ê³ ê°€ìš©ì„± 구성(HA구성)
=============================
ZTNA ì‹œìŠ¤í…œì´ ì •ìƒì ì¸ ì„œë¹„ìŠ¤ë¥¼ ì œê³µí• ìˆ˜ 없게 ë˜ì—ˆì„ ë•Œ ì´ì¤‘í™” êµ¬ì„±ì„ í†µí•´ 서비스 ì¤‘ë‹¨ì´ ì—†ë„ë¡ í•´ì£¼ëŠ” ê³ ê°€ìš©ì„± ê¸°ëŠ¥ì„ ì œê³µí•©ë‹ˆë‹¤.
하나는 Activeë¡œ ë™ìž‘하면서 서비스를 ì œê³µí•˜ê³ , 나머지 하나는 Standbyë¡œ ë™ìž‘하면서 Active ìž¥ë¹„ì˜ ë™ìž‘ìƒíƒœë¥¼ 모니터ë§í•©ë‹ˆë‹¤. ì´ë¥¼ 위해서 표준 VRRP í”„ë¡œí† ì½œì„ ì‚¬ìš©í•©ë‹ˆë‹¤.
- **Group** - VRRP 그룹 ID
- **Linkupdelay** – ì¸í„°íŽ˜ì´ìŠ¤ê°€ 활성화 ë 때까지 기다릴 시간
- **No-Virtual-Mac** – Masterë¡œ ì „í™˜ í• ë•Œ ì¸í„°íŽ˜ì´ìŠ¤ì˜ MAC 주소를 Virtual-MACë¡œ 변환하지 않습니다.
- **Nopreempt** – ìš°ì„ ìˆœìœ„ì— ê´€ê³„ì—†ì´ ë§ˆìŠ¤í„°ê°€ ìš°ì„ ì ìš©
- **Priority** – ìš°ì„ ìˆœìœ„ ê°’. 가장 ë†’ì€ ê°€ì¹˜ëŠ” 마스터
- **Timeout** – VRRP 패킷 ì†ì‹¤ 대기 시간
- **Virtual-IP** – 장치 ë° UI ìš© ê³µìœ IP
SSHê°€ ì„¤ì •ë˜ì§€ ì•Šì€ ê²½ìš° ì„œë²„ì— ëŒ€í•œ 시리얼콘솔 ì—°ê²°
-----------------------------------------------------
- Protocol: **Serial**
- Port: **COM1**
- Baud Rate: **115200** (*9600 for Mini-PC*)
- Data Bits: **8**
- Parity: **None**
- Stop Bits: **1**
HAêµ¬ì„±ì„ ìœ„í•´ 서버를 ì„¤ì •í•˜ëŠ” 방법
----------------------------------------------
#. ì¤€ë¹„ëœ ìž¥ë¹„ë¥¼ 네트워í¬ì— 연결합니다.
#. CLI(Command Line Interface)ì— ì—°ê²°í•˜ì—¬ ê° ì„œë²„ì— ì—°ê²°í•©ë‹ˆë‹¤.
#. 현재 ì„¤ì •ì„ ë³´ë ¤ë©´ show êµ¬ì„±ì„ ì‹¤í–‰í•˜ì‹ì‹œì˜¤. (*ë‘ëŒ€ì˜ ì •ì±…ì„œë²„ Device-ID는 ë™ì¼í•´ì•¼í•˜ë¯€ë¡œ 기ë¡í•©ë‹ˆë‹¤.*)
#. ì „ì— ì„¤ì •ëª¨ë“œë¡œ 들어갑니다. ( configure terminal )
#. ê° ì„œë²„ì—ì„œ ë‹¤ìŒ ì„¤ì •ì„ ìˆœì„œëŒ€ë¡œ ìž…ë ¥í•©ë‹ˆë‹¤.
Primary ì •ì±… 서버
--------------------
.. code:: bash
1. Interative Wizard
2. Manual Configration
Select installation type: 2
Enter administrator username (4-31 characters) [admin]: [Admin ID]
# Password must contain at least one alphabet, number and special character
Enter administrator password (minimum 9 characters): *********
Re-enter Password:
Welcome to Genian ZTNA
Username: [Admin ID]
Password:
The privileged EXEC mode password is the same as the console login password.
