构架实验haproxy:
构架说明haproxy 双主keepalived,向后代理动态服务期组,静态服务器组,实现动静分离
动态的做了corosyncv2+pacemaker 集群 nginx 在node2上,apahce默认在node1上 node3 php-fpm,node4提供nfs 以及mysql server。
nginxvip: 11.100.46.253
apache:11.100.46.252
php-fpm:11.100.46.251
mysql:11.100.46.250
静态nginx1:11.100.45.70
静态nginx2:11.100.45.76
haproxy1:11.100.40.123
haproxy2: 11.100.40.122
# iptables -X; iptables -F; iptables -L -n
# getenforce
# yum -y install keepalived haproxy
一、配置keepalived :
虚拟两个虚拟ip给haproxy使用
haproxy1配置keepalived:
# vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
root@localhost
}
notification_email_from kaadmin@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id keep1.cpe.com
# vrrp_mcast_group4 224.110.110.110
}
vrrp_script chk_down_weight {
script “[[ -f /etc/keepalived/down ]] && exit 1 || exit 0”
interval 1
weight -20
}
vrrp_instance VI_1 {
state MASTER
interface eth1
virtual_router_id 51
priority 101
advert_int 1
# nopreempt
authentication {
auth_type PASS
auth_pass 8d7cb54d
}
virtual_ipaddress {
11.100.40.121/24 dev eth1 label eth1:0
}
track_script {
chk_down_weight
}
notify_master “/etc/keepalived/notify.sh master”
notify_backup “/etc/keepalived/notify.sh backup”
notify_fault “/etc/keepalived/notify.sh fault”
}
vrrp_instance VI_2 {
state BACKUP
interface eth1
virtual_router_id 52
priority 99
advert_int 2
# nopreempt
authentication {
auth_type PASS
auth_pass 8d7cb54d
}
virtual_ipaddress {
11.100.40.120/24 dev eth1 label eth1:2
}
track_script {
chk_down_weight
}
notify_master “/etc/keepalived/notify.sh master”
notify_backup “/etc/keepalived/notify.sh backup”
notify_fault “/etc/keepalived/notify.sh fault”
}
# service keepalived start
haproxy2配置keepalived:
# mv -v /etc/keepalived/keepalived.conf{,.bak}
# vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
root@localhost
}
notification_email_from kaadmin@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id keep1.cpe.com
# vrrp_mcast_group4 224.110.110.110
}
vrrp_script chk_down_weight {
script “[[ -f /etc/keepalived/down ]] && exit 1 || exit 0”
interval 1
weight -20
}
vrrp_instance VI_1 {
state MASTER
interface eth1
virtual_router_id 51
priority 99
advert_int 1
# nopreempt
authentication {
auth_type PASS
auth_pass 8d7cb54d
}
virtual_ipaddress {
11.100.40.121/24 dev eth1 label eth1:0
}
track_script {
chk_down_weight
}
notify_master “/etc/keepalived/notify.sh master”
notify_backup “/etc/keepalived/notify.sh backup”
notify_fault “/etc/keepalived/notify.sh fault”
}
vrrp_instance VI_2 {
state BACKUP
interface eth1
virtual_router_id 52
priority 101
advert_int 2
# nopreempt
authentication {
auth_type PASS
auth_pass 8d7cb54d
}
virtual_ipaddress {
11.100.40.120/24 dev eth1 label eth1:2
}
track_script {
chk_down_weight
}
notify_master “/etc/keepalived/notify.sh master”
notify_backup “/etc/keepalived/notify.sh backup”
notify_fault “/etc/keepalived/notify.sh fault”
}
# service keepalived start
二、配置haproxy
配置haproxy1:
# vim /etc/haproxy/haproxy.cfg
global
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
stats socket /var/lib/haproxy/stats
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 30000
frontend main
bind :80
# acl url_static path_beg -i /static /images /javascript /stylesheets
# acl url_static path_end -i .jpg .gif .png .css .js
# use_backend static if url_static
default_backend static
backend static
balance roundrobin
server dserver1 11.100.46.7:80 check
server dserver2 11.100.46.9:80 check
配置haproxy2:
# mv /etc/haproxy/haproxy.cfg{,.bak} -v
# vim /etc/haproxy/haproxy.cfg
global
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
stats socket /var/lib/haproxy/stats
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 30000
frontend main
bind :80
# acl url_static path_beg -i /static /images /javascript /stylesheets
# acl url_static path_end -i .jpg .gif .png .css .js
# use_backend static if url_static
default_backend static
backend static
balance roundrobin
server dserver1 11.100.46.7:80 check
server dserver2 11.100.46.9:80 check
创建haproxy检查脚本
配置haproxy1:
# vim /etc/keepalived/keepalived.conf
vrrp_script chk_haproxy {
script ” killall -0 haproxy &> /dev/null”
interval 1
weight -20
}
track_script {
chk_down_weight
chk_haproxy
}
配置haproxy2:
# vim /etc/keepalived/keepalived.conf
vrrp_script chk_haproxy {
script ” killall -0 haproxy &> /dev/null”
interval 1
weight -20
}
track_script {
