目录
五.NFS存储服务器和ELK日志系统部署(在elk_nfs节点上操作)
5.安装Elasticsearch,logstash,kibana
3. 部署Tomcat环境(用于Java商城)(java8,tomcat8)
八.Redis高可用部署(在redis_01和redis_02上操作)
2. 创建数据库(在MySQL主节点上操作,比如db_01)
任务2代理层可以通过HAproxy基于ACL实现不同的域名访问到不同的应用上。
任务五部署ELK日志监控系统,收集所有服务器的日志信息。被监控端使用filebeat采集日志信息
一.项目需求
1.WEB服务器层部署nginx与php环境;tomcat环境;分别部署Discuz(基于PHP)和线上商城应用(基于java),业务应用的数据存储在nfs服务器中。
2.代理层可以通过HAproxy基于ACL实现不同的域名访问到不同的应用上。
3. Reids缓存层实现高可用。
4.MySQL数据库层实现高可用。
5.部署ELK日志监控系统,收集所有服务器的日志信息。被监控端使用filebeat采集日志信息
6.部署Zabbix监控系统,监控:系统、中间件等
7.部署Rsync备份系统,使得nfs服务的数据能够实时备份。
8.整套项目最终汇写成Ansible部署的Plavbook脚本,采用role角色方式实现自动化部署
二.主机清单与角色分配
| 主机名 | IP地址 | 角色 | 核心应用 |
|---|---|---|---|
| lb_01 | 192.168.71.111 | 主负载均衡调度器 | HAproxy + Keepalived |
| lb_02 | 192.168.71.112 | 备负载均衡调度器 | HAproxy + Keepalived |
| web_01 | 192.168.71.113 | 应用服务器1 | Nginx + PHP + Tomcat |
| web_02 | 192.168.71.114 | 应用服务器2 | Nginx + PHP + Tomcat |
| redis_01 | 192.168.71.115 | Redis主节点 | Redis-Server + Sentinel |
| redis_02 | 192.168.71.116 | Redis从节点 | Redis-Server + Sentinel |
| db_01 | 192.168.71.117 | MySQL主数据库 | MySQL-Server |
| db_02 | 192.168.71.118 | MySQL从数据库 | MySQL-Server |
| elk_nfs | 192.168.71.119 | 日志存储与共享 | NFS-Server + Elasticsearch + Logstash + Kibana |
| zab_ans | 192.168.71.120 | 监控与自动化中心 | Zabbix-Server + Ansible |
| rsy_bk | 192.168.71.121 | 备份服务器 | Rsync-Server + Inotify |
三.基础环境部署(所有节点)
系统初始化
# 设置主机名(以lb_01为例)
sudo hostnamectl set-hostname lb_01
# 配置静态IP(所有节点)
sudo tee /etc/sysconfig/network-scripts/ifcfg-ens33 <<EOF
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=eui64
NAME=ens33
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.71.111
PREFIX=24
GATEWAY=192.168.71.2
DNS1=8.8.8.8
EOF
# 全局hosts解析
sudo tee -a /etc/hosts <<EOF
192.168.71.111 lb_01
192.168.71.112 lb_02
192.168.71.113 web_01
192.168.71.114 web_02
192.168.71.115 redis_01
192.168.71.116 redis_02
192.168.71.117 db_01
192.168.71.118 db_02
192.168.71.119 elk_nfs
192.168.71.120 zab_ans
192.168.71.121 rsy_bk
EOF安全加固与工具集
# 关闭防火墙(测试环境)
sudo systemctl stop firewalld && sudo systemctl disable firewalld
# 禁用SELinux
sudo setenforce 0
sudo sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
# 安装基础工具
sudo yum install -y epel-release
sudo yum install -y vim net-tools wget curl telnet chrony sshpass
# 时间同步
sudo systemctl enable chronyd && sudo systemctl start chronyd
sudo chronyc sources内核参数优化(所有节点)
# 增加文件描述符限制
sudo tee -a /etc/security/limits.conf <<EOF
* soft nofile 65535
* hard nofile 65535
* soft nproc 65535
* hard nproc 65535
EOF
# 内核参数优化
sudo tee -a /etc/sysctl.conf <<EOF
net.core.somaxconn = 2048
net.ipv4.tcp_max_syn_backlog = 4096
vm.swappiness = 10
vm.overcommit_memory = 1
EOF
sudo sysctl -p四.各主机需要安装的应用列表
| 主机类型 | 必需安装包 |
|---|---|
| 调度器 | haproxy keepalived |
| Web节点 | nginx php-fpm php-mysqlnd tomcat8 java-8 |
| Redis节点 | redis sentinel keepalived (VIP管理) |
| DB节点 | mysql-server |
| ELK/NFS | nfs-utils elasticsearch logstash kibana filebeat |
