小型Linux运维架构实验-实践篇
一、网络拓扑、地址规划。
硬件防火墙:用一台机器的iptables模拟,公有IP:1.1.1.1 私有IP:192.168.1.24
交换机就省略了,都是同一个网段没事,再说VMworkstation的虚拟机都是桥接到虚拟交换机的。
虚拟IP:192.168.1.10
| 机器 | IP地址 |
| LVS主 | 192.168.1.22 |
| LVS备 | 192.168.1.23 |
| 硬件防火墙(iptables替代) | 192.168.1.24 |
| Nginx1/salt-minion | 192.168.1.25 |
| Nginx2/salt-minion | 192.168.1.26 |
| NFS | 192.168.1.27 |
| Rsync | 192.168.1.28 |
| Zabbix/salt-master | 192.168.1.20 |
| Mysql主 | 192.168.1.30 |
| Mysql备 | 192.168.1.31 |
二、LVS+keepalived实现访问Nginx。
1、LVS主:192.168.1.22,LVS备:192.168.1.23 。
[root@lvs-backup ~]# yum install ipvsadm keepalived -y ##yum安装算了,源码包安装太容易报错,yum源选择centos7官方源即可
[root@lvs-backup ~]# cd /etc/keepalived/
[root@lvs-backup keepalived]# cp keepalived.conf keepalived.conf.default
[root@lvs-backup keepalived]# echo >keepalived.conf
[root@lvs-backup keepalived]# vim keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost ##
}
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server 127.0.0.1 ##
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_instance VI_1 {
state BACKUP ##
interface eth0
virtual_router_id 51
priority 99 ##
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.1.10
}
}
virtual_server 192.168.1.10 80 {
delay_loop 6
lb_algo rr
lb_kind DR
nat_mask 255.255.255.0
persistence_timeout 50
protocol TCP
real_server 192.168.1.25 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 192.168.1.26 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
Note: LVS主跟上述步骤一样,直接拷贝过来即可,只需要把state改为Master,Proiority改为100
二、现学现用,利用Saltstack部署真实服务器Nginx1:192.168.1.25 ,Nginx2 :192.168.1.26。Nginx1和Nginx2作为salt-minion,选择Zabbix机器作为salt-master
[root@nginx-01 ~]# yum install salt-minion -y
[root@nginx-01 ~]# vim /etc/salt/minion
master: salt ##发现写成IP的形式不会成功。
id:nginx-192.168.1.25 ##指定Minion-id
[root@nginx-01 ~]# echo "192.168.1.20 salt" >>/etc/hosts ##必须配域名解析才行
[root@nginx-01 ~]# systemctl start salt-minion
[root@salt-master ~]# salt-key -A -y
[root@salt-master ~]# salt-key -L
Accepted Keys:
nginx-01
nginx-02
Denied Keys:
Unaccepted Keys:
Rejected Keys:
参考saltstack推送nginx文档:http://xiaoluoge.blog.51cto.com/9141967/1722289/
##保证两台nginx的80端口正常开放
[root@nginx-02 nginx]# ss -tunlp|grep 80
tcp LISTEN 0 128 *:80 *:* users:(("nginx",pid=22474,fd=6),("nginx",pid=22390,fd=6))
[root@nginx-01 nginx]# bash lvs_dr.sh ##在2台真实服务器上均做
#!/bin/bash VIP=192.168.1.10 . /etc/rc.d/init.d/functions case $1 in start) ifconfig lo:0 $VIP broadcast $VIP netmask 255.255.255.255 up #设置广播为自已,掩码4个255,表示网络中只有自已本身一个主机 /sbin/route add -host $VIP dev lo:0echo "1" >/proc/sys/net/ipv4/conf/lo/arp_ignore ##拒绝发出ARP应答 echo "2">/proc/sys/net/ipv4/conf/lo/arp_announce ##拒绝发出ARP请求 echo "1" >/proc/sys/net/ipv4/conf/all/arp_ignore echo "2" >/proc/sys/net/ipv4/conf/all/arp_announce sysctl -p >&/dev/null ;; stop) ifconfig lo:0 down route del $VIP >/dev/null 2>&1 echo "0" >/proc/sys/net/ipv4/conf/lo/arp_ignore ##启用ARP应答 echo "0" >/proc/sys/net/ipv4/conf/lo/arp_announce ##允许发出ARP请求 echo "0" >/proc/sys/net/ipv4/conf/all/arp_ignore echo "0" >/proc/sys/net/ipv4/conf/all/arp_announce ;; *) echo "Usage:$0 {start|stop}" exit 1 esac exit 0
[root@lvs-master keepalived]# echo 1 >/proc/sys/net/ipv4/ip_forward
[root@lvs-backup keepalived]# echo 1 >/proc/sys/net/ipv4/ip_forward
[root@lvs-master keepalived]# servce keepalived start
[root@lvs-master keepalived]# ipvsadm -L -n
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.1.10:80 rr persistent 50
-> 192.168.1.25:80 Route 1 1 2
-> 192.168.1.26:80 Route 1 0 0
##lvs的负载均衡暂告段落,当停掉lvs主的时候,lvs备赋予了虚拟IP,当lvs主恢复过来的时候,虚拟IP又回到了lvs主上,这是因为我们默认非抢占模式
