csync2 or how to facilitate the work with the cluster
Not so long ago, I had to raise a Linux cluster for one fairly loaded project. Rather, the issue of resiliency was more important than the load, but usually the cluster is designed to solve both of these problems at the same time.
In this case, I'm not going to consider the cluster architecture or debugging nuances, but tell you about a very convenient way to manage the cluster, speeding up its configuration and debugging.
Agree, it is convenient to have a set of files (for example, configs), which will always look the same on servers with the same role? Under the cut, I'll tell you how to achieve this in the shortest possible time.
In the described cluster, seven dedicated servers that communicate with each other over the internal network with the following hostname:
And the hero of today's story is csync2 , a rather old program that is available in many nix repositories, and can also be downloaded as a tarball or from a git repository .
')
So, step by step guide to installing, configuring and deriving benefit from csync2.
The installation must be performed on all nodes of the cluster:
Before installing, make sure that you have librsync on your system
Otherwise, you need to download librsync-0.9.7.tar.gz ,
and install it
Also, csync2 hopes for libsqlite , which can also be compiled from source codes:
Or you can use a rather unusual way, specifying the path to the tarball with the library when configuring (./configure) csync2:
I did not receive any other requirements, and due to age, the program has precompiled packages for most OSs ( RedHat RPM , apt-get \ aptitude install csync2, FreeBSD ports )
Compile csync2 itself
I performed all operations under Ubuntu 10.04 LTS, where csync2 is installed in one line.
If something went wrong in your OS - write in the comments, I will try to help.
So, we have installed csync2 on all nodes, we need to connect them together and make them exchange files with each other.
csync2 exchanges files through an encrypted SSL connection, so you need to create a single csync2 certificate that will allow servers to “trust” each other:
According to the instructions, you can execute the command in the source folder.
or (as I did) generate the certificate manually:
After that, you need to start generating the csync2 key:
This command takes quite a long time, after which the file /etc/csync2.cluster.key appears
Now you need to copy it to all the nodes of your cluster so that they will be in a single sync cloud. You can create several keys so that, for example, the database servers cannot communicate with the Application servers, but in my opinion it is not at all necessary if you do not build a cluster for the bank.
The most important program file is /etc/csync2.cnf
It works on the following principle.
You specify logical groups of servers and indicate what they have in common?
For example, I use internal addressing not by IP, but by hostname, respectively, I want the / etc / hosts file on all machines to be the same, and when adding a new node, it was enough for me to change it once, all changes would leak to the rest of the cluster nodes and they knew who app3 was , for example.
On LoadBalancers, I have nginx, which should also have the same config on different machines.
So in the config file, I combine my servers into logical groups:
# All servers synchronize the base set of configs
Now run csync2 with the instruction to synchronize everything that can be synchronized:
After the initial authorization, all hosts are synchronized and the files you specify will be the same on all nodes.
If something went wrong, run
etc.
I csync2 swore at the lack of access to the / etc / hosts entry on other machines, this problem resolved itself after csync2 was also running on them for the first time.
If csync2 swears on SSL - check whether the file /etc/csync2.cluster.key is copied to all hosts and correctly specified in the config.
I didn’t have any other problems, if you have something else - write, let's see.
Synchronization of all necessary configs is cool, I put configs from mysql, php, nginx and so on in csync2. It turned out to be very convenient to put the config from csync2 into csync2 itself (almost recursion).
But just syncing files is not everything.
After changing the nginx files, you must restart it! And if it needs to be done on a hundred machines?
We add to the group of servers with the same role on which nginx is installed:
The remarkable action item allows us to execute an arbitrary bash command after changes in certain files, in the specified example it will restart nginx.
I pay attention that the reload command, but not restart is executed. If, God forbid, you do not put a comma in the nginx config and it falls on a hundred machines, you will also quickly correct the error and on a hundred machines it will recover. In principle, it will be possible to change the config csync2, but this will take precious time downtime.
So, we got a very safe opportunity to edit the configs we are used to without any tricks, as if we had only one server, and change the changes to N other servers.
I note that csync2 does not have a head server, so changes can be made to any node and after running csync2 -x, changes will spill over to the others.
I synchronize via csync2 not only configs, but the actual project files themselves, some of which are uploaded by users, so I simply put csync2 in kroner (chase how many nodes I did? Right, on one and one time!
