基于 keepalived + GTID 的半同步主从复制MySQL集群

目录

步骤

1.集群IP地址规划

2.安装好4台MySQL服务器系统和MySQL软件 

3.配置好ansible服务器

4.开启GTID功能服务

5.搭建slave的配置延迟备份服务器backup

6.在 master 和 ansible 服务器之间建立双向免密通道

7.部署 rsync + sersync 

8.安装部署 MySQLrouter

9.安装部署 keepalived

---

项目环境：CentOS(7.9.2009， 8 台，2核4G)，MySQL(Ver 14.14 Distrib 5.7.38, for linux-glibc2.12 (x86_64)), ansible(2.9.27), keepalived（v1.3.5）

项目描述：本项目是构建一个基于keepalived+GTID的半同步主从复制MySQL集群。使用GTID实现主从复制服务，mysqlrouter实现读写分离，keepalived双vip结构实现双HA，sysbench进程压力测试。

项目步骤：

1.规划整个项目的拓扑结构和项目的思维导图

2.安装好4台MySQL服务器系统和MySQL软件，安装好半同步相关的插件，选中一台做master，其他的做 slave，一台做延迟 backup 服务器

3.配置好ansible服务器，定义好主机清单，在 master 上导出基础数据，到 ansible 上，然后 ansible 下发到所有的 slave 服务器上，在所有的 slave 机器上导入基础数据

4.开启GTID功能服务，启动主从复制服务

5.配置延迟备份服务器 backup ，从 slave 上拿二进制日志

6.在 Master 和 ansible 服务器之间建立双向免密通道，方便同步数据

7.在 master 上创建一个计划任务每天 2:30 进行数据库的备份，编写备份脚本每天备份数据，备份文件包含当前的日期，rsync+sersync远程同步到ansible服务器(相当于一台异地备份服务器)

8.在一台服务器安装部署了 mysqlrouter 中间件软件，实现读写分离

9.安装keepalived 实现高可用，配置2个vrrp实例实现双vip的高可用功能

网络拓扑图

 

步骤
1.集群IP地址规划

master：192.168.23.148                               mysql集群的主服务器

slave ：192.168.23.152                                 mysql集群的从服务器

slave3：192.168.23.151                                mysql集群的从服务器

backup：192.168.23.153                               备份服务器

ansible：192.168.23.154                               ansible服务器

MySQLrouter1：192.168.23.155                   

MySQLrouter2：

sysbench：                                                   压力测试

2.安装好4台MySQL服务器系统和MySQL软件 

         1.根据集群ip地址规划配置好静态ip，以master为例

[root@master ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
BOOTPROTO=static   #静态配置ip
NAME="ens33"       #网卡名称ens33 
DEVICE="ens33"     #本机网卡ens33
ONBOOT="yes"       #开机启动
IPADDR=192.168.23.148 #ip地址
PREFIX=24             #子网掩码24
GATEWAY=192.168.23.2  #网关 
DNS1=114.114.114.114  #dns服务器
DNS2=192.168.1.1
[root@master ~]# service network restart
Restarting network (via systemctl):                        [  确定  ]
[root@master ~]#ip add  #查看ip
[root@master ~]# ping www.baidu.com     #测试是否能上网

        2.在每台MySQL集群上面安装部署好mysql

[root@slave ~]# cat onekey_install_mysql_binary_v3.sh 
#!/bin/bash
yum install cmake ncurses-devel gcc gcc-c++ vim lsof bzip2 openssl-devel ncurses-compat-libs net-tools -y

tar xf mysql-5.7.38-linux-glibc2.12-x86_64.tar.gz 

#移动mysql解压后的文件到/usr/local下改名叫mysql
#/usr/local/mysql 是mysql的安装目录 
mv mysql-5.7.38-linux-glibc2.12-x86_64 /usr/local/mysql

#新建组合用户 mysql
groupadd mysql
#mysql这个用户的shell 是/bin/false 属于mysql组
useradd -r -g mysql -s /bin/false mysql

#关闭firewalld防火墙服务，并且设置开机不要启动
service firewalld stop
systemctl disable firewalld

#临时关闭selinux
setenforce 0
#永久关闭selinux
sed -i '/^SELINUX=/ s/enforcing/disabled/' /etc/selinux/config

#新建存放数据的目录 
mkdir /data/mysql -p
#修改/data/mysql目录的权限归mysql用户和mysql组所有，这样mysql用户启动的mysql进程可以对这个文件夹进行读写了
chown mysql:mysql /data/mysql
#只是允许mysql这个用户和mysql组可以访问，其他人都不能访问
chmod 750 /data/mysql/

#进入/usr/local/mysql/bin 目录
cd /usr/local/mysql/bin/

#初始化mysql
./mysqld --initialize --user=mysql --basedir=/usr/local/mysql/ --datadir=/data/mysql &>passwd.txt

