生活随笔
收集整理的這篇文章主要介紹了
架构测试:HAproxy实现负载均衡,前端为nginx+php,数据库实现读写分离和高可用...
小編覺得挺不錯(cuò)的,現(xiàn)在分享給大家,幫大家做個(gè)參考.
環(huán)境: ? 202.106.0.6: as client
? 202.106.0.17:as firewall
? 202.106.0.147: as powerDNS
? 192.168.205.27: as NFS server
? 192.168.205.37: as NFS Backup server(inotify+rsync)
? 192.168.205.47: as proxysql1
? 192.168.205.57: as porxysql2
? 192.168.205.67: as MHA for manager mysql master/slave
? 192. 168.205.77: as mysql primary
? 192.168.205.87: as mysql secondary
? 192.168.205.97: as secondary 2
? 192.168.205.107: as HAproxy1
? 192.168.205.117: as HAproxy2
? 192.168.205.127: as web1 (nginx +php+wordpress)
? 192.168.205.137: as web2 (nginx +php+wordpress)
注:所有操作系統(tǒng)默認(rèn)停用firewalld,iptable為空,關(guān)閉selinux
版本: OS: centos 7 1810 with mini install poweradmin-2.1.7.tgz mariadb-5.5.60(主要測試主從自動(dòng)切換和讀寫分離沒有使用高版本) nginx-1.16.1.tar.gz php-7.3.7.tar.xz wordpress-5.0.4-zh_CN.tar.gz mha4mysql-manager-0.56-0.el6.noarch.rpm mha4mysql-node-0.56-0.el6.noarch.rpm 目地: ? 實(shí)現(xiàn)nginx編譯安裝和支持fast-cgi, 編譯安裝php7.3支持最新的wordpress,
? 通過MHA實(shí)現(xiàn)主從的自動(dòng)切換,通過proxysql實(shí)現(xiàn)讀寫的分離,并實(shí)瑞proxy的高可用性
? web靜態(tài)頁面存在nfs共享文件中,通地inotify 和rsync進(jìn)行實(shí)時(shí)的備份網(wǎng)站的數(shù)據(jù)。
? 前端通過haproxy實(shí)現(xiàn)負(fù)載均衡
步驟: 1. 安裝mariadb并配置主從
2. 配置半同步復(fù)制
3. 實(shí)現(xiàn)MHA管理
4. 實(shí)現(xiàn)proxysql
5. 實(shí)現(xiàn)proxysql的keepalive
6. 安裝rsync server做為nfs backup服務(wù)器
7. 安裝nginx和php
8. 安裝haproxy
9. 實(shí)現(xiàn)firewall DNAT
10. 測試
安裝mariadb,實(shí)現(xiàn)主從 通過腳本yum真接安裝mariadb在77,87,97上,安裝完成后自動(dòng)重啟 [root@master data]#vi maridb_yum.sh
#!/bin/bash
ID=`ip a show dev eth0 | sed -r '3!d;s@(.*inet)(.*)(/.*)@\2@' | cut -d. -f4`
rpm -q mariadb-server ||yum install -y mariadb-server
[ -d /data/mysql ] || mkdir -p /data/mysql
[ -d /data/logs ] || mkdir -p /data/logs
chown mysql:mysql /data/{mysql,logs}
sed -i 's@datadir=/var/lib/mysql@datadir=/data/mysql@' /etc/my.cnf
grep "log-bin" /etc/my.cnf || sed -i '/\[mysqld\]/a log-bin=/data/logs/bin' /etc/my.cnf
rep "innodb_file_per_table" /etc/my.cnf || sed -i '/\[mysqld\]/a innodb_file_per_table = on' /etc/my.cnf
grep "skip_name_resolve" /etc/my.cnf || sed -i '/\[mysqld\]/a skip_name_resolve = on' /etc/my.cnf
grep "server-id" /etc/my.cnf || sed -i "/\[mysqld\]/a server-id=$ID" /etc/my.cnf
service mariadb restart 修改slave數(shù)據(jù)庫的配置 [root@slave1 ~]#vi /etc/my.cnf
[mysqld]
read_only
relay_log_purge=0
[root@slave1 ~]#systemctl restart mariadb
[root@slave2 ~]#vi /etc/my.cnf
[mysqld]
read_only
[root@slave2 ~]#systemctl restart mariadb 在主服務(wù)器上記錄復(fù)制位置 MariaDB [(none)]> show master logs; 在主服務(wù)器創(chuàng)建同步帳號(hào) MariaDB [(none)]> grant replication slave on *.* to repluser'192.168.205.%' identified by 'centos'; 分別在從服務(wù)器上修改change master to CHANGE MASTER TO
MASTER_HOST='192.168.205.77',
MASTER_USER='repluser',
MASTER_PASSWORD='centos',
MASTER_PORT=3306,
MASTER_LOG_FILE='bin.000003', #此文件跟據(jù)主上的show master logs
MASTER_LOG_POS=245; #此位置跟據(jù)主上的show master logs 在所有的從節(jié)點(diǎn)上啟動(dòng)i/o線和relay線程 MariaDB [(none)]> satar slave
MariaDB [(none)]> show slave status; 配置半同步復(fù)制 記錄半同步插件的文件名稱 [root@master ~]#rpm -ql mariadb-server
/usr/lib64/mysql/plugin/semisync_master.so
/usr/lib64/mysql/plugin/semisync_slave.so 在主服務(wù)器和從服務(wù)器上安裝半同步插件 MariaDB [(none)]> install plugin rpl_semi_sync_master soname 'semisync_master.so'; 查看半同步的狀態(tài) MariaDB [(none)]> show global variables like '%semi%' ;
+------------------------------------+-------+
| Variable_name | Value |
+------------------------------------+-------+
| rpl_semi_sync_master_enabled | OFF | #半同步默認(rèn)off
| rpl_semi_sync_master_timeout | 10000 | #超時(shí)毫秒,10秒
| rpl_semi_sync_master_trace_level | 32 |
| rpl_semi_sync_master_wait_no_slave | ON |
+------------------------------------+-------+
4 rows in set (0.00 sec) 啟用半同步 MariaDB [(none)]> set global rpl_semi_sync_master_enabled=on;
Query OK, 0 rows affected (0.00 sec) 查看半同步狀態(tài)信息 MariaDB [(none)]> show global status like '%semi%';
+--------------------------------------------+-------+
| Variable_name | Value |
+--------------------------------------------+-------+
| Rpl_semi_sync_master_clients | 0 |
| Rpl_semi_sync_master_net_avg_wait_time | 0 |
| Rpl_semi_sync_master_net_wait_time | 0 |
| Rpl_semi_sync_master_net_waits | 0 |
| Rpl_semi_sync_master_no_times | 0 |
| Rpl_semi_sync_master_no_tx | 0 |
| Rpl_semi_sync_master_status | ON |
| Rpl_semi_sync_master_timefunc_failures | 0 |
| Rpl_semi_sync_master_tx_avg_wait_time | 0 |
| Rpl_semi_sync_master_tx_wait_time | 0 |
| Rpl_semi_sync_master_tx_waits | 0 |
| Rpl_semi_sync_master_wait_pos_backtraverse | 0 |
| Rpl_semi_sync_master_wait_sessions | 0 |
| Rpl_semi_sync_master_yes_tx | 0 |