The other day I put the authorized_keys file in csync2 and now from my machine I go to any node without entering a password. It's great when passwords on all nodes are complex and different. You can also copy the hosts file to your computer and go to the nodes by their internal names.
Believe me, when you install, configure and debug a cluster of even seven, like my machines, it will save you a ton of time.
Running csync2 is very simple. The list of all files that you synchronize is stored in a local sqlite database and checked by the timestamp. It will not work to store hundreds of gigabytes of files there, but he scatters my 5-6 Gb scattered across several tens of thousands of files quite successfully. If you have more files, do not put csync2 in frequent crowns, it will start a bunch of copies and the servers will start to slow down. The base csync2 can be cleaned and generally carried out with it all sorts of manipulations. The program documentation (link below) also indicates the structure of the database used, so there is a lot of scope for creativity.
There are systems that allow nodes to load remote configs. I didn't like them, but if you change cars in a cluster every day, you should look at them: Chef , Puppet .
============================
Useful links:
Csync2 documentation ( PDF )
Official csync2 website: http://oss.linbit.com/csync2/
In this case, I'm not going to consider the cluster architecture or debugging nuances, but tell you about a very convenient way to manage the cluster, speeding up its configuration and debugging.
Agree, it is convenient to have a set of files (for example, configs), which will always look the same on servers with the same role? Under the cut, I'll tell you how to achieve this in the shortest possible time.
In the described cluster, seven dedicated servers that communicate with each other over the internal network with the following hostname:
Load Balancers lb1 lb2
Application Servers app1 app2
Database Servers db1 db2
Backup server bckp1
And the hero of today's story is csync2 , a rather old program that is available in many nix repositories, and can also be downloaded as a tarball or from a git repository .
')
So, step by step guide to installing, configuring and deriving benefit from csync2.
Installation
The installation must be performed on all nodes of the cluster:
From debian \ ubuntu repositories
apt-get install csync2 -y
From source
Before installing, make sure that you have librsync on your system
Otherwise, you need to download librsync-0.9.7.tar.gz ,
and install it
tar -xf librsync-0.9.7.tar.gz && cd librsync-0.9.7
./configure && make
make install
Also, csync2 hopes for libsqlite , which can also be compiled from source codes:
wget www.sqlite.org/sqlite-autoconf-3070603.tar.gz && tar -xf sqlite-autoconf-3070603.tar.gz && cd sqlite-autoconf-3070603
./configure && make
make install
Or you can use a rather unusual way, specifying the path to the tarball with the library when configuring (./configure) csync2:
./configure --with-libsqlite-source=/path/to/libsqlite.tar.gz
I did not receive any other requirements, and due to age, the program has precompiled packages for most OSs ( RedHat RPM , apt-get \ aptitude install csync2, FreeBSD ports )
Compile csync2 itself
cd /usr/local/src && wget oss.linbit.com/csync2/csync2-1.34.tar.gz
tar -xf csync2-1.34.tar.gz && cd csync2-1.34
./configure && make
make install
I performed all operations under Ubuntu 10.04 LTS, where csync2 is installed in one line.
If something went wrong in your OS - write in the comments, I will try to help.
Primary setup
So, we have installed csync2 on all nodes, we need to connect them together and make them exchange files with each other.
csync2 exchanges files through an encrypted SSL connection, so you need to create a single csync2 certificate that will allow servers to “trust” each other:
According to the instructions, you can execute the command in the source folder.
make cert
or (as I did) generate the certificate manually:
openssl genrsa -out /etc/csync2_ssl_key.pem 1024
openssl req -new -key /etc/csync2_ssl_key.pem -out /etc/csync2_ssl_cert.csr
openssl x509 -req -days 600 -in /etc/csync2_ssl_cert.csr -signkey /etc/csync2_ssl_key.pem -out /etc/csync2_ssl_cert.pem
After that, you need to start generating the csync2 key:
csync2 -k /etc/csync2.cluster.key
This command takes quite a long time, after which the file /etc/csync2.cluster.key appears
Now you need to copy it to all the nodes of your cluster so that they will be in a single sync cloud. You can create several keys so that, for example, the database servers cannot communicate with the Application servers, but in my opinion it is not at all necessary if you do not build a cluster for the bank.
