内容简介:本文风哥教程参考Linux官方文档、Red Hat Enterprise Linux官方文档、Ansible Automation Platform官方文档、Docker官方文档、Kubernetes官方文档和Podman官方文档等内容,详细介绍了相关技术的配置和使用方法。
本文档通
风哥提示:
过综合实战案例展示企业服务的集成配置方法。
Part01-企业服务架构
1.1 架构设计
┌─────────────────────────────────────────────────────────────┐
│ 负载均衡层 │
│ ┌──────────────┐ ┌──────────────┐ │
│ │ Nginx LB │ │ Nginx LB │ │
│ │ 192.168.1.10│ │ 192.168.1.11│ │
│ └──────────────┘ └──────────────┘ │
└─────────────────────────────────────────────────────────────┘
│
┌───────────────────┼───────────────────┐
│ │ │
┌───────▼───────┐ ┌───────▼───────┐ ┌───────▼───────┐
│ Web服务器1 │ │ Web服务器2 │ │ Web服务器3 │
│ Apache/Nginx │ │ Apache/Nginx │ │ Apache/Nginx │
│ 192.168.1.20 │ │ 192.168.1.21 │ │ 192.168.1.22 │
└───────┬───────┘ └───────┬───────┘ └───────┬───────┘
│ │ │
└───────────────────┼───────────────────┘
│
┌───────────────────┼───────────────────┐
│ │ │
┌───────▼───────┐ ┌───────▼───────┐ ┌───────▼───────┐
│ 数据库主 │ │ 数据库从 │ │ 数据库从 │
│ MySQL Master │ │ MySQL Slave │ │ MySQL Slave │
│ 192.168.1.30 │ │ 192.168.1.31 │ │ 192.168.1.32 │
└───────────────┘ └───────────────┘ └───────────────┘
# 基础服务
┌─────────────────────────────────────────────────────────────┐
│ DNS服务器 │ DHCP服务器 │ NTP服务器 │ 日志服务器 │
│ 192.168.1.100 │ 192.168.1.100 │ 192.168.1.100 │ 192.168.1.100│
└─────────────────────────────────────────────────────────────┘
# 监控服务
┌─────────────────────────────────────────────────────────────┐
│ Prometheus │ Grafana │ Alertmanager │ │
│ 192.168.1.200 │ 192.168.1.200 │ 192.168.1.200 │ │
└─────────────────────────────────────────────────────────────┘
Part02-Web服务集群
2.1 Nginx负载均衡配置
$ sudo tee /etc/nginx/nginx.学习交流加群风哥QQ113257174conf << EOF user nginx; worker_processes auto; error_log /var/log/nginx/error.log; pid /run/nginx.pid; events { worker_connections 1024; } http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; include /etc/nginx/mime.types; default_type application/octet-stream; # 负载均衡配置 upstream webcluster { ip_hash; server 192.168.1.20:80 weight=3; server 192.168.1.21:80 weight=2; server 192.168.1.22:80 weight=1; keepalive 32; } server { listen 80; server_name www.fgedu.net.cn; location / { proxy_pass http://webcluster; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_connect_timeout 60s; proxy_send_timeout 60s; proxy_read_timeout 60s; } error_page 404 /404.html; location = /40x.html { } error_page 500 502 503 504 /50x.html; location = /50x.html { } } } EOF # 重启Nginx $ sudo systemctl restart nginx # 测试负载均衡 $ for i in {1..10}; do curl -更多学习教程公众号风哥教程itpux_coms http://192.168.1.10 | grep "Server"; done Server: web1 Server: web1 Server: web1 Server: web2 Server: web2 Server: web1 Server: web1 Server: web1 Server: web2 Server: web3
Part03-数据库主从复制
3.1 MySQL主从配置
$ sudo tee /etc/my.cnf << EOF [mysqld] server-id=1 log-bin=mysql-bin binlog-format=ROW binlog-do-db=mydb binlog-ignore-db=mysql binlog-ignore-db=information_schema binlog-ignore-db=performance_schema # GTID配置 gtid_mode=ON enforce_gtid_consistency=ON # 半同步复制 plugin-load=rpl_semi_sync_master=semisync_master.so rpl_semi_sync_master_enabled=1 rpl_semi_sync_master_timeout=1000 EOF # 创建复制用户 $ mysql -u root -p << EOF CREATE USER 'repl'@'%' IDENTIFIED BY 'ReplPassword123!'; GRANT REPLICATION SLAVE ON *.* TO 'repl'@'%'; FLUSH PRIVILEGES; EOF # 从服务器配置 $ sudo tee /etc/my.cnf << EOF [mysqld] server-id=2 relay-log=relay-bin relay-log-index=relay-bin.index # GTID配置 gtid_mode=ON enforce_gtid_consistency=ON # 半同步复制 plugin-load=rpl_semi_sync_slave=semisync_slave.so rpl_semi_sync_slave_enabled=1 EOF # 配置从服务器连接主服务器 $ mysql -u root -p << EOF CHANGE MASTER TO MASTER_HOST='192.168.1.30', MASTER_USER='repl', MASTER_PASSWORD='ReplPassword123!', MASTER_AUTO_POSITION=1; START SLAVE; EOF # 查看从服务器状态 $ mysql -u root -p -e "SHOW SLAVE STATUS\G" *************************** 1. row *************************** Slave_IO_State: Waiting for master to send event Master_Host: 192.168.1.30 Master_User: repl Master_Port: 3306 Connect_Retry: 60 Master_Log_File: mysql-bin.