包子博客

RSYNC On Unix & Linux

seganert@iloveu.sh.cn(冷酷到底) — Fri, 02 Dec 2011 10:45:20 +0800

RSYNC是Linux,UNIX系统下的数据镜像及备份工具,具有可使本地和远程两台主机的文件,目录之间,快速同步镜像,远程数据备份等功能.在同步过程中,可根据远程服务器上的数据变动,相应的删除或者更新本地机的数据,同步数据不用全部传送,大大提高同步及备份文件的速度.同时在网络安全方面,也可以设置为SSH传输模式. 远程主机(Rsync Server)可为RSYNC daemon模式,开启之后将开放tcp4 873 port,等待本地主机(Rsync client)的连接,连接时远程主机会进行认证,确认合法用户进入,便开始进行资料传输,在第一次传输时会把整个资料都备份同步到本地主机上,在下一次传输时,添加相应参数则可根据远程主机的数据变动来相应调整同步操作. 本文只是 RSYNC 软件的一个简单应用操作文档,主要是给初学者一个初步介绍.
软件及平台
FreeBSD 5.2 (Server and Client)
Server IP:172.18.5.251 Hostname: freebsd-1
Client IP:172.18.5.247 Hostname: freebsd-2
apache_1.3.29
rsync-2.5.7
目的
备份Rsync Server(172.18.5.251)上的 /usr/local/www/data-dist 目录下所有内容,到Rsync Client(172.18.5.247)的/backup/www 下

安装及配置

一,Rsync Server
Step 1: 安装
freebsd-1#cd /usr/ports/net/rsync
freebsd-1#make install clean
Step 3: 配置rsyncd.conf
freebsd-1#vi /usr/local/etc/rsyncd.conf //加入以下内容
[www]
comment = web server backup
path = /usr/local/www/data-dist
auth users = tonny
uid = nobody
gid = nogroup
secrets file = /usr/local/etc/rsyncd.secrets
read only = no

Step 4: 配置rsyncd.secrets
freebsd-1#vi /usr/local/etc/rsyncd.secrets //加入以下内容
tonny:123456 // 认证所需的用户名/密码
freebsd-1#chmod 600 rsyncd.secrets

Step 5: 配置rc.conf
freebsd-1#vi /etc/rc.conf //加入以下内容
rsyncd_enable="YES"

Step 6: 启动 Rsync daemon模式
freebsd-1#vi /usr/local/etc/rc.d/rsyncd.sh //加入以下内容
command_args="-4 --daemon" <<<--- 启用ipv4 协议
freebsd-1#/usr/local/etc/rc.d/rsyncd.sh start

Step 7: 检查Rsync daemon启动状态
freebsd-1# sockstat | grep rsync
root rsync 440 3 dgram -> /var/run/log
root rsync 440 4 tcp4 *:873 *:*
二,Rsync Client
Step 1: 安装
freebsd-2#cd /usr/ports/net/rsync
freebsd-2#make install clean

Step 2: 建立备份目录
freebsd-2#cd /
freebsd-2#mkdir -p backup/www

Step 3: 配置rsyncd.secrets
freebsd-2#vi /usr/local/etc/rsyncd.secrets //加入以下内容
123456 //Rsync Server上的认证密码,不用输入用户名
freebsd-2#chmod 600 rsyncd.secrets

Step 4: 检查备份同步状态
freebsd-2#/usr/local/bin/rsync -avzP --delete
--password-file=/usr/local/etc/rsyncd.secrets tonny@172.18.5.251::www
/backup/www/

--->>> 将Rsync Server的Web页面,备份或同步到了Rsync Client的/backup/www下

Step 5: Auto Rsync Shell:
freebsd-2#cd /usr/local/etc/rc.d/
freebsd-2#chmod a-x rsyncd.sh
freebsd-2#vi rsync.sh //加入以下内容
#!/bin/sh
/usr/local/bin/rsync -avzP --delete
--password-file=/usr/local/etc/rsyncd.secrets tonny@172.18.5.251::www
/backup/www/
freebsd-2#chmod a+x rsync.sh
freebsd-2#crontab -e //加入以下内容(每天下午5点半自动备份同步)
30 17 * * * /usr/local/etc/rc.d/rsync.sh
三,高级应用(Rsync With SSH)
Rsync Server
freebsd-1#/usr/bin/ssh-keygen -d
Rsync Client
freebsd-2#/usr/bin/ssh-keygen -d
freebsd-2#scp ~/.ssh/id_dsa.pub 172.18.5.251:/root/.ssh/authorized_keys
freebsd-2#ssh-agent csh 或 (ssh-agent bash) --->>> #echo $SHELL
查看当前SHELL
freebsd-2#ssh-add id_dsa --->>> 输入 passphase

freebsd-2#/usr/local/bin/rsync -avzP --delete -e ssh
172.18.5.251:/usr/local/www/data-dist/ /backup/www/
PS: 参数说明
-a, --archive archive mode, equivalent to -rlptgoD
//档案模式
-v, --verbose
//详细模式
-z, --compress compress file data
//压缩文件
-P equivalent to --partial --progress
//显示进度
--delete
This tells rsync to delete any files on the receiving side
that
aren't on the sending side.
//保持远程机器的文件同步性
-e ssh use SSH connection
//使用SSH连接,保证数据安全

