虚拟实验
*实验前景:准备8台新机器,准备好IP,yum源和epel源,关闭防火墙策略,禁用selinux,清空iptables
*NFS+MySQL操作:切入安装目录:cd /usr/local/src
准备数据库安装包:my.cnf为配置文件 mysql-install.sh安装脚本,一键安装,mysql-5.6.34源码包
https://link.jianshu.com/?t=https://dev.mysql.com/get/Downloads/MySQL-5.6/mysql-5.6.34-linux-glibc2.5-x86_64.tar.gz[源码包下载地址]
my.cnf内容:
[mysqld] socket=/var/lib/mysql/mysql.sock user=mysql symbolic-links=0 datadir=/data/mysql innodb_file_per_table=1 [client] port=3306 socket=/var/lib/mysql/mysql.sock [mysqld_safe] log-error=/var/log/mysqld.log pid-file=/tmp/mysql.sock
mysql-install.sh内容:
#!/bin/bash DIR=`pwd` NAME="mysql-5.6.34-linux-glibc2.5-x86_64.tar.gz" FULL_NAME=${DIR}/${NAME} DATA_DIR="/data/mysql" yum install vim gcc gcc-c++ wget autoconf net-tools lrzsz iotop lsof iotop bash-completion -y yum install curl policycoreutils openssh-server openssh-clients postfix -y if [ -f ${FULL_NAME} ];then echo "安装文件存在" else echo "安装文件不存在" exit 3 fi if [ -h /usr/local/mysql ];then echo "Mysql 已经安装" exit 3 else tar xvf ${FULL_NAME} -C /usr/local/src ln -sv /usr/local/src/mysql-5.6.34-linux-glibc2.5-x86_64 /usr/local/mysql if id mysql;then echo "mysql 用户已经存在,跳过创建用户过程" fi useradd mysql -s /sbin/nologin if id mysql;then chown -R mysql.mysql /usr/local/mysql/* -R if [ ! -d /data/mysql ];then mkdir -pv /data/mysql && chown -R mysql.mysql /data -R /usr/local/mysql/scripts/mysql_install_db --user=mysql --datadir=/data/mysql --basedir=/usr/local/mysql/ cp /usr/local/src/mysql-5.6.34-linux-glibc2.5-x86_64/support-files/mysql.server /etc/init.d/mysqld chmod a+x /etc/init.d/mysqld cp ${DIR}/my.cnf /etc/my.cnf ln -sv /usr/local/mysql/bin/mysql /usr/bin/mysql /etc/init.d/mysqld start else echo "MySQL数据目录已经存在," exit 3 fi fi fi
运行脚本:bash mysql-install.sh[先安装libiao,不然会出错]
登录即可:mysql[登录]
创建数据库:CREATE DATABASE wordpress;
授权账户:GRANT ALL PRIVILEGES ON wordpress.* TO "wordpress"@"192.168.198.%" IDENTIFIED BY "xdk";
*76测试操作:安装数据库 yum install mysql -y
查看账户是否可以登录:mysql -uwordpress -pxdk -h192.168.198.77
*NFS+MySQL操作:安装软件yum install nfs-utils -y
编辑/etc/exports目录,写如wordpress的文件存放路径及权限:vim /etc/exports[添加:/data/wordpress *(rw,no_root_squash)]
创建wordpress目录:mkdir /data/wordpress
启动nfs并设置为开机启动:systemctl start nfs; systemctl enable nfs;
*75和76共同操作:安装软件yum install nfs-utils -y
查看共享文件:showmount -e 192.168.198.77
实现挂载:mount -t nfs 192.168.198.77:/data/wordpress /mnt/
*75和76共同操作:切入目录:cd /usr/local/src
下载nginx源码包:wget https://nginx.org/download/nginx-1.16.1.tar.gz
解压包:tar xf nginx-1.16.1.tar.gz
切入目录:cd nginx-1.16.1/
编译安装:./configure --prefix=/apps/nginx --user=www --group=www --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-pcre --with-stream --with-stream_ssl_module --with-stream_realip_module
make
make install
创建账号:useradd www -s /sbin/nologin -u 2019
查看启动nginx成功:/apps/nginx/sbin/nginx -t
下载php源码包:https://www.php.net/distributions/php-7.2.21.tar.gz
解压包:tar xf php-7.2.21.tar.gz
切入目录:cd php-7.2.21/
