keepalived+lvs
整体规划如下:
router 外网卡124.126.147.168 内网卡:192.168.0.254
lvs1调整器VIP地址:192.168.0.253 内网卡:192.168.0.200
lvs2调整器VIP地址:192.168.0.253 内网卡:192.168.0.201
下面是真实的2台web服务器:
web1服务器真实网卡192.168.0.1 虚拟网卡ifcfg-lo:0 192.168.0.253(VIP)
web2服务器真实网卡192.168.0.2 虚拟网卡ifcfg-lo:0 192.168.0.253(VIP)
--------------------------------------------------------------------------------
真实web1设置
真实网卡:
BOOTPROTO=static
DEVICE=eno1111
ONBOOT=yes
IPADDR=192.168.0.1
NETMASK=255.255.255.0
GATEWAY=192.168.0.254
新建立一个虚拟网卡
vim /etc/sysconfig/network-script/ifcfg-lo:0
BOOTPROTO=static
DEVICE=lo:0
ONBOOT=yes
IPADDR=192.168.0.253
NETMASK=255.255.255.255
GATEWAY=192.168.0.254
改arp相关参数:
要禁止对VIP地址ARP响应:
vim /etc/sysctl.conf
net.ipv4.conf.eno1111.arp_ignore = 1
net.ipv4.conf.eno1111.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
sysctl -p 马上生效不用重启
yum install httpd
systemctl start httpd
systemctl restart network
echo "192.168.0.1" > /var/www/html/index.html
firwall-cmd --permanent --add-port=80/tcp
firwall-cmd --reload
-------------------------------------------------------
真实web2设置
真实网卡:
BOOTPROTO=static
DEVICE=eno2222
ONBOOT=yes
IPADDR=192.168.0.2
NETMASK=255.255.255.0
GATEWAY=192.168.0.254
新建立一个虚拟网卡
vim /etc/sysconfig/network-script/ifcfg-lo:0
BOOTPROTO=static
DEVICE=lo:0
ONBOOT=yes
IPADDR=192.168.0.253
NETMASK=255.255.255.255
GATEWAY=192.168.0.254
改arp相关参数:
要禁止对VIP地址ARP响应:
vim /etc/sysctl.conf
net.ipv4.conf.eno2222.arp_ignore = 1
net.ipv4.conf.eno2222.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
sysctl -p 马上生效不用重启
yum install httpd
systemctl start httpd
systemctl restart network
echo "192.168.0.2" > /var/www/html/index.html
firwall-cmd --permanent --add-port=80/tcp
firwall-cmd --reload
----------------------------------------------------------
lvs1调度器:
LVS真实网卡设置:
TYPE=Ethernet
BOOTPROTO=static
DEVICE=eno33554960
ONBOOT=yes
IPADDR=192.168.0.200
NETMASK=255.255.255.0
GATEWAY=192.168.0.254
systemctl restart network
yum -y install keepalived ipvsadm 安装调试器和keepalived
modprobe ip_vs加载模块
vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
test@qq.com
}
notification_email_from root@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id_lvs_1
}
vrrp_instance LVS_HA {
state MASTER
interface eno4444
virtual_router_id 60
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.0.253/24
}
}
virtual_server 192.168.0.253 80 {
delay_loop 6
lb_algo rr
lb_kind DR
nat_mask 255.255.255.0
persistence_timeout 50
protocol TCP
real_server 192.168.0.1 80 {
weigth 1
TCP_CHECK {
connect_timeout 20
connect_port 80
nb_get_retry 3
}
}
real_sever 192.168.0.2 80 {
weight 1
TCP_CHECK {
connect_timeout 20
connect_port 80
nb_get_retry 3
}
}
}
systemctl start keepalived
systemctl enable keepablived
ip addr show 看虚拟ip
ipvsadm -Ln
firewall-cmd --set-default-zone=trusted
-----------------------------------------------------
lvs2调试器配置 :
LVS真实网卡设置:
TYPE=Ethernet
BOOTPROTO=static
DEVICE=eno55555
ONBOOT=yes
IPADDR=192.168.0.201
NETMASK=255.255.255.0
GATEWAY=192.168.0.254
systemctl restart network
yum -y install keepalived ipvsadm 安装调试器和keepalived
vim /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
test@qq.com
}
notification_email_from root@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id_lvs_2
}
vrrp_instance LVS_HA {
state MASTER
interface eno6666
virtual_router_id 60
priority 50
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.0.253/24
}
}
virtual_server 192.168.0.253 80 {
delay_loop 6
lb_algo rr
lb_kind DR
nat_mask 255.255.255.0
persistence_timeout 50