参考
http://rsync.samba.org/ rsync 网站
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/openssh.html
freebsd handbook手册

centos 下使用 yum 安装ntfs-3g

seganert@iloveu.sh.cn(冷酷到底) — Fri, 25 Nov 2011 12:09:57 +0800

用的rpmforge 装的。

# wget http://dag.wieers.com/rpm/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm
# rpm -ivh rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm
# rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-rpmforge-*
# yum --enablerepo=rpmforge install -y fuse fuse-ntfs-3g dkms dkms-fuse

天秤座蜜语

seganert@iloveu.sh.cn(冷酷到底) — Thu, 03 Nov 2011 08:53:32 +0800

如果有一天，天秤变得更冷漠了，请记得，天秤曾经要人陪的时候你都只说忙...如果有一天，天秤变得目中无人了，请记得，曾经也没有人把我放在心里... 如果有一天，天秤不再在乎你了，请记得，曾经也没人听过天秤的心事... 如果有一天，天秤不再对你笑了，请记得，你曾经也没有问天秤过的快不快乐。

最不会谈恋爱的五星座

seganert@iloveu.sh.cn(冷酷到底) — Tue, 18 Oct 2011 10:41:49 +0800

NO.1天秤座
　　天秤座天生就是“逃避专业户”，尤其是和感情有关的问题，天秤座在感情上一直都比较被动，基本上是走配合对方的路线，从感情一开始考虑要不要接受犹豫不决，一直到缘尽时无法抽身，他们很难理出头绪，如果在一段感情中他万般牺牲却又换得被辜负的下场，天秤们往往会消沉好一阵子，甚至可能逃离熟悉的环境到陌生的环境重新开始。

虽然说都喜欢本分点的女孩。但好像真的对于这种性格很难和本分的女孩发展到一起。
大家都被动了还怎么谈朋友和发展起来呢。。
看来我只能和很主动激情奔放的人能谈的起来和发展

Smack That--棚拍比基尼（打酱油视频作品）

seganert@iloveu.sh.cn(冷酷到底) — Wed, 07 Sep 2011 22:12:07 +0800

学校上棚拍课，因无引闪器，旁边打酱油拍段视频玩玩

Flash动画

在线播放

COM+ The run-time environment has detected an inco

seganert@iloveu.sh.cn(冷酷到底) — Thu, 01 Sep 2011 10:34:44 +0800

DeskTop Heap Exhaustion

Ran into another mine field the other day - blew my foot right off before I could even realize what was happening.

The client received this error:

The run-time environment has detected an inconsistency in its internal state. This indicates a potential instability in the process that could be caused by the custom components running in the COM+ application, the components they make use of, or other factors. Error in d:\nt\com\complus\src\comsvcs\threads\stathread.cpp(284), hr = 80070000: CSTAThread: CoGetApartmentID failed

The run-time environment has detected an inconsistency in its internal state. This indicates a potential instability in the process that could be caused by the custom components running in the COM+ application, the components they make use of, or other factors. Error in d:\nt\com\complus\src\comsvcs\threads\stathread.cpp(271), hr = 80070057: CSTAThread: CoInitializeEx failed

The run-time environment has detected an inconsistency in its internal state. This indicates a potential instability in the process that could be caused by the custom components running in the COM+ application, the components they make use of, or other factors. Error in d:\nt\com\complus\src\comsvcs\threads\stathreadpool.cpp(1230), hr = 8000ffff: CSTAThreadPool: Unable to get bind thread.

The run-time environment has detected an inconsistency in its internal state. This indicates a potential instability in the process that could be caused by the custom components running in the COM+ application, the components they make use of, or other factors. Couldn't get ApartmentID from STAPool

The COM+ component was configured to use a large number of threads on startup but this was working fine for several years in production. The workaround was to reduce the number of pre-allocated threads, but why was this issue surfacing?

As it turns out, the desktop heap size was the root cause. Each process running on the desktop is treated differently for "Interactive User" vs "Non-interactive User". Windows reads a registry key to determine how to treat these groups of users:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\SubSystems\Windows --> SharedSection = 1024,3072,512
You can read up more on this here http://blogs.msdn.com/ntdebugging/archive/2007/01/04/desktop-heap-overview.aspx.

In the settings above, you can see that the heap is set to 3072 KB for Interactive user and just 512 KB for non-interactive users. This heap is used for system resource (e.g. thread handles). The small size prevents dllhost.exe from creating more threads.

By increasing the heap allocated for non-interactive users (from 512 -->1024) the problem was solved.