| 监控中心 | zabbix-server-mysql zabbix-web-mysql zabbix-agent2 ansible |
| 备份节点 | rsync inotify-tools |
根据项目需求,我们为每台主机规划需要安装的软件:
调度器 (lb_01, lb_02):
- HAProxy(用于负载均衡)
- Keepalived(用于VIP高可用)
应用服务器 (web_01, web_02):
- Nginx(Web服务器)
- PHP(运行Discuz)
- Tomcat(运行Java商城应用)
- 其他依赖:PHP扩展(如php-fpm, php-mysqlnd等)、JDK
Redis服务器 (redis_01, redis_02):
- Redis(缓存服务)
- Redis Sentinel(实现高可用)
- Keepalived(用于VIP漂移,可选,但需求中要求高可用,通常使用Sentinel+VIP方式)
数据库服务器 (db_01, db_02):
- MySQL(数据库服务)
- MHA或Galera Cluster相关软件(实现高可用)
- 如果使用MHA,则需要额外的管理节点(但这里没有单独节点,可能安装在db_01或db_02上,或者利用zas_00)
ELK与NFS服务器 (elk_nfs):
- NFS服务端(共享存储)
- Elasticsearch(日志存储)
- Logstash(日志处理)
- Kibana(日志展示)
- 同时,该主机需要配置为NFS服务器
Zabbix与Ansible服务器 (zas_00):
- Zabbix Server(监控服务)
- Zabbix Agent(自身监控)
- Ansible(自动化部署)
- 可能还需要安装Zabbix Web前端(需要Web服务器和数据库,数据库可以连接db_01/db_02)
Rsync备份服务器 (rbk_00):
- Rsync(备份服务)
- 可能还需要inotify-tools(用于实时备份,但通常安装在NFS服务器上触发)
五.NFS存储服务器和ELK日志系统部署(在elk_nfs节点上操作)
1.安装NFS服务
dnf install nfs-utils -y
2. 创建共享目录
mkdir -p /data/web_apps
chmod 777 /data/web_apps # 为了方便,赋予所有用户读写权限,生产环境需根据用户权限设置3. 配置NFS共享
# 编辑/etc/exports文件
vim /etc/exports
# 添加以下内容,允许整个网段访问(根据你的网络情况,这里是192.168.71.0/24)
/data/web_apps 192.168.71.0/24(rw,sync,no_root_squash)4. 启动NFS服务
systemctl enable --now nfs-server
exportfs -r # 重新加载配置
exportfs # 查看共享的目录
5.安装Elasticsearch,logstash,kibana
6.配置elk参数
# 配置Elasticsearch
vim /etc/elasticsearch/elasticsearch.yml
修改以下参数:
network.host: 0.0.0.0
cluster.name: my-cluster
node.name: elk_nfs
# 配置Kibana
vim /etc/kibana/kibana.yml
修改以下参数:
server.host: "0.0.0.0"
elasticsearch.hosts: ["http://elk_nfs:9200"]
六.Web服务器部署(在web_01和web_02上操作)
1. 安装NFS客户端并挂载共享目录
# 安装NFS客户端工具
dnf install nfs-utils -y
# 创建本地挂载点
mkdir /mnt/web_apps
# 挂载NFS共享目录
mount -t nfs elk_nfs:/data/web_apps /mnt/web_apps
# 设置开机自动挂载
echo "elk_nfs:/data/web_apps /mnt/web_apps nfs defaults 0 0" >> /etc/fstab
# 查看挂载情况
df -h
2. 部署PHP环境(用于Discuz)
# 启用PHP模块
dnf module enable php:7.4 -y
# 安装PHP及相关扩展
dnf install php php-fpm php-mysqlnd php-gd php-mbstring -y
# 启动php-fpm服务
systemctl enable --now php-fpm
# 检查状态
systemctl status php-fpm
3. 部署Tomcat环境(用于Java商城)(java8,tomcat8)
# 安装OpenJDK和Tomcat
dnf install java tomcat -y
# 启动Tomcat服务
systemctl enable --now tomcat
# 检查状态
systemctl status tomcat
4.部署Nginx
# 安装Nginx
dnf install nginx -y
# 配置Nginx支持PHP和Tomcat
# 在/etc/nginx/conf.d/目录下创建两个配置文件:discuz.conf和shop.conf
# discuz.conf配置(用于Discuz)
cat > /etc/nginx/conf.d/discuz.conf <<EOF
server {
listen 80;
server_name discuz.example.com;
root /mnt/web_apps/discuz;
index index.php index.html;
location ~ \.php$ {
fastcgi_pass unix:/run/php-fpm/www.sock;
fastcgi_index index.php;
include fastcgi.conf;
}
}
EOF
# shop.conf配置(用于Java商城,使用反向代理到Tomcat)
cat > /etc/nginx/conf.d/shop.conf <<EOF
server {
listen 80;
server_name shop.example.com;
location / {
proxy_pass http://192.168.71.113:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
EOF
# 启动Nginx
systemctl enable --now nginx5. 部署应用(示例,实际需要下载应用代码)