三、搭建NFS服务器,并共享给nginx01和nginx02,并提供写权限,让nginx01上传的附件可以在nginx02看到。
[root@nfs ~]# yum -y install nfs-utils rpcbind
[root@nfs ~]# vim /etc/exports
/nfs/web 192.168.1.0/24(rw,sync,all_squash)
[root@nfs ~]# service rpcbind status
[root@nfs ~]# service nfs start
[root@nfs ~]# showmount -e localhost ##exportfs -arv 重新导出命令
Export list for localhost:
/nfs/web 192.168.1.0/24
[root@nfs ~]# systemctl enable nfs
在nginx01和nginx02上:
[root@nfs web]# chown -R nfsnobody.nfsnobody /nfs/web ##属于匿名权限,客户端才能写入文件
[root@nginx-02 ~]# yum install -y showmount
[root@nginx-02 ~]# showmount -e 192.168.1.27
Export list for 192.168.1.27:
/nfs/web 192.168.1.0/24
[root@nginx-02 ~]# mount -t nfs 192.168.1.27:/nfs/web /usr/local/nginx/html/
[root@nginx-02 ~]# mount|grep nfs
192.168.1.27:/nfs/web on /usr/local/nginx/html type nfs4 (rw,relatime,vers=4.0,rsize=32768,wsize=32768,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=192.168.1.26,local_lock=none,addr=192.168.1.27)
[root@nginx-02 ~]# cd /usr/local/nginx/html/
[root@nginx-02 html]# touch 1.txt
[root@nfs ~]# cd /nfs/web/
[root@nfs web]# ls ##NFS服务器查看共享
1.txt
[root@nginx-01 html]# pwd ##nginx其他节点查看共享。
/usr/local/nginx/html
[root@nginx-02 html]# ls
1.txt
[root@nginx-02 nginx]# umount /usr/local/nginx/html/ ##取消挂载在一个根目录,而是在当前目录下专门创建一个附件目录
[root@nginx-01 nginx]# mkdir /usr/local/nginx/html/fuJian
[root@nginx-01 nginx]# mount -t nfs 192.168.1.27:/nfs/web /usr/local/nginx/html/fuJian/
四、搭建Rsync服务器。
## NFS服务器部署inotify,一触即发同步到rsync服务端。
[root@nfs ~]# ll /proc/sys/fs/inotify/
[root@nfs ~]# tar xf inotify-tools-3.14.tar.gz
[root@nfs ~]# cd inotify-tools-3.14/
[root@nfs inotify-tools-3.14]# ./configure --prefix=/usr/local/inotify-3.14
[root@nfs inotify-tools-3.14]# make && make install
##部署rsync备份服务器。
[root@rsync ~]# tar xf rsync-3.1.2.tar.gz
[root@rsync ~]# cd rsync-3.1.2/
[root@rsync rsync-3.1.2]# ./configure --prefix=/usr/local/rsync
[root@rsync rsync-3.1.2]# make && make install
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid #设置pid文件位置
lock file = /var/run/rsyncd.lock #设置lock文件位置
uid = body #设置启动时以哪个用户来代替root运行rsync
gid = nobody
list = yes #不允许列出名单
chroot = no #不切换根目录
timeout = 300 #设置超时时间
ignore errors = yes #是否忽略错误
max connections = 100 #最大连接数
hosts allow = 192.168.1.0/24
[backup] #设定模块名称
path = /root/backup/nfs/ #指定模块路径
read only = no #是否可写
auth users = rsync #创建允许连接该模块的虚拟用户
secrets file = /usr/local/rsync/rsyncd.passwd
##安装MySQL
1、[root@www ~]# yum install mysql-server mysql-devel
主:vi /etc/my.cnf
server-id=1
log-bin=binlog
[root@www ~]# service mysqld restart
[root@www ~]# mysql -uroot -p
##mysqladmin -uroot -p password 199510 设置初始化密码
mysql> grant replication slave on *.* to 'root'@'192.168.1.4' identified by '199510';
##admin是虚拟用户,192.168.1.4是从机器的IP地址,可以从机器上登陆测试 [root@www ~]# mysql -uadmin -p199510 -h 192.168.1.3
mysql> show master status;
+---------------+----------+--------------+------------------+
| File | Position | Binlog_Do_DB | Binlog_Ignore_DB |
+---------------+----------+--------------+------------------+
| binlog.000001 | 338 | | |
+---------------+----------+--------------+------------------+
1 row in set (0.00 sec)
2、从机器不需要开启binlog: vi /etc/my.cnf
==============
server-id=2
read_only=1
================
[root@www ~]# service mysqld restart
mysql> stop slave;
mysql> change master to master_host='192.168.1.3',master_user='root',master_password='199510',master_log_file='mysql- binlog.000001 ',master_log_pos=338;
mysql>start slave;
3、主:mysql>create database d1;
mysql>use d1;
mysql>create table t1(id int primary key auto_increment,name varchar(10));
1、检查主从复制是否正常?
