当前位置:Gxlcms > 数据库问题 > HAproxy实现nginx+php负载均衡,后端数据库读写分离

HAproxy实现nginx+php负载均衡,后端数据库读写分离

时间:2021-07-01 10:21:17 帮助过:12人阅读

环境:
  1. <code>? 202.106.0.6: as client
  2. ? 202.106.0.17:as firewall
  3. ? 202.106.0.147: as powerDNS
  4. ? 192.168.205.27: as NFS server
  5. ? 192.168.205.37: as NFS Backup server(inotify+rsync)
  6. ? 192.168.205.47: as proxysql1
  7. ? 192.168.205.57: as porxysql2
  8. ? 192.168.205.67: as MHA for manager mysql master/slave
  9. ? 192. 168.205.77: as mysql primary
  10. ? 192.168.205.87: as mysql secondary
  11. ? 192.168.205.97: as secondary 2
  12. ? 192.168.205.107: as HAproxy1
  13. ? 192.168.205.117: as HAproxy2
  14. ? 192.168.205.127: as web1 (nginx +php+wordpress)
  15. ? 192.168.205.137: as web2 (nginx +php+wordpress)
  16. 注:所有操作系统默认停用firewalld,iptable为空,关闭selinux</code>

版本:

  • OS: centos 7 1810 with mini install
  • poweradmin-2.1.7.tgz
  • mariadb-5.5.60(主要测试主从自动切换和读写分离没有使用高版本)
  • nginx-1.16.1.tar.gz
  • php-7.3.7.tar.xz
  • wordpress-5.0.4-zh_CN.tar.gz
  • mha4mysql-manager-0.56-0.el6.noarch.rpm
  • mha4mysql-node-0.56-0.el6.noarch.rpm
    注:其它未注明均为yum 安装

目地:

  1. <code>? 实现nginx编译安装和支持fast-cgi, 编译安装php7.3支持最新的wordpress,
  2. ? 通过MHA实现主从的自动切换,通过proxysql实现读写的分离,并实瑞proxy的高可用性
  3. ? web静态页面存在nfs共享文件中,通地inotify 和rsync进行实时的备份网站的数据。
  4. ? 前端通过haproxy实现负载均衡</code>

步骤:

  1. <code>1. 安装mariadb并配置主从
  2. 2. 配置半同步复制
  3. 3. 实现MHA管理
  4. 4. 实现proxysql
  5. 5. 实现proxysql的keepalive
  6. 6. 安装rsync server做为nfs backup服务器
  7. 7. 安装nginx和php
  8. 8. 安装haproxy
  9. 9. 实现firewall DNAT
  10. 10. 测试</code>

安装mariadb,实现主从

  1. 通过脚本yum真接安装mariadb在77,87,97上,安装完成后自动重启
    1. <code>[root@master data]#vi maridb_yum.sh
    2. #!/bin/bash
    3. ID=`ip a show dev eth0 | sed -r ‘3!d;s@(.*inet)(.*)(/.*)@\2@‘ | cut -d. -f4`
    4. rpm -q mariadb-server ||yum install -y mariadb-server
    5. [ -d /data/mysql ] || mkdir -p /data/mysql
    6. [ -d /data/logs ] || mkdir -p /data/logs
    7. chown mysql:mysql /data/{mysql,logs}
    8. sed -i ‘s@datadir=/var/lib/mysql@datadir=/data/mysql@‘ /etc/my.cnf
    9. grep "log-bin" /etc/my.cnf || sed -i ‘/\[mysqld\]/a log-bin=/data/logs/bin‘ /etc/my.cnf
    10. rep "innodb_file_per_table" /etc/my.cnf || sed -i ‘/\[mysqld\]/a innodb_file_per_table = on‘ /etc/my.cnf
    11. grep "skip_name_resolve" /etc/my.cnf || sed -i ‘/\[mysqld\]/a skip_name_resolve = on‘ /etc/my.cnf
    12. grep "server-id" /etc/my.cnf || sed -i "/\[mysqld\]/a server-id=$ID" /etc/my.cnf
    13. service mariadb restart</code>
  2. 修改slave数据库的配置
    1. <code>[root@slave1 ~]#vi /etc/my.cnf
    2. [mysqld]
    3. read_only
    4. relay_log_purge=0
    5. [root@slave1 ~]#systemctl restart mariadb
    6. [root@slave2 ~]#vi /etc/my.cnf
    7. [mysqld]
    8. read_only
    9. [root@slave2 ~]#systemctl restart mariadb</code>
  3. 在主服务器上记录复制位置
    1. <code>MariaDB [(none)]> show master logs;</code>
  4. 在主服务器创建同步帐号
    1. <code>MariaDB [(none)]> grant replication slave on *.* to repluser‘192.168.205.%‘ identified by ‘centos‘;</code>
  5. 分别在从服务器上修改change master to
    1. <code>CHANGE MASTER TO
    2. MASTER_HOST=‘192.168.205.77‘,
    3. MASTER_USER=‘repluser‘,
    4. MASTER_PASSWORD=‘centos‘,
    5. MASTER_PORT=3306,
    6. MASTER_LOG_FILE=‘bin.000003‘, #此文件跟据主上的show master logs
    7. MASTER_LOG_POS=245; #此位置跟据主上的show master logs</code>
  6. 在所有的从节点上启动i/o线和relay线程
    1. <code>MariaDB [(none)]> satar slave
    2. MariaDB [(none)]> show slave status;</code>