在NFS共享目录上创建应用目录(在elk_nfs上操作,因为web服务器已经挂载)
# 在elk_nfs上执行
mkdir /data/web_apps/discuz
mkdir /data/web_apps/shop
下载Discuz并解压到共享目录(在任意一台机器上操作,因为共享目录已经挂载到所有web服务器)
# 在web_01或web_02上操作
cd /mnt/web_apps
wget https://download.comsenz.com/DiscuzX/3.4/Discuz_X3.4_SC_UTF8.zip
unzip Discuz_X3.4_SC_UTF8.zip -d discuz
chmod -R 777 discuz/upload # 赋予Discuz需要的权限
# 将商城应用(假设是一个war包)放到Tomcat的webapps目录(这里放在本地,因为Tomcat服务在各自机器上)
# 注意:这里因为是测试,所以直接放到本地Tomcat的webapps目录,实际生产可以将商城代码放在共享目录,然后做软链接到Tomcat的webapps目录。
# 例如,在web_01上:
wget -O /usr/share/tomcat/webapps/shop.war http://example.com/shop.war
# Tomcat会自动解压war包根据你的情况,需要将Discuz源码解压到NFS挂载目录,并确保Nginx配置正确。以下是具体步骤:
### **一、解压Discuz源码到NFS挂载目录**
```bash
# 进入root目录(假设压缩包在此)
cd ~
# 创建临时目录并解压
mkdir discuz_temp
unzip Discuz_X3.5_SC_UTF8_20250205.zip -d discuz_temp
# 复制到NFS挂载目录(确保权限正确)
cp -r discuz_temp/upload/* /var/www/discuz/ # 覆盖已有文件(如果有)
# 设置权限
chown -R nginx:nginx /var/www/discuz
chmod -R 777 /var/www/discuz/data # Discuz数据目录需要写权限
```
### **二、配置Nginx访问Discuz**
编辑Nginx配置文件:
```bash
vim /etc/nginx/conf.d/discuz.conf
```
确保配置如下:
```conf
server {
listen 80;
server_name 192.168.52.113;
root /var/www/discuz; # 指向Discuz根目录
index index.php index.html;
# PHP处理
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# 静态文件优化(可选)
location / {
try_files $uri $uri/ /index.php?$query_string;
}
}
```
### **三、重启Nginx服务**
```bash
nginx -t # 检查配置语法
systemctl restart nginx
```
### **四、访问Discuz安装向导**
1. **删除安装锁定文件**(如果存在):
```bash
rm -f /var/www/discuz/install/lock
```
2. **浏览器访问安装页面**:
```
http://192.168.52.113/install/ # 进入安装向导
```
3. **按提示完成安装**:
- 选择“全新安装”
- 填写数据库信息(使用项目中的MySQL服务器,如`db_01`)
- 设置管理员账号
- 完成安装后,删除`install`目录:
```bash
rm -rf /var/www/discuz/install
```
### **五、验证安装**
访问Discuz首页:
```
http://192.168.52.113/
```
如果看到论坛页面,说明安装成功。
### **常见问题**
1. **500 Internal Server Error**:
- 检查PHP错误日志:`tail -f /var/log/nginx/error.log`
- 确保`/var/www/discuz/data`目录可写
2. **白屏或无法加载页面**:
- 检查Nginx配置路径是否正确
- 确认PHP-FPM服务正常运行:`systemctl status php-fpm`
3. **数据库连接失败**:
- 确保MySQL服务器可访问(使用`mysql`命令测试)
- 检查Discuz安装时填写的数据库用户名、密码、主机是否正确
完成以上步骤后,Discuz将通过Nginx+PHP-FPM正常运行,且数据存储在NFS服务器中,符合项目架构设计。要在db_01主机上创建Discuz所需的数据库,并完成安装,可按以下步骤操作:
### **一、在db_01(192.168.71.117)上创建Discuz数据库**
#### 1. 登录MySQL(使用root账号)
```bash
mysql -u root -p
```
输入root密码后进入MySQL命令行。
#### 2. 创建Discuz数据库
```sql
CREATE DATABASE discuz CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
```
#### 3. 创建专用用户并授权
```sql
-- 创建用户(用户名: discuz,密码: your_password)
CREATE USER 'discuz'@'%' IDENTIFIED BY 'your_password';
-- 授权用户访问discuz数据库
GRANT ALL PRIVILEGES ON discuz.* TO 'discuz'@'%';
-- 刷新权限
FLUSH PRIVILEGES;
```
**注意**:将`your_password`替换为强密码,并记住此用户名和密码,后续安装Discuz时会用到。
### **二、在web_01(192.168.71.113)上完成Discuz安装**
#### 1. 浏览器访问安装向导
打开浏览器,访问:
```
http://192.168.71.113/install/
```
你会看到Discuz安装界面。
#### 2. 环境检测
点击“下一步”,系统会检查环境配置。确保所有项目均为“通过”,否则需调整PHP配置。
#### 3. 填写数据库信息
在“创建数据库”页面填写:
- **数据库服务器**:`192.168.52.117`(db_01的IP)
