SQL Server AG 配合Pacemaker完成三節(jié)點(diǎn)讀寫分離 On Centos7.8

文檔內(nèi)無特別說明時(shí)命令在所有節(jié)點(diǎn)執(zhí)行先鱼,本文以ROOT身份操作

按照本文檔將會完成以下內(nèi)容:

  1. 安裝SQL Server 2019
  2. SQL多節(jié)點(diǎn)證書信任互訪
  3. SQL鏡像端點(diǎn)配置
  4. 配置Always On可用組
  5. 配置Pacemaker在SQL登錄權(quán)限
  6. 安裝Pacemaker
  7. 配置mssql-ag
  8. 配置虛擬IP
用途 主機(jī)名 IP
主節(jié)點(diǎn) node01 1.1.1.11
輔助節(jié)點(diǎn) node02 1.1.1.12
輔助節(jié)點(diǎn) node03 1.1.1.13
偵聽器VIP mssql 1.1.1.10

以下正文


添加YUM源并安裝

curl -o /etc/yum.repos.d/mssql-server.repo https://packages.microsoft.com/config/rhel/7/mssql-server-2019.repo
yum install -y  mssql-server mssql-server-ha

免交互安裝MSSQL

MSSQL_PID=Developer ACCEPT_EULA=Y MSSQL_SA_PASSWORD='Demon@666' /opt/mssql/bin/mssql-conf -n setup

開放防火墻

firewall-cmd --zone=public --add-port=1433/tcp --permanent
firewall-cmd --reload

安裝MSSQL客戶端環(huán)境

curl -o /etc/yum.repos.d/msprod.repo https://packages.microsoft.com/config/rhel/8/prod.repo
yum install -y mssql-tools unixODBC-devel
##在彈出的許可確認(rèn),輸入YES后回車?yán)^續(xù)

加入環(huán)境變量蔬蕊,使命令可用

echo 'export PATH="$PATH:/opt/mssql-tools/bin"' >> ~/.bash_profile
echo 'export PATH="$PATH:/opt/mssql-tools/bin"' >> ~/.bashrc
source ~/.bashrc

添加hosts解析及變更主機(jī)名

echo "1.1.1.11 node01" >> /etc/hosts
echo "1.1.1.12 node02" >> /etc/hosts
echo "1.1.1.13 node03" >> /etc/hosts
echo "1.1.1.10 mssql" >> /etc/hosts

修改主機(jī)名镶奉,在各節(jié)點(diǎn)分別執(zhí)行

node01:

hostnamectl set-hostname node01

node02

hostnamectl set-hostname node02

node03:

hostnamectl set-hostname node03

開啟可用性功能

/opt/mssql/bin/mssql-conf set hadr.hadrenabled 1
systemctl restart mssql-server

注意SQL語句命令中莺奔,每一個(gè)GO結(jié)束要等待確認(rèn)執(zhí)行完成后再繼續(xù)操作,否則會報(bào)錯(cuò)

創(chuàng)建主密鑰,導(dǎo)出證書并開啟鏡像端口

node01:

sqlcmd -S localhost -U SA -P 'Demon@666'
##---下面是SQL命令---
CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'Demon@666';
GO
CREATE CERTIFICATE node01_Cert
WITH SUBJECT = 'node01 AG Certificate',
EXPIRY_DATE = '09/09/2099';
GO
BACKUP CERTIFICATE node01_Cert
TO FILE = '/var/opt/mssql/data/node01_Cert.cer';
GO
CREATE ENDPOINT AGEP
STATE = STARTED
AS TCP (
    LISTENER_PORT = 5022,
    LISTENER_IP = ALL)
FOR DATABASE_MIRRORING (
    AUTHENTICATION = CERTIFICATE node01_Cert,
    ROLE = ALL);
GO
exit

node02:

sqlcmd -S localhost -U SA -P 'Demon@666'
##---下面是SQL命令---
CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'Demon@666';
GO
CREATE CERTIFICATE node02_Cert
WITH SUBJECT = 'node02 AG Certificate',
EXPIRY_DATE = '09/09/2099';
GO
BACKUP CERTIFICATE node02_Cert
TO FILE = '/var/opt/mssql/data/node02_Cert.cer';
GO
CREATE ENDPOINT AGEP
STATE = STARTED
AS TCP (
    LISTENER_PORT = 5022,
    LISTENER_IP = ALL)
FOR DATABASE_MIRRORING (
    AUTHENTICATION = CERTIFICATE node02_Cert,
    ROLE = ALL);
GO
exit