    配置半同步复制

  7. 记录半同步插件的文件名称
    1. <code>[root@master ~]#rpm -ql mariadb-server
    2. /usr/lib64/mysql/plugin/semisync_master.so
    3. /usr/lib64/mysql/plugin/semisync_slave.so</code>
  8. 在主服务器和从服务器上安装半同步插件
    1. <code>MariaDB [(none)]> install plugin rpl_semi_sync_master soname ‘semisync_master.so‘;</code>
  9. 查看半同步的状态
    1. <code>MariaDB [(none)]> show global variables like ‘%semi%‘ ;
    2. +------------------------------------+-------+
    3. | Variable_name | Value |
    4. +------------------------------------+-------+
    5. | rpl_semi_sync_master_enabled | OFF | #半同步默认off
    6. | rpl_semi_sync_master_timeout | 10000 | #超时毫秒,10秒
    7. | rpl_semi_sync_master_trace_level | 32 |
    8. | rpl_semi_sync_master_wait_no_slave | ON |
    9. +------------------------------------+-------+
    10. 4 rows in set (0.00 sec)</code>
  10. 启用半同步
    1. <code>MariaDB [(none)]> set global rpl_semi_sync_master_enabled=on;
    2. Query OK, 0 rows affected (0.00 sec)</code>
  11. 查看半同步状态信息
    1. <code>MariaDB [(none)]> show global status like ‘%semi%‘;
    2. +--------------------------------------------+-------+
    3. | Variable_name | Value |
    4. +--------------------------------------------+-------+
    5. | Rpl_semi_sync_master_clients | 0 |
    6. | Rpl_semi_sync_master_net_avg_wait_time | 0 |
    7. | Rpl_semi_sync_master_net_wait_time | 0 |
    8. | Rpl_semi_sync_master_net_waits | 0 |
    9. | Rpl_semi_sync_master_no_times | 0 |
    10. | Rpl_semi_sync_master_no_tx | 0 |
    11. | Rpl_semi_sync_master_status | ON |
    12. | Rpl_semi_sync_master_timefunc_failures | 0 |
    13. | Rpl_semi_sync_master_tx_avg_wait_time | 0 |
    14. | Rpl_semi_sync_master_tx_wait_time | 0 |
    15. | Rpl_semi_sync_master_tx_waits | 0 |
    16. | Rpl_semi_sync_master_wait_pos_backtraverse | 0 |
    17. | Rpl_semi_sync_master_wait_sessions | 0 |
    18. | Rpl_semi_sync_master_yes_tx | 0 |
    19. +--------------------------------------------+-------+
    20. 14 rows in set (0.00 sec)</code>
  12. 在所有的从节点安装slave semi插件;
    1. <code>MariaDB [(none)]> install plugin rpl_semi_sync_slave soname ‘semisync_slave.so‘;
    2. Query OK, 0 rows affected (0.00 sec)
    3. MariaDB [(none)]> show plugins;
    4. | rpl_semi_sync_slave | ACTIVE | REPLICATION | semisync_slave.so | GPL |
    5. +--------------------------------+----------+--------------------+-------------------+---------+
    6. 43 rows in set (0.00 sec)</code>
  13. 查看所有从节点的半同步状态,并启用半同步状态,需要重新启动线程,再查看半同步状态是on才可以
    1. <code>
    2. MariaDB [(none)]> show global variables like ‘%semi%‘;
    3. +---------------------------------+-------+
    4. | Variable_name | Value |
    5. +---------------------------------+-------+
    6. | rpl_semi_sync_slave_enabled | OFF |
    7. | rpl_semi_sync_slave_trace_level | 32 |
    8. +---------------------------------+-------+
    9. 2 rows in set (0.00 sec)
    10. MariaDB [(none)]> set global rpl_semi_sync_slave_enabled=on;
    11. Query OK, 0 rows affected (0.00 sec)
    12. MariaDB [(none)]> show global variables like ‘%semi%‘;
    13. +---------------------------------+-------+
    14. | Variable_name | Value |
    15. +---------------------------------+-------+
    16. | rpl_semi_sync_slave_enabled | ON |
    17. | rpl_semi_sync_slave_trace_level | 32 |
    18. +---------------------------------+-------+
    19. 2 rows in set (0.00 sec)
    20. MariaDB [(none)]> stop slave;
    21. Query OK, 0 rows affected (0.00 sec)</code>

MariaDB [(none)]> start slave;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> show global status like ‘%semi%‘;
+----------------------------+-------+
| Variable_name | Value |
+----------------------------+-------+
| Rpl_semi_sync_slave_status | ON |
+----------------------------+-------+
1 row in set (0.00 sec)

  1. <code>14. 此时查看主节点的状态 </code>

MariaDB [(none)]> show global status like ‘%semi%‘;
+--------------------------------------------+-------+
| Variable_name | Value |
+--------------------------------------------+-------+
| Rpl_semi_sync_master_clients | 2 | #表示已经有两个客户端,说明成功
| Rpl_semi_sync_master_net_avg_wait_time | 0 |
| Rpl_semi_sync_master_net_wait_time | 0 |
| Rpl_semi_sync_master_net_waits | 0 |
| Rpl_semi_sync_master_no_times | 0 |
| Rpl_semi_sync_master_no_tx | 0 |
| Rpl_semi_sync_master_status | ON | #状态是on表半同步打开
| Rpl_semi_sync_master_timefunc_failures | 0 |
| Rpl_semi_sync_master_tx_avg_wait_time | 0 |
| Rpl_semi_sync_master_tx_wait_time | 0 |
| Rpl_semi_sync_master_tx_waits | 0 |
| Rpl_semi_sync_master_wait_pos_backtraverse | 0 |
| Rpl_semi_sync_master_wait_sessions | 0 |
| Rpl_semi_sync_master_yes_tx | 0 |
+--------------------------------------------+-------+
14 rows in set (0.00 sec)

  1. <code>
  2. #### 实现MHA管理
  3. 15. 安装从mha网站下载的mha rpm软件包,依赖包要去epel下载,所以要启用epel源</code>

[root@MHA ~]#yum install mha4mysql-manager-0.56-0.el6.noarch.rpm mha4mysql-node-0.56-0.el6.noarch.rpm

  1. <code>16. 所有节点上安装node包,无论主不是从,mha都会当做一个node来看</code>

[root@master ~]#yum install mha4mysql-node-0.56-0.el6.noarch.rpm
[root@slave1 data]#yum install mha4mysql-node-0.56-0.el6.noarch.rpm
[root@slave2 data]#yum install mha4mysql-node-0.56-0.el6.noarch.rpm

  1. <code>17. 在主服务器上创建帐号做为mha的监控帐号使用</code>

MariaDB [(none)]> grant all on . to mhauser@‘192.168.205.%‘ identified by ‘centos‘;

  1. <code>18. 由于主从在切换时,MHA要修改配置文件等,所以需要ssh key验证,我们采用速的方法,直接在本地产生key和authorized文件一并复制到所有节点</code>

[root@MHA ~]#ssh-keygen
[root@MHA ~]#ssh-copy-id 192.168.205.67
[root@MHA ~]#cat .ssh/authorized_keys
[root@MHA ~]#scp -r .ssh 192.168.205.77:/root/
[root@MHA ~]#scp -r .ssh 192.168.205.87:/root/
[root@MHA ~]#scp -r .ssh 192.168.205.97:/root/

  1. <code>19. MHA配置文件没有,我们直接按照如下创建 </code>

[root@MHA ~]#mkdir /etc/mha
[root@MHA ~]#vim /etc/mha/app1.cnf
[server default]
master_binlog_dir=/data/logs/
user=mhauser #这个帐号为mha监控mysql的帐号
password=centos #帐号的密码
manager_workdir=/data/mastermha/app1/ #配置文件的存放位置
manager_log=/data/mastermha/app1/manager.log #日志的存放位置
remote_workdir=/data/mastermha/app1/
ssh_user=root #SSH key连接的用户名
repl_user=repluser #复制帐号,也就是我们上面创建的复制帐号名
repl_password=centos #复制帐号的密码
ping_interval=1 #检测间隔为每一秒
[server1] #定议节点服务器
hostname=192.168.205.77
candidate_master=1
[server2]
hostname=192.168.205.87
[server3]
hostname=192.168.205.97
candidate_master=1 #表示当主不可用时优先提升为主的从服务器

  1. <code>20. 启动之前进行检查ssh,repl复制是否准备好, 如果successful 我们可以进行下一步。</code>

[root@MHA ~]#masterha_check_ssh --conf=/etc/mha/app1.cnf
[root@MHA ~]#masterha_check_repl --conf=/etc/mha/app1.cnf

  1. <code>21. 起动进程,此进程前台运行,当主节点失败时切换完成后它会终止,所以要想持续要重启进程 </code>

[root@MHA ~]#masterha_manager --conf=/etc/mha/app1.cnf
Mon Aug 12 23:33:22 2019 - [warning] Global configuration file /etc/masterha_default.cnf not found. Skipping.
Mon Aug 12 23:33:22 2019 - [info] Reading application default configuration from /etc/mha/app1.cnf..
Mon Aug 12 23:33:22 2019 - [info] Reading server configuration from /etc/mha/app1.cnf..

