1、介绍:
https://blog.csdn.net/qq_41960479/article/details/126348193
2、DR模式实验:
2.1、机器环境:
机器: | 网卡:ip | GW:网关 | 主机名: | 宿主机IP |
---|---|---|---|---|
Client | 桥接CIP:172.16.0.241 | 172.16.0.242 | client | 172.16.0.241 |
router | 桥接:172.16.0.242,NAT:10.0.0.7 | 无 | router | 10.0.0.7 172.16.0.242(外网) |
LVS1 | VIP:10.0.0.100,DIP:10.0.0.8 | DIP_GW:10.0.0.7 | lvs1 | 10.0.0.8 |
Real Server1 | VIP:10.0.0.100,RIP1:10.0.0.60 | RIP_GW:10.0.0.7 | rs1 | 10.0.0.60 |
Real Server2 | VIP:10.0.0.100,RIP2:10.0.0.61 | RIP_GW:10.0.0.7 | rs2 | 10.0.0.61 |
2.2、环境部署:
router:开启ip路由转发功能
# hostnamectl set-hostname router
# echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
#
# sysctl -p
net.ipv4.ip_forward = 1
client:测试路由转发功能:
# hostnamectl set-hostname client
# ping 10.0.0.8
# ping 10.0.0.60
# ping 10.0.0.61
LVS1:
# hostnamectl set-hostname lvs1
安装工具包:
# yum install ipvsadm -y
]# rpm -ql ipvsadm
/etc/sysconfig/ipvsadm-config 规则配置文件
/usr/lib/systemd/system/ipvsadm.service
/usr/sbin/ipvsadm
/usr/sbin/ipvsadm-restore 还原规则工具
/usr/sbin/ipvsadm-save 备份规则工具
添加vip
# ip addr add 10.0.0.100/24 dev eth0
RS:
环境配置:RS1和RS2
# hostnamectl set-hostname RS1
# hostnamectl set-hostname RS2
添加vip
# ip addr add 10.0.0.100/24 dev eth0
响应功能(arp_ignore),默认0,响应;1,不响应
# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
# echo 1 > /proc/sys/net/ipv4/conf/eth0/arp_ignore
探测功能(apr_announce),默认0,通告;2,不通告
# echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
# echo 2 > /proc/sys/net/ipv4/conf/eth0/arp_announce
软件安装:
# yum install nginx -y
# systemctl enable nginx --now
RS1:
# echo "10.0.0.60 RS1" > /usr/share/nginx/html/index.html
RS2:
# echo "10.0.0.61 RS2" > /usr/share/nginx/html/index.html
测试访问:RS1和RS2
# curl 127.0.0.1
2.3、lvs配置集群策略配置:
添加集群服务:lvs1
# ipvsadm -A -t 10.0.0.100:80 -s rr
-A 添加
-E 修改
-t tcp + service_IP:port
-s 指定调度算法
添加后端RS的服务器地址
# ipvsadm -a -t 10.0.0.100:80 -r 10.0.0.60:80 -g
# ipvsadm -a -t 10.0.0.100:80 -r 10.0.0.61
-a 添加
-e 修改
-r server_IP:port,默认80
-g DR工作模式,默认
-m NAT工作模式
查看配置的策略
# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 10.0.0.100:80 rr
-> 10.0.0.60:80 Route 1 0 0
-> 10.0.0.61:80 Route 1 0 0
-L 列出策略表
-n IP端口以数字形式显示
开启ipvsadm服务
# 保存规则至默认配置文件,如果没有文件则要先创建
ipvsadm-save > /etc/sysconfig/ipvsadm
systemctl enalbe ipvsadm --now
更多命令与文件:了解
保存策略至文件
#建议保存至/etc/sysconfig/ipvsadm
也可以保存到指定的文件路径
# ipvsadm-save > /PATH/TO/IPVSADM_FILE
# ipvsadm -S > /PATH/TO/IPVSADM_FILE
# systemctl stop ipvsadm.service #会自动保存规则至/etc/sysconfig/ipvsadm
清空策略
# ipvsadm -C
从文件恢复策略
# ipvsadm-restore < /PATH/FROM/IPVSADM_FILE
# systemctl start ipvsadm.service #会自动加载/etc/sysconfig/ipvsadm中规则
systemctl 对ipvsadm启动命令:
# cat /usr/lib/systemd/system/ipvsadm.service
[Unit]
Description=Initialise the Linux Virtual Server
After=syslog.target network.target
[Service]
Type=oneshot
ExecStart=/bin/bash -c "exec /sbin/ipvsadm-restore < /etc/sysconfig/ipvsadm"
ExecStop=/bin/bash -c "exec /sbin/ipvsadm-save -n > /etc/sysconfig/ipvsadm"
ExecStop=/sbin/ipvsadm -C
