搭建传统测试LAMP,数据库为架构MHA高可用集群

项目网络结构

搭建传统测试LAMP,数据库为架构MHA高可用集群_第1张图片

1、所有主机间配置免密SSH通信,并验证

[root@web ~]# ssh-keygen -t rsa
The key fingerprint is:
SHA256:CAYd6hlXbWjQ95XFjbVxIPboejQcIUQSRD1EYsC75Js root@web 
[root@web ~]# mv /root/.ssh/id_rsa.pub /root/.ssh/authorized_keys
[root@web ~]# for i in 11 12 13 14 ; do rsync /root/.ssh/* [email protected].$i:/root/.ssh/; done
[email protected]'s password: 
[email protected]'s password: 
[email protected]'s password: 
[email protected]'s password: 
[root@web ~]# for i in 10 11 12 13 14; do  ssh [email protected].$i date; done
Sat Mar  5 12:16:24 CST 2022
Sat Mar  5 12:16:24 CST 2022
Sat Mar  5 12:16:24 CST 2022
Sat Mar  5 12:16:24 CST 2022
Sat Mar  5 12:16:25 CST 2022

2、配置所有主机每隔2个小时与时间服务器120.25.115.20同步时间

[root@web ~]# for i in 10 11 12 13 14; do ssh [email protected].$i echo "* */2 * * * /usr/sbin/ntpdate 120.25.115.20 &> /dev/null" >> /var/spool/cron/root
> done
[root@web ~]# for i in 10 11 12 13 14
> do
> ssh [email protected].$i crontab -l
> done
* */2  * * * /usr/sbin/ntpdate 120.25.115.20 &> /dev/null
* */2  * * * /usr/sbin/ntpdate 120.25.115.20 &> /dev/null
* */2  * * * /usr/sbin/ntpdate 120.25.115.20 &> /dev/null
* */2  * * * /usr/sbin/ntpdate 120.25.115.20 &> /dev/null
* */2  * * * /usr/sbin/ntpdate 120.25.115.20 &> /dev/null
* */2  * * * /usr/sbin/ntpdate 120.25.115.20 &> /dev/null

3、配置web服务器,创建虚拟主机部署discuz论坛,测试可正常访问

  1. 要求discuz论坛所有项目文件,存储到NFS服务器上; NFS在上创建5G大小逻辑卷作为项目文件存储目录
#先获取最新的Discuz
wget https://gitee.com/3dming/DiscuzL/attach_files/Discuz_X3.4_SC_UTF8_20220131.zip
#建立独立的逻辑卷来单独存放Discuz的文件,并通过nfs共享再nfs服务器上
[root@nfs ~]# pvcreate /dev/sdb
  Physical volume "/dev/sdb" successfully created.
[root@nfs ~]# vgcreate vg0 /dev/sdb
  Volume group "vg0" successfully created
[root@nfs ~]# 
[root@nfs ~]# 
[root@nfs ~]# lvcreate -L 15G -n lv0 vg0 
  Logical volume "lv0" created.
[root@nfs ~]# mkdir /nfs_web
[root@nfs ~]# mkfs.xfs /dev/vg0/lv0 
meta-data=/dev/vg0/lv0           isize=512    agcount=4, agsize=983040 blks
         =                       sectsz=512   attr=2, projid32bit=1
         =                       crc=1        finobt=0, sparse=0
data     =                       bsize=4096   blocks=3932160, imaxpct=25
         =                       sunit=0      swidth=0 blks
naming   =version 2              bsize=4096   ascii-ci=0 ftype=1
log      =internal log           bsize=4096   blocks=2560, version=2
         =                       sectsz=512   sunit=0 blks, lazy-count=1
realtime =none                   extsz=4096   blocks=0, rtextents=0
[root@nfs ~]# vim /etc/fstab 
[root@nfs ~]# mount -a
[root@nfs ~]# df -Th | grep lv0
/dev/mapper/vg0-lv0 xfs        15G   44M   15G   1% /nfs_web
[root@nfs nfs_web]# yum -y install unzip nfs-utils rpcbind
[root@nfs nfs_web]# systemctl start nfs-server
[root@nfs nfs_web]# systemctl enable nfs-server
Created symlink from /etc/systemd/system/multi-user.target.wants/nfs-server.service to /usr/lib/systemd/system/nfs-server.service.
[root@nfs nfs_web]# cat /etc/exports
/nfs_web	192.168.152.10(rw)
[root@nfs nfs_web]# showmount -e localhost
Export list for localhost:
/nfs_web 192.168.152.10
#回到web服务器安装nfs客户端,创建本地文件夹,挂载nfs服务器端
[root@web ~]# tail -1 /etc/fstab 
192.168.152.11:/nfs_web	/discuz	nfs	defaults	0	0	
[root@web ~]# mount -a
[root@web ~]# df -Th | grep nfs
192.168.152.11:/nfs_web nfs4       15G   84M   15G   1% /discuz
#挂载成功
[root@web ~]# ls /discuz/
Discuz_X3.4_SC_UTF8_20220131.zip  LICENSE  qqqun.png  readme  readme.html  upload  utility.html
#开始安装httpd、php、mariadb(为了简单安装运行,这里只安装了仓库自带的maridb)
[root@web ~]# yum -y install httpd mariadb-server
Installed:
  httpd.x86_64 0:2.4.6-97.el7.centos.4                                            mariadb-server.x86_64 1:5.5.68-1.el7  
  