- **数据库名**:`discuz`(刚才创建的数据库)
- **数据库用户名**:`discuz`(刚才创建的用户)
- **数据库密码**:`your_password`(刚才设置的密码)
- **数据库表前缀**:`pre_`(默认即可)
#### 4. 设置管理员账号
填写论坛管理员账号信息(如用户名、密码、邮箱)。
#### 5. 执行安装
点击“执行安装”,系统会自动创建表结构并导入初始数据。
#### 6. 完成安装
安装成功后,按提示删除`install`目录:
```bash
rm -rf /var/www/discuz/install
```
### **三、验证安装**
访问Discuz首页:
```
http://192.168.52.113/
```
使用刚才设置的管理员账号登录,测试论坛功能。
### **常见问题排查**
1. **数据库连接失败**:
- 检查db_01的MySQL服务是否正常运行:`systemctl status mysqld`
- 确认防火墙是否允许web_01访问db_01的3306端口:
```bash
# 在db_01上执行
firewall-cmd --permanent --add-port=3306/tcp
firewall-cmd --reload
```
2. **权限不足**:
- 在db_01的MySQL中重新授权用户:
```sql
GRANT ALL PRIVILEGES ON discuz.* TO 'discuz'@'%';
FLUSH PRIVILEGES;
```
3. **字符集问题**:
- 确保数据库创建时使用了`utf8mb4`字符集,以支持Emoji等特殊字符。
完成以上步骤后,Discuz将成功连接到MySQL数据库,并通过NFS服务器存储上传的文件,符合项目架构设计。在192.168.71.117的mysql上再创建一个和192.168.71.114连接的用户
mysql> create user 'root'@'192.168.71.114' identified by 'Q1w2e3@123!!!!!';
Query OK, 0 rows affected (0.02 sec)
mysql> grant all privileges on biyesheji.* to 'root'@'192.168.71.114';
Query OK, 0 rows affected (0.00 sec)
mysql> flush privileges
-> ;
Query OK, 0 rows affected (0.01 sec)
mysql> select host, user from mysql.user where user='root';
+----------------+------+
| host | user |
+----------------+------+
| 192.168.71.114 | root |
| localhost | root |
+----------------+------+
2 rows in set (0.00 sec)
将war包放入tomcat的解压文件目录webapps中,将原有ROOT文件夹删除,重命名为ROOT.war,启动tomcat后会自动解压
再进入WEB-INF中的classes,修改jdbc.properties文件,将里面的ip指向117的数据库
重启tomcat,登录8080端口(因为命名为ROOT所以用加文件地址)
七.负载均衡器部署(在lb_01和lb_02上操作)
1. 安装HAProxy和Keepalived
dnf install haproxy keepalived -y2. 配置HAProxy(两台负载均衡器配置相同)
# 备份原配置文件
cp /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.bak
# 编辑配置文件
vim /etc/haproxy/haproxy.cfg
# 替换为以下内容
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
stats timeout 30s
user haproxy
group haproxy
daemon
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
frontend http-in
bind *:80
acl host_discuz hdr(host) -i discuz.example.com
acl host_shop hdr(host) -i shop.example.com
use_backend discuz_cluster if host_discuz
use_backend shop_cluster if host_shop
backend discuz_cluster
balance roundrobin
server web01 192.168.71.113:80 check
backend shop_cluster
balance roundrobin
server web02 192.168.71.114:8080 check
# 启动HAProxy
systemctl enable --now haproxy若启动未成功查看是否有haproxy用户和组,还有/run/haproxy是否存在(以下是终极解决措施)
清除占用资源
# 停止服务并清除残留
sudo systemctl stop haproxy
sudo rm -f /run/haproxy/* # 清除所有套接字文件
sudo rm -f /var/run/haproxy.pid # 清除PID文件
强制释放占用端口
# 查找占用 /run/haproxy 的进程
sudo lsof /run/haproxy
# 如果发现有残留进程(通常是旧haproxy),立即终止:
sudo kill -9 $(sudo lsof -t /run/haproxy)
修复目录权限(关键步骤)
# 重建运行时目录
sudo rm -rf /run/haproxy
sudo mkdir /run/haproxy
sudo chown haproxy:haproxy /run/haproxy
sudo chmod 755 /run/haproxy
# 重新启动服务
sudo systemctl daemon-reload
sudo systemctl start haproxy3. 配置Keepalived(实现高可用)
lb_01(主)的配置:
vim /etc/keepalived/keepalived.conf