protocol TCP
real_server 192.168.0.1 80 {
weigth 1
TCP_CHECK {
connect_timeout 20
connect_port 80
nb_get_retry 3
}
}
real_sever 192.168.0.2 80 {
weight 1
TCP_CHECK {
connect_timeout 20
connect_port 80
nb_get_retry 3
}
}
}
systemctl start keepalived
systemctl enable keepablived
ip addr show 看虚拟ip
ipvsadm -Ln
firewall-cmd --set-default-zone=trusted
-------------------------------------------------------------
router路由设置,生产环境用真路由器,现在linux做路由器
router用linux充当:
第一块网卡对内:
TYPE=Ethernet
BOOTPROTO=static
DEVICE=eno7777
ONBOOT=yes
IPADDR=192.168.0.254
NETMASK=255.255.255.0
DNS=202.96.134.133
第二块对外:
TYPE=Ethernet
BOOTPROTO=static
DEVICE=eno8888
ONBOOT=yes
IPADDR=124.126.147.168
NETMASK=255.0.0.0
DNS=202.96.134.133
systemctl restart network
iptables -F
iptables -X
iptables -t nat -X
iptables -t nat -F
iptables -t nat -I PREROUTING -d 124.126.147.168 -p tcp -dport 80 \
-j DNAT --to-destination 192.168.0.253:80
iptables -t nat -I POSTROUTING -s 192.168.0.0/24 -p tcp -j SNAT \
--to-source 124.126.147.168
vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
sysctl -p
关于kvm网络的配置:
终端下把本机实际网卡改成这下面这样
vim ifcfg-eno16777736
BOOTPROTO="none"
DEVICE="eno16777736"
ONBOOT="yes"
BRIDGE=br0
vimt ifcfg-br0
DEVICE=br0
ONBOOT="yes"
TYPE=Bridge
BOOTPROTO=static
IPADDR="192.168.1.110"
PREFIX="24"
GATEWAY="192.168.1.253"
DNS1="192.168.1.253"
lvm
首先所有的命令pv、vg、lv都是一样的格式,添加为pvcreate,查看pvdisplay ,删除pvremove ,
以下虚拟盘lvm创建完后,如果想删除不用了,记得从最后往上操作,先取消挂载、lvremore删除逻辑虚拟盘
再vg删除虚拟组,再pvremore删除物理虚拟盘
创建循序:pv----vg-----lv
1、先对硬盘分区,记得硬盘为gpt的要xfs,或msdos的要是lvm格式(不用格式化,最后创建完lv分区后再格)
2、首先创建物理虚拟盘例:pvcreage /dev/sdb1 /dev/sdb2 (这两分区是上面第一步创建的)
3、创建虚拟盘分组例:vgcreate test_vg /dev/sdb1 /dev/sdb2 (test_vg为组名)
4、创建逻辑虚拟盘也就是最终要挂的盘lvcreate -n test_web -L 20G test_vg (test_web为逻辑盘名)
5、格式化mkfs.xfs /dev/test_vg/test_web
6、挂载,和普通分区一样的操作不说了
7、增加容量lvextend -L +50G /dev/test_vg/test_web
8、增加完更新 xfs_growfs /dev/test_vg/test_web
基于nat模式的lvs:
------------------------------服务端----------------------------------------
前端服务器设置:
对外网卡:
TYPE=Ethernet
BOOTPROTO=static
DEVICE=eno16777736
ONBOOT=yes
IPADDR=192.168.1.110
PREFIX=255.255.255.0
GATEWAY=192.168.1.253
DNS1="192.168.1.253"
对应网卡:
TYPE=Ethernet
BOOTPROTO=static
DEVICE=eno33554960
ONBOOT=yes
IPADDR=192.168.17.138
NETMASK=255.255.255.0
DNS1=192.168.1.253
systemctl restart network
yum -y install ipvsadm
ipvsadm -A -t 192.168.1.110:80 -s rr (rr代表轮训)
ipvsadm -a -t 192.168.1.110:80 -r 192.168.17.130:80 -m 后端服务器有几台就加几台
ipvsadm -a -t 192.168.1.110:80 -r 192.168.17.131:80 -m
ipvsadm -Sn > /etc/sysconfig/ipvsadm 保存调度规则
打开/etc/sysctl.conf文件加入:net.ipv4.ip_forward=1 打开路由转发
打开防火墙systemctrl start wirealld
firewall-cmd --set-default-zone=trusted
firewall-cmd --permanent --add-port=80/tcp
firewall-cmd --reload
systemctl start ipvsadm
ipvsadm -Ln 查看配置
ipvsadm -Lnc 看连接情况
ipvsadm -D -t 192.168.1.110:80 删除虚拟服务
ipvsadm -d -t 192.168.1.110:80 -r 192.168.17.130 删除后端服务器130邦
ipvsadm -Sn > /tmp/ipvs.back 备份规则
ipvsadm -C 清空规则
ipvsadm -R </tmp/ipvs.back 还原规则
--------------------------------------客户端--------------------------------------------
后端两台服务器130和131都要装上httpd服务并防火墙放行80,
服务器不用安装httpd服务但要放行80
后端两台服务器ip地址都要和前端lvs机的对内ip在一个局域网,而且后端两服务器的网关是
lvs对应的ip地址
例:
TYPE=Ethernet
BOOTPROTO=static
DEVICE=eno33554960
ONBOOT=yes
IPADDR=192.168.17.130
NETMASK=255.255.255.0
GATEWAY=192.168.17.138
-----------------------------DR模式的负载均衡---------------------------------
整体规划如下:
router 外网卡124.126.147.169 内网卡:192.168.0.253
lvs调整器VIP地址:124.126.147.168 内网卡:192.168.0.254
下面是真实的三台web服务器:
web1服务器真实网卡192.168.0.1 虚拟网卡ifcfg-lo:0 124.126.147.168(VIP)
web2服务器真实网卡192.168.0.2 虚拟网卡ifcfg-lo:0 124.126.147.168(VIP)
web3服务器真实网卡192.168.0.3 虚拟网卡ifcfg-lo:0 124.126.147.168(VIP)
---------------------------------------------------------------------------------
LVS对外网卡设置:
TYPE=Ethernet
BOOTPROTO=static
DEVICE=eno33554960
ONBOOT=yes
IPADDR=124.126.147.168
NETMASK=255.0.0.0
DNS1=202.96.134.133
对内网卡设置:
TYPE=Ethernet
BOOTPROTO=static
DEVICE=eno33554960
ONBOOT=yes
IPADDR=192.168.0.254
NETMASK=255.255.255.0
DNS1=202.96.134.133
systemctl restart network重启网络
yum install ipvsadm
ipvsadm -A -t 124.126.147.168:80 -s wrr (wrr代表使用DR模式)
ipvsadm -a -t 124.126.147.168:80 -r 192.168.0.1:80 -g -w 1
ipvsadm -a -t 124.126.147.168:80 -r 192.168.0.2:80 -g -w 2
ipvsadm -a -t 124.126.147.168:80 -r 192.168.0.3:80 -g -w 3
ipvsadm -Sn > /etc/sysconfig/ipvsadm 保存调试器
firewall-cmd --permanent --add-port=80/tcp
firewall-cmd --reload
--------------------------------------------------------
真实web1设置
真实网卡:
TYPE=Ethernet
BOOTPROTO=static
DEVICE=eno1111
ONBOOT=yes
IPADDR=192.168.0.1
NETMASK=255.255.255.0
GATEWAY=192.168.0.253
新建立一个虚拟网卡
vim /etc/sysconfig/network-script/ifcfg-lo:0
TYPE=Ethernet
BOOTPROTO=static
DEVICE=lo:0
ONBOOT=yes
IPADDR=124.126.147.168
NETMASK=255.255.255.0
GATEWAY=192.168.0.253
要禁止对VIP地址ARP响应:
vim /etc/sysctl.conf
net.ipv4.conf.eno1111.arp_ignore = 1
net.ipv4.conf.eno1111.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
sysctl -p
yum install httpd
systemctl start httpd
systemctl restart network
echo "192.168.0.1" > /var/www/html/index.html
firwall-cmd --permanent --add-port=80/tcp
firwall-cmd --reload
---------------------------------------------------------
真实web2设置
真实网卡:
TYPE=Ethernet
BOOTPROTO=static
DEVICE=eno2222
ONBOOT=yes
IPADDR=192.168.0.2
NETMASK=255.255.255.0
GATEWAY=192.168.0.253
新建立一个虚拟网卡
vim /etc/sysconfig/network-script/ifcfg-lo:0
TYPE=Ethernet
BOOTPROTO=static
DEVICE=lo:0
ONBOOT=yes
IPADDR=124.126.147.168
NETMASK=255.255.255.0
GATEWAY=192.168.0.253
要禁止对VIP地址ARP响应:
vim /etc/sysctl.conf
net.ipv4.conf.eno2222.arp_ignore = 1
net.ipv4.conf.eno2222.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
sysctl -p
yum install httpd
systemctl start httpd
systemctl restart network
echo "192.168.0.2" > /var/www/html/index.html
firwall-cmd --permanent --add-port=80/tcp
firwall-cmd --reload
--------------------------------------------------------
真实web3设置
真实网卡:
TYPE=Ethernet
BOOTPROTO=static
DEVICE=eno3333
ONBOOT=yes
IPADDR=192.168.0.3
NETMASK=255.255.255.0
GATEWAY=192.168.0.253
新建立一个虚拟网卡
vim /etc/sysconfig/network-script/ifcfg-lo:0
TYPE=Ethernet
BOOTPROTO=static
DEVICE=lo:0
ONBOOT=yes
IPADDR=124.126.147.168
NETMASK=255.255.255.0
GATEWAY=192.168.0.253
要禁止对VIP地址ARP响应:
vim /etc/sysctl.conf
net.ipv4.conf.eno3333.arp_ignore = 1
net.ipv4.conf.eno3333.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
sysctl -p
yum install httpd
systemctl start httpd
systemctl restart network
echo "192.168.0.3" > /var/www/html/index.html
firwall-cmd --permanent --add-port=80/tcp
firwall-cmd --reload
-----------------------------------------
router用linux充当:
第一块网卡对内:
TYPE=Ethernet
BOOTPROTO=static
DEVICE=eno4444
ONBOOT=yes
IPADDR=192.168.0.253
NETMASK=255.255.255.0
第二块对外:
TYPE=Ethernet
BOOTPROTO=static
DEVICE=eno5555
ONBOOT=yes
IPADDR=124.126.147.169
NETMASK=255.0.0.0
vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
sysctl -p
systemctl restart network
Mysql主从复制
yum 源安装:wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
安装依赖包