+--------------------------------------------+-------+
14 rows in set (0.00 sec) 在所有的從節(jié)點(diǎn)安裝slave semi插件; MariaDB [(none)]> install plugin rpl_semi_sync_slave soname 'semisync_slave.so';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> show plugins;
…
| rpl_semi_sync_slave | ACTIVE | REPLICATION | semisync_slave.so | GPL |
+--------------------------------+----------+--------------------+-------------------+---------+
43 rows in set (0.00 sec) 查看所有從節(jié)點(diǎn)的半同步狀態(tài),并啟用半同步狀態(tài),需要重新啟動(dòng)線程,再查看半同步狀態(tài)是on才可以 MariaDB [(none)]> show global variables like '%semi%';
+---------------------------------+-------+
| Variable_name | Value |
+---------------------------------+-------+
| rpl_semi_sync_slave_enabled | OFF |
| rpl_semi_sync_slave_trace_level | 32 |
+---------------------------------+-------+
2 rows in set (0.00 sec)
MariaDB [(none)]> set global rpl_semi_sync_slave_enabled=on;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> show global variables like '%semi%';
+---------------------------------+-------+
| Variable_name | Value |
+---------------------------------+-------+
| rpl_semi_sync_slave_enabled | ON |
| rpl_semi_sync_slave_trace_level | 32 |
+---------------------------------+-------+
2 rows in set (0.00 sec)
MariaDB [(none)]> stop slave;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> start slave;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> show global status like '%semi%';
+----------------------------+-------+
| Variable_name | Value |
+----------------------------+-------+
| Rpl_semi_sync_slave_status | ON |
+----------------------------+-------+
1 row in set (0.00 sec) 此時(shí)查看主節(jié)點(diǎn)的狀態(tài) MariaDB [(none)]> show global status like '%semi%';
+--------------------------------------------+-------+
| Variable_name | Value |
+--------------------------------------------+-------+
| Rpl_semi_sync_master_clients | 2 | #表示已經(jīng)有兩個(gè)客戶端,說明成功
| Rpl_semi_sync_master_net_avg_wait_time | 0 |
| Rpl_semi_sync_master_net_wait_time | 0 |
| Rpl_semi_sync_master_net_waits | 0 |
| Rpl_semi_sync_master_no_times | 0 |
| Rpl_semi_sync_master_no_tx | 0 |
| Rpl_semi_sync_master_status | ON | #狀態(tài)是on表半同步打開
| Rpl_semi_sync_master_timefunc_failures | 0 |
| Rpl_semi_sync_master_tx_avg_wait_time | 0 |
| Rpl_semi_sync_master_tx_wait_time | 0 |
| Rpl_semi_sync_master_tx_waits | 0 |
| Rpl_semi_sync_master_wait_pos_backtraverse | 0 |
| Rpl_semi_sync_master_wait_sessions | 0 |
| Rpl_semi_sync_master_yes_tx | 0 |
+--------------------------------------------+-------+
14 rows in set (0.00 sec) 實(shí)現(xiàn)MHA管理 安裝從mha網(wǎng)站下載的mha rpm軟件包,依賴包要去epel下載,所以要啟用epel源 [root@MHA ~]#yum install mha4mysql-manager-0.56-0.el6.noarch.rpm mha4mysql-node-0.56-0.el6.noarch.rpm 所有節(jié)點(diǎn)上安裝node包,無論主不是從,mha都會(huì)當(dāng)做一個(gè)node來看 [root@master ~]#yum install mha4mysql-node-0.56-0.el6.noarch.rpm
[root@slave1 data]#yum install mha4mysql-node-0.56-0.el6.noarch.rpm
[root@slave2 data]#yum install mha4mysql-node-0.56-0.el6.noarch.rpm 在主服務(wù)器上創(chuàng)建帳號(hào)做為mha的監(jiān)控帳號(hào)使用 MariaDB [(none)]> grant all on *.* to mhauser@'192.168.205.%' identified by 'centos'; 由于主從在切換時(shí),MHA要修改配置文件等,所以需要ssh key驗(yàn)證,我們采用速的方法,直接在本地產(chǎn)生key和authorized文件一并復(fù)制到所有節(jié)點(diǎn) [root@MHA ~]#ssh-keygen
[root@MHA ~]#ssh-copy-id 192.168.205.67
[root@MHA ~]#cat .ssh/authorized_keys
[root@MHA ~]#scp -r .ssh 192.168.205.77:/root/
[root@MHA ~]#scp -r .ssh 192.168.205.87:/root/
[root@MHA ~]#scp -r .ssh 192.168.205.97:/root/ MHA配置文件沒有,我們直接按照如下創(chuàng)建 [root@MHA ~]#mkdir /etc/mha
[root@MHA ~]#vim /etc/mha/app1.cnf
[server default]
master_binlog_dir=/data/logs/
user=mhauser #這個(gè)帳號(hào)為mha監(jiān)控mysql的帳號(hào)
password=centos #帳號(hào)的密碼
manager_workdir=/data/mastermha/app1/ #配置文件的存放位置
manager_log=/data/mastermha/app1/manager.log #日志的存放位置
remote_workdir=/data/mastermha/app1/
ssh_user=root #SSH key連接的用戶名
repl_user=repluser #復(fù)制帳號(hào),也就是我們上面創(chuàng)建的復(fù)制帳號(hào)名
repl_password=centos #復(fù)制帳號(hào)的密碼
ping_interval=1 #檢測間隔為每一秒
[server1] #定議節(jié)點(diǎn)服務(wù)器
hostname=192.168.205.77
candidate_master=1
[server2]
hostname=192.168.205.87
[server3]
hostname=192.168.205.97
candidate_master=1 #表示當(dāng)主不可用時(shí)優(yōu)先提升為主的從服務(wù)器 啟動(dòng)之前進(jìn)行檢查ssh,repl復(fù)制是否準(zhǔn)備好, 如果successful 我們可以進(jìn)行下一步。 [root@MHA ~]#masterha_check_ssh --conf=/etc/mha/app1.cnf
[root@MHA ~]#masterha_check_repl --conf=/etc/mha/app1.cnf 起動(dòng)進(jìn)程,此進(jìn)程前臺(tái)運(yùn)行,當(dāng)主節(jié)點(diǎn)失敗時(shí)切換完成后它會(huì)終止,所以要想持續(xù)要重啟進(jìn)程 [root@MHA ~]#masterha_manager --conf=/etc/mha/app1.cnf
Mon Aug 12 23:33:22 2019 - [warning] Global configuration file /etc/masterha_default.cnf not found. Skipping.