chk_down_weight
chk_haproxy
}
以上haproxy双主热备配置完成
三、配置corosync+pacemaker
11.100.46.4
11.100.46.7
11.100.46.9
11.100.46.11
1、创建名字解析、以及无密码登录
node1:
创建解析:
echo ‘node1’ > /etc/hostname
echo ‘11.100.46.4 node1’ >> /etc/hosts
echo ‘11.100.46.7 node2’ >> /etc/hosts
echo ‘11.100.46.9 node3’ >> /etc/hosts
echo ‘11.100.46.11 node4’ >> /etc/hosts
让node1可以无密码登录node2、node3、node4:
ssh-keygen
ssh-copy-id -i /root/.ssh/id_rsa.pub root@node2;ssh-copy-id -i /root/.ssh/id_rsa.pub root@node3;ssh-copy-id -i /root/.ssh/id_rsa.pub root@node4
scp /etc/hosts root@node2:/etc/hosts;scp /etc/hosts root@node3:/etc/hosts;scp /etc/hosts root@node4:/etc/hosts;
hostname node1;ssh node2 ‘hostname node2’;ssh node3 ‘hostname node3’; ssh node4 ‘hostname node4’;
export;ssh node2 ‘export’;ssh node3 ‘export’; ssh node4 ‘export’;
hostname;ssh node2 ‘hostname’;ssh node3 ‘hostname’; ssh node4 ‘hostname’;
禁止selinux:
setenforce 0;ssh node2 ‘setenforce 0’;ssh node3 ‘setenforce 0’; ssh node4 ‘setenforce 0’;
getenforce;ssh node2 ‘getenforce’;ssh node3 ‘getenforce’; ssh node4 ‘getenforce’;
关闭防火墙:
iptables -F;ssh node2 ‘iptables -F’;ssh node3 ‘iptables -F’; ssh node4 ‘iptables -F’;ssh node2 ‘iptables -X’;ssh node3 ‘iptables -X’; ssh node4 ‘iptables -X’;iptables -X;iptables -L -n; ssh node2 ‘iptables -L -n’;ssh node3 ‘iptables -L -n’; ssh node4 ‘iptables -L -n’;
2、配置时间同步ntp
node1:
安装ntp服务
yum -y install ntp; ssh node2 ‘yum -y install ntp’; ssh node3 ‘yum -y install ntp’; ssh node4 ‘yum -y install ntp’
mv /etc/ntp.conf{,.bak} -v
cat /etc/ntp.conf.bak | sed ‘/^server.*$/d’ | sed ‘/^#broadcast 192.168.1.255/i server 172.16.31.125’ > /etc/ntp.conf
echo ‘server 172.16.31.125’ >> /etc/ntp/step-tickers
scp /etc/ntp.conf root@node2:/etc/ntp.conf; scp /etc/ntp/step-tickers root@node2:/etc/ntp/step-tickers;
scp /etc/ntp.conf root@node3:/etc/ntp.conf; scp /etc/ntp/step-tickers root@node3:/etc/ntp/step-tickers;
scp /etc/ntp.conf root@node4:/etc/ntp.conf; scp /etc/ntp/step-tickers root@node4:/etc/ntp/step-tickers
systemctl enable ntpd;ssh node2 ‘systemctl enable ntpd’;ssh node3 ‘systemctl enable ntpd’;ssh node4 ‘systemctl enable ntpd’
systemctl start ntpd; ssh node2 ‘systemctl start ntpd’; ssh node3 ‘systemctl start ntpd’; ssh node4 ‘systemctl start ntpd’
测试时间:
uname -n;ssh node2 ‘uname -n’;ssh node3 ‘uname -n’;ssh node4 ‘uname -n’
date;ssh node2 ‘date’;ssh node3 ‘date’;ssh node4 ‘date’
ntpstat ; ssh node2 ‘ntpstat’; ssh node3 ‘ntpstat’; ssh node4 ‘ntpstat’
systemctl restart ntpd; ssh node2 ‘systemctl restart ntpd’; ssh node3 ‘systemctl restart ntpd’; ssh node4 ‘systemctl restart ntpd’
3、安装corosync并验证
yum -y install corosync; ssh node2 ‘yum -y install corosync’ ;ssh node3 ‘yum -y install corosync’;ssh node4 ‘yum -y install corosync’
vim /etc/corosync/corosync.conf
加入配置文件:
totem {
version: 2
crypto_cipher: aes128
crypto_hash: sha1
interface {
ringnumber: 0
bindnetaddr: 11.100.46.0
mcastaddr: 239.185.1.31
mcastport: 5405
ttl: 1
}
transport: udpu
}
logging {
fileline: off
to_logfile: yes
to_stderr: no
to_syslog: no
logfile: /var/log/cluster/corosync.log
debug: off
timestamp: on
logger_subsys {
subsys: QUORUM
debug: off
}
}
nodelist {
node {
ring0_addr: 11.100.46.4
nodeid: 1
}
node {
ring0_addr: 11.100.46.7
nodeid: 2
}
node {
ring0_addr: 11.100.46.9
nodeid: 3
}
node {
ring0_addr: 11.100.46.11
nodeid: 4
}
}
quorum {
# Enable and configure quorum subsystem (default: off)
# see also corosync.conf.5 and votequorum.5
provider: corosync_votequorum
}
scp /etc/corosync/corosync.conf root@node2:/etc/corosync/; scp /etc/corosync/corosync.conf root@node3:/etc/corosync/; scp /etc/corosync/corosync.conf root@node4:/etc/corosync/
加入验证秘钥:
corosync-keygen
scp /etc/corosync/authkey root@node2:/etc/corosync/;scp /etc/corosync/authkey root@node3:/etc/corosync/;scp /etc/corosync/authkey root@node4:/etc/corosync/
systemctl start corosync;ssh node2 ‘systemctl start corosync’; ssh node3 ‘systemctl start corosync’; ssh node4 ‘systemctl start corosync’
检查corosyn是否正常:
corosync-cfgtool -s;ssh node2 ‘corosync-cfgtool -s’;ssh node3 ‘corosync-cfgtool -s’; ssh node4 ‘corosync-cfgtool -s’;
Printing ring status.
Local node ID 1
RING ID 0
id = 11.100.46.4
status = ring 0 active with no faults
[root@node1 ~]# corosync-cfgtool -s;ssh node2 ‘corosync-cfgtool -s’;ssh node3 ‘corosync-cfgtool -s’; ssh node4 ‘corosync-cfgtool -s’;
Printing ring status.