安装php依赖包:yum -y install wget vim pcre pcre-devel openssl openssl-devel libicu-devel gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel ncurses ncurses-devel curl curl-devel krb5-devel libidn libidn-devel openldap openldap-devel nss_ldap jemalloc-devel cmake boost-devel bison automake libevent libevent-devel gd gd-devel libtool* libmcrypt libmcrypt-devel mcrypt mhash libxslt libxslt-devel readline readline-devel gmp gmp-devel libcurl libcurl-devel openjpeg-devel
编译:./configure --prefix=/apps/php --enable-fpm --with-fpm-user=www --with-fpm-group=www --with-pear --with-curl --with-png-dir --with-freetype-dir --with-iconv --with-mhash --with-zlib --with-xmlrpc --with-xsl --with-openssl --with-mysqli --with-pdo-mysql --disable-debug --enable-zip --enable-sockets --enable-soap --enable-inline-optimization --enable-xml --enable-ftp --enable-exif --enable-wddx --enable-bcmath --enable-calendar --enable-shmop --enable-dba --enable-sysvsem --enable-sysvshm --enable-sysvmsg
出现此图显示为编译通过正确
开启make进程:make -j 2
安装:make install
准备目录:mkdir /data/nginx/wordpress -p
切入目录:cd /apps/php/etc/
复制文件:cp php-fpm.conf.default php-fpm.conf
切入目录:cd php-fpm.d/
修改配置文件:vim www.conf
复制文件:cp /usr/local/src/php-7.2.21/php.ini-production /apps/php/etc/php.ini
测试php启动成功:/apps/php/sbin/php-fpm -t
/apps/php/sbin/php-fpm -c /apps/php/etc/php.ini
查看端口:ss -ntl
修改配置文件:vim /apps/nginx/conf/nginx.conf
测试是否成功:/apps/nginx/sbin/nginx -t
编写一个测试网页:vim /data/nginx/wordpress/index.php
打开网页查看:http://192.168.198.[75.76]/index.php[成功出现则显示以上配置成功]
切入目录:cd /data/nginx/wordpress
下载wordpress源码包:wget https://wordpress.org/latest.tar.gz
移动文件志目录:mv wordpress/* .
移走不需要的目录:mv wordpress wordpress-5.2.2-zh_CN.zip /opt/
拷贝文件改名:cp wp-config-sample.php wp-config.php
修改文件:vim wp-config.php
更改身份验证:删除原有的身份,复制网址去浏览器粘贴新的身份,https://api.wordpress.org/secret-key/1.1/salt/
打开windows目录:C:WindowsSystem32driversetc,编辑hosts文件[添加:192.168.198.75/76 www.xdk.net]
打开网页:www.xdk.net[安装wordpress即可]
安装成功
*MySQL操作:查看库中是否有数据
*73和74共同操作:安装包yum install keepalived haproxy -y
设置负载均衡
*73操作:编辑配置文件:vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_iptables
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 200
priority 100
advert_int 2
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.198.248 dev eth0 label eth0:0
}
}
启动服务:systemctl start keepalived.service
设置开机启动:systemctl enable keepalived.service
查看ip是否存在:ip a
*74操作:编辑配置文件:vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_iptables
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 200
priority 80
advert_int 2
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.198.248 dev eth0 label eth0:0
}
}
启动服务:systemctl start keepalived.service
设置开机启动:systemctl enable keepalived.service
*73和74测试操作:73停止服务systemctl stop keepalived
74查看:ip a[发现Ip已经迁移过去,证明成功]
也可在其他机器上ping 192.168.198.248[ping成功]
*73操作:编辑配置文件vim /etc/haproxy/haproxy.cfg[添加一下四行数据]
重启服务:systemctl restart haproxy.service
查看端口:ss -ntl
使用vip看是否能登录成功:更改hosts文件[删除以前写的,添加192.168.198.248 www.xdk.net]
打开网页:www.xdk.net[查看登录成功]
复制文件给74:scp /etc/haproxy/haproxy.cfg 192.168.198.74:/etc/haproxy/haproxy.cfg
*74操作:不能启动服务,因为ip在73上
打开配置文件:vim /etc/sysctl.conf[添加net.ipv4.ip_nonlocal_bind=1]
让其生效:sysctl -p
启动服务:systemctl start haproxy
查看端口:ss -ntl[已经成功]
*71和72共同操作:安装keepalived:yum install keepalived -y
*71操作:编辑文件vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_2 {