在master上面检查授权,msyql>show grants;
主库加锁FLUSH TABLES WITH READ LOCK;主库解锁:unlock tables;
stop slave;
set global sql_slave_skip_counter=1; (1是指跳过一个错误)
slave start;
误操作:revoke all privileges on *.* from 'root'@'localhost',误操作给root取消授权,导致任何命令都无法执行,再进行grant都不行。我日尼玛呀!幸亏是测试环境。
2、mysql-proxy的安装
[root@www Packages]# tar xf mysql-proxy-0.8.5-linux-el6-x86-32bit.tar.gz
[root@www Packages]# mv mysql-proxy-0.8.5-linux-el6-x86-32bit /usr/local/mysql-proxy
[root@www Packages]# cd /usr/local/mysql-proxy/
[root@www mysql-proxy]# mkdir lua logs
[root@www mysql-proxy]#cp share/doc/mysql-proxy/rw-splitting.lua ./lua #复制读写分离配置文件
[root@www mysql-proxy]#useradd -s /sbin/nologin -M mysql-proxy
[root@www mysql-proxy]# chown -R root:mysql-proxy /usr/local/mysql-proxy/*
3、安装Lua软件
[root@www Packages]#yum install libtermcap-devel ncurses-devel libevent-devel readline-devel gcc gcc-c++ autoconf mysql-devel pkgconfig libtool ##如果不做这个,安装lua会报错不断
[root@www Packages]# tar xf lua-5.1.4.tar.gz
[root@www Packages]# cd lua-5.1.4
[root@www Packages]# make linux
[root@www Packages]# make install
4、配置SysV启动脚本,vi /etc/init.d/mysql-proxy,该脚本会自动读取/etc/sysconfig/mysql-proxy
=====================================================
#!/bin/bash
#
# mysql-proxy This script starts and stops the mysql-proxy daemon
#
# chkconfig: - 78 30
# processname: mysql-proxy
# description: mysql-proxy is a proxy daemon for mysql
# Source function library.
. /etc/rc.d/init.d/functions
prog="/usr/local/mysql-proxy/bin/mysql-proxy"
# Source networking configuration.
if [ -f /etc/sysconfig/network ]; then
. /etc/sysconfig/network
fi
# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0
# Set default mysql-proxy configuration.
ADMIN_USER="admin"
ADMIN_PASSWD="admin"
ADMIN_LUA_SCRIPT="/usr/local/mysql-proxy/share/doc/mysql-proxy/admin.lua"
PROXY_OPTIONS="--daemon"
PROXY_PID=/var/run/mysql-proxy.pid
PROXY_USER="mysql-proxy"
# Source mysql-proxy configuration.
if [ -f /etc/sysconfig/mysql-proxy ]; then
. /etc/sysconfig/mysql-proxy
fi
RETVAL=0
start() {
echo -n $"Starting $prog: "
daemon $prog $PROXY_OPTIONS --pid-file=$PROXY_PID --proxy-address="$PROXY_ADDRESS" --user=$PROXY_USER --admin-username="$ADMIN_USER" --admin-lua-script="$ADMIN_LUA_SCRIPT" --admin-password="$ADMIN_PASSWORD"
RETVAL=$?