学习交流加群风哥微信: itpux-com000001 Read_Master_Log_Pos: 12345 Relay_Log_File: relay-bin.000002 Relay_Log_Pos: 12456 Relay_Master_Log_File: mysql-bin.000001 Slave_IO_Running: Yes Slave_SQL_Running: Yes Replicate_Do_DB: Replicate_Ignore_DB: Replicate_Do_Table: Replicate_Ignore_Table: Replicate_Wild_Do_Table: Replicate_Wild_Ignore_Table: Last_Errno: 0 Last_Error: Skip_Counter: 0 Exec_Master_Log_Pos: 12345 Relay_Log_Space: 12567 Until_Condition: None Until_Log_File: Until_Log_Pos: 0 Master_SSL_Allowed: No Seconds_Behind_Master: 0 Master_SSL_Verify_Server_Cert: No Last_IO_Errno: 0 Last_IO_Error: Last_SQL_Errno: 0 Last_SQL_Error: Replicate_Ignore_Server_Ids: Master_Server_Id: 1 Master_UUID: 12345678-1234-1234-1234-123456789012 Master_Info_File: /var/lib/mysql/master.info SQL_Delay: 0 SQL_Remaining_Delay: NULL Slave_SQL_Running_State: Slave has read all relay log; waiting for more updates Master_Retry_Count: 86400 Master_Bind: Last_IO_Error_Timestamp: Last_SQL_Error_Timestamp: Master_SSL_Crl: Master_SSL_Crlpath: Retrieved_Gtid_Set: Executed_Gtid_Set: Auto_Position: 1 Replicate_Rewrite_DB: Channel_Name: Master_TLS_Version:
Part04-监控系统集成
4.1 Prometheus监控配置
$ sudo tee /usr/local/prometheus/prometheus.yml << EOF global: scrape_interval: 15s evaluation_interval: 15s alerting: alertmanagers: - static_configs: - targets: - localhost:9093 rule_files: - "/usr/local/prometheus/rules/*.yml" scrape_configs: - job_name: "prometheus" static_configs: - targets: ["localhost:9090"] - job_name: "node_exporter" static_configs: - targets: - "192.168.1.10:9100" - "192.168.1.11:9100" - "192.168.1.20:9100" - "192.168.更多视频教程www.fgedu.net.cn1.21:9100" - "192.168.1.22:9100" - "192.168.1.30:9100" - "192.168.1.31:9100" - "192.168.1.32:9100" - job_name: "mysql_exporter" static_configs: - targets: - "192.168.1.30:9104" - "192.168.1.31:9104" - "192.168.1.32:9104" - job_name: "nginx_exporter" static_configs: - targets: - "192.168.1.10:9113" - "192.168.1.11:9113" - "192.168.1.20:9113" - "192.168.1.21:9113" - "192.168.1.22:9113" - job_name: "blackbox_exporter" metrics_path: /probe params: module: [http_2xx] static_configs: - targets: - http://www.fgedu.net.cn relabel_configs: - source_labels: [__address__] target_label: __param_target - source_labels: [__param_target] target_label: instance - target_label: __address__ replacement: 192.168.1.200:9115 EOF # 告警规则 $ sudo tee /usr/local/prometheus/rules/alert.yml << EOF groups: - name: web_alerts rules: - alert: WebServiceDown expr: up{job="nginx_exporter"} == 0 for: 1m labels: severity: critical annotations: summary: "Web service is down on {{ $labels.instance }}" description: "Web service has been down for more than 1 minute." - alert: HighRequestLatency expr: histogram_quantile(0.99, rate(http_request_duration_seconds_bucket[5m])) > 1
for: 5m
labels:
severity: warning
annotations:
summary: “High request latency on {{ $labels.instance }}”
description: “99th percentile request latency is above 1s (current value: {{ $value }}s)”
– name: mysql_alerts
rules:
– alert: MySQLDown
expr: mysql_up == 0
for: 1m
labels:
severity: critical
annotations:
summary: “MySQL is down on {{ $labels.instance }}”
description: “MySQL has been down for more than 1 minute.”
– alert: MySQLReplicationLag
expr: mysql_slave_status_seconds_behind_master > 30
for: 5m
labels:
severity: warning
annotations:
summary: “MySQL replication lag on {{ $labels.instance }}”
description: “MySQL replication lag is above 30s (current value: {{ $value }}s)”
– alert: MySQLReplicationStopped
expr: mysql_slave_status_slave_io_running == 0 or mysql_slave_status_slave_sql_running == 0
for: 1m
labels:
severity: critical
annotations:
summary: “MySQL replication stopped on {{ $labels.instance }}”
description: “MySQL replication IO or SQL thread is not running.”
