admin 管理员组文章数量: 1184232
相关
# 第一阶段考核-实验-模拟题
## 考核背景
在内容消费与创作需求爆发的当下,**博客平台**已成为个人知识分享、品牌内容沉淀与垂直领域社群构建的核心载体。随着全球博客创作者规模预计 2025 年突破 5 亿人,个人博主与中小型内容团队亟需通过轻量化博客平台打破流量获取的渠道限制与技术开发的门槛壁垒。
**LNMP(Linux+Nginx+MySQL+PHP)架构**凭借其开源免费、稳定高效的特性,成为构建轻量化博客平台的理想技术方案。该技术组合不仅能有效降低 70% 以上的初期部署成本,其完善的生态系统还支持快速集成文章编辑、评论互动、内容检索等核心功能,完美契合日均万级访问量的博客运营需求。
## 考核内容
1. 博客平台部署
2. 博客平台维护
## 实验环境
### 实验拓扑
### 主机清单
| 主机名 | IP 地址 | 角色 |
| ------------------ | --------- | ---------------------------------- |
| ha1.linux.com | 10.1.8.41 | 负载均衡器和高可用服务器-1 |
| ha2.linux.com | 10.1.8.42 | 负载均衡器和高可用服务器-2 |
| proxy1.linux.com | 10.1.8.43 | 代理服务器-1 |
| proxy2.linux.com | 10.1.8.44 | 代理服务器-2 |
| company1.linux.com | 10.1.8.45 | 公司站点服务器-1 |
| company2.linux.com | 10.1.8.46 | 公司站点服务器-2 |
| blog1.linux.com | 10.1.8.47 | 博客站点服务器-1 |
| blog2.linux.com | 10.1.8.48 | 博客站点服务器-2 |
| db1.linux.com | 10.1.8.49 | 数据库服务器-1 |
| db2.linux.com | 10.1.8.50 | 数据库服务器-2 |
| storage.linux.com | 10.1.8.51 | 存储服务器(NFS、iSCSI、yum仓库) |
| backup.linux.com | 10.1.8.52 | 备份服务器(备份博客和数据库数据) |
| network.linux.com | 10.1.8.53 | 网络服务器(DHCP、DNS) |
| client.linux.com | 10.1.8.54 | 测试客户端 |
| 虚拟主机 | IP 地址 | 角色 |
| ------------- | ---------- | ------------ |
| yum.linux.com | 10.1.8.51 | yum 仓库 |
| dns.linux.com | 10.1.8.53 | DNS 服务器 |
| www.linux.com | 10.1.8.100 | 站点服务器 |
| db.linux.com | 10.1.8.200 | 数据库服务器 |
/etc/hosts
```bash
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
################# web cluster #################
10.1.8.41 ha1.linux.com ha1
10.1.8.42 ha2.linux.com ha2
10.1.8.43 proxy1.linux.com proxy1
10.1.8.44 proxy2.linux.com proxy2
10.1.8.45 company1.linux.com company1
10.1.8.46 company2.linux.com company2
10.1.8.47 blog1.linux.com blog1
10.1.8.48 blog2.linux.com blog2
10.1.8.49 db1.linux.com db1
10.1.8.40 db2.linux.com db2
10.1.8.41 storage.linux.com storage
10.1.8.41 yum.linux.com yum
10.1.8.42 backup.linux.com backup
10.1.8.43 network.linux.com network
10.1.8.43 dns.linux.com dns
10.1.8.44 client.linux.com client
10.1.8.100 www.linux.com www
10.1.8.200 db.linux.com db
```
### 环境准备
按以下要求准备以上主机:
1. 所有节点配置:
- 最小化安装 CentOS 7。√
- 关闭 SELinux 和防火墙。√
- 确保时间准确。√
- 删除系统自带的所有 yum 仓库(**保留epel仓库**)。√
- 网关设置为 **10.1.8.2**,DNS设置为 **10.1.8.53**。**network.linux.com** 节点 DNS 设置为 **223.5.5.5**。√
- 命令提示符设置为 `PS1='[\u@\[\e[32m\]\h\[\e[0m\] \W \t]\$ '`。
在 /etc/bashrc最后添加一行 √
```bash
PS1='[\u@\[\e[32m\]\h\[\e[0m\] \W \t]\$ '
```
2. **storage.linux.com** 节点额外配置 5 块、容量 20G 的 SATA 硬盘。√
3. 按以上要求配置主机名和IP地址。参考脚本:
```bash
#!/bin/bash
# 以 root 身份运行
[ $UID -ne 0 ] && echo 'Please run as root.' && exit 1
# 指定接口名称
interface=ens33
# 指定域名称
domain=linux.com
# 脚本使用说明
usage (){
echo "Usage: $0 21-34"
exit 1
}
# 设置 IP 地址
function set_ip () {
if [ $1 -eq 33 ];then
dns=223.5.5.5
else