#让mysql支持ssl方式登录的设置
./mysql_ssl_rsa_setup --datadir=/data/mysql/

#获得临时密码
tem_passwd=$(cat passwd.txt|grep "temporary"|awk '{print $NF}')

#修改PATH变量，加入mysql bin目录的路径
#临时修改PATH变量的值
export PATH=/usr/local/mysql/bin/:$PATH
#重新启动linux系统后也生效，永久修改
echo 'PATH=/usr/local/mysql/bin/:$PATH' >>/root/.bashrc

#复制support-files里的mysql.server 文件到/etc/init.d/目录下mysqld
cp ../support-files/mysql.server /etc/init.d/mysqld

#修改/etc/init.d/mysqld 脚本文件里的datadir目录的值
sed -i '70c datadir=/data/mysql' /etc/init.d/mysqld 

#生成/etc/my.cnf 配置文件
cat >/etc/my.cnf  <<EOF
[mysqld_safe]

[client]
socket=/data/mysql/mysql.sock

[mysqld]
socket=/data/mysql/mysql.sock
port = 3306
open_files_limit = 8192
innodb_buffer_pool_size = 512M
character-set-server=utf8

[mysql]
auto-rehash
prompt=\\u@\\d \\R:\\m mysql>
EOF

#修改内核的open file的数量
ulimit -n 1000000
#设置开机启动的时候也配置生效
echo "ulimit -n 1000000" >>/etc/rc.local
chmod +x /etc/rc.d/rc.local 

#将mysqld添加到linux系统里服务管理名单里
/sbin/chkconfig --add mysqld
#设置mysqld服务开机启动
/sbin/chkconfig mysqld on

#启动mysqld进程
service mysqld start

#初次修改密码需要使用--connect-expired-password 选项
#-e 后面接的表示是在mysql里需要执行命令 execute 执行
#set password='Sanchuang123#';修改root用户的密码为Sanchuang123#
mysql -uroot -p$tem_passwd --connect-expired-password -e "set password='Sanchuang1234#';"

#检验上一步修改密码是否成功，如果有输出能看到mysql里的数据库，说明成功
mysql -uroot -p'Sanchuang123#' -e "show databases;"

#查看mysqld进程是否启动
[root@slave ~]# ps aux|grep mysqld
root       1070  0.0  0.0 115744  1808 ?        S    16:16   0:00 /bin/sh /usr/local/mysql/binmysqld_safe --datadir=/data/mysql --pid-file=/data/mysql/slave.pid
mysql      1392  0.1 12.4 1915640 231976 ?      Sl   16:16   0:05 /usr/local/mysql/bin/mysqld --basedir=/usr/local/mysql --datadir=/data/mysql --plugin-dir=/usr/local/mysql/lib/plugin --user=mysql --log-error=slave.err --open-files-limit=8192 --pid-file=/data/mysql/slave.pid --socket=/data/mysql/mysql.sock --port=3306
root       1897  0.0  0.0 112828   980 pts/0    S+   17:11   0:00 grep --color=auto mysqld
[root@slave ~]# 

        3.在每台从服务器上面实现半同步操作

[root@slave ~]# mysql -uroot -p'Sanchuang1234#'
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 5
Server version: 5.7.38-log MySQL Community Server (GPL)

Copyright (c) 2000, 2022, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

root@(none) 17:15 mysql>INSTALL PLUGIN rpl_semi_sync_slave SONAME 'semisync_slave.so';

        4.在每台从服务器上面修改配置文件

[root@slave ~]# vim /etc/my.cnf
[mysqld_safe]

[client]
socket=/data/mysql/mysql.sock

[mysqld]
socket=/data/mysql/mysql.sock
port = 3306
open_files_limit = 8192
innodb_buffer_pool_size = 512M
character-set-server=utf8
log_bin
server_id = 4
#开启半同步，需要提前安装半同步的插件
rpl_semi_sync_slave_enabled=1
log_slave_updates=ON
[root@slave ~]# service mysqld restart    #重启mysqld服务，每次修改配置文件都要重启服务

     3.配置好ansible服务器

        1.安装ansible

[root@ansible ~]# yum install epel-release -y
[root@ansible ~]# yum install ansible -y

        2.使用ansible在所有的机器上面建立免密通道

[root@ansible ~]# vi /etc/ansible/hosts  在配置文件里面添加mysql集群的内容
[db]
192.168.23.148
192.168.23.151
192.168.23.152
192.168.23.153
[dbslaves]   #slave集群组
192.168.23.151
192.168.23.152
192.168.23.153