#安装php7.0因为linux的yum源不存在php7.x,所以我们首先要更改yum源:
rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
[root@web ~]# yum install php72w php72w-common php72w-fpm php72w-opcache php72w-gd php72w-mysqlnd php72w-mbstring php72w-pecl-redis php72w-pecl-memcached php72w-devel
#查看php版本
[root@nfs ~]# php -v
PHP 7.2.34 (cli) (built: Oct  1 2020 13:37:37) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
    with Zend OPcache v7.2.34, Copyright (c) 1999-2018, by Zend Technologies
[root@web ~]# httpd -v
Server version: Apache/2.4.6 (CentOS)
Server built:   Jan 25 2022 14:08:43
[root@web ~]# rpm -qa | grep mariadb
mariadb-libs-5.5.68-1.el7.x86_64
mariadb-5.5.68-1.el7.x86_64
#先将httpd自带的欢迎界面删除,编写虚拟主机配置文件
[root@web ~]# cd /etc/httpd/conf.d/
[root@web conf.d]# systemctl start httpd mariadb
[root@web conf.d]# systemctl enable httpd mariadb
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.
[root@web conf.d]# ls
autoindex.conf  README  userdir.conf  welcome.conf
[root@web conf.d]# rm -rf welcome.conf 
#在httpd的主配置文件中加入index.php测试是否能正常解析php网页
[root@web conf.d]# vim /etc/httpd/conf/httpd.conf

<IfModule dir_module>
    DirectoryIndex index.php index.html
</IfModule>
[root@web conf.d]# cd /var/www/html/
[root@web html]# vim test.php
<?php
        phpinfo();
?>
[root@web html]# systemctl restart httpd
#测试可以看到版本信息界面
[root@web conf.d]# vim discuz.conf
[root@web conf.d]# httpd -t
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::2d9f:7f97:b91e:9335. Set the 'ServerName' directive globally to suppress this message
Syntax OK
[root@web conf.d]# cat discuz.conf 
<VirtualHost 192.168.152.10:80>
	ServerName	discuz.linux.com
	DocumentRoot	/discuz
	ErrorLog	/var/log/httpd/discuz_error.log
	CustomLog	/var/log/httpd/discuz_access.log combined
</VirtualHost>

<Directory "/discuz">
	Require	all granted
</Directory>
[root@web conf.d]# systemctl restart httpd
#在浏览器输入IP地址192.168.152.10/upload/install测试

搭建传统测试LAMP,数据库为架构MHA高可用集群_第2张图片

#为目录授权,注意要在nfs共享服务器上授权
[root@nfs ~]# chmod -R 777 config/ data/ uc_server/ uc_client/
#回到网页刷新