vrrp_script chk_haproxy {
script "killall -0 haproxy" # 检查haproxy进程是否存在
interval 2 # 每2秒检查一次
weight 2 # 如果检查成功,优先级+2
}
vrrp_instance VI_1 {
state MASTER
interface ens33 # 网卡名称,根据实际情况修改
virtual_router_id 51
priority 100 # 主节点优先级高
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.71.254/24 # VIP
}
track_script {
chk_haproxy
}
}
lb_02(备)的配置:
vim /etc/keepalived/keepalived.conf
vrrp_script chk_haproxy {
script "killall -0 haproxy"
interval 2
weight 2
}
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 51
priority 99 # 备节点优先级低
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.115.254/24
}
track_script {
chk_haproxy
}
}
启动Keepalived
systemctl enable --now keepalived八.Redis高可用部署(在redis_01和redis_02上操作)
1. 安装Redis
dnf install redis -y2. 配置主从复制
在redis_01(主)上配置:
vim /etc/redis.conf
修改以下参数:
bind 0.0.0.0
requirepass yourpassword # 设置密码
masterauth yourpassword # 主节点也需要设置masterauth,因为可能发生主从切换
在redis_02(从)上配置:
vim /etc/redis.conf
bind 0.0.0.0
requirepass yourpassword
masterauth yourpassword
replicaof redis_01 6379 # 指定主节点
3. 启动Redis
systemctl enable --now redis4. 验证主从
# 在主节点上
redis-cli -a yourpassword
> info replication
# 在从节点上同样执行,查看角色九.MySQL高可用部署(在db_01和db_02上操作)
6.1 安装MySQL
dnf install mysql-server -y6.2 初始化MySQL
mysql_secure_installation
# 根据提示设置root密码,并完成初始化
# 启用MySQL服务
systemctl enable --now mysqld6.3 配置主主复制
在db_01上:
# 登录MySQL
mysql -u root -p
# 创建复制账号
CREATE USER 'repl'@'%' IDENTIFIED BY 'replicationpassword';
GRANT REPLICATION SLAVE ON *.* TO 'repl'@'%';
# 修改配置文件
vim /etc/my.cnf.d/mysql-server.cnf
添加以下内容:
[mysqld]
server-id=1
log-bin=mysql-bin
binlog_format=ROW
gtid_mode=ON
enforce_gtid_consistency=ON
在db_02上:
# 同样登录MySQL创建复制账号(同上)
# 修改配置文件
vim /etc/my.cnf.d/mysql-server.cnf
[mysqld]
server-id=2
log-bin=mysql-bin
binlog_format=ROW
gtid_mode=ON
enforce_gtid_consistency=ON6.4 配置主主复制
在db_01上执行:
CHANGE MASTER TO
MASTER_HOST='db_02',
MASTER_USER='repl',
MASTER_PASSWORD='replicationpassword',
MASTER_AUTO_POSITION=1;
START SLAVE;
在db_02上执行:
CHANGE MASTER TO
MASTER_HOST='db_01',
MASTER_USER='repl',
MASTER_PASSWORD='replicationpassword',
MASTER_AUTO_POSITION=1;
START SLAVE;6.5 检查复制状态
SHOW SLAVE STATUS\G;
# 确保Slave_IO_Running和Slave_SQL_Running都是Yes
十.Zabbix监控部署(在zas_00节点上操作)
1. 安装Zabbix Server
R9
rpm -Uvh https://repo.zabbix.com/zabbix/7.0/rocky/9/x86_64/zabbix-release-7.0-5.el9.noarch.rpm
R8
rpm -Uvh https://repo.zabbix.com/zabbix/7.0/rocky/8/x86_64/zabbix-release-7.0-5.el8.noarch.rpm
下载
yum install zabbix-server-mysql zabbix-web-mysql zabbix-nginx-conf zabbix-sql-scripts zabbix-selinux-policy zabbix-agent 2. 创建数据库(在MySQL主节点上操作,比如db_01)
CREATE DATABASE zabbix CHARACTER SET utf8 COLLATE utf8_bin;
CREATE USER 'zabbix'@'%' IDENTIFIED BY 'Q1w2e3@123!!!!!';
GRANT ALL PRIVILEGES ON zabbix.* TO 'zabbix'@'%';
FLUSH PRIVILEGES;3. 导入初始数据(在zas_00上操作)
R9
# 将数据导入到远程数据库
zcat /usr/share/doc/zabbix-sql-scripts/mysql/server.sql.gz | mysql -h db_01 -u zabbix -p zabbix --password=Q1w2e3@123!!!!!
