实战部署openldap主从架构

一、openldap介绍

二、openldap特点

三、openldap相关缩写

四、openldap组件

五、openldap环境规划

六、openldap部署---Master端

七、openldap部署---Slave端

八、openldap使用LAM工具管理

九、Master-Slave测试是否同步

一、openldap介绍:

LDAP是轻量目录访问协议(Lightweight Directory Access Protocol)的缩写。

LDAP标准实际上是在X.500标准基础上产生的一个简化版本。

二、openldap特点:

LDAP的结构用树来表示,而不是用表格。正因为这样,就不能用SQL语句了。

LDAP可以很快地得到查询结果,不过在写方面,就慢得多。

LDAP提供了静态数据的快速查询方式。

Client/server模型:Server 用于存储数据;Client提供操作目录信息树的工具

这些工具可以将数据库的内容以文本格式(LDAP 数据交换格式,LDIF)呈现在您的面前:

LDAP是一种开放Internet标准,LDAP协议是跨平台的 的Interent协议

它是基于X.500标准的, 与X.500不同,LDAP支持TCP/IP(即可以分布式部署)

三、openldap相关缩写:

LDAP相关的缩写如下:

dn - distinguished name(区别名,主键)

o - organization(组织-公司)

ou - organization unit(组织单元-部门)

c - countryName(国家)

dc - domainComponent(域名)

sn - sure name(真实名称)

cn - common name(常用名称)

四、openldap组件:

OpenLDAP各组件的功能简介:

slapd:主LDAP服务器

slurpd:负责与复制LDAP服务器保持同步的服务器

对网络上的目录进行操作的客户机程序。下面这两个程序是一对儿:

ldapadd:打开一个到LDAP服务器的连接,绑定、修改或增加条目

ldapsearch:打开一个到LDAP服务器的连接,绑定并使用指定的参数进行搜索

对本地系统上的数据库进行操作的几个程序:

slapadd:将以LDAP目录交换格式(LDIF)指定的条目添加到LDAP数据库中

slapcat:打开LDAP数据库,并将对应的条目输出为LDIF格式.

五、openldap环境规划:

192.168.99.23               #openldap主服务器

192.168.99.22               #openldap从服务器

六、openldap部署---Master端:

[[email protected] ~]# ifconfig eth0

eth0      Link encap:Ethernet  HWaddr D6:96:70:0F:5B:68

inet addr:192.168.99.23  Bcast:192.168.99.255  Mask:255.255.255.0

inet6 addr: fe80::d496:70ff:fe0f:5b68/64 Scope:Link

UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

RX packets:64663349 errors:0 dropped:0 overruns:0 frame:0

TX packets:2718145 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:4461473725 (4.1 GiB)  TX bytes:154460825 (147.3 MiB)

Interrupt:23

[[email protected] ~]# yum -y install slapd openldap openldap-* httpd php php-ldap php-gd nscd  nss-pam-ldapd lrzsz pcre pcre-* openldap-devel compat-openldap mysql php-mysql mysql-server php-mbstring php-xml php-bcmath db4 db4-utils

[[email protected] openldap]# cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

[[email protected] openldap]# cp /usr/share/openldap-servers/slapd.conf.obsolete /etc/openldap/slapd.conf

[[email protected] openldap]# slappasswd         #生成openldap cn的md5加密的密码

New password:

Re-enter new password:

{SSHA}PKQau21DcwYc1kAYtXHHkmglDWWJTByB

[[email protected] openldap]# cat /etc/openldap/slapd.conf    #配置文件更改

#

# See slapd.conf(5) for details on configuration options.

# This file should NOT be world readable.

#

include         /etc/openldap/schema/corba.schema

include         /etc/openldap/schema/core.schema

include         /etc/openldap/schema/cosine.schema

include         /etc/openldap/schema/duaconf.schema

include         /etc/openldap/schema/dyngroup.schema

include         /etc/openldap/schema/inetorgperson.schema

include         /etc/openldap/schema/java.schema

include         /etc/openldap/schema/misc.schema

include         /etc/openldap/schema/nis.schema

include         /etc/openldap/schema/openldap.schema

include         /etc/openldap/schema/ppolicy.schema

include         /etc/openldap/schema/collective.schema

# Allow LDAPv2 client connections.  This is NOT the default.

allow bind_v2

# Do not enable referrals until AFTER you have a working directory

# service AND an understanding of referrals.

#referral       ldap://root.openldap.org

pidfile         /var/run/openldap/slapd.pid

argsfile        /var/run/openldap/slapd.args

# Load dynamic backend modules

# - modulepath is architecture dependent value (32/64-bit system)

# - back_sql.la overlay requires openldap-server-sql package

# - dyngroup.la and dynlist.la cannot be used at the same time

# modulepath /usr/lib/openldap

# modulepath /usr/lib64/openldap

# moduleload accesslog.la

# moduleload auditlog.la

# moduleload back_sql.la

# moduleload chain.la

# moduleload collect.la

# moduleload constraint.la

# moduleload dds.la

# moduleload deref.la

# moduleload dyngroup.la

# moduleload dynlist.la

# moduleload memberof.la

# moduleload pbind.la

# moduleload pcache.la

# moduleload ppolicy.la

# moduleload refint.la

# moduleload retcode.la

# moduleload rwm.la

# moduleload seqmod.la

# moduleload smbk5pwd.la

# moduleload sssvlv.la

# moduleload syncprov.la

# moduleload translucent.la

# moduleload unique.la

# moduleload valsort.la

# The next three lines allow use of TLS for encrypting connections using a

# dummy test certificate which you can generate by running

# /usr/libexec/openldap/generate-server-cert.sh. Your client software may balk

# at self-signed certificates, however.

TLSCACertificatePath /etc/openldap/certs

TLSCertificateFile "\"OpenLDAP Server\""

TLSCertificateKeyFile /etc/openldap/certs/password

# Sample security restrictions

#       Require integrity protection (prevent hijacking)

#       Require 112-bit (3DES or better) encryption for updates

#       Require 63-bit encryption for simple bind

# security ssf=1 update_ssf=112 simple_bind=64

# Sample access control policy:

#       Root DSE: allow anyone to read it

#       Subschema (sub)entry DSE: allow anyone to read it

#       Other DSEs:

#               Allow self write access

#               Allow authenticated users read access

#               Allow anonymous users to authenticate

#       Directives needed to implement policy:

# access to dn.base="" by * read

# access to dn.base="cn=Subschema" by * read

# access to *

#       by self write

#       by users read

#       by anonymous auth

#

# if no access controls are present, the default policy

# allows anyone and everyone to read anything but restricts

# updates to rootdn.  (e.g., "access to * by * read")

#

# rootdn can always read and write EVERYTHING!

# enable on-the-fly configuration (cn=config)

database config

access to *

by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage

by * none

# enable server status monitoring (cn=monitor)

database monitor

access to *

by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read

by dn.exact="cn=Manager,dc=my-domain,dc=com" read

by * none

access to *

by dn="cn=admin,dc=jc,dc=com" write

by  anonymous auth

#######################################################################

# database definitions

#######################################################################

database        bdb

suffix          "dc=jc,dc=com"

checkpoint      1024 15

rootdn          "cn=admin,dc=jc,dc=com"

# Cleartext passwords, especially for the rootdn, should

# be avoided.  See slappasswd(8) and slapd.conf(5) for details.

# Use of strong authentication encouraged.

# rootpw                secret

# rootpw                {crypt}ijFYNcSNctBYg

rootpw                  {SSHA}PKQau21DcwYc1kAYtXHHkmglDWWJTByB

# The database directory MUST exist prior to running slapd AND

# should only be accessible by the slapd and slap tools.

# Mode 700 recommended.

directory       /var/lib/ldap

# Indices to maintain for this database

index objectClass                       eq,pres

index ou,cn,mail,surname,givenname      eq,pres,sub

index uidNumber,gidNumber,loginShell    eq,pres

index uid,memberUid                     eq,pres,sub

index nisMapName,nisMapEntry            eq,pres,sub

moduleload syncprov.la

index entryCSN,entryUUID                eq

#master-slave

serverID 001

syncrepl rid=123

provider=ldap://192.168.99.23:389       #这个ip是主服务器ip

type=refreshAndPersist

searchbase="dc=jc,dc=com"

attrs=*

schemachecking=on

bindmethod=simple

binddn="cn=admin,dc=jc,dc=com"

credentials="jc"

retry="60 +"

mirrormode      on

overlay syncprov

syncprov-checkpoint 10 1

# Replicas of this database

#replogfile /var/lib/ldap/openldap-master-replog

#replica host=ldap-1.example.com:389 starttls=critical

#     bindmethod=sasl saslmech=GSSAPI

#     authcId=host/[email protected]

[[email protected] openldap]# rm -rf /etc/openldap/slapd.d/* && slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/