For security reasons please change your password.
Type ‘enable’ to access privileged EXEC mode for password change.
genian> enable
Password:
genian# configure terminal
genian(config)# hostname PRIMARY
PRIMARY(config)# interface eth0 address [IP address] [Subnetmask]
PRIMARY(config)# interface eth0 gateway [Gateway]
PRIMARY(config)# ip default-gateway [Gateway IP]
PRIMARY(config)# ip name-server [DNS IP]
PRIMARY(config)# data-server username [username]
PRIMARY(config)# data-server enable
PRIMARY(config)# data-server password [password]
PRIMARY(config)# data-server access-list [Secondary DB IP]
PRIMARY(config)# data-server replica serverid 1
PRIMARY(config)# data-server replica enable
PRIMARY(config)# log-server enable
PRIMARY(config)# log-server cluster-peers [Primary Policy Server real IP,Secondary Log Server real IP]
PRIMARY(config)# log-server publish-port eth0
PRIMARY(config)# interface eth0 management-server enable
PRIMARY(config)# interface eth0 node-server enable
PRIMARY(config)# interface eth0 ha priority 200
PRIMARY(config)# interface eth0 ha group [HA group ID]
PRIMARY(config)# interface eth0 ha linkupdelay 30
PRIMARY(config)# interface eth0 ha nopreempt enable
PRIMARY(config)# interface eth0 ha timeout 20
PRIMARY(config)# interface eth0 ha virtual-ip [Virtual IP]
PRIMARY(config)# show configuration
cli-pass change interval 0D
cli-pass history num 0
cli-pass minimum age 0D
data-server enable
data-server password ******
data-server replica enable
data-server replica serverid 1
data-server username [username]
device-id xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx (*ë‘ëŒ€ì˜ ì •ì±…ì„œë²„ì˜ Device-id는 ë™ì¼í•´ì•¼í•©ë‹ˆë‹¤*)
hostname PRIMARY
interface eth0 address [IP address] [Subnetmask]
interface eth0 gateway [Gateway IP]
interface eth0 ha group 20
interface eth0 ha linkupdelay 30
interface eth0 ha nopreempt enable
interface eth0 ha priority 200
interface eth0 ha timeout 20
interface eth0 ha virtual-ip [Virtual IP]
interface eth0 management-server enable
interface eth0 node-server enable
ip default-gateway [Gateway IP]
ip name-server [DNS IP]
log-server enable
log-server cluster-name [Cluster name]
log-server cluster-peers [Primary Policy Server real IP,Secondary Log Server real IP]
log-server publish-port eth0
ìŠ¬ë ˆì´ë¸Œ ì •ì±… 서버
-------------------
.. code:: bash
1. Interactive Wizard
2. Manual Configration
Select installation type: 2
Enter administrator username (4-31 characters) [admin]: [Admin ID]
# Password must contain at least one alphabet, number and special character
Enter administrator password (minimum 9 characters):
Re-enter Password:
Welcome to Genian ZTNA
Username: [Admin ID]
Password:
The privileged EXEC mode password is the same as the console login password.
For security reasons please change your password.
Type ‘enable’ to access privileged EXEC mode for password change.
