Keepalived+HAProxy基于ACL实现单IP多域名负载功能
[*]编译安装 HAProxy 新版 LTS 版本,编译安装 Keepalived
[*]开启HAProxy多线程,线程数与CPU核心数保持一致,并绑定CPU核心
[*]因业务较多避免配置文件误操作,需要按每业务一个配置文件并统一保存至/etc/haproxy/conf.d目录中
[*]基于ACL实现单IP多域名负载功能,两个域名的业务: www.yanlinux.org 和 www.yanlinux.edu
[*]实现MySQL主从复制
[*]对 www.yanlinux.edu 域名基于HAProxy+Nginx+Tomcat+MySQL,并实现Jpress的JAVA应用
[*]对 www.yanlinux.org 域名基于HAProxy+Nginx+PHP+MySQL+Redis,实现phpMyadmin的PHP应用,并实现Session会话保持统一保存到Redis
1 DNS服务器配置
在10.0.0.7主机上搭建www.yanlinux.org(VIP:10.0.0.100)和www.yanlinux.edu(VIP:10.0.0.200)的DNS解析。
配置的关键:
[*]在主配置文件/etc/named.conf中要将listen-on port 53 { 127.0.0.1; }中的127.0.0.1改为localhost;还需要将allow-query { localhost; };前面加上//注释掉,或者将其中的localhost改为any,或者在后面加上各个网段信息。
[*]各个域名解析库文件的权限应改为641,属组为named
#利用脚本自动搭建www.yanlinux.org的dns解析配置
$ cat install_dns.sh
#!/bin/bash
DOMAIN=yanlinux.org
HOST=www
HOST_IP=10.0.0.100
CPUS=`lscpu |awk '/^CPU\(s\)/{print $2}'`
. /etc/os-release
color () {
RES_COL=60
MOVE_TO_COL="echo -en \\033[${RES_COL}G"
SETCOLOR_SUCCESS="echo -en \\033[1;32m"
SETCOLOR_FAILURE="echo -en \\033[1;31m"
SETCOLOR_WARNING="echo -en \\033[1;33m"
SETCOLOR_NORMAL="echo -en \E[0m"
echo -n "$1" && $MOVE_TO_COL
echo -n "["
if [ $2 = "success" -o $2 = "0" ] ;then
${SETCOLOR_SUCCESS}
echo -n $"OK"
elif [ $2 = "failure" -o $2 = "1"] ;then
${SETCOLOR_FAILURE}
echo -n $"FAILED"
else
${SETCOLOR_WARNING}
echo -n $"WARNING"
fi
${SETCOLOR_NORMAL}
echo -n "]"
echo
}
install_dns () {
if [ $ID = 'centos' -o $ID = 'rocky' ];then
yum install -ybind bind-utils
elif [ $ID = 'ubuntu' ];then
color "不支持Ubuntu操作系统,退出!" 1
exit
#apt update
#apt install -ybind9 bind9-utils
else
color "不支持此操作系统,退出!" 1
exit
fi
}
config_dns () {
sed -i -e '/listen-on/s/127.0.0.1/localhost/' -e '/allow-query/s/localhost/any/' /etc/named.conf
cat >> /etc/named.rfc1912.zones <<EOF
zone "$DOMAIN" IN {
type master;
file"$DOMAIN.zone";
};
EOF
cat > /var/named/$DOMAIN.zone <<EOF
\$TTL 1D
@ IN SOA master admin.$DOMAIN (
1 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
master A `hostname -I`
$HOST A $HOST_IP
EOF
#修改权限和属组
chmod 640 /var/named/$DOMAIN.zone
chgrp named /var/named/$DOMAIN.zone
}
start_service () {
systemctl enable --now named
systemctl is-active named.service
if [ $? -eq 0 ] ;then
color "DNS 服务安装成功!" 0
else
color "DNS 服务安装失败!" 1
exit 1
fi
}
install_dns
config_dns
start_service
$ sh install_dns.sh
#yanlinux.org.zone区域数据文件信息
$ cat /var/named/yanlinux.org.zone
$TTL 1D
@ IN SOA master admin.yanlinux.org (
1 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
master A 10.0.0.7
www A 10.0.0.100
#然后拷贝yanlinux.org.zone区域子配置文件创建yanlinux.edu.zone区域子配置文件.若是自己重新创建yanlinux.edu.zone子配置文件,创建完以后需要将子配置文件的文件权限改为640以及属组改为named
$ cd /var/named
$ cp -a yanlinux.org.zone yanlinux.edu.zone
#修改yanlinux.edu对应的信息
$ vi yanlinux.edu.zone
$TTL 1D
@ IN SOA master admin.yanlinux.edu (
1 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master
master A 10.0.0.7
www A 10.0.0.200
#两个域名对应的子配置文件已经创建好,然后在/etc/named.rfc1912.zones中添加区域子配置文件的信息
$ vi /etc/named.rfc1912.zones
......