Local node ID 1
RING ID 0
id = 11.100.46.4
status = ring 0 active with no faults
Printing ring status.
Local node ID 2
RING ID 0
id = 11.100.46.7
status = ring 0 active with no faults
Printing ring status.
Local node ID 3
RING ID 0
id = 11.100.46.9
status = ring 0 active with no faults
Printing ring status.
Local node ID 4
RING ID 0
id = 11.100.46.11
status = ring 0 active with no faults
//no faults就是正常
//查看日志
# tail -f /var/log/cluster/corosync.log
# corosync-cmapctl | grep members
//能看见个节点信息
runtime.totem.pg.mrp.srp.members.1.config_version (u64) = 0
runtime.totem.pg.mrp.srp.members.1.ip (str) = r(0) ip(11.100.46.4)
runtime.totem.pg.mrp.srp.members.1.join_count (u32) = 1
runtime.totem.pg.mrp.srp.members.1.status (str) = joined
runtime.totem.pg.mrp.srp.members.2.config_version (u64) = 0
runtime.totem.pg.mrp.srp.members.2.ip (str) = r(0) ip(11.100.46.7)
runtime.totem.pg.mrp.srp.members.2.join_count (u32) = 1
runtime.totem.pg.mrp.srp.members.2.status (str) = joined
runtime.totem.pg.mrp.srp.members.3.config_version (u64) = 0
runtime.totem.pg.mrp.srp.members.3.ip (str) = r(0) ip(11.100.46.9)
runtime.totem.pg.mrp.srp.members.3.join_count (u32) = 1
runtime.totem.pg.mrp.srp.members.3.status (str) = joined
runtime.totem.pg.mrp.srp.members.4.config_version (u64) = 0
runtime.totem.pg.mrp.srp.members.4.ip (str) = r(0) ip(11.100.46.11)
runtime.totem.pg.mrp.srp.members.4.join_count (u32) = 1
runtime.totem.pg.mrp.srp.members.4.status (str) = joined
4、配置pacemaker
yum -y install pacemaker;ssh node2 ‘yum -y install pacemaker’; ssh node3 ‘yum -y install pacemaker’; ssh node4 ‘yum -y install pacemaker’
# vim /etc/sysconfig/pacemaker
//打开日志
PCMK_logfile=/var/log/pacemaker.log
scp /etc/sysconfig/pacemaker root@node2:/etc/sysconfig/;scp /etc/sysconfig/pacemaker root@node3:/etc/sysconfig/;scp /etc/sysconfig/pacemaker root@node4:/etc/sysconfig/
//启动服务
systemctl start pacemaker;ssh node2 ‘systemctl start pacemaker’; ssh node3 ‘systemctl start pacemaker’; ssh node4 ‘systemctl start pacemaker’
//查看服务是否启动
systemctl status pacemaker;ssh node2 ‘systemctl status pacemaker’; ssh node3 ‘systemctl status pacemaker’; ssh node4 ‘systemctl status pacemaker’
//查看各主键是否正常
# ps -aux | prep pacemaker
root 9534 0.0 0.8 132652 8336 ? Ss 04:31 0:00 /usr/sbin/pacemakerd -f
haclust+ 9536 0.1 1.6 135324 15364 ? Ss 04:31 0:00 /usr/libexec/pacemaker/cib
root 9537 0.0 0.8 135604 7900 ? Ss 04:31 0:00 /usr/libexec/pacemaker/stonithd
root 9538 0.0 0.5 105092 5012 ? Ss 04:31 0:00 /usr/libexec/pacemaker/lrmd
haclust+ 9539 0.0 0.8 126920 7628 ? Ss 04:31 0:00 /usr/libexec/pacemaker/attrd
haclust+ 9540 0.0 2.2 153104 20864 ? Ss 04:31 0:00 /usr/libexec/pacemaker/pengine
haclust+ 9541 0.1 1.2 186360 11560 ? Ss 04:31 0:00 /usr/libexec/pacemaker/crmd
//可以看见dc是node1,node2,node3,node4在线
# crm_mon
Stack: corosync
Current DC: node3 (version 1.1.15-11.el7-e174ec8) – partition with quorum
Last updated: Fri May 26 20:00:37 2017 Last change: Fri May 26 19:57:34 2017 by hacluster via crmd on node3
4 nodes and 0 resources configured
Online: [ node1 node2 node3 node4 ]
No active resources
5、只需要在任意一台上安装crmsh
wget http://172.16.31.125/soft/crmsh/{crmsh-3.0.0-2.2.noarch.rpm,crmsh-scripts-3.0.0-2.2.noarch.rpm,python-parallax-1.0.1-29.1.noarch.rpm}
yum -y install *
四、安装NFS服务器
nfs单独配置这里就把node4用来代替:11.100.46.11
node4:
1、安装nfs服务
yum -y install rpcbind nfs-utils
systemctl enable rpcbind
//查看rpm服务是否正常
systemctl start rpcbind
rpcinfo
program version netid address service owner
100000 4 tcp6 ::.0.111 portmapper superuser
100000 3 tcp6 ::.0.111 portmapper superuser
100000 4 udp6 ::.0.111 portmapper superuser
100000 3 udp6 ::.0.111 portmapper superuser
100000 4 tcp 0.0.0.0.0.111 portmapper superuser
100000 3 tcp 0.0.0.0.0.111 portmapper superuser
100000 2 tcp 0.0.0.0.0.111 portmapper superuser
100000 4 udp 0.0.0.0.0.111 portmapper superuser
100000 3 udp 0.0.0.0.0.111 portmapper superuser
100000 2 udp 0.0.0.0.0.111 portmapper superuser
100000 4 local /var/run/rpcbind.sock portmapper superuser
100000 3 local /var/run/rpcbind.sock portmapper superuser
2、创建web nfs文件夹