yum -y install gcc make cmake ncurses-devel libxm12-devel libtool-ltdl-devel gcc-c++
autoconf automake bison zlib-devel bison-devel perl perl-devel
1、建议选择“Server with GUI”,并选择“Development Tools”和“Compatibility Libraries”
两项附加软件。确保gcc、libgcc、gcc-c++等编译器已经正确安装
下载mysql-5.6版本 wget http://cdn.mysql.com/archives/mysql-5.6/mysql-5.6.11.tar.gz
groupadd mysql
useradd -r -s /sbin/nologin -g mysql mysql
tar -xvf mysql-5.6.tar.gz -C /usr/src/
cd /usr/src/mysql-5.6/
cmake . -DENABLE_DOWNLOADS=1
make && make install
chown -R mysql.mysql /usr/local/mysql
装完后使用mysql_install_db脚本初始化数据库,用user定义数据库存名称,用basedir定义软件主目录,
用datadir定义数据库存存放目录,初始化完后复制主配置文件my.cnf到/etc/my.cnf一份
/usr/local/mysql/scripts/mysql_install_db --user=mysql --basedir=/usr/local/mysql/ --datadir=/usr/local/mysql/data
cp /usr/local/mysql/my.cnf /etc/my.cnf
vim /etc/my.cnf
[mysqld]
[mysqld_safe]
log-error=/var/log/mysqld.log //错误日志路径
pid-file=/var/lib/mysql/mysql.pid
以上步骤可完成安装
---------------------------设备服务管理-------------------------------------
/usr/local/mysql/bin/mysqld_safe --user=mysql &
cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld
chkconfig --add mysqld
chkconfig mysqld on
PATH=$PATH:/usr/local/mysql/bin/
echo "export PATH=$PATH:/usr/local/mysql/bin/" >> /etc/profile 开机启动
mysql -uroot -e "select User, Host, password from mysql.user" 看默认创建的用户和密码
清除默认用户为了安全(下面进行回答一般全选yes)
/usr/local/mysql/bin/mysql_secure_installation
由于root没有密码,当打完这个命令提示要输入密码,直接回车进行选择Y或n
--------------------------------------主从复制---------------------------------------
主报务器设置:
创建一个测试用的数据库存及表
mysql -uroot -p
create database hr;
use hr;
create table employees(employee_id int not null auto_increment, name char(20) not null, e_mail varchar(55), primary key(employee_id));
insert into employees values (1,'tom','afaf@qq.com'),
(2,'ydaxia','afdaf@163.com');
exit
vim /etc/my.cnf
[mysqld]
log-bin=mysql-bin
binlog_format=mixed
server-id = 254
[mysqld_safe]
log-error=/var/log/mysqld.log //错误日志路径
pid-file=/var/lib/mysql/mysql.pid
配置中不可以用skip-networking参数
service mysqld restart
firewall-cmd --set-default-zone=trusted
设备一个xiaowang用于从服务器连接过来,必须有replcation slave权限
账户:slave 密码;admin
mysql -u root -p
GRANT replication slave ON *.* TO 'slave'@'%' IDENTIFIED BY 'admin';
exit
查看主服务器日志服务信息:
mysql -uroot -p
flush tables with read lock; 对所有数据库表只读锁定
show master status; 查看输出:mysql-bin.000001 319
unlock tables;对全局锁结束
其中File为二进制日志文件名,Position为日志记录位置
对原有的数据进行备份一下:
/usr/local/mysql/bin/mysqldump -uroot -p --all-databases --lock-all-tables >/db/back.sql
拷贝到从服务器上
scp /db/back.sql 192.168.17.130:/tmp/
-------------------------从服务器配置---------------------------
vim /etc/my.cnf
[mysqld]
log-bin=mysql-bin
binlog_format=mixed
server-id = 100
[mysqld_safe]
log-error=/var/log/mysqld.log //错误日志路径
pid-file=/var/lib/mysql/mysql.pid
配置中不可以用skip-networking参数
service mysqld restart
firewall-cmd --set-default-zone=trusted
mysql -u root -p </tmp/back.sql 上面scp考过来的主服务器上的备份日志导进去
mysql -u root -p
stop slave;
关闭slave(如果你以前配置过主从的话,一定要先关闭)
下面几行名子一定要大写,不然不行
CHANGE MASTER TO MASTER_HOST="192.168.17.138",
MASTER_USER="slave",
MASTER_PASSWORD='admin',
MASTER_LOG_FILE="mysql-bin.000001",主服务器上查看到的日志文件
MASTER_LOG_POS=319;主服务器上查看到的日位置
start slave;开启同步(stop slave 关闭同步)
show slave status\G;
配置完成然后在主服务器数据库上添加数据看下从服务器数据库有没有增加
如果这步失败就操作下面:
error:
ERROR 1794 (HY000): Slave is not configured or failed to initialize properly. You must at least set --server-id to enable either a master or a slave. Additional error messages can be found in the MySQL error log.