在FreeBSD上建立一个功能完整的邮件服务器

seganert@iloveu.sh.cn(冷酷到底) — Tue, 30 Aug 2011 13:52:37 +0800

第一部分：安装邮件服务器：postfix+vm-pop3d+openwebmail

以下的安装在FreeBSD 5.2.1系统上完成

1．更新 ports

# cvsup -gL 2 -h cvsup.freebsdchina.org /usr/share/examples/cvsup/ports-supfile

2. 安装 openssl+apache 服务器

# cd /usr/ports/security/openssl
# make install
# make clean
# cd /usr/ports/www/apache2
# make install
# make clean
# vi /etc/rc.conf

apache2_enable="YES"

3. 安装 openwebmail

# cd /usr/ports/mail/openwebmail/
# make WITH_QUOTA=yes install
# make clean

4. 安装 postfix ，在安装过程中用yes回答提出的问题

# cd /usr/ports/mail/postfix/
# make install
# make clean

# vi /etc/rc.conf

为了能启动postfix加入：

sendmail_enable="YES"
sendmail_flags="-bd"
sendmail_pidfile="/var/spool/postfix/pid/master.pid"
sendmail_outbound_enable="NO"
sendmail_submit_enable="NO"

5. 安装 vm-pop3d

# cd /usr/ports/mail/vm-pop3d
# make install
# make clean

6. 配置 postfix

# vi /usr/local/etc/postfix/main.cf

添加：

myhostname = mail.hotsales.cn
mydomain = mail.hotsales.cn
virtual_alias_maps=hash:/usr/local/etc/postfix/virtual
alias_maps=hash:/usr/local/etc/postfix/aliases
default_privs=nobody
allow_mail_to_commands = alias,forward,include
allow_mail_to_files = alias,forward,include

下面我加入一个 mail.hotsales.cn 的虚拟域，并添加一个用户baold
# vi /usr/local/etc/postfix/virtual

添加：

mail.hotsales.cn  anything        //之间用[tab]
baold@mail.hotsales.cn   baold.mail.hotsales.cn     //之间用[tab]

执行下面的命令，生成 virtual.db：

# cd /usr/local/etc/postfix/
# postmap virtual

# vi /usr/local/etc/postfix/aliases

添加：

baold.mail.hotsales.cn:/var/spool/virtual/mail.hotsales.cn/baold

执行下面的命令，生成 aliases.db:

# cd /usr/local/etc/postfix
# postalias aliases



7. 配置 vm-pop3d 使其开机自动执行

# cd /usr/local/etc/rc.d
# mv vm-pop3d.sh.sample vm-pop3d.sh

配置 openwebmail 支持 mail.hotsales.cn 域，创建下面的文件：

# vi /usr/local/www/cgi-bin/openwebmail/etc/sites.conf/mail.hotsales.cn

=========================== mail.hotsales.cn =======================
auth_module auth_vdomain.pl
auth_withdomain yes
mailspooldir /var/spool/virtual/mail.hotsales.cn
use_syshomedir no
use_homedirspools no
enable_autoreply no
enable_setforward no
enable_vdomain yes
vdomain_admlist baold        //这里设置了这个域的管理员
vdomain_maxuser 500
vdomain_vmpop3_pwdpath /usr/local/etc/virtual
vdomain_vmpop3_pwdname passwd
vdomain_vmpop3_mailpath /var/spool/virtual
vdomain_postfix_aliases /usr/local/etc/postfix/aliases
vdomain_postfix_virtual /usr/local/etc/postfix/virtual
vdomain_postfix_postalias /usr/local/sbin/postalias
vdomain_postfix_postmap /usr/local/sbin/postmap
# quota设置部分
quota_module quota_du.pl
quota_limit 52400           //定义了邮箱大小
quota_threshold 85
delmail_ifquotahit no
delfile_ifquotahit no
=========================== mail.hotsales.cn =======================

# mkdir -p /var/spool/virtual/mail.hotsales.cn
# chown nobody /var/spool/virtual/mail.hotsales.cn
# chgrp mail /var/spool/virtual/mail.hotsales.cn

# mkdir -p /usr/local/etc/virtual/mail.hotsales.cn
# touch /usr/local/etc/virtual/mail.hotsales.cn/passwd
# chmod 644 /usr/local/etc/virtual/mail.hotsales.cn/passwd

# htpasswd /usr/local/etc/virtual/mail.hotsales.cn/passwd baold
# chmod 755 /usr/local/www/cgi-bin/openwebmail/etc/users

# sync
# reboot

8. 最后通过浏览器登陆到OPENWEBMAIL

http://mail.hotsales.cn/cgi-bin/openwebmail/openwebmail.pl

第二部分：防病毒、垃圾邮件：clamav+amavisd-new+spam

1．0 安装clamav:

# cd /usr/ports/security/clamav
# make install
# make clean

# vi /usr/local/etc/clamav.conf
===============================clamav.conf============================
# Comment or remove the line below.
# Example
LogFile /var/log/clamav/clamd.log
LogFileMaxSize 1M
LogTime
LogVerbose
PidFile /var/run/clamav/clamd.pid
DataDirectory /usr/local/share/clamav
LocalSocket /tmp/clamd
StreamMaxLength 10M
MaxThreads 10
MaxDirectoryRecursion 15
User clamav
ScanMail
ScanArchive
ScanRAR
ArchiveMaxFileSize 10M
ArchiveMaxRecursion 5
ArchiveMaxFiles 1000
ClamukoScanOnOpen
ClamukoScanOnClose
ClamukoScanOnExec
ClamukoIncludePath /var/spool/virtual
ClamukoMaxFileSize 6M
ClamukoScanArchive
===============================clamav.conf============================