mkdir /htdocs/www -pv
groupadd -r -g 888 apache
useradd -M -u 888 -g 888 -s /sbin/nologin -r apache
chmod -R u=rwx,g=rx,o=rx /htdocs/www/
chown -R apache:apache /htdocs/www/
echo ‘/htdocs/www 11.100.46.7(rw,all_squash,anonuid=888,anongid=888) 11.100.46.4(rw,all_squash,anonuid=888,anongid=888) 11.100.46.9(rw,all_squash,anonuid=888,anongid=888) 11.100.45.70(rw,all_squash,anonuid=888,anongid=888) 11.100.45.76(rw,all_squash,anonuid=888,anongid=888)’ > /etc/exports
service nfs start
exportfs -ar
//检查挂载
showmount -e
Export list for node4:
/htdocs/www 11.100.46.9,11.100.46.4,11.100.46.7
3、配置数据库挂载
groupadd -r -g 889 mysql
useradd -M -u 889 -g 889 -s /sbin/nologin -r mysql
mkdir -pv /mydata/data
chmod -R u=rwx,g=rx,o=rx /mydata/data
chown -R mysql:mysql /mydata/data
# setfacl -m u:root:rwx /mydata/data
echo ‘/mydata/data 11.100.46.7(rw,all_squash,anonuid=889,anongid=889) 11.100.46.4(rw,all_squash,anonuid=889,anongid=889) 11.100.46.9(rw,all_squash,anonuid=889,anongid=889)’ >> /etc/exports
exportfs -ar
测试挂载:
showmount -e
Export list for node4:
/mydata/data 11.100.46.9,11.100.46.4,11.100.46.7
/htdocs/www 11.100.46.9,11.100.46.4,11.100.46.7
4、测试挂载
在node1、node2、node3上安装nfs然后并挂载测试权限:
node1:
yum -y install nfs-utils;ssh node2 ‘yum -y install nfs-utils’;ssh node3 ‘yum -y install nfs-utils’
//查看可用挂载
showmount -e node4
Export list for node4:
/mydata/data 11.100.46.9,11.100.46.4,11.100.46.7
/htdocs/www 11.100.46.9,11.100.46.4,11.100.46.7
//创建web文件夹、并赋予权限
mkdir -pv /htdocs/www;ssh node2 ‘mkdir -pv /htdocs/www’;ssh node3 ‘mkdir -pv /htdocs/www’
groupadd -r -g 888 apache;ssh node2 ‘groupadd -r -g 888 apache’;ssh node3 ‘groupadd -r -g 888 apache’;
useradd -M -u 888 -g 888 -s /sbin/nologin -r apache;ssh node2 ‘useradd -M -u 888 -g 888 -s /sbin/nologin -r apache’;ssh node3 ‘useradd -M -u 888 -g 888 -s /sbin/nologin -r apache’;
chmod -R u=rwx,g=rx,o=rx /htdocs/www/;ssh node2 ‘chmod -R u=rwx,g=rx,o=rx /htdocs/www/’;ssh node3 ‘chmod -R u=rwx,g=rx,o=rx /htdocs/www/’;
chown -R apache:apache /htdocs/www/;ssh node2 ‘chown -R apache:apache /htdocs/www/’;ssh node3 ‘chown -R apache:apache /htdocs/www/’;
setfacl -m u:root:rwx /htdocs/www/ ;ssh node2 ‘setfacl -m u:root:rwx /htdocs/www/’;ssh node3 ‘setfacl -m u:root:rwx /htdocs/www/’;
//测试web目录挂载以及权限:
mount -t nfs node4:/htdocs/www /htdocs/www/;ssh node2 ‘mount -t nfs node4:/htdocs/www /htdocs/www/’; ssh node3 ‘mount -t nfs node4:/htdocs/www /htdocs/www/’
touch /htdocs/www/fdkslaf
ls -l /htdocs/www/;ssh node2 ‘ls -l /htdocs/www/’;ssh node3 ‘ls -l /htdocs/www/’
umount /htdocs/www/;ssh node2 ‘umount /htdocs/www/’;ssh node3 ‘umount /htdocs/www/’
//创建mysql文件夹、并赋予权限
groupadd -r -g 889 mysql;ssh node2 ‘groupadd -r -g 889 mysql’;ssh node3 ‘groupadd -r -g 889 mysql’;
useradd -M -u 889 -g 889 -s /sbin/nologin -r mysql;ssh node2 ‘useradd -M -u 889 -g 889 -s /sbin/nologin -r mysql’;ssh node3 ‘useradd -M -u 889 -g 889 -s /sbin/nologin -r mysql’;
mkdir -pv /mydata/data;ssh node2 ‘mkdir -pv /mydata/data’;ssh node3 ‘mkdir -pv /mydata/data’;
chmod -R u=rwx,g=rx,o=rx /mydata/data;ssh node2 ‘chmod -R u=rwx,g=rx,o=rx /mydata/data’;ssh node3 ‘chmod -R u=rwx,g=rx,o=rx /mydata/data’;
chown -R mysql:mysql /mydata/data;ssh node2 ‘chown -R mysql:mysql /mydata/data’;ssh node3 ‘chown -R mysql:mysql /mydata/data’;
setfacl -m u:root:rwx /mydata/data;ssh node2 ‘setfacl -m u:root:rwx /mydata/data’;ssh node3 ‘setfacl -m u:root:rwx /mydata/data’
//测试mysql目录挂载以及权限:
mount -t nfs node4:/mydata/data /mydata/data;ssh node2 ‘mount -t nfs node4:/mydata/data /mydata/data’;ssh node3 ‘mount -t nfs node4:/mydata/data /mydata/data’
ls -ld /mydata/data;ssh node2 ‘ls -ld /mydata/data’;ssh node3 ‘ls -ld /mydata/data’;
umount /mydata/data;ssh node2 ‘umount /mydata/data’;ssh node3 ‘umount /mydata/data’
ls -l /mydata/data;ssh node2 ‘ls -l /mydata/data’;ssh node3 ‘ls -l /mydata/data’;
getfacl /mydata/data/;ssh node2 ‘getfacl /mydata/data/’;ssh node3 ‘getfacl /mydata/data/’;
# setfacl -m u:root:rwx /mydata/data
五、安装fpmserver
1、安装fpm-sever
yum -y install php-fpm;ssh node2 ‘yum -y install php-fpm’; ssh node3 ‘yum -y install php-fpm’; ssh node4 ‘yum -y install php-fpm’