  1. <code>#### 实现proxysql
  2. 22. 我们直接在两个proxysql服务器上创建yum源来安装proxysql</code>

cat <<EOF | tee /etc/yum.repos.d/proxysql.repo
[proxysql_repo]
name= ProxySQL YUM repository
#baseurl=https://repo.proxysql.com/ProxySQL/proxysql-2.0.x/centos/\$releasever
baseurl=https://repo.proxysql.com/ProxySQL/proxysql-1.4.x/centos/\$releasever
gpgcheck=1
gpgkey=https://repo.proxysql.com/ProxySQL/repo_pub_key
EOF

  1. <code>23. 因为proxysql是一个基于轻量的数据库配置的,所以我们需要一个sql客户端来连接设置proxysql</code>

[root@proxysql1 ~]#yum install proxysql mariadb
[root@proxysql2 ~]#yum install proxysql mariadb

  1. <code>23. 启动服务器查看端口,其中6032为proxysql的数据库端口,6033为proxysql的用户连接端口</code>

[root@proxysql1 ~]#service proxysql start
[root@proxysql2 ~]#service proxysql start
[root@proxysql1 ~]#ss -ntl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 :6032 :
LISTEN 0 128
:6033 :
LISTEN 0 128 :6033 :
LISTEN 0 128
:6033 :
LISTEN 0 128 :6033 :*

  1. <code>24. proxysql默认的用户名和密码是admin admin, 监听端口为6032, </code>

[root@proxysql1 ~]#mysql -uadmin -padmin -P6032 -h127.0.0.1

  1. <code>25. 在所有的proxysql注册sql server的节点,包括所有的主从节点,使有和insert插入记录到mysql_servers库用</code>

MySQL [(none)]> insert into mysql_servers(hostgroup_id,hostname,port) values(10,‘192.168.205.77‘,3306);
MySQL [(none)]> insert into mysql_servers(hostgroup_id,hostname,port) values(10,‘192.168.205.87‘,3306);
MySQL [(none)]> insert into mysql_servers(hostgroup_id,hostname,port) values(10,‘192.168.205.97‘,3306);
MySQL [(none)]> load mysql servers to runtime;
MySQL [(none)]> save mysql servers to disk;

  1. <code>26. 查看一下我们刚才添加的主机记录是否在库中</code>

MySQL [(none)]> select * from mysql_servers;

  1. <code>27. 由于proxysql是查看主和从的数据的read_only来判读谁是主谁是从的,所以建立一账号用来连接到主和从服务器上,我们要在主节点上建立这个帐号,它会复制到从节点上</code>

MariaDB [(none)]> grant replication client on . to monitor@‘192.168.205.%‘ identified by ‘centos‘;

  1. <code>28. 在所有的proxysql服务器设置监控账号,保存状态</code>

MySQL [(none)]> set mysql-monitor_username=‘monitor‘;
MySQL [(none)]> set mysql-monitor_password=‘centos‘;
MySQL [(none)]> load mysql variables to runtime;
MySQL [(none)]> save mysql variables to disk;

  1. <code>29. 查看一下相关的日志,以前出错的原因是因为默认没使用monitor密码是monitor进行连接(在proxysql.cnf中可以看到),所以会出错,当你添加完帐号就成功了,</code>

MySQL [(none)]> select from mysql_server_connect_log;
MySQL [(none)]> select
from mysql_server_ping_log;

  1. <code>30. 需要修改的是main库中的mysql_replication_hostgroups表,该表有3个字段:writer_hostgroup, reader_hostgroup,comment, 指定写组的id为10,读组的id为20 </code>

MySQL [(none)]> insert into mysql_replication_hostgroups values(10,20,"test");
MySQL [(none)]> load mysql servers to runtime;
MySQL [(none)]> save mysql servers to disk;

  1. <code>31. proxySQL会跟据刚才连接帐号判断read_only并自动的把三个服务器按读写组加到这个表中了 </code>

MySQL [(none)]> select hostgroup_id,hostname,port,status,weight from mysql_servers;
MySQL [(none)]> select * from mysql_server_read_only_log;

  1. <code>32. 在主服务器上设置一个帐号用来测试</code>

MySQL [(none)]> grant all on . to sqluser@‘192.168.205.%‘ identified by ‘centos‘;

  1. <code>33. 在proxysql服务器上设置这个帐号的缺省组为10</code>

MySQL [(none)]> insert into mysql_users(username,password,default_hostgroup) values(‘sqluser‘,‘centos‘,10);
MySQL [(none)]> load mysql users to runtime;
MySQL [(none)]> save mysql users to disk;

  1. <code>34. 此时proxysql还是不知道那些sql语句算读,那些为写,我们要定义好,让它来区别并发送到不同的组服务器上,其中10为写,20组为读</code>

MySQL [(none)]>insert into mysql_query_rules
(rule_id,active,match_digest,destination_hostgroup,apply) VALUES
(1,1,‘^SELECT.*FOR UPDATE$‘,10,1),(2,1,‘^SELECT‘,20,1);
MySQL [(none)]>load mysql query rules to runtime;
MySQL [(none)]>save mysql query rules to disk;

  1. <code>35. 查看一下你添加的规则</code>

MySQL [(none)]>select rule_id,active,match_digest,destination_hostgroup,apply from mysql_query_rules;

  1. <code>36. 测试连接并实现读,可以看到一会调度到87,一会调度到97</code>

mysql -usqluser -pcentos -P6033 -h127.0.0.1 -e ‘select @@server_id‘

  1. <code>37. 如果使用事务不能发送到读服务器,只会发送到主服务器</code>

mysql -usqluser -pcentos -P6033 -h127.0.0.1 -e ‘begin;select @@server_id;commit‘
mysql -usqluser -pcentos -P6033 -h127.0.0.1 -e ‘create database testdb‘
mysql -usqluser -pcentos testdb -P6033 -h127.0.0.1 -e ‘create table t1(id int)‘

  1. <code>39. 我们可以用下列查询看调度是否成功,并调度到那台服务器上</code>

select hostgroup hg,sum_time,count_star,digest_text from stats_mysql_query_digest order by sum_time desc;

  1. <code>#### 实现proxysql的keepalive
  2. 40. 使用yum安装keepalvie,psmisc,psmisc中有个命令为killall可以检测到进程的状态,keepalive会使用这个做为脚本检测进行是否运行</code>

[root@proxysql1 ~]#yum install keepalived ipvsadm psmisc
[root@proxysql2 ~]#yum install keepalived ipvsadm psmisc

  1. <code>41. 修改keepalive配置文件</code>

[root@proxysql1 ~]#vi /etc/keepalived/keepalived.conf
global_defs {
notification_email {root@localhost
br/>root@localhost
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_1
vrrp_mcast_group4 224.0.0.100
}

Script used to check if Proxy is running

vrrp_script check_proxy { #定义脚本测试proxysql的进程,如果进程down实现主备切换
script "killall -0 proxysql" #监控进程
interval 2 #每二秒监控一次
weight -30 #进程down时priority减30
fall 2
rise 1
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 45
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.205.45/24 dev eth0 label eth0:0
}
track_script {
check_proxy
}
}
[root@proxysql1 ~]#systemctl start keepalived

  1. <code>42. 修改proxysql2的keepalive</code>

[root@proxysql2 ~]#vi /etc/keepalived/keepalived.conf
global_defs {
notification_email {root@localhost
br/>root@localhost
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_2
vrrp_mcast_group4 224.0.0.100
}

Script used to check if Proxy is running

vrrp_script check_proxy {
script "killall -0 proxysql"
interval 2
weight -30
fall 2
rise 1
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 45
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.205.45/24 dev eth0 label eth0:0
}
track_script {
check_proxy
}
}
[root@proxysql2 ~]#systemctl start keepalived

