test
公司共有兩個業務,網上圖書館和一個電商網站。php
現要求運維設計一個安全架構,本着高可用、廉價的原則。html
具體狀況以下:mysql
網上圖書館是基於jsp開發;linux
電商系統是基於php開發;nginx
兩個網站都是使用的mysql數據庫;web
要求你提供一個高可用且廉價的架構方案,部署分發業務到外網;sql
請畫出拓撲圖及經過虛擬機搭建測試環境。數據庫
目錄apache
一. 系統概述 1tomcat
1. 服務器的配置以及信息 1
二 各模塊的分析 4
1. lb模塊(2個項目共用) 4
三 項目搭建(網上圖書館) 5
1. 安裝JDK ,tomcat nginx (web1 web2同樣安裝) 5
2. 共享文件服務器(nfs)安裝 7
3. nfs共享文件裏面的數據實時同步到backup服務器上 8
4. 安裝mysql 10
四 項目搭建(電商系統) 11
1. 安裝 nginx php (web3 web4同樣安裝) 11
2. mysql 建立一個支持php的數據庫 13
3. 掛載文件服務器 13
4. 圖片和文件資源放在/data 目錄下 13
五 搭建負載均衡器(nginx + keepalived) 14
1. 安裝nginx keepalived 14
2. 修改nginx的配置文件(2臺nginx都同樣) 14
3. 編寫腳本 15
4配置keepalived 15
一. 系統概述
1. 服務器的配置以及信息
| 系統 |
配置 |
ip |
模塊名 |
| CentOS release 6.5 64位 |
1核1G 50G 硬盤 |
172.16.1.5/10.0.0.5 |
lb01 |
| CentOS release 6.5 64位 |
1核1G 50G 硬盤 |
172.16.1.6/10.0.0.6 |
lb02 |
| CentOS release 6.5 64位 |
1核1G 50G 硬盤 |
172.16.1.7/10.0.0.7 |
web01 |
| CentOS release 6.5 64位 |
1核1G 50G 硬盤 |
172.16.1.8/10.0.0.8 |
web02 |
| CentOS release 6.5 64位 |
1核1G 50G 硬盤 |
172.16.1.9/10.0.0.9 |
web03 |
| CentOS release 6.5 64位 |
1核1G 50G 硬盤 |
172.16.1.10/10.0.0.10 |
web04 |
| CentOS release 6.5 64位 |
1核1G 50G 硬盤 |
172.16.1.31/10.0.0.31 |
NFS |
| CentOS release 6.5 64位 |
1核1G 50G 硬盤 |
172.16.1.41/10.0.0.41 |
BACKUP |
| CentOS release 6.5 64位 |
1核1G 50G 硬盤 |
172.16.1.51/10.0.0.51 |
db |
2. 安裝的軟件信息
| 軟件的名稱 |
版本 |
備註 |
| mysql |
5.6.34 |
64位 |
| nginx |
1.12.2 |
64位 |
| keepalived |
1.2.13-5 |
64位 |
| nfs-utils |
1.2.3-39 |
64位 |
| rpcbind |
0.2.0-11 |
64位 |
| php |
5.5.32 |
64位 |
| tomcat |
8.0.43 |
64位 |
| jdk |
1.8.0_161 |
64位 |
| wordpress |
4.7.3 |
64位 |
3.項目架構
圖一
圖二:
二 各模塊的分析
1. lb模塊(2個項目共用)
1) lb模塊採用的負載均衡機制, 運用了vrrp(路由冗餘協議), 保證一臺宕機 不影響業務的運轉, 基於併發量的考慮咱們這邊使用了(keepalived+nginx)這種架構, 當後面併發上來,能夠考慮換成(Keepalived + LVS )架構, 或者商業硬件,好比F5,A10之類的。
2) 咱們這裏作了互爲主備配置
| lb的物理ip |
主 |
備 |
虛擬ip |
| 172.16.1.5/10.0.0.5(lb01) |
網上圖書館 |
電商系統 |
10.0.0.3 |
| 172.16.1.6/10.0.0.6(lb02) |
電商系統 |
網上圖書館 |
10.0.0.4 |
2. 網上圖書館業務處理模塊
基於安全考慮nginx 反向代理tomcat, 把tomcat放在後面, 不直接對外開放, 一些須要用到的圖片資源,文件資源, 用共享文件服務器(nfs),而後數據直接同步到備份服務器。數據直接寫入主mysql,從從mysql裏面讀數據。咱們這裏直接就一臺mysql, 沒有作讀寫分離
| 主機名 |
安裝的軟件 |
ip |
| web01 |
tomcat+ jdk + nginx |
172.16.1.7/10.0.0.7 |
| web02 |
tomcat+ jdk + nginx |
172.16.1.8/10.0.0.8 |
| nfs01 |
nfs-utils rpcbind rsync sersync |
172.16.1.31/10.0.0.31 |
| backup |
rsync |
172.16.1.41/10.0.0.41 |
| db |
mysql |
172.16.1.51/10.0.0.51 |
3. 電商系統業務處理模塊
一些須要用到的圖片資源,文件資源, 用共享文件服務器(nfs), 而後數據直接同步到備份服務器。 數據直接寫入主mysql,從從mysql裏面讀數據。咱們這裏直接就一臺mysql,沒有作讀寫分離
| 主機名 |
安裝的軟件 |
ip |
| web03 |
nginx+ php |
172.16.1.7/10.0.0.7 |
| web04 |
nginx+ php |
172.16.1.8/10.0.0.8 |
| nfs01 |
nfs-utils rpcbind rsync sersync |