1.1 更新病毒库

# /usr/local/etc/rc.d/clamav-freshclam.sh start

2.0 安装amavisd-new

# cd /usr/ports/security/amavisd-new
# make install
# make clean

# cd /usr/local/etc
# mv amavisd.conf-dist amavisd.conf
# vi amavisd.conf
============================== amavisd.conf ===============================
$MYHOME = '/var/amavis';          # (default is '/var/amavis')
$mydomain = 'mail.hotsales.cn';     # (no useful default)
$daemon_user  = 'vscan';         # (no default;  customary: vscan or amavis)
$daemon_group = 'vscan';         # (no default;  customary: vscan or amavis)

$log_level = 0;

$sa_spam_subject_tag = '***SPAM***'

$virus_admin = "root\@$mydomain";
$spam_admin = "baold\@$mydomain";
$mailfrom_notify_admin     = "baold\@$mydomain";
$mailfrom_notify_recip     = "baold\@$mydomain";
$mailfrom_notify_spamadmin = "baold\@$mydomain";

$inet_socket_bind = '127.0.0.1';
$forward_method = 'smtp:127.0.0.1:10025';
$notify_method = $forward_method;
$inet_socket_port = 10024;
$max_servers  =  2;

['Clam Antivirus-clamd',
   \&ask_daemon, ["CONTSCAN {}\n", '/tmp/clamd'],
   qr/\bOK$/, qr/\bFOUND$/,
   qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
============================== amavisd.conf ===============================

2.1 要启动clamav和amavisd-new需要配置一下/etc/rc.conf

# vi /etc/rc.conf

spamd_enable="YES"
amavisd_enable="YES
clamav_clamd_enable="YES"

3.0 由于在安装amavisd-new时spamassassin被一起安装了下面对其进行配置

3.1 建立过滤规则：

# cd /usr/local/etc/mail/spamassassin
# env LANG=C vi local.cf
=============================== local.cf ===============================
# SpamAssassin config file for version x.xx
# generated by http://www.yrex.com/spam/spamconfig.php (version 1.01)

# How many hits before a message is considered spam.
required_hits 4.0

# Whether to change the subject of suspected spam
rewrite_subject 1

# Text to prepend to subject if rewrite_subject is used
subject_tag *****SPAM*****

# Encapsulate spam in an attachment
report_safe 1

# Use terse version of the spam report
use_terse_report 0

# Enable the Bayes system
use_bayes 1

# Enable Bayes auto-learning
auto_learn 1

# Enable or disable network checks
skip_rbl_checks 1
use_razor2 0
use_dcc 0
use_pyzor 0

# Mail using languages used in these country codes will not be marked
# as being possibly spam in a foreign language.
# - chinese english
ok_languages zh en

# Mail using locales used in these country codes will not be marked
# as being possibly spam in a foreign language.
ok_locales en zh
score SUBJ_FULL_OF_8BITS 2
score NO_REAL_NAME 4.0
=============================== local.cf ===============================

3.2 下载新的垃圾邮件地址列表文件

# cd /usr/local/share/spamassassin
# fetch http://anti-spam.org.cn/rules/sa/55_diy_score.cf

4.0 对POSFIX进行配置，在他的配置文件中添加下面的一些内容

# vi /usr/local/etc/postfix/master.cf

---------------------- master.cf ---------------------
smtp-amavis unix -   -   n     -       2  smtp
        -o smtp_data_done_timeout=1200
        -o disable_dns_lookups=yes

127.0.0.1:10025 inet n -       n       -       -  smtpd
        -o content_filter=
        -o local_recipient_maps=
        -o relay_recipient_maps=
        -o smtpd_restriction_classes=
        -o smtpd_client_restrictions=
        -o smtpd_helo_restrictions=
        -o smtpd_sender_restrictions=
        -o mynetworks=127.0.0.0/8
---------------------- master.cf ---------------------

# vi /usr/local/etc/postfix/main.cf

content_filter = smtp-amavis:[127.0.0.1]:10024

好了，现在一个基于FreeBSD的功能相对完整的邮件服务器就建立起来了，虚拟域的管理员可以登陆OPENWEBMAIL进行用户的添加、删除等操作，虚拟用户可以通过OPENWEBMAIL修改自己的密码。