echo
if [ $RETVAL -eq 0 ]; then
touch /var/lock/subsys/mysql-proxy
fi
}
stop() {
echo -n $"Stopping $prog: "
killproc -p $PROXY_PID -d 3 $prog
RETVAL=$?
echo
if [ $RETVAL -eq 0 ]; then
rm -f /var/lock/subsys/mysql-proxy
rm -f $PROXY_PID
fi
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
condrestart|try-restart)
if status -p $PROXY_PIDFILE $prog >&/dev/null; then
stop
start
fi
;;
status)
status -p $PROXY_PID $prog
;;
*)
echo "Usage: $0 {start|stop|restart|reload|status|condrestart|try-restart}"
RETVAL=1
;;
esac
exit $RETVAL
=======================================================
[root@www mysql-proxy]# chmod +x /etc/init.d/mysql-proxy
[root@www mysql-proxy]# chkconfig --add mysql-proxy
5、配置mysql-proxy的配置选项
============================================
# Options for mysql-proxy
ADMIN_USER="admin"
ADMIN_PASSWORD="admin"
ADMIN_ADDRESS="192.168.186.5:4041"
ADMIN_LUA_SCRIPT="/usr/local/mysql-proxy/lua/admin.lua"
PROXY_ADDRESS="192.168.186.5:4040"
PROXY_USER="mysql-proxy"
PROXY_OPTIONS="--daemon --log-level=info --log-file=/var/log/mysql-proxy.log --plugins=proxy --plugins=admin --proxy-backend-addresses=192.168.186.3:3306 --proxy-read-only-backend-addresses=192.168.186.4:3306 --proxy-lua-script=/usr/local/mysql-proxy/lua/rw-splitting.lua
============================================
6、编写Lua脚本
(1)读写分离脚本
[root@www mysql-proxy]# vi /usr/local/mysql-proxy/lua/rw-splitting.lua
=======================================
if not proxy.global.config.rwsplit then
proxy.global.config.rwsplit = {
min_idle_connections = 1,
##当连接没有超过min_idle_connections预设值时,不会进行读写分离,即查询操作会发生到主库上。
max_idle_connections = 2, ##默认是8,主从机器共有几台
is_debug = false
}
end
========================================
(2)管理员脚本
[root@www mysql-proxy]# vi /usr/local/mysql-proxy/lua/admin.lua
=============================================
function set_error(errmsg)
proxy.response = {
type = proxy.MYSQLD_PACKET_ERR,
errmsg = errmsg or "error"
}
end
function read_query(packet)
if packet:byte() ~= proxy.COM_QUERY then
set_error("[admin] we only handle text-based queries (COM_QUERY)")
return proxy.PROXY_SEND_RESULT
end
local query = packet:sub(2)
local rows = { }
local fields = { }
if query:lower() == "select * from backends" then
fields = {
{ name = "backend_ndx",
type = proxy.MYSQL_TYPE_LONG },
{ name = "address",
type = proxy.MYSQL_TYPE_STRING },
{ name = "state",
type = proxy.MYSQL_TYPE_STRING },
{ name = "type",
type = proxy.MYSQL_TYPE_STRING },
{ name = "uuid",
type = proxy.MYSQL_TYPE_STRING },
{ name = "connected_clients",
type = proxy.MYSQL_TYPE_LONG },
}
for i = 1, #proxy.global.backends do
local states = {
"unknown",
"up",
"down"
}
local types = {
"unknown",
"rw",
"ro"
}
local b = proxy.global.backends[i]
rows[#rows + 1] = {
i,
b.dst.name, -- configured backend address
states[b.state + 1], -- the C-id is pushed down starting at 0
types[b.type + 1], -- the C-id is pushed down starting at 0
b.uuid, -- the MySQL Server's UUID if it is managed
b.connected_clients -- currently connected clients
}
end
elseif query:lower() == "select * from help" then
fields = {
{ name = "command",
type = proxy.MYSQL_TYPE_STRING },
{ name = "description",
type = proxy.MYSQL_TYPE_STRING },
}
rows[#rows + 1] = { "SELECT * FROM help", "shows this help" }
rows[#rows + 1] = { "SELECT * FROM backends", "lists the backends and their state" }
else
set_error("use 'SELECT * FROM help' to see the supported commands")
return proxy.PROXY_SEND_RESULT
end
proxy.response = {
type = proxy.MYSQLD_PACKET_OK,
resultset = {
fields = fields,
rows = rows
}
}
return proxy.PROXY_SEND_RESULT
end
=============================================
5、(1)启动mysql-proxy
[root@www mysql-proxy]#service mysql-proxy start
netstat -tupln | grep 4040 #发现无任何现象,mysql-proxy启动不成功,咋回事呢?
