In response to the company's business needs, the closest to build a set of portfolio services, the network did not find a similar portfolio architecture, so I will build the process and share some new, I hope that friends with relevant needs will have the role of throwing a brick to attract jade!
The objectives to be achieved are:
Two vsftp servers are built, and the hot standby is realized by keeping alived. When one server fails, the script automatically switches to another server to continue business. There will be no data outage and loss between them.
Programme:
The VIP drift between the two servers is realized by keeping alived, while the client accesses the ftp server by vip. When the main fault occurs, VIP moves to the standby. When the client accesses the server, it will not perceive the main fault, nor will it affect the reading and writing of the data. The data consistency between the two servers is achieved by rsync+inotify tool. When the main data is added, in When otify detects the change, it triggers the rsync synchronization script to synchronize the data, and vice versa.
Process:
One. ftp server construction
1. Shut down the defense mechanism
[root@localhost ~]# setenforce 0 [root@localhost ~]# sed -i '7 s/enforcing/disabled/' /etc/selinux/config [root@localhost ~]# systemctl stop firewalld.service [root@localhost ~]# systemctl disable firewalld.service
2. Install vsftp
[root@localhost ~]# cd /etc/yum.repos.d/ [root@localhost yum.repos.d]# mkdir bak [root@localhost yum.repos.d]# mv *.o bak [root@localhost yum.repos.d]# wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo [root@localhost ~]# yum -y install vsftpd [root@localhost ~]# yum -y install ftp [root@localhost ~]# systemctl start vsftpd.service
3. Modify configuration, create local users, and close anonymous users
[root@localhost ~]# useradd -d /home/user1 -s /sbin/nologin user1
[root@localhost ~]# passwd user1(123456)
[root@localhost ~]# cd /etc/vsftpd/
[root@localhost vsftpd]# cp vsftpd.conf{,.bak}
[root@localhost vsftpd]# vim vsftpd.conf
anonymous_enable=NO
local_umask=077
chroot_local_user=YES(Local User Home Directory Lock)
allow_writeable_chroot=YES(Add)
listen=YES
max_clients=300(Maximum number of linked customers (default 50)
max_per_ip=300(each ip Maximum connection limit)
listen_ipv6=NO
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list(chroot_list You need to create it and add the username to it)
[root@localhost vsftpd]# systemctl restart vsftpd.service
Note: When client login fails (chmod a-w/home/test2 (user's home directory))
Setting up vsftp service boot-up
[root@localhost ~]# chkconfig vsftpd on [root@localhost ~]# systemctl enable vsftpd.service
2. Keep alived between ftp servers
[root@localhost ~]# yum -y install keepalived
[root@localhost ~]# cd /etc/keepalived/
[root@localhost keepalived]# cp keepalived.conf{,.ori}
[root@localhost keepalived]# vim keepalived.conf
state MASTER
interface eM1
virtual_ipaddress {
192.168.10.100
virtual_server 192.168.10.100 21 {
delay_loop 6
lb_algo rr
lb_kind NAT
nat_mask 255.255.255.0(New additions)
persistence_timeout 50
protocol TCP
}
The content behind is for the settings of the back nodes, which can be deleted. [root@localhost ~]# systemctl start keepalived.service
Set up boot-up self-start
[root@localhost ~]# chkconfig keepalived on [root@localhost ~]# systemctl enable keepalived.service
Add a script to monitor the vsftp service. When vsftp stops, keepalived stops to switch
[root@localhost ~]# Vim/etc/keepalived/check_ftp.sh (permission 644)
#!/bin/bash
#author:zijing
#date:2018-08-08
#tel:11111111111
#Descri: Monitor the ftp service. When the ftp service stops, the system automatically kills the keepalived service and realizes the switch between master and backup.
while :
do
ftppid=`ss -antp |grep vsftp | wc -l`
if [ $ftppid -eq 0 ];then
systemctl stop keepalived.service
fi
done
Add in the keepalived configuration
vrrp_script chk_ftp { (This paragraph must be added vrrp_instance Front of paragraph)
script "/etc/keepalived/check_ftp.sh"
interval 2
}
track_script { (This paragraph is added to vrrp_instance In the paragraph, virtual_ipaddress After paragraph)
chk_ftp
}
Just restart the service.