node03:

sqlcmd -S localhost -U SA -P 'Demon@666'
##---下面是SQL命令---
CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'Demon@666';
GO
CREATE CERTIFICATE node03_Cert
WITH SUBJECT = 'node03 AG Certificate',
EXPIRY_DATE = '09/09/2099';
GO
BACKUP CERTIFICATE node03_Cert
TO FILE = '/var/opt/mssql/data/node03_Cert.cer';
GO
CREATE ENDPOINT AGEP
STATE = STARTED
AS TCP (
    LISTENER_PORT = 5022,
    LISTENER_IP = ALL)
FOR DATABASE_MIRRORING (
    AUTHENTICATION = CERTIFICATE node03_Cert,
    ROLE = ALL);
GO
exit

放行鏡像需要的端口

firewall-cmd --zone=public --add-port=5022/tcp --permanent
firewall-cmd --reload

將導(dǎo)出的證書復(fù)制到各節(jié)點(diǎn)相同位置

node01:

scp node02:/var/opt/mssql/data/node* /var/opt/mssql/data/
scp node03:/var/opt/mssql/data/node* /var/opt/mssql/data/
chown mssql. /var/opt/mssql/data/node*

node02:

scp node01:/var/opt/mssql/data/node* /var/opt/mssql/data/
scp node03:/var/opt/mssql/data/node* /var/opt/mssql/data/
chown mssql. /var/opt/mssql/data/node*

node03:

scp node01:/var/opt/mssql/data/node* /var/opt/mssql/data/
scp node02:/var/opt/mssql/data/node* /var/opt/mssql/data/
chown mssql. /var/opt/mssql/data/node*

將各節(jié)點(diǎn)證書到數(shù)據(jù)庫內(nèi)栈虚,完成鏡像節(jié)點(diǎn)互信

node01:

sqlcmd -S localhost -U SA -P 'Demon@666'
##---下面是SQL命令---
CREATE LOGIN node02Login WITH PASSWORD = 'Demon@666';
GO
CREATE USER node02User FOR LOGIN node02Login;
GO
CREATE CERTIFICATE node02_Cert
AUTHORIZATION node02User
FROM FILE = '/var/opt/mssql/data/node02_Cert.cer';
GO
CREATE LOGIN node03Login WITH PASSWORD = 'Demon@666';
GO
CREATE USER node03User FOR LOGIN node03Login;
GO
CREATE CERTIFICATE node03_Cert
AUTHORIZATION node03User
FROM FILE = '/var/opt/mssql/data/node03_Cert.cer';
GO
GRANT CONNECT ON ENDPOINT::AGEP TO node02Login;
GO
GRANT CONNECT ON ENDPOINT::AGEP TO node03Login;
GO
exit

node02:

sqlcmd -S localhost -U SA -P 'Demon@666'
##---下面是SQL命令---
CREATE LOGIN node01Login WITH PASSWORD = 'Demon@666';
GO
CREATE USER node01User FOR LOGIN node01Login;
GO
CREATE CERTIFICATE node01_Cert
AUTHORIZATION node01User
FROM FILE = '/var/opt/mssql/data/node01_Cert.cer';
GO
CREATE LOGIN node03Login WITH PASSWORD = 'Demon@666';
GO
CREATE USER node03User FOR LOGIN node03Login;
GO
CREATE CERTIFICATE node03_Cert
AUTHORIZATION node03User
FROM FILE = '/var/opt/mssql/data/node03_Cert.cer';
GO
GRANT CONNECT ON ENDPOINT::AGEP TO node01Login;
GO
GRANT CONNECT ON ENDPOINT::AGEP TO node03Login;
GO
exit

node03:

sqlcmd -S localhost -U SA -P 'Demon@666'
##---下面是SQL命令---
CREATE LOGIN node01Login WITH PASSWORD = 'Demon@666';
GO
CREATE USER node01User FOR LOGIN node01Login;
GO
CREATE CERTIFICATE node01_Cert
AUTHORIZATION node01User
FROM FILE = '/var/opt/mssql/data/node01_Cert.cer';
GO
CREATE LOGIN node02Login WITH PASSWORD = 'Demon@666';
GO
CREATE USER node02User FOR LOGIN node02Login;
GO
CREATE CERTIFICATE node02_Cert
AUTHORIZATION node02User
FROM FILE = '/var/opt/mssql/data/node02_Cert.cer';
GO
GRANT CONNECT ON ENDPOINT::AGEP TO node02Login;
GO
GRANT CONNECT ON ENDPOINT::AGEP TO node01Login;
GO
exit

創(chuàng)建AG集群

node01:

sqlcmd -S localhost -U SA -P 'Demon@666'
##---下面是SQL命令---
CREATE AVAILABILITY GROUP [AG01]
WITH (CLUSTER_TYPE = EXTERNAL)
FOR REPLICA ON
 N'node01' WITH (
   ENDPOINT_URL = N'TCP://node01:5022',
   FAILOVER_MODE = EXTERNAL,
   SEEDING_MODE = AUTOMATIC,
   AVAILABILITY_MODE = SYNCHRONOUS_COMMIT,
   PRIMARY_ROLE (ALLOW_CONNECTIONS = READ_WRITE, READ_ONLY_ROUTING_LIST = (('node02','node03'))),
   SECONDARY_ROLE (ALLOW_CONNECTIONS = ALL, READ_ONLY_ROUTING_URL = N'TCP://node01:1433')),
N'node02' WITH (
   ENDPOINT_URL = N'TCP://node02:5022',
   FAILOVER_MODE = EXTERNAL,
   SEEDING_MODE = AUTOMATIC,
   AVAILABILITY_MODE = SYNCHRONOUS_COMMIT,
   PRIMARY_ROLE (ALLOW_CONNECTIONS = READ_WRITE, READ_ONLY_ROUTING_LIST = (('node01','node03'))),
   SECONDARY_ROLE (ALLOW_CONNECTIONS = ALL, READ_ONLY_ROUTING_URL = N'TCP://node02:1433')),
N'node03' WITH (
   ENDPOINT_URL = N'TCP://node03:5022',
   FAILOVER_MODE = EXTERNAL,
   SEEDING_MODE = AUTOMATIC,
   AVAILABILITY_MODE = SYNCHRONOUS_COMMIT,
   PRIMARY_ROLE (ALLOW_CONNECTIONS = READ_WRITE, READ_ONLY_ROUTING_LIST = (('node01','node02'))),
   SECONDARY_ROLE (ALLOW_CONNECTIONS = ALL, READ_ONLY_ROUTING_URL = N'TCP://node03:1433'))
LISTENER 'mssql' (WITH IP ( ('1.1.1.10','255.255.255.0') ), Port = 1433);
GO
exit

將輔助節(jié)點(diǎn)鏈接到AG

node02:

sqlcmd -S localhost -U SA -P 'Demon@666'
##---下面是SQL命令---
ALTER AVAILABILITY GROUP [AG01] JOIN WITH (CLUSTER_TYPE = EXTERNAL);
GO
ALTER AVAILABILITY GROUP [AG01] GRANT CREATE ANY DATABASE;
GO
exit

node03:

sqlcmd -S localhost -U SA -P 'Demon@666'
##---下面是SQL命令---
ALTER AVAILABILITY GROUP [AG01] JOIN WITH (CLUSTER_TYPE = EXTERNAL);
GO
ALTER AVAILABILITY GROUP [AG01] GRANT CREATE ANY DATABASE;
GO
exit

在主節(jié)點(diǎn)創(chuàng)建數(shù)據(jù)庫并加入AG

node01:

sqlcmd -S localhost -U SA -P 'Demon@666'
##---下面是SQL命令---
CREATE DATABASE [demondb];
ALTER DATABASE [demondb] SET RECOVERY FULL;
BACKUP DATABASE [demondb] 
TO DISK = N'/var/opt/mssql/data/demondb.bak';
GO
ALTER AVAILABILITY GROUP [AG01] ADD DATABASE [demondb];
GO
exit

