Ams
De Admin -- TALEVAS.
Version du 9 octobre 2012 à 14:33 par Admin (discuter | contributions)
Sommaire |
Admin
admin.prod.allmyski.info
newaliases
Installation
lvcreate -L10G -ngit vg mkfs.ext3 /dev/mapper/vg-git mkdir /home/config echo "/dev/mapper/vg-git /home/config ext3 defaults 0 0" >> /etc/fstab mount /home/config lvcreate -L 100G -nfrontlog vg mkfs.ext3 /dev/mapper/vg-frontlog mkdir /home/log echo "/dev/mapper/vg-frontlog /home/log ext3 defaults 0 0" >> /etc/fstab mount /home/log lvcreate -L 100G -nbackup vg mkfs.ext3 /dev/mapper/vg-backup mkdir /home/backup echo "/dev/mapper/vg-backup /home/backup ext3 defaults 0 0" >> /etc/fstab mount /home/backup rm -rf /home/backup/lost* rm -rf /home/log/lost* rm -rf /home/config/lost* rm -rf /home/lost* rm -rf /tmp/lost* apt-get update apt-get install tree htop zip openntpd git-core proftpd rsnapshot apt-get install -yq openvpn
http://doc.ubuntu-fr.org/openvpn
git config --global user.name "Damien" git config --global user.email "damien@talevas.com" git config --global core.autocrlf input git config --global core.safecrlf true
backups
Tout les jours à 3h30 on récupère le contenu de /var/www/upload dans /home/backup/. Toutes les semaines (le Lundi à 4h ) on archive une version.
mkdir /home/backup/front/ cat /etc/cron.d/rsnapshot # This is a sample cron file for rsnapshot. # The values used correspond to the examples in /etc/rsnapshot.conf. # There you can also set the backup points and many other things. # # To activate this cron file you have to uncomment the lines below. # Feel free to adapt it to your needs. 30 3 * * * root /usr/bin/rsnapshot -c /etc/rsnapshot-front.conf daily 0 4 * * 1 root /usr/bin/rsnapshot -c /etc/rsnapshot-front.conf weekly
Ainsi les archives sont consultables dans /home/backup/ et s'ordonnent ainsi :
tree /home/backup/
.
└── front
├── daily.0
│ └── var
│ └── www
│ └── upload
└── daily.1
└── var
└── www
└── upload
Frontaux
front01.prod.allmyski.info -- front02.prod.allmyski.info
rm -rf /home/lost* rm -rf /tmp/lost* apt-get update apt-get install openvpn apt-get install htop tree nfs-client openntpd htop php5 php5-mysql python-soappy python heartbeat haproxy memcached ldirectord lvcreate -L 50G -nwww vg mkfs.ext3 /dev/mapper/vg-www echo "/dev/mapper/vg-www /var/www ext3 defaults 0 0" >> /etc/fstab mount /var/www rm -rf /var/www/lost* mkdir /var/www/upload/ # mount -t nfs 10.16.101.6:/nas-000108/mininas-001386 /var/www/upload/ echo "10.16.101.6:/nas-000108/mininas-001386 /var/www/upload/ nfs rw,_netdev,mountproto=tcp 0 0 " >>/etc/fstab mount /var/www/upload
a2enmod rewrite service apache2 restart
ajout de l'ip FailOver
#vim /etc/network/interfaces
auto eth0:0
iface eth0:0 inet static
address 87.98.251.179
netmask 255.255.255.255
broadcast 87.98.251.179
chmod +x /etc/ha.d/front01.failover.py chmod +x /etc/ha.d/front02.failover.py chmod +x /etc/ha.d/resource.d/IPaddrFO
commiter toute la partie HaProxy y compris.