mv -v /etc/php-fpm.d/www.conf{,.bak}
2、配置监听在vip上:
cat > /etc/php-fpm.d/www.conf << EOF
[www]
listen = 11.100.46.251:9000
listen.allowed_clients = 11.100.46.253,11.100.46.252,11.100.46.7
user = apache
group = apache
pm = dynamic
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 35
slowlog = /var/log/php-fpm/www-slow.log
php_admin_value[error_log] = /var/log/php-fpm/www-error.log
php_admin_flag[log_errors] = on
php_value[session.save_handler] = files
php_value[session.save_path] = /var/lib/php/session
EOF
3、测试fpm是否正常
systemctl start php-fpm
mount -t nfs node4:/htdocs/www/ /htdocs/www/
systemctl stop php-fpm
umount /htdocs/www/
4、配置node2、node3、node4
scp /etc/php-fpm.d/www.conf node2:/etc/php-fpm.d/www.conf;\
scp /etc/php-fpm.d/www.conf node3:/etc/php-fpm.d/www.conf;\
scp /etc/php-fpm.d/www.conf node4:/etc/php-fpm.d/www.conf
五、安装apahce
1、安装apache server
yum install -y httpd;ssh node2 ‘yum install -y httpd’;ssh node3 ‘yum install -y httpd’;ssh node4 ‘yum install -y httpd’
mv -v /etc/httpd/conf/httpd.conf{,.bak}
cat /etc/httpd/conf/httpd.conf.bak | sed ‘s/Directory \”\/var\/www\”/Directory \”\/htdocs\/www\”/’| sed ‘s/DocumentRoot \”\/var\/www\/html\”/DocumentRoot \”\/htdocs\/www\/\”/g’ > /etc/httpd/conf/httpd.conf
2、配置fcgi
2.1、启用httpd的相关模块
在Apache httpd 2.4以后已经专门有一个模块针对FastCGI的实现,此模块为mod_proxy_fcgi.so,它其实是作为mod_proxy.so模块的扩充,因此,这两个模块都要加载
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
2.2、配置虚拟主机支持使用fcgi
在相应的虚拟主机中添加类似如下两行。
ProxyRequests Off
ProxyPassMatch ^/(.*\.php)$ fcgi://11.100.46.251:9000/htdocs/www/$1
ProxyRequests Off:关闭正向代理
ProxyPassMatch:把以.php结尾的文件请求发送到php-fpm进程,php-fpm至少需要知道运行的目录和URI,所以这里直接在fcgi://127.0.0.1:9000后指明了这两个参数,其它的参数的传递已经被mod_proxy_fcgi.so进行了封装,不需要手动指定。
2.3、编辑apache配置文件httpd.conf,让apache能识别php格式的页面,并支持php格式的主页
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
DirectoryIndex index.php index.html
2.4、在centos7上我直接创建一个文件
编辑配置文件(centos 7proxy模块默认就有):
vim /etc/httpd/conf/httpd.conf
+++++++++++++++++++++++++++++++++++++++++++++++++++
配置文件如下:
+++++++++++++++++++++++++++++++++++++++++++++++++++
ServerRoot “/etc/httpd”
Listen 11.100.46.253:80
Include conf.modules.d/*.conf
User apache
Group apache
ServerAdmin root@localhost
<Directory />
AllowOverride none
Require all denied
</Directory>
DocumentRoot “/htdocs/www/”
<Directory “/htdocs/www”>
AllowOverride None
Require all granted
</Directory>
<Directory “/var/www/html”>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
<IfModule dir_module>
DirectoryIndex index.php index.html
</IfModule>
<Files “.ht*”>
Require all denied
</Files>
ErrorLog “logs/error_log”
LogLevel warn
<IfModule log_config_module>
LogFormat “%h %l %u %t \”%r\” %>s %b \”%{Referer}i\” \”%{User-Agent}i\”” combined
LogFormat “%h %l %u %t \”%r\” %>s %b” common
<IfModule logio_module>
LogFormat “%h %l %u %t \”%r\” %>s %b \”%{Referer}i\” \”%{User-Agent}i\” %I %O” combinedio
</IfModule>
CustomLog “logs/access_log” combined
</IfModule>
<IfModule alias_module>
ScriptAlias /cgi-bin/ “/var/www/cgi-bin/”
</IfModule>
<Directory “/var/www/cgi-bin”>
AllowOverride None
Options None
Require all granted
</Directory>
<IfModule mime_module>
TypesConfig /etc/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
</IfModule>
AddDefaultCharset UTF-8
<IfModule mime_magic_module>
MIMEMagicFile conf/magic
</IfModule>
EnableSendfile on
IncludeOptional conf.d/*.conf
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
ProxyRequests Off
ProxyPassMatch ^/(.*\.php)$ fcgi://11.100.46.251:9000/htdocs/www/$1
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
scp /etc/httpd/conf/httpd.conf root@node2:/etc/httpd/conf/httpd.conf; scp /etc/httpd/conf/httpd.conf root@node3:/etc/httpd/conf/httpd.conf;\
scp /etc/httpd/conf/httpd.conf root@node4:/etc/httpd/conf/httpd.conf
systemctl start httpd;ssh node2 ‘systemctl start httpd’; ssh node3 ‘systemctl start httpd’
systemctl restart httpd;ssh node2 ‘systemctl restart httpd’; ssh node3 ‘systemctl restart httpd’
//测试httpd访问
mount -t nfs node4:/htdocs/www /htdocs/www/;ssh node2 ‘mount -t nfs node4:/htdocs/www /htdocs/www/’; ssh node3 ‘mount -t nfs node4:/htdocs/www /htdocs/www/’