3. Data Synchronization
1. Source server:
[root@localhost ~]# yum -y install rsync
[root@localhost ~]# Vim/etc/rsyncd.conf (Manual configuration file establishment)
uid = user1
gid = user1(The key here, and the back ip Continuous propagation correlation of breakpoints after drift)
use chroot = yes
address = 192.168.10.101
port 873
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
hosts allow = 192.168.10.0/24
[ftproot](Shared module name)
path = /home/user1/(Finally, it must be backhanded.)
comment = ftp export area
read only = no
dont compress = *.gz *.bz2 *.tgz *.zip *.rar *.z
auth users = user1(Authenticate User Name)
secrets file = /etc/rsyncd_users.db(Authenticate password file)
[root@localhost ~]# echo "user1:123456" > /etc/rsyncd_users.db
[root@localhost ~]# chmod 600 /etc/rsyncd_users.db
[root@localhost ~]# Chmod-R 777/home/user1/(permission to modify the publishing directory) (original 755)
Start up service:
[root@localhost ~]# rsync --daemon [root@localhost ~]# ss -anpt|grep 873
2. Client:
[root@localhost ~]# yum -y install rsync
Client Testing
[root@localhost sprixin1]# rsync -avz sprixin1@192.168.10.102::ftproot /home/user1/
Supplement: No Interaction Settings
[root@localhost ~]# echo "123456" > /etc/server.pass [root@localhost ~]# chmod 600 /etc/server.pass [root@localhost ~]# rsync -avz --password-file=/etc/server.pass user1@192.168.10.102::ftproot /home/user1/
3.rsync+inotify real-time synchronization
On the source server
[root@localhost ~]# chown nobody:nobody /home/user1/(originally user1: user1) [root@localhost ~]# ss -anpt|grep 873 [root@localhost ~]# Kill 51316 (shutdown process) [root@localhost ~]# rsync --daemon
4. Install inotify
[root@localhost ~]# tar xf inotify-tools-3.14.tar.gz -C /usr/src/ [root@localhost ~]# cd /usr/src/inotify-tools-3.14/ [root@localhost inotify-tools-3.14]# ./configure && make && make install [root@localhost]# Inotifywait-mrq-e modify, create, move, delete/home/sprixin1/(Monitor local file storage directory) [root@localhost]# Echo 65535 >/proc/sys/fs/inotify/max_user_instances (originally 10240)
Trigger script
[root@localhost ~]# vim /opt/inotify.sh
#!/bin/bash
#author:Bauhinia
#tel:11111111111
#date:2018-08-08
host1=192.168.10.102
src=/home/user1/
dst1=ftproot
user1=user1
/usr/local/bin/inotifywait -mrq --timefmt '%d/%m/%y %H:%M' --format '%T %w%f%e' -e modify,delete,create,attrib $src \
| while read files
do
/usr/bin/rsync -vzrtopg --progress --password-file=/etc/server.pass $src $user1@$host1::$dst1
done
[root@localhost ~]# chmod +x /opt/inotify.sh
[root@localhost ~]# Nohup/bin/bash/opt/inotify.sh & (background execution script)
To this service build completed!!
Attached below is a script that implements inotify script automatic stop on master server
vim /opt/qidong.sh
#!/bin/bash
#author:Bauhinia
#tel: 11111111111
#date: 2018-08-08
#Descri: Control inotify.sh script start and stop
while :
do
A=`ip a|grep "10.10.8.100/32"|grep -v grep|wc -l`
B=`ps aux|grep inotify.sh|grep -v grep|awk '{print $2}'`
C=`ps aux|grep inotify.sh|grep -v grep|wc -l`
if [ $A -eq 1 -a $C -eq 0 ];then
/usr/bin/nohup /usr/bin/sh /opt/inotify.sh &
elif [ $A -eq 0 -a $C -gt 0 ];then
for i in $B
do
/usr/bin/kill $i &>/dev/null
done
fi
done