Ldap高可用部署
Ldap配置高可用
两个节点上均执行
mkdir /data/ldap
cd /data/ldap
1.1. 添加mod_syncprov.ldif文件
vi mod_syncprov.ldif
内容如下:
objectClass: olcModuleList
cn: module
olcModulePath: /usr/lib64/openldap
olcModuleLoad: syncprov.la
执行添加操作
ldapadd -Y EXTERNAL -H ldapi:/// -f mod_syncprov.ldif
1.2. 添加syncprov.ldif文件
vi syncprov.ldif
内容如下:
dn: olcOverlay=syncprov,olcDatabase={2}hdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov
olcSpCheckpoint:100 10
olcSpSessionLog: 100
执行添加操作
ldapadd -Y EXTERNAL -H ldapi:/// -f syncprov.ldif
1.3. 添加master01.ldif配置文件
vi master01.ldif (xxx.xxx.xxx.218节点)
内容如下:
dn: cn=config
changetype: modify
replace: olcServerID
olcServerID: 1
dn: olcDatabase={2}hdb,cn=config
changetype: modify
add: olcSyncRepl
olcSyncRepl: rid=001
provider=ldap://xxx.xxx.xxx.220:389/
bindmethod=simple
binddn="cn=admin,dc=dfcv,dc=com"
credentials=admin@123
searchbase="dc=dfcv,dc=com"
scope=sub
schemachecking=off
attrs="*,+"
type=refreshAndPersist
retry="5 5 300 +"
interval=interval=00:00:01:00
-
add: olcMirrorMode
olcMirrorMode: TRUE
-
add: olcDbIndex
olcDbIndex: entryUUID eq
-
add: olcDbIndex
olcDbIndex: entryCSN eq
执行添加操作
ldapadd -Y EXTERNAL -H ldapi:/// -f master01.ldif -W
1.4. 添加master02.ldif配置文件
vi master02.ldif (xxx.xxx.xxx.220节点)
内容如下:
dn: cn=config
changetype: modify
replace: olcServerID
olcServerID: 2
dn: olcDatabase={2}hdb,cn=config
changetype: modify
add: olcSyncRepl
olcSyncRepl: rid=001
provider=ldap://xxx.xxx.xxx.218:389/
bindmethod=simple
binddn="cn=admin,dc=dfcv,dc=com"
credentials=admin@123
searchbase="dc=dfcv,dc=com"
scope=sub
schemachecking=off
attrs="*,+"
type=refreshAndPersist
retry="5 5 300 +"
interval=interval=00:00:01:00
-
add: olcMirrorMode
olcMirrorMode: TRUE
-
add: olcDbIndex
olcDbIndex: entryUUID eq
-
add: olcDbIndex
olcDbIndex: entryCSN eq
执行添加操作
ldapadd -Y EXTERNAL -H ldapi:/// -f master02.ldif -W
部署 keepalived(两台机器均执行)
1.5. 安装keepalive
yum -y install keepalived
1.6. 修改keepalived配置
xxx.xxx.xxx.218节点编辑
vim /etc/keepalived/keepalived.conf
内容如下:
global_defs {
}
vrrp_script check_proxy {
script "/opt/scripts/chk_server.sh"
interval 2
weight -30
fall 2
rise 1
}
vrrp_instance VI_1 {
state MASTER
interface ens160
virtual_router_id 91
priority 100
advert_int 1
virtual_ipaddress {
xxx.xxx.xxx.13
}
track_script {
check_proxy
}
}
xxx.xxx.xxx.220节点编辑
vim /etc/keepalived/keepalived.conf
内容如下:
global_defs {
}
vrrp_script check_proxy {
script "/opt/scripts/chk_server.sh"
interval 2
weight -30
fall 2
rise 1
}
vrrp_instance VI_1 {
state BACKUP
interface ens160
virtual_router_id 91
priority 100
advert_int 1
virtual_ipaddress {
xxx.xxx.xxx.13
}
track_script {
check_proxy
}
}
1.7. 准备chk_server.sh文件
vi /opt/scripts/chk_server.sh
内容如下:
#!/bin/bash
counter=$(ps -C slapd --no-heading|wc -l)
if [ "${counter}" = "0" ]; then
systemctl start slapd
sleep 2
counter=$(ps -C slapd --no-heading|wc -l)
if [ "${counter}" = "0" ]; then
systemctl stop keepalived
fi
fi
授权
chmod 755 /moviebook/scripts/chk_server.sh
1.8. 启动keepalived
systemctl start keepalived
systemctl enable keepalived
