通过不同子网进行连接底层存储需要对上提供两个不同的地址用于连接,至少需要两块网卡.通过相同子网进行连接WEB Client安装vSphere Web Client首先需要在Windows平台下安装vSphere Web Client，而且要保证安装vSphere Web Client的服务器与vCenter Server所在的服务器的网络是畅通的。本文选择在vCenter Server所在的服务器上安装vSphere Web Client。运行vCen

19、ter Server安装程序，选中“VMware vSphere Web Client(Server)”，然后单击“安装”按钮，就将运行vSphere Web Client安装程序。需要注意的一点就是vSphere Web Client默认将使用两个端口：9090和9443。在运行安装程序之前可以在命令行下使用netstat -an|find “9090”命令和netstat -an|find “9443”命令查看这两个端口是否被占用。注册服务期通过WEB注册,访问https:/localhost:9443/admin-app.需要AdobeFlash Player version 10.1.

20、0.命令行注册.运行C:Program FilesVMwareInfrastructurevSphere Web Clientscripts>目录下的admin-cmd.batadmin-cmd 0:9443/vsphere-client 00 administrator *admin-cmd 0:9443/vsphere-client localhost administrator *Vsphere center 服务器的超级用户和口令安全性时间同步数据存储为了提高数据存储的安全性，防止非授权

21、用户的访问，需要对数据存储进行身份验证。在此，我们在iSCSI-TARGET配置文件ietd.conf中进行配置，添加访问用户名为tang，口令为*。Target .example:storage.disk2.sys1.xyz Lun 0 Path=/dev/drbd1,Type=blockio Lun 1 Path=/dev/drbd2,Type=blockio IncomingUser tang * MaxConnections 4MSERVER 需要对存储适配器进行配置添加身份验证。增加存储监视数据存储solarwinds 10.0查看是否安装rpm -qa | grep snmp安装s

22、nmp软件1.从光盘RedHat/RPMS目录下拷贝文件到/tmplm_sensors-2.8.7-2.40.5.x86_64.rpm net-snmp-libs-5.1.2-18.el4.x86_64.rpmnet-snmp-5.1.2-18.el4.x86_64.rpm2.依次安装rpm -ivh lm_sensors-2.8.7-2.40.5.x86_64.rpm rpm -ivh net-snmp-libs-5.1.2-18.el4.x86_64.rpmrpm -ivh net-snmp-5.1.2-18.el4.x86_64.rpmredhat 4.8 snmp 配置编辑/etc/s

23、nmp/snmpd.conf文件#cat /etc/snmp/snmpd.confcom2sec notConfigUser default publicgroup notConfigGroup v1 notConfigUsergroup notConfigGroup v2c notConfigUseraccess notConfigGroup "" any noauth exact mib2 none none#view all included .1 80view mib2 included .ernet.mgmt.mib-2 fc#vie

24、w systemview included .1#view systemview included ..2.1.1#view systemview included ...1启动服务service snmpd restartESXI服务器配置snmp参数vicfg-snmp.pl -server 38 -username root -password * -c public启动snmp代理vicfg-snmp.pl -server 38 -username root -password * -enable身

25、份认证cisco 设备安装IAS打开控制面板中的 添加或删除程序。 单击“添加/删除 Windows 组件”。 在“Windows 组件向导”对话框中，单击“网络服务”，然后单击“详细信息”。 在“网络服务”对话框中，选择“Internet 验证服务”，单击“确定”，然后单击“下一步”。 如果出现提示，请插入 Windows Server 2003 Standard Edition、Windows Server 2003 Enterprise Edition 或 Windows Server 2003 Datacenter Edition 光盘。 安装 IAS 之后，单击“完成”，然后单击“关

26、闭”。配置IAS用户设置用户要允许有远程登录的权限。Cisco 配置version 12.1conf teaaa new-modelaaa authentication login netmgr group radius local /先采用Radius认证,不成功采用local认证ip radius source-interface loopback0 /以loopback 作为源发送地址标识radius-server host 5 key ciscoline vty 0 15privilege level 15login authentication netmgrVe

27、rsion12.2aaa new-modelaaa authentication login netmgr group radius localradius-server host 5 key cisoip radius source-interface loopback0 /以loopback 作为源发送地址标识radius-server source-ports 1645-1646 /必须加上此命令,一般自动加入.radius-server directed-request line vty 0 4 privilege level 15login authentica