{
杀死相应的PID文件即可,比如/var/run/mysql-proxy.pid
}
在代理机器上面:[root@www lua]# netstat -tnlp
tcp 0 0 0.0.0.0:4041 0.0.0.0:* LISTEN 8026/mysql-proxy
可以看到4041端口,那么其实这是管理端口。对应的管理员的用户和密码参见/etc/sysconfig/mysql-proxy
(2)修改path环境变量
[root@proxy ~]# vim /etc/profile.d/mysql-proxy.sh
export PATH=$PATH:/usr/local/mysql-proxy/bin
[root@proxy ~]# source /etc/profile
[root@proxy ~]# mysql-proxy --help-all
6、排错
(2)很好奇mysql-proxy的日志在哪,一看进程,原来是在系统日志里面
[root@www lua]# ps -aux|grep mysql-proxy
/usr/local/mysql-proxy/libexec/mysql-proxy --daemon --log-level=info --log-use-syslog --plugins=proxy --plugins=admin --proxy-backend-addresses=192.168.186.3:3306 --proxy-read-only-backend-addresses=192.168.186.4:3306 --proxy-lua-script=/usr/local/mysql-proxy/lua/rw-splitting.lua --pid-file=/var/run/mysql-proxy.pid --proxy-address=192.168.186.5:4040 --user=mysql-proxy --admin-username=admin --admin-lua-script=/usr/local/mysql-proxy/lua/admin.lua --admin-password=admin
可以在/etc/sysconfig/mysql-proxy中改动--log-file=/var/log/mysql-proxy.log
(3)登陆到Mysql-proxy的4041管理端口,又报错,初步分析是/usr/local/mysql-proxy/lua/admin.lua脚本有错,查看系统日志,果然,看来必须更换admin.lua
任意客户端登陆即可[root@www libexec]# mysql -uadmin -padmin -h192.168.186.5 -P4041
mysql> select * from backends;
ERROR 1105 (07000): MySQL Proxy Lua script failed to load. Check the error log.
[root@www lua]# tail /var/log/mysql-proxy.log ##这个日志是在/etc/sysconfig/mysql-proxy.log指定的
network-mysqld-lua.c:234: lua_load_file(/usr/local/mysql-proxy/lua/admin.lua) failed: lua-scope.c:241: stat(/usr/local/mysql-proxy/lua/admin.lua) failed: No such file or directory (2)
分析:说了没有这样的文件,你看嘛,结果是文件命名出错了,真尼玛笨呐
{
[root@www lua]# pwd
/usr/local/mysql-proxy/lua
[root@www lua]# ls
admin-sql.lua admin-sql.lua.51cto admin-sql.lua.bak rw-splitting.lua
[root@www lua]# mv admin-sql.lua admin.lua
}
mysql-proxy服务器不用重启,直接在客户端比如slave登陆,mysql -uadmin -padmin -h192.168.186.5 -P4041
mysql> select * from backends;
+-------------+--------------------+---------+------+------+-------------------+
| backend_ndx | address | state | type | uuid | connected_clients |
+-------------+--------------------+---------+------+------+-------------------+
| 1 | 192.168.186.3:3306 | unknown | rw | NULL | 0 |
| 2 | 192.168.186.4:3306 | unknown | ro | NULL | 0 |
+-------------+--------------------+---------+------+------+-------------------+
7、问题解决,测试。
(1)在主机器上:mysql> grant all on *.* to 'mysql-proxy'@'192.168.186.5' identified by '199510';
##给mysql-proxy客户端能在192.168.186.5的这台机器上登陆master机器的权限
master上面:mysql> select user,host from mysql.user;
+-------------+---------------+
| user | host |
+-------------+---------------+
| root | 127.0.0.1 |
| mysql-proxy | 192.168.186.5 |
+-------------+---------------+
##这才是真正有意义查看授权的
(2)从机器上:mysql> stop slave; ##停掉从库,不然数据写入到master上的时候,会复制到从机器上,影响测试
(3)代理机器上,安装mysql,yum install mysql-server,但是在这里下载mysql的原因是,仅仅作为前端客户端进行测试。
[root@www lua]# mysql -umysql-proxy -p199510 -h192.168.186.5 -P4040 ##登录的是代理服务器的4040的端口,但是请求被跳转到master机器上
mysql>use test;
mysql>insert into t1 values(5,'one');
在主机器上:select * from test.t1;可以看到数据,但是在从机器上看不到,因为已经关闭了复制。
(4)在从机器上,mysql -uadmin -padmin -h192.168.186.5 -P4041 只要客户端已登录到代理服务器,便能知晓状态
mysql> select * from backends;
+-------------+--------------------+---------+------+------+-------------------+