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
相关文件
ipvs规则记录文件
# cat /proc/net/ip_vs
ipvs连接记录文件
# cat /proc/net/ip_vs_conn
2.4、客户端访问测试:
# while true;do curl 192.168.169.101;sleep 0.5;done
补充:NAT模式实验
client 桥接:172.20.10.5
lvs:两张网卡,需要开启ip路由转发
VIP桥接:172.20.10.6
dip:10.0.0.8
rs1 nat 10.0.0.60 gw10.0.0.8
rs2 nat 10.0.0.61 gw10.0.0.8
3、keepalived+LVS:高可用
3.1、keepalived 有关LVS配置介绍
[root@lvs01 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
# 全局配置
global_defs {
notification_email {
acassen@firewall.loc
failover@firewall.loc
sysadmin@firewall.loc
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id LVS_DEVEL
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
# vrrp实例配置
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.200.16
192.168.200.17
192.168.200.18
}
}
# VS配置1:https
virtual_server 192.168.200.100 443 {
delay_loop 6
lb_algo rr
lb_kind NAT
persistence_timeout 50
protocol TCP
# RS配置
real_server 192.168.201.100 443 {
weight 1
SSL_GET {
url {
path /
digest ff20ad2481f97b1754ef3e12ecd3a9cc
}
url {
path /mrtg/
digest 9b3a0c85a887a256d6939da88aabd8cd
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
# VS配置2:http
virtual_server 10.10.10.2 1358 {
# 检查后端服务器的时间间隔
delay_loop 6
# 定义后端服务器的调度算法
lb_algo rr
# 定义集群的工作模式
lb_kind NAT
# 持久连接时长,单位s,减少频繁的tcp三次握手与四次挥手
persistence_timeout 50
# 支持协议
protocol TCP
# 所有RS故障时,备用服务器地址
sorry_server 192.168.200.200 1358
# RS1 配置
real_server 192.168.200.2 1358 {
# 调度算法权重
weight 1
# RS服务器的HTTP_GET健康状态检测方法
HTTP_GET {
url {
# 定义 HTTP_GET 检测的URL
path /testurl/test.jsp
# 判断上述检测机制为健康状态的响应码
status_code <INT>
# 判断为健康状态的响应的内容校验码
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl2/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
url {
path /testurl3/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334d
}
# HTTP_GET 连接超时时间,s
connect_timeout 3
# HTTP_GET 重试次数
nb_get_retry 3
# HTTP_GET 重试之前的延迟时长,s
delay_before_retry 3
}
}
# RS2配置
real_server 192.168.200.3 1358 {
weight 1
HTTP_GET {
url {
path /testurl/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334c
}
url {
path /testurl2/test.jsp
digest 640205b7b0fc66c1ea91c463fac6334c
}
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
3.2、keepalived配置主备模式:IPVS示例
新增lvs2机器:10.0.0.9
统一安装:
# yum install keepalived ipvsadm -y
lvs1:
[root@lvs01 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id lvs01
vrrp_mcast_group4 224.100.100.100
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.100/24 dev eth0 label eth0:1
}
}
virtual_server 10.0.0.100 80 {
delay_loop 3
lb_algo rr
lb_kind DR
protocol TCP
sorry_server 127.0.0.1 80
real_server 10.0.0.60 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 1
nb_get_retry 3
delay_before_retry 1
}
}
real_server 10.0.0.61 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 1
nb_get_retry 3
delay_before_retry 1
}
}
}
lvs2:
# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id lvs01
vrrp_mcast_group4 224.100.100.100
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 51
priority 80