#添加一下信息
zone "yanlinux.org" IN {
type master;
file"yanlinux.org.zone";
};
zone "yanlinux.edu" IN {
type master;
file"yanlinux.edu.zone";
};
#重新加载配置信息
$ rndc reload
server reload successful
$ dig www.yanlinux.org
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7 <<>> www.yanlinux.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56759
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; MBZ: 0x0005, udp: 4096
;; QUESTION SECTION:
;www.yanlinux.org. IN A
;; ANSWER SECTION:
www.yanlinux.org. 5 IN A 10.0.0.100
;; AUTHORITY SECTION:
yanlinux.org. 5 IN NS master.yanlinux.org.
;; ADDITIONAL SECTION:
master.yanlinux.org. 5 IN A 10.0.0.7
;; Query time: 0 msec
;; SERVER: 10.0.0.2#53(10.0.0.2)
;; WHEN: Wed Mar 08 21:48:00 CST 2023
;; MSG SIZErcvd: 98
$ dig www.yanlinux.edu
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7 <<>> www.yanlinux.edu
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19598
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; MBZ: 0x0005, udp: 4096
;; QUESTION SECTION:
;www.yanlinux.edu. IN A
;; ANSWER SECTION:
www.yanlinux.edu. 5 IN A 10.0.0.200
;; AUTHORITY SECTION:
yanlinux.edu. 5 IN NS master.yanlinux.edu.
;; ADDITIONAL SECTION:
master.yanlinux.edu. 5 IN A 10.0.0.7
;; Query time: 0 msec
;; SERVER: 10.0.0.2#53(10.0.0.2)
;; WHEN: Wed Mar 08 21:48:06 CST 2023
;; MSG SIZErcvd: 98
[*]部署nfs备份服务器
$ cat /etc/sysconfig/network-scripts/ifcfg-eth0
BOOTPROTO="static"
NAME="eth0"
DEVICE="eth0"
IPADDR=10.0.0.17
PREFIX=24
GATEWAY=10.0.0.2
DNS1=10.0.0.7#改成DNS服务器的IP
#DNS2=114.114.114.114
ONBOOT="yes"
#重启网络服务
$ systemctl restart network
$ cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 10.0.0.7
#测试解析
$ host www.baidu.com
www.baidu.com is an alias for www.a.shifen.com.
www.a.shifen.com has address 36.152.44.95
www.a.shifen.com has address 36.152.44.96
$ dig www.yanlinux.org
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7 <<>> www.yanlinux.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19011
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.yanlinux.org. IN A
;; ANSWER SECTION:
www.yanlinux.org. 86400 IN A 10.0.0.100
;; AUTHORITY SECTION:
yanlinux.org. 86400 IN NS master.yanlinux.org.
;; ADDITIONAL SECTION:
master.yanlinux.org. 86400 IN A 10.0.0.7
;; Query time: 0 msec
;; SERVER: 10.0.0.7#53(10.0.0.7)
;; WHEN: Thu Mar 09 10:40:06 CST 2023
;; MSG SIZErcvd: 98
$ dig www.yanlinux.edu
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7 <<>> www.yanlinux.edu
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64928
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.yanlinux.edu. IN A
;; ANSWER SECTION:
www.yanlinux.edu. 86400 IN A 10.0.0.200
;; AUTHORITY SECTION:
yanlinux.edu. 86400 IN NS master.yanlinux.edu.
;; ADDITIONAL SECTION:
master.yanlinux.edu. 86400 IN A 10.0.0.7
;; Query time: 0 msec
;; SERVER: 10.0.0.7#53(10.0.0.7)
;; WHEN: Thu Mar 09 10:40:11 CST 2023
;; MSG SIZErcvd: 98
[*]测试是否主备同步数据
$ yum -y install nfs-utils
$ systemctl enable --now nfs-server.service
#创建用于传输的用户
$ groupadd -g 666 www
$ useradd -u 666 www -g 666
#创建NFS共享文件夹
$ mkdir /data/www -p
$ chown -R www. /data/www/
$ mkdir /data/web2
$ chown -R www.www /data/web2/
#添加共享配置
$ vi /etc/exports
/data/www *(rw,all_squash,anonuid=666,anongid=666) #具有读写权限,所有远程用户映射为666对应的用户
/data/web2 *(rw,all_squash,anonuid=666,anongid=666)
#重启
$ systemctl restart nfs-server.service
$ showmount -e 10.0.0.68
Export list for 10.0.0.68:
/data/web2 *
/data/www*
#下载sersync,实现数据实时备份同步到NFS备份服务器
#下载sersync,解压,设置PATH变量
$ wget https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/sersync/sersync2.5.4_64bit_binary_stable_final.tar.gz
$ tar xf sersync2.5.4_64bit_binary_stable_final.tar.gz
$ cp -a GNU-Linux-x86/ /usr/local/sersync
$ echo "PATH=/usr/local/sersync:$PATH" > /etc/profile.d/sersync.sh
$ source /etc/profile.d/sersync.sh
#生成验证文件
$ echo lgq123456 > /etc/rsync.pas
$ chmod 600 /etc/rsync.pas
#备份sersync配置文件,修改配置文件
$ cp -a /usr/local/sersync/confxml.xml{,.bak}
##web1(可道云)共享业务配置
$ vi /usr/local/sersync/confxml.xml
1 <?xml version="1.0" encoding="ISO-8859-1"?>
2 <head version="2.5">
3 <host hostip="localhost" port="8008"></host>
4 <debug start="false"/>
5 <fileSystem xfs="false"/>
6 <filter start="false">
7 <exclude expression="(.*)\.svn"></exclude>
8 <exclude expression="(.*)\.gz"></exclude>
9 <exclude expression="^info/*"></exclude>
10 <exclude expression="^static/*"></exclude>
11 </filter>
12 <inotify>
13 <delete start="true"/>
14 <createFolder start="true"/>
15 <createFile start="false"/>
16 <closeWrite start="true"/>
17 <moveFrom start="true"/>
18 <moveTo start="true"/>
19 <attrib start="true"/> ##修改此行为true,文件属性变化后也会同步
20 <modify start="false"/>
21 </inotify>
22
23 <sersync>
24 <localpath watch="/data/www"> ##修改此行,需要同步的源目录
25 <remote ip="10.0.0.48" name="backup"/> #修改此行,指定备份服务器地址和rsync daemon的模块名,开启了ssh start,此时name为远程的shell方式运行时的目标目录
26
27
28 </localpath>
29 <rsync>
30 <commonParams params="-artuz"/>
31 <auth start="true" users="rsyncuser" passwordfile="/etc/rsync.pas"/> #修改此行为true,指定备份服务器的rsync配置的用户和密码
......
