Kerberos HA高可用配置

2021-10-04 20:06:33 字數 2619 閱讀 5301

data80


data81


data82


data83

/etc/krb5.conf

includedir /etc/krb5.conf.d/


[logging]


default = file:/var/log/krb5libs.log


kdc = file:/var/log/krb5kdc.log


admin_server = file:/var/log/kadmind.log


[libdefaults]


dns_lookup_realm = false


ticket_lifetime = 24h


renew_lifetime = 7d


forwardable = true


rdns = false


pkinit_anchors = /etc/pki/tls/certs/ca-bundle.crt


default_realm = hadoop.com


default_ccache_name = keyring:persistent:%


[realms]


hadoop.com =
sudo scp /etc/krb5.conf  data81:/etc/


sudo scp /etc/krb5.conf  data82:/etc/


sudo scp /etc/krb5.conf  data83:/etc/
kdb5_util create -r hadoop.com -s
chkconfig --level 35 krb5kdc on


chkconfig --level 35 kadmin on


service krb5kdc start


service kadmin start
sudo kadmin.local


kadmin.local:  addprinc -randkey host/[email protected]


kadmin.local:  addprinc -randkey host/[email protected]


kadmin.local:  ktadd  host/[email protected]


kadmin.local:  ktadd  host/[email protected]
使用隨機生成秘鑰的方式建立同步賬號,並使用ktadd命令生成同步賬號的keytab檔案,預設檔案生成在/etc/krb5.keytab下

注意: .k5.hadoop.com 為隱藏檔案,一定不要忘記拷貝

在/var/kerberos/krb5kdc/kpropd.acl配置檔案中新增對應賬戶,如果配置檔案不存在則新增

cd /var/kerberos/krb5kdc


sudo vim kpropd.acl


host/[email protected]


host/[email protected]
sudo systemctl enable kprop


sudo systemctl start kprop


sudo systemctl status kprop
sudo kdb5_util dump /var/kerberos/krb5kdc/master.dump
匯出成功後生成master.dump和master.dump.dump_ok兩個檔案。

sudo kprop -f /var/kerberos/krb5kdc/master.dump -d -p 754  data81
-rw-------. 1 root root 3769 apr  8 01:25 from_master


-rw-------. 1 root root   22 apr  8 00:22 kadm5.acl


-rw-------. 1 root root  451 sep 14  2019 kdc.conf


-rw-r--r--. 1 root root   46 apr  8 00:27 kpropd.acl


-rw-------. 1 root root 8192 apr  8 01:25 principal


-rw-------. 1 root root 8192 apr  8 01:25 principal.kadm5


-rw-------. 1 root root    0 apr  8 00:29 principal.kadm5.lock


-rw-------. 1 root root    0 apr  8 01:25 principal.ok
在備節點的/var/kerberos/krb5kdc目錄下增加了如下檔案:

crontab -e


*/5 * * * * root/var/kerberos/krb5kdc/kprop_sync.sh >/var/kerberos/krb5kdc/lastupdate

Keepalived Nginx高可用配置

很久就想試試keepalived nginx高可用怎麼配置,一直沒有動手。正所謂 紙上得來終覺淺,絕知此事要躬行 so let s go,step by step.主要需要keepalived nginx apache,所以要安裝這幾個。我用的centos7的虛擬機器。ip和埠規劃如下 作用ip 埠...

高可用HA配置

注意 在此之前zookeeper要配置好 1.首先我們修改core site.xml檔案 1 指定hdfs的nameservice為mycluster fs.defaultfs hdfs mycluster 2 指定hadoop臨時目錄 hadoop.tmp.dir home master hado...

Keppalived高可用配置

note keepalived軟體起初是專為lvs負載均衡軟體設計的,用來管理並監控lvs集群系統中各個服務節點的狀態,後來又加入了可以實現高可用的vrrp功能。因此,keepalived除了能夠管理lvs軟體外,還可以作為其他服務 例如 nginx haproxy mysql等 的高可用解決方案軟...