| backend_ndx | address | state | type | uuid | connected_clients |
+-------------+--------------------+---------+------+------+-------------------+
| 1 | 192.168.186.3:3306 | up | rw | NULL | 0 |
| 2 | 192.168.186.4:3306 | unknown | ro | NULL | 0 |
+-------------+--------------------+---------+------+------+-------------------+
2 rows in set (0.01 sec)
8、完结测试
(1)启动salve,在从机器上再开一个终端,start slave;
(2)现在有4个终端,一个是在代理服务器上面的4040端口客户端(只有这个是需要主从都授权的,记住是都要,grant all on *.* to 'msyql-proxy'@'192.168.186.5' idientified by '199510'),
[root@www mysql-proxy]# mysql -umysql-proxy -p199510 -h192.168.186.5 -P4040,
##代理服务器本身是需要mysql服务的,但是这里由于机器少原因,选择的测试客户端,不信再开一台机器。
mysql>use test;
mysql> insert into t1 values(4,'two');
(3)一个是在slave机器上登陆的4041管理端口,mysql -uadmin -padmin -h192.168.186.5 -P4041
mysql> select * from backends;
+-------------+--------------------+-------+------+------+-------------------+
| backend_ndx | address | state | type | uuid | connected_clients |
+-------------+--------------------+-------+------+------+-------------------+
| 1 | 192.168.186.3:3306 | up | rw | NULL | 1 |
| 2 | 192.168.186.4:3306 | up | ro | NULL | 0 |
+-------------+--------------------+-------+------+------+-------------------+
2 rows in set (0.01 sec)
都变为up up 了
(3)一个是主机器。
mysql> select * from t1;
+----+------+
| id | name |
+----+------+
| 1 | y |
| 2 | h |
| 3 | c |
| 5 | one |
| 4 | two |
+----+------+
5 rows in set (0.00 sec)
(4)一个是从机器,主从一致。
mysql> select * from t1;
+----+------+
| id | name |
+----+------+
| 1 | y |
| 2 | h |
| 3 | c |
| 5 | one |
| 4 | two |
+----+------+
5 rows in set (0.00 sec)
9、总结:
太不容易了,一直报错啊,无论是主从复制还是读写分离。怎么给面试官讲述测试效果呢?
(1)使用任意一台客户端,登陆mysql-proxy代理服务器的4041管理端口,select * from backends;查看主从机器状态;
(2)然后再使用任意一台客户端,登陆mysql-proxy代理服务器的4040读写分离端口,再进行插入表数据,而后,分别在主从机器
上,查看是否有对应的数据,并且保持一致的功能。
(3)最后,重复(1)步骤,登陆到4041管理端口,观察主从机器状态是否发生了变化,比如Up Up转态
七、部署Zabbix监控
abbix—server服务器:zabbix-web gui(LAMP环境)、zabbix-datatabase(mysql、oracle)、zabbix-server软件,其中三种元素可以分离式部署在不同机器上面。同时,可以监控自己,也可以安装agent。
zabbix-proxy服务器(可选):有自己独立proxy.conf和proxy.log以实现分布式监控的前提。
zabbix-agent服务器:有自己的数据库,zabbix-sender向zabbix-server发送报告,也有自己agent.log和agent.conf配置文件。
zabbix具有自动发现被监控主机功能。zabbix产生的数据只要有四部分:
配置数据、历史数据、历史数据、历史趋势数据
1、Zabbix部署LAMP环境。
源码包安装官网文档: https://www.zabbix.com/documentation/3.2/manual/installation/install
(1)安装授权mysql数据库
[root@zabbix ]# //yum install mysql-server mysql-devel;
===============================================
报错现象:
Error: MariaDB-common conflicts with 1:mariadb-libs-5.5.52-1.el7.x86_64
Error: Package: 1:mariadb-devel-5.5.52-1.el7.x86_64 (base)
Requires: mariadb-libs(x86-64) = 1:5.5.52-1.el7
Installed: MariaDB-shared-10.0.25-1.el7.centos.x86_64 (@Centos7)
mariadb-libs(x86-64) = 1:10.0.25-1.el7.centos
You could try using --skip-broken to work around the problem
You could try running: rpm -Va --nofiles --nodigest
分析:试试不安装Mysql-devel如何?没有Mysql-server,应该安装mariadb-server{依然报错}
安装包发生冲突,必须先移走一些包
解决:[root@zabbix ]# yum remove mariadb-libs MariaDB-common
##再尝试安装数据库
[root@zabbix ]# yum install mariadb-devel mariadb-server
==================================================================
[root@zabbix ~]# systemctl enable mariadb.service ##注意启动的时候是service而不是server
Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.