#以后台方式执行同步
$ sersync2 -dro /usr/local/sersync/confxml.xml
##web2(jpress)业务共享配置
$ cd /usr/local/sersync/
root@NFS sersync]$ cp confxml.xml jpress.xml
###相较于web1只需修改下面标记的两处
$ vi jpress.xml
<?xml version="1.0" encoding="ISO-8859-1"?>
2 <head version="2.5">
3 <host hostip="localhost" port="8008"></host>
4 <debug start="false"/>
5 <fileSystem xfs="false"/>
6 <filter start="false">
7 <exclude expression="(.*)\.svn"></exclude>
8 <exclude expression="(.*)\.gz"></exclude>
9 <exclude expression="^info/*"></exclude>
10 <exclude expression="^static/*"></exclude>
11 </filter>
12 <inotify>
13 <delete start="true"/>
14 <createFolder start="true"/>
15 <createFile start="false"/>
16 <closeWrite start="true"/>
17 <moveFrom start="true"/>
18 <moveTo start="true"/>
19 <attrib start="true"/>
20 <modify start="false"/>
21 </inotify>
22
23 <sersync>
24 <localpath watch="/data/web2">#只需要将web1中的这个共享目录改成web2的
25 <remote ip="10.0.0.78" name="web2-backup"/> #这个是备份服务器中定义对应web2的rsync daemon的模块名
26
27
28 </localpath>
29 <rsync>
30 <commonParams params="-artuz"/>
31 <auth start="true" users="rsyncuser" passwordfile="/etc/rsync.pas"/>
32 <userDefinedPort start="false" port="874"/>
33 <timeout start="false" time="100"/>
34 <ssh start="false"/>
35 </rsync>
#后台独立运行web2对应服务
$ sersync2 -dro /usr/local/sersync/jpress.xml
#为了防止服务器重启后手动执行的服务断开,将执行命令写进文件中,随开机启动
$ echo -e "/usr/local/sersync/sersync2 -dro /usr/local/sersync/confxml.xml &> /dev/null\n/usr/local/sersync/sersync2 -dro /usr/local/sersync/jpress.xml &> /dev/null" > /etc/profile.d/sersync2.sh
$ chmod +x /etc/profile.d/sersync2.sh4 在10.0.0.48和10.0.0.58主机上搭建MySQL主从节点
[*]主节点:10.0.0.48
[*]从节点:10.0.0.58
[*]搭建主节点
#在10.0.0.78 NFS备份服务器以独立服务方式运行rsync并实现验证功能
$ yum -y install rsync-daemon
#创建备份目录
$ mkdir /data/backup -p
$ mkdir /data/web2-backup
#修改配置文件,添加以下信息
$ vi /etc/rsyncd.conf
uid = www #指定以哪个用户来访问共享目录,将之指定为生成的文件所有者,默认是nobody
gid = www
max connections = 0
ignore errors
exclude = lost+found/
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsyncd.lock
reverse lookup = no
#每个模块名对应一个不同的path目录,如果同名后面模块生效
path = /data/backup/
comment = backup dir
read only = no #默认是yes,即只读
auth users = rsyncuser #默认anonymous可以访问rsync服务器,主服务器中指定的用户
secrets file = /etc/rsync.pas
path = /data/web2-backup/
comment = backup dir
read only = no
auth users = rsyncuser
secrets file = /etc/rsync.pas
#创建验证文件
$ echo "rsyncuser:lgq123456" > /etc/rsync.pas
#创建传输用户
$ chmod 600 /etc/rsync.pas
$ groupadd -g 666 www
$ useradd -u 666 www -g 666
$ chown www.www /data/backup/ -R
$ chown -R www.www /data/web2-backup/
#重载配置
$ rsync --daemon
#放进文件中,随主机开启自启动
$ echo "rsync --daemon" > /etc/profile.d/rsync.sh
$ chmod +x /etc/profile.d/rsync.sh
[*]搭建从节点
#在NFS主服务器上共享目录创建一个test.txt文件,查看备份服务器上是否同步
$ cd /data/www/
$ touch test.txt
$ ll
total 0
-rw-r--r-- 1 root root 0 Mar9 22:23 test.txt
$ ll /data/backup/
total 0
-rw-r--r-- 1 www www 0 Mar9 22:23 test.txt
[*]测试主从是否同步
#安装mysql
$ yum -y install mysql-server
#创建二进制日志存放路径,并在配置文件中指定路径以及日子文件的前缀
$ mkdir /data/binlog
$ chown mysql. /data/binlog/
#设置配置文件,并启动服务
$ cat /etc/my.cnf
server-id=48
log_bin=/data/binlog/mysql-bin
$ systemctl enable --now mysqld
#创建复制用户以及授权
$ mysql -uroot -plgq123456 -e "create user 'repluser'@'10.0.0.%' identified by 'lgq123456';"