R8
# 将数据导入到远程数据库
zcat /usr/share/zabbix-sql-scripts/mysql/server.sql.gz | mysql -h db_01 -u zabbix -p zabbix --password=Q1w2e3@123!!!!!
验证导入结果
4. 配置Zabbix Server连接数据库
vim /etc/zabbix/zabbix_server.conf
修改以下参数:
DBHost=db_01
DBName=zabbix
DBUser=zabbix
DBPassword=Q1w2e3@123!!!!!5. 启动Zabbix Server
systemctl enable --now zabbix-server6. 配置PHP时区(Zabbix前端)
vim /etc/php-fpm.d/zabbix.conf
修改:
php_value[date.timezone] = Asia/Shanghai按照向导完成安装(数据库配置填写db_01的信息)。
监控全部服务器
十一.Rsync备份服务器(在rbk_00节点上操作)
1. 安装Rsync
dnf install rsync -y2. 配置Rsync服务端
vim /etc/rsyncd.conf
添加以下内容:
uid = root
gid = root
use chroot = yes
max connections = 4
pid file = /var/run/rsyncd.pid
log file = /var/log/rsyncd.log
[web_backup]
path = /backup
comment = Backup Directory
read only = no
创建rsync.service文件:
cat > /etc/systemd/system/rsync.service <<EOF
[Unit]
Description=Fast remote file copy program daemon
After=network.target
[Service]
Type=forking
ExecStart=/usr/bin/rsync --daemon
Restart=on-failure
[Install]
WantedBy=multi-user.target
EOF
重新加载systemd配置:
systemctl daemon-reload
启动rsync服务:
systemctl start rsync
验证服务状态:
systemctl status rsync3. 创建备份目录
mkdir /backup
chmod 777 /backup4. 启动Rsync服务
systemctl enable --now rsyncd
5.在NFS服务器(elk_nfs)上设置实时同步
# 安装inotify-tools
dnf install inotify-tools -y
# 创建实时同步脚本
cat > /usr/local/bin/rsync_backup.sh <<EOF
#!/bin/bash
SRC_DIR="/data/web_apps/"
DST_DIR="web_backup"
SERVER="rbk_00"
inotifywait -mrq -e modify,create,delete,move,attrib \$SRC_DIR | while read events
do
rsync -avz --delete \$SRC_DIR \$SERVER::\$DST_DIR
done
EOF
# 添加执行权限
chmod +x /usr/local/bin/rsync_backup.sh
# 启动脚本(可以放入后台)
nohup /usr/local/bin/rsync_backup.sh > /var/log/rsync_backup.log 2>&1 &任务2代理层可以通过HAproxy基于ACL实现不同的域名访问到不同的应用上。
配置nginx.conf文件(自己为例)
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server {
listen 80;
server_name discuz.example.com;
root /var/www/discuz;
index index.php index.html index.htm;
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location / {
try_files $uri $uri/ /index.php?$args;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
# 配置IP访问:重定向到域名
server {
listen 80;
server_name 192.168.71.113; # 服务器IP
return 301 http://discuz.example.com$request_uri;
}
}
# 备份原配置
sudo cp /etc/php-fpm.d/www.conf /etc/php-fpm.d/www.conf.bak
# 创建安全配置
sudo tee /etc/php-fpm.d/www.conf > /dev/null <<'EOF'
[www]
user = nginx
group = nginx
listen = 127.0.0.1:9000
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
EOF
在本机hosts上增加域名文件
用管理员身份编辑 hosts 文件:
关闭所有文本编辑器
右键点击 记事本 → 以管理员身份运行
点击 文件 → 打开 → 找到 C:\Windows\System32\drivers\etc\hosts
加入内容
192.168.71.100 discuz.example.com
192.168.71.100 shop.example.com
确认并保存:
确保内容不变(如您图5所示)
按 Ctrl+S 保存
看到 "是否要以管理员权限覆盖" 提示 → 点 是
强制刷新DNS缓存:(管理员身份打开cmd)
ipconfig /flushdns
ping discuz.example.com
现在应该看到:
正在 Ping discuz.example.com [192.168.71.100] 具有 32 字节的数据:
来自 192.168.71.100 的回复...此时登录对应域名即可访问界面
任务五部署ELK日志监控系统,收集所有服务器的日志信息。被监控端使用filebeat采集日志信息
任务八采用role角色方式实现自动化部署
创建主机清单
[load_balancer]
lb_01 ansible_host=192.168.71.111
lb_02 ansible_host=192.168.71.112
[web]
web_01 ansible_host=192.168.71.113
web_02 ansible_host=192.168.71.114
[redis]
redis_01 ansible_host=192.168.71.115
redis_02 ansible_host=192.168.71.116
[database]
db_01 ansible_host=192.168.71.117