  1. <code>43. 在proxysql1上查看IP,可以看到vip 192.168.205.45, 停掉服务,看一下IP</code>

[root@proxysql1 ~]#ip a
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:37:f9:93 brd ff:ff:ff:ff:ff:ff
inet 192.168.205.47/24 brd 192.168.205.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet 192.168.205.45/24 scope global secondary eth0:0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe37:f993/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@proxysql1 ~]#systemctl stop proxysql

  1. <code>44. 在proxysql2上查看可以看到vip 192.168.205.45已经飘到了proxysql2上</code>

[root@proxysql2 ~]#ip a
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:cf:e5:bb brd ff:ff:ff:ff:ff:ff
inet 192.168.205.57/24 brd 192.168.205.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet 192.168.205.45/24 scope global secondary eth0:0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fecf:e5bb/64 scope link noprefixroute
valid_lft forever preferred_lft forever

  1. <code>45. 我们测试一下能否通过web server通过连接vip连接到后端的服务器,从而实现读写分离</code>

[root@web1 data]#mysql -uwordpress -pcentos -P6033 -h192.168.205.45

  1. <code>
  2. #### 安装rsync server做为nfs backup服务器
  3. 46. 安装rsync服务 </code>

[root@nfs2 data]#yum install rsync

  1. <code>47. 编辑rsyncd.conf文件,让rsyncc以daemon的方式运行 </code>

[root@nfs2 data]#vi /etc/rsyncd.conf
uid = root #以什么身份开启服务
gid = root
use chroot = no
max connections = 0 #不限制连接
ignore errors #忽略错误
exclude = lost+found/
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsyncd.lock
reverse lookup = no 反向解析名称与ip
hosts allow = 192.168.205.0/24 充许连接的主机列表
[backup] 起名子
path = /data/www/
comment = webserver www backup
read only = no 可以写
auth users = rsync
secrets file = /etc/rsync.pass 密码文件

  1. <code>48. 服务器端生成验证文件 </code>

[root@nfs2 data]#echo "rsync:centos" > /etc/rsync.pass
[root@nfs2 data]#chmod 600 /etc/rsync.pass

  1. <code>49. 服务器端准备目录 </code>

[root@nfs2 data]#mkdir /data/www

  1. <code>50. 服务器端启动rsync服务 </code>

[root@nfs2 data]#systemctl start rsyncd

  1. <code>#### 启用NFS服务器
  2. 51. 启用epel</code>
  1. <code>[root@nfs1 data]#yum install inotify-tools nfs-utils rsync</code>
  1. <code>52. 创建目录 </code>

[root@nfs1 data]#mkdir /data/www

  1. <code>53. 创建用户nginx用户 </code>

[root@nfs1 data]# useradd -s /sbin/nologin nginx -u 2000
[root@nfs1 data]# id nginx
uid=2000(nginx) gid=2000(nginx) groups=2000(nginx)

  1. <code>54. 修改NFS配置文件,共享www目录 </code>

[root@nfs1 data]# vi /etc/exports
/data/www 192.168.205.0/24(rw,all_squash,anonuid=2000,anongid=2000)
[root@nfs1 data]# systemctl restart nfs-server

  1. <code>55. 将NFS服务器配置为rsync的客户端,先配置密码文件 </code>

[root@nfs1 data]#echo "centos" > /etc/rsync.pass
[root@nfs1 data]#chmod 600 /etc/rsync.pass

  1. <code>56. 安装inotify实现实时同步数据,客户端创建inotify_rsync.sh脚本 </code>

[root@nfs1 data]#cat inotify_rsync.sh #!/bin/bash
SRC=‘/data/www/‘
DEST=‘rsync@192.168.205.37::backup‘
br/>#!/bin/bash
SRC=‘/data/www/‘
DEST=‘rsync@192.168.205.37::backup‘
-e create,delete,moved_to,close_write,attrib ${SRC} | \
while read DATE TIME DIR FILE;do
FILEPATH=${DIR}${FILE}
rsync -az --delete --password-file=/etc/rsync.pass $SRC $DEST && echo "At ${TIME} \
on ${DATE}, file $FILEPATH was backuped up via rsync" >> /var/log/changelist.log
done

  1. <code>57. 将脚本文件存在rc.local中,启动进会自动执行 </code>

[root@nfs1 data]#chmod +x inotify_rsync.sh
[root@nfs1 data]#vi /etc/rc.d/rc.local
/data/inotify_rsync.sh &
[root@nfs1 data]#chmod +x /etc/rc.d/rc.local

  1. <code>58. 在web server中实现挂载,安装nfs-utils工具才可以mount NFS文件系统 </code>

[root@web1 ~]#yum install nfs-utils
[root@web2 ~]#yum install nfs-utils

  1. <code>59. 测试连接NFS服务器的共享文件 </code>

[root@web1 ~]#showmount -e 192.168.205.27
Export list for 192.168.205.27:
/data/www 192.168.205.0/24
[root@web1 ~]#mount 192.168.205.27:/data/www /data/www
[root@web2 ~]#mount 192.168.205.27:/data/www /data/www
[root@web1 ~]#df
[root@web2 ~]#df

  1. <code>60. 在两个web server中将mount写入到fstab文件中,实现开机自动mount </code>

[root@web1 ~]##vi /etc/fstab
192.168.205.27:/data/www /app/httpd24/htdocs nfs defaults 0 0

  1. <code>
  2. #### 安装nginx和php
  3. 61. 复制nginx和php源码文件到一个目录中在两个web服务器上</code>

nginx-1.16.1.tar.gz
php-7.3.7.tar.xz

  1. <code>62. 执行nginx安装脚本在同一个目录中</code>

[root@web2 ~]#cat nginx_install_bin.sh
#!/bin/bash
#########################
#difination variables
#########################
TMP_DIR=pwd
NGINX="nginx-1.16.1.tar.gz"
NGINX_DIR=echo "$NGINX" |rev | cut -d. -f3- | rev
INS_DIR="/apps/nginx"
##########################
#Packges check and install
##########################
pkg(){
for i in $PKGS; do
rpm -q $i &> /dev/null && echo "Packge rpm -q $i is installed" || yum -y install $i
done
}
#####################
#NGINX INSTALLATION
#1.unarchive binary
####################
#install dependency packges,just add packges name to variable PKGS separate by SPACE.
#Example PKGS="libaio gcc glibc"
nginx_ins(){
PKGS="gcc pcre-devel openssl-devel zlib-devel"
pkg
cd $TMP_DIR
[ -e $TMP_DIR/$NGINX ] || wget -c http://nginx.org/download/$NGINX
tar xf $TMP_DIR/$NGINX
cd $NGINX_DIR
./configure \
--prefix=$INS_DIR \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--pid-path=/var/run/nginx.pid \
--lock-path=/var/run/nginx.lock \
--user=nginx \
--group=nginx \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_dav_module \
--with-http_stub_status_module \
--with-http_gzip_static_module \
--with-http_realip_module \
--with-pcre \
--with-threads \
--with-file-aio \
--with-stream \
--with-stream_ssl_module \
--with-stream_realip_module
if [ $? -eq 0 ]; then
make -j 4 && make install
cd $TMP_DIR
rm -rf $HTTPD_DIR
else
echo "please remake and make install"
fi
id nginx || useradd nginx -s /sbin/nologin -u 2000
chown nginx:nginx -R $INS_DIR
echo "$INS_DIR/sbin/nginx" >> /etc/rc.d/rc.local
chmod +x /etc/rc.d/rc.local
ln -s $INS_DIR/sbin/nginx /sbin/nginx
nginx
}