$ mysql -uroot -plgq123456 -e "grant replication slave on *.* to 'repluser'@'10.0.0.%';"
#创建kodbox对应数据库以及账号
$ mysql -uroot -plgq123456 -e "create database kodbox;"
$ mysql -uroot -plgq123456 -e "create user kodbox@'10.0.0.%' identified by 'lgq123456';"
$ mysql -uroot -plgq123456 -e "grant all on kodbox.* tokodbox@'10.0.0.%';"
#创建web2业务对应的数据库和用户
$ mysql -uroot -plgq123456 -e "create database jpress;"
$ mysql -uroot -plgq123456 -e "create user jpress@'10.0.0.%' identified by '123456';"
$ mysql -uroot -plgq123456 -e "grant all on jpress.* to jpress@'10.0.0.%';"
#进行完全备份
$ mysqldump -uroot -plgq123456 -A -F --single-transaction --master-data=1 > full_backup.sql
#拷贝备份数据到从节点
$ scp full_backup.sql 10.0.0.58:5 在10.0.0.88主机上部署redis
#安装
$ yum -y install mysql-server
#修改配置文件,并启动
$ vi /etc/my.cnf
#添加下面信息
server-id=58
read-only
$ systemctl enable --now mysqld
#修改备份文件,在change master to中添加主节点信息
$ vi full_backup.sql
......
CHANGE MASTER TO
MASTER_HOST='10.0.0.48', #添上主节点ip地址
MASTER_USER='repluser', #添上在主节点创建的账号
MASTER_PASSWORD='lgq123456', #添上账号密码
MASTER_PORT=3306, #添上端口号
MASTER_LOG_FILE='mysql-bin.000003',
MASTER_LOG_POS=157;
......
#还原备份
###暂时关闭二进制日志
$ mysql
mysql> set sql_log_bin=0;
###还原
mysql> source /root/full_backup.sql;
##开启主从节点的链接线程
mysql> start slave;
##查看状态
mysql> show slave status\G
*************************** 1. row ***************************
Slave_IO_State: Waiting for source to send event
Master_Host: 10.0.0.48
Master_User: repluser
Master_Port: 3306
Connect_Retry: 60
Master_Log_File: mysql-bin.000003
Read_Master_Log_Pos: 157
Relay_Log_File: mysql-slave-relay-bin.000002
Relay_Log_Pos: 326
Relay_Master_Log_File: mysql-bin.000003
Slave_IO_Running: Yes
Slave_SQL_Running: Yes
Replicate_Do_DB:
Replicate_Ignore_DB:
Replicate_Do_Table:
Replicate_Ignore_Table:
Replicate_Wild_Do_Table:
Replicate_Wild_Ignore_Table:
Last_Errno: 0
Last_Error:
Skip_Counter: 0
Exec_Master_Log_Pos: 157
Relay_Log_Space: 542
Until_Condition: None
Until_Log_File:
Until_Log_Pos: 0
Master_SSL_Allowed: No
Master_SSL_CA_File:
Master_SSL_CA_Path:
Master_SSL_Cert:
Master_SSL_Cipher:
Master_SSL_Key:
Seconds_Behind_Master: 0
Master_SSL_Verify_Server_Cert: No
Last_IO_Errno: 0
Last_IO_Error:
Last_SQL_Errno: 0
Last_SQL_Error:
Replicate_Ignore_Server_Ids:
Master_Server_Id: 48
Master_UUID: bdcb41ce-be61-11ed-808a-000c2924e25d
Master_Info_File: mysql.slave_master_info
SQL_Delay: 0
SQL_Remaining_Delay: NULL
Slave_SQL_Running_State: Replica has read all relay log; waiting for more updates
Master_Retry_Count: 86400
Master_Bind:
Last_IO_Error_Timestamp:
Last_SQL_Error_Timestamp:
Master_SSL_Crl:
Master_SSL_Crlpath:
Retrieved_Gtid_Set:
Executed_Gtid_Set:
Auto_Position: 0
Replicate_Rewrite_DB:
Channel_Name:
Master_TLS_Version:
Master_public_key_path:
Get_master_public_key: 0
Network_Namespace:
1 row in set, 1 warning (0.01 sec)6 搭建 www.yanlinux.org web1业务(可道云业务)
6.1 在10.0.0.28上搭建nginx和php-fpm
#在主节点上创建一个测试数据库
mysql> create database t1;
Query OK, 1 row affected (0.00 sec)
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| kodbox |
| mysql |
| performance_schema |
| sys |
| t1 |
+--------------------+
6 rows in set (0.00 sec)
#在从节点查看是否存在
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| kodbox |
| mysql |
| performance_schema |
| sys |
| t1 |
+--------------------+
6 rows in set (0.01 sec)