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.100/24 dev eth0 label eth0:1
}
}
virtual_server 10.0.0.100 80 {
delay_loop 3
lb_algo rr
lb_kind DR
protocol TCP
sorry_server 127.0.0.1 80
real_server 10.0.0.60 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 1
nb_get_retry 3
delay_before_retry 1
}
}
real_server 10.0.0.61 80 {
weight 1
HTTP_GET {
url {
path /
status_code 200
}
connect_timeout 1
nb_get_retry 3
delay_before_retry 1
}
}
}
3.3、其他环境配置参照DR实验保持一致
3.4、RS网卡VIP配置:
rs1:
# cat /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE=Ethernet
BOOTPROTO=static
NAME=eth0
DEVICE=eth0
ONBOOT=yes
IPADDR=10.0.0.60
PREFIX=24
GATEWAY=10.0.0.7
IPADDR1=10.0.0.100
PREFIX1=24
rs2:
# cat /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE=Ethernet
BOOTPROTO=static
NAME=eth0
DEVICE=eth0
ONBOOT=yes
IPADDR=10.0.0.61
PREFIX=24
GATEWAY=10.0.0.7
IPADDR1=10.0.0.100
PREFIX1=24
3.5、查看HTTP_GET检测信息:
# tailf /var/spool/mail/root
Date: Sat, 12 Aug 2023 20:36:07 +0800
From: keepalived@localhost.localdomain
Subject: [lvs01] Realserver [10.0.0.61]:80 - DOWN
X-Mailer: Keepalived
To: root@localhost.localdomain
Message-Id: <20230812123607.6BEC6401C0E9@lvs01.localdomain>
=> CHECK failed on service : HTTP request failed <=
3.6、sorry server 使用:
keepalived机器:安装nginx
# yum install nginx -y
# systemctl enable nginx --now
配置sorry server服务页面
# echo sorry > /var/www/html/index.html
3.7、客户端访问测试:
# while true;do curl 192.168.169.101;sleep 0.5;done
补充:保持连接
4、keepalived+LVS+LNMP
4.1、LNMP介绍
LNMP 是一个常用的web服务器架构,
PHP是一种常用的服务器端脚本语言,主要用于开发动态网站和 Web 应用程序。
LNMP组合工作流程:
当LNMP组合工作时,首先是用户通过浏览器输入域名请求NginxWeb服务,如果请求是静态资源,则由Nginx解析返回给用户;如果是动态请求(.php结尾),那么Nginx就会把它通过FastCGI接口(生产常用方法)发送给PHP引擎服务(FastCGI进程php-fpm)进行解析,如果这个动态请求要读取数据库数据,那么PHP就会继续向后请求MySQL数据库,以读取需要的数据,并最终通过Nginx服务把获取的数据返回给用户,这就是LNMP环境的基本请求顺序流程。
Nginx FastCGI的运行原理:
Nginx不支持对外部动态程序的直接调用或者解析,所有的外部程序(包括PHP)必须通过FastCGI接口来调用,
当Nginx将CGI请求发送给这个socket的时候,通过FastCGI接口,wrapper接收到请求,然后派生出一个新的线程,这个线程调用解释器或外部程序处理脚本来读取返回的数据;接着,wrapper再将返回的数据通过FastCGI接口,沿着固定的socket传递给Nginx;最后,Nginx将返回的数据发送给客户端,
FastCGI的主要优点是把动态语言和HTTP服务器分离开来,使Nginx专门处理静态请求及向后转发的动态请求,而PHP/PHP-FPM服务器则专门解析PHP动态请求。
4.2、LNMP项目wordpress部署
在10.0.0.60/61上操作
配置nginx:fastcgi模块
创建 ng 站点目录
# mkdir /app/wordpress
# echo wordpress > /app/wordpress/index.html
配置 wordpress虚拟主机
# vim /etc/nginx/conf.d/wordpress.conf
server {
listen 80;
server_name wpd.zjjyjs2.com;
root /app/wordpress;
location / {
index index.php index.html;
}
location ~* \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi.conf;
}
}
检查语法并启动
# nginx -t
# nginx
测试访问:
# curl 127.0.0.1
安装php-fpm:base源
如果无法安装,更改RS网关至VMnat8网卡
# yum install php-fpm php-mysql -y
# systemctl start php-fpm
编辑测试文件
# vim /app/wordpress/test.php
<?php
phpinfo();
?>
访问测试php
# curl 127.0.0.1/test.php
/etc/php-fpm.conf 进程主配置文件
修改php-fpm 进程用户:/etc/php-fpm.d/www.conf
修改php-fpm启动用户为 nginx
# vim /etc/php-fpm.d/www.conf
; RPM: apache Choosed to be able to access some dir as httpd
user = nginx
; RPM: Keep a group allowed to write in log dir.