###############
#OPTIONS SELECT
###############
case $1 in
install)
nginx_ins
;;
remove)
nginx_rm
;;
*)
echo "Useage $0 $1 install|remove"
;;
esac
[root@web2 ~]#./nginx_install_bin.sh install

  1. <code>63. 执行如下脚本安装php</code>
  1. <code>[root@web2 ~]#cat apache_php_install.sh
  2. #!/bin/bash
  3. #########################
  4. #difination variables
  5. #########################
  6. TMP_DIR=`pwd`
  7. APR="apr-1.7.0.tar.bz2"
  8. APR_UTIL="apr-util-1.6.1.tar.bz2"
  9. HTTPD="httpd-2.4.39.tar.bz2"
  10. PHP="php-7.3.7.tar.xz"
  11. HTTPD_DIR=`echo "$HTTPD" |rev | cut -d. -f3- | rev`
  12. APR_DIR=`echo "$APR" |rev | cut -d. -f3- | rev`
  13. APR_UTIL_DIR=`echo "$APR_UTIL" | rev | cut -d. -f3- | rev`
  14. PHP_DIR=`echo "$PHP" | rev | cut -d. -f3- | rev`
  15. INS_HTTPD_DIR=/app/httpd24
  16. INS_PHP_DIR=/app/php
  17. ##########################
  18. #Packges check and install
  19. ##########################
  20. pkg(){
  21. for i in $PKGS; do
  22. rpm -q $i &> /dev/null && echo "Packge `rpm -q $i` is installed" || yum -y install $i
  23. done
  24. }
  25. #####################
  26. #APACHE INSTALLATION
  27. #1.unarchive binary
  28. ####################
  29. #install dependency packges,just add packges name to variable PKGS separate by SPACE.
  30. #Example PKGS="libaio gcc glibc"
  31. httpd_ins(){
  32. PKGS="gcc prce-devel openssl-devel expat-devel lbzip2"
  33. pkg
  34. cd $TMP_DIR
  35. if [ -e $TMP_DIR/$HTTPD ]; then
  36. tar xf $HTTPD
  37. else
  38. echo "file $HTTPD does not exist, pleases download it"
  39. exit
  40. fi
  41. if [ -e $TMP_DIR/$APR ]; then
  42. tar xf $APR
  43. mv $APR_DIR $HTTPD_DIR/srclib/apr
  44. else
  45. echo "file $APR does not exist, pleases download it"
  46. exit
  47. fi
  48. if [ -e $TMP_DIR/$APR_UTIL ]; then
  49. tar xf $APR_UTIL
  50. mv $APR_UTIL_DIR $HTTPD_DIR/srclib/apr-util
  51. else
  52. echo "file $APR_UTIL does not exist, pleases download it"
  53. exit
  54. fi
  55. ########################
  56. #2.make and make install
  57. ########################
  58. id apache||useradd -r -s /sbin/nologin apache
  59. cd $HTTPD_DIR
  60. ./configure --prefix=$INS_HTTPD_DIR --enable-so --enable-ssl --enable-cgi --enable-rewrite --with-zlib --with-pcre --with-included-apr --enable-modules=most --enable-mpms-shared=all --with-mpm=prefork
  61. if [ $? -eq 0 ]; then
  62. make -j 4 && make install
  63. cd $TMP_DIR
  64. rm -rf $HTTPD_DIR
  65. else
  66. echo "please remake and make install"
  67. fi
  68. #####################
  69. #3. modify config files
  70. ######################
  71. sed -ri ‘s@^(.*) daemon$@\1 apache@‘ $INS_HTTPD_DIR/conf/httpd.conf
  72. sed -ri ‘s@DirectoryIndex@DirectoryIndex index.php @‘ $INS_HTTPD_DIR/conf/httpd.conf
  73. sed -ri ‘s@#(LoadModule proxy_module modules/mod_proxy.so)@\1@‘ $INS_HTTPD_DIR/conf/httpd.conf
  74. sed -ri ‘s@#(LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so)@\1@‘ $INS_HTTPD_DIR/conf/httpd.conf
  75. sed -ri ‘s@#(LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so)@\1@‘ $INS_HTTPD_DIR/conf/httpd.conf
  76. cat >> $INS_HTTPD_DIR/conf/httpd.conf <<-EOF
  77. AddType application/x-httpd-php .php
  78. AddType application/x-httpd-php-source .phps
  79. ProxyRequests Off
  80. ProxyPassMatch "^/.*\.php(/.*)?$" "fcgi://localhost:9000/app/httpd24/htdocs/"
  81. EOF
  82. echo "PATH=$INS_HTTPD_DIR/bin:\$PATH" > /etc/profile.d/httpd.sh
  83. source /etc/profile.d/httpd.sh
  84. echo "$INS_HTTPD_DIR/bin/apachectl start" >> /etc/rc.d/rc.local
  85. chmod +x /etc/rc.d/rc.local
  86. apachectl start
  87. }
  88. #########################
  89. #PHP INSALLATION
  90. #1. unarchive install packge
  91. #########################
  92. php_ins(){
  93. PKGS="libxml2-devel bzip2-devel libmcrypt-devel gd-devel"
  94. pkg
  95. cd $TMP_DIR
  96. echo $TMP_DIR
  97. if [ -e $TMP_DIR/$PHP ]; then
  98. tar xvf $PHP
  99. else
  100. echo "files $PHP does not exist, pleases download it"
  101. exit
  102. fi
  103. #######################
  104. #2. make and make install
  105. #######################
  106. cd $PHP_DIR/
  107. ./configure --prefix=$INS_PHP_DIR --enable-mysqlnd --with-mysqli=mysqlnd --with-pdo-mysql=mysqlnd --with-openssl --with-freetype-dir --with-jpeg-dir --with-png-dir --with-zlib --with-libxml-dir=/usr --with-config-file-path=/etc --with-config-file-scan-dir=/etc/php.d --enable-mbstring --enable-xml --enable-sockets --enable-fpm --enable-maintainer-zts --disable-fileinfo --with-gd --with-imap--with-ldap--with-odbcver--with-iodbc--with-pear--with-libxml-dir--with-xmlrpc--enable-mbstring--with-mhash--with-gettext
  108. if [ $? -eq 0 ]; then
  109. make && make install
  110. else
  111. echo "please re make and make install"
  112. fi
  113. ######################
  114. #3. modify config file
  115. ######################
  116. cp php.ini-production /etc/php.ini
  117. cp sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm
  118. chmod +x /etc/init.d/php-fpm
  119. cd $INS_PHP_DIR/etc
  120. cp php-fpm.conf.default php-fpm.conf
  121. cd php-fpm.d/
  122. cp www.conf.default www.conf
  123. sed -ri ‘s@(^.*) = nobody@\1 = apache@‘ $INS_PHP_DIR/etc/php-fpm.d/www.conf
  124. chkconfig --add php-fpm
  125. service php-fpm start
  126. cd $TMP_DIR
  127. rm -rf $PHP_DIR
  128. echo ‘<?php phpinfo(); ?>‘ > /app/httpd24/htdocs/index.php
  129. }
  130. ##################
  131. #4. remove PHP
