1、已经运行很久的主库怎么做主从,有哪些方法,都有哪些优劣
方法一:如果数据库文件不大的话,直接添加从服务,从头开始同步数据
vim /etc/my.cnf
[mysqld]
server_id=3
mysql > CHANGE MASTER TO
MASTER_HOST='192.168.30.7',
MASTER_USER='rpl_user',
MASTER_PASSWORD='test',
MASTER_PORT=3306,
MASTER_LOG_FILE='mariadb-bin.000004',
MASTER_LOG_POS=245;
mysql > start slave;
mysql > show slave status \G
方法二:备份主服务器上的数据,然后还原在新加的从服务器上,再开启从服务器
- 使用mysqldump 工具备份主服务器
mysqldump -A -F --single-transaction --master-data=2 --flush-privileges > full_backup.sql
show master logs;
scap full_backup.sql 192.168.30.114:/backup
- 在从服务器上还原
mysql < full_backup.sql
mysql > CHANGE MASTER TO
MASTER_HOST='192.168.30.7',
MASTER_USER='rpl_user',
MASTER_PASSWORD='test',
MASTER_PORT=3306,
MASTER_LOG_FILE='mariadb-bin.000004',
MASTER_LOG_POS=245;
mysql > start slave;
mysql > show slave status \G
2、实现主从复制的加密。
CA签署证书和颁发证书
- 生成CA的自签名证书
# 生成CA的私钥
openssl genrsa -out cakey.pem 2048
# 自签名CA的证书
openssl req -new -x509 -key cakey.pem -out cacert.pem -days 3650
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:SiChuan
Locality Name (eg, city) [Default City]:SiChuan
Organization Name (eg, company) [Default Company Ltd]:test.com
Organizational Unit Name (eg, section) []:OPT
Common Name (eg, your name or your server's hostname) []:my.test.com
Email Address []:
- 生成主服务器的证书
openssl req -newkey rsa:2048 -days 365 -nodes -keyout master.key -out master.csr
openssl x509 -req -in master.csr -CA cacert.pem -CAkey cakey.pem -set_serial 01 -out master.crt
- 生成从服务器的证书
openssl req -newkey rsa:2048 -days 365 -nodes -keyout slave.key -out slave.csr
openssl x509 -req -in slave.csr -CA cacert.pem -CAkey cakey.pem -set_serial 01 -out slave.crt
- 复制对应服务器的私钥和证书
# 主服务器(CA的证书、主服务器的证书、主服务器的私钥)
scp cacert.pem master.key master.crt 192.168.30.7:/etc/my.cnf.d
# 从服务器(CA的证书、从服务器的证书、从服务器的私钥)
scp cacert.pem slave.crt slave.key 192.168.30.114:/etc/my.cnf.d
主服务器
- 配置my.cnf
vim /etc/my.cnf
[mysqld]
log_bin
server_id=1
ssl
ssl-ca=/etc/my.cnf.d/ssl/cacert.pem
ssl-cert=/etc/my.cnf.d/ssl/master.crt
ssl-key=/etc/my.cnf.d/ssl/master.key
- 创建主从服务器同步用帐号
mysql> grant replication slave on *.* to repluser@'192.168.30.%' identified by 'test' require ssl;
- 检查是否开启ssl
mysql > show variables like '%ssl%';
+---------------+------------------------------+
| Variable_name | Value |
+---------------+------------------------------+
| have_openssl | YES |
| have_ssl | YES |
| ssl_ca | /etc/my.cnf.d/ssl/cacert.pem |
| ssl_capath | |
| ssl_cert | /etc/my.cnf.d/ssl/master.crt |
| ssl_cipher | |
| ssl_key | /etc/my.cnf.d/ssl/master.key |
+---------------+------------------------------+
从服务器
- 配置 my.cnf
vim /etc/my.cnf
[mysqld]
server_id=2
ssl
ssl-ca=/etc/my.cnf.d/ssl/cacert.pem
ssl-cert=/etc/my.cnf.d/ssl/slave.crt
ssl-key=/etc/my.cnf.d/ssl/slave.key
- 开启从服务器同步
mysql> CHANGE MASTER TO
MASTER_HOST='192.168.30.7',