echo ‘<p1>this is NFS-server on 11.100.46.13</p1>’ > /htdocs/www/index.html
systemctl stop httpd;ssh node2 ‘systemctl stop httpd’; ssh node3 ‘systemctl stop httpd’
ls -l /htdocs/www/;ssh node2 ‘ls -l /htdocs/www/’;ssh node3 ‘ls -l /htdocs/www/’
umount /htdocs/www/;ssh node2 ‘umount /htdocs/www/’;ssh node3 ‘umount /htdocs/www/’
六、安装nginx
1、安装nginx
rpm -ivh http://172.16.31.125/soft/nginx-filesystem-1.10.2-1.el7.noarch.rpm;\
ssh node2 ‘rpm -ivh http://172.16.31.125/soft/nginx-filesystem-1.10.2-1.el7.noarch.rpm’;\
ssh node3 ‘rpm -ivh http://172.16.31.125/soft/nginx-filesystem-1.10.2-1.el7.noarch.rpm’;\
ssh node4 ‘rpm -ivh http://172.16.31.125/soft/nginx-filesystem-1.10.2-1.el7.noarch.rpm’;
rpm -ivh http://172.16.31.125/soft/nginx-all-modules-1.10.2-1.el7.noarch.rpm –nodeps;\
ssh node2 ‘rpm -ivh http://172.16.31.125/soft/nginx-all-modules-1.10.2-1.el7.noarch.rpm –nodeps’;\
ssh node3 ‘rpm -ivh http://172.16.31.125/soft/nginx-all-modules-1.10.2-1.el7.noarch.rpm –nodeps’;\
ssh node4 ‘rpm -ivh http://172.16.31.125/soft/nginx-all-modules-1.10.2-1.el7.noarch.rpm –nodeps’
yum -y install gperftools-libs;ssh node2 ‘yum -y install gperftools-libs’;ssh node3 ‘yum -y install gperftools-libs’;ssh node4 ‘yum -y install gperftools-libs’
rpm -ivh http://172.16.31.125/soft/nginx-1.10.2-1.el7.x86_64.rpm;\
ssh node2 ‘rpm -ivh http://172.16.31.125/soft/nginx-1.10.2-1.el7.x86_64.rpm’;\
ssh node3 ‘rpm -ivh http://172.16.31.125/soft/nginx-1.10.2-1.el7.x86_64.rpm’; \
ssh node4 ‘rpm -ivh http://172.16.31.125/soft/nginx-1.10.2-1.el7.x86_64.rpm’;
# yum search libprofiler
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
============================================================================================================================ Matched: libprofiler ============================================================================================================================
gperftools-libs.i686 : Libraries provided by gperftools
gperftools-libs.x86_64 : Libraries provided by gperftools
2、配置nginx
cat nginx.conf.bak | sed ‘s/\/usr\/share\/nginx\/html/\/htdocs\/www\//’ > /etc/nginx/nginx.conf
scp /etc/nginx/nginx.conf root@node2:/etc/nginx/nginx.conf;\
scp /etc/nginx/nginx.conf root@node3:/etc/nginx/nginx.conf
//测试静态主页是否正常
mount -t nfs node4:/htdocs/www /htdocs/www/;ssh node2 ‘mount -t nfs node4:/htdocs/www /htdocs/www/’; ssh node3 ‘mount -t nfs node4:/htdocs/www /htdocs/www/’
nginx;ssh node2 ‘nginx’;ssh node3 ‘nginx’;ssh node4 ‘nginx’
umount /htdocs/www/;ssh node2 ‘umount /htdocs/www/’;ssh node3 ‘umount /htdocs/www/’
nginx -s stop;ssh node2 ‘nginx -s stop’;ssh node3 ‘nginx -s stop’
3、配置nginx fscgi
1、备份配置文件
mv /etc/nginx/fastcgi_params{,.bak} -v
mv /etc/nginx/nginx.conf{,.bak} -v
2、创建配置文件
cat > /etc/nginx/nginx.conf << EOF
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
events {
worker_connections 1024;
}
http {
log_format main ‘$remote_addr – $remote_user [$time_local] “$request” ‘
‘$status $body_bytes_sent “$http_referer” ‘
‘”$http_user_agent” “$http_x_forwarded_for”‘;
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
server {
listen 11.100.46.252:80;
server_name _;
root /htdocs/www/;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
index index.php index.html index.htm; #添加index.php
fastcgi_pass 11.100.46.251:9000; #指向php-fpm
fastcgi_index index.php; #指向php.index
fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name; #定义fpm参数
include /etc/nginx/fastcgi_params;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
}
EOF
4、配置nginx与fpmserver传递的参数
cat > /etc/nginx/fastcgi_params << EOF
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
EOF
5、测试nginx–fcgi
sudo -u apache vim /htdocs/www/index.php
<?php
phpinfo();
?>
6、配置其它nginx
scp /etc/nginx/nginx.conf node2:/etc/nginx/nginx.conf;scp /etc/nginx/nginx.conf node3:/etc/nginx/nginx.conf;scp /etc/nginx/nginx.conf node4:/etc/nginx/nginx.conf;
scp /etc/nginx/scgi_params node1:/etc/nginx/;scp /etc/nginx/scgi_params node3:/etc/nginx/;scp /etc/nginx/scgi_params node4:/etc/nginx/