dns=10.1.8.53
fi
if [ $# -eq 0 ]; then
usage
else
nmcli connection modify ${interface} connection.autoconnect on ipv4.method manual ipv4.addresses 10.1.8.$1/24 ipv4.gateway 10.1.8.2 ipv4.dns $dns
nmcli connection up ${interface} &>/dev/null
fi
}
# 设置主机名
function set_hostname () {
# 获取主机名
case $1 in
41|42)
HOSTNAME=ha$[ $1 - 40 ].$domain
;;
43|44)
HOSTNAME=proxy$[ $1 - 42 ].$domain
;;
45|46)
HOSTNAME=company$[ $1 - 44 ].$domain
;;
47|48)
HOSTNAME=blog$[ $1 - 46 ].$domain
;;
49|50)
HOSTNAME=db$[ $1 - 48 ].$domain
;;
51)
HOSTNAME=storage.$domain
;;
52)
HOSTNAME=backup.$domain
;;
53)
HOSTNAME=network.$domain
;;
54)
HOSTNAME=client.$domain
;;
*)
usage
;;
esac
# 设置主机名
hostnamectl set-hostname $HOSTNAME
}
# 定义 main 函数调用功能函数
function main() {
# 设置主机名
set_hostname $1
# 设置 IP
set_ip $1
# 显示修改结果
bash -c 'clear;hostname;echo;ip -br a;echo'
# 关机打快照
while true
do
echo -ne "Press the \033[1;31mEnter\033[0;39m key, and the system will shut down in 5 seconds.";read
echo -e "Press \033[1;35mCTRL+C\033[0;39m to cancel the shutdown."
for i in {5..1}
do
echo "The system will shut down in $i seconds."
sleep 1
done
echo "Shutdown system Now." && init 0
done
}
# 执行 main 函数
main $*
```
## 考核要求
1. 本次考试允许可以借助一切外部资源,但禁止与人(包括AI)讨论。
2. 考试截止时间 17:30。
3. 题目实现的过程和结果以命令行代码方式写入 markdown 文件中,**网站验证结果需截图**。
4. 先将 markdown 格式答卷字体调整为14号,再导出为pdf。
文件名格式: **第一阶段考核-实验-姓名.pdf**
5. 考试过程需全程全屏录屏,文件名为:**第一阶段考核-实验-姓名.mp4**
6. 将考试结果 pdf 文档和 mp4 视频上传到QQ群目录 《第一阶段考核-实验-答卷》。
## 考核内容
### 配置-存储服务器(25)
**配置节点**:storage.linux.com。
1. **配置本地仓库。**(4)
- 挂载 CentOS 7 光盘到 /usr/local/nginx/html/dvd 目录,并设置光盘开机自动挂载。
```bash
[root@network ~ 17:04:06]# mkdir -p /usr/local/nginx/html/dvd
[root@network ~ 17:04:36]# mount /dev/sr0 /usr/local/nginx/html/dvd
mount: /dev/sr0 is write-protected, mounting read-only
[root@storage ~ 09:13:56]# vim /etc/fstab
# 添加下面一行内容
/dev/sr0 /usr/local/nginx/html/dvd iso9660 defaults 0 0
```
- 配置仓库来源于 /usr/local/nginx/html/dvd 目录。
```bash
[root@storage yum.repos.d 09:33:26]# mkdir backup
[root@storage yum.repos.d 09:33:55]# mv epel.repo backup
[root@storage yum.repos.d 09:35:57]# vim dvd.repo
[dvd]
name=dvd from local
baseurl=file:///usr/local/nginx/html/dvd
enabled=1
gpgcheck=0
```
2. **通过 nginx 提供 yum 仓库 。**(6)
- 通过源码部署 nginx 到 /usr/local/nginx。
> nginx-1.24.0.tar.gz 源码找老师获取。
```bash
yum install -y gcc make pcre-devel zlib-devel
tar -xf nginx-1.24.0.tar.gz
cd nginx-1.24.0/
./configure --prefix=/usr/local/nginx
make && make install
```
- 配置nginx通过systemd管理,并设置 nginx 服务开机启动。
```bash
[root@storage ~ 09:43:23]# cp /usr/lib/systemd/system/sshd.service /etc/systemd/system/nginx.service
[root@storage ~ 09:51:01]# vim /etc/systemd/system/nginx.service
# 修改为以下内容
[Unit]
Description=nginx server daemon
[Service]
Type=forking
