The first 1 Chapter Small and medium-sized website structure composition
Introduction to structural terms
1. What is a project , It's like a cell phone app, every last app Can be counted as a project .
2. What is architecture , A set of server maintenance projects .
3. What is cluster , A single system of computers combined to solve a particular problem .
4. What is high availability , When a server is not available , Another server takes over automatically , Make sure the business doesn't down machine .
5. What is load balancing , Will the user's request , Spread over multiple units of operation , Ensure the stability of the server .
Architecture access process - User perspective
1. The user enters oldboyedu.com-> enter
2. The browser will have a jump , analysis URL-> Then proceed DNS analysis -> Access to the real Internet IP Address
3. User pass tcp Three handshakes to initiate the connection -> Real Internet IP
4. The connection will go through the public network -> Router -> Switch -> Hardware firewall to the front end
5. Firewall according to its own access rules , Match -> If a malicious connection is made, it is rejected -> If it's a normal connection, let it go
6. The firewall forwards the connection to the load balancer -> See what the user requested -> According to the content of the task -> Issue to web The server
7.web After receiving the request, the service will judge according to the request If it's a request for pictures or attachments -> Find the static resources stored by the storage server If the content on the requested website -> Cache server -> If the cache server doesn't have -> database The database will return the data to web The server -> It also returns a copy to the cache server
8. Database returns content ->web The server -> Load balancing -> user
Architecture access process - O & M perspective
1. Users connect through the public network ( Tunnel )VPN The server , This makes it easy to manage internal hosts ,
2. Automated configuration management , Save labor costs , Convenient for later maintenance . Unified environment , Standardization
3. Automated monitoring services , Monitor the running state of the system , Forewarning , Retroactivity .
summary : A project covers a set of Architecture , A set of architecture covers different roles ( High availability 、 Load balancing 、web colony ) Five layer architecture model --> Load balancing web service Storage service Caching services Database services ( adopt tcp Connect )
1) customer -- user
People who visit the site
2) Security staff -- A firewall (firewalld)
Access policy control
3) Welcome guests -- Load balancing server (nginx)
Schedule the user's access request
4) The waiter ---web The server (nginx)
Handle user requests
5) The cook --- database server (mysql)
Stored character data ( The headset 500 SONY black Beijing address The order time 2019-05-05 13:00)
6) The cook --- Storage server (nfs)
Store image Audio video Attachment and other data information
7) The cook --- Backup server (rsync+crond- Scheduled backup rsync+sersync-- Real time backup )
Store important data of all servers on the website
8) The cook --- Cache server (memcache redis mongodb)
a Store data information in memory
b Slow down the pressure on the server
9) The manager --- Batch management server (ansible)
Batch management of multiple server hosts
Deploy site architecture :
1) Need to solve the single point problem of website architecture
Welcome guests : High Availability Services ---keepalived
database : High Availability Services ---mha
Storage service : High Availability Services ---keepalived Realization
High Availability Services --- Distributed storage
Backup service :
Interview questions : How the company's data is backed up
1) Using open source software to backup data rsync( free ) 2) Use enterprise network disk for data backup Seven cattle cloud storage 3) Using self built backup storage architecture Three centers in two places Caching services : High Availability Services --- Cache service cluster / Sentinel mode
2) How internal employees access the architecture remotely
Deploy and build VPN The server PPTP vpn
https://blog.oldboyedu.com/pptp-l2tp/
3) Internal staff operation management architecture server to audit
Springboard server jumpserver
https://jumpserver.readthedocs.io/zh/docs/setup_by_centos.html
4) In the architecture, if there is a problem with the server, it needs to give an alarm in advance
Deploy monitoring server zabbix
The first 2 Chapter Integrated Architecture Planning
Host name and IP Address planning