genian> enable
Password:
genian# configure terminal
genian(config)# hostname SECONDARY
genian(config)# device-id xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx (Primary ì •ì±…ì„œë²„ì˜ Device-ID를 ìž…ë ¥)
SECONDARY(config)# interface eth0 address [IP address] [Subnetmask]
SECONDARY(config)# interface eth0 gateway [Gateway IP]
SECONDARY(config)# ip default-gateway [Gateway IP]
SECONDARY(config)# ip name-server [DNS IP]
SECONDARY(config)# data-server username [username]
SECONDARY(config)# data-server enable
SECONDARY(config)# data-server password [password]
SECONDARY(config)# data-server replica serverid 2
SECONDARY(config)# data-server replica enable
SECONDARY(config)# data-server replica masterhost [Primary DB IP]
SECONDARY(config)# data-server replica username [Primary DB username]
SECONDARY(config)# data-server replica password [Primary DB password]
SECONDARY(config)# log-server enable
SECONDARY(config)# log-server cluster-peers [Secondary Policy Server real IP,Primary Log Server real IP]
SECONDARY(config)# log-server publish-port eth0
SECONDARY(config)# interface eth0 management-server enable
SECONDARY(config)# interface eth0 node-server enable
SECONDARY(config)# interface eth0 ha priority 100
SECONDARY(config)# interface eth0 ha group 20
SECONDARY(config)# interface eth0 ha linkupdelay 30
SECONDARY(config)# interface eth0 ha nopreempt enable
SECONDARY(config)# interface eth0 ha timeout 20
SECONDARY(config)# interface eth0 ha virtual-ip [Virtual IP]
SECONDARY(config)# show configuration
cli-pass change interval 0D
cli-pass history num 0
cli-pass minimum age 0D
data-server enable
data-server password ******
data-server replica enable
data-server replica masterhost [Primary DB IP]
data-server replica password ******
data-server replica serverid 2
data-server replica username [Primary DB username]
data-server username [username]
device-id xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
hostname SECONDARY
interface eth0 address [IP address] [Subnetmask]
interface eth0 gateway [Gateway IP]
interface eth0 ha group 20
interface eth0 ha linkupdelay 30
interface eth0 ha nopreempt enable
interface eth0 ha priority 100
interface eth0 ha timeout 20
interface eth0 ha virtual-ip [Virtual IP]
interface eth0 management-server enable
interface eth0 node-server enable
ip default-gateway [Gateway]
log-server enable
log-server cluster-name [Cluster name]
log-server cluster-peers [Secondary Policy Server real IP,Primary Log Server real IPP]
log-server publish-port eth0
Primary 네트워í¬ì„¼ì„œ
-----------------------
.. code:: bash
device-id xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
interface eth0 vlan 10,11,12
interface eth0.10 address [IP address] [Subnetmask]
interface eth0.10 gateway [Gateway IP]
interface eth0.10 ha group [ha group id]
interface eth0.10 ha priority 200
interface eth0.11 address [IP address] [Subnetmask]
interface eth0.11 gateway [Gateway]
interface eth0.12 address [IP address] [Subnetmask]
interface eth0.12 gateway [Gateway]
ip default-gateway [Gateway]
ip name-server [DNS]
node-server ip [Policy Server IP]
SECONDARY 네트워í¬ì„¼ì„œ
---------------------------
.. code:: bash
device-id xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx *(Primary network sensor Device-id)*
interface eth0 vlan 10,11,12
interface eth0.10 address [IP address] [Subnetmask]
interface eth0.10 gateway [Gateway]
interface eth0.10 ha group [ha group id]
interface eth0.10 ha priority 100
interface eth0.11 address [IP address] [Subnetmask]
interface eth0.11 gateway [Gateway]
interface eth0.12 address [IP address] [Subnetmask]
interface eth0.12 gateway [Gateway]
ip default-gateway [Gateway IP]
ip name-server [DNS IP]
node-server ip [Policy Server IP]
.. attention::
| Primary와 Secondary 네트워í¬ì„¼ì„œì˜ Device-id는 ë™ì¼í•´ì•¼í•©ë‹ˆë‹¤.
| Primaryìž¥ë¹„ì— HA ì„¤ì •ëœ ì¸í„°íŽ˜ì´ìŠ¤ê°€ 다운ë˜ê±°ë‚˜ 장비가 다운ë˜ëŠ” 경우ì—만 Failoverê°€ 진행ë©ë‹ˆë‹¤.
| ëª¨ë“ VLAN ì¸í„°íŽ˜ì´ìŠ¤ì— HA ì„¤ì •ì„ í•˜ëŠ” 경우 í•˜ë‚˜ì˜ ì¸í„°íŽ˜ì´ìŠ¤ë¼ë„ ë‹¤ìš´ì´ ë˜ëŠ”경우 Failoverê°€ 진행ë©ë‹ˆë‹¤.