Mon Aug 12 23:33:22 2019 - [info] Reading application default configuration from /etc/mha/app1.cnf..
Mon Aug 12 23:33:22 2019 - [info] Reading server configuration from /etc/mha/app1.cnf.. 實(shí)現(xiàn)proxysql 我們直接在兩個(gè)proxysql服務(wù)器上創(chuàng)建yum源來安裝proxysql cat <<EOF | tee /etc/yum.repos.d/proxysql.repo
[proxysql_repo]
name= ProxySQL YUM repository
#baseurl=https://repo.proxysql.com/ProxySQL/proxysql-2.0.x/centos/\$releasever
baseurl=https://repo.proxysql.com/ProxySQL/proxysql-1.4.x/centos/\$releasever
gpgcheck=1
gpgkey=https://repo.proxysql.com/ProxySQL/repo_pub_key
EOF 因?yàn)閜roxysql是一個(gè)基于輕量的數(shù)據(jù)庫配置的,所以我們需要一個(gè)sql客戶端來連接設(shè)置proxysql [root@proxysql1 ~]#yum install proxysql mariadb
[root@proxysql2 ~]#yum install proxysql mariadb 啟動(dòng)服務(wù)器查看端口,其中6032為proxysql的數(shù)據(jù)庫端口,6033為proxysql的用戶連接端口 [root@proxysql1 ~]#service proxysql start
[root@proxysql2 ~]#service proxysql start
[root@proxysql1 ~]#ss -ntl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:6032 *:*
LISTEN 0 128 *:6033 *:*
LISTEN 0 128 *:6033 *:*
LISTEN 0 128 *:6033 *:*
LISTEN 0 128 *:6033 *:* proxysql默認(rèn)的用戶名和密碼是admin admin, 監(jiān)聽端口為6032, [root@proxysql1 ~]#mysql -uadmin -padmin -P6032 -h127.0.0.1 在所有的proxysql注冊sql server的節(jié)點(diǎn),包括所有的主從節(jié)點(diǎn),使有和insert插入記錄到mysql_servers庫用 MySQL [(none)]> insert into mysql_servers(hostgroup_id,hostname,port) values(10,'192.168.205.77',3306);
MySQL [(none)]> insert into mysql_servers(hostgroup_id,hostname,port) values(10,'192.168.205.87',3306);
MySQL [(none)]> insert into mysql_servers(hostgroup_id,hostname,port) values(10,'192.168.205.97',3306);
MySQL [(none)]> load mysql servers to runtime;
MySQL [(none)]> save mysql servers to disk; 查看一下我們剛才添加的主機(jī)記錄是否在庫中 MySQL [(none)]> select * from mysql_servers; 由于proxysql是查看主和從的數(shù)據(jù)的read_only來判讀誰是主誰是從的,所以建立一賬號(hào)用來連接到主和從服務(wù)器上,我們要在主節(jié)點(diǎn)上建立這個(gè)帳號(hào),它會(huì)復(fù)制到從節(jié)點(diǎn)上 MariaDB [(none)]> grant replication client on *.* to monitor@'192.168.205.%' identified by 'centos'; 在所有的proxysql服務(wù)器設(shè)置監(jiān)控賬號(hào),保存狀態(tài) MySQL [(none)]> set mysql-monitor_username='monitor';
MySQL [(none)]> set mysql-monitor_password='centos';
MySQL [(none)]> load mysql variables to runtime;
MySQL [(none)]> save mysql variables to disk; 查看一下相關(guān)的日志,以前出錯(cuò)的原因是因?yàn)槟J(rèn)沒使用monitor密碼是monitor進(jìn)行連接(在proxysql.cnf中可以看到),所以會(huì)出錯(cuò),當(dāng)你添加完帳號(hào)就成功了, MySQL [(none)]> select * from mysql_server_connect_log;
MySQL [(none)]> select * from mysql_server_ping_log; 需要修改的是main庫中的mysql_replication_hostgroups表,該表有3個(gè)字段:writer_hostgroup, reader_hostgroup,comment, 指定寫組的id為10,讀組的id為20 MySQL [(none)]> insert into mysql_replication_hostgroups values(10,20,"test");
MySQL [(none)]> load mysql servers to runtime;
MySQL [(none)]> save mysql servers to disk; proxySQL會(huì)跟據(jù)剛才連接帳號(hào)判斷read_only并自動(dòng)的把三個(gè)服務(wù)器按讀寫組加到這個(gè)表中了 MySQL [(none)]> select hostgroup_id,hostname,port,status,weight from mysql_servers;
MySQL [(none)]> select * from mysql_server_read_only_log; 在主服務(wù)器上設(shè)置一個(gè)帳號(hào)用來測試 MySQL [(none)]> grant all on *.* to sqluser@'192.168.205.%' identified by 'centos'; 在proxysql服務(wù)器上設(shè)置這個(gè)帳號(hào)的缺省組為10 MySQL [(none)]> insert into mysql_users(username,password,default_hostgroup) values('sqluser','centos',10);
MySQL [(none)]> load mysql users to runtime;
MySQL [(none)]> save mysql users to disk; 此時(shí)proxysql還是不知道那些sql語句算讀,那些為寫,我們要定義好,讓它來區(qū)別并發(fā)送到不同的組服務(wù)器上,其中10為寫,20組為讀 MySQL [(none)]>insert into mysql_query_rules
(rule_id,active,match_digest,destination_hostgroup,apply) VALUES
(1,1,'^SELECT.*FOR UPDATE$',10,1),(2,1,'^SELECT',20,1);
MySQL [(none)]>load mysql query rules to runtime;
MySQL [(none)]>save mysql query rules to disk; 查看一下你添加的規(guī)則 MySQL [(none)]>select rule_id,active,match_digest,destination_hostgroup,apply from mysql_query_rules; 測試連接并實(shí)現(xiàn)讀,可以看到一會(huì)調(diào)度到87,一會(huì)調(diào)度到97 mysql -usqluser -pcentos -P6033 -h127.0.0.1 -e 'select @@server_id' 如果使用事務(wù)不能發(fā)送到讀服務(wù)器,只會(huì)發(fā)送到主服務(wù)器 mysql -usqluser -pcentos -P6033 -h127.0.0.1 -e 'begin;select @@server_id;commit'
mysql -usqluser -pcentos -P6033 -h127.0.0.1 -e 'create database testdb'
mysql -usqluser -pcentos testdb -P6033 -h127.0.0.1 -e 'create table t1(id int)' 我們可以用下列查詢看調(diào)度是否成功,并調(diào)度到那臺(tái)服務(wù)器上 select hostgroup hg,sum_time,count_star,digest_text from stats_mysql_query_digest order by sum_time desc; 實(shí)現(xiàn)proxysql的keepalive 使用yum安裝keepalvie,psmisc,psmisc中有個(gè)命令為killall可以檢測到進(jìn)程的狀態(tài),keepalive會(huì)使用這個(gè)做為腳本檢測進(jìn)行是否運(yùn)行 [root@proxysql1 ~]#yum install keepalived ipvsadm psmisc
[root@proxysql2 ~]#yum install keepalived ipvsadm psmisc 修改keepalive配置文件 [root@proxysql1 ~]#vi /etc/keepalived/keepalived.conf
global_defs {
notification_email {root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_1
vrrp_mcast_group4 224.0.0.100
}
# Script used to check if Proxy is running
vrrp_script check_proxy { #定義腳本測試proxysql的進(jìn)程,如果進(jìn)程down實(shí)現(xiàn)主備切換
script "killall -0 proxysql" #監(jiān)控進(jìn)程
interval 2 #每二秒監(jiān)控一次
weight -30 #進(jìn)程down時(shí)priority減30
fall 2
rise 1
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 45
priority 100
advert_int 1
authentication {auth_type PASSauth_pass 1111