[root@ansible ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:zu6So+pxb0su7+2Cpieh//6TckqYyifEClWp2m3XKgE root@ansible
The key's randomart image is:
+---[RSA 2048]----+
|     .           |
|    o            |
|   o             |
|  E              |
|.+ o   .S        |
|oooo+ .o.        |
|+.+oo+.+o        |
|+o.=B+@o         |
|.+BO=%BO=        |
+----[SHA256]-----+
[root@ansible ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.23.148
[root@ansible ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.23.151
[root@ansible ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.23.152
[root@ansible ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.23.153

        3.在master上面导出数据到ansible上，ansible发送到所有的slave服务器上

在master机器上登录mysql，重置master的二进制日志
[root@master ~]# mysql -uroot -p'Sanchuang1234#'
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 8
Server version: 5.7.38-log MySQL Community Server (GPL)

Copyright (c) 2000, 2022, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

root@(none) 11:15 mysql>reset master;
Query OK, 0 rows affected (0.01 sec)

root@(none) 11:15 mysql>show master status;
+-------------------+----------+--------------+------------------+-------------------+
| File              | Position | Binlog_Do_DB | Binlog_Ignore_DB | Executed_Gtid_Set |
+-------------------+----------+--------------+------------------+-------------------+
| master-bin.000001 |      154 |              |                  |                   |
+-------------------+----------+--------------+------------------+-------------------+
1 row in set (0.00 sec)

root@(none) 11:15 mysql>

在master上面导出数据
[root@master ~]# mysqldump -uroot -p'Sanchuang1234#' --all-databases >2_all_db.SQL

将master上面的文件导入到ansible机器上面
[root@ansible ~]# scp root@192.168.23.148:/root/2_all_db.SQL .
all_db.SQL  

将基础数据传到所有的 slave 上面去                                                                                       100%  916KB  19.0MB/s   00:00    
[root@ansible ~]# ansible -m copy -a "src=/root/2_all_db.SQL dest=/root" dbslaves
192.168.23.152 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "checksum": "57533ce648ef3c1d82f6bd5dd22ce0968bde04ff", 
    "dest": "/root/all_db.SQL", 
    "gid": 0, 
    "group": "root", 
    "md5sum": "656e47c13d06f4b94ea1bfd2fc122c1d", 
    "mode": "0644", 
    "owner": "root", 
    "size": 938398, 
    "src": "/root/.ansible/tmp/ansible-tmp-1689333168.81-10327-188286064771288/source", 
    "state": "file", 
    "uid": 0
}
192.168.23.153 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "checksum": "57533ce648ef3c1d82f6bd5dd22ce0968bde04ff", 
    "dest": "/root/all_db.SQL", 
    "gid": 0, 
    "group": "root", 
    "md5sum": "656e47c13d06f4b94ea1bfd2fc122c1d", 
    "mode": "0644", 
    "owner": "root", 
    "secontext": "system_u:object_r:admin_home_t:s0", 
    "size": 938398, 
    "src": "/root/.ansible/tmp/ansible-tmp-1689333169.01-10328-205335930926982/source", 
    "state": "file", 
    "uid": 0
}
192.168.23.151 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "checksum": "57533ce648ef3c1d82f6bd5dd22ce0968bde04ff", 
    "dest": "/root/all_db.SQL", 
    "gid": 0, 
    "group": "root", 
    "md5sum": "656e47c13d06f4b94ea1bfd2fc122c1d", 
    "mode": "0644", 
    "owner": "root", 
    "secontext": "system_u:object_r:admin_home_t:s0", 
    "size": 938398, 
    "src": "/root/.ansible/tmp/ansible-tmp-1689333169.0-10325-270494014054063/source", 
    "state": "file", 
    "uid": 0
}

        4.在所有的 slave 上导入master 的基础数据

在slave上面导入，其余的slave上面导入基础数据的步骤相同
[root@slave ~]# mysql -uroot -p'Sanchuang1234#' <2_all_db.SQL

4.开启GTID功能服务

         1.在 master 上新建一个授权用户，给 slave 来复制二进制日志

[root@master ~]# mysql -uroot -p'Sanchuang1234#'
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 8
Server version: 5.7.38-log MySQL Community Server (GPL)

Copyright (c) 2000, 2022, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
root@(none) 21:19 mysql>grant replication slave on *.* to 'yangy'@'192.168.23.%' identified by 'Sanchuang1234#';
Query OK, 0 rows affected, 1 warning (0.00 sec)

        2.修改slave集群机器的配置文件开启GTID功能

[root@slave ~]# vim /etc/my.cnf
[mysqld_safe]

[client]
socket=/data/mysql/mysql.sock

[mysqld]
socket=/data/mysql/mysql.sock
port = 3306
open_files_limit = 8192
innodb_buffer_pool_size = 512M
character-set-server=utf8
log_bin
server_id = 4
#开启半同步，需要提前安装半同步的插件
rpl_semi_sync_slave_enabled=1
#开启gtid功能
gtid-mode=ON
enforce-gtid-consistency=ON
log_slave_updates=ON
[root@slave ~]# service mysqld restart