group = nginx
# systemctl restart php-fpm
补充:
# cat /etc/php-fpm.d/www.conf |egrep -v "^;|^$"
[www] # 模块
listen = 127.0.0.1:9000 # 监听地址即IP
listen.allowed_clients = 127.0.0.1 # 允许客户端从哪个源IP地址访问
user = apache # php-fpm进行启动的用户和组
group = apache
pm = dynamic # 动态模式进程管理
pm.max_children = 50 # 静态方式下开启的php-fpm进程数,在动态方式下他限定php-fpm的最大进程数
pm.start_servers = 5 # 动态模式下初始进程数,必须大于等于pm.min_spare_servers和小于等于pm.max_children值
pm.min_spare_servers = 5 # 最小空闲进程数
pm.max_spare_servers = 35 # 最大空闲进程数
slowlog = /var/log/php-fpm/www-slow.log # 慢日志路径
php_admin_value[error_log] = /var/log/php-fpm/www-error.log # 错误日志
php_admin_flag[log_errors] = on
php_value[session.save_handler] = files # php session保存方式及路径
php_value[session.save_path] = /var/lib/php/session # 使用file保存session的文件路径
在zrlog数据库机器创建wordpress库并设置权限
创建wordpress数据库并授权wordpress用户
# mysql -uroot -e 'create database wordpress;grant all on wordpress.* to wordpress@"10.0.0.%" identified by "123456"'
部署wordpress项目代码
复制wordpress代码到站点目录:/app
# tar -xf wordpress-5.0.19-zh_CN.tar.gz -C /app
# chown -R nginx.nginx /app/wordpress/
4.3、访问测试:
4.4、流量接入 LVS
keepalived配置:接入VIP1集群服务与RS后端服务机器
lvs1
# cat /etc/keepalived/
cat: /etc/keepalived/: Is a directory
[root@lvs01 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id lvs01
vrrp_mcast_group4 224.100.100.100
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.100/24 dev eth0 label eth0:1
}
}
virtual_server 10.0.0.100 80 {
delay_loop 3
lb_algo rr
lb_kind DR
protocol TCP
sorry_server 127.0.0.1 80
real_server 10.0.0.60 80 {
weight 1
HTTP_GET {
url {
path /test.html
status_code 200
}
connect_timeout 1
nb_get_retry 3
delay_before_retry 1
}
}
}
5、LVS接入zrlog项目
LVS软件本身不支持正则处理,不支持解析HTTP应用层协议,不能做动静分离;
其实现在许多网站在这方面都有较强的需求, 这个是Nginx/HAProxy+Keepalived的优势所在,可以针对HTTP应用做一些分流的策略,比如针对域名、 目录结构等
Ng:配置
添加VIP
TYPE=Ethernet
BOOTPROTO=static
NAME=eth0
DEVICE=eth0
ONBOOT=yes
IPADDR=10.0.0.10
PREFIX=24
GATEWAY=10.0.0.7
IPADDR1=10.0.0.110
PREFIX1=24
补充:RS抑制arp
[root@rs1 ~]# echo "net.ipv4.conf.all.arp_ignore=1" >> /etc/sysctl.conf
[root@rs1 ~]# echo "net.ipv4.conf.eth0.arp_ignore=1" >> /etc/sysctl.conf
[root@rs1 ~]# echo "net.ipv4.conf.all.arp_announce=2" >> /etc/sysctl.conf
[root@rs1 ~]# echo "net.ipv4.conf.eth0.arp_announce=2" >> /etc/sysctl.conf
# sysctl -p
多级负载架构:
NG七层负载配置:
更改网关:10.0.0.7
添加vip
# ip addr add 10.0.0.110/24 dev eth0
响应功能(arp_ignore),默认0,响应;1,不响应
# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
# echo 1 > /proc/sys/net/ipv4/conf/eth0/arp_ignore
探测功能(apr_announce),默认0,通告;2,不通告
# echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce
# echo 2 > /proc/sys/net/ipv4/conf/eth0/arp_announce
ng负载配置
...