[[email protected] openldap]# chown -R ldap.ldap /etc/openldap/slapd.d

[[email protected] openldap]# chmod -R 000 /etc/openldap/slapd.d

[[email protected] openldap]# chmod -R u+rwX /etc/openldap/slapd.d/

[[email protected] openldap]# slaptest -u

config file testing succeeded

[[email protected] openldap]# chown -R ldap.ldap /var/lib/ldap/

[[email protected] openldap]# /etc/init.d/slapd restart

Stopping slapd:                                            [FAILED]

Starting slapd:                                            [  OK  ]

七、openldap部署---Slave端

[[email protected] ~]# ifconfig eth0

eth0      Link encap:Ethernet  HWaddr E2:E2:00:F0:96:D9

inet addr:192.168.99.22  Bcast:192.168.99.255  Mask:255.255.255.0

inet6 addr: fe80::e0e2:ff:fef0:96d9/64 Scope:Link

UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

RX packets:226380526 errors:0 dropped:0 overruns:0 frame:0

TX packets:175444074 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:19436798674 (18.1 GiB)  TX bytes:16679397193 (15.5 GiB)

Interrupt:23

[[email protected] ~]# yum -y install openldap-servers openldap-clients

[[email protected] ~]# cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

[[email protected] ~]# cp /usr/share/openldap-servers/slapd.conf.obsolete /etc/openldap/slapd.conf

[[email protected] ~]# slappasswd

New password:

Re-enter new password:

{SSHA}sIgCDJ/ASY7/CE3XqB6JKbDWoSwmHdh/

[[email protected] ~]# cat /etc/openldap/slapd.conf

#

# See slapd.conf(5) for details on configuration options.

# This file should NOT be world readable.

#

include         /etc/openldap/schema/corba.schema

include         /etc/openldap/schema/core.schema

include         /etc/openldap/schema/cosine.schema

include         /etc/openldap/schema/duaconf.schema

include         /etc/openldap/schema/dyngroup.schema

include         /etc/openldap/schema/inetorgperson.schema

include         /etc/openldap/schema/java.schema

include         /etc/openldap/schema/misc.schema

include         /etc/openldap/schema/nis.schema

include         /etc/openldap/schema/openldap.schema

include         /etc/openldap/schema/ppolicy.schema

include         /etc/openldap/schema/collective.schema

# Allow LDAPv2 client connections.  This is NOT the default.

allow bind_v2

# Do not enable referrals until AFTER you have a working directory

# service AND an understanding of referrals.

#referral       ldap://root.openldap.org

pidfile         /var/run/openldap/slapd.pid

argsfile        /var/run/openldap/slapd.args

# Load dynamic backend modules

# - modulepath is architecture dependent value (32/64-bit system)

# - back_sql.la overlay requires openldap-server-sql package

# - dyngroup.la and dynlist.la cannot be used at the same time

# modulepath /usr/lib/openldap

# modulepath /usr/lib64/openldap

# moduleload accesslog.la

# moduleload auditlog.la

# moduleload back_sql.la

# moduleload chain.la

# moduleload collect.la

# moduleload constraint.la

# moduleload dds.la

# moduleload deref.la

# moduleload dyngroup.la

# moduleload dynlist.la

# moduleload memberof.la

# moduleload pbind.la

# moduleload pcache.la

# moduleload ppolicy.la

# moduleload refint.la

# moduleload retcode.la

# moduleload rwm.la

# moduleload seqmod.la

# moduleload smbk5pwd.la

# moduleload sssvlv.la

# moduleload syncprov.la

# moduleload translucent.la

# moduleload unique.la

# moduleload valsort.la

# The next three lines allow use of TLS for encrypting connections using a

# dummy test certificate which you can generate by running

# /usr/libexec/openldap/generate-server-cert.sh. Your client software may balk

# at self-signed certificates, however.

TLSCACertificatePath /etc/openldap/certs

TLSCertificateFile "\"OpenLDAP Server\""