##说明主从复制已经可以同步了查看状态php状态页,测试服务搭建成功
6.2 部署kodbox
#安装redis
$ yum -y install redis
#修改配置文件
$ vi /etc/redis.conf
bind 0.0.0.0 #将此行的127.0.0.1改为0.0.0.0,实现远程访问
$ systemctl enable --now redis
6.3 挂载NFS服务器,实现网站数据远程备份
# 1.利用脚本一键编译安装nginx
$ cat install_nginx.sh
#!/bin/bash
OS_TYPE=`awk -F'[ "]' '/^NAME/{print $2}' /etc/os-release`
OS_VERSION=`awk -F'[".]' '/^VERSION_ID/{print $2}' /etc/os-release`
CPU=`lscpu |awk '/^CPU\(s\)/{print $2}'`
SRC_DIR=/usr/local/src
read -p "$(echo -e '\033[1;32m请输入下载的版本号:\033[0m')" NUM
NGINX_FILE=nginx-${NUM}
NGINX_INSTALL_DIR=/apps/nginx
color () {
RES_COL=60
MOVE_TO_COL="echo -en \\033[${RES_COL}G"
SETCOLOR_SUCCESS="echo -en \\033[1;32m"
SETCOLOR_FAILURE="echo -en \\033[1;31m"
SETCOLOR_WARNING="echo -en \\033[1;33m"
SETCOLOR_NORMAL="echo -en \E[0m"
echo -n "$1" && $MOVE_TO_COL
echo -n "["
if [ $2 = "success" -o $2 = "0" ] ;then
${SETCOLOR_SUCCESS}
echo -n $"OK"
elif [ $2 = "failure" -o $2 = "1"] ;then
${SETCOLOR_FAILURE}
echo -n $"FAILED"
else
${SETCOLOR_WARNING}
echo -n $"WARNING"
fi
${SETCOLOR_NORMAL}
echo -n "]"
echo
}
#下载源码
wget_package(){
[ -e ${NGINX_INSTALL_DIR} ] && { color "nginx 已安装,请卸载后再安装" 1; exit; }
cd ${SRC_DIR}
if [ -e ${NGINX_FILE}.tar.gz ];then
color "源码包已经准备好" 0
else
color "开始下载源码包" 0
wget http://nginx.org/download/${NGINX_FILE}.tar.gz
[ $? -ne 0 ] && { color "下载 ${NGINX_FILE}.tar.gz文件失败" 1; exit; }
fi
}
#编译安装
install_nginx(){
color "开始安装nginx" 0
if id nginx &> /dev/null;then
color "nginx用户已经存在" 1
else
useradd -s /sbin/nologin -r nginx
color "nginx用户账号创建完成" 0
fi
color "开始安装nginx依赖包" 0
if [ $OS_TYPE == "Centos" -a ${OS_VERSION} == '7' ];then
yum -y install make gcc pcre-devel openssl-devel zlib-devel perl-ExtUtils-Embed
elif [ $OS_TYPE == "Centos" -a ${OS_VERSION} == '8' ];then
yum -y install make gcc-c++ libtool pcre pcre-devel zlib zlib-devel openssl openssl-devel perl-ExtUtils-Embed
elif [ $OS_TYPE == "Rocky" ];then
yum -y install make gcc libtool pcre pcre-devel zlib zlib-devel openssl openssl-devel perl-ExtUtils-Embed
elif [ $OS_TYPE == "Ubuntu" ];then
apt update
apt -y install make gcc libpcre3 libpcre3-dev openssl libssl-dev zlib1g-dev
else
color '不支持此系统!'1
exit
fi
#开始编译安装
color "开始编译安装nginx" 0
cd $SRC_DIR
tar xf ${NGINX_FILE}.tar.gz
cd ${SRC_DIR}/${NGINX_FILE}
./configure --prefix=${NGINX_INSTALL_DIR} --user=nginx --group=nginx --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module
make -j ${CPU} && make install
[ $? -eq 0 ] && color "nginx 编译安装成功" 0 ||{ color "nginx 编译安装失败,退出!" 1 ;exit; }
ln -s ${NGINX_INSTALL_DIR}/sbin/nginx /usr/sbin/ &> /dev/null
#创建service文件
cat > /lib/systemd/system/nginx.service <<EOF
Description=The nginx HTTP and reverse proxy server
After=network.target remote-fs.target nss-lookup.target
Type=forking
PIDFile=${NGINX_INSTALL_DIR}/logs/nginx.pid
ExecStartPre=/bin/rm -f ${NGINX_INSTALL_DIR}/logs/nginx.pid
ExecStartPre=${NGINX_INSTALL_DIR}/sbin/nginx -t
ExecStart=${NGINX_INSTALL_DIR}/sbin/nginx
ExecReload=/bin/kill -s HUP \$MAINPID
KillSignal=SIGQUIT
TimeoutStopSec=5
KillMode=process
PrivateTmp=true
LimitNOFILE=100000
WantedBy=multi-user.target
EOF
#启动服务
systemctl enable --now nginx &> /dev/null
systemctl is-active nginx &> /dev/null ||{ color "nginx 启动失败,退出!" 1 ; exit; }
color "nginx 安装完成" 0
}
wget_package
