本次实验基于 KVM 虚拟化环境进行,虚拟化环境搭建参考博客《搭建 KVM 虚拟化环境》。
实验拓扑
3.1:部署负载均衡
3.1.1:pm1-node201 部署 Keepalived
keepalived 节点上需要开启的两个 Linux 内核参数:net.ipv4.ip_forward = 1 和 net.ipv4.ip_nonlocal_bind = 1,已在系统初始化的过程中添加。
- 编译安装 keepalived-1.3.6:
[root@pm1-node201 ~]# wget -O /usr/local/src/keepalived-1.3.6.tar.gz http://www.keepalived.org/software/keepalived-1.3.6.tar.gz
[root@pm1-node201 ~]# cd /usr/local/src
[root@pm1-node201 src]# tar xvf keepalived-1.3.6.tar.gz
[root@pm1-node201 src]# cd keepalived-1.3.6
[root@pm1-node201 keepalived-1.3.6]# yum install libnfnetlink-devel libnfnetlink ipvsadm libnl libnl-devel libnl3 libnl3-devel lm_sensors-libs net-snmp-agent-libs net-snmp-libs openssh-server openssh-clients openssl openssl-devel tree sudo psmisc lrzsz gcc gcc-c++ automake pcre pcredevel zlib zlib-devel openssl openssl-devel iproute -y
[root@pm1-node201 keepalived-1.3.6]# ./configure --prefix=/usr/local/keepalived --disable-fwmark && make && make install
[root@pm1-node201 keepalived-1.3.6]# cp /usr/local/src/keepalived-1.3.6/keepalived/etc/init.d/keepalived.rh.init /etc/sysconfig/keepalived.sysconfig
[root@pm1-node201 keepalived-1.3.6]# cp /usr/local/src/keepalived-1.3.6/keepalived/keepalived.service /usr/lib/systemd/system/
[root@pm1-node201 keepalived-1.3.6]# cp /usr/local/src/keepalived-1.3.6/bin/keepalived /usr/sbin/
- 配置 Keepalived,将 pm1-node201 设为 192.168.1.200 的 master 节点,172.16.1.200 的 backup 节点:
[root@pm1-node201 ~]# mkdir /etc/keepalived
[root@pm1-node201 ~]# cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
[root@pm1-node201 ~]# vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
root@pm1-node201.yqc.com
}
notification_email_from root@pm1-node201.yqc.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id pm1-node201.yqc.com
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VIP_1 {
state MASTER
interface eth0
virtual_router_id 1
priority 100
advert_int 2
unicast_src_ip 192.168.1.201
unicast_peer {
192.168.1.202
}
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.1.200/24 dev eth0 label eth0:0
}
}
vrrp_instance VIP_2 {
state BACKUP
interface eth1
virtual_router_id 2
priority 80
advert_int 2
unicast_src_ip 172.16.1.201
unicast_peer {
172.16.1.202
}
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
172.16.1.200/24 dev eth1 label eth1:0
}
}
- 启动keepalived并设为开机启动:
[root@pm1-node201 ~]# systemctl start keepalived
[root@pm1-node201 ~]# systemctl enable keepalived
- 验证 VIP:
[root@pm1-node201 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.201 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 240e:324:79e:f400:5054:ff:fe1f:99c7 prefixlen 64 scopeid 0x0<global>
inet6 fe80::5054:ff:fe1f:99c7 prefixlen 64 scopeid 0x20<link>
ether 52:54:00:1f:99:c7 txqueuelen 1000 (Ethernet)
RX packets 220 bytes 34831 (34.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 105 bytes 9825 (9.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.200 netmask 255.255.255.0 broadcast 0.0.0.0
ether 52:54:00:1f:99:c7 txqueuelen 1000 (Ethernet)
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.16.1.201 netmask 255.255.255.0 broadcast 172.16.1.255
inet6 fe80::5054:ff:fef2:3384 prefixlen 64 scopeid 0x20<link>
ether 52:54:00:f2:33:84 txqueuelen 1000 (Ethernet)
RX packets 153 bytes 10230 (9.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 36 bytes 1872 (1.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
3.1.2:pm2-node202 部署 Keepalived
