一、安装
https://github.com/jumpserver/jumpserver/wiki/%E5%9F%BA%E4%BA%8E-RedHat-%E7%9A%84%E7%B3%BB%E7%BB%9F
二、配置
https://github.com/jumpserver/jumpserver/wiki/%E5%BA%94%E7%94%A8%E5%9B%BE%E8%A7%A3
注意:
使用不同账户,执行执行脚本时候sudo经常会碰到 sudo: sorry, you must have a tty to run sudo这个情况,其实修改一下sudo的配置就好了 vi /etc/sudoers (最好用visudo命令) 注释掉 Default requiretty 一行 #Default requiretty 意思就是sudo默认需要tty终端。注释掉就可以在后台执行了。 执行: # sed -i 's/Default.*requiretty/#Default requiretty/g' /etc/sudoers
三、集群
node1: 10.0.70.242:8000
node2: 10.0.70.243:8000
vip: 10.0.70.245:8000
----------------
node1
----------------
# yum install -y ipvsadm keepalived
# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
zhouxinyu@zipeiyi.com
}
notification_email_from mail.zipeiyi.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_instance VI_1 { #对于只有一个vip加一个vrrp_instance即可。如果两个vip可加VI_2
state BACKUP
interface eth0
virtual_router_id 55
priority 100 #权重
advert_int 1
nopreempt #设置不抢占资源
authentication {
auth_type PASS
auth_pass 1111 #认证
}
virtual_ipaddress {
10.0.70.245
}
}
virtual_server 10.0.70.245 8000 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 120
protocol TCP
real_server 10.0.70.242 8000 {
weight 3
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 8000
}
}
real_server 10.0.70.243 8000 {
weight 3
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 8000
}
}
}
# /etc/init.d/keepalived start
---------------
node2
---------------
# yum install -y ipvsadm keepalived
# vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 55
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.70.245
}
}
virtual_server 10.0.70.245 8000 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 10.0.70.242 8000 {
weight 3
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 8000
}
}
real_server 10.0.70.243 8000 {
weight 3
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 8000
}
}
}
# /etc/init.d/keepalived start
检测
--------------- node1 --------------- # arping 10.0.70.245 ARPING 10.0.70.245 from 10.0.70.245 eth0 证明vip是在node1上的 --------------- node2 --------------- #arping 10.0.70.245 Unicast reply from 10.0.70.245 [00:50:56:9D:3B:42] 0.795ms --------------- node1 --------------- # /etc/init.d/keepalived stop # arping 10.0.70.245 Unicast reply from 10.0.70.245 [00:50:56:9D:3A:AD] 0.815ms 证明vip是在node2上的 # /etc/init.d/keepalived start 此时即使启动node1的keepalived也不会拉回vip资源,vip还是在node2上,知道node2 standby,vip会切回node1上。 ---------------- node2 ---------------- # /etc/init.d/keepalived stop # arping 10.0.70.245 Unicast reply from 10.0.70.245 [00:50:56:9D:3B:42] 0.795ms vip自动切回到node1 # /etc/init.d/keepalived start
部署应用监控脚本
----------------- node1 ----------------- # vim /etc/keepalived/check_server.sh #!/bin/bash DIR=/opt/jumpserver/ while true do check_num=`lsof -i :8000 | grep '*:irdmi' | wc -l` if [ $check_num -eq 0 ];then cd $DIR sh service.sh restart sleep 5 check_num=`lsof -i :8000 | grep '*:irdmi' | wc -l` if [ $check_num -eq 0 ];then /etc/init.d/keepalived stop exit fi fi sleep 5 done # vim /etc/rc.local /etc/init.d/keepalived restart /opt/jumpserver/service.sh restart sh /etc/keepalived/check_service.sh & ------------------- node2 ------------------- # vim /etc/keepalived/check_server.sh #!/bin/bash DIR=/opt/jumpserver/ while true do check_num=`lsof -i :8000 | grep '*:irdmi' | wc -l` if [ $check_num -eq 0 ];then cd $DIR sh service.sh restart sleep 5 check_num=`lsof -i :8000 | grep '*:irdmi' | wc -l` if [ $check_num -eq 0 ];then /etc/init.d/keepalived stop exit fi fi sleep 5 done # vim /etc/rc.local /etc/init.d/keepalived restart /opt/jumpserver/service.sh restart sh /etc/keepalived/check_service.sh &
本文转自 周新宇1991 51CTO博客,原文链接:http://blog.51cto.com/zhouxinyu1991/1866312,如需转载请自行联系原作者