}
virtual_ipaddress {192.168.205.45/24 dev eth0 label eth0:0
}
track_script {check_proxy
}
}
[root@proxysql1 ~]#systemctl start keepalived 修改proxysql2的keepalive [root@proxysql2 ~]#vi /etc/keepalived/keepalived.conf
global_defs {
notification_email {root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_2
vrrp_mcast_group4 224.0.0.100
}
# Script used to check if Proxy is running
vrrp_script check_proxy {
script "killall -0 proxysql"
interval 2
weight -30
fall 2
rise 1
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 45
priority 80
advert_int 1
authentication {auth_type PASSauth_pass 1111
}
virtual_ipaddress {192.168.205.45/24 dev eth0 label eth0:0
}
track_script {check_proxy
}
}
[root@proxysql2 ~]#systemctl start keepalived 在proxysql1上查看IP,可以看到vip 192.168.205.45, 停掉服務(wù),看一下IP [root@proxysql1 ~]#ip a
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:37:f9:93 brd ff:ff:ff:ff:ff:ff
inet 192.168.205.47/24 brd 192.168.205.255 scope global noprefixroute eth0valid_lft forever preferred_lft forever
inet 192.168.205.45/24 scope global secondary eth0:0valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe37:f993/64 scope link noprefixroute valid_lft forever preferred_lft forever
[root@proxysql1 ~]#systemctl stop proxysql 在proxysql2上查看可以看到vip 192.168.205.45已經(jīng)飄到了proxysql2上 [root@proxysql2 ~]#ip a
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:cf:e5:bb brd ff:ff:ff:ff:ff:ff
inet 192.168.205.57/24 brd 192.168.205.255 scope global noprefixroute eth0valid_lft forever preferred_lft forever
inet 192.168.205.45/24 scope global secondary eth0:0valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fecf:e5bb/64 scope link noprefixroute valid_lft forever preferred_lft forever 我們測試一下能否通過web server通過連接vip連接到后端的服務(wù)器,從而實(shí)現(xiàn)讀寫分離 [root@web1 data]#mysql -uwordpress -pcentos -P6033 -h192.168.205.45 安裝rsync server做為nfs backup服務(wù)器 安裝rsync服務(wù) [root@nfs2 data]#yum install rsync 編輯rsyncd.conf文件,讓rsyncc以daemon的方式運(yùn)行 [root@nfs2 data]#vi /etc/rsyncd.conf
uid = root #以什么身份開啟服務(wù)
gid = root
use chroot = no
max connections = 0 #不限制連接
ignore errors #忽略錯(cuò)誤
exclude = lost+found/
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsyncd.lock
reverse lookup = no 反向解析名稱與ip
hosts allow = 192.168.205.0/24 充許連接的主機(jī)列表
[backup] 起名子
path = /data/www/
comment = webserver www backup
read only = no 可以寫
auth users = rsync
secrets file = /etc/rsync.pass 密碼文件 服務(wù)器端生成驗(yàn)證文件 [root@nfs2 data]#echo "rsync:centos" > /etc/rsync.pass
[root@nfs2 data]#chmod 600 /etc/rsync.pass 服務(wù)器端準(zhǔn)備目錄 [root@nfs2 data]#mkdir /data/www 服務(wù)器端啟動(dòng)rsync服務(wù) [root@nfs2 data]#systemctl start rsyncd 啟用NFS服務(wù)器 啟用epel [root@nfs1 data]#yum install inotify-tools nfs-utils rsync 創(chuàng)建目錄 [root@nfs1 data]#mkdir /data/www 創(chuàng)建用戶nginx用戶 [root@nfs1 data]# useradd -s /sbin/nologin nginx -u 2000
[root@nfs1 data]# id nginx
uid=2000(nginx) gid=2000(nginx) groups=2000(nginx) 修改NFS配置文件,共享www目錄 [root@nfs1 data]# vi /etc/exports
/data/www 192.168.205.0/24(rw,all_squash,anonuid=2000,anongid=2000)
[root@nfs1 data]# systemctl restart nfs-server 將NFS服務(wù)器配置為rsync的客戶端,先配置密碼文件 [root@nfs1 data]#echo "centos" > /etc/rsync.pass
[root@nfs1 data]#chmod 600 /etc/rsync.pass 安裝inotify實(shí)現(xiàn)實(shí)時(shí)同步數(shù)據(jù),客戶端創(chuàng)建inotify_rsync.sh腳本 [root@nfs1 data]#cat inotify_rsync.sh
#!/bin/bash
SRC='/data/www/'
DEST='rsync@192.168.205.37::backup'
inotifywait -mrq --timefmt '%Y-%m-%d %H:%M' --format '%T %w %f' \
-e create,delete,moved_to,close_write,attrib ${SRC} | \
while read DATE TIME DIR FILE;do
FILEPATH=${DIR}${FILE}
rsync -az --delete --password-file=/etc/rsync.pass $SRC $DEST && echo "At ${TIME} \
on ${DATE}, file $FILEPATH was backuped up via rsync" >> /var/log/changelist.log
done 將腳本文件存在rc.local中,啟動(dòng)進(jìn)會(huì)自動(dòng)執(zhí)行 [root@nfs1 data]#chmod +x inotify_rsync.sh
[root@nfs1 data]#vi /etc/rc.d/rc.local
/data/inotify_rsync.sh &
[root@nfs1 data]#chmod +x /etc/rc.d/rc.local 在web server中實(shí)現(xiàn)掛載,安裝nfs-utils工具才可以mount NFS文件系統(tǒng) [root@web1 ~]#yum install nfs-utils
[root@web2 ~]#yum install nfs-utils 測試連接NFS服務(wù)器的共享文件 [root@web1 ~]#showmount -e 192.168.205.27
Export list for 192.168.205.27:
/data/www 192.168.205.0/24
[root@web1 ~]#mount 192.168.205.27:/data/www /data/www
[root@web2 ~]#mount 192.168.205.27:/data/www /data/www
[root@web1 ~]#df
[root@web2 ~]#df 在兩個(gè)web server中將mount寫入到fstab文件中,實(shí)現(xiàn)開機(jī)自動(dòng)mount [root@web1 ~]##vi /etc/fstab
192.168.205.27:/data/www /app/httpd24/htdocs nfs defaults 0 0 安裝nginx和php 復(fù)制nginx和php源碼文件到一個(gè)目錄中在兩個(gè)web服務(wù)器上 nginx-1.16.1.tar.gz
php-7.3.7.tar.xz 執(zhí)行nginx安裝腳本在同一個(gè)目錄中 [root@web2 ~]#cat nginx_install_bin.sh
#!/bin/bash
#########################
#difination variables
#########################
TMP_DIR=`pwd`
NGINX="nginx-1.16.1.tar.gz"
NGINX_DIR=`echo "$NGINX" |rev | cut -d. -f3- | rev`
INS_DIR="/apps/nginx"
##########################
#Packges check and install
##########################
pkg(){
for i in $PKGS; do
rpm -q $i &> /dev/null && echo "Packge `rpm -q $i` is installed" || yum -y install $i
done
}
#####################
#NGINX INSTALLATION
#1.unarchive binary
####################
#install dependency packges,just add packges name to variable PKGS separate by SPACE.