install_nginx
##执行脚本安装nginx
$ sh install_nginx.sh
$ ss -ntl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
# 2.安装配置php-fpm
$ yum -y install php-fpm
##安装php-mysql 以及php-redis所依赖的包
$ php-mysqlnd php-json php-cli php-devel
##下载php-redis
$ wget https://pecl.php.net/get/redis-5.3.7.tgz -P /usr/local/src/
$ cd /usr/local/src/
$ tar xf redis-5.3.7.tgz
$ cd redis-5.3.7/
$ phpize
Configuring for:
PHP Api Version: 20170718
Zend Module Api No: 20170718
Zend Extension Api No: 320170718
$ ./configure
$ make && make install
##创建php支持redis扩展的配置文件
$ vi /etc/php.d/31-redis.ini
extension=redis #加入此行
$ cd
#修改php上传限制配置
$ vi /etc/php.ini
post_max_size = 200M #修改为200M
upload_max_filesize = 200M #改为200M,实现大文件上传
#修改配置文件
$ vi /etc/php-fpm.d/www.conf
user = nginx #修改为nginx
group = nginx #修改为nginx
;listen = /run/php-fpm/www.sock #注释此行
listen = 127.0.0.1:9000 #添加此行,监控本机的9000端口
pm.status_path = /fpm_status #取消此行的注释,并改为fpm_status,防止与nginx服务的status冲突
ping.path = /ping #取消此行的注释
ping.response = pong #取消此行的注释
##启动服务
$ systemctl enable --now php-fpm
# 3.配置nginx虚拟主机配置文件
##为了方便管理不同的业务,nginx支持子配置文件
##创建子配置文件目录
$ mkdir /apps/nginx/conf/conf.d
$ vi /apps/nginx/conf/nginx.conf
include /apps/nginx/conf/conf.d/*.conf; #在http语句块最后一行添加上这一行
##创建业务配置文件
$ cat /apps/nginx/conf/conf.d/www.yanlinux.org.conf
server {
listen 80;
server_name www.yanlinux.org;
client_max_body_size 100M;
server_tokens off;
location / {
root /data/kodbox/;
index index.php index.html index.htm;
}
location ~ \.php$ {
root /data/kodbox/;
fastcgi_pass 127.0.0.1:9000;
fastcgi_indexindex.php;
fastcgi_paramSCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_hide_header X-Powered-By;
}
location ~ ^/(ping|fpm_status)$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_paramSCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
# 4.重启服务
$ systemctl restart nginx.service php-fpm.service往可道云上上传文件MyHotkeyScript.ahk,测试NFS主备服务是否都可以得到数据
##安装可道云(kodbox)所需的依赖包
$ yum -y install php-mbstring php-xml php-gd
#下载源码包
$ wget https://static.kodcloud.com/update/download/kodbox.1.35.zip
$ unzip kodbox.1.35.zip -d /data/kodbox
$ chown -R nginx.nginx /data/kodbox/7 部署www.yanlinux.edu web2业务(JPress)
7.1 在10.0.0.38主机上搭建tomcat
#安装nfs-utils搭建挂载NFS
$ yum -y install nfs-utils
$ showmount -e 10.0.0.68
Export list for 10.0.0.68:
/data/web2 *
/data/www *
#实现永久挂载,添加以下挂载信息,利用可道云上传的数据都会存放在/data/kodbox/data/files目录下,所以讲这个目录挂载nfs
$ vi /etc/fstab
10.0.0.68:/data/www /data/kodbox/data/files nfs _netdev 0 0
$ mount -a
$ df -h|grep data
10.0.0.68:/data/www 70G2.3G 68G 4% /data/kodbox/data/files7.2 部署nginx
#查看web1服务器上是否上传了数据
$ ll /data/kodbox/data/files/202303/09_079920df/
total 4
-rwxrwxrwx 1 666 666 1491 Mar9 22:51 MyHotkeyScript.ahk
#在NFS主服务器上查看
$ ll /data/www/202303/09_079920df/
total 4
-rwxrwxrwx 1 www www 1491 Mar9 22:51 MyHotkeyScript.ahk
#在NFS备份服务器上查看
$ ll /data/backup/202303/09_079920df/
total 4
-rwxrwxrwx 1 www www 1491 Mar9 22:51 MyHotkeyScript.ahk7.3 部署JPress应用
#利用脚本一键安装jdk以及tomcat
$ cat install_tomcat_jdk.sh
#!/bin/bash
DIR=`pwd`
read -p "$(echo -e '\033[1;32m请输入JDK版本号:\033[0m')" JDK_VERSION
read -p "$(echo -e '\033[1;32m请输入Tomcat版本号:\033[0m')" TOMCAT_VERSION
JDK_FILE="jdk-${JDK_VERSION}-linux-x64.tar.gz"
TOMCAT_FILE="apache-tomcat-${TOMCAT_VERSION}.tar.gz"
INSTALL_DIR="/usr/local"
color () {
