RH236配置GEO-replication
本章节学习配置配置GEO-replication以实现volume的异地容灾。
RHCA专栏地址:https://blog.csdn.net/qq_41765918/category_11532281.html
文章目录
作用
实现volume的异地容灾,客户端往volume写入数据,这份数据同时会被持续的、异步、增量的传输到另一个站点指定的volume,两个站点之间通过网络同步数据。geo-replication使用master-slave的模型,也就是主备模型,生产用站点为master,备份站点为slave,数据从master站点的volume传输到slave站点的volume。
部署
可设置多个主从关系,比如:
站点A---->站点B----->站点C
前提条件:
1.两边站点都要部署glusterfs,并且版本要一致
2.slave站点中的主机不能和master站点中的主机在一个存储池内
3.从volume大小不能小于主volume的大小
4.配置GEO-replication的时候,在master站点一台主机上做配置,然后通过SSH无密码登陆到slave站点一台主机进行配置。
5.两台主机之间传输数据时,先通过SSH会话,建立一条加密的通道,再使用gsync(无加密功能)进行数据同步,所以,数据传输过程中,也要建立SSH无密码连接
6.为了安全,使用一个普通用户来进行数据传输,这时,需要配置mountbroker,这是glusterd的一个内部服务,这个服务的作用是为了使普通用户具有root用户的传输数据权限,在slave上面配置
在slave节点
1.创建brick
# pvcreate /dev/sdb
# vgcreate vg1 /dev/sdb
# lvcreate -L 10G -T vg1/pool1
# lvcreate -V 2G -T vg1/pool1 -n brick1
# mkfs -t xfs -i size=512 /dev/vg1/brick1
# mkdir -p /brick/brick1
# mount -t xfs /dev/vg1/brick1 /brick/brick1
# mkdir /brick/brick1/brick
2.创建volume
# gluster volume create vol1-slave node5:/brick/brick1/brick
# gluster volume start vol1-slave
开启共享存储(必要时)
# gluster volume set all cluster.enable-shared-storage enable
3.使用普通用户创建会话连接,配置mountbroker
# groupadd repgrp
# useradd georep -G repgrp
# passwd georep
4.创建mountbroke目录使GlusterFS启动mountbroke功能:
# mkdir -p /var/mountbroker-root
# chmod 0711 /var/mountbroker-root/
设置selinux(必要时)
# semanage fcontext -a -e /home /var/mountbroker-root
# restorecon -Rv /var/mountbroker-root/
5.设置与GEO相关的目录的用户及用户组权限
# chgrp -R georep /var/log/glusterfs/geo-replication-slaves
# chgrp -R georep /var/lib/glusterd/geo-replication
# chmod -R 770 /var/lib/glusterd/geo-replication
# chmod -R 770 /var/log/glusterfs/geo-replication-slaves
使这个普通用户有权限去写日志,并且有权限进行geo-replication
6.设定geo-replication设置(重要):
指定mountbroker目录
# gluster system:: execute mountbroker opt mountbroker-root /var/mountbroker-root
用户会话绑定
# gluster system:: execute mountbroker user georep vol1-slave
将日志和group关联
# gluster system:: execute mountbroker opt geo-replication-log-group repgrp
允许不安全的访问
# gluster system:: execute mountbroker opt rpc-auth-allow-insecure on
7.检查配置内容,上述命令就是为了配置这些选项
# cat /etc/glusterfs/glusterd.vol
option rpc-auth-allow-insecure on
option mountbroker-root /var/mountbroker-root
option mountbroker-geo-replication.georep vol1-slave
option geo-replication-log-group repgrp
8.设定完后重启GlusterFS服务:
# systemctl restart glusterd
在master站点
1.配置SSH无密码登陆到slave站点
在master进行geo-replication配置的时候,会自动ssh到slave进行配置
# ssh-keygen
# ssh-copy-id georep@node5
开启共享存储(必要时)
# gluster volume set all cluster.enable-shared-storage enable
2.创建源卷对目的卷的秘钥认证信息(重要):
# gluster system:: execute gsec_create
3.创建通过PEM证书的源卷对目录卷的数据同步会话(重要):
# gluster volume geo-replication vol1 georep@node5::vol1-slave create push-pem
创建geo-replication数据同步,并把公钥传到slave
node5防火墙必须允许glusterfs服务,之前有推送的话,第二次要加force
在slave配置用户、原卷及从卷的关系:
# sh /usr/libexec/glusterfs/set_geo_rep_pem_keys.sh georep vol1 vol1-slave
配置user、主volume和从volume的对应关系
在master启动GEO-replication会话
(启动前,配置共享存储用于追踪
gluster volume geo-replication vol1 georep@node5::vol1-slave config use_meta_volume true)
# gluster volume geo-replication vol1 georep@node5::vol1-slave start
启动geo-replication会话
# gluster volume geo-replication vol1 grorep@node5::vol1-slave status
查看建立会话的状态,如果STATUS显示Faulty,表示没有成功
关闭和启动GEO-replication的命令
# gluster volume geo-replication vol1 grorep@node5::vol1-slave stop
# gluster volume geo-replication vol1 grorep@node5::vol1-slave start
课本练习(课本若有坑,这里不填,自我解决)
[root@workstation ~]# lab georeplication setup
1. 在为mastervol卷服务的受信任存储池上启用共享存储。
georeplication守护进程使用这个共享存储,在节点消失时触发故障转移。
[root@servera ~]# gluster volume set all cluster.enable-shared-storage enable
volume set: success
2. 配置免密登录。
设置从servera上的根帐户到servere上的geoaccount帐户的无密码SSH访问。
[root@servera ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
b4:78:bb:e2:08:52:55:7b:70:06:dd:1a:26:33:75:8b root@servera.lab.example.com
The key's randomart image is:
+--[ RSA 2048]----+
| +++.. |
| .+=+o.. |
| . .=Eo. |
| . +.. |
| . . S |
| . . . |
|. . . |
| . . .. . |
| ..... |
+-----------------+
[root@servera ~]# ssh-copy-id geoaccount@servere
The authenticity of host 'servere (172.25.250.14)' can't be established.