经分析,需要:
删除5张表,并重新导入脚本
use mysql
drop table slave_master_info;
drop table slave_relay_log_info;
drop table slave_worker_info;
drop table innodb_index_stats;
drop table innodb_table_stats;
然后重启数据库存服务
service mysqld restart
-----------------------------------------mysql主主复制,首先完成上面的主从复制方可进行下面的主主---------------------------------------------------------
首先:必须先停掉原来的slave不然一会改完 my.cf文件重启服务会失败
stop slave;
第一台mysql主机:
第1台的/etc/my.cf文件
log-bin=mysql-bin
binlog_format=mixed
server-id = 254
auto_increment_increment=2 一共有几台master
auto_increment_offset=1 第一台意思
[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/lib/mysql/mysql.pid
重启mysql
第二台mysql主机:
grant replication slave on *.* to 'mysql130'@'192.168.17.138' identified by 'admin'; 添加一个第一台主机访问过来的xiaowang和密码
FLUSH PRIVILEGES;
第2台的/etc/my.cf文件
log-bin=mysql-bin
binlog_format=mixed
server-id = 105
auto_increment_increment=2 一共有几台master
auto_increment_offset=2 第二台意思
[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/lib/mysql/mysql.pid
重启mysql
查看主服务器日志服务信息:
mysql -uroot -p
flush tables with read lock; 对所有数据库表只读锁定
show master status; 查看输出:mysql-bin.000004 120
unlock tables;对全局锁结束
其中File为二进制日志文件名,Position为日志记录位置
mysql> CHANGE MASTER TO MASTER_HOST="192.168.17.130",
-> MASTER_USER="mysql130",
-> MASTER_PASSWORD='admin',
-> MASTER_LOG_FILE="mysql-bin.000004",
-> MASTER_LOG_POS=120;
然后在两台mysql主机都看下是否不yes
show slave status\G;
show master status\G;
NFS
nfs工作在2049端口,rpcbind工作在111端口,两个服务都要启动
exports命令:-r重新读取/etc/exportfs配置文件 nfsstat查看共享状态信息,rpcinfo查看客户端注册信息
如果开启了防火墙要调协端口配置文件/etc/sysconfig/nfs
-------------------------server配置-----------------------------------------
yum install nfs-utils rpcbind -y
useradd -u 1005 test_nfs
mkdir /var/web
chmod 222 /var/web/
vim /etc/exports 编辑:
/var/web/ 192.168.17.130(rw,async,no_root_squash) #130客户机挂上nfs后,切换用户test_nfs具有可写的权限
#如果这样配置/var/web/ 192.168.17.130(ro,sync) 就是客户机挂上后只读
systemctl start rpcbind
systemctl start nfs
---------------------------------client配置--------------------------------------
ort list for 192.168.17.131 先查看server端情况有没有nfs共享
mkdir /mnt/nfs_test
chmod 777 /mnt/nfs_test
useradd -u 1005 test_nfs 创建和服务器一样的用户和id
mount 192.168.17.131:/var/web /mnt/nfs_test 挂载nfs共享
su test_nfs用户进行测试写入操作
rsync
1、系统光盘yum源安装:yum install rsync
2、创建需要同步的文件夹/common
/home : 表示将整个 /home 目录复制到目标目录
/home/ : 表示将 /home 目录中的所有内容复制到目标目录
2、在/etc/下创建rsyncd.conf文件
添加以下内容:
#/etc/rsyncd.conf
motd file = /etc/rsyncd.motd
transfer logging = yes
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock
port = 873
address = 192.168.17.130
uid = nobody
gid = nobody
use chroot = no
read only = yes
max connections = 10
[common]
comment = web content
path = /common
ignore errors
auth users = tom,jerry