장비 HA 확ì¸í•˜ëŠ” 방법
---------------------------------
.. code:: bash
——————PRIMARY———————
PRIMARY# show ha Status
Status: MASTER
Priority: 200
Group: 50
LinkupDelay: 30
Timeout: 10
Preempt: 0
VirtualIP: [Virtual IP]
——————SECONDARY———————
SECONDARY# show ha Status
Status: SLAVE
Priority: 100
Group: 50
LinkupDelay: 30
Timeout: 10
Preempt: 0
VirtualIP: [Virtual IP]
DB Replicatin 확ì¸í•˜ëŠ” 방법
---------------------------------
.. code:: bash
——————PRIMARY———————
PRIMARY(config)# show dataserver replicastatus
Replication health is good. (Confirm left message is displayed)
==================== Primary Replication Status ====================
Host : [Master DB IP displayed]
File : mysqld.000009 (Master DBì˜ í˜„ìž¬ replication file)
Position : 123456 (Master DBì˜ í˜„ìž¬ replication position)
==================== Secondary Replication Status ====================
Host : [Slave DB IP displayed]
Slave_IO_Running : Yes (YES ë¼ê³ 표시ë˜ì–´ì•¼ ì •ìƒ)
Slave_IO_State : Waiting for master to send event
Slave_SQL_Running : Yes (YES ë¼ê³ 표시ë˜ì–´ì•¼ ì •ìƒ)
Slave_SQL_Running_State : Slave has read all relay log; waiting for the slave I/O thread to update it
Master_Log_File : mysqld.000009 (Master DBì˜ í˜„ìž¬ 로그파ì¼ê³¼ ë™ì¼í•´ì•¼ ì •ìƒ)
Read_Master_Log_Pos : 123456 (Master DBì˜ í˜„ìž¬ 로그í¬ì§€ì…˜ê³¼ ë™ì¼í•´ì•¼ ì •ìƒ)
Relay_Master_Log_File : mysqld.000009
Exec_Master_Log_Pos : 123456
Last_Errno : 0
Last_Error :
Last_IO_Errno : 0
Last_IO_Error :
Last_SQL_Errno : 0
Last_SQL_Error :
Relay_Log_File : mysqld-relay-bin.000026
Relay_Log_Pos : 123456
——————SECONDARY—————–
SECONDARY# show dataserver replicastatus
Replication health is good.(ì´ ë©”ì‹œì§€ëŠ” DB replicationì´ ì •ìƒìž„ì„ ë‚˜íƒ€ëƒ…ë‹ˆë‹¤.)
==================== Primary Replication Status ====================
Host : [Master DB IP displayed]
File : mysqld.000009 (Master DBì˜ í˜„ìž¬ replication file)
Position : 123456 (Master DBì˜ í˜„ìž¬ replication position)
==================== Secondary Replication Status ====================
Host : [Slave DB IP displayed]
Slave_IO_Running : Yes (YES ë¼ê³ 표시ë˜ì–´ì•¼ ì •ìƒ)
Slave_IO_State : Waiting for master to send event
Slave_SQL_Running : Yes (YES ë¼ê³ 표시ë˜ì–´ì•¼ ì •ìƒ)
Slave_SQL_Running_State : Slave has read all relay log; waiting for the slave I/O thread to update it
Master_Log_File : mysqld.000009 (Master DBì˜ í˜„ìž¬ 로그파ì¼ê³¼ ë™ì¼í•´ì•¼ ì •ìƒ)
Read_Master_Log_Pos : 123456 (Master DBì˜ í˜„ìž¬ 로그í¬ì§€ì…˜ê³¼ ë™ì¼í•´ì•¼ ì •ìƒ)
Relay_Master_Log_File : mysqld.000009
Exec_Master_Log_Pos : 123456
Last_Errno : 0
Last_Error :
Last_IO_Errno : 0
Last_IO_Error :
Last_SQL_Errno : 0
Last_SQL_Error :
Relay_Log_File : mysqld-relay-bin.000026
Relay_Log_Pos : 123456
.. attention:: Database ë³µì œ í™•ì¸ ëª…ë ¹ì–´ëŠ” Primary 와 Secondary ì—ì„œ ê°ê° 실행하여 í™•ì¸ ë°”ëžë‹ˆë‹¤.