  132. #################
  133. rmphp(){
  134. service php-rpm stop
  135. rm /app/php -rf
  136. rm /etc/php.ini -f
  137. chkconfig --del php-fpm
  138. rm /etc/init.d/php-fpm -f
  139. }
  140. ################
  141. #5. remove HTTPD
  142. ################
  143. rmhttpd(){
  144. apachectl stop
  145. rm /app/httpd24 -rf
  146. sed -i ‘/\/app\/http24\/bin\/apachectl start/d‘ /etc/rc.d/rc.local
  147. rm /etc/profile.d/httpd.sh
  148. }
  149. ###############
  150. #OPTIONS SELECT
  151. ###############
  152. case $1 in
  153. install)
  154. case $2 in
  155. httpd)
  156. httpd_ins
  157. ;;
  158. php)
  159. php_ins
  160. ;;
  161. *)
  162. echo "Useage $0 $1 httpd|php"
  163. ;;
  164. esac
  165. ;;
  166. remove)
  167. case $2 in
  168. php)
  169. rmphp
  170. ;;
  171. httpd)
  172. rmhttpd
  173. ;;
  174. *)
  175. echo "Useage $0 $1 httpd|php"
  176. ;;
  177. esac
  178. ;;
  179. *)
  180. echo "Useage $0 <install|remove> <php|httpd>"
  181. ;;
  182. esac
  183. [root@web2 ~]#./apache_php_install.sh install php
  184. 64. 修改nginx配置文件
  185. [root@web2 ~]#vi /etc/nginx/nginx.conf
  186. server {
  187. listen 80;
  188. server_name www.zhaoli.com;
  189. location / {
  190. root /data/www;
  191. index index.php index.html index.htm;
  192. }
  193. location ~ \.php$ {
  194. root /data/www;
  195. fastcgi_pass 127.0.0.1:9000;
  196. fastcgi_index index.php;
  197. fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  198. include fastcgi_params;
  199. }
  200. }</code>
  1. <code>65. 修改php配置文件</code>
  1. <code>[root@web2 ~]#vi /app/php/etc/php-fpm.d/www.conf
  2. user = nginx
  3. group = nginx
  4. listen = 127.0.0.1:9000
  5. listen.owner = nginx
  6. listen.group = nginx
  7. listen.mode = 0660</code>
  1. <code>66. 将所有配置文件复制到所有的web server中并启动服务</code>
  1. <code>[root@web2 ~]#nginx -s reload
  2. [root@web2 ~]#service php-fpm restart</code>
  1. <code>67. 解压缩文件 wordpress-5.0.4-zh_CN.tar.gz </code>
  1. <code> [root@web1 data]#tar xf wordpress-5.0.4-zh_CN.tar.gz -C www</code>
  1. <code>68. 在主服务器上创建wordpress数据库及用户名和密码</code>
  1. <code>MariaDB [(none)]> CREATE DATABASE wordpress;
  2. MariaDB [(none)]> GRANT ALL PRIVILEGES ON wordpress.* TO "wordpress"@"192.168.205.%" IDENTIFIED BY "centos";
  3. MariaDB [(none)]> FLUSH PRIVILEGES;</code>
  1. <code>69. 同样我也需要将这个帐号在所有的proxysql服务器授权</code>
  1. <code>[root@proxysql1 ~]#mysql -uadmin -padmin -P6032 -h127.0.0.1
  2. [root@proxysql2 ~]#mysql -uadmin -padmin -P6032 -h127.0.0.1
  3. 所有proxysql中执行如下:
  4. MySQL [(none)]> insert into mysql_users(username,password,default_hostgroup) values(‘wordpress‘,‘centos‘,10);
  5. MySQL [(none)]> load mysql users to runtime;
  6. MySQL [(none)]> save mysql users to disk; </code>
  1. <code>70. 修改wordpress配置文件</code>
  1. <code>[root@web1 www]#cp wp-config-sample.php wp-config.php
  2. [root@web1 www]#vi wp-config.php
  3. define(‘DB_NAME‘, ‘wordpress‘);
  4. define(‘DB_USER‘, ‘wordpress‘);
  5. define(‘DB_PASSWORD‘, ‘centos‘);
  6. define(‘DB_HOST‘, ‘192.168.205.45:6033‘); #注意这里要添加proxysql vip的地址,端口为6033 </code>
  1. <code>71. 生成密钥,可以使用网站https://api.wordpress.org/secret-key/1.1/salt/ 自动生成,然后直接替换即可 </code>
  1. <code>[root@web1 www]#vi wp-config.php
  2. define(‘AUTH_KEY‘, ‘]xRUezwud7/sl9n{5Qv-=VM|uoqaFauAuc3|6wy<w7Dg0qUC7{.4%#>o+HfjC!I+‘);
  3. define(‘SECURE_AUTH_KEY‘, ‘=e[P3g1~S|:+J@I)f-(:MTf3~h+;hQCg?wuk50NMP)Dgoj3X kL@BDDk%&;zed^`‘);
  4. define(‘LOGGED_IN_KEY‘, ‘f,B`O^3qW20-,`k>dHdW8Bt^/]HZ5 -sA1rz$x:|x3R3~!j*}^mw?0|N)YTO<usi‘);
  5. define(‘NONCE_KEY‘, ‘x/7V-u*8K^d-|3a&L}/V&2b9K}G+r-q&A7NCWin}h3dP1P( /X;fRzqG1U[,;F_C‘);
  6. define(‘AUTH_SALT‘, ‘U,kjv 5&srgsePiCJOxUxc+>HkX#B3:fWbQ;[n^5FD)-4r9C!/+Swwv:k~~HZ|-l‘);
  7. define(‘SECURE_AUTH_SALT‘, ‘;=3HS/eY&DRN0p1_->e#]%h#x=*Q?Zj]A*tC=@*H$9_T%+SF+!w0?b}f/`#K&[h&‘);
  8. define(‘LOGGED_IN_SALT‘, ‘iVWA_K4+X&guJiXc90L4UnQ-#E7+q--rH1_`nhdbSzlC2X.}}R11aua{>8 <hQv:‘);
  9. define(‘NONCE_SALT‘, ‘z4,S7_]&70?7^p[o>$n7tJAq]?12ngpfi(]Cl{zfKs>!.Y?9|4@59{R*Q<k(Hg_.‘);</code>
  1. <code>72. 此时我们可以直接访问web1或web2来测试
  2. #### 安装haproxy
  3. 73. 在所有的proxy server上安装HAproxy和keepalived</code>
  1. <code>[root@haproxy1 ~]#yum install haproxy keepalived
  2. [root@haproxy2 ~]#yum install haproxy keepalived</code>
  1. <code>74. 修改proxysql1的keepalive配置</code>
  1. <code>[root@haproxy1 ~]#vi /etc/keepalived/keepalived.conf
  2. global_defs {
  3. notification_email {
  4. acassen@firewall.loc
  5. failover@firewall.loc
  6. sysadmin@firewall.loc
  7. }
  8. notification_email_from Alexandre.Cassen@firewall.loc
  9. smtp_server 192.168.200.1
  10. smtp_connect_timeout 30
  11. router_id LVS_1
  12. vrrp_skip_check_adv_addr
  13. vrrp_strict
  14. vrrp_iptables
  15. vrrp_garp_interval 0
  16. vrrp_gna_interval 0
  17. }
  18. # Script used to check if HAProxy is running
  19. vrrp_script check_haproxy {
  20. script "killall -0 haproxy"
  21. interval 2
  22. weight -30
  23. fall 2
  24. rise 1
  25. }
  26. vrrp_instance VI_1 {
  27. state MASTER
  28. interface eth0
  29. virtual_router_id 111
  30. priority 100
  31. advert_int 1
  32. authentication {
  33. auth_type PASS
  34. auth_pass 1111
  35. }
  36. virtual_ipaddress {
  37. 192.168.205.111/24 dev eth0 label eth0:0
  38. }
  39. track_script {
  40. check_haproxy
  41. }
  42. }</code>
  1. <code>75. 修改proxysql2的keepalived配置</code>
  1. <code>[root@haproxy2 ~]#vi /etc/keepalived/keepalived.conf