172.16.1.31/10.0.0.31 |
| backup |
rsync |
172.16.1.41/10.0.0.41 |
| db |
mysql |
172.16.1.51/10.0.0.51 |
三 項目搭建(網上圖書館)
1. 安裝JDK ,tomcat nginx (web1 web2同樣安裝)
#解壓tomcat到/application目錄下
[root@web01 tools]# tar -xf apache-tomcat-8.0.43.tar.gz -C /application/
#解壓JDK 並配置環境變量
[root@web01 tools]# tar -xf jdk-8u161-linux-x64.tar.gz
[root@web01 tools]# tail -2 /etc/profile
export JAVA_HOME=/server/tools/jdk1.8.0_161
export PATH=$JAVA_HOME/bin:$PATH
#啓動tomcat
/application/apache-tomcat-8.0.43/bin/startup.sh
#查看進程
[root@web01 bin]# ps -ef | grep tomcat
#安裝nginx
yum install -y pcre-devel openssl-devel
useradd www -s /sbin/nologin/ -M
cd /server/tools&& cd /server/tools
wget http://nginx.org/download/nginx-1.12.2.tar.gz
tar xf nginx-1.12.2.tar.gz
#編譯安裝
./configure --prefix=/application/nginx-12.2 --user=www --group=www --with-http_ssl_module --with-http_stub_status_module
make && make install
#軟鏈接
ln -s /application/nginx-1.12.2 /application/nginx
#編寫nginx.conf
[root@web01 nginx]# cat conf/nginx.conf
worker_processes 1;
error_log logs/test_error.log error;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main;
upstream tomcat {
server localhost:8080;
}
server {
listen 80;
server_name localhost;
root html;
index index.html index.htm;
location / {
proxy_pass http://tomcat;
proxy_set_header host $host;
}
}
}
#啓動nginx
/application/nginx/sbin/nginx -t
/application/nginx/sbin/nginx
2. 共享文件服務器(nfs)安裝
#下載 nfs-utils rpcbind
[root@nfs01 ~]# yum install -y nfs-utils rpcbind
#驗證是否安裝
[root@nfs01 ~]# rpm -qa nfs-utils rpcbind
rpcbind-0.2.0-12.el6.x86_64
nfs-utils-1.2.3-70.el6_8.2.x86_64
#啓動rpcbind 再啓動nfs
/etc/init.d/rpcbind start
/etc/init.d/nfs start
#配置文件/etc/exports /backup網上圖書館 /backup1電商系統
[root@nfs01 ~]# cat /etc/exports
/backup 172.16.1.31/24(rw,sync,all_squash)
/backup1 172.16.1.31/24(rw,sync,all_squash)
#其餘主機測試
[root@web02 tools]# showmount -e 172.16.1.31
Export list for 172.16.1.31:
/backup1 172.16.1.31/24
/backup 172.16.1.31/24
#受權
[root@nfs01 ~]# chown -R nfsnobody.nfsnobody /backup
[root@nfs01 ~]# chown -R nfsnobody.nfsnobody /backup1
#web01 web02 掛載
[root@web01 nginx]# mount -t nfs 172.16.1.31:/backup /data
[root@web01 nginx]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda3 49G 2.7G 43G 6% /
tmpfs 491M 0 491M 0% /dev/shm
/dev/sda1 194M 34M 151M 19% /boot
172.16.1.31:/backup 49G 2.2G 44G 5% /data
3. nfs共享文件裏面的數據實時同步到backup服務器上
#服務端確認軟件是否安裝
[root@backup backup]# rpm -qa rsync
rsync-3.0.6-9.el6_4.1.x86_6
#編寫配置文件
[root@backup backup]# cat /etc/rsyncd.conf
#rsync_config
uid = rsync
gid = rsync
use chroot = no
max connections = 200
timeout = 300