MASTER_USER='repluser',
MASTER_PASSWORD='test',
MASTER_PORT=3306,
MASTER_LOG_FILE='mariadb-bin.000004',
MASTER_LOG_POS=29077986,
MASTER_CONNECT_RETRY=10,
MASTER_SSL=1;
mysql> start slave
- 检查同步状态
3、http与php通信的原理级方式。
如下lamp的架构图
http服务器和php通信,主要有两种方式:
- 一种是通过CGI协议;
- 另一种是通过fast CGI协议。
首先来了解什么是CGI协议
- CGI即通用网关接口,它是CGI应用程序和http服务器通信的接口标准。这样http服务器不能处理的PHP动态资源,通过CGI协议传送给PHP程序模块处理,最后将结果又通过CGI协议传回给http服务器,最终响应客户端的请求。
- 这种情况下的PHP程序是以模块的方式存在于http程序中,连配置文件都是放在httpd的配置目录中,所以PHP没有独立的进程,只有需要PHP才重新启动解释器。
rpm -ql php
/etc/httpd/conf.d/php.conf
/etc/httpd/conf.modules.d/10-php.conf
/usr/lib64/httpd/modules/libphp5.so
/usr/share/httpd/icons/php.gif
/var/lib/php/session
那什么又是fast CGI协议
fast CGI是由CGI发展而来,它以独立的进程运行,不需要像CGI那样遇到动态资源才启动解释器,所以执行效率要比CGI要高。FASTCGI采用C/S架构,脚本解析服务器开启多个守护进程,提高http服务器的并发处理能力。
rpm -ql php-fpm
/etc/logrotate.d/php-fpm
/etc/php-fpm.conf
/etc/php-fpm.d
/etc/php-fpm.d/www.conf
/etc/sysconfig/php-fpm
/run/php-fpm
/usr/lib/systemd/system/php-fpm.service
/usr/lib/tmpfiles.d/php-fpm.conf
/usr/sbin/php-fpm
/usr/share/doc/php-fpm-5.4.16
/usr/share/doc/php-fpm-5.4.16/fpm_LICENSE
/usr/share/doc/php-fpm-5.4.16/php-fpm.conf.default
/usr/share/fpm
/usr/share/fpm/status.html
/usr/share/man/man8/php-fpm.8.gz
/var/log/php-fpm
观察启动后的进程
systemctl start php-fpm
ps aux | grep php-fpm
root 41317 4.6 0.5 329908 10200 ? Ss 09:29 0:00 php-fpm: master process (/etc/php-fpm.conf)
apache 41319 0.0 0.2 331992 4988 ? S 09:29 0:00 php-fpm: pool www
apache 41320 0.0 0.2 331992 4988 ? S 09:29 0:00 php-fpm: pool www
apache 41321 0.0 0.2 331992 4988 ? S 09:29 0:00 php-fpm: pool www
apache 41322 0.0 0.2 331992 4988 ? S 09:29 0:00 php-fpm: pool www
apache 41323 0.0 0.2 331992 4988 ? S 09:29 0:00 php-fpm: pool www
其配置文件
[www]
listen = 127.0.0.1:9000
listen.allowed_clients = 127.0.0.1
user = apache
group = apache
pm = dynamic
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 35
slowlog = /var/log/php-fpm/www-slow.log
php_admin_value[error_log] = /var/log/php-fpm/www-error.log
php_admin_flag[log_errors] = on
php_value[session.save_handler] = files
php_value[session.save_path] = /var/lib/php/session
FASTCGI的工作流程
- http服务器启动载入fastCGI进程管理器
- fastCGI启动并初始化,等待http服务器的连接
- 当客户动态资源的请求到达http服务器,fastCGI进程管理器连接CGI的socket,http服务器将请求资源发送给CGI程序解释执行
- fastCGI子进程将处理完成的结果从同一个连接返回给http服务器,完成数据传送后子进程进入待机模式,等待下一次http服务的连接
4、http实现基于用户的访问控制。
基于文件系统路径方式实现
< Directory "/path">
AuthType Basic # 认证方式
AuthName "String" # 提示字符串
AuthUserFile "/PATH/HTTPD_USER_PASSWD_FILE" # 认证用的用户名和密码
Require user username1 username2 ... # 允许访问的帐号文件中用户列表
</Directory>
帐号文件的生成方式,使用htpasswd命令
语法:
htpasswd [options] /PATH/HTTPD_PASSWD_FILE username
选项:
-c:自动创建文件,仅应该在文件不存在时使用
-p:明文密码
-d:CRYPT格式加密,默认
-m:md5格式加密
-s: sha格式加密
-D:删除指定用户
实际用法:
htpasswd -c /etc/httpd/access_users test1
htpasswd /etc/httpd/access_users test2
5、编译安装lamp实现wordpress.