Bonding 구성
------------------
Bondingì€ ë¬¼ë¦¬ì ì¸ ë‹¤ìˆ˜ì˜ ì¸í„°íŽ˜ì´ìŠ¤ë¥¼ 논리ì 으로 í•˜ë‚˜ì˜ ì¸í„°íŽ˜ì´ìŠ¤ë¡œ 묶어서 사용하는 ê¸°ìˆ ìž…ë‹ˆë‹¤. bondingì€ ë¬¼ë¦¬ì 으로 ì¸í„°íŽ˜ì´ìŠ¤ê°€ 다운ë˜ëŠ”경우를 ëŒ€ë¹„í• ë•Œ 사용합니다.
- ì¼€ì´ë¸”, 물리í¬íŠ¸, ì—°ê²°ëœ ë„¤íŠ¸ì›Œí¬ ìž¥ë¹„ ë‹¤ìš´ë“±ì˜ ìƒí™©ì— 서비스 ê°€ìš©ì„±ì„ ë†’ì´ê¸° 위하여 사용
Bonding ì„¤ì •
'''''''''''''''''''
Bonding ì„¤ì •ì€ ë¬¼ë¦¬ì ì¸ í¬íŠ¸ê°€ 2ê°œ ì´ìƒì¸ ì •ì±…ì„œë²„ì™€ 네트워í¬ì„¼ì„œì—ì„œ ì‚¬ìš©í• ìˆ˜ 있습니다.
**ì •ì±…ì„œë²„ & 네트워í¬ì„¼ì„œ**
.. code:: bash
genians(config)#interface bond0 slave eth0,eth1
genians(config)#interface bond0 address [PolicyServer IP] [Subnetmask]
genians(config)#interface bond0 gateway [gateway IP]
genians(config)#bonding parameters mode=1
#Bonding parameter#
#mode=0: for balance-rr
#mode=1: for active-backup (recommanded)
.. note::
| Bonding ì„¤ì •ì„ í•˜ê¸°ì „ì— ì¸í„°íŽ˜ì´ìŠ¤ì—는 ì–´ë–¤ ì„¤ì •ë„ ì¡´ìž¬í•´ì„œëŠ” 안ë©ë‹ˆë‹¤.
| Bonding parameters ì„¤ì • ì ìš©ì„ ìœ„í•´ì„œ 장비 ë¦¬ë¶€íŒ…ì´ í•„ìš”í•©ë‹ˆë‹¤.
| Bongding ì¸í„°íŽ˜ì´ìŠ¤ë¥¼ 사용하는 경우 장비내 다른 ì¸í„°íŽ˜ì´ìŠ¤ì˜ ì‚¬ìš©ì„ ê¸ˆì§€í•©ë‹ˆë‹¤.
Bonding ì¸í„°íŽ˜ì´ìŠ¤ ìƒíƒœ 확ì¸
''''''''''''''''''''''''''''''''''
Bonding ì¸í„°íŽ˜ì´ìŠ¤ëŠ” Active/Active, Active/Backup í˜•íƒœì˜ ìƒíƒœë³€í™”ê°€ ë°œìƒí•©ë‹ˆë‹¤. 아래는 현재 ìƒíƒœë¥¼ 확ì¸í•˜ëŠ” 방법입니다.
.. code:: bash
Genians$ cat /proc/net/bonding/bond0
Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)
Bonding Mode: load balancing (round-robin)
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 0
Down Delay (ms): 0
Slave Interface: eth1
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:0c:29:21:be:a9
Slave queue ID: 0
Slave Interface: eth2
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:0c:29:21:be:b3
Slave queue ID: 0