secrets file = /etc/rsyncd.secrets
hosts allow = 192.168.17.0/255.255.255.0
hosts deny = *
list = false
4、echo "tom:pass" > /etc/rsyncd.secrets
echo "jerry:111" >> /etc/rsyncd.secrets
5、chmod 600 /etc/rsyncd.secrets
6、 echo "welcome to access" > /etc/rsyncd.motd
7、rsync --daemon
8、echo "/usr/bin/rsync --daemon" >> /etc/rc.local
9、firewall-cmd --permanent --add-port=873/tcp
---------------------客户端--------------------------------
1、yum install rsycn
2、访问:rsync -vzrtopg --progress tom@192.168.17.130::common /test
3、echo "pass" > /etc/rsync.pass 把密码定义这里下面访问不用输入密码了(这个文件的权限一下要600不然报错)
4、rsync -avz --delete --password-file=rsync.pass tom@192.168.17.130::common /dest
所服务器上的common里的文件都弄过来test下面(以服务器common为准来变)
5、写个脚本自动处理
#!/bin/bash
SRC=common
DEST=/data
Server=192.168.17.130
User=tom
Passfile=/root/rsync.pass
[ ! -d $DEST ] && mkdir $DEST
[ ! -d $Passfile ] && exit 2
rsync -az --delete --password-file=$Passfile ${User}@${Server}::$SRC $DEST/$(date +%Y%m%d)
-----------------------rsync+inotify双剑合并时时同步----------------------------------------------
https://github.com/rvoicilas/inotify-tools.git 下载地址
yum install rsync
yum install automake libtool
下来解压文件完后进入文件夹,先bash autogen.sh运行出来configure文件
再运行configure再make 再make install
echo "pass" >/root/rsync.pass
chmod 600 rsync.pass
写个脚本实时监控:
#!/bin/bash
SRC=/web_data/
DESR=common
Client=192.168.17.130
User=tom
Passfile=/root/rsync.pass
[ ! -e $Passfile ] && exit 2
/local/src/inotifys/bin/inotifywait -mrq --timefmt '%y-%m-%d %H:%M' --format '%T %w%f %e' --event modify,create,move,delete,attrib \
$SRC|while read line
do
echo "$line" > /var/log/inotify_web 2>&1
/usr/bin/rsync -avz --delete --progress --password-file=/root/rsync.pass $SRC \
${User}@${Client}::$DESR >> /var/log/rsync_web 2>&1
done &
给脚 本755权限,并加入开机启动
-----------------------------------------------------------------------------------
被监控端(web前端)
yum install rsync
mkdir -p /common
chmod 755 /common
chown nobody.nobody /common
vim /etc/rsyncd.conf
#/etc/rsyncd.conf
transfer logging = yes
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock
uid = nobody
gid = nobody
use chroot = no
read only = no
ignore errors
[common]
comment = web content
path = /common
auth users = tom
secrets file = /etc/rsyncd.secrets
hosts allow = 192.168.17.131
hosts deny = *
list = false
echo "tom:pass" > /etc/rsyncd.secrets
chmod 600 /etc/rsyncd.secrets
rsync --daemon
svn
1、svn常用两种访问模式:客户端软件(安装客户端软件),客户端网站(需要服务器搭配apache)
2、处一种客户端模式:先用本地光盘yum源安装:yum install subversion
3、svnadmin help 查看
create创建版本库,hotcopy热备库, lslocks打印所有锁描述
4、svnadmin hotcopy /var/project1 /var/project1_back 热备份
5、将opt下面的所有文件导入到刚创建的project1版本库中
svn import /opt/ file:///var/project1/ -m "install files.."