- 将 pm1-node201 的 keepalived 程序打包,并拷贝解压到 pm2-node202 相应目录:
[root@pm1-node201 ~]# cd /usr/local/keepalived/
[root@pm1-node201 keepalived]# tar zcvf keepalived-pm1-node201.tar.gz ./*
[root@pm2-node202 ~]# mkdir /usr/local/keepalived
[root@pm2-node202 ~]# scp pm1-node201:/usr/local/keepalived/keepalived-pm1-node201.tar.gz /usr/local/keepalived/
[root@pm2-node202 ~]# cd /usr/local/keepalived/
[root@pm2-node202 keepalived]# tar zxvf keepalived-pm1-node201.tar.gz
- 拷贝 pm1-node201 的 keepalived 相关配置文件、主程序、Unit file 到 pm2-node202 相应目录:
[root@pm2-node202 ~]# mkdir /etc/keepalived
[root@pm2-node202 ~]# scp pm1-node201:/etc/keepalived/keepalived.conf /etc/keepalived/
[root@pm2-node202 ~]# scp pm1-node201:/etc/sysconfig/keepalived.sysconfig /etc/sysconfig/keepalived.sysconfig
[root@pm2-node202 ~]# scp pm1-node201:/usr/lib/systemd/system/keepalived.service /usr/lib/systemd/system/keepalived.service
[root@pm2-node202 ~]# scp pm1-node201:/usr/sbin/keepalived /usr/sbin/
- 配置 Keepalived,将 pm2-node202 设为 192.168.1.200 的 backup 节点,172.16.1.200 的 master 节点:
[root@pm2-node202 ~]# vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
root@pm2-node202.yqc.com
}
notification_email_from root@pm2-node202.yqc.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id pm2-node202.yqc.com
vrrp_skip_check_adv_addr
#vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VIP_1 {
state BACKUP
interface eth0
virtual_router_id 1
priority 80
advert_int 2
unicast_src_ip 192.168.1.202
unicast_peer {
192.168.1.201
}
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
192.168.1.200/24 dev eth0 label eth0:0
}
}
vrrp_instance VIP_2 {
state MASTER
interface eth1
virtual_router_id 2
priority 100
advert_int 2
unicast_src_ip 172.16.1.202
unicast_peer {
172.16.1.201
}
authentication {
auth_type PASS
auth_pass 123456
}
virtual_ipaddress {
172.16.1.200/24 dev eth1 label eth1:0
}
}
- 启动keepalived并设为开机启动:
[root@pm2-node202 ~]# systemctl start keepalived
[root@pm2-node202 ~]# systemctl enable keepalived
- 验证 VIP:
[root@pm2-node202 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.202 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::5054:ff:fe04:2d17 prefixlen 64 scopeid 0x20<link>
inet6 240e:324:79e:f400:5054:ff:fe04:2d17 prefixlen 64 scopeid 0x0<global>
ether 52:54:00:04:2d:17 txqueuelen 1000 (Ethernet)
RX packets 290 bytes 42205 (41.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 64 bytes 7813 (7.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.16.1.202 netmask 255.255.255.0 broadcast 172.16.1.255
inet6 fe80::5054:ff:fe1d:9e2 prefixlen 64 scopeid 0x20<link>
ether 52:54:00:1d:09:e2 txqueuelen 1000 (Ethernet)
RX packets 133 bytes 8820 (8.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 67 bytes 3630 (3.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth1:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.16.1.200 netmask 255.255.255.0 broadcast 0.0.0.0
ether 52:54:00:1d:09:e2 txqueuelen 1000 (Ethernet)
3.1.3:pm1-node201 部署 HAProxy
- 编译安装 haproxy-1.8.20:
[root@pm1-node201 ~]# cd /usr/local/src
[root@pm1-node201 src]# tar zxvf haproxy-1.8.20.tar.gz
[root@pm1-node201 src]# cd haproxy-1.8.20/
[root@pm1-node201 haproxy-1.8.20]# yum install gcc gcc-c++ glibc glibc-devel pcre pcre-devel openssl openssl-devel systemd-devel net-tools vim iotop bc zip unzip zlib-devel lrzsz tree screen lsof tcpdump wget ntpdate -y