  2. global_defs {
  3. notification_email {
  4. acassen@firewall.loc
  5. failover@firewall.loc
  6. sysadmin@firewall.loc
  7. }
  8. notification_email_from Alexandre.Cassen@firewall.loc
  9. smtp_server 192.168.200.1
  10. smtp_connect_timeout 30
  11. router_id LVS_2
  12. vrrp_skip_check_adv_addr
  13. vrrp_strict
  14. vrrp_iptables
  15. vrrp_garp_interval 0
  16. vrrp_gna_interval 0
  17. }
  18. # Script used to check if HAProxy is running
  19. vrrp_script check_haproxy {
  20. script "killall -0 haproxy"
  21. interval 2
  22. weight -30
  23. fall 2
  24. rise 1
  25. }
  26. vrrp_instance VI_1 {
  27. state BACKUP
  28. interface eth0
  29. virtual_router_id 111
  30. priority 80
  31. advert_int 1
  32. authentication {
  33. auth_type PASS
  34. auth_pass 1111
  35. }
  36. virtual_ipaddress {
  37. 192.168.205.111/24 dev eth0 label eth0:0
  38. }
  39. track_script {
  40. check_haproxy
  41. }
  42. }</code>
  1. <code>76. 启动服务</code>
  1. <code>[root@haproxy1 ~]#systemctl enable keepalived
  2. [root@haproxy1 ~]#systemctl start keepalived
  3. [root@haproxy2 ~]#systemctl enable keepalived
  4. [root@haproxy2 ~]#systemctl start keepalived </code>
  1. <code>77. 修改haproxy配置文件在所有的haproxy server上</code>
  1. <code>[root@haproxy1 ~]#vi /etc/haproxy/haproxy.cfg
  2. defaults
  3. mode http
  4. log global
  5. option httplog
  6. option dontlognull
  7. option http-server-close
  8. option forwardfor except 127.0.0.0/8
  9. option redispatch
  10. retries 3
  11. timeout http-request 10s
  12. timeout queue 1m
  13. timeout connect 10s
  14. timeout client 1m
  15. timeout server 1m
  16. timeout http-keep-alive 10s
  17. timeout check 10s
  18. maxconn 3000
  19. listen web-80
  20. bind 192.168.205.111:80
  21. server web1 192.168.205.127:80 check inter 3s fall 3 rise 5
  22. server web1 192.168.205.137:80 check inter 3s fall 3 rise 5 </code>
  1. <code>78. 启动服务</code>
  1. <code>[root@haproxy1 ~]#systemctl enable haproxy
  2. [root@haproxy1 ~]#systemctl start haproxy
  3. [root@haproxy1 ~]#ss -ntl
  4. State Recv-Q Send-Q Local Address:Port Peer Address:Port
  5. LISTEN 0 128 192.168.205.111:80 *:*</code>
  1. <code>78. 将haprox配置文件复制到haproxy2上并启动服务</code>
  1. <code>[root@haproxy1 ~]#scp /etc/haproxy/haproxy.cfg 192.168.205.117:/etc/haproxy/
  2. [root@haproxy2 ~]#systemctl enable haproxy
  3. [root@haproxy2 ~]#systemctl start haproxy </code>
  1. <code>79. 我们发现没有监听192.168.205.111:80端口,因为默认不会监听不存在IP的端口</code>
  1. <code>[root@haproxy2 ~]#ss -ntl
  2. State Recv-Q Send-Q Local Address:Port Peer Address:Port
  3. LISTEN 0 128 *:22 *:*
  4. LISTEN 0 100 127.0.0.1:25 *:*
  5. LISTEN 0 128 :::22 :::*
  6. LISTEN 0 100 ::1:25 :::* </code>
  1. <code>80. 修改内核参数可以实现监听,重启haproxy, 可以看到haproxy2也实现了监听, 同样我也需要在haproxy1上加上这个选项否则主失效的情况下,再切回来情况下,haproxy会出错,无法启动</code>
  1. <code>[root@haproxy2 ~]#sysctl -a | grep bind
  2. net.ipv4.ip_nonlocal_bind = 0
  3. [root@haproxy2 ~]#vi /etc/sysctl.conf
  4. net.ipv4.ip_nonlocal_bind = 1
  5. [root@haproxy2 ~]#sysctl -p
  6. net.ipv4.ip_nonlocal_bind = 1
  7. [root@haproxy2 ~]#systemctl restart haproxy
  8. [root@haproxy2 ~]#ss -ntl
  9. State Recv-Q Send-Q Local Address:Port Peer Address:Port
  10. LISTEN 0 128 192.168.205.111:80 *:* </code>
  1. <code>81. 通过192.168.205.111访问web服务器,发现没有问题
  2. 82. 如果停掉haproxy1的keepalive, 再测试</code>
  1. <code>[root@haproxy1 ~]#systemctl stop keepalived</code>
  1. <code>83. 恢复keepalived,尝试停掉haproxy,再测试,发现vip已经切到haproxy2上</code>
  1. <code>[root@haproxy1 ~]#systemctl stop haproxy
  2. [root@haproxy2 ~]#ip a
  3. 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
  4. link/ether 00:0c:29:05:be:a7 brd ff:ff:ff:ff:ff:ff
  5. inet 192.168.205.117/24 brd 192.168.205.255 scope global noprefixroute eth0
  6. valid_lft forever preferred_lft forever
  7. inet 192.168.205.111/24 scope global secondary eth0:0
  8. valid_lft forever preferred_lft forever
  9. inet6 fe80::20c:29ff:fe05:bea7/64 scope link noprefixroute
  10. valid_lft forever preferred_lft forever</code>
  1. <code>
  2. #### 实现firewall
  3. 84. 为了简化我们使用一台linux的iptables做为DNAT,确保关闭firewald</code>
  1. <code>[root@centos7 ~]#iptables -t nat -A PREROUTING -s 0/0 -d 202.106.0.17 -p tcp --dport 80 -j DNAT --to-destination 192.168.205.111:80 </code>
  1. <code>85. 开启ip转发功能</code>
  1. <code>[root@centos7 network-scripts]#cat /proc/sys/net/ipv4/ip_forward
  2. 0
  3. [root@centos7 network-scripts]#sysctl -w net.ipv4.ip_forward=1
  4. net.ipv4.ip_forward = 1
  5. [root@centos7 ~]#vi /etc/sysctl.conf
  6. net.ipv4.ip_forward = 1</code>
  1. <code>86. 安装iptables service实现自动保存</code>
  1. <code>[root@centos7 ~]#yum install iptables-services
  2. [root@centos7 ~]#iptables-save >/etc/sysconfig/iptables
  3. [root@centos7 ~]#systemctl enable iptables.service </code>
  1. <code>87. 注意,Haproxy的默认网关要指向firewall, 两个webserver也默认网关也要指定firewall, 原因在于webserver回包时直接回到网关,实际是不是这样,有待考证,但我加了网站才能够正常访问</code>
  1. <code>[root@haproxy1 ~]#ip r
  2. default via 192.168.205.17 dev eth0 proto static metric 102
  3. [root@haproxy2 ~]#ip r
  4. default via 192.168.205.17 dev eth0 proto static metric 102
  5. [root@web1 ~]#ip r a default via 192.168.205.17 dev eth0
  6. [root@web1 ~]#ip r
  7. default via 192.168.205.17 dev eth0
  8. [root@web2 ~]#ip r a default via 192.168.205.17 dev eth0
  9. [root@web2 ~]#ip r
  10. default via 192.168.205.17 dev eth0</code>
  1. <code>#### 实现powerdns
  2. 88. 安装包:基于EPEL源 </code>