#Example PKGS="libaio gcc glibc"
nginx_ins(){
PKGS="gcc pcre-devel openssl-devel zlib-devel"
pkg
cd $TMP_DIR
[ -e $TMP_DIR/$NGINX ] || wget -c http://nginx.org/download/$NGINX
tar xf $TMP_DIR/$NGINX
cd $NGINX_DIR
./configure \
--prefix=$INS_DIR \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--pid-path=/var/run/nginx.pid \
--lock-path=/var/run/nginx.lock \
--user=nginx \
--group=nginx \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_dav_module \
--with-http_stub_status_module \
--with-http_gzip_static_module \
--with-http_realip_module \
--with-pcre \
--with-threads \
--with-file-aio \
--with-stream \
--with-stream_ssl_module \
--with-stream_realip_module
if [ $? -eq 0 ]; then
make -j 4 && make install
cd $TMP_DIR
rm -rf $HTTPD_DIR
else
echo "please remake and make install"
fi
id nginx || useradd nginx -s /sbin/nologin -u 2000
chown nginx:nginx -R $INS_DIR
echo "$INS_DIR/sbin/nginx" >> /etc/rc.d/rc.local
chmod +x /etc/rc.d/rc.local
ln -s $INS_DIR/sbin/nginx /sbin/nginx
nginx
}
###############
#OPTIONS SELECT
###############
case $1 in
install)
nginx_ins
;;
remove)
nginx_rm
;;
*)
echo "Useage $0 $1 install|remove"
;;
esac
[root@web2 ~]#./nginx_install_bin.sh install 執(zhí)行如下腳本安裝php [root@web2 ~]#cat apache_php_install.sh
#!/bin/bash
#########################
#difination variables
#########################
TMP_DIR=`pwd`
APR="apr-1.7.0.tar.bz2"
APR_UTIL="apr-util-1.6.1.tar.bz2"
HTTPD="httpd-2.4.39.tar.bz2"
PHP="php-7.3.7.tar.xz"
HTTPD_DIR=`echo "$HTTPD" |rev | cut -d. -f3- | rev`
APR_DIR=`echo "$APR" |rev | cut -d. -f3- | rev`
APR_UTIL_DIR=`echo "$APR_UTIL" | rev | cut -d. -f3- | rev`
PHP_DIR=`echo "$PHP" | rev | cut -d. -f3- | rev`
INS_HTTPD_DIR=/app/httpd24
INS_PHP_DIR=/app/php
##########################
#Packges check and install
##########################
pkg(){
for i in $PKGS; do
rpm -q $i &> /dev/null && echo "Packge `rpm -q $i` is installed" || yum -y install $i
done
}
#####################
#APACHE INSTALLATION
#1.unarchive binary
####################
#install dependency packges,just add packges name to variable PKGS separate by SPACE.
#Example PKGS="libaio gcc glibc"
httpd_ins(){
PKGS="gcc prce-devel openssl-devel expat-devel lbzip2"
pkg
cd $TMP_DIR
if [ -e $TMP_DIR/$HTTPD ]; thentar xf $HTTPD
elseecho "file $HTTPD does not exist, pleases download it" exit
fi
if [ -e $TMP_DIR/$APR ]; thentar xf $APR mv $APR_DIR $HTTPD_DIR/srclib/apr
elseecho "file $APR does not exist, pleases download it"exit
fi
if [ -e $TMP_DIR/$APR_UTIL ]; thentar xf $APR_UTIL
mv $APR_UTIL_DIR $HTTPD_DIR/srclib/apr-util
elseecho "file $APR_UTIL does not exist, pleases download it"exit
fi
########################
#2.make and make install
########################
id apache||useradd -r -s /sbin/nologin apache
cd $HTTPD_DIR
./configure \
--prefix=$INS_HTTPD_DIR \
--enable-so \
--enable-ssl \
--enable-cgi \
--enable-rewrite \
--with-zlib \
--with-pcre \
--with-included-apr \
--enable-modules=most \
--enable-mpms-shared=all \
--with-mpm=prefork
if [ $? -eq 0 ]; thenmake -j 4 && make installcd $TMP_DIRrm -rf $HTTPD_DIR
elseecho "please remake and make install"
fi
#####################
#3. modify config files
######################
sed -ri 's@^(.*) daemon$@\1 apache@' $INS_HTTPD_DIR/conf/httpd.conf
sed -ri 's@DirectoryIndex@DirectoryIndex index.php @' $INS_HTTPD_DIR/conf/httpd.conf
sed -ri 's@#(LoadModule proxy_module modules/mod_proxy.so)@\1@' $INS_HTTPD_DIR/conf/httpd.conf
sed -ri 's@#(LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so)@\1@' $INS_HTTPD_DIR/conf/httpd.conf
sed -ri 's@#(LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so)@\1@' $INS_HTTPD_DIR/conf/httpd.conf
cat >> $INS_HTTPD_DIR/conf/httpd.conf <<-EOF
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
ProxyRequests Off
ProxyPassMatch "^/.*\.php(/.*)?$" "fcgi://localhost:9000/app/httpd24/htdocs/"
EOF
echo "PATH=$INS_HTTPD_DIR/bin:\$PATH" > /etc/profile.d/httpd.sh
source /etc/profile.d/httpd.sh
echo "$INS_HTTPD_DIR/bin/apachectl start" >> /etc/rc.d/rc.local
chmod +x /etc/rc.d/rc.local
apachectl start
}
#########################
#PHP INSALLATION
#1. unarchive install packge
#########################
php_ins(){
PKGS="libxml2-devel bzip2-devel libmcrypt-devel gd-devel"
pkg
cd $TMP_DIR
echo $TMP_DIR
if [ -e $TMP_DIR/$PHP ]; thentar xvf $PHP
elseecho "files $PHP does not exist, pleases download it"exit
fi
#######################
#2. make and make install
#######################
cd $PHP_DIR/
./configure \
--prefix=$INS_PHP_DIR \
--enable-mysqlnd \
--with-mysqli=mysqlnd \
--with-pdo-mysql=mysqlnd \