[root@pm1-node201 haproxy-1.8.20]# make ARCH=x86_64 TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_SYSTEMD=1 USE_CPU_AFFINITY=1 PREFIX=/usr/local/haproxy
[root@pm1-node201 haproxy-1.8.20]# make install PREFIX=/usr/local/haproxy
[root@pm1-node201 haproxy-1.8.20]# cp haproxy /usr/sbin/
[root@pm1-node201 ~]# vim /usr/lib/systemd/system/haproxy.service
[Unit]
Description=HAProxy Load Balancer
After=syslog.target network.target
[Service]
ExecStartPre=/usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -c -q
ExecStart=/usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid
ExecReload=/bin/kill -USR2 $MAINPID
[Install]
WantedBy=multi-user.target
[root@pm1-node201 ~]# mkdir /etc/haproxy
[root@pm1-node201 ~]# useradd haproxy -s /sbin/nologin
[root@pm1-node201 ~]# mkdir /var/lib/haproxy
[root@pm1-node201 ~]# chown haproxy.haproxy /var/lib/haproxy/ -R
- 配置 HAProxy,代理后端 Web 服务器以及 MySQL:
[root@pm1-node201 examples]# vim /etc/haproxy/haproxy.cfg
global
maxconn 100000
user haproxy
group haproxy
daemon
nbproc 1
pidfile /run/haproxy.pid
log 127.0.0.1 local3 info
chroot /usr/local/haproxy
stats socket /var/lib/haproxy/haproxy.socket mode 600 level admin
defaults
option redispatch
option abortonclose
option http-keep-alive
option forwardfor
maxconn 100000
mode http
timeout connect 10s
timeout client 20s
timeout server 30s
timeout check 5s
listen stats
bind :9999
stats enable
#stats hide-version
stats uri /haproxy-status
stats realm HAPorxy\ Stats\ Page
stats auth haadmin:123456
stats auth admin:123456
stats refresh 30s
stats admin if TRUE
listen nginx
bind 192.168.1.200:80
mode tcp
log global
balance roundrobin
server 172.16.1.204 172.16.1.204:80 check inter 3000 fall 3 rise 5
server 172.16.1.205 172.16.1.205:80 check inter 3000 fall 3 rise 5
listen mysql
bind 172.16.1.200:3306
mode tcp
log global
balance source
server 172.16.1.203 172.16.1.203:3306 check inter 3000 fall 3 rise 5
- 配置 rsyslog 接收 haproxy 的日志:
[root@pm1-node201 ~]# vim /etc/rsyslog.conf
local3.* /var/log/haproxy.log
$ModLoad imudp
$UDPServerRun 514
[root@pm1-node201 ~]# systemctl restart rsyslog
- 启动 HAProxy
[root@pm1-node201 ~]# systemctl start haproxy
[root@pm1-node201 ~]# systemctl enable haproxy
- 验证监听端口:
[root@pm1-node201 ~]# ss -tnl | egrep "(80|3306|9999)"
LISTEN 0 20480 172.16.1.200:3306 *:*
LISTEN 0 20480 *:9999 *:*
LISTEN 0 20480 192.168.1.200:80 *:*
- 验证 HAProxy 状态页(http://192.168.1.201:9999/haproxy-status):
3.1.4:pm2-node202 部署 HAProxy
- pm2-node202 创建相应目录及haproxy用户:
[root@pm2-node202 ~]# mkdir /usr/local/haproxy /etc/haproxy /var/lib/haproxy
[root@pm2-node202 ~]# useradd haproxy -s /sbin/nologin
[root@pm2-node202 ~]# chown haproxy.haproxy /var/lib/haproxy/ -R
- 打包 pm1-node201 的 HAPoxy 安装目录,拷贝并解压到 pm2-node202 相应目录:
[root@pm1-node201 ~]# cd /usr/local/haproxy/
[root@pm1-node201 haproxy]# tar zcvf haproxy-pm1-node201.tar.gz ./*
[root@pm2-node202 ~]# scp pm1-node201:/usr/local/haproxy/haproxy-pm1-node201.tar.gz /usr/local/haproxy/
[root@pm2-node202 ~]# cd /usr/local/haproxy/
[root@pm2-node202 haproxy]# tar zxvf haproxy-pm1-node201.tar.gz
- 拷贝 pm1-node201 的HAProxy 主程序文件、配置文件和 Unit file:
[root@pm2-node202 ~]# scp pm1-node201:/usr/sbin/haproxy /usr/sbin/
[root@pm2-node202 ~]# scp pm1-node201:/etc/haproxy/haproxy.cfg /etc/haproxy/
[root@pm2-node202 ~]# scp pm1-node201:/usr/lib/systemd/system/haproxy.service /usr/lib/systemd/system/haproxy.service
- 配置 rsyslog 接收 haproxy 的日志:
[root@pm2-node202 ~]# vim /etc/rsyslog.conf
local3.* /var/log/haproxy.log
$ModLoad imudp
$UDPServerRun 514
[root@pm2-node202 ~]# systemctl restart rsyslog
- 启动 HAProxy
[root@pm2-node202 ~]# systemctl start haproxy
[root@pm2-node202 ~]# systemctl enable haproxy
- 验证监听端口:
[root@pm2-node202 ~]# ss -tnl | egrep "(80|3306|9999)"
LISTEN 0 20480 172.16.1.200:3306 *:*
LISTEN 0 20480 *:9999 *:*
LISTEN 0 20480 192.168.1.200:80 *:*
- 验证 HAProxy 状态页(http://192.168.1.202:9999/haproxy-status):
3.2:部署数据库和共享存储
3.3.1:pm2-node203 部署 MariaDB
- 安装 MariaDB:
[root@pm2-node203 ~]# yum install mariadb mariadb-server -y
- 编辑主配置文件:
[root@pm2-node203 ~]# cp /etc/my.cnf /etc/my.cnf.bak
[root@pm2-node203 ~]# vim /etc/my.cnf
[mysqld]
socket=/var/lib/mysql/mysql.sock
user=mysql
symbolic-links=0
datadir=/data/mysql
innodb_file_per_table=1
# skip-grant-tables
relay-log=/data/mysql
server-id=10
log-error=/data/mysql-log/mysql_error.log
log-bin=/data/mysql-binlog/master-log
# general_log=ON
# general_log_file=/data/general_mysql.log
long_query_time=5
slow_query_log=1
slow_query_log_file=/data/mysql-log/slow_mysql.log
max_connections=1000
bind-address=172.16.1.203
[client]
port=3306
socket=/var/lib/mysql/mysql.sock
[mysqld_safe]
log-error=/data/mysql-log/mysqld_safe.log
pid-file=/var/run/mariadb/mariadb.pid
- 创建数据目录并授权:
[root@pm2-node203 ~]# mkdir -pv /data/{mysql,mysql-log,mysql-binlog}
[root@pm2-node203 ~]# chown mysql:mysql /data/mysql* -R
- 启动 MariaDB 并验证端口:
[root@pm2-node203 ~]# systemctl start mariadb
[root@pm2-node203 ~]# systemctl enable mariadb
[root@pm2-node203 ~]# ss -tnl | grep 3306
LISTEN 0 50 192.168.1.107:3306 *:*
- 初始化安全配置:
[root@pm2-node203 ~]# mysql_secure_installation
- 验证 mysql 登录:
[root@pm2-node203 ~]# mysql -uroot -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 3
Server version: 5.5.65-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]>
- 创建 wordpress 数据库并授权:
MariaDB [(none)]> CREATE DATABASE wordpress;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON wordpress.* TO "wordpress"@"%" IDENTIFIED BY "123456";
MariaDB [(none)]> flush privileges;
- 使用 wordpress 服务器使用 VIP 远程连接数据库:
[root@pm1-node204 ~]# mysql -h172.16.1.200 -uwordpress -p
Enter password:
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| wordpress |
+--------------------+
2 rows in set (0.01 sec)
[root@pm2-node205 ~]# mysql -h172.16.1.200 -uwordpress -p
Enter password:
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| wordpress |
+--------------------+
2 rows in set (0.00 sec)
3.3.2:pm2-node203 部署 NFS
- 安装 nfs-utils:
[root@pm2-node203 ~]# yum install nfs-utils -y
- 配置 NFS:
[root@pm2-node203 ~]# vim /etc/exports
/data/wordpress *(rw,no_root_squash)
[root@pm2-node203 ~]# mkdir /data/wordpress -pv
[root@pm2-node203 ~]# chown 2000:2000 -R /data/wordpress
- 启动 nfs 并设为开机启动:
[root@pm2-node203 ~]# systemctl start nfs
[root@pm2-node203 ~]# systemctl enable nfs
- 验证 NFS 挂载点:
[root@pm1-node204 ~]# showmount -e 172.16.1.203
Export list for 172.16.1.203:
/data/wordpress *
- pm1-node204 挂载共享存储:
[root@pm1-node204 ~]# mkdir /data/nginx/wordpress -pv
[root@pm1-node204 ~]# vim /etc/fstab
172.16.1.203:/data/wordpress /data/nginx/wordpress nfs defaults,_netdev 0 0
[root@pm1-node204 ~]# mount -a
[root@pm1-node204 ~]# ll -d /data/nginx/wordpress/
drwxr-xr-x 2 nginx nginx 6 Nov 11 22:17 /data/nginx/wordpress/
[root@pm1-node204 ~]# df -Th
Filesystem Type Size Used Avail Use% Mounted on