ExecStart=/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/usr/local/nginx/sbin/nginx -s quit
[Install]
WantedBy=multi-user.target
[root@storage ~ 09:54:33]# systemctl daemon-reload
[root@storage ~ 09:54:46]# systemctl enable nginx.service --now
```
- **配置其他所有节点**仓库来源于 。
~~~bash
[root@ha1 yum.repos.d 10:06:52]# cat > /etc/yum.repos.d/remote.repo << 'EOF'
> [remote-dvd]
> name=CentOS 7 Remote DVD Repository from Nginx
> baseurl=
> enabled=1
> gpgcheck=0
> EOF
44 vim /etc/hosts
46 systemctl daemon-reload
57 yum install -y tree
~~~
> yum.linux.com 对应ip 为 10.1.8.51,也就是存储节点,域名解析最终由DNS服务器提供。
**提示**:
- 如果 nginx 服务想支持显示目录中文件清单,需要在配置文件中做如下修改,并重启服务:
在
~~~bash
vim /usr/local/nginx/conf/nginx.conf
~~~
```bash
http {
# 添加如下参数
autoindex on;
......
}
```
3. **配置 raid 存储**。(2)
使用sdb、sdc、sdd、sde、sdf创建 raid5 设备md5。
```bash
[root@storage ~ 09:55:52]# yum install -y mdadm
[root@storage ~ 10:26:48]# mdadm --create /dev/md5 --level 5 --raid-devices 5 /dev/sd{b..f}
```
4. **配置 NFS 共享存储**。(8)
- 准备NFS 共享目录1:/webapp/blog(3)
- 在设备md5上创建分区1,容量为20G,格式化为 xfs 文件系统,持久化挂载在 /webapp/blog。
- 将 wordpress-4.8-zh_CN.zip 中 wordpress 中所有文件提取到 /webapp/blog 中。
- 只允许 web 服务器上 nginx 账户读写访问该目录,其他账户只能读该目录。
```bash
[root@storage ~ 10:34:07]# parted /dev/md5 mklabel gpt
[root@storage ~ 10:34:55]# parted /dev/md5 mkpart data01 xfs 0% 20G
[root@storage ~ 10:41:11]# mkfs.xfs /dev/md5p1
[root@storage ~ 10:43:56]# mkdir -p /webapp/blog
[root@storage ~ 10:41:53]# vim /etc/fstab
# 添加
/dev/md5p1 /webapp/blog xfs defaults 0 0
[root@storage ~ 10:56:04]# unzip wordpress-4.9.4-zh_CN.zip
[root@storage ~ 10:54:36]# cp -rf wordpress/* /webapp/blog/
[root@storage ~ 10:56:49]# useradd -r -s /sbin/nologin nginx
[root@storage ~ 10:57:07]# chown -R nginx:nginx /webapp/blog
[root@storage ~ 10:57:21]# chmod -R 755 /webapp/blog
在 Web 服务器上执行
bash
# 1. 创建相同的组(GID=996)
groupadd -g 996 nginx
# 2. 创建相同的用户(UID=998)
useradd -r -s /sbin/nologin -u 998 -g 996 nginx
```
- 准备NFS 共享目录2:/webapp/company(3)
- 在设备md5上创建分区2,容量为20G,格式化为 ext4 文件系统,持久化挂载在 /webapp/company。
- 将欢迎词 `Welcome to Linux Cloud Company.` 写入文件 /webapp/company/index.html 中。
- 只允许 web 服务器上 nginx 账户读写访问该目录,其他账户只能读该目录。
```bash
[root@storage ~ 11:05:32]# parted /dev/md5 mkpart data02 ext4 20G 40G
[root@storage ~ 11:05:32]# mkfs.ext4 /dev/md5p2
[root@storage ~ 11:05:25]# mount /dev/md5p2 /webapp/company
[root@storage ~ 11:06:37]# vim /etc/fsta
/dev/md5p2 /webapp/company ext4 defaults 0 0
[root@storage ~ 11:07:25]# echo Welcome to Linux Cloud Company. > /webapp/company/index.html
[root@storage ~ 11:08:34]# chown -R nginx:nginx /webapp/company
[root@storage ~ 11:09:12]# chmod -R 755 /webapp/blog
```
- 配置 NFS 共享:允许 10.1.8.0/24 网段访问共享目录 /webapp/company和/webapp/blog。(2)
```bash
[root@storage ~ 18:40:14]# cat /etc/exports