28、tion netmgr附件附件1:创建IAS记录数据库IASCreateSQL.sqlIF EXISTS (SELECT name FROM master.dbo.sysdatabases WHERE name = N'IASODBC') DROP DATABASE IASODBCGOCREATE DATABASE IASODBC ON (NAME = N'IASODBC_Data', FILENAME = N'C:Program FilesMicrosoft SQL ServerMSSQLdataIASODBC_Data.MDF' , SIZE

29、 = 1, FILEGROWTH = 10%) LOG ON (NAME = N'IASODBC_Log', FILENAME = N'C:Program FilesMicrosoft SQL ServerMSSQLdataIASODBC_Log.LDF' , SIZE = 1, FILEGROWTH = 10%) COLLATE SQL_Latin1_General_CP1_CI_ASGOexec sp_dboption N'IASODBC', N'autoclose', N'false'GOexec sp_db

30、option N'IASODBC', N'bulkcopy', N'false'GOexec sp_dboption N'IASODBC', N'trunc. log', N'false'GOexec sp_dboption N'IASODBC', N'torn page detection', N'true'GOexec sp_dboption N'IASODBC', N'read only', N'false

31、'GOexec sp_dboption N'IASODBC', N'dbo use', N'false'GOexec sp_dboption N'IASODBC', N'single', N'false'GOexec sp_dboption N'IASODBC', N'autoshrink', N'false'GOexec sp_dboption N'IASODBC', N'ANSI null default',

32、 N'false'GOexec sp_dboption N'IASODBC', N'recursive triggers', N'false'GOexec sp_dboption N'IASODBC', N'ANSI nulls', N'false'GOexec sp_dboption N'IASODBC', N'concat null yields null', N'false'GOexec sp_dboption N'IAS

33、ODBC', N'cursor close on commit', N'false'GOexec sp_dboption N'IASODBC', N'default to local cursor', N'false'GOexec sp_dboption N'IASODBC', N'quoted identifier', N'false'GOexec sp_dboption N'IASODBC', N'ANSI warnings'

34、;, N'false'GOexec sp_dboption N'IASODBC', N'auto create statistics', N'true'GOexec sp_dboption N'IASODBC', N'auto update statistics', N'true'GOif( ( (microsoftversion / power(2, 24) = 8) and (microsoftversion & 0xffff >= 724) ) or ( (mic

35、rosoftversion / power(2, 24) = 7) and (microsoftversion & 0xffff >= 1082) ) ) exec sp_dboption N'IASODBC', N'db chaining', N'false'GOuse IASODBCGOif exists (select * from dbo.sysobjects where id = object_id(N'dbo.report_event') and OBJECTPROPERTY(id, N'IsPr

36、ocedure') = 1)drop procedure dbo.report_eventGOif exists (select * from dbo.sysobjects where id = object_id(N'dbo.accounting_data') and OBJECTPROPERTY(id, N'IsUserTable') = 1)drop table dbo.accounting_dataGOif exists (select * from dbo.systypes where name = N'ipaddress')e

37、xec sp_droptype N'ipaddress'GOsetuserGOEXEC sp_addtype N'ipaddress', N'nvarchar (15)', N'not null'GOsetuserGOCREATE TABLE dbo.accounting_data ( id int IDENTITY (1, 1) NOT NULL , timestamp datetime NOT NULL , Computer_Name nvarchar (255) COLLATE SQL_Latin1_General_CP1_

38、CI_AS NOT NULL , Packet_Type int NOT NULL , User_Name nvarchar (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL , F_Q_User_Name nvarchar (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL , Called_Station_Id nvarchar (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL , Calling_Station_Id nvarchar (255) COL

39、LATE SQL_Latin1_General_CP1_CI_AS NULL , Callback_Number nvarchar (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL , Framed_IP_Address ipaddress NULL , NAS_Identifier nvarchar (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL , NAS_IP_Address ipaddress NULL , NAS_Port int NULL , Client_Vendor int NULL

40、, Client_IP_Address ipaddress NULL , Client_Friendly_Name nvarchar (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL , Event_Timestamp datetime NULL , Port_Limit int NULL , NAS_Port_Type int NULL , Connect_Info nvarchar (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL , Framed_Protocol int NULL , Servi

41、ce_Type int NULL , Authentication_Type int NULL , NP_Policy_Name nvarchar (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL , Reason_Code int NULL , Class nvarchar (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL , Session_Timeout int NULL , Idle_Timeout int NULL , Termination_Action int NULL , EAP_Fri

42、endly_Name nvarchar (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL , Acct_Status_Type int NULL , Acct_Delay_Time int NULL , Acct_Input_Octets int NULL , Acct_Output_Octets int NULL , Acct_Session_Id nvarchar (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL , Acct_Authentic int NULL , Acct_Session_Ti