/dev/mapper/centos-root xfs 7.5G 2.9G 4.7G 39% /
devtmpfs devtmpfs 487M 0 487M 0% /dev
tmpfs tmpfs 497M 0 497M 0% /dev/shm
tmpfs tmpfs 497M 6.7M 490M 2% /run
tmpfs tmpfs 497M 0 497M 0% /sys/fs/cgroup
/dev/vda1 xfs 509M 124M 386M 25% /boot
tmpfs tmpfs 100M 0 100M 0% /run/user/0
172.16.1.203:/data/wordpress nfs4 7.5G 1.4G 6.2G 18% /data/nginx/wordpress/
- pm2-node205 挂载共享存储:
[root@pm2-node205 ~]# mkdir /data/nginx/wordpress -pv
[root@pm2-node205 ~]# vim /etc/fstab
172.16.1.203:/data/wordpress /data/nginx/wordpress nfs defaults,_netdev 0 0
[root@pm2-node205 ~]# mount -a
[root@pm2-node205 ~]# ll -d /data/nginx/wordpress/
drwxr-xr-x 2 nginx nginx 6 Nov 11 22:17 /data/nginx/wordpress/
[root@pm2-node205 ~]# df -Th
Filesystem Type Size Used Avail Use% Mounted on
/dev/mapper/centos-root xfs 7.5G 1.8G 5.8G 24% /
devtmpfs devtmpfs 487M 0 487M 0% /dev
tmpfs tmpfs 497M 0 497M 0% /dev/shm
tmpfs tmpfs 497M 6.7M 490M 2% /run
tmpfs tmpfs 497M 0 497M 0% /sys/fs/cgroup
/dev/vda1 xfs 509M 124M 386M 25% /boot
tmpfs tmpfs 100M 0 100M 0% /run/user/0
172.16.1.203:/data/wordpress nfs4 7.5G 1.4G 6.2G 18% /data/nginx/wordpress/
3.3:部署 Web 服务
3.3.1:pm1-node204 部署 PHP
- 编译安装 php-7.1.30:
[root@pm1-node204 ~]# cd /usr/local/src/
[root@pm1-node204 src]# tar zxvf php-7.1.30.tar.gz
[root@pm1-node204 src]# cd php-7.1.30/
[root@pm1-node204 php-7.1.30]# yum -y install wget vim pcre pcre-devel openssl openssl-devel libicudevel gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel ncurses ncurses-devel curl curl-devel krb5-devel libidn libidn-devel openldap openldap-devel nss_ldap jemalloc-devel cmake boost-devel bison automake libevent libevent-devel gd gd-devel libtool* libmcrypt libmcrypt-devel mcrypt mhash libxslt libxslt-devel readline readline-devel gmp gmp-devel libcurl libcurl-devel openjpegdevel libzip
[root@pm1-node204 php-7.1.30]# ./configure --prefix=/usr/local/php --enable-fpm --with-fpmuser=www --with-fpm-group=www --with-pear --with-curl --with-png-dir --with-freetype-dir --with-iconv --with-mhash --with-zlib --with-xmlrpc --with-xsl --with-openssl --with-mysqli --with-pdo-mysql --disable-debug --enable-zip --enable-sockets --enable-soap --enable-inline-optimization --enable-xml --enable-ftp --enable-exif --enable-wddx --enable-bcmath --enable-calendar --enable-shmop --enable-dba --enable-sysvsem --enable-sysvshm --enable-sysvmsg
[root@pm1-node204 php-7.1.30]# make -j 2
[root@pm1-node204 php-7.1.30]# make install
- 从相应目录拷贝 PHP 配置文件:
[root@pm1-node204 ~]# cp /usr/local/php/etc/php-fpm.conf.default /usr/local/php/etc/php-fpm.conf
[root@pm1-node204 ~]# cp /usr/local/php/etc/php-fpm.d/www.conf.default /usr/local/php/etc/php-fpm.d/www.conf
[root@pm1-node204 ~]# cp /usr/local/src/php-7.1.30/php.ini-production /usr/local/php/etc/php.ini
- 创建日志文件目录:
[root@pm1-node204 ~]# mkdir /usr/local/php/log
- 配置 pid 文件:
[root@pm1-node204 ~]# vim /usr/local/php/etc/php-fpm.conf
pid = run/php-fpm.pid
- 将 php-fpm 添加到 service:
[root@pm1-node204 ~]# cp /usr/local/src/php-7.1.30/sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm
[root@pm1-node204 ~]# chmod +x /etc/init.d/php-fpm
[root@pm1-node204 ~]# chkconfig --add php-fpm
[root@pm1-node204 ~]# chkconfig php-fpm on
[root@pm1-node204 ~]# chkconfig --list
Note: This output shows SysV services only and does not include native
systemd services. SysV configuration data might be overridden by native
systemd configuration.