為 Pacemaker 創(chuàng)建 SQL Server 登錄和權(quán)限

node01:

sqlcmd -S localhost -U SA -P 'Demon@666'
##---下面是SQL命令---
CREATE LOGIN PMLogin WITH PASSWORD ='Demon@666';
GO
GRANT VIEW SERVER STATE TO PMLogin;
GO
GRANT ALTER, CONTROL, VIEW DEFINITION ON AVAILABILITY GROUP::AG01 TO PMLogin;
GO
exit

為 Pacemaker 創(chuàng)建 SQL Server 登錄和權(quán)限

echo 'PMLogin' > /var/opt/mssql/secrets/passwd
echo 'Demon@666' >> /var/opt/mssql/secrets/passwd
chown root:root /var/opt/mssql/secrets/passwd 
chmod 400 /var/opt/mssql/secrets/passwd

安裝Pacemaker

yum -y install pacemaker pcs fence-agents-all resource-agents
firewall-cmd --permanent --add-service=high-availability
firewall-cmd --reload
systemctl enable pcsd
systemctl start pcsd
systemctl enable pacemaker
##---為Pacemaker 和 Corosync 包時(shí)創(chuàng)建的默認(rèn)用戶設(shè)置密碼---
passwd hacluster
##---在各節(jié)點(diǎn)設(shè)置相同的密碼---

配置Pacemaker

node01:

pcs cluster auth node01 node02 node03 -u hacluster
##---輸入前面設(shè)置的密碼---
pcs cluster setup --name mssql node01 node02  node03 --start --all --enable
pcs cluster start --all
pcs cluster enable --all
pcs cluster cib cfg
##綁定AG組
pcs -f cfg resource create mssql ocf:mssql:ag ag_name=AG01 meta failover-timeout=5s master notify=true
##綁定虛擬IP
pcs -f cfg resource create mssql-vip ocf:heartbeat:IPaddr2 ip=1.1.1.10 cidr_netmask=24
pcs -f cfg constraint colocation add  mssql-vip mssql-master INFINITY with-rsc-role=Master
pcs cluster cib-push cfg
##使虛擬IP隨主節(jié)點(diǎn)遷移
pcs constraint order promote mssql-master then start mssql-vip
pcs property set stonith-enabled=false
##驗(yàn)證當(dāng)前的集群配置是否有錯(cuò)誤,正常情況無輸出
crm_verify -L -V
##檢查狀態(tài)
pcs status

不加入任何參數(shù)直接訪問VIP時(shí)史隆,將訪問主服務(wù)器進(jìn)行讀寫魂务,執(zhí)行讀取操作時(shí),加入ApplicationIntent=ReadOnly參數(shù)泌射,會僅從輔助節(jié)點(diǎn)讀取數(shù)據(jù)粘姜。執(zhí)行寫入操作時(shí)加入ApplicationIntent=ReadOnly參數(shù),會返回一個(gè)報(bào)錯(cuò)魄幕。