--with-openssl \
--with-freetype-dir \
--with-jpeg-dir \
--with-png-dir \
--with-zlib \
--with-libxml-dir=/usr \
--with-config-file-path=/etc \
--with-config-file-scan-dir=/etc/php.d \
--enable-mbstring \
--enable-xml \
--enable-sockets \
--enable-fpm \
--enable-maintainer-zts \
--disable-fileinfo \
--with-gd \
--with-imap\
--with-ldap\
--with-odbcver\
--with-iodbc\
--with-pear\
--with-libxml-dir\
--with-xmlrpc\
--enable-mbstring\
--with-mhash\
--with-gettext
if [ $? -eq 0 ]; then make && make install
elseecho "please re make and make install"
fi
######################
#3. modify config file
######################
cp php.ini-production /etc/php.ini
cp sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm
chmod +x /etc/init.d/php-fpm
cd $INS_PHP_DIR/etc
cp php-fpm.conf.default php-fpm.conf
cd php-fpm.d/
cp www.conf.default www.conf
sed -ri 's@(^.*) = nobody@\1 = apache@' $INS_PHP_DIR/etc/php-fpm.d/www.conf
chkconfig --add php-fpm
service php-fpm start
cd $TMP_DIR
rm -rf $PHP_DIR
echo '<?php phpinfo(); ?>' > /app/httpd24/htdocs/index.php
}
##################
#4. remove PHP
#################
rmphp(){
service php-rpm stop
rm /app/php -rf
rm /etc/php.ini -f
chkconfig --del php-fpm
rm /etc/init.d/php-fpm -f
}
################
#5. remove HTTPD
################
rmhttpd(){
apachectl stop
rm /app/httpd24 -rf
sed -i '/\/app\/http24\/bin\/apachectl start/d' /etc/rc.d/rc.local
rm /etc/profile.d/httpd.sh
}
###############
#OPTIONS SELECT
###############
case $1 in
install)case $2 inhttpd)httpd_ins;;php)php_ins;;*)echo "Useage $0 $1 httpd|php";;esac;;
remove)case $2 inphp)rmphp;;httpd)rmhttpd;;*)echo "Useage $0 $1 httpd|php";;esac;;
*)echo "Useage $0 <install|remove> <php|httpd>";;
esac
[root@web2 ~]#./apache_php_install.sh install php 修改nginx配置文件 [root@web2 ~]#vi /etc/nginx/nginx.conf
server {listen 80;server_name www.zhaoli.com;location / {root /data/www;index index.php index.html index.htm;}location ~ \.php$ {root /data/www;fastcgi_pass 127.0.0.1:9000;fastcgi_index index.php;fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;include fastcgi_params;}} 修改php配置文件 [root@web2 ~]#vi /app/php/etc/php-fpm.d/www.conf
user = nginx
group = nginx
listen = 127.0.0.1:9000
listen.owner = nginx
listen.group = nginx
listen.mode = 0660 將所有配置文件復(fù)制到所有的web server中并啟動(dòng)服務(wù) [root@web2 ~]#nginx -s reload
[root@web2 ~]#service php-fpm restart 解壓縮文件 wordpress-5.0.4-zh_CN.tar.gz [root@web1 data]#tar xf wordpress-5.0.4-zh_CN.tar.gz -C www 在主服務(wù)器上創(chuàng)建wordpress數(shù)據(jù)庫及用戶名和密碼 MariaDB [(none)]> CREATE DATABASE wordpress;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON wordpress.* TO "wordpress"@"192.168.205.%" IDENTIFIED BY "centos";
MariaDB [(none)]> FLUSH PRIVILEGES; 同樣我也需要將這個(gè)帳號(hào)在所有的proxysql服務(wù)器授權(quán) [root@proxysql1 ~]#mysql -uadmin -padmin -P6032 -h127.0.0.1
[root@proxysql2 ~]#mysql -uadmin -padmin -P6032 -h127.0.0.1
所有proxysql中執(zhí)行如下:
MySQL [(none)]> insert into mysql_users(username,password,default_hostgroup) values('wordpress','centos',10);
MySQL [(none)]> load mysql users to runtime;
MySQL [(none)]> save mysql users to disk; 修改wordpress配置文件 [root@web1 www]#cp wp-config-sample.php wp-config.php
[root@web1 www]#vi wp-config.php
define('DB_NAME', 'wordpress');
define('DB_USER', 'wordpress');
define('DB_PASSWORD', 'centos');
define('DB_HOST', '192.168.205.45:6033'); #注意這里要添加proxysql vip的地址,端口為6033 生成密鑰,可以使用網(wǎng)站https://api.wordpress.org/secret-key/1.1/salt/ 自動(dòng)生成,然后直接替換即可 [root@web1 www]#vi wp-config.php
define('AUTH_KEY', ']xRUezwud7/sl9n{5Qv-=VM|uoqaFauAuc3|6wy<w7Dg0qUC7{.4%#>o+HfjC!I+');
define('SECURE_AUTH_KEY', '=e[P3g1~S|:+J@I)f-(:MTf3~h+;hQCg?wuk50NMP)Dgoj3X kL@BDDk%&;zed^`');
define('LOGGED_IN_KEY', 'f,B`O^3qW20-,`k>dHdW8Bt^/]HZ5 -sA1rz$x:|x3R3~!j*}^mw?0|N)YTO<usi');
define('NONCE_KEY', 'x/7V-u*8K^d-|3a&L}/V&2b9K}G+r-q&A7NCWin}h3dP1P( /X;fRzqG1U[,;F_C');
define('AUTH_SALT', 'U,kjv 5&srgsePiCJOxUxc+>HkX#B3:fWbQ;[n^5FD)-4r9C!/+Swwv:k~~HZ|-l');
define('SECURE_AUTH_SALT', ';=3HS/eY&DRN0p1_->e#]%h#x=*Q?Zj]A*tC=@*H$9_T%+SF+!w0?b}f/`#K&[h&');
define('LOGGED_IN_SALT', 'iVWA_K4+X&guJiXc90L4UnQ-#E7+q--rH1_`nhdbSzlC2X.}}R11aua{>8 <hQv:');
define('NONCE_SALT', 'z4,S7_]&70?7^p[o>$n7tJAq]?12ngpfi(]Cl{zfKs>!.Y?9|4@59{R*Q<k(Hg_.'); 此時(shí)我們可以直接訪問web1或web2來測試安裝haproxy 在所有的proxy server上安裝HAproxy和keepalived [root@haproxy1 ~]#yum install haproxy keepalived
[root@haproxy2 ~]#yum install haproxy keepalived 修改proxysql1的keepalive配置 [root@haproxy1 ~]#vi /etc/keepalived/keepalived.conf
global_defs {