编译顺序是:编译httpd–>编译php–>编译MySQL。编译httpd和php必须要先编译httpd。
- 编译安装httpd
yum groupinstall 'Development Tools'
yum -y install pcre-devel openssl-devel expat-devel
# 解压apr 和 apr-util 源码到 httpd 的srclib 目录中
tar xf apr-1.7.0.tar.gz
tar xf apr-util-1.6.1.tar.gz
mv apr-1.7.0 httpd/srclib/apr
mv apr-util-1.7.0 httpd/srclib/apr-util
# 编译和安装
./configure \
--prefix=/data/httpd24 \
--enable-so --enable-ssl \
--enable-cgi \
--enable-rewrite \
--with-zlib \
--with-pcre \
--with-included-apr \
--enable-modules=most \
--enable-mpms-shared=all \
--with-mpm=prefork
make && make install
# 启动服务测试
echo PATH=/data/httpd24/bin/:$PATH > /etc/profile.d/lamp.sh
apachectl start
ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:111 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 :::111 :::*
LISTEN 0 128 :::80 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
# 为了使用PHP配置
vim /data/httpd24/conf/httpd.conf
# 取消下面两行的注释
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
# 修改下面行
<IfModule dir_module>
DirectoryIndex index.php index.html
</IfModule>
# 在文件末增加下面几行
addType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
ProxyRequests Off
ProxyPassMatch ^/(.*\.php)$ fcgi://127.0.0.1:9000/app/httpd24/htdocs/$1
- 编译安装php
yum -y install libxml2-devel bzip2-devel libmcrypt-devel
./configure \
--prefix=/data/php \
--enable-mysqlnd \
--with-mysqli=mysqlnd \
--with-openssl \
--with-pdo-mysql=mysqlnd \
--enable-mbstring \
--with-freetype-dir \
--with-jpeg-dir \
--with-png-dir \
--with-zlib \
--with-libxml-dir=/usr \
--enable-xml \
--enable-sockets \
--enable-fpm \
--with-config-file-path=/etc \
--with-config-file-scan-dir=/etc/php.d \
--enable-maintainer-zts \
--disable-fileinfo
make && make install
# 配置PHP
cd /data/src/php-7.3.5/
cp php.ini-production /etc/php.ini
cp sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm
chmod +x /etc/init.d/php-fpm
chkconfig --add php-fpm
chkconfig php-fpm on
cd /data/php/etc
cp php-fpm.conf.default php-fpm.conf
cp php-fpm.d/www.conf.default php-fpm.d/www.conf
service php-fpm start
- 编译安装MySQL
yum install libaio-devel bison bison-devel zlib-devel openssl-devel ncurses-devel libcurl-devel libarchive-devel boost-devel gcc gcc-c++ cmake libevent-devel
useradd –r –s /bin/false –m –d /data/mysqldb mysql
# 准备编译
cmake . \
-DCMAKE_INSTALL_PREFIX=/data/mysql \
-DMYSQL_DATADIR=/data/mysqldb/ \
-DSYSCONFDIR=/etc \
-DMYSQL_USER=mysql \
-DWITH_INNOBASE_STORAGE_ENGINE=1 \
-DWITH_ARCHIVE_STORAGE_ENGINE=1 \
-DWITH_BLACKHOLE_STORAGE_ENGINE=1 \
-DWITH_PARTITION_STORAGE_ENGINE=1 \
-DWITHOUT_MROONGA_STORAGE_ENGINE=1 \
-DWITH_DEBUG=0 \
-DWITH_READLINE=1 \
-DWITH_SSL=system \
-DWITH_ZLIB=system \
-DWITH_LIBWRAP=0 \
-DENABLED_LOCAL_INFILE=1 \
-DMYSQL_UNIX_ADDR=/tmp/mysql.sock \
-DDEFAULT_CHARSET=utf8 \
-DDEFAULT_COLLATION=utf8_general_ci
make -j 4 && make install
# 配置MySQL
cd /data/mysql/
scripts/mysql_install_db --datadir=/data/mysqldb/ --user=mysql --basedir=/data/mysql
cp /data/mysql/support-files/my-huge.cnf /etc/my.cnf
cp /data/mysql/support-files/mysql.server /etc/init.d/mysqld
chkconfig --add mysqld ;service mysqld start
- 解压wordpress,并移动到httpd服务的主目录中,修改wordpress的配置文件
mv /data/src/wordpress/* /data/httpd24/htdocs/
# 创建数据库和用户
mysql > create database wordpressdb;
mysql > grant all on wordpressdb.* to wordpress@'localhost' identified by 'test';
# 修改配置文件
mv wp-config-sample.php wp-config.php
vim wp-config.php
define( 'DB_NAME', 'wordpressdb' );
define( 'DB_USER', 'wordpress' );
define( 'DB_PASSWORD', 'test' );
define( 'DB_HOST', 'localhost' );
- 测试是否成功