        3.将 /etc/my.cnf 里面的相关配置启用

[root@slave ~]# mysql -uroot -p'Sanchuang1234#'
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 6
Server version: 5.7.38-log MySQL Community Server (GPL)

Copyright (c) 2000, 2022, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
root@(none) 11:44 mysql>stop slave;
Query OK, 0 rows affected (0.00 sec)

root@(none) 11:44 mysql>reset slave all;
Query OK, 0 rows affected (0.01 sec)

root@(none) 11:44 mysql>
change master to master_host='192.168.23.148',
master_user='yangy',
master_password='Sanchuang1234#',
master_port=3306,
master_log_file='master-bin.000001',   
master_log_pos=154;

root@(none) 11:45 mysql>start slave;
Query OK, 0 rows affected (0.00 sec)

检查状态
root@(none) 11:45 mysql>show variables like "%semi_sync%";
+-------------------------------------------+------------+
| Variable_name                             | Value      |
+-------------------------------------------+------------+
| rpl_semi_sync_master_enabled              | OFF        |
| rpl_semi_sync_master_timeout              | 10000      |
| rpl_semi_sync_master_trace_level          | 32         |
| rpl_semi_sync_master_wait_for_slave_count | 1          |
| rpl_semi_sync_master_wait_no_slave        | ON         |  
| rpl_semi_sync_master_wait_point           | AFTER_SYNC |
+-------------------------------------------+------------+
6 rows in set (0.09 sec)

root@(none) 11:45 mysql>

root@(none) 11:45 mysql>show slave status \G;
*************************** 1. row ***************************
               Slave_IO_State: Waiting for master to send event
                  Master_Host: 192.168.23.148
                  Master_User: yangy
                  Master_Port: 3306
                Connect_Retry: 60
              Master_Log_File: master-bin.000002
          Read_Master_Log_Pos: 194
               Relay_Log_File: slave-relay-bin.000008
                Relay_Log_Pos: 409
        Relay_Master_Log_File: master-bin.000002
             Slave_IO_Running: Yes     #IO线程启动成功
            Slave_SQL_Running: Yes     #SQL线程启动成功，两个yes代表主从复制搭建成功
              Replicate_Do_DB: 
          Replicate_Ignore_DB: 
           Replicate_Do_Table: 
       Replicate_Ignore_Table: 
      Replicate_Wild_Do_Table: 
  Replicate_Wild_Ignore_Table: 
                   Last_Errno: 0
                   Last_Error: 
                 Skip_Counter: 0
          Exec_Master_Log_Pos: 194
              Relay_Log_Space: 656
              Until_Condition: None
               Until_Log_File: 
                Until_Log_Pos: 0
           Master_SSL_Allowed: No
           Master_SSL_CA_File: 
           Master_SSL_CA_Path: 
              Master_SSL_Cert: 
            Master_SSL_Cipher: 
               Master_SSL_Key: 
        Seconds_Behind_Master: 0
Master_SSL_Verify_Server_Cert: No
                Last_IO_Errno: 0
                Last_IO_Error: 
               Last_SQL_Errno: 0
               Last_SQL_Error: 
  Replicate_Ignore_Server_Ids: 
             Master_Server_Id: 1
                  Master_UUID: 7dfad8cf-11cc-11ee-8f25-000c29c66285
             Master_Info_File: /data/mysql/master.info
                    SQL_Delay: 0
          SQL_Remaining_Delay: NULL
      Slave_SQL_Running_State: Slave has read all relay log; waiting for more updates
           Master_Retry_Count: 86400
                  Master_Bind: 
      Last_IO_Error_Timestamp: 
     Last_SQL_Error_Timestamp: 
               Master_SSL_Crl: 
           Master_SSL_Crlpath: 
           Retrieved_Gtid_Set: 7dfad8cf-11cc-11ee-8f25-000c29c66285:1-6   #GTID号，出现则代表gtid功能已经实现了
            Executed_Gtid_Set: 7dfad8cf-11cc-11ee-8f25-000c29c66285:1-6
                Auto_Position: 1
         Replicate_Rewrite_DB: 
                 Channel_Name: 
           Master_TLS_Version: 
1 row in set (0.01 sec)

ERROR: 
No query specified

root@(none) 11:46 mysql>

 5.搭建slave的配置延迟备份服务器backup

         1.在abckup机器上面部署

[root@delay-backup ~]# mysql -uroot -p'Sanchuang1234#'
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 4
Server version: 5.7.38-log MySQL Community Server (GPL)