到此結(jié)束

最后編輯于
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請聯(lián)系作者
  • 序言:七十年代末相艇,一起剝皮案震驚了整個(gè)濱河市,隨后出現(xiàn)的幾起案子纯陨,更是在濱河造成了極大的恐慌坛芽,老刑警劉巖,帶你破解...
    沈念sama閱讀 211,639評論 6 492
  • 序言:濱河連續(xù)發(fā)生了三起死亡事件翼抠,死亡現(xiàn)場離奇詭異咙轩,居然都是意外死亡,警方通過查閱死者的電腦和手機(jī)阴颖,發(fā)現(xiàn)死者居然都...
    沈念sama閱讀 90,277評論 3 385
  • 文/潘曉璐 我一進(jìn)店門活喊,熙熙樓的掌柜王于貴愁眉苦臉地迎上來,“玉大人量愧,你說我怎么就攤上這事钾菊。” “怎么了偎肃?”我有些...
    開封第一講書人閱讀 157,221評論 0 348
  • 文/不壞的土叔 我叫張陵煞烫,是天一觀的道長。 經(jīng)常有香客問我累颂,道長滞详,這世上最難降的妖魔是什么? 我笑而不...
    開封第一講書人閱讀 56,474評論 1 283
  • 正文 為了忘掉前任紊馏,我火速辦了婚禮料饥,結(jié)果婚禮上,老公的妹妹穿的比我還像新娘朱监。我一直安慰自己岸啡,他們只是感情好,可當(dāng)我...
    茶點(diǎn)故事閱讀 65,570評論 6 386
  • 文/花漫 我一把揭開白布赫编。 她就那樣靜靜地躺著凰狞,像睡著了一般篇裁。 火紅的嫁衣襯著肌膚如雪。 梳的紋絲不亂的頭發(fā)上赡若,一...
    開封第一講書人閱讀 49,816評論 1 290
  • 那天,我揣著相機(jī)與錄音团甲,去河邊找鬼逾冬。 笑死,一個(gè)胖子當(dāng)著我的面吹牛躺苦,可吹牛的內(nèi)容都是我干的身腻。 我是一名探鬼主播,決...
    沈念sama閱讀 38,957評論 3 408
  • 文/蒼蘭香墨 我猛地睜開眼匹厘,長吁一口氣:“原來是場噩夢啊……” “哼嘀趟!你這毒婦竟也來了?” 一聲冷哼從身側(cè)響起愈诚,我...
    開封第一講書人閱讀 37,718評論 0 266
  • 序言:老撾萬榮一對情侶失蹤她按,失蹤者是張志新(化名)和其女友劉穎,沒想到半個(gè)月后炕柔,有當(dāng)?shù)厝嗽跇淞掷锇l(fā)現(xiàn)了一具尸體酌泰,經(jīng)...
    沈念sama閱讀 44,176評論 1 303
  • 正文 獨(dú)居荒郊野嶺守林人離奇死亡,尸身上長有42處帶血的膿包…… 初始之章·張勛 以下內(nèi)容為張勛視角 年9月15日...
    茶點(diǎn)故事閱讀 36,511評論 2 327
  • 正文 我和宋清朗相戀三年匕累,在試婚紗的時(shí)候發(fā)現(xiàn)自己被綠了陵刹。 大學(xué)時(shí)的朋友給我發(fā)了我未婚夫和他白月光在一起吃飯的照片。...
    茶點(diǎn)故事閱讀 38,646評論 1 340
  • 序言:一個(gè)原本活蹦亂跳的男人離奇死亡欢嘿,死狀恐怖衰琐,靈堂內(nèi)的尸體忽然破棺而出,到底是詐尸還是另有隱情炼蹦,我是刑警寧澤羡宙,帶...
    沈念sama閱讀 34,322評論 4 330
  • 正文 年R本政府宣布,位于F島的核電站框弛,受9級特大地震影響辛辨,放射性物質(zhì)發(fā)生泄漏。R本人自食惡果不足惜瑟枫,卻給世界環(huán)境...
    茶點(diǎn)故事閱讀 39,934評論 3 313
  • 文/蒙蒙 一斗搞、第九天 我趴在偏房一處隱蔽的房頂上張望。 院中可真熱鬧慷妙,春花似錦僻焚、人聲如沸。這莊子的主人今日做“春日...
    開封第一講書人閱讀 30,755評論 0 21
  • 文/蒼蘭香墨 我抬頭看了看天上的太陽隙弛。三九已至,卻和暖如春狞山,著一層夾襖步出監(jiān)牢的瞬間全闷,已是汗流浹背。 一陣腳步聲響...
    開封第一講書人閱讀 31,987評論 1 266
  • 我被黑心中介騙來泰國打工萍启, 沒想到剛下飛機(jī)就差點(diǎn)兒被人妖公主榨干…… 1. 我叫王不留总珠,地道東北人。 一個(gè)月前我還...
    沈念sama閱讀 46,358評論 2 360
  • 正文 我出身青樓勘纯,卻偏偏與公主長得像局服,于是被迫代替她去往敵國和親。 傳聞我的和親對象是個(gè)殘疾皇子驳遵,可洞房花燭夜當(dāng)晚...
    茶點(diǎn)故事閱讀 43,514評論 2 348

推薦閱讀更多精彩內(nèi)容