搭建传统测试LAMP,数据库为架构MHA高可用集群_第3张图片

  1. 要求在安装数据库时为数据目录、二进制日志目录分别准备独立的存储设备
#将两块独立的硬盘分别存数据库的文件和二进制日志文件
[root@web ~]# pvcreate /dev/sdb
  Physical volume "/dev/sdb" successfully created.
[root@web ~]# vgcreate vg0 /dev/sdb
  Volume group "vg0" successfully created
[root@web ~]# lvcreate -L 15G -n lv0 vg0 
  Logical volume "lv0" created.
[root@web ~]# mkdir /logbin_dir
[root@web ~]# mkdir /mysql_dir
[root@web ~]# mkfs.xfs /dev/vg0/lv0 
meta-data=/dev/vg0/lv0           isize=512    agcount=4, agsize=983040 blks
         =                       sectsz=512   attr=2, projid32bit=1
         =                       crc=1        finobt=0, sparse=0
data     =                       bsize=4096   blocks=3932160, imaxpct=25
         =                       sunit=0      swidth=0 blks
naming   =version 2              bsize=4096   ascii-ci=0 ftype=1
log      =internal log           bsize=4096   blocks=2560, version=2
         =                       sectsz=512   sunit=0 blks, lazy-count=1
realtime =none                   extsz=4096   blocks=0, rtextents=0
[root@web ~]# pvcreate /dev/sdc
  Physical volume "/dev/sdc" successfully created.
[root@web ~]# vgcreate vg1 /dev/sdc
  Volume group "vg1" successfully created
[root@web ~]# lvcreate -L 15G -n lv1 vg
vg0  vg1  
[root@web ~]# lvcreate -L 15G -n lv1 vg1 
  Logical volume "lv1" created.
[root@web ~]# mkfs.xfs /dev/vg1/lv1 
meta-data=/dev/vg1/lv1           isize=512    agcount=4, agsize=983040 blks
         =                       sectsz=512   attr=2, projid32bit=1
         =                       crc=1        finobt=0, sparse=0
data     =                       bsize=4096   blocks=3932160, imaxpct=25
         =                       sunit=0      swidth=0 blks
naming   =version 2              bsize=4096   ascii-ci=0 ftype=1
log      =internal log           bsize=4096   blocks=2560, version=2
         =                       sectsz=512   sunit=0 blks, lazy-count=1
realtime =none                   extsz=4096   blocks=0, rtextents=0
[root@web ~]# vim /etc/fstab 
[root@web ~]# mount -a
[root@web ~]# df -Th | grep mapper
/dev/mapper/vg0-lv0     xfs        15G   33M   15G   1% /mysql_dir
/dev/mapper/vg1-lv1     xfs        15G   33M   15G   1% /logbin_dir
[root@web ~]# tail -2 /etc/fstab 
/dev/vg0/lv0	/mysql_dir	xfs	defaults	0	0
/dev/vg1/lv1	/logbin_dir	xfs	defaults	0	0
[root@web ~]# vim /etc/my.cnf
[root@web ~]# head -4 /etc/my.cnf
[mysqld]
#因为后边要部署MHA高可用集群,所以要给每个mysql添加编号
server_id=10
#二进制日志目录
log_bin=/logbin_dir/master
#MySQL服务数据目录
datadir=/mysql_dir
[root@web ~]# chown -R mysql.mysql /mysql_dir/ /logbin_dir/
[root@web ~]# systemctl restart mariadb

#在数据库为discuz授权
[root@web ~]# mysql -uroot
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 2
Server version: 5.5.68-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
#创建数据库
MariaDB [(none)]> create database ultrax;
Query OK, 1 row affected (0.00 sec)
#为discuz创建登录数据库的用户为discuz
MariaDB [(none)]> grant all on ultrax.* to 'discuz'@'localhost' identified by "redhat";
Query OK, 0 rows affected (0.00 sec)
#刷新
MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)
#此时回到网页即安装完成

4、在两个备库与web服务器间的主库配置主从复制,并验证,每个备库都以独立的硬盘来存储数据目录和二进制日志文件

#创建两个备库的操作与上边一样,不再重复操作,注意每个库的server_id,下边在主库往备库同步数据开始
[root@web ~]# mysqldump -uroot --lock-all-table --master-data=2 --all-databases > /tmp/all.sql
[root@web ~]# ls /tmp/
all.sql 
#rsync需要同时安装在机器上才可使用,没有就yum -y install rsync
[root@web ~]# rsync -av /tmp/all.sql [email protected]:/tmp/
sending incremental file list
all.sql

sent 2,763,002 bytes  received 35 bytes  1,105,214.80 bytes/sec
total size is 2,762,241  speedup is 1.00
[root@web ~]# rsync -av /tmp/all.sql [email protected]:/tmp/
#分别为两个备库创建登录主库进行复制的用户
MariaDB [(none)]> grant replication slave on *. * to 'repluser'@'192.168.152.13' identified by "redhat";
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> grant replication slave on *. * to 'repluser'@'192.168.152.14' identified by "redhat";
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)
#分别在两个备库执行如下操作
[root@mysql2 ~]# mysql -uroot
Welcome to the MariaDB monitor.  Commands end with ; or \g.