svn list file:///var/project1 查看版本库的资料内容
服务启动:svnserve -d -r /var 如重启服务先把之前的killall杀掉再启动
6、每个版本库的配置文件在版本库conf文件夹下:
svnserve.conf
passwd
authz
三个文件设置
7、svnserve.conf开启如果几行注释:
[general]
anon-access = none
auth-access = write
password-db = passwd
authz-db = authz
8、passwd中添加用户密码:
[users]
admin = admin
xiaowang = admin
9、authz
[/]
admin = rw 可读写的用户
xiaowang = r 只读用户
以上设备就可以完成客户端软件访问模式了
客户端下载svn并安装,随便一个文件夹检出输入
svn://ip地址/project1 确定输入admin 就可以了
vsftp
1、yum install vsftpd
systemctl start vsftpd
2、主配置文件/etc/vsftpd/vsftpd.con
3、三种模式登陆(匿名、本地xiaowang、虚拟xiaowang)
4、以虚拟账户为例:
5、yum install libdb-utils
6、新建文件:vim /etc/vsftpd/vslogin 输入用户和密码例:
tomcat
123456
jerry
123456
7、生成哈希文件:db_load -T -t hash -f /etc/vsftpd/vslogin /etc/vsftpd/vslogin.db
8、chm 600 {vslogin,vslogin.db}
9、vim /etc/pam.d/vsftpd.pam
在里面输入两行:
auth required /lib64/security/pam_userdb.so db=/etc/vsftpd/vslogin
account required /lib64/security/pam_userdb.so db=/etc/vsftpd/vslogin
10、创建一个新用户:useradd -s /sbin/nologin -d /home/ftp virtual
11、打开主配置文件改(只要这19行其它全部注释):
anonymous_enable=NO
local_enable=YES
anon_upload_enable=YES
anon_mkdir_write_enable=NO
anon_other_write_enable=NO
chroot_local_user=YES
listen=YES
listen_port=21
pam_service_name=vsftpd.pam
guest_enable=YES
guest_username=virtual
pasv_enable=YES
pasv_min_port=30000
pasv_max_port=30099
user_config_dir=/etc/vsftpd_user_conf
user_sub_token=$USER
xferlog_enable=yes
xferlog_std_format=yes
13、mkdir /etc/vsftpd_user_conf
14、mkdir -p /home/ftp/tomcat
15、在/home/ftp/tomcat里面放个测试文件最后重启完服务试
16、vim /etc/vsftpd_user_conf/tomcat
写入:local_root=/home/ftp/$USER
17、重启服务systemctl restart vsftpd
firewall
zone大全:
trusted:允许所有
public ;允许其它主机访问本机ssh,本机访问其它主机后,那台主机才可以进来,否则拒绝
external:通过这个zone来的数据都将nat后再转发出去,不管来源是什么地址全转发,并且
改成本机防火墙的出站ip地址(当路由器用的)
1、查当前用的zone
firewall-cmd --get-default-zone
3、firewall-cmd --list-all-zone 查看所有的zone
2、设置当前的zone为home
firewall-cmd --set-default-zone=public
3、显示预定义的服务名称:firewall-cmd --get-services
意思是在针对服务来限制时这里面有的名字才可以
4、firewall-cmd --add-service=ftp --zone=public
允许ftp 服务访问
firewall-cmd --list-all --zone=public查看一下刚才添加的
5、删除ftp服务firewall-cmd --remove-service=ftp --zone=public
6、允许端口firewall-cmd --add-port=3306/tcp --zone=public
(一般常用是这样的:firewall-cmd --add-port=3306/tcp 添加到默认当前的zone中 )
7、删除端口firewall-cmd --remove-port=3306/tcp --zone=public
8、把zone和规则邦定网卡
firewall-cmd --add-interface=eno16777736 --zone=public
9、解除邦定网卡
firewall-cmd --remove-interface=eno16777736 --zone=public
10、看当前正使用的zone信息
firewall-cmd --list-all
11、添加永久生效的规则访问3306
firewall-cmd --permanent --add-port=3306/tcp --zone=public
12、重新加载防火墙规则(前面不是永久的人丢失)
firewall-cmd --reload
haproxy
-----------------------------后端web1-------------------
服务器名称:web1.exmple.com
vim /etc/sysconfig/network-script/ifcfg-eno11111
TYPE=Ethernet
BOOTPROTO=static
DEVICE=eno11111
ONBOOT=yes
IPADDR=192.168.0.1
NETMASK=255.255.255.0
GATEWAY=192.168.0.254
systemctl restart network
yum -y install httpd
echo "192.1680.1" >/var/www/html/index.html
systemctl start httpd
firewall-cmd --set-default-zone=trusted
------------------------------后端web2-------------------
服务器名称:web2.exmple.com
vim /etc/sysconfig/network-script/ifcfg-eno22222
TYPE=Ethernet
BOOTPROTO=static
DEVICE=eno22222
ONBOOT=yes
IPADDR=192.168.0.2
NETMASK=255.255.255.0
GATEWAY=192.168.0.254
systemctl restart network
yum -y install httpd
echo "192.1680.2" >/var/www/html/index.html
systemctl start httpd
firewall-cmd --set-default-zone=trusted
------------------------------后端web3-------------------
服务器名称:web3.exmple.com