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock
log file = /var/log/rsyncd.log
ignore errors
read only = false
list = false
hosts allow = 172.16.1.0/24
hosts deny = 0.0.0.0/32
auth users = rsync_backup
secrets file = /etc/rsync.password
[backup]
comment = "網上圖書館"
path = /backup
[backup1]
comment = "電商系統"
path = /backup1
#建立用戶
[root@backup backup]# useradd rsync -M -s /sbin/nologin
#建立備份目錄
[root@backup backup]# mkdir /backup /backup1
[root@backup backup]# chown -R rsync.rsync /backup
[root@backup backup]# chown -R rsync.rsync /backup1
#建立認證文件
[root@backup backup]# echo "rsync_backup:oldboy123" >>/etc/rsync.password
[root@backup backup]# chmod 600 /etc/rsync.password
#啓動
[root@backup backup]# rsync --daemon
#客戶端確認軟件是否安裝 nfs服務器上
[root@nfs01 ~]# rpm -qa rsync
rsync-3.0.6-9.el6_4.1.x86_64
#客戶端建立密碼
echo "oldboy123" >>/etc/rsync.password
chmod 600 /etc/rsync.password
#測試
[root@nfs01 ~]# rsync -avz /etc/hosts rsync_backup@172.16.1.41::backup --password-file=/etc/rsync.password
sending incremental file list
hosts
sent 189 bytes received 27 bytes 432.00 bytes/sec
total size is 352 speedup is 1.63
#基於企業中經常使用sersync
#nfs服務器 安裝sersync軟件
#下載安裝 sersync
unzip sersync_installdir_64bit.zip
cd sersync_installdir_64bit/
mv sersync/ /usr/local/
cd /usr/local/sersync/conf/;ls
confxml.xml
#修改的配置文件 起2個配置文件
[root@nfs01 conf]# cat /usr/local/sersync/conf/confxml.xml
<sersync>
<localpath watch="/backup">
<remote ip="172.16.1.41" name="backup"/>
<!--<remote ip="192.168.8.39" name="tongbu"/>-->
<!--<remote ip="192.168.8.40" name="tongbu"/>-->
</localpath>
<rsync>
<commonParams params="-az"/>
<auth start="true" users="rsync_backup" passwordfile="/etc/rsync.password"/>
<userDefinedPort start="false" port="874"/><!-- port=874 -->
<timeout start="false" time="100"/><!-- timeout=100 -->
<ssh start="false"/>
</rsync>
[root@nfs01 conf]# cat /usr/local/sersync/conf/confxml_backup1.xml
<sersync>
<localpath watch="/backup1">
<remote ip="172.16.1.41" name="backup1"/>
<!--<remote ip="192.168.8.39" name="tongbu"/>-->
<!--<remote ip="192.168.8.40" name="tongbu"/>-->
</localpath>
<rsync>
<commonParams params="-az"/>
<auth start="true" users="rsync_backup" passwordfile="/etc/rsync.password"/>
<userDefinedPort start="false" port="874"/><!-- port=874 -->
<timeout start="false" time="100"/><!-- timeout=100 -->
<ssh start="false"/>
</rsync>
4. 安裝mysql
#解壓安裝
tar xf mysql-5.6.34-linux-glibc2.5-x86_64.tar.gz
mv mysql-5.6.34-linux-glibc2.5-x86_64 /application/mysql-5.6.34
ln -sf /application/mysql-5.6.34/ /application/mysql
#建立用戶
useradd mysql -M -s /sbin/nologin
chown -R mysql.mysql /application/mysql/data/
#初始化數據庫