/webapp/company 10.1.8.0/24(rw,sync,no_root_squash,no_all_squash,insecure)
/webapp/blog 10.1.8.0/24(rw)
[root@storage ~ 11:14:10]# systemctl enable nfs-server --now
```
提示:文件 wordpress-4.8-zh_CN.zip 找考官索取。
5. **配置 iSCSI 共享存储**。(5)
- 在设备md5上创建分区3,容量为40G,暂不格式化。(2)
- 共享设备md5分区3。(2)
- 只允许备份服务器(backup.linux.com)访问该设备。(1)
```bash
[root@storage ~ 11:16:55]# parted /dev/md5 mkpart data03 40G 100%
[root@storage ~ 11:19:40]# yum install -y targetd targetcli
[root@storage ~ 11:19:40]# systemctl enable target --now
[root@storage ~ 11:19:40]# targetcli /backstores/block create md5p3 /dev/md5p3
[root@storage ~ 11:22:25]# targetcli /iscsi create iqn.2026-02.com.linux.storage:md5p3
[root@storage ~ 11:24:19]# targetcli /iscsi/iqn.2026-02.com.linux.storage:md5p3/tpg1/acls create iqn.2026-02.com.linux.backup
[root@storage ~ 11:25:48]# targetcli /iscsi/iqn.2026-02.com.linux.storage:md5p3/tpg1/luns create /backstores/block/md5p3
```
### 配置-备份服务器(8)
**配置节点**:backup.linux.com。
1. 扫描并登录存储服务器通过iSCSI共享的块设备。(2)
```bash
[root@backup ~ 11:30:05]# yum install -y iscsi-initiator-utils
[root@backup ~ 11:35:40]# vim /etc/iscsi/initiatorname.iscsi
InitiatorName=iqn.2026-02.com.linux.backup
[root@backup ~ 11:38:27]# systemctl restart iscsid
[root@backup ~ 12:56:15]# iscsiadm -m discovery -t st -p 10.1.8.51
10.1.8.51:3260,1 iqn.2026-02.com.linux.storage:md5p3
[root@backup ~ 13:08:38]# iscsiadm -m node -T iqn.2026-02.com.linux.storage:md5p3 -p 10.1.8.51 --login
[root@backup ~ 13:08:48]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 100G 0 disk
├─sda1 8:1 0 1G 0 part /boot
└─sda2 8:2 0 99G 0 part
├─centos-root 253:0 0 50G 0 lvm /
├─centos-swap 253:1 0 2G 0 lvm [SWAP]
└─centos-home 253:2 0 47G 0 lvm /home
sdb 8:16 0 42.7G 0 disk
sr0 11:0 1 4.4G 0 rom
```
2. 格式化为 xfs 文件系统,持久化挂载在/webapp。(2)
```bash
[root@backup ~ 13:11:38]# mkfs.xfs /dev/sdb
meta-data=/dev/sdb isize=512 agcount=16, agsize=699264 blks
= sectsz=512 attr=2, projid32bit=1
= crc=1 finobt=0, sparse=0
data = bsize=4096 blocks=11188224, imaxpct=25
= sunit=128 swidth=512 blks
naming =version 2 bsize=4096 ascii-ci=0 ftype=1
log =internal log bsize=4096 blocks=5464, version=2
= sectsz=512 sunit=8 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0
[root@backup ~ 13:12:42]# blkid /dev/sdb
/dev/sdb: UUID="aed11d1f-0025-4f8b-9509-dfc681dd2b34" TYPE="xfs"
[root@backup ~ 13:13:35]# vim /etc/fstab
[root@backup ~ 13:14:32]# tail -n 1 /etc/fstab
UUID="aed11d1f-0025-4f8b-9509-dfc681dd2b34" /webapp xfs defaults 0 0
[root@backup ~ 13:15:46]# mkdir /webapp
[root@backup ~ 13:16:03]# mount -a
[root@backup ~ 13:16:11]# df -h /webapp
Filesystem Size Used Avail Use% Mounted on
/dev/sdb 43G 33M 43G 1% /webapp
```
3. 配置备份。(4)
- 每天 22:58 将存储服务器上的目录 /webapp中内容同步到本地 /webapp。