[root@zabbix ~]# systemctl start mariadb.service
[root@zabbix ]# mysql
MariaDB [(none)]> create datatabase zabbix default charset utf8;
MariaDB [(none)]> grant all on zabbix.* to 'zabbix'@'192.168.%.%' identified by 'zabbix'; ##在授权的同时创建了该用户
MariaDB [(none)]> grant all on zabbix.* to 'zabbix'@'localhost' identified by 'zabbix'; ##使用socket连接,因为数据库也在同一台机器上
MariaDB [(none)]> flush privileges;
[root@zabbix ~]# mysql -uzabbix -p ##测试登录
Enter password:
[root@zabbix mariadb]# yum install httpd httpd-devel httpd-manual -y
[root@zabbix httpd]# cat /var/www/html/index.html
<h1>
this is Zabbix Server,and IP is 192.168.0.24
</h1>
[root@zabbix httpd]# service httpd start
(2)配置zabbix的yum仓库,指明一个baseurl即可,以便为了下载软件方便。
[root@zabbix yum.repos.d]# //cat zabbix.repo
[zabbix]
name=zabbix-repo
baseurl=http://repo.zabbix.com/zabbix/3.2/rhel/7/x86_64/
gpgcheck=0
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
[root@zabbix yum.repos.d]# yum list|grep zabbix
[root@zabbix yum.repos.d]# yum install zabbix-server zabbix-server-mysql zabbix-get zabbix zabbix-web zabbix-web-mysql zabbix-agent zabbix-sender
=======================================================================================
报错现象:
Transaction check error:
file /etc/zabbix/zabbix_agentd.conf conflicts between attempted installs of zabbix22-2.2.16-1.el7.x86_64 and zabbix-agent-3.2.3-1.el7.x86_64
file /usr/bin/zabbix_sender conflicts between attempted installs of zabbix22-2.2.16-1.el7.x86_64 and zabbix-sender-3.2.3-1.el7.x86_64
file /usr/share/man/man1/zabbix_sender.1.gz conflicts between attempted installs of zabbix22-2.2.16-1.el7.x86_64 and zabbix-sender-3.2.3-1.el7.x86_64
file /usr/bin/zabbix_get conflicts between attempted installs of zabbix-get-3.2.3-1.el7.x86_64 and zabbix22-2.2.16-1.el7.x86_64
file /usr/share/man/man1/zabbix_get.1.gz conflicts between attempted installs of zabbix-get-3.2.3-1.el7.x86_64 and zabbix22-2.2.16-1.el7.x86_64
Error Summary
解决:重新更换zabbix的Yum源,在次基础上禁用epel源,因为epel源中也有个zabbix的落后版本
[root@zabbix ~]# rpm -ivh http://repo.zabbix.com/zabbix/3.2/rhel/7/x86_64/zabbix-release-3.2-1.el7.noarch.rpm
====================================================================================================
导入数据库的表结构,注意顺序,首先是scheme>image>data,但是在3.2版本当中,只有一个create.sql.gz
[root@zabbix doc]# rpm -ql zabbix-server-mysql
[root@zabbix ~]# cd /usr/share/doc/zabbix-server-mysql-3.2.3/
[root@zabbix ~]# gunzip create.sql.gz
[root@zabbix ~]# mysql zabbix <create.sql ##默认root密码为空
[root@zabbix zabbix-server-mysql-3.2.3]# mysql
MariaDB [(none)]> use zabbix;
MariaDB [zabbix]> show tables;
[root@zabbix ~]# vim /etc/zabbix/zabbix_server.conf
## DBHost=zabbix ##如果指定为localhost的意思是,数据库也在本机上,那么我们是不需要修改接下来的DBsocket的
DBPassword=zabbix
[root@zabbix ~]# service zabbix-server start
[root@zabbix ~]# systemctl enable zabbix-server
[root@zabbix ~]# netstat -tunlp ##并没有察觉到10051端口处于监听状态
=========================================================
