标签:begin arp def 查看 管理员 mamicode 转发 host usr
kingbaseES R3集群防火墙配置案例
案例环境:
操作系统:
[root@node1 ~]# cat /etc/centos-release
CentOS Linux release 7.2.1511 (Core)
数据库:
test=# select version();
version
-----------------------------------------------------------------------------------------
Kingbase V008R003C002B0270 on x86_64-unknown-linux-gnu, compiled by gcc (GCC) 4.1.2 20080704 (Red Hat 4.1.2-46), 64-bit
(1 row)
案例说明:
1)对于集群节点之间需要在kingbasecluster、watchdog、kingbase数据库服务进行通讯。
2)对于防火墙在可以关闭的情况下,可以在部署集群之前关闭防火墙。
3)不能关闭防火墙的注意在防火墙规则中配置集群服务通讯端口。
在部署集群是需要防火墙配置的通讯端口如下:
1、系统防火墙启动
[root@node1 ~]# firewall-cmd --list-all
FirewallD is not running
[root@node1 ~]# systemctl start firewalld
You have mail in /var/spool/mail/root
[root@node1 ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: active (running) since Mon 2021-03-01 12:04:30 CST; 8s ago
Main PID: 2899 (firewalld)
CGroup: /system.slice/firewalld.service
└─2899 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
Mar 01 12:04:29 node1 systemd[1]: Starting firewalld - dynamic firewall daemon...
Mar 01 12:04:30 node1 systemd[1]: Started firewalld - dynamic firewall daemon.
2、查看防火墙规则
[root@node1 ~]# firewall-cmd --list-all
public (default, active)
interfaces: enp0s3 enp0s8
sources:
services: dhcpv6-client ssh
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
3、配置端口转发规则
[root@node1 ~]# firewall-cmd --permanent --zone=public --add-port=9999/tcp --add-port=9000/tcp --add-port=54321/tcp --add-port=9898/tcp --add-port=9694/udp
success
[root@node1 ~]# firewall-cmd --list-all
public (default, active)
interfaces: enp0s3 enp0s8
sources:
services: dhcpv6-client ssh
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
刷新防火墙规则:
[root@node1 ~]# firewall-cmd --reload
success
查看防火墙规则:
[root@node1 ~]# firewall-cmd --list-all
public (default, active)
interfaces: enp0s3 enp0s8
sources:
services: dhcpv6-client ssh
ports: 9999/tcp 9000/tcp 54321/tcp 9898/tcp 9694/udp
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
4、启动集群服务
[kingbase@node1 bin]$ ./kingbase_monitor.sh start
-----------------------------------------------------------------------
2021-03-01 12:14:14 KingbaseES automation beging...
ping trust ip 192.168.7.1 success ping times :[3], success times:[2]
ping trust ip 192.168.7.1 success ping times :[3], success times:[2]
start crontab kingbase position : [1]
Redirecting to /bin/systemctl restart crond.service
start crontab kingbase position : [2]
Redirecting to /bin/systemctl restart crond.service
ADD VIP NOW AT 2021-03-01 12:13:45 ON enp0s3
execute: [/sbin/ip addr add 192.168.7.245/24 dev enp0s3 label enp0s3:2]
execute: /home/kingbase/cluster/kha/db/bin/arping -U 192.168.7.245 -I enp0s3 -w 1
ARPING 192.168.7.245 from 192.168.7.245 enp0s3
Sent 1 probes (1 broadcast(s))
Received 0 response(s)
ping vip 192.168.7.245 success ping times :[3], success times:[2]
ping vip 192.168.7.245 success ping times :[3], success times:[3]
ksql: could not connect to server: No route to host
Is the server running on host "192.168.7.249" and accepting
TCP/IP connections on port 54322?
ksql: could not connect to server: No route to host
Is the server running on host "192.168.7.249" and accepting
TCP/IP connections on port 54322?
ksql: could not connect to server: No route to host
Is the server running on host "192.168.7.249" and accepting
TCP/IP connections on port 54322?
ksql: could not connect to server: No route to host
Is the server running on host "192.168.7.249" and accepting
TCP/IP connections on port 54322?
ksql: could not connect to server: No route to host
Is the server running on host "192.168.7.249" and accepting
TCP/IP connections on port 54322?
ksql: could not connect to server: No route to host
Is the server running on host "192.168.7.249" and accepting
TCP/IP connections on port 54322?
ksql: could not connect to server: No route to host
Is the server running on host "192.168.7.249" and accepting
TCP/IP connections on port 54322?
ksql: could not connect to server: No route to host
Is the server running on host "192.168.7.249" and accepting
TCP/IP connections on port 54322?
ksql: could not connect to server: No route to host
Is the server running on host "192.168.7.249" and accepting
TCP/IP connections on port 54322?
ksql: could not connect to server: No route to host
Is the server running on host "192.168.7.249" and accepting
TCP/IP connections on port 54322?