在Redhat 9下实现双机热备和集群功能

seganert@iloveu.sh.cn(冷酷到底) — Tue, 30 Aug 2011 13:51:14 +0800

Red hat 9 linux的集群安装比较简单，需要的安装文件有以下几个：
heartbeat-1.0.4-2.rh.9.um.1.i386.rpm
heartbeat-pils-1.0.4-2.rh.9.um.1.i386.rpm
heartbeat-stonith-1.0.4-2.rh.9.um.1.i386.rpm
net-snmp-5.0.6-17.i386.rpm
按顺序一次安装
1、heartbeat-pils-1.0.4-2.rh.9.um.1.i386.rpm
2、net-snmp-5.0.6-17.i386.rpm
3、heartbeat-stonith-1.0.4-2.rh.9.um.1.i386.rpm
4、heartbeat-1.0.4-2.rh.9.um.1.i386.rpm
#rpm -ivh heartbeat-pils-1.0.4-2.rh.9.um.1.i386.rpm
#rpm -ivh net-snmp-5.0.6-17.i386.rpm
#rpm -ivh heartbeat-stonith-1.0.4-2.rh.9.um.1.i386.rpm
#rpm -ivh heartbeat-1.0.4-2.rh.9.um.1.i386.rpm
安装完成之后，开始配置主服务器。配置文件位于/etc/ha.d下，用rpm安装之后不会产生配置文件，需要从/usr/share/doc/heartbeat-1.0.4下，把ha.cf,,,,authkeys,,,,,,,,haresources,,,,三个文件cp到/etc/ha.d下面。
文件在ha.cf是主要heartbeat的配置文件，authkeys是heartbeat的安全配置文件，haresource文件是heartbeat的资源文件
其文件说明如下：
ha.cf
#############################################################################################
#
# There are lots of options in this file.  All you have to have is a set
# of nodes listed {"node ...}
# and one of {serial, bcast, mcast, or ucast}
#
# ATTENTION: As the configuration file is read line by line,
#     THE orDER OF DIRECTIVE MATTERS!
#
#     In particular, make sure that the timings and udpport
#     et al are set before the heartbeat media are defined!
#     All will be fine if you keep them ordered as in this
#     example.
#
#
#       Note on logging:
#       If any of debugfile, logfile and logfacility are defined then they
#       will be used. If debugfile and/or logfile are not defined and
#       logfacility is defined then the respective logging and debug
#       messages will be loged to syslog. If logfacility is not defined
#       then debugfile and logfile will be used to log messges. If
#       logfacility is not defined and debugfile and/or logfile are not
#       defined then defaults will be used for debugfile and logfile as
#       required and messages will be sent there.
#
# File to write debug messages to
debugfile /var/log/ha-debug       【heartbeat的debug信息记录文件】
#
#
#  File to write other messages to
#
logfile /var/log/ha-log    【日志文件】
#
#
# Facility to use for syslog()/logger
#
logfacility local  0            【记录日志在syslog中，可选项】
#
#
# A note on specifying "how long" times below...
#
# The default time unit is seconds
#  10 means ten seconds
#
# You can also specify them in milliseconds
#  1500ms means 1.5 seconds
#
#
# keepalive: how long between heartbeats?
#
keepalive  3    【每3秒发送一次keeplive消息】
#
# deadtime: how long-to-declare-host-dead?
#
deadtime 15       【如果15秒没有收到keeplive消息将会认为节点已经失效】
#
# warntime: how long before issuing "late heartbeat" warning?
# See the FAQ for how to use warntime to tune deadtime.
#
warntime 10         【在日志中记录最后心跳last heartbeat-best 前的警告时间】
#
#
# Very first dead time (initdead)
#
# On some machines/OSes, etc. the network takes a while to come up
# and start working right after you've been rebooted.  As a result
# we have a separate dead time for when things first come up.
# It should be at least twice the normal dead time.
#
initdead 60        【如果节点的机器重启后，可能需要一些时间启动网络，这个时间与deadtime不一样，要单独对待】
#
#
# nice_failback:  determines whether a resource will
# automatically fail back to its "primary" node, or remain
# on whatever node is serving it until that node fails.
#
# The default is "off", which means that it WILL fail
# back to the node which is declared as primary in haresources
#
# "on" means that resources only move to new nodes when
# the nodes they are served on die.  This is deemed as a
# "nice" behavior (unless you want to do active-active).
#
nice_failback on           【如果主节点失效之后，重新恢复后，不会再成为主节点，                              只有当当前主节点失效，此节点才可恢复为主节点】
