centos 7 cluster

Procedura di setup Centos 7:

yum install epel-release.noarch
yum install net-tools
yum install psmisc
yum install httpd
yum install perl
yum install perl-Digest-MD5
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm
yum install -y kmod-drbd84 drbd84-utils
crm_verify -L -V
/bin/systemctl start  pacemaker.service
crmadmin configure property stonith-enabled=false
service corosync restart
service pacemaker restart
yum install nmap
yum install open-vm-tools
service vmtoolsd start
systemctl enable vmtoolsd
yum install acpid
yum install unzip
yum install mod_ssl.x86_64

Configurazione cluster unicast:

logging {
        fileline: off
        to_logfile: yes
        logfile: /var/log/cluster/corosync.log
        to_stderr: no
        debug: off
        timestamp: on
        to_syslog: yes
        logger_subsys {
                subsys: QUORUM
                debug: off
        }
}
totem {
        version: 2
        token: 3000
        secauth: on
        rrp_mode: active
        interface {
                member {
                        memberaddr: 172.31.252.41
                }
                member {
                        memberaddr: 172.31.252.42
                }
                ringnumber: 0
                bindnetaddr: 172.31.252.0
                mcastport: 694
                ttl: 1
        }
        transport: udpu
}
quorum {
        provider: corosync_votequorum
        expected_votes: 2
}
</code>
Configurazione Apache come reverse proxy:
<code>
<VirtualHost *:80>
        ServerName webmail.xxxx.it
        Redirect    /   https://webmail.xxxx.it/
        #    ProxyRequests Off
        #    <Proxy *>
        #        Order deny,allow
        #        Allow from all
        #    </Proxy>
        #    ProxyPass / http://XX.XX.XX.XX/
        #    ProxyPassReverse / http://XX.XX.XX.XX/
</VirtualHost>
<VirtualHost *:443>
        ServerName webmail.xxxx.it
        RewriteEngine on
        ProxyPass           /        http://XX.XX.XX.XX/          retry=0 ttl=120 timeout=120
        ProxyPassReverse    /        http://XX.XX.XX.XX/
        <IfModule mod_ssl.c>
                SSLEngine On
                SSLProtocol all -SSLv2 -SSLv3
                SSLHonorCipherOrder on
                SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"
                #SSLSessionCache         shmcb:/run/httpd/sslcache(512000)
                #SSLSessionCacheTimeout  300
                #128bit
                #SSLProtocol ALL -SSLv2
                #SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DS
                # 40 bit
                #SSLCipherSuite ALL:!ADH:!EXPORT56:!EXPORT40:!SSLv2:!LOW
                SSLCertificateFile /etc/httpd/ssl/2017/STAR_xxxx_it.crt
                SSLCertificateChainFile /etc/httpd/ssl/2017/COMODORSADomainValidationSecureServerCA.crt
                SSLCertificateKeyFile /etc/httpd/ssl/2017/xxxx.it.key
                ErrorDocument 403 http://www.xxxx.it/
                ErrorDocument 404 http://www.xxxx.it/
        </IfModule>
        ProxyRequests on
        ProxyVia on
        AddOutputFilterByType SUBSTITUTE text/html
</VirtualHost>

Configurazione di sicurezza vari servizi:

https://cipherli.st/
Read more
No Comments