/application/mysql/scripts/mysql_install_db --basedir=/application/mysql --datadir=/application/mysql/data/ --user=mysql
#啓動mysql服務
cp /application/mysql/support-files/mysql.server /etc/init.d/mysqld
sed -ri 's#/usr/local#/application#g' /etc/init.d/mysqld /application/mysql/bin/mysqld_safe
cp /application/mysql/support-files/my-default.cnf /etc/my.cnf
/etc/init.d/mysqld start
#設置密碼
/application/mysql/bin/mysqladmin -uroot password "oldboy123"
/application/mysql/bin/mysql -uroot -poldboy123
#設置MySQL開機自啓動
chkconfig --add mysqld
chkconfig mysqld on
#配置環境變量
echo 'export PATH=/application/mysql/bin:$PATH' >>/etc/profile
source /etc/profile
#建立一個對應的項目庫
mysql> create database on_library;
Query OK, 1 row affected (0.00 sec)
四 項目搭建(電商系統)
1. 安裝 nginx php (web3 web4同樣安裝)
安裝nginx 忽略
安裝php
#安裝依賴包
yum install -y zlib-devel libxml2-devel libjpeg-devel libjpeg-turbo-devel libiconv-devel freetype-devel libpng-devel gd-devel libcurl-devel libxslt-devel libmcrypt-devel mhash mcrypt mysql-libs mysql-devel
#安裝libiconv軟件
tar zxf libiconv-1.14.tar.gz
cd libiconv-1.14
./configure --prefix=/usr/local/libiconv
make
make install
cd ../
#安裝php
[root@web04 php-5.5.32]# tar -xf php-5.5.32.tar.gz
[root@web04 php-5.5.32]# cd php-5.5.32
./configure \
--prefix=/application/php-5.5.32 \
--with-pdo-mysql=mysqlnd \
--with-iconv-dir=/usr/local/libiconv \
--with-freetype-dir \
--with-jpeg-dir \
--with-png-dir \
--with-zlib \
--with-libxml-dir=/usr \
--enable-xml \
--disable-rpath \
--enable-bcmath \
--enable-shmop \
--enable-sysvsem \
--enable-inline-optimization \
--with-curl \
--enable-mbregex \
--enable-fpm \
--enable-mbstring \
--with-mcrypt \
--with-gd \
--enable-gd-native-ttf \
--with-openssl \
--with-mhash \
--enable-pcntl \
--enable-sockets \
--with-xmlrpc \
--enable-soap \
--enable-short-tags \
--enable-static \
--with-xsl \
--with-fpm-user=www \
--with-fpm-group=www \
--enable-ftp \
--enable-opcache=no \
--with-mysql
#軟鏈接
ln -s /application/php-5.5.32/ /application/php
#.配置php
cp php.ini-production /application/php-5.5.32/lib/
cd /application/php/etc/
cp php-fpm.conf.default php-fpm.conf
#啓動php程序服務
/application/php/sbin/php-fpm
#修改nginx支持php解析
[root@web02 html]# cat ../conf/nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name localhost;
root html;
index index.php index.html index.htm;
location ~* .*\.(php|php5)?$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi.conf;
}
}
}
#php測試代碼
[root@web04 html]# cat /application/nginx/html/test_info.php
<?php
phpinfo();
?>
2. mysql 建立一個支持php的數據庫
create database php_data
3. 掛載文件服務器
[root@web04 ~]# mkdir /data
[root@web04 ~]# mount -t nfs 172.16.1.31:/backup1 /data