yum install -y pdns pdns-backend-mysql mariadb-server

  1. <code>89. 创建数据库 </code>

CREATE DATABASE powerdns;
GRANT ALL ON powerdns.* TO ‘powerdns‘@‘127.0.0.1‘ IDENTIFIED BY ‘centos‘;
USE powerdns;

  1. <code>90. 创建powerdns数据库中的表 (参考https://doc.powerdns.com/md/authoritative/backend-generic-mysql/)</code>
  1. <code>CREATE TABLE domains (</code>

id INT AUTO_INCREMENT,
name VARCHAR(255) NOT NULL,
master VARCHAR(128) DEFAULT NULL,
last_check INT DEFAULT NULL,
type VARCHAR(6) NOT NULL,
notified_serial INT DEFAULT NULL,
account VARCHAR(40) DEFAULT NULL,
PRIMARY KEY (id)
) Engine=InnoDB;
CREATE UNIQUE INDEX name_index ON domains(name);
CREATE TABLE records (
id BIGINT AUTO_INCREMENT,
domain_id INT DEFAULT NULL,
name VARCHAR(255) DEFAULT NULL,
type VARCHAR(10) DEFAULT NULL,
content VARCHAR(64000) DEFAULT NULL,
ttl INT DEFAULT NULL,
prio INT DEFAULT NULL,
change_date INT DEFAULT NULL,
disabled TINYINT(1) DEFAULT 0,
ordername VARCHAR(255) BINARY DEFAULT NULL,
auth TINYINT(1) DEFAULT 1,
PRIMARY KEY (id)
) Engine=InnoDB;
CREATE INDEX nametype_index ON records(name,type);
CREATE INDEX domain_id ON records(domain_id);
CREATE INDEX recordorder ON records (domain_id, ordername);
CREATE TABLE supermasters (
ip VARCHAR(64) NOT NULL,
nameserver VARCHAR(255) NOT NULL,
account VARCHAR(40) NOT NULL,
PRIMARY KEY (ip, nameserver)
) Engine=InnoDB;
CREATE TABLE comments (
id INT AUTO_INCREMENT,
domain_id INT NOT NULL,
name VARCHAR(255) NOT NULL,
type VARCHAR(10) NOT NULL,
modified_at INT NOT NULL,
account VARCHAR(40) NOT NULL,
comment VARCHAR(64000) NOT NULL,
PRIMARY KEY (id)
) Engine=InnoDB;
CREATE INDEX comments_domain_id_idx ON comments (domain_id);
CREATE INDEX comments_name_type_idx ON comments (name, type);
CREATE INDEX comments_order_idx ON comments (domain_id, modified_at);
CREATE TABLE domainmetadata (
id INT AUTO_INCREMENT,
domain_id INT NOT NULL,
kind VARCHAR(32),
content TEXT,
PRIMARY KEY (id)
) Engine=InnoDB;
CREATE INDEX domainmetadata_idx ON domainmetadata (domain_id, kind);
CREATE TABLE cryptokeys (
id INT AUTO_INCREMENT,
domain_id INT NOT NULL,
flags INT NOT NULL,
active BOOL,
content TEXT,
PRIMARY KEY(id)
) Engine=InnoDB;
CREATE INDEX domainidindex ON cryptokeys(domain_id);
CREATE TABLE tsigkeys (
id INT AUTO_INCREMENT,
name VARCHAR(255),
algorithm VARCHAR(50),
secret VARCHAR(255),
PRIMARY KEY (id)
) Engine=InnoDB;
CREATE UNIQUE INDEX namealgoindex ON tsigkeys(name, algorithm);

  1. <code>91. 配置PowerDNS使用mariadb作为后台数据存储 </code>

vim /etc/pdns/pdns.conf,查找到包含launch= 的行,修改并添加下面的内容
launch=gmysql
gmysql-host=localhost
gmysql-port=3306
gmysql-dbname=powerdns
gmysql-user=powerdns
gmysql-password=centos

  1. <code>92. 启动服务 </code>

systemctl start pdns
systemctl enable pdns

  1. <code>93. 安装httpd和php相关包 </code>

yum -y install httpd php php-devel php-gd php-mcrypt php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc php-mbstring php-mcrypt php-mhash gettext wget
systemctl start httpd
systemctl enable httpd

  1. <code>94. 下载poweradmin程序,并解压缩到相应目录 </code>

cd /var/www/html
wget http://downloads.sourceforge.net/project/poweradmin/poweradmin-2.1.7.tgz
tar xvf poweradmin-2.1.7.tgz
mv poweradmin-2.1.7 /var/www/html/poweradmin

  1. <code>95. 访问下面地址,启动PowerAdmin的网页安装向导,选择英文然后 go to step2: </code>

http://192.168.205.147/poweradmin/install/

  1. <code>96. 提供先前配置的数据库详情,同时为Poweradmin设置管理员密码 </code>

Username: 为上面91步创建的用户名,此处应该为powerdns
password:为上面91步创建的密码应该为centos
database type :为myql
hostname: 为mysql主服务器的IP
DB port: 为默认的3306
database: 为上面9步创建的数据库名称powerdns
poweradmin adminstrator pasword: 此处为powerdns会自动创建一个web管理员名为admin的用户,此为admin的密码

  1. <code>97. 为Poweradmin创建一个受限用户,powerDNS会使用这个帐户来更新powerdns数据库,上面的只是用来连接数据库,此处为真正更新时使用的帐户 </code>

Username:更新的用户名
Password:上述用户的密码
Hostmaster:当创建SOA记录指定默认主机管理员
Primary nameserver:主域名服务器,此处应该为192.168.205.17
Secondary namesever: 辅域名服务器, 没有辅助服务器,可以不添

  1. <code>98. 跟据上面的输入,他会自动产生sql语句,按照下面页面说明,在数据库中192.168.205.147创建用户并授权 </code>

MariaDB [powerdns]> GRANT SELECT, INSERT, UPDATE, DELETE ON powerdns.* TO ‘poweradmin‘@‘127.0.0.1‘ IDENTIFIED BY ‘centos1‘;

  1. <code>99. 按下面页面说明,创建config.in.php文件内容 </code>

vim /var/www/html/poweradmin/inc/config.inc.php

  1. <code>100. 删除install目录 </code>

rm -rf /var/www/html/poweradmin/install/

  1. <code>101. 登录http://202.106.0.17/poweradmin/ </code>

username:admin
password:admin 参看第96步

  1. <code>
  2. 102. 添加主机记录在powerdns上
  3. 103. 在客户端的windows中测试dns解析 </code>

HAproxy实现nginx+php负载均衡,后端数据库读写分离

标签:密码文件   log-bin   openssl   top   prefork   数据库的配置   密码   ln -s   except   

人气教程排行