If you want to list systemd services use 'systemctl list-unit-files'.
To see services enabled on particular target use
'systemctl list-dependencies [target]'.
netconsole 0:off 1:off 2:off 3:off 4:off 5:off 6:off
network 0:off 1:off 2:on 3:on 4:on 5:on 6:off
php-fpm 0:off 1:off 2:on 3:on 4:on 5:on 6:off
- 配置 www.conf:
[root@pm1-node204 ~]# vim /usr/local/php/etc/php-fpm.d/www.conf
[www]
user = nginx
group = nginx
listen = 127.0.0.1:9000
pm = dynamic
pm.max_children = 50
pm.start_servers = 30
pm.min_spare_servers = 30
pm.max_spare_servers = 50
pm.status_path = /pm_status
ping.path = /ping
ping.response = pong
access.log = log/$pool.access.log
slowlog = log/$pool.log.slow
- 检测配置文件:
[root@pm1-node204 ~]# /usr/local/php/sbin/php-fpm -t
[13-Nov-2020 11:07:39] NOTICE: configuration file /usr/local/php/etc/php-fpm.conf test is successful
- 启动 php-fpm 并验证:
[root@pm1-node204 ~]# service php-fpm start
[root@pm1-node204 ~]# ps -ef | grep php-fpm
root 2247 1 0 11:08 ? 00:00:00 php-fpm: master process (/usr/local/php/etc/php-fpm.conf)
nginx 2248 2247 0 11:08 ? 00:00:00 php-fpm: pool www
nginx 2249 2247 0 11:08 ? 00:00:00 php-fpm: pool www
nginx 2250 2247 0 11:08 ? 00:00:00 php-fpm: pool www
nginx 2251 2247 0 11:08 ? 00:00:00 php-fpm: pool www
nginx 2252 2247 0 11:08 ? 00:00:00 php-fpm: pool www
nginx 2253 2247 0 11:08 ? 00:00:00 php-fpm: pool www
[root@pm1-node204 ~]# netstat -tanlp | grep php-fpm
tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 2247/php-fpm: maste
3.3.2:pm2-node205 部署 PHP
- 安装 php 依赖环境:
[root@pm2-node205 ~]# yum -y install wget vim pcre pcre-devel openssl openssl-devel libicudevel gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel ncurses ncurses-devel curl curl-devel krb5-devel libidn libidn-devel openldap openldap-devel nss_ldap jemalloc-devel cmake boost-devel bison automake libevent libevent-devel gd gd-devel libtool* libmcrypt libmcrypt-devel mcrypt mhash libxslt libxslt-devel readline readline-devel gmp gmp-devel libcurl libcurl-devel openjpegdevel libzip
- 创建 php 程序目录:
[root@pm2-node205 ~]# mkdir /usr/local/php
- 打包 pm1-node204 的 php 程序目录,拷贝到 pm2-node205 并解压到相应目录:
[root@pm1-node204 ~]# cd /usr/local/php/
[root@pm1-node204 php]# tar zcvf php-pm1-node204.tar.gz ./*
[root@pm2-node205 ~]# scp pm1-node204:/usr/local/php/php-pm1-node204.tar.gz /usr/local/php/
[root@pm2-node205 ~]# cd /usr/local/php/
[root@pm2-node205 php]# tar zxvf php-pm1-node204.tar.gz
- 检测配置文件:
[root@pm2-node205 ~]# /usr/local/php/sbin/php-fpm -t
[13-Nov-2020 11:23:02] NOTICE: configuration file /usr/local/php/etc/php-fpm.conf test is successful
- 将 php-fpm 添加到 service:
[root@pm2-node205 ~]# scp pm1-node204:/etc/init.d/php-fpm /etc/init.d/
[root@pm2-node205 ~]# chkconfig --add php-fpm
[root@pm2-node205 ~]# chkconfig php-fpm on
[root@pm2-node205 ~]# chkconfig --list
Note: This output shows SysV services only and does not include native
systemd services. SysV configuration data might be overridden by native
systemd configuration.