state MASTER
interface eth0
virtual_router_id 202
priority 100
advert_int 1
auth_pass 123456
}
}
}
virtual_server 192.168.198.249 80 {
delay_loop 6
lb_algo rr
weight 1
weight 1
SSL_GET {
url {
path /
virtual_server 192.168.198.249 80 {
protocol TCP
real_server 192.168.198.103 80 {
weight 1
connect_timeout 5
}
virtual_server 192.168.198.249 80 {
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.198.73 80 {
weight 1
connect_timeout 5
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 192.168.198.74 80 {
weight 1
TCP_CHECK {
connect_timeout 5
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
*73和74操作:vim /etc/haproxy/haproxy.cfg
重启服务:systemctl restart haproxy
查看端口:ss -ntl[已经监听]
编辑脚本:vim lvs-dr.sh [在root目录]
#!/bin/sh
LVS_VIP=192.168.198.249
source /etc/rc.d/init.d/functions
case "$1" in
start)
/sbin/ifconfig lo:0 $LVS_VIP netmask 255.255.255.255 broadcast $LVS_VIP
/sbin/route add -host $LVS_VIP dev lo:0
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
sysctl -p >/dev/null 2>&1
echo "RealServer Start OK"
;;
stop)
/sbin/ifconfig lo:0 down
/sbin/route del $LVS_VIP >/dev/null 2>&1
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
echo "RealServer Stoped"
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac
exit 0
启动脚本:bash lvs-dr.sh start
*71操作:启动服务systemctl start keepalived.service
查看IP:ip a[已成功]
安装服务:yum install ipvsadm
ipvsadm -Ln[查看]
复制文件给72:scp /etc/keepalived/keepalived.conf 192.168.198.72:/etc/keepalived/keepalived.conf
*72操作:编辑文件vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
! Configuration File for keepalived
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_2 {
state BACKUP
interface eth0
virtual_router_id 202
priority 80
advert_int 1
auth_pass 123456
}
}
}
virtual_server 192.168.198.249 80 {
delay_loop 6
lb_algo rr
weight 1
weight 1
SSL_GET {
url {
path /
virtual_server 192.168.198.249 80 {
protocol TCP
real_server 192.168.198.103 80 {
weight 1
connect_timeout 5
}
virtual_server 192.168.198.249 80 {
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.198.73 80 {
weight 1
connect_timeout 5
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 192.168.198.74 80 {
weight 1
TCP_CHECK {
connect_timeout 5
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
重启服务:systemctl restart keepalived
*73和74共同操作:vim /etc/haproxy/haproxy.cfg
重启服务:systemctl restart haproxy.service
查看端口:ss -ntl
*74操作:复制文件给73:scp /etc/sysctl.conf 192.168.198.73:/etc/sysctl.conf
*73操作:生效:sysctl -p
更改hosts文件[删除以前写的,添加192.168.198.249 www.xdk.net]
打开网页:www.xdk.net[成功]
写文章不能上传图片:
*75和76操作:赋予权限:chown www.www /data/nginx/wordpress/ -R
网页再次上传发现已经成功[此处是指文章图片]
查看图片:ll wp-content/uploads/2019/08[在/data/nginx/wordpress目录]
实现挂载:mount -t nfs 192.168.198.77:/data/wordpress /data/nginx/wordpress/wp-content/uploads/
赋予权限:chown www.www /data/nginx/wordpress/ -R
重新打开网页:www.xdk.net[已经出现在站点上]
*73和74操作: 避免以后使用忘记添加lvs.dr.sh脚本文开机启动
先给予权限:chmod +x lvs-dr.sh
修改文件:vim /etc/rc.d/rc.local[添加 bash lvs-dr.sh start]
给予权限:chmod a+x /etc/rc.d/rc.local
----------------------------------------------------------------------------------------------------------------------------------------------------------