umount /htdocs/www/;ssh node2 ‘umount /htdocs/www/’;ssh node3 ‘umount /htdocs/www/’
七、安装mysql-server
yum -y install mariadb;ssh node2 ‘yum -y install mariadb’;ssh node3 ‘yum -y install mariadb’;ssh node4 ‘yum -y install mariadb’
yum -y install mariadb-server;ssh node2 ‘yum -y install mariadb-server’;ssh node3 ‘yum -y install mariadb-server’;ssh node4 ‘yum -y install mariadb-server’
mount -t nfs node4:/mydata/data /mydata/data;ssh node2 ‘mount -t nfs node4:/mydata/data /mydata/data’;ssh node3 ‘mount -t nfs node4:/mydata/data /mydata/data’
cp -a /var/lib/mysql/* /mydata/data/
mv /etc/my.cnf{,.bak} -v
cat /etc/my.cnf.bak | sed ‘s/\/var\/lib\/mysql$/\/mydata\/data/’ > /etc/my.cnf
scp /etc/my.cnf root@node2:/etc/; scp /etc/my.cnf root@node3:/etc/;scp /etc/my.cnf root@node4:/etc/
umount /mydata/data;ssh node2 ‘umount /mydata/data’;ssh node3 ‘umount /mydata/data’;ssh node4 ‘umount /mydata/data’
yum -y install “php-mysql” “php-mysqlnd” –skip-broken;ssh node2 ‘yum -y install “php-mysql” “php-mysqlnd” –skip-broken ‘;\
ssh node3 ‘yum -y install “php-mysql” “php-mysqlnd” –skip-broken’; ssh node4 ‘yum -y install “php-mysql” “php-mysqlnd” –skip-broken’;
cat > /htdocs/www/test.php << EOF
<?php
$link = mysql_connect(‘127.0.0.1′,’root’,’mageedu’);
if ($link)
echo “Success…”;
else
echo “Failure…”;
mysql_close();
?>
EOF
CREATE DATABASE discuz;
USE mysql
DELETE FROM user WHERE User=”;
UPDATE user SET Password=(password(‘cisco’));
GRANT ALL PRIVILEGES ON discuz.* TO ‘discuz’@’11.100.46.253’ IDENTIFIED BY ‘discuz’;
GRANT ALL PRIVILEGES ON discuz.* TO ‘discuz’@’11.100.46.252’ IDENTIFIED BY ‘discuz’;
GRANT ALL PRIVILEGES ON discuz.* TO ‘discuz’@’11.100.46.251’ IDENTIFIED BY ‘discuz’;
GRANT ALL PRIVILEGES ON discuz.* TO ‘discuz’@’11.100.46.4’ IDENTIFIED BY ‘discuz’;
GRANT ALL PRIVILEGES ON discuz.* TO ‘discuz’@’11.100.46.7’ IDENTIFIED BY ‘discuz’;
GRANT ALL PRIVILEGES ON discuz.* TO ‘discuz’@’11.100.46.9’ IDENTIFIED BY ‘discuz’;
GRANT ALL PRIVILEGES ON discuz.* TO ‘discuz’@’11.100.46.11’ IDENTIFIED BY ‘discuz’;
FLUSH PRIVILEGES;
九、配置crm
systemctl enable httpd;ssh node2 ‘systemctl enable httpd’;ssh node3 ‘systemctl enable httpd’; ssh node4 ‘systemctl enable httpd’
systemctl enable php-fpm;ssh node2 ‘systemctl enable php-fpm’;ssh node3 ‘systemctl enable php-fpm’; ssh node4 ‘systemctl enable php-fpm’;
systemctl enable mariadb;ssh node2 ‘systemctl enable mariadb’;ssh node3 ‘systemctl enable mariadb’; ssh node4 ‘systemctl enable mariadb’;
1、配置apache
primitive webip ocf:heartbeat:IPaddr2 params ip=”11.100.46.253″ op monitor timeout=20s interval=10s
primitive webhttpd systemd:httpd op start timeout=100s op stop timeout=100s op monitor timeout=100s interval=60s
primitive websnfs ocf:heartbeat:Filesystem params device=”node4:/htdocs/www” directory=”/htdocs/www/” fstype=”nfs” op start timeout=60s op stop timeout=60s op monitor timeout=40s interval=20s
property stonith-enabled=false
colocation webip_with_webhttpd inf: webip webhttpd
colocation webhttpd_with_webnfs inf: webhttpd websnfs
order websnfs_after_webip Mandatory: webip websnfs
order webhttpd_after_webnfs Mandatory: websnfs webhttpd
2、配置php-fpm
primitive fpmip ocf:heartbeat:IPaddr2 params ip=”11.100.46.251″ op monitor timeout=20s interval=10s
primitive phpnfs ocf:heartbeat:Filesystem params device=”node4:/htdocs/www” directory=”/htdocs/www/” fstype=”nfs” op start timeout=60s op stop timeout=60s op monitor timeout=40s interval=20s
primitive phpfpm systemd:php-fpm op stop timeout=100s op monitor timeout=100s interval=60s op start timeout=100s
colocation phpfpm_with_phpnfs inf: phpfpm phpnfs
colocation fpmip_with_phpnfs inf: fpmip phpnfs
order phpnfs_after_fpmip Mandatory: fpmip phpnfs
order phpfpm_after_phpnfs Mandatory: phpnfs phpfpm
3、配置mysql
primitive mysqlip ocf:heartbeat:IPaddr2 params ip=”11.100.46.250″ op monitor timeout=20s interval=10s
primitive mysqlnfs ocf:heartbeat:Filesystem params device=”node4:/mydata/data/” directory=”/mydata/data/” fstype=”nfs” op start timeout=60s op stop timeout=60s op monitor timeout=40s interval=20s
