一、安装
https://github.com/jumpserver/jumpserver/wiki/%E5%9F%BA%E4%BA%8E-RedHat-%E7%9A%84%E7%B3%BB%E7%BB%9F
二、配置
https://github.com/jumpserver/jumpserver/wiki/%E5%BA%94%E7%94%A8%E5%9B%BE%E8%A7%A3
注意:
使用不同账户,执行执行脚本时候sudo经常会碰到 sudo: sorry, you must have a tty to run sudo这个情况,其实修改一下sudo的配置就好了 vi /etc/sudoers (最好用visudo命令) 注释掉 Default requiretty 一行 #Default requiretty 意思就是sudo默认需要tty终端。注释掉就可以在后台执行了。 执行: # sed -i 's/Default.*requiretty/#Default requiretty/g' /etc/sudoers
三、集群
node1: 10.0.70.242:8000
node2: 10.0.70.243:8000
vip: 10.0.70.245:8000
---------------- node1 ---------------- # yum install -y ipvsadm keepalived # vim /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { notification_email { zhouxinyu@zipeiyi.com } notification_email_from mail.zipeiyi.com smtp_server 127.0.0.1 smtp_connect_timeout 30 router_id LVS_DEVEL } vrrp_instance VI_1 { #对于只有一个vip加一个vrrp_instance即可。如果两个vip可加VI_2 state BACKUP interface eth0 virtual_router_id 55 priority 100 #权重 advert_int 1 nopreempt #设置不抢占资源 authentication { auth_type PASS auth_pass 1111 #认证 } virtual_ipaddress { 10.0.70.245 } } virtual_server 10.0.70.245 8000 { delay_loop 6 lb_algo rr lb_kind DR persistence_timeout 120 protocol TCP real_server 10.0.70.242 8000 { weight 3 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 connect_port 8000 } } real_server 10.0.70.243 8000 { weight 3 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 connect_port 8000 } } } # /etc/init.d/keepalived start --------------- node2 --------------- # yum install -y ipvsadm keepalived # vim /etc/keepalived/keepalived.conf ! Configuration File for keepalived global_defs { router_id LVS_DEVEL } vrrp_instance VI_1 { state BACKUP interface eth0 virtual_router_id 55 priority 90 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 10.0.70.245 } } virtual_server 10.0.70.245 8000 { delay_loop 6 lb_algo rr lb_kind DR persistence_timeout 50 protocol TCP real_server 10.0.70.242 8000 { weight 3 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 connect_port 8000 } } real_server 10.0.70.243 8000 { weight 3 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 connect_port 8000 } } } # /etc/init.d/keepalived start
检测
--------------- node1 --------------- # arping 10.0.70.245 ARPING 10.0.70.245 from 10.0.70.245 eth0 证明vip是在node1上的 --------------- node2 --------------- #arping 10.0.70.245 Unicast reply from 10.0.70.245 [00:50:56:9D:3B:42] 0.795ms --------------- node1 --------------- # /etc/init.d/keepalived stop # arping 10.0.70.245 Unicast reply from 10.0.70.245 [00:50:56:9D:3A:AD] 0.815ms 证明vip是在node2上的 # /etc/init.d/keepalived start 此时即使启动node1的keepalived也不会拉回vip资源,vip还是在node2上,知道node2 standby,vip会切回node1上。 ---------------- node2 ---------------- # /etc/init.d/keepalived stop # arping 10.0.70.245 Unicast reply from 10.0.70.245 [00:50:56:9D:3B:42] 0.795ms vip自动切回到node1 # /etc/init.d/keepalived start
部署应用监控脚本
----------------- node1 ----------------- # vim /etc/keepalived/check_server.sh #!/bin/bash DIR=/opt/jumpserver/ while true do check_num=`lsof -i :8000 | grep '*:irdmi' | wc -l` if [ $check_num -eq 0 ];then cd $DIR sh service.sh restart sleep 5 check_num=`lsof -i :8000 | grep '*:irdmi' | wc -l` if [ $check_num -eq 0 ];then /etc/init.d/keepalived stop exit fi fi sleep 5 done # vim /etc/rc.local /etc/init.d/keepalived restart /opt/jumpserver/service.sh restart sh /etc/keepalived/check_service.sh & ------------------- node2 ------------------- # vim /etc/keepalived/check_server.sh #!/bin/bash DIR=/opt/jumpserver/ while true do check_num=`lsof -i :8000 | grep '*:irdmi' | wc -l` if [ $check_num -eq 0 ];then cd $DIR sh service.sh restart sleep 5 check_num=`lsof -i :8000 | grep '*:irdmi' | wc -l` if [ $check_num -eq 0 ];then /etc/init.d/keepalived stop exit fi fi sleep 5 done # vim /etc/rc.local /etc/init.d/keepalived restart /opt/jumpserver/service.sh restart sh /etc/keepalived/check_service.sh &
本文转自 周新宇1991 51CTO博客,原文链接:http://blog.51cto.com/zhouxinyu1991/1866312,如需转载请自行联系原作者