-
Notifications
You must be signed in to change notification settings - Fork 71
installation of aker gateway on two server with resilience by Dryusdan
I explain how to install Aker gateway on two server with resilience. I use glusterfs to ensure data replication and KeepAlived to ensure same access when one server is down.
So, let's go !
Configure SSH server ( /etc/ssh/sshd_config), copy all /etc/ssh directory on second server
I choose KeepAlived to ensure same access between server. KeepAlived use VRRP protocol to exchange a virtual IP when one server down.
Download KeepAlived on this website : www.keepalived.org/download.html. I use KeepAlived 1.4.2 but this tutorial work on version 1.3.9.
After download, decompress archive on /tmp and tip following command :
$ sudo apt update && sudo apt install build-essential libssl-dev
$ ./configure
$ make
$ sudo make install
$ sudo apt purge build-essential && sudo apt autoremove
(I don't use package KeepAlived from ubuntu repo, the version is too old (october 2009), configuration file is not compatible.
GlusterFS is a solution for replicating disks between servers
First, install it !
$ sudo apt install glusterfs-server glusterfs-client attr
In the glusterd.vol file, add this line :
option transport.rdma.bind-address 10.0.1.61
option transport.socket.bind-address 10.0.1.61
option transport.tcp.bind-address 10.0.1.61
This restrict listening on this IP.
(Of course, change IP 10.0.1.61 by your server ip
Then, create folder for aker (and Gluster sharing)
# mkdir /etc/aker
# mkdir -p /var/log/aker
# mkdir -p /aker/{log,data}
Restart glusterfs and do the same manipulations on second server
# service glusterfs-server restart
On server 1, add serveur 2 on cluster with this command :
gluster peer probe 10.0.1.61
Than, create gluster volume :
gluster volume create akerLog replica 2 transport tcp 10.0.1.62:/aker/log 10.0.1.61:/aker/log force
gluster volume create akerData replica 2 transport tcp 10.0.1.62:/aker/data 10.0.1.61:/aker/data force
More explication :
- akerLog : is the name of volume. It is possible to name this volume with any word.
- replica 2 : Is the number of replication
- 10.0.1.62:/aker/log : The server of one of the replicates. Put here as many server as you want replication.
Start volumes :
gluster volume start akerLog
gluster volume start akerData
mount vikyles volume
mount 10.0.1.61:/akerLog /var/log/aker -t glusterfs
mount 10.0.1.61:/akerData /etc/aker -t glusterfs
Execute mount command on second server, by changing the ip of course :)
If you want more information for GlusterFS, I recommend you this tutorial (in french, sorry guy)
(Replace by last tag or master
Tip this command : :
$ cd /tmp
$ wget https://github.com/Dryusdan/aker-autoinstaller/archive/<tag here>.zip
$ unzip <tag here>.zip
$ cd bastion-x
$ sudo bash installServer.sh
Follow instruction
At the and of instruction, server restart.
The public SSH key will be displayed, please copy it in a place on top of it, it will be asked to you later.
After restart, tip this command first on BACKUP server, then on MASTER server :
$ cd /tmp
$ wget https://github.com/Dryusdan/aker-autoinstaller/archive/<tag here>.zip
$ unzip <tag here>.zip
$ cd bastion-x
$ sudo bash confInit.sh
Follow instruction
Finish !
Actually, some details are not yet corrected, for exemple, you have some command to manipulate aker and... There are IP write in hard... So you must change this (ip write is slave IP)
akerUsergroups this command allows to manage user groups
akerReload This command creates a backup file (/etc/aker/host. json. back) and updates the current configuration of the bastion.
akerHost This command is used to manage hosts
akerUser This command is used to manage users
akerUsergroups
(interactif)
akerHost
(interactif) or
akerHost add [hostname] [group] [hostgroupname]
[hostname] is the DNS name of host
[group] is the usergroup who authorized to access on this host
[hostgroupname] is the group where store host
Public key of user was generated on /home//.ssh/id_rsa.pub
akerUser
akerUser -a [username] [group] [sshPubKey]
`[username]` the username
`[group]` the group of user (if you want add on multi group, please use interactif mode
`[sshPubKey]` public key of user