TLSCertificateKeyFile /etc/openldap/certs/password

# Sample security restrictions

#       Require integrity protection (prevent hijacking)

#       Require 112-bit (3DES or better) encryption for updates

#       Require 63-bit encryption for simple bind

# security ssf=1 update_ssf=112 simple_bind=64

# Sample access control policy:

#       Root DSE: allow anyone to read it

#       Subschema (sub)entry DSE: allow anyone to read it

#       Other DSEs:

#               Allow self write access

#               Allow authenticated users read access

#               Allow anonymous users to authenticate

#       Directives needed to implement policy:

# access to dn.base="" by * read

# access to dn.base="cn=Subschema" by * read

# access to *

#       by self write

#       by users read

#       by anonymous auth

#

# if no access controls are present, the default policy

# allows anyone and everyone to read anything but restricts

# updates to rootdn.  (e.g., "access to * by * read")

#

# rootdn can always read and write EVERYTHING!

# enable on-the-fly configuration (cn=config)

database config

access to *

by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage

by * none

# enable server status monitoring (cn=monitor)

database monitor

access to *

by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read

by dn.exact="cn=Manager,dc=my-domain,dc=com" read

by * none

access to *

by dn="cn=admin,dc=jc,dc=com" write

by  anonymous auth

#######################################################################

# database definitions

#######################################################################

database        bdb

suffix          "dc=jc,dc=com"

checkpoint      1024 15

rootdn          "cn=admin,dc=jc,dc=com"

# Cleartext passwords, especially for the rootdn, should

# be avoided.  See slappasswd(8) and slapd.conf(5) for details.

# Use of strong authentication encouraged.

# rootpw                secret

# rootpw                {crypt}ijFYNcSNctBYg

rootpw                  {SSHA}sIgCDJ/ASY7/CE3XqB6JKbDWoSwmHdh/

# The database directory MUST exist prior to running slapd AND

# should only be accessible by the slapd and slap tools.

# Mode 700 recommended.

directory       /var/lib/ldap

# Indices to maintain for this database

index objectClass                       eq,pres

index ou,cn,mail,surname,givenname      eq,pres,sub

index uidNumber,gidNumber,loginShell    eq,pres

index uid,memberUid                     eq,pres,sub

index nisMapName,nisMapEntry            eq,pres,sub

moduleload syncprov.la

index entryCSN,entryUUID                eq

serverID 002

syncrepl rid=123

provider=ldap://192.168.99.23:389

type=refreshAndPersist

searchbase="dc=jc,dc=com"

attrs=*

schemachecking=on

bindmethod=simple

binddn="cn=admin,dc=jc,dc=com"

credentials="jc"

retry="60 +"

mirrormode      on

overlay syncprov

# Replicas of this database

#replogfile /var/lib/ldap/openldap-master-replog

#replica host=ldap-1.example.com:389 starttls=critical

#     bindmethod=sasl saslmech=GSSAPI

#     authcId=host/[email protected]

[[email protected] ~]# rm -rf /etc/openldap/slapd.d/* && slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/

[[email protected] ~]# chown -R ldap.ldap /etc/openldap/slapd.d

[[email protected] ~]# chmod -R 000 /etc/openldap/slapd.d

[[email protected] ~]# chmod -R u+rwX /etc/openldap/slapd.d/

[[email protected] ~]# slaptest -u

config file testing succeeded

[[email protected] ~]# chown -R ldap.ldap /var/lib/ldap/

[[email protected] ~]# /etc/init.d/slapd restart

Stopping slapd:                                            [FAILED]

Starting slapd:                                            [  OK  ]

八、openldap使用LAM工具管理:

[[email protected] ~]# cd /var/www/html/

[[email protected] html]# ll ldap-account-manager-3.7.tar.gz selfService.zip

-rw-r--r-- 1 root root 9157357 Dec 28  2012 ldap-account-manager-3.7.tar.gz

-rw-r--r-- 1 root root   19953 May 29  2013 selfService.zip

[[email protected] config]# tar -zxvf ldap-account-manager-3.7.tar.gz && mv ldap-account-manager-3.7 ldap && chown -R apache.apache /var/www/html/ldap && cd ldap && cd config

[[email protected] config]# cp -rf lam.conf_sample lam.conf && cp -rf config.cfg_sample config.cfg && chown -R apache.apache *

[[email protected] config]# cat lam.conf            #备注:红色部分为更改。

# LDAP Account Manager configuration

#

# Please do not modify this file manually. The configuration can be done completely by the LAM GUI.

#

###################################################################################################