primitive mariadb systemd:mariadb op start timeout=100s op stop timeout=100s op status timeout=100 op monitor timeout=100 interval=60
colocation mariadb_with_mysqlnfs inf: mariadb mysqlnfs
colocation mysqlip_with_mysqlnfs inf: mysqlip mysqlnfs
order mysqlnfs_after_mysqlip Mandatory: mysqlip mysqlnfs
order mariadb_after_mysqlnfs Mandatory: mysqlnfs mariadb
4、配置nginx
primitive nginx ocf:heartbeat:nginx op start timeout=60s op stop timeout=60s op monitor timeout=30s interval=20s
primitive nginxnfs ocf:heartbeat:Filesystem params device=”node4:/htdocs/www” directory=”/htdocs/www/” fstype=”nfs” op start timeout=60s op stop timeout=60s op monitor timeout=40s interval=20s
primitive nginxip ocf:heartbeat:IPaddr2 params ip=”11.100.46.252″ op monitor timeout=20s interval=10s
colocation nginxip_with_nginx inf: nginxip nginx
colocation nginx_with_nginxnfs inf: nginx nginxnfs
order nginxnfs_after_nginxip Mandatory: webip websnfs
order nginx_after_nginxnfs Mandatory: websnfs webhttpd
;ssh node2 ”;ssh node3 ”; ssh node4 ”;
5、调整服务资源的依赖关系
location webhttpd_prefer_node1 webip 300: node1
location nginx_prefer_node2 nginx 300: node2
location fpm_perfer_node3 phpfpm 300: node3
property default-resource-stickiness=88
十、配置静态server
nginx static1:11.100.45.70
nginx static2:11.100.45.76
nginx1:
rpm -ivh http://172.16.31.125/soft/nginx-filesystem-1.10.2-1.el6.noarch.rpm
rpm -ivh http://172.16.31.125/soft/nginx-all-modules-1.10.2-1.el6.noarch.rpm –nodeps
rpm -ivh http://172.16.31.125/soft/nginx-1.10.2-1.el6.x86_64.rpm
yum -y install nfs-utils
mkdir -pv /htdocs/www
groupadd -r -g 888 apache
useradd -M -u 888 -g 888 -s /sbin/nologin -r apache
chmod -R u=rwx,g=rx,o=rx /htdocs/www/
chown -R apache:apache /htdocs/www/
setfacl -m u:root:rwx /htdocs/www/
mv /etc/nginx/nginx.conf{,.bak} -v
cat /etc/nginx/nginx.conf.bak | sed ‘s/user nginx/user apache/’ > /etc/nginx/nginx.conf
mv /etc/nginx/conf.d/default.conf{,.bak} -v
vim /etc/nginx/conf.d/default.conf
cat /etc/nginx/conf.d/default.conf.bak | sed ‘s/\/usr\/share\/nginx\/html/\/htdocs\/www/’ > /etc/nginx/conf.d/default.conf
iptables -F
iptables -X
nginx
nginx2:
rpm -ivh http://172.16.31.125/soft/nginx-filesystem-1.10.2-1.el6.noarch.rpm
rpm -ivh http://172.16.31.125/soft/nginx-all-modules-1.10.2-1.el6.noarch.rpm –nodeps
rpm -ivh http://172.16.31.125/soft/nginx-1.10.2-1.el6.x86_64.rpm
yum -y install nfs-utils
mkdir -pv /htdocs/www
groupadd -r -g 888 apache
useradd -M -u 888 -g 888 -s /sbin/nologin -r apache
chmod -R u=rwx,g=rx,o=rx /htdocs/www/
chown -R apache:apache /htdocs/www/
setfacl -m u:root:rwx /htdocs/www/
mv /etc/nginx/nginx.conf{,.bak} -v
cat /etc/nginx/nginx.conf.bak | sed ‘s/user nginx/user apache/’ > /etc/nginx/nginx.conf
mv /etc/nginx/conf.d/default.conf{,.bak} -v
vim /etc/nginx/conf.d/default.conf
cat /etc/nginx/conf.d/default.conf.bak | sed ‘s/\/usr\/share\/nginx\/html/\/htdocs\/www/’ > /etc/nginx/conf.d/default.conf
iptables -F
iptables -X
nginx
十一、配置haproxy动静分离
1、开启日志
vim /etc/rsyslog.conf
$ModLoad imudp
$UDPServerRun 514
local2.* /var/log/boot.log
service rsyslog restart
2、配置haproxy
配置文件如下:
global
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
stats socket /var/lib/haproxy/stats
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 30000
listen statistics
bind 11.100.40.123:8008
stats enable
stats hide-version
# stats scope .
stats uri /haproxyadmin?stats
stats realm Haproxy\ Statistics
stats auth xngdadmin:xngd
stats auth xngd:xngd
stats admin if TRUE
frontend main
bind :80
acl url_static path_beg -i /static /images /javascript /stylesheets
acl url_static path_end -i .jpg .gif .png .css .js
use_backend static if url_static
default_backend dynamic
backend static
balance roundrobin
server dserver1 11.100.45.76:80 check port 80 inter 2000 rise 1 fall 2 maxconn 3000 weight 1
server dserver2 11.100.45.70:80 check port 80 inter 2000 rise 1 fall 2 maxconn 3000 weight 1
backend dynamic
balance roundrobin
cookie SERVERID insert nocache indirect
server dm_serv1 11.100.46.252:80 check weight 1 cookie websrv1
server dm_serv2 11.100.46.253:80 check weight 1 cookie websrv2