notification_email {acassen@firewall.locfailover@firewall.locsysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_1
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_iptables
vrrp_garp_interval 0
vrrp_gna_interval 0
}
# Script used to check if HAProxy is running
vrrp_script check_haproxy {
script "killall -0 haproxy"
interval 2
weight -30
fall 2
rise 1
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 111
priority 100
advert_int 1
authentication {auth_type PASSauth_pass 1111
}
virtual_ipaddress {192.168.205.111/24 dev eth0 label eth0:0
}
track_script {check_haproxy
}
} 修改proxysql2的keepalived配置 [root@haproxy2 ~]#vi /etc/keepalived/keepalived.conf
global_defs {
notification_email {acassen@firewall.locfailover@firewall.locsysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_2
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_iptables
vrrp_garp_interval 0
vrrp_gna_interval 0
}
# Script used to check if HAProxy is running
vrrp_script check_haproxy {
script "killall -0 haproxy"
interval 2
weight -30
fall 2
rise 1
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 111
priority 80
advert_int 1
authentication {auth_type PASSauth_pass 1111
}
virtual_ipaddress {192.168.205.111/24 dev eth0 label eth0:0
}
track_script {check_haproxy
}
} 啟動(dòng)服務(wù) [root@haproxy1 ~]#systemctl enable keepalived
[root@haproxy1 ~]#systemctl start keepalived
[root@haproxy2 ~]#systemctl enable keepalived
[root@haproxy2 ~]#systemctl start keepalived 修改haproxy配置文件在所有的haproxy server上 [root@haproxy1 ~]#vi /etc/haproxy/haproxy.cfg
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
listen web-80
bind 192.168.205.111:80
server web1 192.168.205.127:80 check inter 3s fall 3 rise 5
server web1 192.168.205.137:80 check inter 3s fall 3 rise 5 啟動(dòng)服務(wù) [root@haproxy1 ~]#systemctl enable haproxy
[root@haproxy1 ~]#systemctl start haproxy
[root@haproxy1 ~]#ss -ntl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 192.168.205.111:80 *:* 將haprox配置文件復(fù)制到haproxy2上并啟動(dòng)服務(wù) [root@haproxy1 ~]#scp /etc/haproxy/haproxy.cfg 192.168.205.117:/etc/haproxy/
[root@haproxy2 ~]#systemctl enable haproxy
[root@haproxy2 ~]#systemctl start haproxy 我們發(fā)現(xiàn)沒有監(jiān)聽192.168.205.111:80端口,因?yàn)槟J(rèn)不會(huì)監(jiān)聽不存在IP的端口 [root@haproxy2 ~]#ss -ntl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::* 修改內(nèi)核參數(shù)可以實(shí)現(xiàn)監(jiān)聽,重啟haproxy, 可以看到haproxy2也實(shí)現(xiàn)了監(jiān)聽, 同樣我也需要在haproxy1上加上這個(gè)選項(xiàng)否則主失效的情況下,再切回來情況下,haproxy會(huì)出錯(cuò),無法啟動(dòng) [root@haproxy2 ~]#sysctl -a | grep bind
net.ipv4.ip_nonlocal_bind = 0
[root@haproxy2 ~]#vi /etc/sysctl.conf
net.ipv4.ip_nonlocal_bind = 1
[root@haproxy2 ~]#sysctl -p
net.ipv4.ip_nonlocal_bind = 1
[root@haproxy2 ~]#systemctl restart haproxy
[root@haproxy2 ~]#ss -ntl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 192.168.205.111:80 *:* 通過192.168.205.111訪問web服務(wù)器,發(fā)現(xiàn)沒有問題 如果停掉haproxy1的keepalive, 再測試 恢復(fù)keepalived,嘗試停掉haproxy,再測試,發(fā)現(xiàn)vip已經(jīng)切到haproxy2上 [root@haproxy1 ~]#systemctl stop haproxy
[root@haproxy2 ~]#ip a
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:05:be:a7 brd ff:ff:ff:ff:ff:ff
inet 192.168.205.117/24 brd 192.168.205.255 scope global noprefixroute eth0valid_lft forever preferred_lft forever
inet 192.168.205.111/24 scope global secondary eth0:0valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe05:bea7/64 scope link noprefixroute valid_lft forever preferred_lft forever 實(shí)現(xiàn)firewall 為了簡化我們使用一臺(tái)linux的iptables做為DNAT,確保關(guān)閉firewald [root@centos7 ~]#iptables -t nat -A PREROUTING -s 0/0 -d 202.106.0.17 -p tcp --dport 80 -j DNAT --to-destination 192.168.205.111:80 開啟ip轉(zhuǎn)發(fā)功能 [root@centos7 network-scripts]#cat /proc/sys/net/ipv4/ip_forward
0
[root@centos7 network-scripts]#sysctl -w net.ipv4.ip_forward=1
net.ipv4.ip_forward = 1
[root@centos7 ~]#vi /etc/sysctl.conf
net.ipv4.ip_forward = 1 安裝iptables service實(shí)現(xiàn)自動(dòng)保存 [root@centos7 ~]#yum install iptables-services
[root@centos7 ~]#iptables-save >/etc/sysconfig/iptables
[root@centos7 ~]#systemctl enable iptables.service 注意,Haproxy的默認(rèn)網(wǎng)關(guān)要指向firewall, 兩個(gè)webserver也默認(rèn)網(wǎng)關(guān)也要指定firewall, 原因在于webserver回包時(shí)直接回到網(wǎng)關(guān),實(shí)際是不是這樣,有待考證,但我加了網(wǎng)站才能夠正常訪問 [root@haproxy1 ~]#ip r
default via 192.168.205.17 dev eth0 proto static metric 102
[root@haproxy2 ~]#ip r
default via 192.168.205.17 dev eth0 proto static metric 102
[root@web1 ~]#ip r a default via 192.168.205.17 dev eth0
[root@web1 ~]#ip r
default via 192.168.205.17 dev eth0
[root@web2 ~]#ip r a default via 192.168.205.17 dev eth0
[root@web2 ~]#ip r