vim /etc/sysconfig/network-script/ifcfg-eno22222
TYPE=Ethernet
BOOTPROTO=static
DEVICE=eno333333
ONBOOT=yes
IPADDR=192.168.0.3
NETMASK=255.255.255.0
GATEWAY=192.168.0.254
systemctl restart network
yum -y install httpd
echo "192.1680.3" >/var/www/html/index.html
systemctl start httpd
firewall-cmd --set-default-zone=trusted
---------------------------------------------------------
前端服务器设置:
服务器名称:haproxy.example.com
对外网卡:
TYPE=Ethernet
BOOTPROTO=static
DEVICE=eno16777736
ONBOOT=yes
IPADDR=10.10.10.10
PREFIX=255.0.0.0
对应网卡:
TYPE=Ethernet
BOOTPROTO=static
DEVICE=eno33554960
ONBOOT=yes
IPADDR=192.168.0.254
NETMASK=255.255.255.0
systecmctl restart network
firewall-cmd --set-default-zone=trusted
vim /etc/security/limits.conf 内核调优,插入两行
* soft nofile 65535
* hard nofile 65535
yum -y install haproxy
vim /etc/haproxy/haproxy.cfg
global
maxconn 4096 #最大连接数
log 127.0.0.1 local3 info
# log语法:log <address_1>[max_level_1] # 全局的日志配置,使用log关键字,
指定使用127.0.0.1
上的syslog服务中的local0日志设备,记录日志等级为info的日志
chroot /var/haproxy #改变当前工作目录
uid 99
gid 99
daemon #以守护进程方式运行haproxy
nbproc 1
pidfile /var/run/haproxy.pid #当前进程id文件
ulimit-n 65535
stats socket /var/tmp/stats
defaults
mode http #默认的模式mode { tcp|http|health },tcp是4层,http是7层,health只会返回OK
log global #应用全局的日志配置
maxconn 20480 #每个进程可用的最大连接数
option httplog # 启用日志记录HTTP请求,默认haproxy日志记录是不记录HTTP请求日志
option httpclose option dontlognull
# 启用该项,日志中将不会记录空连接。所谓空连接就是在上游的负载均衡器
或者监控系统为了探测该 服务是否存活可用时,需要定期的连接或者获取某
一固定的组件或页面,或者探测扫描端口是否在监听或开放等动作被称为空连接;
官方文档中标注,如果该服务上游没有其他的负载均衡器的话,建议不要使用
该参数,因为互联网上的恶意扫描或其他动作就不会被记录下来
option forwardfor #如果服务器上的应用程序想记录发起请求的客户端的IP地址,需要在HAProxy
上 配置此选项, 这样 HAProxy会把客户端的IP信息发送给服务器,在HTTP
请求中添加"X-Forwarded-For"字段。
启用 X-Forwarded-For,在requests头部插入客户端IP发送给后端的server,使后端server获取到客户端的真实IP。
option redispatch # 当使用了cookie时,haproxy将会将其请求的后端服务器的serverID插入到
cookie中,以保证会话的SESSION持久性;而此时,如果后端的服务器宕掉
了, 但是客户端的cookie是不会刷新的,如果设置此参数,将会将客户的请
求强制定向到另外一个后端server上,以保证服务的正常。
option abortonclose
starts refresh 30
retries 3 # 定义连接后端服务器的失败重连次数,连接失败次数超过此值后将会将对应后端
服务器标记为不可用
balance roundrobin #负载均衡算法
cookie SRV
timeout connect 5000s #连接超时
timeout client 5000m #客户端超时
timeout server 5000m #服务器端超时
timeout check 2000s #检测超时
listen admin_status
bind 0.0.0.0:6553
mode http
log 127.0.0.1 local3 info
stats enable
stats refresh 5s
stats realm Haproxy\ Statistics
stats uri /admin?stats
stats auth admin1:AdMiN123
stats hide-version
frontend web_serivce
bind 0.0.0.0:80
mode http
log global
option httplog
option httpclose
option forwardfor
acl inside_src src 192.168.0.0/24
use_backend inside_servers if inside_src
default_backend external_servers
backend external_servers
mode http
balance roundrobin
option httpchk GET /index.html
server web01 192.168.0.1:80 ookie web1 check inter 2000 rise 2 fall 3 weight 1 #定义的多个后端
server web01 192.168.0.2:80 ookie web2 check inter 2000 rise 2 fall 3 weight 1 #定义的多个后端
backend inside_servers
mode http
balance roundrobin
option httpchk GET /index.html
server web01 192.168.0.3:80 ookie web3 check inter 1500 rise 3 fall 3 weight 1 #定义的多个后端
vim /etc/rsyslog.onf 插入以下三行
$ModLoad imudp
$UDPServerRun 514
local13.*
systemctl restat syslog
haproxy -f /etc/haproxy/haproxy.cfg
echo "/usr/local/sbin/haproxy -f /etc/haproxy/haproxy.cfg" >>/etc/rc.local 加入开机启动
------------------------------------------------------------------------------------------------
外部机进行测试:
http://10.10.10.10:6553/admin?stats打开查看,刷新网页分别轮流出现web1各web2两台服务器的页面
如果客户机是局域网电脑就http://192.168.0.254 打开永远显示web3的页面
13万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