Copyright (c) 2000, 2022, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

root@(none) 15:34 mysql>stop slave;
Query OK, 0 rows affected (0.05 sec)

root@(none) 15:52 mysql>reset master;
Query OK, 0 rows affected (0.04 sec)

root@(none) 15:53 mysql>reset slave all;
Query OK, 0 rows affected (0.01 sec)

root@(none) 15:53 mysql>change master to master_host='192.168.23.152',
    -> master_user='yangy',
    -> master_password='Sanchuang1234#',
    -> master_port=3306,
    -> master_auto_position=1;
Query OK, 0 rows affected, 2 warnings (0.02 sec)

root@(none) 15:55 mysql>change master to master_delay=10;   设置延迟时间为10秒
Query OK, 0 rows affected (0.01 sec)

6.在 master 和 ansible 服务器之间建立双向免密通道

在 master 上部署ansible 的免密通道
[root@master ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
/root/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:FmajuR1g3P9+yu7FRvSF4S10G4Gbzapy7DmDrIPcJn4 root@master
The key's randomart image is:
+---[RSA 2048]----+
|              +oo|
|     . .     + =o|
|      + *     X.o|
|     . * +   + =.|
|      o S .   o .|
|       + . . +   |
|    . + o o o +  |
|     + E + O.o.  |
|    ..+.o +=Oo   |
+----[SHA256]-----+
[root@master ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.23.154
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.23.154's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@192.168.23.154'"
and check to make sure that only the key(s) you wanted were added.

 验证一下免密通道是不是好的
[root@master ~]# ssh 'root@192.168.23.154'
Last login: Sat Jul 15 14:32:09 2023 from 192.168.23.1

[root@ansible ~]# exit
登出
Connection to 192.168.23.154 closed.
[root@master ~]# 

7.部署 rsync + sersync 

        1.在ansible 备份服务器上的操作

1.关闭 selinux #永久关闭 linux 防火墙
[root@ansible ~]# vim /etc/selinux/config 
  SELINUX=disabled

2.关闭防火墙
[root@ansible ~]# service firewalld stop
Redirecting to /bin/systemctl stop firewalld.service
[root@ansible ~]# 

3.安装 rsync 端软件
[root@ansible ~]# yum install rsync xinetd -y
[root@ansible ~]# vim /etc/rc.d/rc.local          #设置开机启动
/usr/bin/rsync --daemon --config=/etc/rsyncd.conf # 添加开机启动
[root@ansible ~]# chmod +x /etc/rc.d/rc.local
[root@ansible ~]# systemctl start xinetd          #启动xinetd
[root@ansible ~]# vim /etc/rsyncd.conf 
    uid = root
    gid = root
    use chroot = yes
    max connections = 0
    log file = /var/log/rsyncd.log
    pid file = /var/run/rsyncd.pid 
    lock file = /var/run/rsync.lock 
    secrets file = /etc/rsync.pass  
    motd file = /etc/rsyncd.Motd
    [back_data]    #配置项名称（自定义）
        path = /backup      #备份文件存储地址           
        comment = A directory in which data is stored
        ignore errors = yes
        read only = no
        hosts allow = 192.168.23.148  #允许的ip地址(数据源服务器地址)
[root@ansible ~]# vim /etc/rsync.pass
[root@ansible ~]# cat /etc/rsync.pass   # 配置文件，添加以下内容，添加允许传输用户和密码
ansible-backup:123456  # 格式，用户名:密码，可以设置多个，每行一个用户名:密码
[root@ansible ~]# 

4.设置文件权限
[root@ansible ~]# chmod 600 /etc/rsyncd.conf     #设置文件所有者读取、写入权限
[root@ansible ~]# chmod 600 /etc/rsync.pass      

5.启动 rsync 和 xinetd
[root@ansible ~]# /usr/bin/rsync --daemon --config=/etc/rsyncd.conf
[root@ansible ~]# ps aux|grep rsync
root      12863  0.1  0.0 114852   576 ?        Ss   20:22   0:00 /usr/bin/rsync --daemon --config=/etc/rsyncd.conf
root      12865  0.0  0.0 112824   980 pts/0    S+   20:23   0:00 grep --color=auto rsync
[root@ansible ~]# systemctl start xinetd

6.查看 rsync 监听的端口号
[root@ansible ~]# netstat -anplut|grep rsync
tcp        0      0 0.0.0.0:873             0.0.0.0:*               LISTEN      12863/rsync         
tcp6       0      0 :::873                  :::*                    LISTEN      12863/rsync         
[root@ansible ~]# 

看到进程，说明 rsync 启动成功
xinetd 监听 873 端口

 xinetd是一个提供保姆服务的进程，rsync是它照顾的进程，rsync是一个非独立的服务，依赖xinetd来管理

         2.rsync 数据源服务器上的操作

1.关闭 slinux  #永久关闭 linux 防火墙
[root@master backup]# getenforce
Disabled
[root@master backup]# vim /etc/selinux/config 
SELINUX=disabled