/etc/default/haproxy
/usr/lib/ocf/resource.d/heartbeat/IPaddrFO
A valdier
ServerTokens Prod
MONIT
PHP 5.4
<cib epoch="10" num_updates="1" admin_epoch="0" validate-with="pacemaker-1.2" crm_feature_set="3.0.5" update-origin="front01.prod.allmyski.info" update-client="cibadmin" cib-last-written="Mon Oct 8 11:40:50 2012" have-quorum="1" dc-uuid="c2032697-6411-4735-be3d-d3f16349b485">
<configuration>
<crm_config>
<cluster_property_set id="cib-bootstrap-options">
<nvpair id="cib-bootstrap-options-dc-version" name="dc-version" value="1.1.6-9971ebba4494012a93c03b40a2c58ec0eb60f50c"/>
<nvpair id="cib-bootstrap-options-cluster-infrastructure" name="cluster-infrastructure" value="Heartbeat"/>
</cluster_property_set>
</crm_config>
<nodes>
<node id="c2032697-6411-4735-be3d-d3f16349b485" type="normal" uname="front01.prod.allmyski.info"/>
<node id="ef24c295-5bf3-4efa-b4ff-5413e70ce0a0" type="normal" uname="front02.prod.allmyski.info"/>
</nodes>
<resources>
<primitive class="lsb" id="haproxy" type="haproxy">
<operations>
<op id="haproxy-monitor-1s" interval="1s" name="monitor"/>
</operations>
</primitive>
</resources>
<constraints>
<rsc_colocation id="haproxy-with-public-IPs" rsc="haproxy" score="INFINITY" with-rsc="failover-ip"/>
<rsc_order first="failover-ip" id="haproxy-after-IP" score="INFINITY" then="haproxy"/>
</constraints>
<rsc_defaults>
<meta_attributes id="rsc-options">
<nvpair id="rsc-options-resource-stickiness" name="resource-stickiness" value="100"/>
</meta_attributes>
</rsc_defaults>
</configuration>
<status>
<node_state id="c2032697-6411-4735-be3d-d3f16349b485" uname="front01.prod.allmyski.info" ha="active" in_ccm="true" crmd="online" join="member" expected="member" crm-debug-origin="do_state_transition" shutdown="0">
<transient_attributes id="c2032697-6411-4735-be3d-d3f16349b485">
<instance_attributes id="status-c2032697-6411-4735-be3d-d3f16349b485">
<nvpair id="status-c2032697-6411-4735-be3d-d3f16349b485-probe_complete" name="probe_complete" value="true"/>
</instance_attributes>
</transient_attributes>
<lrm id="c2032697-6411-4735-be3d-d3f16349b485">
<lrm_resources>
<lrm_resource id="failover-ip" type="IPaddrFO" class="ocf" provider="heartbeat">
<lrm_rsc_op id="failover-ip_last_0" operation_key="failover-ip_monitor_0" operation="monitor" crm-debug-origin="build_active_RAs" crm_feature_set="3.0.5" transition-key="4:3:7:435c0652-727e-4f25-97c9-700ccbf60c97" transition-magic="0:7;4:3:7:435c0652-727e-4f25-97c9-700ccbf60c97" call-id="2" rc-code="7" op-status="0" interval="0" op-digest="8ce385c47ac3d840d034c58ed9c92acf"/>
</lrm_resource>
</lrm_resources>
</lrm>
</node_state>
<node_state id="ef24c295-5bf3-4efa-b4ff-5413e70ce0a0" uname="front02.prod.allmyski.info" ha="dead" in_ccm="false" crmd="offline" join="down" crm-debug-origin="do_state_transition"/>
</status>
</cib>
<configuration>
<crm_config>
<cluster_property_set id="cib-bootstrap-options">
<nvpair id="cib-bootstrap-options-dc-version" name="dc-version" value="1.1.6-9971ebba4494012a93c03b40a2c58ec0eb60f50c"/>
<nvpair id="cib-bootstrap-options-cluster-infrastructure" name="cluster-infrastructure" value="Heartbeat"/>