43、me int NULL , Acct_Input_Packets int NULL , Acct_Output_Packets int NULL , Acct_Terminate_Cause int NULL , Acct_Multi_Session_Id nvarchar (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL , Acct_Link_Count int NULL , Acct_Interim_Interval int NULL , Tunnel_Type int NULL , Tunnel_Medium_Type int NULL ,

44、 Tunnel_Client_Endpoint nvarchar (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL , Tunnel_Server_Endpoint nvarchar (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL , Acct_Tunnel_Connection nvarchar (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL , Tunnel_Pvt_Group_Id nvarchar (255) COLLATE SQL_Latin1

45、_General_CP1_CI_AS NULL , Tunnel_Assignment_Id nvarchar (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL , Tunnel_Preference int NULL , MS_Acct_Auth_Type int NULL , MS_Acct_EAP_Type int NULL , MS_RAS_Version nvarchar (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL , MS_RAS_Vendor int NULL , MS_CHAP_E

46、rror nvarchar (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL , MS_CHAP_Domain nvarchar (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL , MS_MPPE_Encryption_Types int NULL , MS_MPPE_Encryption_Policy int NULL , Proxy_Policy_Name nvarchar (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL , Provider_Typ

47、e int NULL , Provider_Name nvarchar (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL , Remote_Server_Address ipaddress NULL , MS_RAS_Client_Name nvarchar (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL , MS_RAS_Client_Version nvarchar (255) COLLATE SQL_Latin1_General_CP1_CI_AS NULL ) ON PRIMARYGOSET

48、QUOTED_IDENTIFIER ON GOSET ANSI_NULLS OFF GOCREATE PROCEDURE dbo.report_event doc ntextASSET NOCOUNT ONDECLARE idoc intEXEC sp_xml_preparedocument idoc OUTPUT, doc/* All RADIUS attributes written to the ODBC format logfile are declared here. One additional attribute is added: record_timestamp. The v

49、alue of record_timestamp is the UTC time the record was inserted in the database. Refer to IAS ODBC Formatted Log Files in Online Help for information on interpreting these values.*/DECLARE record_timestamp datetimeSET record_timestamp = GETUTCDATE()INSERT accounting_dataSELECT record_timestamp, Com

50、puter_Name, Packet_Type, User_Name, F_Q_User_Name, Called_Station_Id, Calling_Station_Id, Callback_Number, Framed_IP_Address, NAS_Identifier, NAS_IP_Address, NAS_Port, Client_Vendor, Client_IP_Address, Client_Friendly_Name, Event_Timestamp, Port_Limit, NAS_Port_Type, Connect_Info, Framed_Protocol, S

51、ervice_Type, Authentication_Type, NP_Policy_Name, Reason_Code, Class, Session_Timeout, Idle_Timeout, Termination_Action, EAP_Friendly_Name, Acct_Status_Type, Acct_Delay_Time, Acct_Input_Octets, Acct_Output_Octets, Acct_Session_Id, Acct_Authentic, Acct_Session_Time, Acct_Input_Packets, Acct_Output_Pa

52、ckets, Acct_Terminate_Cause, Acct_Multi_Session_Id, Acct_Link_Count, Acct_Interim_Interval, Tunnel_Type, Tunnel_Medium_Type, Tunnel_Client_Endpoint, Tunnel_Server_Endpoint, Acct_Tunnel_Connection, Tunnel_Pvt_Group_Id, Tunnel_Assignment_Id, Tunnel_Preference, MS_Acct_Auth_Type, MS_Acct_EAP_Type, MS_R

53、AS_Version, MS_RAS_Vendor, MS_CHAP_Error, MS_CHAP_Domain, MS_MPPE_Encryption_Types, MS_MPPE_Encryption_Policy, Proxy_Policy_Name, Provider_Type, Provider_Name, Remote_Server_Address, MS_RAS_Client_Name, MS_RAS_Client_VersionFROM OPENXML(idoc, '/Event')WITH ( Computer_Name nvarchar(255) '

54、./Computer-Name', Packet_Type int './Packet-Type', User_Name nvarchar(255) './User-Name', F_Q_User_Name nvarchar(255) './Fully-Qualifed-User-Name', Called_Station_Id nvarchar(255) './Called-Station-Id', Calling_Station_Id nvarchar(255) './Calling-Station-Id', Callback_Number nvarchar(255) './Callback-Number', Framed_IP_Address nvarchar(15) './Framed-IP-Address&