- 每天 23:58 将数据库服务器上的目录 /var/lib/mysql 中内容同步到本地 /webapp/mysql。
```bash
[root@backup ~ 13:19:16]# crontab -e
[root@backup ~ 13:32:24]# crontab -l
58 22 * * * rsync -avz 10.1.8.51:/webapp/ /webapp/
58 23 * * * rsync -avz 10.1.8.49:/var/lib/mysql /webapp/mysql
```
### 配置-网络服务器(14)
**配置节点**:network.linux.com。
1. **配置 DHCP 服务器。**(6)
- 网络范围:10.1.8.0/24
- 地址池:10.1.8.101-10.1.8.120
- 网关:10.1.8.4
- DNS:10.1.8.53
- 域名:linux.com
- 为客户端 client.linux.com 分配固定 IP 地址:10.1.8.54。
- 确保dhcp服务开机启动。
```bash
[root@network ~ 13:36:17]# yum install -y dhcp
[root@network ~ 13:36:17]# /bin/cp /usr/share/doc/dhcp-*/dhcpd.conf.example /etc/dhcp/dhcpd.conf
# 查看物理地址
[root@client ~ 13:49:43]# ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether 00:0c:29:39:e4:86 brd ff:ff:ff:ff:ff:ff
[root@network ~ 13:37:51]# vim /etc/dhcp/dhcpd.conf
option domain-name "linux.com";
option domain-name-servers 10.1.8.53;
default-lease-time 600;
max-lease-time 7200;
subnet 10.1.8.0 netmask 255.255.255.0 {
range 10.1.8.101 10.1.8.120;
option routers 10.1.8.4;
}
host client.linux.com {
hardware ethernet 00:0c:29:39:e4:86;
fixed-address 10.1.8.54;
}
[root@network ~ 13:53:01]# systemctl enable dhcpd --now
[root@client ~ 13:50:07]# ip -br a
lo UNKNOWN 127.0.0.1/8 ::1/128
ens33 UP 10.1.8.54/24 fe80::83c4:dfdd:88cf:4dad/64 fe80::3f4d:5330:5e72:ca3/64 fe80::6507:e347:426a:b24c/64
```
2. **配置 DNS 服务器。**(8)
- 允许所有客户端查询
- 允许递归查询
- 禁止 dnssec 校验√
- 该 zone 由服务器 dns.linux.com 负责,对应IP为10.1.8.53。
- 该 zone 提供实验环境中所有主机正向和反向解析。
- 确保named服务开机启动。
```bash
[root@network ~ 14:01:12]# yum install -y bind bind-utils
vim /etc/named.conf
options {
listen-on port 53 { 127.0.0.1;10.1.8.33; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { localhost;any; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable no;
dnssec-validation no;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.root.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "linux.com" IN {
type master;
file "linux.com.zone";
};
zone "8.10.in-addr.arpa" IN {
type master;
file "10.1.8.zone";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
cd /var/named
55 ls
56 cp named.localhost linux.com.zone
57 vim linux.com.zone
58 cat linux.com.zone
$TTL 1D
@ IN SOA dns.linux.com. admin.linux.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.linux.com.
dns A 10.1.8.53
ha1 A 10.1.8.41
ha2 A 10.1.8.42
proxy1 A 10.1.8.43
proxy2 A 10.1.8.44
company1 A 10.1.8.45
company2 A 10.1.8.46
blog1 A 10.1.8.47
blog2 A 10.1.8.48
db1 A 10.1.8.49
db2 A 10.1.8.50
storage A 10.1.8.51
backup A 10.1.8.52
network A 10.1.8.53
client A 10.1.8.54
59 vim linux.com.zone
60 cp named.localhost 10.1.8.zone
$TTL 1D
@ IN SOA dns.linux.com. admin.linux.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.linux.com.