2.关闭防火墙
[root@master backup]# service firewalld stop
Redirecting to /bin/systemctl stop firewalld.service
[root@master backup]# 

3.安装 rsync 客户端软件
[root@master backup]# yum install rsync xinetd -y
设置开机启动
[root@master backup]# vim /etc/rc.local
/usr/bin/rsync --daemon      #添加开机启动
[root@master backup]# chmod +x /etc/rc.d/rc.local
[root@master backup]# vim /etc/rsyncd.conf
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock
motd file = /etc/rsyncd.Motd
[Sync]
    comment = Sync
    uid = root
    gid = root
    port= 873

[root@master backup]# systemctl start xinetd   #启动（CentOS中是以xinetd来管理rsync服务的

4、创建认证密码文件
[root@master backup]# vim /etc/passwd.txt
[root@master backup]# cat /etc/passwd.txt 
123456
[root@master backup]# chmod 600 /etc/passwd.txt    #设置文件权限，只设置文件所有者具有读取、写入权限即可  

5.测试数据同步

[root@master backup]# rsync -avH --port=873 --progress --delete  /backup root@192.168.23.154::back_data --password-file=/etc/passwd.txt
sending incremental file list
backup/
backup/2023-07-12_wangshuai.sql
          2,072 100%    0.00kB/s    0:00:00 (xfr#1, to-chk=6/8)
backup/_wangshuai.sql
          2,072 100%    1.98MB/s    0:00:00 (xfr#2, to-chk=5/8)
backup/all_db.sql
        934,117 100%   89.08MB/s    0:00:00 (xfr#3, to-chk=4/8)
backup/backup_db.sh
            219 100%   21.39kB/s    0:00:00 (xfr#4, to-chk=3/8)
backup/hunan_liangliang.sql
          8,172 100%  798.05kB/s    0:00:00 (xfr#5, to-chk=2/8)
backup/tennis_player.sql
          3,605 100%  352.05kB/s    0:00:00 (xfr#6, to-chk=1/8)
backup/ws.sql
          2,024 100%  197.66kB/s    0:00:00 (xfr#7, to-chk=0/8)

sent 953,082 bytes  received 153 bytes  46,499.27 bytes/sec
total size is 952,281  speedup is 1.00
[root@master backup]#

        3.安装sersync工具，实时触发rsync进行同步

1、修改inotify默认参数（inotify默认内核参数值太小） 修改参数：
[root@master backup]# sysctl -w fs.inotify.max_queued_events="99999999"
fs.inotify.max_queued_events = 99999999
[root@master backup]# sysctl -w fs.inotify.max_user_watches="99999999"
fs.inotify.max_user_watches = 99999999
[root@master backup]# sysctl -w fs.inotify.max_user_instances="65535"
fs.inotify.max_user_instances = 65535
[root@master backup]#
[root@master backup]# vi /etc/sysctl.conf   永久修改

fs.inotify.max_queued_events=99999999
fs.inotify.max_user_watches=99999999
fs.inotify.max_user_instances=65535

2.安装sersync
[root@master backup]# wget http://down.whsir.com/downloads/sersync2.5.4_64bit_binary_stable_final.tar.gz
[root@master backup]# tar xf sersync2.5.4_64bit_binary_stable_final.tar.gz 
[root@master backup]# mv GNU-Linux-x86  /usr/local/sersync
3、创建rsync
[root@master backup]# cd  /usr/local/sersync
备份配置文件，防止修改错了，不知道哪里出错，好还原
[root@master sersync]# cp confxml.xml  confxml.xml-bak   
[root@master sersync]# cp confxml.xml  data_configxml.xml