There are no 1 standbys in sys_stat_replication, please check all the standby servers replica from primary
如上所示,集群启动故障,因为数据库服务监听端口使用了非默认的54321,而是54322,在防火墙规则中没有添加54322/tcp的端口转发,导致无法和另外节点的kingbaseES数据库服务通讯,启动失败。
5、添加新的端口转发规则
[root@node1 ~]# firewall-cmd --permanent --zone=public --add-port=54322/tcp
success
[root@node1 ~]# firewall-cmd --reload
success
[root@node1 ~]# firewall-cmd --list-all
public (default, active)
interfaces: enp0s3 enp0s8
sources:
services: dhcpv6-client ssh
ports: 54322/tcp 9694/udp 54321/tcp 9000/tcp 9898/tcp 9999/tcp
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
重新启动集群:
[kingbase@node1 bin]$ ./kingbase_monitor.sh restart
-----------------------------------------------------------------------
2021-03-01 12:17:27 KingbaseES automation beging...
2021-03-01 12:17:27 stop kingbasecluster [192.168.7.248] ...
DEL VIP NOW AT 2021-03-01 12:17:28 ON enp0s3
No VIP on my dev, nothing to do.
2021-03-01 12:17:28 Done...
2021-03-01 12:17:28 stop kingbasecluster [192.168.7.249] ...
DEL VIP NOW AT 2021-03-01 12:16:41 ON enp0s3
No VIP on my dev, nothing to do.
2021-03-01 12:17:29 Done...
2021-03-01 12:17:29 stop kingbase [192.168.7.248] ...
set /home/kingbase/cluster/kha/db/data down now...
2021-03-01 12:17:32 Done...
2021-03-01 12:17:33 Del kingbase VIP [192.168.7.245/24] ...
DEL VIP NOW AT 2021-03-01 12:17:34 ON enp0s3
No VIP on my dev, nothing to do.
2021-03-01 12:17:34 Done...
2021-03-01 12:17:34 stop kingbase [192.168.7.249] ...
set /home/kingbase/cluster/kha/db/data down now...
2021-03-01 12:17:39 Done...
2021-03-01 12:17:40 Del kingbase VIP [192.168.7.245/24] ...
DEL VIP NOW AT 2021-03-01 12:16:53 ON enp0s3
execute: [/sbin/ip addr del 192.168.7.245/24 dev enp0s3]
Oprate del ip cmd end.
2021-03-01 12:17:40 Done...
......................
all stop..
ping trust ip 192.168.7.1 success ping times :[3], success times:[2]
ping trust ip 192.168.7.1 success ping times :[3], success times:[2]
start crontab kingbase position : [1]
Redirecting to /bin/systemctl restart crond.service
start crontab kingbase position : [2]
Redirecting to /bin/systemctl restart crond.service
ADD VIP NOW AT 2021-03-01 12:17:08 ON enp0s3
execute: [/sbin/ip addr add 192.168.7.245/24 dev enp0s3 label enp0s3:2]
execute: /home/kingbase/cluster/kha/db/bin/arping -U 192.168.7.245 -I enp0s3 -w 1
ARPING 192.168.7.245 from 192.168.7.245 enp0s3
Sent 1 probes (1 broadcast(s))
Received 0 response(s)
ping vip 192.168.7.245 success ping times :[3], success times:[2]
ping vip 192.168.7.245 success ping times :[3], success times:[2]
now,there is a synchronous standby.
wait kingbase recovery 5 sec...
start crontab kingbasecluster line number: [2]
Redirecting to /bin/systemctl restart crond.service
start crontab kingbasecluster line number: [3]
Redirecting to /bin/systemctl restart crond.service
......................
all started..
...
now we check again
=======================================================================
| ip | program| [status]
[ 192.168.7.248]| [kingbasecluster]| [active]
[ 192.168.7.249]| [kingbasecluster]| [active]
[ 192.168.7.248]| [kingbase]| [active]
[ 192.168.7.249]| [kingbase]| [active]
=======================================================================
You have mail in /var/spool/mail/kingbase
如上所示,集群启动成功!!!
6、总结
对于集群部署,一定要和系统管理员做好沟通,提前配置好防火墙的规则,否则,在部署和集群运行期间会出现各种故障。标签:begin arp def 查看 管理员 mamicode 转发 host usr
原文地址:https://www.cnblogs.com/tiany1224/p/14919991.html