41 PTR ha1.linux.com.
42 PTR ha2.linux.com.
43 PTR proxy1.linux.com.
44 PTR proxy2.linux.com.
45 PTR company1.linux.com.
46 PTR company2.linux.com.
47 PTR blog1.linux.com.
48 PTR blog2.linux.com.
49 PTR db1.linux.com.
50 PTR db2.linux.com.
51 PTR storage.linux.com.
52 PTR backup.linux.com.
53 PTR network.linux.com.
54 PTR client.linux.com.
65 ll linux.com.zone 10.1.8.zone
66 chgrp named linux.com.zone 10.1.8.zone
67 ll linux.com.zone 10.1.8.zone
[root@network named 14:57:41]# systemctl enable named.service
测试
[root@client ~ 15:23:29]# yum install -y bind-utils
[root@client ~ 15:23:29]# dig @10.1.8.53 storage.linux.com
```
### 配置-数据库服务器(16)
**配置节点**:db1.linux.com 和 db2.linux.com。
1. 所有数据库节点部署 Mariadb 服务。(2)
```bash
[root@db1 ~ 15:59:24]# yum install -y mariadb-server
[root@db2 ~ 15:55:02]# yum install -y mariadb-server
```
2. 所有数据库节点进行安全初始化:设置 root 密码为**Laoma@123**,禁止root用户远程登录,删除匿名用户,删除测试数据库。(4)
```bash
[root@db1 ~ 16:03:20]# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] y
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
[root@db2 ~ 16:07:25]# systemctl enable mariadb.service --now
...同上
```
3. 配置两台数据库节点为**主主**架构。(8)
所有节点开启日志。
```bash
[root@db1 ~ 16:10:58]# vim /etc/my.cnf.d/server.cnf
[mysqld]
server-id=1
log_bin=mysql-bin
relay_log=mysql-relay-bin
```
所有节点创建同步账户。
```bash
创建同步账户
[root@db1~ 10:22:09]# mysql -u root -p123
MariaDB [(none)]> grant replication slave, replication client on *.* to 'repl'@'10.1.8.49' identified by '123';
创建同步账户
[root@db2~ 10:22:09]# mysql -u root -p123
MariaDB [(none)]> grant replication slave, replication client on *.* to 'repl'@'10.1.8.22' identified by '123';
```
配置 db1.linux.com 作为 db2.linux.com 的从。
```bash
查询主库位置db2
MariaDB [(none)]> show master status\G
*************************** 1. row ***************************
File: mysql-bin.000001
Position: 487
Binlog_Do_DB:
Binlog_Ignore_DB: information_schema,performance_schema
1 row in set (0.00 sec)
# 注意参数 File: mysql-bin.000001 和 位置 Position: 487
# 配置从库连接主库
[root@db1 ~ 10:25:41]# mysql -uroot -p123
MariaDB [(none)]> change master to master_host='10.1.8.21',
master_user='repl',
master_password='123',
master_port=3306,
master_log_file='mysql-bin.000001',
master_log_pos=487;# 注意位置
Query OK, 0 rows affected (0.02 sec)
MariaDB [(none)]> start slave;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> show slave status\G
```
配置 db2.linux.com 作为 db1.linux.com 的从。
```bash
同上
```
4. 为博客站点准备数据库:(2)
- 数据库名称为 blog
- 创建账户:账户名 blog@'%',密码为**Laoma@123**
- 账户名 blog@'%' 对数据库 blog 有完全控制权限。
```bash
MariaDB [(none)]> create database blog;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> create user blog@'%' identified by 'Laoma@123'
-> ;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON blog.* TO 'blog'@'%' IDENTIFIED BY 'Laoma@123';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]>
MariaDB [(none)]> FLUSH PRIVILEGES;
```
### 配置-公司站点服务器(6)
**配置节点**:company1.linux.com 和 company2.linux.com。
1. 所有公司站点服务器持久化挂载存储服务器提供的nfs共享目录 /webapp 到本地/usr/share/nginx/html目录。(4)
```bash
[root@company1 ~ 17:09:15]# yum install -y nfs-utils nginx
[root@company2 ~ 17:20:56]# yum install -y nfs-utils nginx
[root@company2 ~ 17:21:35]# systemctl enable rpcbind --now
[root@company1 ~ 17:21:35]# systemctl enable rpcbind --now
[root@company1 ~ 17:22:11]# showmount -e storage
Export list for storage:
/webapp/blog 10.1.8.0
/webapp/company 10.1.8.0
[root@company1 ~ 18:32:30]# vim /etc/fstab
[root@company1 ~ 18:37:18]# tail -1 /etc/fstab
storage:/webapp/company /usr/share/nginx/html nfs defaults 0 0
[root@company1 ~ 18:37:26]# mount -a
# conpany2同上
[root@company2 ~ 18:44:14]# df -h /usr/share/nginx/html/
Filesystem Size Used Avail Use% Mounted on
storage:/webapp/company 19G 44M 18G 1% /usr/share/nginx/html
```
2. 所有公司节点部署 Nginx 服务器,确保客户端可以通过以下地址访问 company 站点:(2)
-
- ×××?