db_02 ansible_host=192.168.71.118
[elk_nfs]
elk_nfs ansible_host=192.168.71.119
[backup]
rsy_bk ansible_host=192.168.71.121
# 特殊组(控制机自己)
[zabbix]
zab_ans ansible_host=192.168.71.120设置全局变量(group_vars/all.yml)
# 所有机器通用配置
ntp_server: time.google.com
domain_name: ourcluster.local
# VIP地址
haproxy_vip: 192.168.71.254
redis_vip: 192.168.71.251
mysql_vip: 192.168.71.252
# NFS配置
nfs_server_ip: 192.168.71.119
nfs_share_path: /data/apps创建角色(Roles)
ansible-galaxy init roles/common
roles/common/tasks/main.yml
- name: 安装基础工具
apt:
name: ['vim', 'curl', 'htop', 'net-tools']
state: present
- name: 设置时区
timezone:
name: Asia/Shanghai
- name: 配置主机名
hostname:
name: "{{ inventory_hostname }}"
- name: 添加域名解析
lineinfile:
path: /etc/hosts
line: "{{ hostvars[item].ansible_host }} {{ item }}"
loop: "{{ groups.all }}"
roles/haproxy/tasks/main.yml
- name: 安装HAProxy和Keepalived
apt:
name: ['haproxy', 'keepalived']
state: present
- name: 配置HAProxy
template:
src: haproxy.cfg.j2
dest: /etc/haproxy/haproxy.cfg
- name: 配置Keepalived(主)
template:
src: keepalived_master.conf.j2
dest: /etc/keepalived/keepalived.conf
when: inventory_hostname == "lb_01"
- name: 配置Keepalived(备)
template:
src: keepalived_backup.conf.j2
dest: /etc/keepalived/keepalived.conf
when: inventory_hostname == "lb_02"
- name: 启动服务
service:
name: "{{ item }}"
state: restarted
enabled: yes
loop: [haproxy, keepalived]
Web服务器角色(web_server):web_01和web_02
# 安装Nginx+PHP
- name: 安装Nginx和PHP
apt:
name: ['nginx', 'php-fpm', 'php-mysql']
state: present
# 安装Tomcat
- name: 安装Java环境
apt:
name: java-1.8.0-openjdk-devel
state: present
# roles/tomcat/tasks/main.yml
---
- name: 创建安装目录
file:
path: /usr/local
state: directory
- name: 复制Tomcat安装包
copy:
src: "{{ tomcat_package_path }}"
dest: /tmp/apache-tomcat-8.5.40.tar.gz
- name: 解压Tomcat
unarchive:
src: /tmp/apache-tomcat-8.5.40.tar.gz
dest: /usr/local
remote_src: yes
- name: 创建符号链接
file:
src: /usr/local/apache-tomcat-8.5.40
dest: /usr/local/tomcat
state: link
- name: 配置环境变量
lineinfile:
path: /etc/profile
line: "export CATALINA_HOME=/usr/local/tomcat"
- name: 创建Tomcat服务用户
user:
name: tomcat
system: yes
shell: /sbin/nologin
- name: 设置目录权限
file:
path: /usr/local/tomcat
owner: tomcat
group: tomcat
recurse: yes
- name: 配置systemd服务
template:
src: tomcat.service.j2
dest: /etc/systemd/system/tomcat.service
- name: 重载systemd
systemd:
daemon_reload: yes
- name: 启动Tomcat服务
systemd:
name: tomcat
state: started
enabled: yes
# roles/tomcat/templates/tomcat.service.j2
[Unit]
Description=Apache Tomcat 8.5
After=network.target
[Service]
Type=forking
User=tomcat
Group=tomcat
Environment=CATALINA_PID=/usr/local/tomcat/temp/tomcat.pid
Environment=CATALINA_HOME=/usr/local/tomcat
Environment=CATALINA_BASE=/usr/local/tomcat
ExecStart=/usr/local/tomcat/bin/startup.sh
ExecStop=/usr/local/tomcat/bin/shutdown.sh
RestartSec=10
Restart=always
[Install]
WantedBy=multi-user.target
# roles/tomcat/defaults/main.yml
tomcat_package_path: "/path/to/apache-tomcat-8.5.40.tar.gz"
# 挂载NFS(应用数据)
- name: 创建挂载点
file:
path: /mnt/appdata
state: directory
- name: 挂载NFS
mount:
path: /mnt/appdata
src: "{{ nfs_server_ip }}:{{ nfs_share_path }}"
fstype: nfs
state: mounted
Redis角色(redis):redis_01和redis_02
- name: 安装Redis
apt:
name: redis-server
state: present
- name: 配置Redis主从