4. 圖片和文件資源放在/data 目錄下
五 搭建負載均衡器(nginx + keepalived)
1. 安裝nginx keepalived
nginx 安裝忽略
yum install keepalived -y
#須要實現監聽本地網卡上沒有的ip地址(lb1 lb2都修改)
echo 'net.ipv4.ip_nonlocal_bind = 1' >>/etc/sysctl.conf
sysctl -p
2. 修改nginx的配置文件(2臺nginx都同樣)
[root@lb01 ~]# cat /application/nginx/conf/nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
upstream on{
server 10.0.0.7:80;
server 10.0.0.8:80;
}
server {
listen 10.0.0.3:80;
server_name localhost;
root html;
index index.html index.htm;
location /{
proxy_pass http://on;
proxy_set_header host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
server {
listen 10.0.0.4:80;
server_name localhost;
root html;
index index.html index.htm;
location /{
proxy_pass http://oldboy;
proxy_set_header host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
}
3. 編寫腳本
#實現當nginx掛了 同時停對應的Keepalived
[root@lb01 ~]# cat /server/scripts/check_web.sh
#!/bin/bash
web_info=$(ps -ef|grep [n]ginx|wc -l)
if [ $web_info -lt 2 ]
then
/etc/init.d/keepalived stop
fi
[root@lb01 ~]# chmod +x /server/scripts/check_web.sh
4配置keepalived
#實現高可用互爲主備
#lb1
! Configuration File for keepalived
global_defs {
router_id lb01
}
vrrp_script check_web {
#定義一個監控腳本,腳本必須有執行權限
script "/server/scripts/check_web.sh"
#指定腳本間隔時間
interval 2
#腳本執行完成,讓優先級值和權重值進行運算,從而實現主備切換
weight 2
}
vrrp_instance gorup01 {
state MASTER
interface eth0
virtual_router_id 51
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3/24 dev eth0 label eth0:1
}
track_script {
check_web
}
}
vrrp_instance gorup02 {
state BACKUP
interface eth0
virtual_router_id 52
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.4/24 dev eth0 label eth0:2
}
track_script {
check_web
}
#
}
#lb2
! Configuration File for keepalived
global_defs {
router_id lb02
}
vrrp_script check_web {
#定義一個監控腳本,腳本必須有執行權限
script "/server/scripts/check_web.sh"
#指定腳本間隔時間
interval 2
#腳本執行完成,讓優先級值和權重值進行運算,從而實現主備切換
weight 2
}
vrrp_instance gorup01 {
state BACKUP
interface eth0
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3/24 dev eth0 label eth0:1
}
track_script {
check_web
}
}
vrrp_instance gorup02 {
state MASTER
interface eth0
virtual_router_id 52
priority 150
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.4/24 dev eth0 label eth0:2
}
track_script {
check_web
}
}
[root@lb02 conf]# netstat -tulnp | grep nginx
tcp 0 0 10.0.0.4:80 0.0.0.0:* LISTEN 71920/nginx
tcp 0 0 10.0.0.3:80 0.0.0.0:* LISTEN 71920/nginx
- 1. Hypothesis test-----T-test
- 2. go test test & benchmark
- 3. test
- 4. Test
- 5. TEST
- 更多相關文章...
- • ASP Contents.Remove 方法 - ASP 教程
- • XQuery 選擇 和 過濾 - XQuery 教程
- • Git五分鐘教程
- • Docker容器實戰(七) - 容器眼光下的文件系統
-
每一个你不满意的现在,都有一个你没有努力的曾经。