# server address (e.g. ldap://localhost:389 or ldaps://localhost:636)

ServerURL: ldap://localhost:389

# list of users who are allowed to use LDAP Account Manager

# names have to be seperated by semicolons

# e.g. admins: cn=admin,dc=yourdomain,dc=org;cn=root,dc=yourdomain,dc=org

Admins: cn=admin,dc=jc,dc=com

# password to change these preferences via webfrontend (default: lam)

Passwd: {SSHA}RjBruJcTxZEdcBjPQdRBkDaSQeY= iueleA==

# suffix of tree view

# e.g. dc=yourdomain,dc=org

treesuffix: dc=jc,dc=com

# default language (a line from config/language)

defaultLanguage: zh_CN.utf8:UTF-8:简体中文 (中国)

# Path to external Script

scriptPath:

# Server of external Script

scriptServer:

# Access rights for home directories

scriptRights: 750

# Number of minutes LAM caches LDAP searches.

cachetimeout: 5

# LDAP search limit.

searchLimit: 0

# Module settings

modules: posixAccount_minUID: 10000

modules: posixAccount_maxUID: 30000

modules: posixAccount_minMachine: 50000

modules: posixAccount_maxMachine: 60000

modules: posixGroup_minGID: 10000

modules: posixGroup_maxGID: 20000

modules: posixGroup_pwdHash: SSHA

modules: posixAccount_pwdHash: SSHA

# List of active account types.

activeTypes: user,group,host,smbDomain

types: suffix_user: ou=People,dc=jc,dc=com

types: attr_user: #uid;#givenName;#sn;#uidNumber;#gidNumber

types: modules_user: inetOrgPerson,posixAccount,shadowAccount,sambaSamAccount

types: suffix_group: ou=group,dc=jc,dc=com

types: attr_group: #cn;#gidNumber;#memberUID;#description

types: modules_group: posixGroup,sambaGroupMapping

types: suffix_host: ou=machines,dc=jc,dc=com

types: attr_host: #cn;#description;#uidNumber;#gidNumber

types: modules_host: account,posixAccount,sambaSamAccount

types: suffix_smbDomain: dc=jc,dc=com

types: attr_smbDomain: sambaDomainName:Domain name;sambaSID:Domain SID

types: modules_smbDomain: sambaDomain

# Password mail subject

lamProMailSubject: Your password was reset

# Password mail text

lamProMailText: Dear @@[email protected]@ @@[email protected]@,+::++::+your password was reset to: @@[email protected]@+::++::++::+Best regards+::++::+deskside support+::+

# enable TLS encryption

useTLS: no

# Access level for this profile.

accessLevel: 100

# Login method.

loginMethod: list

# Search suffix for LAM login.

loginSearchSuffix: dc=yourdomain,dc=org

# Search filter for LAM login.

loginSearchFilter: uid=%USER%

# Bind DN for login search.

loginSearchDN:

# Bind password for login search.

loginSearchPassword:

# HTTP authentication for LAM login.

httpAuthentication: false

# Password mail from

lamProMailFrom:

# Password mail reply-to

lamProMailReplyTo:

# Password mail is HTML

lamProMailIsHTML: false

[[email protected] config]# cp -rf /var/www/html/selfService.zip /var/www/html/ldap/templates/

[[email protected] templates]# unzip -o selfService.zip

Archive:  selfService.zip

inflating: selfService/adminLogin.php

inflating: selfService/adminMain.php

inflating: selfService/profManage.php

inflating: selfService/selfServiceLogin.php

inflating: selfService/selfServiceMain.php

inflating: selfService/selfServiceSP.php

[[email protected] templates]# chown -R ldap.ldap selfService

[[email protected] templates]# /etc/init.d/slapd restart

[[email protected] templates]# /etc/init.d/httpd restart

[[email protected] templates]# netstat -lntp|grep 389

tcp        0      0 0.0.0.0:389                 0.0.0.0:*                   LISTEN      3397/slapd

tcp        0      0 :::389                      :::*                        LISTEN      3397/slapd

[[email protected] templates]# netstat -lntp|grep 80

tcp        0      0 :::80                       :::*                        LISTEN      3476/httpd

八:#访问openldap管理页面:http://192.168.99.23/ldap  并且添加一个账户jiechao,做同步测试用。

九、Master-Slave测试是否同步:

时间: 2024-10-02 23:52:19

实战部署openldap主从架构的相关文章

实战项目——mysql主从架构的实现

一主一从 1.1 环境准备: centos系统服务器2台. 一台用户做Mysql主服务器, 一台用于做Mysql从服务器, 配置好yum源. 防火墙关闭. 各节点时钟服务同步. 各节点之间可以通过主机名互相通信 1.2 准备步骤: 1)iptables -F && setenforce 清空防火墙策略,关闭selinux 2)拿两台服务器都使用yum方式安装Mysql服务, 要求版本一致 3)分别启动两台服务器mysql服务, 确保服务正常 架构图: 1.3 实现步骤: 1.3.1 配置m

使用python3脚本部署mariadb主从架构

环境准备 一个脚本自动部署master服务 另一个部署slave服务 关闭主从节点的防火墙 以及事先设置好root远程登陆的权限. master import paramikossh=paramiko.SSHClient()ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())ssh.connect(hostname='192.168.253.180',port=22,username='root',password='369369yn

python部署mariadb主从架构

主机部署: import configparser import os def config_mariadb_yum(): exists = os.path.exists('/etc/yum.repos.d/mariadb.repo') if exists: print('mariadb.repo文件已经存在') yum_install_mariadb() else: config = configparser.ConfigParser() config.read('/etc/yum.repos

shell脚本--lnmp架构-实战部署

 shell脚本实战                                 ----一键部署LNMP架构 LNMP使用shell实战部署,直接上主题,首先需要准备的包文件,我这里命名为zhunbei的文件. zhunbei文件内容: gcc gcc-c++ automake autoconf libtool make openssl openssl-devel mhash-devel libxslt-devel libjpeg libjpeg-devel libpng libpng-d

公开课视频-《第03章 部署-IT基础架构》-大企业云桌面部署实战-在线培训-视频(奉献)

********************************** 在线-培训班-视频:(已完结) ********************************** 2017-03-25-第01章 规划.mp4 2017-03-28-第02章 准备-环境.mp4 2017-04-16-第03章 部署-IT基础架构.mp4 链接:http://pan.baidu.com/s/1hrDDFbm 密码:hgdw ********************************** 公开课已讲课程

Redis 实战搭建高可用架构

前言:最近在看关于redis缓存方面的知识,今天就来个 Redis sentinel 高可用架构,实战开始之前,先看看sentinel的概念 什么是redis-sentinel Redis-Sentinel是Redis官方推荐的高可用性(HA)解决方案,当用Redis做Master-slave的高可用方案时,假如master宕机了,Redis本身(包括它的很多客户端)都没有实现自动进行主备切换,而Redis-sentinel本身也是一个独立运行的进程,它能监控多个master-slave集群,发

基于LNAMP环境搭建discuz论坛并部署mysql主从

这几天看见个题目:有两台服务器,其中一台部署apache+php+nginx+discuz,另外一台单独跑mysql数据库,其中nginx监听80端口,负责跑静态网页,apache监听88端口,负责跑动态网页(php相关)并且由nginx代理.最后在A设备上安装一个mysql数据库与B设备上的数据库构成mysql主从架构. 实验环境: 1.VMware Workstation 10 2.真机IP:192.168.0.113 2.设备A:nginx+apache+php+discuz+mysql,

OpenStack Icehouse私有云实战部署

前言 相信你一定对"云主机"一词并不陌生吧,通过在Web页面选择所需主机配置,即可快速定制一台属于自己的虚拟主机,并实现登陆操作,大大节省了物理资源.但这一过程是如何实现的呢?本文带来OpenStack Icehouse私有云实战部署. OpenStack 简介 OpenStack是由网络主机服务商Rackspace和美国宇航局联合推出的一个开源项目,OpenStack的目标是为所有类型的云提供一个易于实施,可大规模扩展,且功能丰富的解决方案,任何公司或个人都可以搭建自己的云计算环境(

基于LVS-DR模型实现keepalived的主从架构

在一个系统中,常常存在一些单点服务器,为了提高整个系统的稳定性,我们常常需要对这些单点服务做高可用配置,keepalived即为一种常用的高可用配置服务. 首先我们来了解一下神马是keepalived? keepalived是一个基于VRRP协议来实现的WEB服务高可用方案,可以利用其来避免单点故障.使用多台节点安装keepalived.其他的节点用来提供真实的服务,同样的,他们对外表现一个虚拟的IP.主服务器宕机的时候,备份服务器就会接管虚拟IP,继续提供服务,从而保证了高可用性. keepa