```bash
[root@company1 ~ 18:46:40]# systemctl enable nginx.service --now
[root@company2 ~ 18:53:17]# systemctl enable nginx.service --now
Created symlink from /etc/systemd/system/multi-user.target.wants/nginx.service to /usr/lib/systemd/system/nginx.service.
[root@company2 ~ 18:53:33]# echo Welcome to Linux Cloud Company > /usr/share/nginx/html/index.html
[root@company2 ~ 18:53:40]# curl
Welcome to Linux Cloud Company
```
### 配置-博客站点服务器(6)
**配置节点**:blog1.linux.com 和 blog2.linux.com。
1. 博客使用LNMP架构。
2. 所有博客节点持久化挂载存储服务器提供的nfs共享目录/webapp到本地/usr/share/nginx/html目录。(4)
```bash
yum install -y nfs-utils nginx
[root@blog2 ~ 19:00:26]# vim /etc/fstab
[root@blog2 ~ 19:01:15]# tail -1 /etc/fstab
storage:/webapp/blog /usr/share/nginx/html nfs defaults 0 0
[root@blog1 ~ 13:59:22]# mount -a
[root@blog1 ~ 19:04:33]# df -h /usr/share/nginx/html/
Filesystem Size Used Avail Use% Mounted on
storage:/webapp/blog 19G 65M 19G 1% /usr/share/nginx/html
```
3. 所有博客节点部署 Nginx 服务器,确保客户端可以通过以下地址访问博客站点:(2)
> php 相关软件包通过。
-
-
```bash
[root@blog2 ~ 19:05:15]# curl -o /etc/yum.repos.d/centos-7.repo
[root@blog1 ~ 19:07:03]# yum install -y php php-fpm php-gd phpcommon php-pear php-mbstring php-mcrypt php-mysqlnd
[root@blog1 ~ 19:10:49]# vim /etc/php-fpm.d/www.conf
apache改为nginx
user = nginx
group = nginx
[root@blog1 ~ 19:14:23]# vim /etc/nginx/conf.d/vhostwww.blog.com.conf
[root@blog1 ~ 19:22:26]# systemctl restart nginx
[root@blog1 ~ 19:22:31]# cat /etc/nginx/conf.d/vhostwww.blog.com.conf
server {
listen 80;
listen [::]:80;
server_name blog.linux.com;
root /usr/share/nginx/html/blog;
include /etc/nginx/default.d/*.conf;
index index.php;
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
[root@blog2 ~ 19:23:33]# chgrp nginx /var/lib/php/session/
[root@blog1 ~ 19:24:03]# systemctl enable nginx php-fpm --now
```
4. **注意:** 等高可用和负载均衡服务器配置完成后,再对博客站点进行初始化。
### 配置-反向代理(6)
**配置节点**:proxy1.linux.com 和 proxy2.linux.com。
使用 nginx 配置反向代理,每个代理节点需完成以下功能:
- 访问,代理到
- 访问 ,代理到
- 访问,代理到
```bash
[root@proxy1 ~ 19:32:42]# yum install -y nginx
[root@proxy1 ~ 19:45:58]# cat /etc/nginx/conf.d/proxy.conf
# 公司后端服务器
upstream company {
ip_hash;
server company1.linux.com:80;
server company2.linux.com:80;
}
# blog后端服务器
upstream blog {
ip_hash;
server blog1.linux.com:80;
server blog2.linux.com:80;
}
server {
listen 80;
server_name www.linux.com;
# 默认代理到blog站点
location / {
proxy_pass
proxy_set_header Host $host; # 传递客户端访问的域名
proxy_set_header X-Real-IP $remote_addr; # 传递客户端真实IP
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # 传递IP链路
proxy_set_header X-Forwarded-Proto $scheme; # 传递请求协议(http/https)
}
# 代理到公司站点
location /company {
proxy_pass
proxy_set_header Host $host; # 传递客户端访问的域名
proxy_set_header X-Real-IP $remote_addr; # 传递客户端真实IP
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # 传递IP链路
proxy_set_header X-Forwarded-Proto $scheme; # 传递请求协议
}
# 代理到仓库站点
location /dvd {
proxy_pass
proxy_set_header Host $host; # 传递客户端访问的域名
proxy_set_header X-Real-IP $remote_addr; # 传递客户端真实IP
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # 传递IP链路
proxy_set_header X-Forwarded-Proto $scheme; # 传递请求协议
}
}
[root@proxy1 ~ 19:46:00]# systemctl enable nginx.service --now
Created symlink from /etc/systemd/system/multi-user.target.wants/nginx.service to /usr/lib/systemd/system/nginx.service.