ECDSA key fingerprint is f3:3a:20:c9:5a:cc:cc:f0:44:f7:00:90:03:18:b1:8d.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
geoaccount@servere's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'geoaccount@servere'"
and check to make sure that only the key(s) you wanted were added.
3. 创建mountbroke目录使GlusterFS启动mountbroke功能
[root@servere ~]# mkdir -m 0711 /var/mountbroker-root
[root@servere ~]# semanage fcontext -a -e /home /var/mountbroker-root
[root@servere ~]# restorecon -Rv /var/mountbroker-root/
restorecon reset /var/mountbroker-root context unconfined_u:object_r:var_t:s0->unconfined_u:object_r:home_root_t:s0
4. 在servere上,配置对应选项,然后重新启动glusterd服务。
[root@servere ~]# gluster system:: execute mountbroker opt mountbroker-root /var/mountbroker-root
Command executed successfully.
[root@servere ~]# gluster system:: execute mountbroker user geoaccount slavevol
Command executed successfully.
[root@servere ~]# gluster system:: execute mountbroker opt geo-replication-log-group geogroup
Command executed successfully.
[root@servere ~]# gluster system:: execute mountbroker opt rpc-auth-allow-insecure on
Command executed successfully.
[root@servere ~]# systemctl restart glusterd
5. 进行相关配置。
[root@servera ~]# gluster system:: execute gsec_create
Common secret pub file present at /var/lib/glusterd/geo-replication/common_secret.pem.pub
[root@servera ~]#
[root@servera ~]# gluster volume geo-replication mastervol geoaccount@servere::slavevol create push-pem
Creating geo-replication session between mastervol & geoaccount@servere::slavevol has been successful
[root@servere ~]# sh /usr/libexec/glusterfs/set_geo_rep_pem_keys.sh geoaccount mastervol slavevol
Successfully copied file.
Command executed successfully.
[root@servera ~]# gluster volume geo-replication mastervol geoaccount@servere::slavevol config use_meta_volume true
geo-replication config updated successfully
[root@servera ~]# gluster volume geo-replication mastervol geoaccount@servere::slavevol start
Starting geo-replication session between mastervol & geoaccount@servere::slavevol has been successful
[root@servera ~]# gluster volume geo-replication status
MASTER NODE MASTER VOL MASTER BRICK SLAVE USER SLAVE SLAVE NODE STATUS CRAWL STATUS LAST_SYNCED
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
servera.lab.example.com mastervol /bricks/brick-a1/brick geoaccount ssh://geoaccount@servere::slavevol servere Active Changelog Crawl N/A
serverb.lab.example.com mastervol /bricks/brick-b1/brick geoaccount ssh://geoaccount@servere::slavevol servere Passive N/A N/A
6. 验证文件复制情况。
[root@servere ~]# ll /bricks/brick-e1/brick/
total 0
-rw-r--r--. 2 root root 0 Dec 10 16:43 file00
-rw-r--r--. 2 root root 0 Dec 10 16:43 file01
-rw-r--r--. 2 root root 0 Dec 10 16:43 file02
…………
7. 脚本评分。
[root@workstation ~]# lab georeplication grade
总结
- 配置GEO-replication需要特定步骤顺序,不能出错,否则会出问题。
- 注意添加密钥的相关设置形式。
以上就是【金鱼哥】的分享。希望能对看到此文章的小伙伴有所帮助。
如果这篇【文章】有帮助到你,希望可以给【金鱼哥】点个赞👍,创作不易,相比官方的陈述,我更喜欢用【通俗易懂】的文笔去讲解每一个知识点,如果有对【运维技术】感兴趣,也欢迎关注❤️❤️❤️ 【金鱼哥】❤️❤️❤️,我将会给你带来巨大的【收获与惊喜】💕💕!