template:
src: redis.conf.j2
dest: /etc/redis/redis.conf
notify: restart redis
# Redis Sentinel配置
- name: 配置Sentinel
template:
src: sentinel.conf.j2
dest: /etc/redis/sentinel.conf
数据库角色(mysql):db_01和db_02
- name: 安装MySQL
apt:
name: mysql-server
state: present
- name: 配置主从复制
template:
src: master.cnf.j2 # 或slave.cnf.j2
dest: /etc/mysql/mysql.conf.d/replication.cnf
- name: 创建复制用户
mysql_user:
name: replicator
password: securepass
host: '%'
priv: '*.*:REPLICATION SLAVE'
state: present
ELK+NFS角色(elk_nfs):elk_nfs
# NFS部分
- name: 安装NFS服务
apt:
name: nfs-kernel-server
state: present
- name: 创建共享目录
file:
path: "{{ nfs_share_path }}"
state: directory
mode: 0777
# ELK部分
# roles/elk_stack/tasks/main.yml
---
- name: 创建安装目录
file:
path: /opt/elk
state: directory
# Elasticsearch安装
- name: 复制Elasticsearch
copy:
src: "{{ es_package_path }}"
dest: /tmp/elasticsearch-7.1.1-x86_64.rpm
- name: 安装Elasticsearch
yum:
name: /tmp/elasticsearch-7.1.1-x86_64.rpm
state: present
- name: 配置Elasticsearch
template:
src: elasticsearch.yml.j2
dest: /etc/elasticsearch/elasticsearch.yml
- name: 启动Elasticsearch
systemd:
name: elasticsearch
state: started
enabled: yes
# Logstash安装
- name: 复制Logstash
copy:
src: "{{ logstash_package_path }}"
dest: /tmp/logstash-7.1.1.rpm
- name: 安装Logstash
yum:
name: /tmp/logstash-7.1.1.rpm
state: present
- name: 配置Logstash
template:
src: logstash.conf.j2
dest: /etc/logstash/conf.d/main.conf
- name: 启动Logstash
systemd:
name: logstash
state: started
enabled: yes
# Kibana安装
- name: 复制Kibana
copy:
src: "{{ kibana_package_path }}"
dest: /tmp/kibana-7.1.1-x86_64.rpm
- name: 安装Kibana
yum:
name: /tmp/kibana-7.1.1-x86_64.rpm
state: present
- name: 配置Kibana
template:
src: kibana.yml.j2
dest: /etc/kibana/kibana.yml
- name: 启动Kibana
systemd:
name: kibana
state: started
enabled: yes
# roles/elk_stack/templates/elasticsearch.yml.j2
cluster.name: elk-cluster
node.name: "{{ ansible_hostname }}"
network.host: 0.0.0.0
http.port: 9200
discovery.seed_hosts: ["elk_nfs"]
cluster.initial_master_nodes: ["elk_nfs"]
# roles/elk_stack/defaults/main.yml
es_package_path: "/path/to/elasticsearch-7.1.1-x86_64.rpm"
logstash_package_path: "/path/to/logstash-7.1.1.rpm"
kibana_package_path: "/path/to/kibana-7.1.1-x86_64.rpm"
备份角色(backup):rsy_bk
- name: 安装Rsync
apt:
name: rsync
state: present
- name: 创建备份目录
file:
path: /backup
state: directory
- name: 配置Rsync服务
template:
src: rsyncd.conf.j2
dest: /etc/rsyncd.conf
监控角色(zabbix):zab_ans
- name: 安装Zabbix
apt_repository:
repo: "deb https://repo.zabbix.com/zabbix/6.0/ubuntu/ focal main"
state: present
- name: 安装Zabbix组件
apt:
name: ['zabbix-server-mysql', 'zabbix-frontend-php', 'zabbix-apache-conf']
state: present
编写主剧本(site.yml)
---
- name: 基础配置
hosts: all
roles:
- common
- name: 负载均衡器配置
hosts: load_balancer
roles:
- haproxy
- name: 应用服务器配置
hosts: web
roles:
- web_server
- name: Redis集群配置
hosts: redis
roles:
- redis
- name: 数据库配置
hosts: database
roles:
- mysql
- name: ELK和NFS配置
hosts: elk_nfs
roles:
- elk_nfs
- name: 备份系统配置
hosts: backup
roles:
- backup
- name: 监控系统配置
hosts: zabbix
roles:
- zabbix执行部署
# 测试连接
ansible all -m ping
# 运行整个剧本
ansible-playbook -i inventories/production site.yml
# 单独运行某个部分(例如只更新Web服务器)
ansible-playbook -i inventories/production site.yml --tags web