4. Config OpenLdap Keepalived for Master-Master model

--- slideOptions: transition: slide theme: night tags: LDAP-Series, Configure, Tutorial type: title: 4. Config OpenLdap Keepalived for Master-Master model --- <style> .reveal section img { background: transparent!important; border: none!important; box-shadow: none!important; } </style> # Cấu hình triển khai Keepalived cho mô hình LDAP Master-Master ## Mô hình ![](https://i.imgur.com/wBZSgy1.png) ## Chuẩn bị - Cài trên 2 server tương đương với 2 node với cấu hình như sau: - Node 1: > HostName: ldap-01(Master) > CPU: 2 cores > Ram: 2Gb > Disk: 30Gb > Network: eth0: Network access (10.10.10.94) - Node 2: > HostName: ldap-02(Master) > CPU: 2 cores > Ram: 2Gb > Disk: 30Gb > Network: eth0: Network access (10.10.10.96) - Cài đặt theo mô hình Master-Master theo hướng dẫn tại đây: [Cấu hình triển khai OpenLdap theo mô hình Master-Master](https://hackmd.io/@badguys/HkxrzIjc_) ---- ## Cài đặt ### Tại node Master(10.10.10.94) - Bước 1: Cài đặt keepalived ```ssh yum install keepalived -y ``` - Bước 2: Cấu hình keepalived ```ssh cat > /etc/keepalived/keepalived.conf << EOF vrrp_script chk_ldap { script "/usr/sbin/pidof slapd" interval 2 weight 2 } vrrp_instance VI_1 { interface eth0 state MASTER virtual_router_id 51 priority 101 virtual_ipaddress { 10.10.10.94/24 } track_script { chk_ldap } } EOF ``` - Bước 3: Khởi động lại keepalived ```ssh systemctl restart keepalived ``` - Lưu ý: Để hiểu thêm các tham số khi cấu hình Keepalive, tham khảo [Link](https://blog.cloud365.vn/linux/haproxy-keepalived-apache/) ### Tại node Master(10.10.10.96) - Bước 1: Cài đặt keepalived ```ssh yum install keepalived -y ``` - Bước 2: Cấu hình keepalived ```ssh cat > /etc/keepalived/keepalived.conf << EOF vrrp_script chk_ldap { script "/usr/sbin/pidof slapd" interval 2 weight 2 } vrrp_instance VI_1 { interface eth0 state MASTER virtual_router_id 51 priority 101 virtual_ipaddress { 10.10.10.96/24 } track_script { chk_ldap } } EOF ``` - Bước 3: Khởi động lại keepalived ```ssh systemctl restart keepalived ``` - Lưu ý: Để hiểu thêm các tham số khi cấu hình Keepalive, tham khảo [Link](https://blog.cloud365.vn/linux/haproxy-keepalived-apache/) ---- ## Kiểm tra ### Kiểm tra IP VIP Kiểm tra tại node LDAP Master 94, mặc định Node LDAP Master 94 sẽ nắm IP VIP ```ssh ip a | grep eth0 -A 2 ``` Kết quả: ```ssh [root@ldap_94 keepalived]# ip a | grep eth0 -A 2 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 52:54:00:aa:18:a4 brd ff:ff:ff:ff:ff:ff inet 10.10.10.94/24 brd 10.10.10.255 scope global noprefixroute eth0 valid_lft forever preferred_lft forever inet 10.10.10.97/24 scope global secondary eth0 valid_lft forever preferred_lft forever inet6 fe80::af05:e497:90d6:44f7/64 scope link noprefixroute ``` Kiểm tra tại node LDAP Master 96 ```ssh ip a | grep eth0 -A 2 ``` Kết quả: ```ssh [root@ldap_96 keepalived]# ip a | grep eth0 -A 2 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 52:54:00:b5:c2:6b brd ff:ff:ff:ff:ff:ff inet 10.10.10.96/24 brd 10.10.10.255 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::5054:ff:feb5:c26b/64 scope link ``` ### Kiểm tra Failover Tắt Node LDAP Master 94, kiểm tra IP VIP thay đổi ```ssh [root@ldap_94 ~]# init 0 ``` Trở lại kiểm tra Node LDAP Master 96 ```ssh ip a | grep eth0 -A 2 ``` Kết quả: ```ssh [root@ldap_96 ~]# ip a | grep eth0 -A 2 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 52:54:00:b5:c2:6b brd ff:ff:ff:ff:ff:ff inet 10.10.10.96/24 brd 10.10.10.255 scope global eth0 valid_lft forever preferred_lft forever inet 10.10.10.97/24 scope global secondary eth0 valid_lft forever preferred_lft forever inet6 fe80::5054:ff:feb5:c26b/64 scope link ``` Tại node LDAP Master 96, truy vấn dữ liệu bằng IP VIP ```ssh ldapsearch -x -h 10.10.10.97 -b "dc=nhanhoa,dc=local" -s sub "(objectclass=person)" ``` Kết quả: ```ssh [root@ldap_96 ~]# ldapsearch -x -h 10.10.10.97 -b "dc=nhanhoa,dc=local" -s sub "(objectclass=person)" # extended LDIF # # LDAPv3 # base <dc=nhanhoa,dc=local> with scope subtree # filter: (objectclass=person) # requesting: ALL # # thanhbaba, Tests, nhanhoa.local dn: cn=thanhbaba,ou=Tests,dc=nhanhoa,dc=local objectClass: person objectClass: inetOrgPerson mail: thanhbaba@test.com cn: thanhbaba sn: thanhbaba # thanhbaba2, Tests, nhanhoa.local dn: cn=thanhbaba2,ou=Tests,dc=nhanhoa,dc=local objectClass: person objectClass: inetOrgPerson mail: thanhbaba2@test.com cn: thanhbaba2 sn: thanhbaba2 # search result search: 2 result: 0 Success # numResponses: 3 # numEntries: 2 ```