EOF
# 重启Prometheus
$ sudo systemctl restart prometheus
Part05-日志集中管理
5.1 Rsyslog集中日志配置
$ sudo tee /etc/rsyslog.conf << EOF module(load="imuxsock") module(load="imjournal") module(load="imudp") module(load="imtcp") input(type="imudp" port="514") input(type="imtcp" port="514") global(workDirectory="/var/lib/rsyslog") $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat $FileOwner root $FileGroup root $FileCreateMode 0640 $DirCreateMode 0755 $Umask 0022 # 按主机和程序分类存储 $template RemoteLogs,"/var/log/remote/%HOSTNAME%/%PROGRAMNAME%.log" *.* ?RemoteLogs & ~ # 本地日志 auth,authpriv.* /var/log/auth.log *.info;mail.none;authpriv.none;cron.none /var/log/messages mail.* -/var/log/maillog cron.* /var/log/cron *.emerg :omusrmsg:* $IncludeConfig /etc/rsyslog.d/*.conf EOF # 客户端配置 $ sudo tee /etc/rsyslog.conf << EOF module(load="imuxsock") module(load="imjournal") global(workDirectory="/var/lib/rsyslog") $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat $FileOwner root $FileGroup root $FileCreateMode 0640 $DirCreateMode 0755 $Umask 0022 auth,authpriv.* /var/log/auth.log *.info;mail.none;authpriv.none;cron.none /var/log/messages mail.* -/var/log/maillog cron.* /var/log/cron *.emerg :omusrmsg:* # 发送到远程日志服务器 *.* @@192.168.1.100:514 $IncludeConfig /etc/rsyslog.d/*.conf EOF # 日志轮转配置 $ sudo tee /etc/logrotate.d/rsyslog << EOF /var/log/remote/*/*.log { daily rotate 30 compress delaycompress missingok notifempty create 0640 root root sharedscripts postrotate /usr/bin/systemctl reload rsyslog.service > /dev/null 2>&1 || true
endscript
}
EOF
Part06-自动化部署
6.1 Ansible自动化配置
$ sudo dnf install -y ansible
# 创建主机清单
$ cat > /etc/ansible/hosts << EOF
[loadbalancers]
lb1 ansible_host=192.168.1.10
lb2 ansible_host=192.168.1.11
[webservers]
web1 ansible_host=192.168.1.20
web2 ansible_host=192.168.1.21
web3 ansible_host=192.168.1.22
[dbservers]
db1 ansible_host=192.168.1.30
db2 ansible_host=192.168.1.31
db3 ansible_host=192.168.1.32
[services:children]
loadbalancers
webservers
dbservers
EOF
# 创建Playbook
$ cat > /etc/ansible/playbooks/deploy_web.yml << EOF
---
- name: Deploy Web Servers
hosts: webservers
become: yes
tasks:
- name: Install Nginx
dnf:
name: nginx
state: latest
- name: Start Nginx
systemd:
name: nginx
state: started
enabled: yes
- name: Configure Nginx
template:
src: templates/nginx.conf.j2
dest: /etc/nginx/nginx.conf
notify: Restart Nginx
- name: Open firewall
firewalld:
service: http
permanent: yes
state: enabled
notify: Reload firewalld
handlers:
- name: Restart Nginx
systemd:
name: nginx
state: restarted
- name: Reload firewalld
systemd:
name: firewalld
state: reloaded
EOF
# 执行Playbook
$ ansible-playbook /etc/ansible/playbooks/deploy_web.yml
PLAY [Deploy Web Servers] ********************************************************
TASK [Gathering Facts] **********************************************************
ok: [web1]
ok: [web2]
ok: [web3]
TASK [Install Nginx] ************************************************************
changed: [web1]
changed: [web2]
changed: [web3]
TASK [Start Nginx] **************************************************************
changed: [web1]
changed: [web2]
changed: [web3]
TASK [Configure Nginx] **********************************************************
changed: [web1]
changed: [web2]
changed: [web3]
TASK [Open firewall] ************************************************************
changed: [web1]
changed: [web2]
changed: [web3]
RUNNING HANDLER [Restart Nginx] *************************************************
changed: [web1]
changed: [web2]
changed: [web3]
RUNNING HANDLER [Reload firewalld] **********************************************
changed: [web1]
changed: [web2]
changed: [web3]
PLAY RECAP **********************************************************************
web1 : ok=7 changed=6 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
web2 : ok=7 changed=6 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
web3 : ok=7 changed=6 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
1. 规划合理的服务架构
2. 配置服务冗余和高可用
3. 实施集中监控和日志
4. 使用自动化工具部署
5. 定期测试故障恢复
本文由风哥教程整理发布,仅用于学习测试使用,转载注明出处:http://www.fgedu.net.cn/10327.html