</cluster_property_set>
</crm_config>
<nodes>
<node id="c2032697-6411-4735-be3d-d3f16349b485" type="normal" uname="front01.prod.allmyski.info"/>
<node id="ef24c295-5bf3-4efa-b4ff-5413e70ce0a0" type="normal" uname="front02.prod.allmyski.info"/>
</nodes>
<resources>
<primitive class="lsb" id="haproxy" type="haproxy">
<operations>
<op id="haproxy-monitor-1s" interval="1s" name="monitor"/>
</operations>
</primitive>
</resources>
<constraints>
<rsc_colocation id="haproxy-with-public-IPs" rsc="haproxy" score="INFINITY" with-rsc="failover-ip"/>
<rsc_order first="failover-ip" id="haproxy-after-IP" score="INFINITY" then="haproxy"/>
</constraints>
<rsc_defaults>
<meta_attributes id="rsc-options">
<nvpair id="rsc-options-resource-stickiness" name="resource-stickiness" value="100"/>
</meta_attributes>
</rsc_defaults>
</configuration>
Databases
db01.ams.talevas.com -- db02.ams.talevas.com
# creation de l'espace disque lvcreate -L50G -nmysql vg lvcreate -L10G -nbinlog vg mkfs.ext3 /dev/mapper/vg-mysql mkfs.ext3 /dev/mapper/vg-binlog mkdir /var/lib/mysql mkdir /var/log/mysql-binlog echo "/dev/mapper/vg-mysql /var/lib/mysql ext3 defaults 0 0" >> /etc/fstab echo "/dev/mapper/vg-binlog /var/log/mysql-binlog ext3 defaults 0 0" >> /etc/fstab mount /var/lib/mysql mount /var/log/mysql-binlog chown mysql:mysql /var/log/mysql-binlog/ rm -rf /var/lib/mysql/lost* rm -rf /home/lost* rm -rf /tmp/lost* rm -rf /var/log/mysql-binlog/lost* # installation de Mysql apt-get update apt-get install -yq openvpn openntpd htop apt-get install -yq mysql-server # DB01 iptables -A INPUT -p tcp -s 188.165.240.126 --dport 3306 -j ACCEPT # DB02 iptables -A INPUT -p tcp -s 188.165.241.29 --dport 3306 -j ACCEPT # front01 iptables -A INPUT -p tcp -s 94.23.12.228 --dport 3306 -j ACCEPT # front02 iptables -A INPUT -p tcp -s 94.23.241.220 --dport 3306 -j ACCEPT # admin iptables -A INPUT -p tcp -s 91.121.8.205 --dport 3306 -j ACCEPT iptables -A INPUT -p tcp --dport 3306 -j DROP iptables-save > /etc/iptables.rules
# recup des données openvpn depuis le master scp admin.ams.talevas.com:/home/config/db02/etc/openvpn/* /etc/openvpn/ /etc/init.d/openvpn start
Procédure de bascule
couper le master
iptables partout
allow writes sur le slave
suppression du fichier de conf
pointage des frontaux
édition du fichier host
Le script
#!/bin/bash
ServerList="front01.prod.allmyski.info front02.prod.allmyski.info"
MasterDb="db01.prod.allmyski.info"
SlaveDb="db02.prod.allmyski.info"
# couper le master => IPTABLES sur les frontaux
for server in $ServerList
do
echo "$server => iptables -A OUTPUT -p tcp -d 188.165.241.29 -j DROP"
ssh $server "iptables -A OUTPUT -p tcp -d 188.165.241.29 -j DROP"
done
# supression du read_only sur le slave
# restart du slave
echo "supression du read_only sur le slave"
ssh $SlaveDb "rm /etc/mysql/conf.d/slave.cnf; service mysql restart"
# changement du master dans les fichiers host des frontaux
for server in $ServerList
do
echo "On change l'entree master pour le front $server."
ssh $server "cp /etc/hosts /etc/hosts.ori"
ssh $server "echo '188.165.241.29 $MasterDb' >> /etc/hosts"
done