RES_COL=60
MOVE_TO_COL="echo -en \\033[${RES_COL}G"
SETCOLOR_SUCCESS="echo -en \\033[1;32m"
SETCOLOR_FAILURE="echo -en \\033[1;31m"
SETCOLOR_WARNING="echo -en \\033[1;33m"
SETCOLOR_NORMAL="echo -en \E[0m"
echo -n "$2" && $MOVE_TO_COL
echo -n "["
if [ $1 = "success" -o $1 = "0" ] ;then
${SETCOLOR_SUCCESS}
echo -n $"OK"
elif [ $1 = "failure" -o $1 = "1"] ;then
${SETCOLOR_FAILURE}
echo -n $"FAILED"
else
${SETCOLOR_WARNING}
echo -n $"WARNING"
fi
${SETCOLOR_NORMAL}
echo -n "]"
echo
}
install_jdk(){
if ! [ -f "${DIR}/${JDK_FILE}" ];then
color 1 "${JDK_FILE}不存在,请去官网下载"
exit;
elif [ -f ${INSTALL_DIR}/jdk ];then
color 1 "JDK已经安装"
exit;
else
[ -d "${INSTALL_DIR}" ] || mkdir -pv ${INSTALL_DIR}
fi
tar xf ${DIR}/${JDK_FILE} -C ${INSTALL_DIR}
cd ${INSTALL_DIR} && ln -s jdk* jdk
cat > /etc/profile.d/jdk.sh <<EOF
export JAVA_HOME=${INSTALL_DIR}/jdk
#export JRE_HOME=\$JAVA_HOME/jre
#export CLASSPATH=.:\$JAVA_HOME/lib/:\$JRE_HOME/lib/
export PATH=\$PATH:\$JAVA_HOME/bin
EOF
. /etc/profile.d/jdk.sh
java -version && color 0 "JDK安装完成" || { color 1 "JDK安装失败"; exit; }
}
install_tomcat(){
if ! [ -f "${DIR}/${TOMCAT_FILE}" ];then
color 1 "${TOMCAT_FILE}不存在,请去官网下载"
exit;
elif [ -f ${INSTALL_DIR}/tomcat ];then
color 1 "tomcat已经安装"
exit;
else
[ -d "${INSTALL_DIR}" ] || mkdir -pv ${INSTALL_DIR}
fi
tar xf ${DIR}/${TOMCAT_FILE} -C ${INSTALL_DIR}
cd ${INSTALL_DIR} && ln -s apache-tomcat-*/ tomcat
echo "PATH=${INSTALL_DIR}/tomcat/bin:"'$PATH' > /etc/profile.d/tomcat.sh
id tomcat &> /dev/null || useradd -r -s /sbin/nologin tomcat
cat > ${INSTALL_DIR}/tomcat/conf/tomcat.conf <<EOF
JAVA_HOME=${INSTALL_DIR}/jdk
EOF
chown -R tomcat.tomcat ${INSTALL_DIR}/tomcat/
cat > /lib/systemd/system/tomcat.service <<EOF
Description=Tomcat
#After=syslog.target network.target remote-fs.target nss-lookup.target
After=syslog.target network.target
Type=forking
EnvironmentFile=${INSTALL_DIR}/tomcat/conf/tomcat.conf
ExecStart=${INSTALL_DIR}/tomcat/bin/startup.sh
ExecStop=${INSTALL_DIR}/tomcat/bin/shutdown.sh
RestartSec=3
PrivateTmp=true
User=tomcat
Group=tomcat
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable --now tomcat.service &> /dev/null
systemctl is-active tomcat.service &> /dev/null && color 0 "TOMCAT 安装完成" || { color 1 "TOMCAT 安装失败" ; exit; }
}
install_jdk
install_tomcat
$ sh install_tomcat.sh
请输入JDK版本号:8u321
请输入Tomcat版本号:9.0.59
java version "1.8.0_321"
Java(TM) SE Runtime Environment (build 1.8.0_321-b07)
Java HotSpot(TM) 64-Bit Server VM (build 25.321-b07, mixed mode)
JDK安装完成
TOMCAT 安装完成
#创建虚拟主机
$ vi /usr/local/tomcat/conf/server.xml
pattern="%h %l %u %t "%r" %s %b" />
</Host>
#在这一行之后添加下面几行信息
<Host name="www.yanlinux.edu" appBase="/data/jpress/" unpackWARs="true" autoDeploy="true">
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="jpress_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
#以上信息就是虚拟主机的配置信息
</Engine>
</Service>
</Server>
#准备虚拟主机的数据目录,tomcat默认会在ROOT目录中找,所以需要将应用数据布置到这里面就可以避免在URL中添加应用目录来访问了。
$ mkdir /data/webapps/ROOT -p
$ chown -R tomcat.tomcat /data/webapps
$ systemctl restart tomcat.service浏览器访问
7.4 挂载NFS服务器
#利用6.1中的安装nginx脚本来安装
$ sh install_nginx.sh
#创建子配置目录
$ mkdir /apps/nginx/conf/conf.d
$ vi /apps/nginx/conf/nginx.conf
#在主配置文件中引入子配置目录
$ tail -n2 /apps/nginx/conf/nginx.conf
include /apps/nginx/conf/conf.d/*.conf;