default via 192.168.205.17 dev eth0 實(shí)現(xiàn)powerdns 安裝包:基于EPEL源 yum install -y pdns pdns-backend-mysql mariadb-server 創(chuàng)建數(shù)據(jù)庫 CREATE DATABASE powerdns;
GRANT ALL ON powerdns.* TO 'powerdns'@'127.0.0.1' IDENTIFIED BY 'centos';
USE powerdns; 創(chuàng)建powerdns數(shù)據(jù)庫中的表 (參考https://doc.powerdns.com/md/authoritative/backend-generic-mysql/) CREATE TABLE domains (
id INT AUTO_INCREMENT,
name VARCHAR(255) NOT NULL,
master VARCHAR(128) DEFAULT NULL,
last_check INT DEFAULT NULL,
type VARCHAR(6) NOT NULL,
notified_serial INT DEFAULT NULL,
account VARCHAR(40) DEFAULT NULL,
PRIMARY KEY (id)
) Engine=InnoDB;
CREATE UNIQUE INDEX name_index ON domains(name);
CREATE TABLE records (
id BIGINT AUTO_INCREMENT,
domain_id INT DEFAULT NULL,
name VARCHAR(255) DEFAULT NULL,
type VARCHAR(10) DEFAULT NULL,
content VARCHAR(64000) DEFAULT NULL,
ttl INT DEFAULT NULL,
prio INT DEFAULT NULL,
change_date INT DEFAULT NULL,
disabled TINYINT(1) DEFAULT 0,
ordername VARCHAR(255) BINARY DEFAULT NULL,
auth TINYINT(1) DEFAULT 1,
PRIMARY KEY (id)
) Engine=InnoDB;
CREATE INDEX nametype_index ON records(name,type);
CREATE INDEX domain_id ON records(domain_id);
CREATE INDEX recordorder ON records (domain_id, ordername);
CREATE TABLE supermasters (
ip VARCHAR(64) NOT NULL,
nameserver VARCHAR(255) NOT NULL,
account VARCHAR(40) NOT NULL,
PRIMARY KEY (ip, nameserver)
) Engine=InnoDB;
CREATE TABLE comments (
id INT AUTO_INCREMENT,
domain_id INT NOT NULL,
name VARCHAR(255) NOT NULL,
type VARCHAR(10) NOT NULL,
modified_at INT NOT NULL,
account VARCHAR(40) NOT NULL,
comment VARCHAR(64000) NOT NULL,
PRIMARY KEY (id)
) Engine=InnoDB;
CREATE INDEX comments_domain_id_idx ON comments (domain_id);
CREATE INDEX comments_name_type_idx ON comments (name, type);
CREATE INDEX comments_order_idx ON comments (domain_id, modified_at);
CREATE TABLE domainmetadata (
id INT AUTO_INCREMENT,
domain_id INT NOT NULL,
kind VARCHAR(32),
content TEXT,
PRIMARY KEY (id)
) Engine=InnoDB;
CREATE INDEX domainmetadata_idx ON domainmetadata (domain_id, kind);
CREATE TABLE cryptokeys (
id INT AUTO_INCREMENT,
domain_id INT NOT NULL,
flags INT NOT NULL,
active BOOL,
content TEXT,
PRIMARY KEY(id)
) Engine=InnoDB;
CREATE INDEX domainidindex ON cryptokeys(domain_id);
CREATE TABLE tsigkeys (
id INT AUTO_INCREMENT,
name VARCHAR(255),
algorithm VARCHAR(50),
secret VARCHAR(255),
PRIMARY KEY (id)
) Engine=InnoDB;
CREATE UNIQUE INDEX namealgoindex ON tsigkeys(name, algorithm); 配置PowerDNS使用mariadb作為后臺(tái)數(shù)據(jù)存儲(chǔ) vim /etc/pdns/pdns.conf,查找到包含launch= 的行,修改并添加下面的內(nèi)容
launch=gmysql
gmysql-host=localhost
gmysql-port=3306
gmysql-dbname=powerdns
gmysql-user=powerdns
gmysql-password=centos 啟動(dòng)服務(wù) systemctl start pdns
systemctl enable pdns 安裝httpd和php相關(guān)包 yum -y install httpd php php-devel php-gd php-mcrypt php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc php-mbstring php-mcrypt php-mhash gettext wget
systemctl start httpd
systemctl enable httpd 下載poweradmin程序,并解壓縮到相應(yīng)目錄 cd /var/www/html
wget http://downloads.sourceforge.net/project/poweradmin/poweradmin-2.1.7.tgz
tar xvf poweradmin-2.1.7.tgz
mv poweradmin-2.1.7 /var/www/html/poweradmin 訪問下面地址,啟動(dòng)PowerAdmin的網(wǎng)頁安裝向?qū)?#xff0c;選擇英文然后 go to step2: http://192.168.205.147/poweradmin/install/ 提供先前配置的數(shù)據(jù)庫詳情,同時(shí)為Poweradmin設(shè)置管理員密碼 Username: 為上面91步創(chuàng)建的用戶名,此處應(yīng)該為powerdns
password:為上面91步創(chuàng)建的密碼應(yīng)該為centos
database type :為myql
hostname: 為mysql主服務(wù)器的IP
DB port: 為默認(rèn)的3306
database: 為上面9步創(chuàng)建的數(shù)據(jù)庫名稱powerdns
poweradmin adminstrator pasword: 此處為powerdns會(huì)自動(dòng)創(chuàng)建一個(gè)web管理員名為admin的用戶,此為admin的密碼
 為Poweradmin創(chuàng)建一個(gè)受限用戶,powerDNS會(huì)使用這個(gè)帳戶來更新powerdns數(shù)據(jù)庫,上面的只是用來連接數(shù)據(jù)庫,此處為真正更新時(shí)使用的帳戶 Username:更新的用戶名
Password:上述用戶的密碼
Hostmaster:當(dāng)創(chuàng)建SOA記錄指定默認(rèn)主機(jī)管理員
Primary nameserver:主域名服務(wù)器,此處應(yīng)該為192.168.205.17
Secondary namesever: 輔域名服務(wù)器, 沒有輔助服務(wù)器,可以不添
 跟據(jù)上面的輸入,他會(huì)自動(dòng)產(chǎn)生sql語句,按照下面頁面說明,在數(shù)據(jù)庫中192.168.205.147創(chuàng)建用戶并授權(quán) MariaDB [powerdns]> GRANT SELECT, INSERT, UPDATE, DELETE ON powerdns.* TO 'poweradmin'@'127.0.0.1' IDENTIFIED BY 'centos1';
 按下面頁面說明,創(chuàng)建config.in.php文件內(nèi)容 刪除install目錄 rm -rf /var/www/html/poweradmin/install/
 登錄http://202.106.0.17/poweradmin/ username:admin
password:admin 參看第96步 添加主機(jī)記錄在powerdns上 在客戶端的windows中測試dns解析
總結(jié)
以上是生活随笔 為你收集整理的架构测试:HAproxy实现负载均衡,前端为nginx+php,数据库实现读写分离和高可用... 的全部內(nèi)容,希望文章能夠幫你解決所遇到的問題。
如果覺得生活随笔 網(wǎng)站內(nèi)容還不錯(cuò),歡迎將生活随笔 推薦給好友。