If you want to list systemd services use 'systemctl list-unit-files'.
To see services enabled on particular target use
'systemctl list-dependencies [target]'.
netconsole 0:off 1:off 2:off 3:off 4:off 5:off 6:off
network 0:off 1:off 2:on 3:on 4:on 5:on 6:off
php-fpm 0:off 1:off 2:on 3:on 4:on 5:on 6:off
- 启动 php-fpm 并验证:
[root@pm2-node205 ~]# service php-fpm start
[root@pm2-node205 ~]# ps -ef | grep php-fpm
root 2760 1 0 11:23 ? 00:00:00 php-fpm: master process (/usr/local/php/etc/php-fpm.conf)
nginx 2761 2760 0 11:23 ? 00:00:00 php-fpm: pool www
nginx 2762 2760 0 11:23 ? 00:00:00 php-fpm: pool www
nginx 2763 2760 0 11:23 ? 00:00:00 php-fpm: pool www
nginx 2764 2760 0 11:23 ? 00:00:00 php-fpm: pool www
nginx 2765 2760 0 11:23 ? 00:00:00 php-fpm: pool www
[root@pm2-node205 ~]# netstat -tanlp | grep php-fpm
tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 2760/php-fpm: maste
3.3.3:pm1-node204 部署 Nginx
- 编译安装 nginx-1.18.0,安装目录为 /usr/local/nginx/:
[root@pm1-node204 ~]# wget -O /usr/local/src/nginx-1.18.0.tar.gz https://nginx.org/download/nginx-1.18.0.tar.gz
[root@pm1-node204 ~]# cd /usr/local/src
[root@pm1-node204 src]# tar zxvf nginx-1.18.0.tar.gz
[root@pm1-node204 src]# cd nginx-1.18.0/
[root@pm1-node204 nginx-1.18.0]# yum install -y vim lrzsz tree screen psmisc lsof tcpdump wget ntpdate gcc gcc-c++ glibc glibc-devel pcre pcre-devel openssl openssl-devel systemd-devel net-tools iotop bc zip unzip zlib-devel bash-completion nfs-utils automake libxml2 libxml2-devel libxslt libxslt-devel perl perl-ExtUtils-Embed
[root@pm1-node204 nginx-1.18.0]# ./configure --prefix=/usr/local/nginx \
--user=nginx \
--group=nginx \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_stub_status_module \
--with-http_gzip_static_module \
--with-pcre \
--with-stream \
--with-stream_ssl_module \
--with-stream_realip_module
[root@pm1-node204 nginx-1.18.0]# make && make install
- 添加 Nginx 用户,指定 UID 为 2000,将 nginx 安装目录的属主更改为 nginx:
[root@pm1-node204 ~]# useradd nginx -s /sbin/nologin -u 2000
[root@pm1-node204 ~]# chown -R nginx:nginx /usr/local/nginx/
- 准备 Nginx 启动脚本:
[root@pm1-node204 ~]# vim /usr/lib/systemd/system/nginx.service
[Unit]
Description=The nginx HTTP and reverse proxy server
After=network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStartPre=/usr/bin/rm -f /usr/local/nginx/logs/nginx.pid
ExecStartPre=/usr/local/nginx/sbin/nginx -t
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/bin/kill -s HUP $MAINPID
KillSignal=SIGQUIT
TimeoutStopSec=5
KillMode=process
PrivateTmp=true
[Install]
WantedBy=multi-user.target
- 创建 nginx 命令软链接:
[root@pm1-node204 ~]# ln -sv /usr/local/nginx/sbin/nginx /usr/sbin/nginx
- 准备 php 测试页:
[root@pm1-node204 php]# vim /data/nginx/wordpress/index.php
<?php
phpinfo();
?>
- 配置 nginx:
[root@pm1-node204 ~]# vim /usr/local/nginx/conf/nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server_tokens off;
server {
listen 80;
server_name wordpress.yqc.com;
location / {
root /data/nginx/wordpress;
index index.php index.html index.htm;
}
location ~ \.php$ {
root /data/nginx/wordpress;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_hide_header X-Powered-By;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