```
### 配置-keepalived 和 LVS(14)
**配置节点**:ha1.linux.com 和 ha2.linux.com。
使用 keepalived 和 LVS 配置高可用和负载均衡
1. 负载均衡策略:(2)
- LVS模式:DR
- 调度策略:轮询
- 开启会话保持:50秒
~~~bash
[root@ha1-2 ~ 10:26:18]# yum install -y keepalived ipvsadm
[root@ha1 ~ 11:46:53]# cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id ha1
}
vrrp_instance www {
state MASTER
interface eth0
virtual_router_id 51
priority 200
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.1.8.100/24
}
}
virtual_server 10.1.8.100 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 10.1.8.43 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 10.1.8.44 80 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
vrrp_instance db {
state BACKUP
interface ens33
virtual_router_id 52
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.1.8.200/24
}
}
virtual_server 10.1.8.100 3306 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 10.1.8.49 3306{
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
real_server 10.1.8.50 3306 {
weight 1
TCP_CHECK {
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
}
}
}
[root@ha1 ~ 11:59:28]# systemctl enable keepalived.service --now
~~~
2. 提供 VIP 10.1.8.100:(4)
- 主服务器为ha1,从服务器为ha2
- 后端服务器为proxy1.linux.com和proxy2.linux.com
~~~bash
~~~
3. 提供 VIP 10.1.8.200:(4)
- 主服务器为ha2,从服务器为ha1
- 后端服务器为db1.linux.com和db2.linux.com
~~~bash
~~~
4. 配置后端服务器(4)
~~~bash
[root@proxy1 ~ 12:30:22]# nmcli connection add type dummy ifname dummy con-name dummy ipv4.method manual ipv4.address 10.1.8.100/32
[root@proxy1 ~ 12:30:45]# nmcli connection up dummy
[root@proxy1 ~ 12:30:57]# cat >> /etc/sysctl.conf << EOF
> net.ipv4.conf.all.arp_ignore =1
> net.ipv4.conf.all.arp_announce = 2
> net.ipv4.conf.dummy.arp_ignore = 1
> net.ipv4.conf.dummy.arp_announce = 2
> EOF
[root@proxy1 ~ 12:35:33]# sysctl -p
[root@db1 ~ 12:37:46]# nmcli connection add type dummy ifname dummy con-name dummy ipv4.method manual ipv4.address 10.1.8.200/32
Connection 'dummy' (901287e4-cb16-487f-9645-718d513c5844) successfully added.
[root@db1 ~ 12:39:12]# nmcli connection up dummy
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/3)
[root@db1 ~ 12:39:25]# cat >> /etc/sysctl.conf << EOF
> net.ipv4.conf.all.arp_ignore = 1
> net.ipv4.conf.all.arp_announce = 2
> net.ipv4.conf.dummy.arp_ignore = 1
> net.ipv4.conf.dummy.arp_announce = 2
> EOF
~~~
### 配置-博客站点初始化(5)
初始化博客站点 。
数据库配置
- 博客链接数据 db.linux.com
- 用户名:blog,密码 :Laoma@123,数据库名:blog
站点配置
- 站点标题:Welcome To Linux Blog !
- 用户名:admin
- 密码:**Laoma@123**
- 邮箱:laoma@linux.com
最终访问站点 ,出现如下界面。
版权声明:本文标题:跨越平台限制:让Adobe Flash Player在Linux上大放异彩 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.roclinux.cn/p/1772351108a3554939.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论