#
# hopfudge maximum hop count minus number of nodes in config
#hopfudge 1
#
#
# Baud rate for serial ports...
# (must precede "serial" directives)
#
#baud 19200
#
# serial serialportname ...
#serial /dev/ttyS0 # Linux
#serial /dev/cuaa0 # FreeBSD
#serial /dev/cua/a # Solaris
#
# What UDP port to use for communication?
#  [used by bcast and ucast]
#
#udpport 694
#
# What interfaces to broadcast heartbeats over?
#
#bcast eth1  # Linux
#bcast eth1 eth2 # Linux
#bcast le0  # Solaris
#bcast le1 le2  # Solaris
#
# Set up a multicast heartbeat medium
# mcast [dev] [mcast group] [port] [ttl] [loop]
#
# [dev]  device to send/rcv heartbeats on
# [mcast group] multicast group to join (class D multicast address
#   224.0.0.0 - 239.255.255.255)
# [port]  udp port to sendto/rcvfrom (no reason to differ
#   from the port used for broadcast heartbeats)
# [ttl]  the ttl value for outbound heartbeats.  This affects
#   how far the multicast packet will propagate.  (1-255)
# [loop]  toggles loopback for outbound multicast heartbeats.
#   if enabled, an outbound packet will be looped back and
#   received by the interface it was sent on. (0 or 1)
#   This field should always be set to 0.
#
#
mcast eth1 225.0.0.22 694 10    【使用组播225.0.0.22，端口694发送keeplive消息】
#
# Set up a unicast / udp heartbeat medium
# ucast [dev] [peer-ip-addr]
#
# [dev]  device to send/rcv heartbeats on
# [peer-ip-addr] IP address of peer to send packets to
#
#ucast eth0 192.168.1.2
#
#
# Watchdog is the watchdog timer.  If our own heart doesn't beat for
# a minute, then our machine will reboot.
#
#watchdog /dev/watchdog
#
#       "Legacy" STONITH support
#       Using this directive assumes that there is one stonith
#       device in the cluster.  Parameters to this device are
#       read from a configuration file. The format of this line is:
#
#         stonith <stonith_type> <configfile>
#
#       NOTE: it is up to you to maintain this file on each node in the
#       cluster!
#
#stonith baytech /etc/ha.d/conf/stonith.baytech
#
#       STONITH support
#       You can configure multiple stonith devices using this directive.
#       The format of the line is:
#         stonith_host <hostfrom> <stonith_type> <params...>
#         <hostfrom> is the machine the stonith device is attached
#              to or * to mean it is accessible from any host.
#         <stonith_type> is the type of stonith device (a list of
#              supported drives is in /usr/lib/stonith.)
#         <params...> are driver specific parameters.  To see the
#              format for a particular device, run:
#           stonith -l -t <stonith_type>
#
#
# Note that if you put your stonith device access information in
# here, and you make this file publically readable, you're asking
# for a denial of service attack ;-)
#
#
#stonith_host *     baytech 10.0.0.3 mylogin mysecretpassword
#stonith_host ken3  rps10 /dev/ttyS1 kathy 0
#stonith_host kathy rps10 /dev/ttyS1 ken3 0
#
# Tell what machines are in the cluster
# node nodename ... -- must match uname -n
node rh-9-a    【定义节点名称，必须是节点的主机名】
node rh-9-b
#
# Less common options...
#
# Treats 10.10.10.254 as a psuedo-cluster-member
#
#ping www.163.com www.google.com
#
# Started and stopped with heartbeat.  Restarted unless it exits
#    with rc=100
#
#respawn userid /path/name/to/run
＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃＃
authkeys