4、修改配置 data_configxml.xml 文件
[root@master sersync]# vim data_configxml.xml
       <localpath watch="/opt/tongbu">
 25             <remote ip="192.168.23.152" name="back_data"/>
 26             <!--<remote ip="192.168.8.39" name="tongbu"/>-->
 27             <!--<remote ip="192.168.8.40" name="tongbu"/>-->
 28         </localpath>
 29         <rsync>
 30             <commonParams params="-artuz"/>
 31             <auth start="false" users="root" passwordfile="/etc/passwd.txt"/>
 32             <userDefinedPort start="false" port="874"/><!-- port=874 -->
 33             <timeout start="false" time="100"/><!-- timeout=100 -->
 34             <ssh start="false"/>
 35         </rsync>
5、启动服务
[root@master sersync]# PATH=/usr/local/sersync:$PATH
[root@master sersync]# which sersync2
/usr/local/sersync/sersync2
[root@master sersync]# echo 'PATH=/usr/local/sersync:$PATH' >>/root/.bashrc
[root@master sersync]# sersync2 -d -r -o  /usr/local/sersync/data_configxml.xml
set the system param
execute：echo 50000000 > /proc/sys/fs/inotify/max_user_watches
execute：echo 327679 > /proc/sys/fs/inotify/max_queued_events
parse the command param
option: -d     run as a daemon
option: -r     rsync all the local files to the remote servers before the sersync work
option: -o     config xml name：  /usr/local/sersync/data_configxml.xml
daemon thread num: 10
parse xml config file
host ip : localhost    host port: 8008
daemon start，sersync run behind the console 
config xml parse success
please set /etc/rsyncd.conf max connections=0 Manually
sersync working thread 12  = 1(primary thread) + 1(fail retry thread) + 10(daemon sub threads) 
Max threads numbers is: 22 = 12(Thread pool nums) + 10(Sub threads)
please according your cpu ，use -n param to adjust the cpu rate
------------------------------------------
rsync the directory recursivly to the remote servers once
working please wait...
execute command: cd /backup && rsync -artuz -R --delete ./ 192.168.23.152::back_data >/dev/null 2>&1 
[root@master sersync]# 

6、设置sersync监控开机自动执行
[root@master sersync]# vim /etc/rc.d/rc.local 
/usr/local/sersync/sersync2 -d -r -o  /usr/local/sersync/data_configxml.xml

8.安装部署 MySQLrouter

 MySQLrouter 是 MySQL 官方给我们提供的一个读写分离的软件，MySQL Router很轻量级，只能通过不同的端口来实现简单的读/写分离，且读请求的调度算法只能使用默认的rr(round-robin)轮询算法。MySQL Router的前提是后端实现了MySQL的主从复制。

去官网下载软件

https://dev.mysql.com/get/Downloads/MySQL-Router/mysql-router-community-8.0.23-1.el7.x86_64.rpm

        1.安装 部署MySQLrouter

1.安装
[root@mysql-router-1 ~]# ls
anaconda-ks.cfg  mysql-router-community-8.0.23-1.el7.x86_64.rpm
[root@mysql-router-1 ~]# rpm -ivh mysql-router-community-8.0.23-1.el7.x86_64.rpm 
警告：mysql-router-community-8.0.23-1.el7.x86_64.rpm: 头V3 DSA/SHA1 Signature, 密钥 ID 5072e1f5: NOKEY
准备中...                          ################################# [100%]
正在升级/安装...
   1:mysql-router-community-8.0.23-1.e################################# [100%]
[root@mysql-router-1 ~]# 

2.修改配置文件
[root@mysql-router-1 ~]# cd /etc/mysqlrouter/     进入存放配置文件的目录
[root@mysql-router-1 mysqlrouter]# ls
mysqlrouter.conf
[root@mysql-router-1 mysqlrouter]# cat mysqlrouter.conf |grep -v '^#'


[DEFAULT]
logging_folder = /var/log/mysqlrouter
runtime_folder = /var/run/mysqlrouter
config_folder = /etc/mysqlrouter

[logger]
level = INFO

[keepalive]
interval = 60

[routing:slaves]
bind_address = 192.168.23.155:7001
destinations = 192.168.23.152:3306,192.168.23.151:3306
mode = read-only
connect_timeout = 1

[routing:masters]
bind_address = 192.168.23.155:7002
destinations = 192.168.23.142:3306
mode = read-write
connect_timeout = 1
[root@mysql-router-1 mysqlrouter]# 

3.启动 MySQLrouter 服务
[root@mysql-router-1 mysqlrouter]# service mysqlrouter start
Redirecting to /bin/systemctl start mysqlrouter.service
[root@mysql-router-1 mysqlrouter]# 
MySQLrouter 监听了 7001 和 7002 端口
[root@mysql-router-1 mysqlrouter]# netstat -anplut|grep mysql
tcp        0      0 192.168.23.155:7001     0.0.0.0:*               LISTEN      2219/mysqlrouter    
tcp        0      0 192.168.23.155:7002     0.0.0.0:*               LISTEN      2219/mysqlrouter    
[root@mysql-router-1 mysqlrouter]# 

5.在 master 上创建 2 个测试账号，一个是读，一个是写
root@(none) 13:35 mysql>grant all on *.* to 'write'@'%' identified by 'Sanchuang1234#';
Query OK, 0 rows affected, 1 warning (0.02 sec)
root@(none) 13:37 mysql>grant select on *.* to 'read'@'%' identified by 'Sanchuang1234#';
Query OK, 0 rows affected, 1 warning (0.00 sec)