MariaDB [(none)]> source /tmp/all.sql
#log_file和log_pos的值可在主库中输入" show master status;"查看
#注意两个库使用的是相同的user
MariaDB [(none)]> change master to
    -> master_host="192.168.152.10",
    -> master_user="repluser",
    -> master_password="redhat",
    -> master_log_file="master.0000003",
    -> master_log_pos=2970229;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> start slave;
Query OK, 0 rows affected (0.00 sec)
#至此,数据的主从配置完毕

5、 配置MHA高可用集群,确保在一个服务器宕机的时候会自动切换到其他的服务器上

#下载mha扩展epel扩展库
[root@camha yum.repos.d]# wget -O /etc/yum.repos.d/epel-7.repo http://mirrors.aliyun.com/repo/epel-7.repo
[root@camha yum.repos.d]# yum install perl-DBD-MySQL perl-Config-Tiny perl-Log-Dispatch perl-Parallel-ForkManager perl-Time-HiRes -y
#manager和node包在Github下载后传到虚拟机上,网址:https://github.com/yoshinorim/mha4mysql-manager/wiki/Downloads
[root@camha yum.repos.d]# rpm -ivh mha4mysql-node-0.56-0.el6.noarch.rpm 
Preparing...                          ################################# [100%]
Updating / installing...
   1:mha4mysql-node-0.56-0.el6        ################################# [100%]
[root@camha yum.repos.d]#rpm -ivh mha4mysql-manager-0.56-0.el6.noarch.rpm 
Preparing...                          ################################# [100%]
Updating / installing...
   1:mha4mysql-manager-0.56-0.el6     ################################# [100%]
#这两个包是在MHA服务器上安装的,所以安装两个,node包分别在剩下三个mysql上安装node节点
#分别在每台mysql服务器上为其他三个机器做MHA管理用户登录授权
MariaDB [(none)]> grant all on *.* to 'manager'@'192.168.152.11' identified by 'redhat';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> grant all on *.* to 'manager'@'192.168.152.14' identified by 'redhat';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> grant all on *.* to 'manager'@'192.168.183.12' identified by 'redhat';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> grant all on *.* to 'manager'@'192.168.183.13' identified by 'redhat';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.01 sec)
#创建MHA manager需要的工作目录
[root@mha ~]# mkdir -p /masterha/app1			//保存日志
[root@mha ~]# mkdir /etc/masterha				//配置文件 
#编写配置文件
[root@mha ~]# cat /etc/masterha/app1.cnf

[server default]
manager_workdir=/masterha/app1
manager_log=/masterha/app1/manager.log
user=manager					//指定MHA管理用户,用于获取数据库服务器的运行状态、二进制日志信息等
password=redhat
ssh_user=root					//指定服务器间免密SSH的用户
repl_user=repluser				//指定连接主服务器复制数据时的远程复制用户,也就是slave
repl_password=redhat
ping_interval=1					//检测服务器运行状态的时间间隔,单位秒 

[server1]
hostname=192.168.152.10
port=3306
master_binlog_dir="/logbin_dir"			//指定对应数据库服务器二进制日志存储位置
candidate_master=1							//允许该服务器参选新主服务器 

[server2]
hostname=192.168.152.13
port=3306
master_binlog_dir="/logbin_dir"
candidate_master=1

[server3]
hostname=192.168.152.14
port=3306
master_binlog_dir="/logbin_dir"
candidate_master=1
#开始免密是否配置成功
[root@camha ~]# masterha_check_ssh --conf=/etc/masterha/app1.cnf
Sat Mar  5 16:29:47 2022 - [info] All SSH connection tests passed successfully.
#检查一主两从是否配置成功
[root@camha ~]# masterha_check_repl --conf=/etc/masterha/app1.cnf
MySQL Replication Health is OK.