First sync
The most important program file is /etc/csync2.cnf
It works on the following principle.
You specify logical groups of servers and indicate what they have in common?
For example, I use internal addressing not by IP, but by hostname, respectively, I want the / etc / hosts file on all machines to be the same, and when adding a new node, it was enough for me to change it once, all changes would leak to the rest of the cluster nodes and they knew who app3 was , for example.
On LoadBalancers, I have nginx, which should also have the same config on different machines.
So in the config file, I combine my servers into logical groups:
# All servers synchronize the base set of configs
group all {
# IP,
host app1 app2;
host db1 db2;
host lb1 lb2;
host bckp1;
#
key /etc/csync2.cluster.key;
# \ ?
include /etc/hosts; # hosts
include /etc/csync2.cfg; # ! csync2 ! ;)
auto younger;# ? -
}
# LoadBalancer' nginx
group lb {
host lb1 lb2;
key /etc/csync2.cluster.key;
include /etc/nginx/*;
auto younger;
}
Now run csync2 with the instruction to synchronize everything that can be synchronized:
csync2 -x
After the initial authorization, all hosts are synchronized and the files you specify will be the same on all nodes.
Possible problems
If something went wrong, run
csync2 -xv
csync2 -xvv
etc.
I csync2 swore at the lack of access to the / etc / hosts entry on other machines, this problem resolved itself after csync2 was also running on them for the first time.
If csync2 swears on SSL - check whether the file /etc/csync2.cluster.key is copied to all hosts and correctly specified in the config.
I didn’t have any other problems, if you have something else - write, let's see.
Goodies
Synchronization of all necessary configs is cool, I put configs from mysql, php, nginx and so on in csync2. It turned out to be very convenient to put the config from csync2 into csync2 itself (almost recursion).
But just syncing files is not everything.
After changing the nginx files, you must restart it! And if it needs to be done on a hundred machines?
We add to the group of servers with the same role on which nginx is installed:
group lb {
host lb1;
host lb2;
key /etc/csync2.cluster.key;
include /etc/nginx; #
action {
pattern /etc/nginx/*; # , ?
exec "/etc/init.d/nginx reload "; # ?
logfile "/var/log/csync2.actions.log"; # ?
do-local; # , , , ,
}
auto younger;
}
The remarkable action item allows us to execute an arbitrary bash command after changes in certain files, in the specified example it will restart nginx.
I pay attention that the reload command, but not restart is executed. If, God forbid, you do not put a comma in the nginx config and it falls on a hundred machines, you will also quickly correct the error and on a hundred machines it will recover. In principle, it will be possible to change the config csync2, but this will take precious time downtime.
Conclusion
So, we got a very safe opportunity to edit the configs we are used to without any tricks, as if we had only one server, and change the changes to N other servers.
I note that csync2 does not have a head server, so changes can be made to any node and after running csync2 -x, changes will spill over to the others.
I synchronize via csync2 not only configs, but the actual project files themselves, some of which are uploaded by users, so I simply put csync2 in kroner (chase how many nodes I did? Right, on one and one time!
Lotions:
The other day I put the authorized_keys file in csync2 and now from my machine I go to any node without entering a password. It's great when passwords on all nodes are complex and different. You can also copy the hosts file to your computer and go to the nodes by their internal names.
Believe me, when you install, configure and debug a cluster of even seven, like my machines, it will save you a ton of time.
Little about the device
Running csync2 is very simple. The list of all files that you synchronize is stored in a local sqlite database and checked by the timestamp. It will not work to store hundreds of gigabytes of files there, but he scatters my 5-6 Gb scattered across several tens of thousands of files quite successfully. If you have more files, do not put csync2 in frequent crowns, it will start a bunch of copies and the servers will start to slow down. The base csync2 can be cleaned and generally carried out with it all sorts of manipulations. The program documentation (link below) also indicates the structure of the database used, so there is a lot of scope for creativity.
Analogs
There are systems that allow nodes to load remote configs. I didn't like them, but if you change cars in a cluster every day, you should look at them: Chef , Puppet .
============================
Useful links:
Csync2 documentation ( PDF )
Official csync2 website: http://oss.linbit.com/csync2/
Source: https://habr.com/ru/post/120702/
All Articles