location ~ ^/(pm_status|ping)$ {
include fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_script_name;
}
}
}
- 启动 Nginx:
[root@pm1-node204 ~]# nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@pm1-node204 ~]# systemctl start nginx
[root@pm1-node204 ~]# systemctl enable nginx
3.3.4:pm2-node205 部署 Nginx
- pm2-node204 创建相应目录及 nginx 用户:
[root@pm2-node205 ~]# mkdir /usr/local/nginx
[root@pm2-node205 ~]# useradd nginx -s /sbin/nologin -u 2000
[root@pm2-node205 ~]# chown -R nginx:nginx /usr/local/nginx/
- 打包 pm1-node204 的 Nginx 安装目录,拷贝并解压到 pm2-node205 相应目录:
[root@pm1-node204 ~]# cd /usr/local/nginx/
[root@pm1-node204 nginx]# tar zcvf nginx-pm1-node204.tar.gz ./*
[root@pm2-node205 ~]# scp pm1-node204:/usr/local/nginx/nginx-pm1-node204.tar.gz /usr/local/nginx/
[root@pm2-node205 ~]# cd /usr/local/nginx/
[root@pm2-node205 nginx]# tar zxvf nginx-pm1-node204.tar.gz
- 准备 Nginx 启动脚本:
[root@pm1-node204 ~]# vim /usr/lib/systemd/system/nginx.service
[Unit]
Description=The nginx HTTP and reverse proxy server
After=network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStartPre=/usr/bin/rm -f /usr/local/nginx/logs/nginx.pid
ExecStartPre=/usr/local/nginx/sbin/nginx -t
ExecStart=/usr/local/nginx/sbin/nginx
ExecReload=/bin/kill -s HUP $MAINPID
KillSignal=SIGQUIT
TimeoutStopSec=5
KillMode=process
PrivateTmp=true
[Install]
WantedBy=multi-user.target
- 创建 nginx 命令软链接:
[root@pm1-node204 ~]# ln -sv /usr/local/nginx/sbin/nginx /usr/sbin/nginx
- 启动 Nginx:
[root@pm1-node204 ~]# systemctl start nginx
[root@pm1-node204 ~]# systemctl enable nginx
- HAProxy 状态页验证 Nginx 后端服务器状态:
3.4:部署 WordPress
3.4.1:安装 WordPress
- 解压 wordpress 安装包:
[root@pm1-node204 ~]# cd /data/nginx/wordpress/
[root@pm1-node204 wordpress]# mv index.php /tmp
[root@pm1-node204 wordpress]# tar zxvf wordpress-5.0.3-zh_CN.tar.gz
[root@pm1-node204 wordpress]# mv wordpress/* ./
[root@pm1-node204 wordpress]# rmdir wordpress/
[root@pm1-node204 wordpress]# mv wordpress-5.0.3-zh_CN.tar.gz /tmp
- 编辑 wordpress 配置文件:
[root@pm1-node204 wordpress]# cp wp-config-sample.php wp-config.php
[root@pm1-node204 wordpress]# vim wp-config.php
define('DB_NAME', 'wordpress');
define('DB_USER', 'wordpress');
define('DB_PASSWORD', '123456');
define('DB_HOST', '172.16.1.200');
- 更改 PC 的 hosts 文件,添加 wordpress.yqc.com 域名解析:
192.168.1.200 wordpress.yqc.com
- 验证域名访问(http://wordpress.yqc.com):
3.4.2:初始化 WordPress
- 填写相关信息后,点击“安装WordPress”:
- 登录 WordPress:管理页面
- 用户访问页面(http://wordpress.yqc.com):
3.5:保存 KVM 虚拟机快照
[root@pm1 ~]# virsh snapshot-create-as pm1-node201 --name "pm1-node201-HAProxy" --description "WordPress Based On HAProxy Load Balancing"
[root@pm1 ~]# virsh snapshot-create-as pm1-node204 --name "pm1-node204-HAProxy" --description "WordPress Based On HAProxy Load Balancing"
[root@pm2 ~]# virsh snapshot-create-as pm2-node202 --name "pm2-node202-HAProxy" --description "WordPress Based On HAProxy Load Balancing"
[root@pm2 ~]# virsh snapshot-create-as pm2-node203 --name "pm2-node203-HAProxy" --description "WordPress Based On HAProxy Load Balancing"
[root@pm2 ~]# virsh snapshot-create-as pm2-node205 --name "pm2-node205-HAProxy" --description "WordPress Based On HAProxy Load Balancing"
Domain snapshot pm2-node205-HAProxy created