6、安装配置CA证书服务器

#创建ca需要的数据库文件
[root@camha ~]# touch /etc/pki/CA/index.txt
[root@camha ~]# echo 01 >> /etc/pki/CA/serial
#生成ca自己的密钥
[root@camha ~]# openssl genrsa -out /etc/pki/CA/private/cakey.pem 1024
Generating RSA private key, 1024 bit long modulus
....++++++
...........++++++
e is 65537 (0x10001)
#生成自签证书
[root@camha ~]# openssl req -new -x509 -key /etc/pki/CA/private/cakey.pem -out /etc/pki/CA/cacert.pem -days 3650
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:bj
Locality Name (eg, city) [Default City]:bj
Organization Name (eg, company) [Default Company Ltd]:bj
Organizational Unit Name (eg, section) []:bj
Common Name (eg, your name or your server's hostname) []:ca.linux.com
Email Address []:
#在web服务器上生成自身密钥
[root@web ~]# mkdir /etc/httpd/ssl
[root@web ~]# openssl genrsa -out /etc/httpd/ssl/secret.linux.com.key 2048
#在web上生成证书申请,注意国家和地区需要一致
[root@web ~]# openssl req -new -key /etc/httpd/ssl/secret.linux.com.key -out /etc/httpd/ssl/secret.linux.com.csr
-----
Country Name (2 letter code) [XX]:cn
State or Province Name (full name) []:bj
Locality Name (eg, city) [Default City]:bj
Organization Name (eg, company) [Default Company Ltd]:bj
Organizational Unit Name (eg, section) []:bj
Common Name (eg, your name or your server's hostname) []:secret.linux.com
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
#将证书申请发送给ca服务器
[root@web ~]# rsync -av /etc/httpd/ssl/secret.linux.com.csr [email protected]:/tmp/
sending incremental file list
secret.linux.com.csr

sent 1,095 bytes  received 35 bytes  753.33 bytes/sec
total size is 989  speedup is 0.88
#ca签发证书
[root@camha ~]# openssl ca -in /tmp/secret.linux.com.csr -out /etc/pki/tls/certs/secret.linux.com.crt -days 3650
        Subject:
            countryName               = cn
            stateOrProvinceName       = bj
            organizationName          = bj
            organizationalUnitName    = bj
            commonName                = secret.linux.com
#再将证书发送给web
[root@camha ~]# rsync -av /etc/pki/tls/certs/secret.linux.com.crt [email protected]:/etc/httpd/ssl/
sending incremental file list
secret.linux.com.crt

sent 3,879 bytes  received 35 bytes  7,828.00 bytes/sec
total size is 3,773  speedup is 0.96

7、在web服务器上配置加密虚拟主机,名称为secret.linux.com,并验证可正常访问

#安装mod_ssl
[root@web ~]# yum -y install mod_ssl
#创建secret数据目录,编写主页secret.html
[root@web ~]# mkdir /secret
[root@web ~]# cat /secret/secret.html
<h1>Welcome to Secret's web</h1>
#修改证书名字位置,添加加密网站名字,数据目录
[root@web ~]# vim /etc/httpd/conf.d/ssl.conf
ServerName      secret.linux.com
DocumentRoot    /secret
SSLCertificateFile /etc/httpd/ssl/secret.linux.com.crt
SSLCertificateKeyFile /etc/httpd/ssl/secret.linux.com.key
<Directory "/secret">
        Require all granted
</Directory>
#回到浏览器刷新,可能会出现访问不了的情况,切换谷歌或者火狐,

8、在NFS存储上配置DNS服务,解析所有网站主机名; 最终确保客户端通过该DNS解析可正常访问两个网站

[root@nfs ~]# yum -y install bind bind-chroot
#创建正向区域
[root@nfs ~]# vim /var/named/chroot/etc/named.conf
[root@nfs ~]# cat /var/named/chroot/etc/named.conf
options {
	directory "/var/named";
};

zone "linux.com" {
	type master;
	file "linux.com.zone";
};
#创建正向区域,添加记录
[root@nfs ~]# cp /usr/share/doc/bind-9.11.4/sample/var/named/named.localhost /var/named/chroot/var/named/linux.com.zone
[root@nfs ~]# cat /var/named/chroot/var/named/linux.com.zone
$TTL 1D
@	IN SOA	@ rname.invalid. (
					0	; serial
					1D	; refresh
					1H	; retry
					1W	; expire
					3H )	; minimum
	NS	ns01.linux.com.
ns01	A	192.168.152.11
discuz	A	192.168.152.10
secret	A	192.168.152.10
	A	127.0.0.1
	AAAA	::1
[root@nfs ~]# systemctl restart named named-chroot
#将windows的DNS修改为虚拟机的DNS服务器,在火狐浏览器测试域名https://secret.linux.com和http://discuz.linux.com

r/named/linux.com.zone
[root@nfs ~]# cat /var/named/chroot/var/named/linux.com.zone
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns01.linux.com.
ns01 A 192.168.152.11
discuz A 192.168.152.10
secret A 192.168.152.10
A 127.0.0.1
AAAA ::1
[root@nfs ~]# systemctl restart named named-chroot
#将windows的DNS修改为虚拟机的DNS服务器,在火狐浏览器测试域名https://secret.linux.com和http://discuz.linux.com


你可能感兴趣的:(数据库,架构,服务器)