*77操作主从复制:修改配置文件:vim /etc/my.cnf[添加server-id=1,log-bin]
重启服务:/etc/init.d/mysqld restart
登录mysql:mysql
创建账号:grant replication slave on *.* to repluser@'192.168.198.%' identified by 'xdk';
查看账号:select user,host,password from mysql.user;
*78操作:安装数据库请参照以上MySQL操作[77机器]
修改配置文件vim /etc/my.cnf[添加server-id=2]
重启服务:/etc/init.d/mysqld restart
登录mysql验证能否登录:mysql -urepluser -pxdk -h192.168.198.77
创建二进制文件:CHANGE MASTER TO
MASTER_HOST='192.168.17.78',
MASTER_USER='repluser',
MASTER_PASSWORD='xdk',
MASTER_PORT=3306,
MASTER_LOG_FILE='centos7-bin.000001',[此处在77机器mysql:show master logs,记住文件]
MASTER_LOG_POS=120;
启动线程:start slave;
查看:show slave statusG;[成功]
*77测试操作:创建数据库是否同步
*71和72操作LVS操作:修改配置文件vim /etc/keepalived/keepalived.conf
重启服务:systemctl restart keepalived
*75和76操作:编辑脚本vim lvs-dr.sh
#!/bin/sh
LVS_VIP=192.168.198.249
source /etc/rc.d/init.d/functions
case "$1" in
start)
/sbin/ifconfig lo:0 $LVS_VIP netmask 255.255.255.255 broadcast $LVS_VIP
/sbin/route add -host $LVS_VIP dev lo:0
echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce
sysctl -p >/dev/null 2>&1
echo "RealServer Start OK"
;;
stop)
/sbin/ifconfig lo:0 down
/sbin/route del $LVS_VIP >/dev/null 2>&1
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce
echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore
echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce
echo "RealServer Stoped"
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac
exit 0
启动脚本:bash lvs-dr.sh start
*78实时同步操作:192.168.198.77inotify客户端,192.168.198.78rsync服务器
服务器操作:安装包yum install rsync -y
服务器端修改rsync配置文件:vi /etc/rsyncd.conf
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
uid = rootgid = rootuse chroot = nomax connections = 0ignore errorsexclude = lost+found/log file = /var/log/rsyncd.logpid file = /var/run/rsyncd.pidlock file = /var/run/rsyncd.lockreverse lookup = nohosts allow = 192.168.198.0/24[backup]path = /backup/comment = backupread only = noauth users = rsyncusersecrets file = /etc/rsync.pass |
生成服务器验证文件:echo "rsyncuser:123456" > /etc/rsync.pass chmod 600 /etc/rsync.pass
创建文件用于存放备份文件:mkdir /backup chmod 600 /backup/
启动rsyncd服务:rsync --daemon 可加入/etc/rc.d/rc.local实现开机启动 systemctl start rsyncd
客户端操作:安装软件包yum install inotify-tools rsync -y
准备需要监控备份的文件夹:echo xdk > /data/f1.txt
生成密码文件,如果没有会变成交互式命令,创建后rsync会使用该密码自动同步:echo "123456" > /etc/rsync.pass chmod 600 /etc/rsync.pass
测试能否同步到rsync服务器:rsync -avz --password-file=/etc/rsync.pass /data/ rsyncuser@192.168.198.78::backup
创建实时监控脚本:vi inotify_rsync.sh
|
1
2
3
4
5
6
7
|
#!/bin/bashSRC='/data/'DEST='rsyncuser@192.168.198.78:backup'inotifywait -mrq --timefmt '%Y-%m-%d %H:%M' --format '%T %w %f' -e create,delete,moved_to,close_write,attrib ${SRC} |while read DATE TIME DIR FILE;doFILEPATH=${DIR}${FILE}rsync -az --delete --password-file=/etc/rsync.pass $SRC $DEST && echo "At ${TIME} on ${DATE}, file $FILEPATH was backuped up via rsync" >> /var/log/changelist.logdone |
启动脚本:bash inotify_rsync.sh[脚本会一直运行,不用管他,开个新终端即可]
服务器操作:监控watch -n1 ls -l /backup
客户端操作:测试创建个新文件cd /data/ touch f2.txt
服务器操作:查看即可