upstream zrlog {
server 10.0.0.20:8080;
#server 10.0.0.21:8080;
}
upstream static {
server 10.0.0.14;
#server 10.0.0.15;
}
server {
listen 80;
server_name zrlog.zjjyjs2.com;
access_log logs/zrlog_access.log main;
location ~ \.(js|css|html|htm|png|jgp)$ {
proxy_pass http://static;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location / {
proxy_pass http://zrlog;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
...
keepalived配置四层LVS:接入VIP2和ng七层代理服务
10.0.0.8
[root@lvs1 ~]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id lvs01
vrrp_mcast_group4 224.100.100.100
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.100/24 dev eth0 label eth0:1
10.0.0.110/24 dev eth0 label eth0:2
}
}
virtual_server 10.0.0.100 80 {
delay_loop 3
lb_algo rr
lb_kind DR
protocol TCP
sorry_server 127.0.0.1 80
real_server 10.0.0.60 80 {
weight 1
HTTP_GET {
url {
path /
status_code 301
}
connect_timeout 1
nb_get_retry 3
delay_before_retry 1
}
}
real_server 10.0.0.61 80 {
weight 1
HTTP_GET {
url {
path /
status_code 301
}
connect_timeout 1
nb_get_retry 3
delay_before_retry 1
}
}
}
virtual_server 10.0.0.110 80 {
delay_loop 3
lb_algo rr
lb_kind DR
protocol TCP
sorry_server 127.0.0.1 80
real_server 10.0.0.10 80 {
weight 1
HTTP_GET {
url {
path /test.html
status_code 200
}
connect_timeout 1
nb_get_retry 3
delay_before_retry 1
}
}
real_server 10.0.0.11 80 {
weight 1
HTTP_GET {
url {
path /test.html
status_code 200
}
connect_timeout 1
nb_get_retry 3
delay_before_retry 1
}
}
}
10.0.0.10、11
10、
upstream zrlog {
server 10.0.0.20:8080;
#server 10.0.0.21:8080;
}
upstream static {
server 10.0.0.14;
#server 10.0.0.15;
}
server {
listen 80;
server_name zrlog.zjjyjs2.com;
access_log logs/zrlog_access.log main;
location ~ \.(js|css|html|htm|png|jgp)$ {
proxy_pass http://static;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location / {
proxy_pass http://zrlog;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
....
# cat /app/nginx/html/test.html
10.0.0.10 ng1
=================================================
11、
upstream zrlog {
server 10.0.0.20:8080;
server 10.0.0.21:8080;
}
upstream static {
server 10.0.0.14;
server 10.0.0.15;
}
server {
listen 80;
server_name zrlog.zjjyjs2.com;
access_log logs/zrlog_access.log main;
location ~ \.(js|css|html|htm|png|jgp)$ {
proxy_pass http://static;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location / {
proxy_pass http://zrlog;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
...
# cat /app/nginx/html/test.html
10.0.0.11 ng2
proxy_pass http://zrlog;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
…
cat /app/nginx/html/test.html
10.0.0.10 ng1
=================================================
11、
upstream zrlog {
server 10.0.0.20:8080;
server 10.0.0.21:8080;
}
upstream static {
server 10.0.0.14;
server 10.0.0.15;
}
server {
listen 80;
server_name zrlog.zjjyjs2.com;
access_log logs/zrlog_access.log main;
location ~ \.(js|css|html|htm|png|jgp)$ {
proxy_pass http://static;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location / {
proxy_pass http://zrlog;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
…
cat /app/nginx/html/test.html
10.0.0.11 ng2
var code = “bf87a7ae-3ea8-4607-9943-c80e3251ce72”