01. Firewall server firewalld 10.0.0.81( Internet address ) 172.16.1.81( Inside and outside address ) Software : firewalld
02. Load balancing server lb01 10.0.0.5 172.16.1.5 Software : nginx keepalived
03. Load balancing server lb02 10.0.0.6 172.16.1.6 Software : nginx keepalived
04. web The server web01 10.0.0.7 172.16.1.7 Software : nginx
05. web The server web02 10.0.0.8 172.16.1.8 Software : nginx
06. web The server web03 10.0.0.9( Storage ) 172.16.1.9 Software : nginx
07. database server db01 10.0.0.51 172.16.1.51 Software : mysql( slow ) mariaDB
08. Storage server nfs01 10.0.0.31 172.16.1.31 Software : nfs
09. Backup server backup 10.0.0.41 172.16.1.41 Software : rsync
10. Batch management server m01 10.0.0.61 172.16.1.61 Software : ansible
11. Springboard server jumpserver 10.0.0.71(61) 172.16.1.71 Software : jumpserver
12. Monitoring server zabbix 10.0.0.72(61) 172.16.1.72 Software : zabbix
Let's go first , And then make a change
13. Cache server Ignore
03. Optimize configuration template host
1) Network configuration
a Add network card
b Configure network card
vim /etc/sysconfig/network-scripts/ifcfg-eth1
c Confirm network configuration
2) System optimization process
1. Template machine optimization configuration ---hosts File configuration
\cp /etc/hosts{,.bak}
cat >/etc/hosts<<EOF
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.16.1.5 lb01
172.16.1.6 lb02
172.16.1.7 web01
172.16.1.8 web02
172.16.1.9 web03
172.16.1.51 db01 db01.etiantian.org
172.16.1.31 nfs01
172.16.1.41 backup
172.16.1.61 m01
EOF
The first 3 Chapter Optimize configuration template host
1. Network configuration
- Add network card
- Configure network card
vim /etc/sysconfig/network-scripts/ifcfg-eth1 - Confirm network configuration
2. hosts File configuration
\cp /etc/hosts{,.bak}
cat >/etc/hosts<<EOF
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.16.1.5 lb01
172.16.1.6 lb02
172.16.1.7 web01
172.16.1.8 web02
172.16.1.9 web03
172.16.1.51 db01 db01.etiantian.org
172.16.1.31 nfs01
172.16.1.41 backup
172.16.1.61 m01
EOF3. change yum Source
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup &&\
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
yum install -y wget
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
PS:yum repolist List yum The source of information ;4. close selinux
sed -i.bak 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
grep SELINUX=disabled /etc/selinux/config
setenforce 0
getenforce5. close iptables
systemctl stop firewalld
systemctl disable firewalld
systemctl status firewalld6. Raise the right oldboy Sure sudo ( Optional configuration )
useradd oldboy
echo 123456|passwd --stdin oldboy
\cp /etc/sudoers /etc/sudoers.ori
echo "oldboy ALL=(ALL) NOPASSWD: ALL " >>/etc/sudoers
tail -1 /etc/sudoers
visudo -c7. English character set
localectl set-locale LANG="en_US.UTF-8"
8. Time synchronization
yum install -y ntpdate
echo '#time sync by lidao at 2017-03-08' >>/var/spool/cron/root
echo '*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com >/dev/null 2>&1' >>/var/spool/cron/root
crontab -l9. Enlarge the file description
yum install -y lsof
lsof -i:22
# Enlarge the file description
echo '* - nofile 65536' >>/etc/security/limits.conf
tail -1 /etc/security/limits.conf
explain :
A service program runs , Will open the corresponding file
crond Scheduled task service ---systemctl start crond --- Open the corresponding file
/var/spool/cron/root --- Load open configuration file
/var/log/cron --- Load open log file 10. Install other small software
yum install lrzsz nmap tree dos2unix nc telnet wget lsof ntpdate bash-completion bash-completion-extras -y
11. ssh Slow connection speed optimization
sed -i.bak 's@#UseDNS yes@UseDNS no@g;s@^GSSAPIAuthentication yes@GSSAPIAuthentication no@g' /etc/ssh/sshd_config
systemctl restart sshd12. Modify hostname
Modify host name
hostnamectl set-hostname backup
Modify host address
sed -i 's#200#41#g' /etc/sysconfig/network-scripts/ifcfg-eth[01] grep 41 /etc/sysconfig/network-scripts/ifcfg-eth[01] sed -i '/UUID/d' /etc/sysconfig/network-scripts/ifcfg-eth[01] grep UUID /etc/sysconfig/network-scripts/ifcfg-eth[01] systemctl restart network PS: Start one by one in sequence , Make changes , Don't start at the same time Add : The cloned host cannot be remotely connected : Solution : 01. utilize ping Way test 02. close xshell The software opens again
sed -i 's#200#41#g' /etc/sysconfig/network-scripts/ifcfg-eth[01]
grep 41 /etc/sysconfig/network-scripts/ifcfg-eth[01]
sed -i '/UUID/d' /etc/sysconfig/network-scripts/ifcfg-eth[01]
grep UUID /etc/sysconfig/network-scripts/ifcfg-eth[01]
systemctl restart network
