Centos 8’de openldap depodan gelmiyor.
ya repo https://repo.symas.com/sofl/rhel8/ yada https://kifarunix.com/install-and-setup-openldap-on-centos-8/ derleme yoluyla kurulabilir.
Aktif-aktif ldap kurulumu yapıldıktan sonra,
master-ldap1 slave-ldap2 olarak kurgulandı.
bu sunuculardan herhangi biri down olduğunuda ise vrrp mantığıyla priority tanımlaması yapılarak yönlendirme yapılması gereklidir.
Bunun için öncelikle centos 8 için her iki ldap sunucusunada virtual ip tanımlaması yapılmalıdır.
1.Virtual IP Address (VIP) on CentOS 8:
ip addr show komutuyla network interface belirlenir. Bizde ens192 idi.
cd /etc/sysconfig/network-scripts/
ve sonrasında virtual ip için network interface yapılandırılır:
cp ifcfg-ens192 ifcfg-ens192:1
nano /etc/sysconfig/network-scripts/ifcfg-ens192:1
TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="none"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="ens192"
UUID="b1d44459-6b90-435a-950e-9b6001cfcf1b"
DEVICE="ens192:1" # ldap1-master sunucunun interface i kopyalandığı için VRRP virtual ip için ismi bu şekilde güncelliyoruz.
ONBOOT="yes"
IPADDR="192.168.40.250" # virtual ip adresi verilir.
PREFIX="24"
GATEWAY="192.168.40.1"
DNS1="192.168.40.3"
IPV6_PRIVACY="no"
sonrasında systemctl restart network ile ayarlar uygulanır.
2. Openldap Auto Failover using Keepalived on CentOS 8
Master Ldap1 Server – 192.168.40.253
Slave Ldap2 Server – 192.168.40.254
Virtual IP Address – 192.168.40.250 (her iki server içinde aynı verilir)
her iki sunucudada,
sudo yum -y install keepalived ve mv /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf.back işlemleri yapılır.
Sonrasında master tarafında,
nano /etc/keepalived/keepalived.conf
vrrp_script chk_openldap {
script "pidof slapd"
interval 2 # every 2 seconds
weight 2
}
vrrp_instance VI_1 {
interface ens192 # the network interface to which the virtual address is assigned
state MASTER # MASTER for master server
virtual_router_id 50 # the virtual router ID must be unique to each VRRP instance
unicast_src_ip 192.168.40.253 # IP address of Master Server
unicast_peer {
192.168.40.254 # IP address of Slave Server
}
priority 102 # master server should always have a higher priority number
# than the slave
track_script {
chk_openldap
}
virtual_ipaddress {
192.168.40.250/24 dev enp0s3 # Virtual IP address
}
}
Sonrasında slave tarafında,
nano /etc/keepalived/keepalived.conf
vrrp_script chk_openldap {
script "pidof slapd"
interval 2 # every 2 seconds
weight 2
}
vrrp_instance VI_1 {
interface ens192 # the network interface to which the virtual address is assigned
state BACKUP # BACKUP for slave server
virtual_router_id 50 # the virtual router ID must be unique to each VRRP instance
unicast_src_ip 192.168.40.254 # IP address of Slave Server
unicast_peer {
192.168.40.253 # IP address of Master Server
}
priority 101 # slave server should have a priority number lower than the slave
track_script {
chk_openldap
}
virtual_ipaddress {
192.168.40.250/24 dev enp0s3 # Virtual IP address
}
}
FW tanımlı ise
firewall-cmd --direct --permanent --add-rule ipv4 filter INPUT 0
--in-interface ens192 --destination 224.0.0.18 --protocol vrrp -j ACCEPT;
firewall-cmd --direct --permanent --add-rule ipv4 filter OUTPUT 0
--out-interface ens192 --destination 224.0.0.18 --protocol vrrp -j ACCEPT;
firewall-cmd –reload;
Servisi aktif et, başlat ve kontrol et:
systemctl enable keepalived
systemctl start keepalived
service keepalived status