#
# Authentication file.  Must be mode 600
#
#
# Must have exactly one auth directive at the front.
# auth send authentication using this method-id
#
# Then, list the method and key that go with that method-id
#
# Available methods: crc sha1, md5.  Crc doesn't need/want a key.
#
# You normally only have one authentication method-id listed in this file
#
# Put more than one to make a smooth transition when changing auth
# methods and/or keys.
#
#
# sha1 is believed to be the "best", md5 next best.
#
# crc adds no security, except from packet corruption.
#  Use only on physically secure networks.
#
auth 3             【指定认证加密方式，3 表示加密方式的行号】
#1 crc
#2 sha1 HI!
3 md5 Hello!             【使用md5加密，密码为hello!】

####################################################################################################################################

#
# This is a list of resources that move from machine to machine as
# nodes go down and come up in the cluster.  Do not include
# "administrative" or fixed IP addresses in this file.
#
# <VERY IMPORTANT NOTE>
# The haresources files MUST BE IDENTICAL on all nodes of the cluster.
#
# The node names listed in front of the resource group information
# is the name of the preferred node to run the service.  It is
# not necessarily the name of the current machine.  If you are running
# nice_failback OFF then these services will be started
# up on the preferred nodes - any time they're up.
#
# If you are running with nice_failback ON, then the node information
# will be used in the case of a simultaneous start-up.
#
# BUT FOR ALL OF THESE CASES, the haresources files MUST BE IDENTICAL.
# If your files are different then almost certainly something
# won't work right.
# </VERY IMPORTANT NOTE>
#
#
# We refer to this file when we're coming up, and when a machine is being
# taken over after going down.
#
# You need to make this right for your installation, then install it in
# /etc/ha.d
#
# Each logical line in the file constitutes a "resource group".
# A resource group is a list of resources which move together from
# one node to another - in the order listed.  It is assumed that there
# is no relationship between different resource groups.  These
# resource in a resource group are started left-to-right, and stopped
# right-to-left.  Long lists of resources can be continued from line
# to line by ending the lines with backslashes ("\").
#
# These resources in this file are either IP addresses, or the name
# of scripts to run to "start" or "stop" the given resource.
#
# The format is like this:
#
#node-name resource1 resource2 ... resourceN
#
#
# If the resource name contains an :: in the middle of it, the
# part after the :: is passed to the resource script as an argument.
#       Multiple arguments are separated by the :: delimeter
#
# In the case of IP addresses, the resource script name IPaddr is
# implied.
#
# For example, the IP address 135.9.8.7 could also be represented
# as IPaddr::135.9.8.7
#
# THIS IS IMPORTANT!!     vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
#
# The given IP address is directed to an interface which has a route
# to the given address.  This means you have to have a net route
# set up outside of the High-Availability structure.  We don't set it
# up here -- we key off of it.
#
# The broadcast address for the IP alias that is created to support
# an IP address defaults to the highest address on the subnet.
#
# The netmask for the IP alias that is created defaults to the same
# netmask as the route that it selected in in the step above.
#
# The base interface for the IPalias that is created defaults to the
# same netmask as the route that it selected in in the step above.
#
# If you want to specify that this IP address is to be brought up
# on a subnet with a netmask of 255.255.255.0, you would specify
# this as IPaddr::135.9.8.7/24 .
#
# If you wished to tell it that the broadcast address for this subnet
# was 135.9.8.210, then you would specify that this way:
#  IPaddr::135.9.8.7/24/135.9.8.210
#
# If you wished to tell it that the interface to add the address to
# is eth0, then you would need to specify it this way:
#  IPaddr::135.9.8.7/24/eth0
#
#       And this way to specify both the broadcast address and the
#       interface:
#  IPaddr::135.9.8.7/24/eth0/135.9.8.210
#
# The IP addresses you list in this file are called "service" addresses,
# since they're they're the publicly advertised addresses that clients
# use to get at highly available services.
#
# For a hot/standby (non load-sharing) 2-node system with only
# a single service address,
# you will probably only put one system name and one IP address in here.
# The name you give the address to is the name of the default "hot"
# system.
#
# Where the nodename is the name of the node which "normally" owns the
# resource.  If this machine is up, it will always have the resource
# it is shown as owning.
#
# The string you put in for nodename must match the uname -n name
# of your machine.  Depending on how you have it administered, it could
# be a short name or a FQDN.
#
#-------------------------------------------------------------------
#
# Simple case: One service address, default subnet and netmask
#  No servers that go up and down with the IP address
#
#just.linux-ha.org 135.9.216.110
#
#-------------------------------------------------------------------
#
# Assuming the adminstrative addresses are on the same subnet...
# A little more complex case: One service address, default subnet
# and netmask, and you want to start and stop http when you get
# the IP address...
#
#just.linux-ha.org 135.9.216.110 http
#-------------------------------------------------------------------
#
# A little more complex case: Three service addresses, default subnet
# and netmask, and you want to start and stop http when you get
# the IP address...
#
#just.linux-ha.org 135.9.216.110 135.9.215.111 135.9.216.112 httpd
#-------------------------------------------------------------------
#
# One service address, with the subnet, interface and bcast addr
#       explicitly defined.
#
#just.linux-ha.org 135.9.216.3/28/eth0/135.9.216.12 httpd
#
#-------------------------------------------------------------------
#
#       An example where a shared filesystem is to be used.
#       Note that multiple aguments are passed to this script using
#       the delimiter '::' to separate each argument.
#
rh-9-a  11.1.1.96/24/eth0     【定义主节点使用的公网IP，掩码和接口名称】
#
# Regarding the node-names in this file:
#
# They must match the names of the nodes listed in ha.cf, which in turn
# must match the `uname -n` of some node in the cluster.  So they aren't
# virtual in any sense of the word.
#

根据情况更改配置文件，两台服务器的heartbeat配置必须一样，这样才能启动heartbeat,
启动heartbeat:
/etc/rc.d/init.d/heartbeat start [stop|restart]

