拓扑图：  实验环境： 主机 IP地址 功能 node4.51yuki.cn 10.2.11.217 web服务（nginx），HA节点 node5.51yuki.cn 10.2.11.216 web服务（nginx），HA节点 nfs.51yuki.cn 10.2.11.221 提供nfs服务 实验步骤 第一步：准备工作 1、配置ntp时间同步 [www@nfs ~]$ sudo ntpdate time1.aliyun.com [www@nfs ~]$ crontab -e */5 * * * * ntpdate time1.aliyun.com &>/dev/null [www@node4 ~]$ sudo ntpdate time1.aliyun.com 24 Jan 21:52:55 ntpdate[15537]: step time server 203.107.6.88 offset 106.394191 sec [www@node4 ~]$ crontab -e no crontab for www - using an empty one */5 * * * * ntpdate time1.aliyun.com &>/dev/null [www@node5 ~]$ sudo ntpdate time1.aliyun.com 24 Jan 21:52:55 ntpdate[15537]: step time server 203.107.6.88 offset 106.394191 sec [www@node5 ~]$ crontab -e no crontab for www - using an empty one */5 * * * * ntpdate time1.aliyun.com &>/dev/null 2、配置hosts文件同步 （以node5为例，然后通过scp拷贝到node4） [www@node5 ~]$ sudo vim /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 10.2.11.217 node4.51yuki.cn node4 10.2.11.216 node5.51yuki.cn node5 [www@node5 ~]$ sudo scp /etc/hosts www@10.2.11.217:/tmp The authenticity of host '10.2.11.217 (10.2.11.217)' can't be established. ECDSA key fingerprint is SHA256:Tqbq1rIMJKlN8PwdXlB6WXWz0TEWaklc+Qc+pdRh1gA. ECDSA key fingerprint is MD5:65:e0:a7:8d:f7:b2:9b:d3:b2:e2:83:26:4e:3f:bf:8a. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '10.2.11.217' (ECDSA) to the list of known hosts. www@10.2.11.217's password: Permission denied, please try again. www@10.2.11.217's password: hosts [www@node5 ~]$ ssh www@10.2.11.217 "sudo cp /tmp/hosts /etc/hosts" The authenticity of host '10.2.11.217 (10.2.11.217)' can't be established. ECDSA key fingerprint is SHA256:Tqbq1rIMJKlN8PwdXlB6WXWz0TEWaklc+Qc+pdRh1gA. ECDSA key fingerprint is MD5:65:e0:a7:8d:f7:b2:9b:d3:b2:e2:83:26:4e:3f:bf:8a. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '10.2.11.217' (ECDSA) to the list of known hosts. www@10.2.11.217's password: 3、配置节点间互信 [www@node4 ~]$ ssh-keygen -t rsa [www@node4 ~]$ ssh-copy-id -i .ssh/id_rsa.pub www@10.2.11.216 /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys www@10.2.11.216's password: Permission denied, please try again. www@10.2.11.216's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'www@10.2.11.216'" and check to make sure that only the key(s) you wanted were added. （node5节点类似） [www@node5 ~]$ ssh-copy-id -i .ssh/id_rsa.pub www@node4 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/id_rsa.pub" The authenticity of host 'node4 (10.2.11.217)' can't be established. ECDSA key fingerprint is SHA256:Tqbq1rIMJKlN8PwdXlB6WXWz0TEWaklc+Qc+pdRh1gA. ECDSA key fingerprint is MD5:65:e0:a7:8d:f7:b2:9b:d3:b2:e2:83:26:4e:3f:bf:8a. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys www@node4's password: Permission denied, please try again. www@node4's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'www@node4'" and check to make sure that only the key(s) you wanted were added. 第二步：安装集群工具 [www@node4 ~]$ sudo yum -y install pacemaker pcs psmisc policycoreutils-python corosync [www@node5 ~]$ sudo yum -y install pacemaker pcs psmisc policycoreutils-python corosync （一般情况安装pcs即可，yum -y install pcs） 2）启动服务 [www@node4 ~]$ sudo systemctl enable pcsd.service Created symlink from /etc/systemd/system/multi-user.target.wants/pcsd.service to /usr/lib/systemd/system/pcsd.service. [www@node4 ~]$ sudo systemctl start pcsd.service [www@node5 ~]$ sudo systemctl enable pcsd.service Created symlink from /etc/systemd/system/multi-user.target.wants/pcsd.service to /usr/lib/systemd/system/pcsd.service. [www@node5 ~]$ sudo systemctl start pcsd.service 3）配置hacluster用户的密码 [www@node4 ~]$ echo "Aa123456" | sudo passwd --stdin hacluster Changing password for user hacluster. passwd: all authentication tokens updated successfully. [www@node5 ~]$ echo "Aa123456" | sudo passwd --stdin hacluster Changing password for user hacluster. passwd: all authentication tokens updated successfully. 第三步： 配置集群 （在node4或node5任意节点上操作，我这边在node4节点上配置） cluster： Configure cluster options and nodes 配置集群节点和选项 [www@node4 ~]$ sudo pcs cluster auth node4.51yuki.cn node5.51yuki.cn Username: hacluster Password: node4.51yuki.cn: Authorized node5.51yuki.cn: Authorized [www@node5 ~]$ sudo pcs cluster auth node4.51yuki.cn node5.51yuki.cn node4.51yuki.cn: Already authorized node5.51yuki.cn: Already authorized 2）启动corosync和pacemaker [www@node4 ~]$ sudo pcs cluster setup --name nginx_cluster node4.51yuki.cn node5.51yuki.cn Destroying cluster on nodes: node4.51yuki.cn, node5.51yuki.cn... node4.51yuki.cn: Stopping Cluster (pacemaker)... node5.51yuki.cn: Stopping Cluster (pacemaker)... node5.51yuki.cn: Successfully destroyed cluster node4.51yuki.cn: Successfully destroyed cluster Sending 'pacemaker_remote authkey' to 'node4.51yuki.cn', 'node5.51yuki.cn' node4.51yuki.cn: successful distribution of the file 'pacemaker_remote authkey' node5.51yuki.cn: successful distribution of the file 'pacemaker_remote authkey' Sending cluster config files to the nodes... node4.51yuki.cn: Succeeded node5.51yuki.cn: Succeeded Synchronizing pcsd certificates on nodes node4.51yuki.cn, node5.51yuki.cn... node4.51yuki.cn: Success node5.51yuki.cn: Success Restarting pcsd on the nodes in order to reload the certificates... node4.51yuki.cn: Success node5.51yuki.cn: Success 如果没有启动， [www@node4 ~]$ sudo pcs cluster start --all [www@node5 ~]$ sudo pcs cluster start --all 查看： [www@node4 ~]$ cd /etc/corosync/ [www@node4 corosync]$ ll total 16 -rw-r--r--. 1 root root 408 Jan 24 22:52 corosync.conf -rw-r--r--. 1 root root 2881 Sep 7 00:53 corosync.conf.example -rw-r--r--. 1 root root 767 Sep 7 00:53 corosync.conf.example.udpu -rw-r--r--. 1 root root 3278 Sep 7 00:53 corosync.xml.example drwxr-xr-x. 2 root root 6 Sep 7 00:53 uidgid.d