}
#创建业务2配置文件
$ cat /apps/nginx/conf/conf.d/www.yanlinux.edu.conf
server {
listen 80;
server_name www.yanlinux.edu;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
$ nginx -t
nginx: the configuration file /apps/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /apps/nginx/conf/nginx.conf test is successful
$ nginx -s reload7.5 利用redis实现session共享
#上官网http://www.jpress.io/下载war包,上传到服务器
$ cp jpress-v4.0.7.war /usr/local/tomcat/webapps/jpress.war
$ cd /usr/local/tomcat/webapps/
#war包传到tomcat目录下就会自动解包,
$ ls
docsexampleshost-managerjpressjpress.warmanagerROOT
#然后将jpress/目录下的内容拷贝到6.7.1创建tomcat虚拟主机www.yanlinux.edu的数据目录中
$ cp -a /usr/local/tomcat/webapps/jpress/* /data/webapps/ROOT/
#数据库账号已经在6.4中创建直接连接就可以8 KeepAlived+HAProxy服务搭建,实现整体架构
分别在10.0.0.8和10.0.0.18两台rocky主机上编译安装keepalived和HAProxy两个服务,实现高可用。
[*]编译安装keepalived
$ yum -y install nfs-utils
$ showmount -e 10.0.0.68
Export list for 10.0.0.68:
/data/web2 *
/data/www*
#永久挂载,添加挂载信息
$ vi /etc/fstab
10.0.0.68:/data/web2 /data/webapps/ROOT/attachment/nfs _netdev 0 0
$ mount -a
$ df -h |grep data
10.0.0.68:/data/web2 70G2.2G 68G 4% /data/webapps/ROOT/attachment
#发布文章,添加一张照片测试
$ ll /data/webapps/ROOT/attachment/20230310/
total 560
-rw-r--r-- 1 666 666 569655 Mar 10 11:10 2974a6d37fb04ebfab8c7816d0a8dadd.png
#NFS服务器上查看
$ ll /data/web2/20230310/
total 560
-rw-r--r-- 1 www www 569655 Mar 10 11:10 2974a6d37fb04ebfab8c7816d0a8dadd.png
#NFS备份服务器查看
$ ll /data/web2-backup/20230310/
total 560
-rw-r--r-- 1 www www 569655 Mar 10 11:10 2974a6d37fb04ebfab8c7816d0a8dadd.png
[*]编译安装HAProxy服务
编译安装HAProxy 2.6 LTS版本,更多源码包下载地址:http://www.haproxy.org/download/
依赖lua环境,由于CentOS7 之前版本自带的lua版本比较低并不符合HAProxy要求的lua最低版本(5.3)的要求,因此需要编译安装较新版本的lua环境,然后才能编译安装HAProxy。
#ka1节点安装HAProxy# 1.安装依赖环境##centos或rocky$ yum -y install gcc make gcc-c++ glibc glibc-devel pcre pcre-devel openssl openssl-devel systemd-devel libtermcap-devel ncurses-devel libevent-devel readline-devel##ubuntuapt -y install gcc make openssl libssl-dev libpcre3 libpcre3-dev zlib1g-devlibreadline-dev libsystemd-dev# 2.编译安装lua环境##下载源码:参考链接http://www.lua.org/start.html$ curl -R -O http://www.lua.org/ftp/lua-5.4.4.tar.gz$ tar xvf lua-5.3.5.tar.gz -C /usr/local/src$ cd /usr/local/src/lua-5.3.5$ make all test$ pwd/usr/local/src/lua-5.3.5$ ./src/lua -vLua 5.3.5 Copyright (C) 1994-2018 Lua.org, PUC-Rio# 3.编译安装haproxy##下载源码:官网链接:www.haproxy.org$ https://www.haproxy.org/download/2.6/src/haproxy-2.6.9.tar.gz$ tar xvf haproxy-2.6.9.tar.gz -C /usr/local/src$ cd /usr/local/src/haproxy-2.6.9##编译安装$ make ARCH=x86_64 TARGET=linux-glibc USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_SYSTEMD=1 USE_CPU_AFFINITY=1 USE_LUA=1 LUA_INC=/usr/local/src/lua-5.3.5/src/ LUA_LIB=/usr/local/src/lua-5.3.5/src/ PREFIX=/apps/haproxy$ make install PREFIX=/apps/haproxy##解决环境变量$ ln -s /apps/haproxy/sbin/haproxy /usr/sbin/##验证haproxy版本$ which haproxy /usr/sbin/haproxy$ haproxy -vHAProxy version 2.6.9-3a3700a 2023/02/14 - https://haproxy.org/Status: long-term supported branch - will stop receiving fixes around Q2 2027.Known bugs: http://www.haproxy.org/bugs/bugs-2.6.9.htmlRunning on: Linux 4.18.0-348.el8.0.2.x86_64 #1 SMP Sun Nov 14 00:51:12 UTC 2021 x86_64# 4.创建HAProxy配置文件$ cd##准备配置文件目录$ mkdir /etc/haproxy$ cat > /etc/haproxy/haproxy.cfg
页:
[1]