双网卡双ip实现双线路共用的实际应用（转载）

seganert@iloveu.sh.cn(冷酷到底) — Tue, 30 Aug 2011 09:48:50 +0800

双网卡双ip实现双线路共用的实际应用（图文）

——让你实现：访问电信服务器自动使用电信线路，而访问网通服务器时自动使用网通线路

.abu. at patching.net 补天网转载请注明出处作者

上网的朋友基本都清楚，北方网通与南方电信的互联网通信存在瓶颈，且不去说具体是什么原因造成的，

但这确实给互联网的应用造成了很大的障碍。所以，从服务器以及IDC运营的角度来说，出现了很多

双线路机房，通过部署电信、网通双线路，满足用户对双线路的实际使用需求。

一般来说，有双ip双线路，单ip双线路，CDN双线路，BGP单ip双线路这样的几种双线路接入解决方案。

简单的介绍一下：

1、双ip双线路。服务器配置2块网卡，分别配置电信、网通不同的ip地址。在服务器上配置路由表，实现

服务器访问电信和网通各自不同的ip的时候，分别走不同的通道。另一方面，用户通过唯一的域名来访问

服务器，而域名解析的时候，通过实施对不同的ip地址请求返回不同的服务器ip的方法来实现，网通用户

请求域名时返回网通的ip，电信用户请求域名时返回电信的ip，这也就是所谓的智能dns解析。

2、单ip双线路。服务器配置1块网卡1个ip，或者是电信的ip、或者是网通的ip。通过路由器上配置路由表

来实现双线路访问，这样做的好处是不用对服务器进行配置，而缺点是这样的配置，实际上只解决了半边通信

的双线路访问，无法对用户在访问服务器时提供正确的路由通道。所以这样的方案一般只是过渡方案。

3、CDN双线路。记得我当年还加入过一个CDN的联盟呢。呵呵。CDN（Content Delivery Network）也就是

互联网内容分发网络，基本的概念就是制作大量的站点镜像，比如北京有服务器，这时候在南京放个镜像服务器，

广州也放一个镜像服务器，然后通过智能dns解析让北京的用户访问北京的服务器，南京的用户访问南京的

服务器缓存，以此类推。貌似新浪之类的大型门户网站就是这么做的。CDN的好处是容易部署，可扩展性强，

缺点就是镜像缓存技术对于静态页面方式的网站，比如门户网站支持度是非常高的，但对于基于动态更新的

网站，基本就无用武之地了。

4、BGP单ip双线路。BGP（Border Gateway Protocol）边界网关协议。BGP具体的功能就是控制路由的传播

和选择最佳路由。这个双线路的实现必须是IDC机房运营商与电信、网通能够达成合作协议，通过骨干网络的

路由器来给予最优路由选择，所有的一切，对于服务器和用户都无任何负担。服务器仅需单ip且效果最佳。

但是这样的合作谈判又怎么会那么容易。所以目前这样的基于BGP的解决方案基本都是针对绝对的高端用户提供的。

上面给大家介绍了双线路的问题，那么今天具体想和大家说的是什么呢。

其实就是双线路联网的另一个重要的网络应用。也就是针对客户端群体的双线路访问。

在实际使用中，有很多情况下，公司、网吧或者个人在家里，常常因为申请了电信的上网线路，就会导致网通的

访问变慢，而申请了网通，则访问电信又会很慢。干脆申请两条线路，一条电信宽带，一条网通宽带吧。又不知道

怎么把它们接起来。其实在这样的应用中，通过双网卡双ip的方式就可以实现双线路自动识别。

下面来说说具体如何操作。以我的电脑为例给大家做个演示。

我使用了2条宽带，一条电信线路，一条网通线路，带宽分别是1M。

我自己呢也有两个网卡，一个有线网卡连接网通，一个无线网卡连接电信线路。

连接网通的网卡，ip设置为：192.168.1.111，网关设置为192.168.1.1

连接电信的网卡，ip设置为：192.168.0.111，网关设置为192.168.0.1

我在命令行下，用route print命令查看一下当前默认的路由表：

注意看最下面一行：Default Gateway:192.168.1.1

这句的意思就是默认网关，一台电脑只有一个默认网关，所有的数据包都是先发往这个网关地址。

根据显示，192.168.1.1代表我的网通的那条线路，也就是所有的数据包都会自动优先从网通线路走。

可能有线网卡比无线网卡的优先级高的原因吧，系统默认将有线的网通通道的地址设置为默认网关了。

暂停一下，整理一下思路。

要通过双网卡双ip方式实现双线路，我们需要修改电脑中的路由表，可以用以下两种规则。

1、默认网关设置为网通线路的ip，然后将电信网络的网段路由手工添加到路由表记录中，

让访问电信ip时，根据路由表规则，让这些访问都通过电信线路出去，达到目的。

2、默认网关设置为电信线路的ip，然后将网通的网段路由手工添加到路由表记录中，当访问网通ip时，

则根据路由表规则，让这些访问都通过网通线路出去，达到目的。

由于电信的网段数量比网通的多的多，所以我们用第二种规则，

也就是：默认网关设为电信，其它访问网通ip的时候，通过路由表控制，迫使数据从网通通道出去。

整理完思路之后，我们就面临第一个问题，就是如何将默认网关设置成电信网络的192.168.0.1这个地址，而不是

网通的192.168.1.1这个地址。

这样操作：

网卡，我找到无线网卡（电信线路的那个），右键属性——TCP/IP属性——高级

找到默认网关，将默认网关的跃点数设为1。

这时候我们再route print看看

注意看最下面一行：Default Gateway:192.168.0.1

看看默认网关，已经变成192.168.0.1，也就是电信线路了。下面我们开始继续工作。

接下来要把网通的网段添加到路由表里面咯。

用这样的命令

route add 61.156.0.0 mask 255.255.0.0 192.168.1.1

比如这条命令，就指定了将61.156.0.0 这个网段的通讯全部设置为从192.168.1.1 网通线路走。

网通的段虽然比电信的少，但写出来也是呼啦一堆。所以这里准备了一个批处理文件，2000/xp/2003直接运行就ok。

对了，route add命令是添加临时的路由记录，重启后，就清空了，如果想永久生效，用下面的命令：

route -p add 61.156.0.0 mask 255.255.0.0 192.168.1.1

当然，你下载之后呢可以自己修改批处理文件。

删除路由记录也非常方便。用下面的命令：

route delete 61.156.0.0

添加网通网段路由批处理文件

SeeYa-皮鞋三部曲之1(皮鞋)下集【中文字幕】

seganert@iloveu.sh.cn(冷酷到底) — Mon, 22 Aug 2011 17:17:42 +0800