查看日志:[root@zabbix ~]# vim /var/log/zabbix/zabbix-server.log/
3660:20170123:000150.258 [Z3001] connection to database 'zabbix' failed: [1045] Access denied for user 'zabbix'@'zabbix' (using password: YES)
3660:20170123:000150.258 cannot set MySQL character set to "utf8"
3660:20170123:000150.259 database is down: reconnecting in 10 seconds
解决:之前在zabbix_server.conf中指明DBHost=zabbix是不正确的,依然改为DBHost=localhost,因为可以登录到数据库中,mysql -uzabbix -pzabbix ;
show grants查看明显没有对zabbix的这个域名进行授权。
======================================================================
[root@zabbix ~]# vim /etc/php.ini ##
date.timezone =Asia/Shanghai
[root@zabbix ~]# vim /etc/httpd/conf.d/zabbix.conf
php_value date.timezone Asia/Shanghai
[root@zabbix httpd]# service httpd start
[root@zabbix httpd]# systemctl enable httpd ##默认PHP已经安装了,不知道什么时候安装的
在浏览器进行访问zabbix的web界面,http://zabbix-IP/zabbix即可。登录的用户名是admin,密码是zabbix
========================================================
报错:web界面依然提示,Access denied for user 'zabbix'@'zabbix' (using password: YES)
分析:奇了怪了,明明已经改了DBHost,为什么还是不能访问。查看mysql的日志。 依然不行
最后在web界面把Database host由IP地址改为了localhost终于成功了。
==================================================================
(3)是zabbix server监控自己,即把自己作为一个agent。
[root@zabbix ~]# vim /etc/zabbix/zabbix_agentd.conf
Server=127.0.0.1,192.168.0.24 ##此选项用于授权以便为了允许让哪个监控端来此获取数据。
ServerActive=127.0.0.1,192.168.0.24 ##此选项用于向哪个监控端去报告数据,不要把127.0.0.1删了,因为当前既是server又是agent。对于
agent来说,是主动关系,所以是active,从而,上面的server选项是被动关系。
Hostname=zabbix ##指明zabbix被监控端的域名,它是在zabbix的web界面进行显示的, 因为有多个agent,所以域名必须全局唯一
[root@zabbix ~]# service zabbix-agent start
[root@zabbix ~]# systemctl enable zabbix-agent
[root@zabbix ~]# netstat -tnlp|grep 10050
tcp 0 0 0.0.0.0:10050 0.0.0.0:* LISTEN 4939/zabbix_agentd
tcp6 0 0 :::10050 :::* LISTEN 4939/zabbix_agentd
而后,在web界面的[configuration]-[host]即可看到新增加的被监控端,初始是disabled,改为enable host
如果是在分离式主机添加一个agent,那么必须手动在web界面的[configuration]-[host]-create host
可以在[Monitoring]-[Screen]查看多个监控指标的图形情况。
[root@zabbix ~]# netstat -tnulp|awk ' /^tcp/ { a[$NF]++ } END{ for (i in a) {print a[i],i} } '
2 1708/zabbix_server
2 1071/sshd
1 1076/httpd
2 3490/zabbix_agentd
1 2139/mysqld
(4)开启另一台被监控主机
[root@agent yum.repos.d]# yum install zabbix-agent zabiix-sender -y ##centos7.2中不需要安装zabbix公共组件
[root@agent ~]# vim /etc/zabbix/zabbix_agentd.conf
Server=192.168.8.24 ##申明zabbix监控端的IP地址或者域名
ServerActive=192.168.8.24
Hostname=agent.node1 ##申明被监控端的主机名,必须唯一
[root@agent ~]# service zabbix-agent start
[root@agent ~]# systemctl enable zabbix-agent
[root@agent ~]# netstat -tnulp|grep 10050
tcp 0 0 0.0.0.0:10050 0.0.0.0:* LISTEN 3166/zabbix_agentd
tcp6 0 0 :::10050 :::* LISTEN 3166/zabbix_agentd
而后,登录web界面,在[configuration]-[host]右侧创建主机[create host],填入
{
Hostname 192.168.8.23
Visable Name agent.node1
Agent Interface 192.168.8.23 ##依 然填被监控端的IP地址,表示使用zabbix-agent的报告机制完成监控的情况。
Monitor by proxy (no proxy) ##不要启用Proxy代理
Enabled ##打钩。
基本步骤完毕,右侧其他选项可以添加,也可以不添加。
}
最后,nginx部署wordpress论坛来进行测试。