6.在客户端上测试读写分离的效果，使用 2 个测试账号
注意关闭防火墙  --- 》 service firewalld stop
[root@node1 ~]# mysql -h 192.168.2.155 -P 7001 -uread -p'Sanchuang1234#'
读写分离的关键点：其实是用户的权限，让不同的用户连接不同的端口，最后仍然要到后端的mysql服务器去验证是否有读写的权限
                mysqlrouter 只是做了读写的分流，让应用程序去连接不同的端口  -->mysqlrouter 只是一个分流工具     
                主要是用户权限的控制，有写权限的用户走读的通道也可以写 ，读的用户走写的通道只能读               
7001 --》read
7002 --》write/read

9.安装部署 keepalived

1.安装keepalived
[root@mysql-router-2 mysqlrouter]# yum install keepalived -y

2.修改配置文件
[root@mysql-router-1 mysqlrouter]# cd /etc/keepalived/
[root@mysql-router-1 keepalived]# ls
keepalived.conf
[root@mysql-router-1 keepalived]# vim keepalived.conf
[root@mysql-router-1 keepalived]# cat keepalived.conf 
! Configuration File for keepalived

global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 192.168.200.1
   smtp_connect_timeout 30
   router_id LVS_DEVEL
   vrrp_skip_check_adv_addr
   #vrrp_strict     #这个注释
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}
vrrp_instance VI_1 {   #定义一个vrrp协议的实例 名字叫VI_1 第一个vrrp实例
    state MASTER       #做 master 角色
    interface ens33    #指定监听网络的接口，其实就是 vip 绑定到哪个网络接口上
    virtual_router_id 88   #虚拟路由器id
    priority 200       #优先级 0~255
    advert_int 1       #宣告消息的时间间隔 1秒
    authentication {
        auth_type PASS    #密码认证  password
        auth_pass 1111    #具体密码
    }
    track_script {
    send_mail
}
    virtual_ipaddress {  #vip 虚拟ip地址
        192.168.23.188
    }
}
vrrp_instance VI_2 {   #定义第二个vrrp协议的实例 名字叫VI_2 第二个vrrp实例
    state backup
    interface ens33
    virtual_router_id 89
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    track_script {
    send_mail
}
    virtual_ipaddress {
        192.168.23.189
    }
}
[root@mysql-router-1 keepalived]# service keepalived restart
Redirecting to /bin/systemctl restart keepalived.service
[root@mysql-router-1 keepalived]# 

 可以在第一台机器上面看到虚拟ip已经实现
接下来是在第二台机器上的配置，两台机器互为主备，实现负载均衡的效果

1.下载keepalived
[root@mysql-router-2 mysqlrouter]# yum install keepalived -y

2.修改配置文件
[root@mysql-router-2 ~]# cd /etc/keepalived/
[root@mysql-router-2 keepalived]# vim keepalived.conf 
! Configuration File for keepalived

global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 192.168.200.1
   smtp_connect_timeout 30
   router_id LVS_DEVEL
   vrrp_skip_check_adv_addr
   #vrrp_strict
   vrrp_garp_interval 0
   vrrp_gna_interval 0
}
vrrp_instance VI_1 {
    state backup
    interface ens33
    virtual_router_id 88
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    track_script {
    send_mail
    }
    virtual_ipaddress {
        192.168.23.188
    }
}
vrrp_instance VI_2 {
    state master
    interface ens33
    virtual_router_id 89
    priority 200
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    track_script {
    send_mail
    }
    virtual_ipaddress {
        192.168.23.189
    }
}
[root@mysql-router-2 keepalived]# service keepalived restart
Redirecting to /bin/systemctl restart keepalived.service
[root@mysql-router-2 keepalived]# 

 在第二台机器上看到这样的效果，说明服务已经启动，实现了双vip的高可用功能

[root@mysql-router-2 keepalived]# ps aux|grep keepalived
root      12846  0.0  0.0 123056  1408 ?        Ss   11:26   0:00 /usr/sbin/keepalived -D
root      12847  0.0  0.1 134028  3392 ?        S    11:26   0:00 /usr/sbin/keepalived -D
root      12848  0.0  0.1 133964  2712 ?        S    11:26   0:04 /usr/sbin/keepalived -D
root      13720  0.0  0.0 112824   980 pts/0    R+   14:45   0:00 grep --color=auto keepalived
[root@mysql-router-2 keepalived]# 

keepalived 正常启动的时候，共启动3个进程： 一个是父进程，负责监控其子进程；一个是VRRP子进程，另外一个是checkers子进程 两个子进程都被系统watchdog看管，两个子进程各自负责自己的事。 Healthcheck 子进程检查各自服务器的健康状况，例如http。lvs。如果healthchecks 进程检查到 master上服务不可用了，就会通知本机上的VRRP子进程，让它删除通告，并且去掉虚拟IP，转换为BACKUP状态。