One of the three stages: Architecture introduction and environment deployment

1, Architecture introduction and environment deployment

(1) Understand the composition of cluster architecture servers

Basic architecture composition: (for user access)

1. Front end services:

1) Customer user

Is a visitor who requests to visit the website page

2) Security - firewall equipment
Policy control shall be carried out for users accessing the architecture. Users who normally visit the website can be allowed to enter; illegal persons (hackers) who visit the website are forbidden to enter

3) Interphone exchange (external network)
Provide the requirements of communication between servers in the architecture (provide external personnel access)

4) Welcome - load balancing server
Schedule user's access request

5) Server web server
Respond to user requests

2. Back end services:

1) Interphone - interphone (intranet)
Provide the requirements of communication between servers in the architecture (provide internal LAN server communication)

2) Chef - database server
Mainly used to store the text (string) data information submitted by users

3) Chef storage server
It is mainly used to store data such as videos, audio, pictures and accessories uploaded by users

4) Chef - backup server
It is mainly used for unified backup management of user stored (uploaded) data information

5) Chef - cache server
It is mainly used to store the data information frequently accessed by users and improve the response efficiency of the requested data information.

3. Extended Architecture Composition: (used to let the operation and maintenance personnel remotely manage the servers in the architecture)

1) Staff - operation and maintenance personnel
Servers in the architecture can be managed remotely

2) Audit - springboard server
It is used to supervise the operation record information of the internal operation and maintenance personnel. Once there is a structural problem, it can quickly locate the cause of the problem and carry out the fault accountability of the corresponding personnel

3) Manager - batch management server
Through batch management server, multiple servers in the architecture can be batch managed to improve work efficiency

4) Monitoring - monitoring server
It is used to monitor the operation of the server in the management architecture and send an alarm to the relevant operation and maintenance management personnel in case of any problem

(2) Unified planning description of cluster architecture environment

① . server and service planning description
② . host address and host name planning
③ . installation and configuration path planning

(3) Virtual software host virtual network configuration

Step 1: configure VLAN in virtual software
Configure virtual network segment information and virtual gateway information

Step 2: add network card to virtual machine in virtual software
Two network cards are set in the virtual host:
eth0: nat mode network card
eth1: LAN segment network card (segment name is 172.16.1.0 / 24)

Step 3: configure the virtual machine network card in the virtual software

Step 4: virtual machine system optimization in virtual software
① . template machine optimization configuration -- hosts file configuration

\cp /etc/hosts{,.bak}
cat >/etc/hosts<<EOF
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
172.16.1.5      lb01
172.16.1.6      lb02
172.16.1.7      web01
172.16.1.8      web02
172.16.1.9      web03
172.16.1.51     db01
172.16.1.31     nfs01
172.16.1.41     backup
172.16.1.61     m01
EOF

② . template machine optimization configuration - change yum source

#Change yum source
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
#PS: yum repolist lists yum source information; explains what epel source is

③ . optimized configuration of template machine -- close selinux

#Turn off selinux
sed -i.bak 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
grep SELINUX=disabled /etc/selinux/config 
setenforce 0
getenforce

④. Template machine optimization configuration - turn off iptables

 #Close iptables         
/etc/init.d/iptables stop
/etc/init.d/iptables stop
chkconfig iptables off

⑤ . optimized configuration of template machine - thin boot service

 #Thin boot service
export LANG=en
chkconfig|egrep -v "crond|sshd|network|rsyslog|sysstat"|awk '{print "chkconfig",$1,"off"}'|bash
chkconfig --list|grep 3:on

⑥ . optimized configuration of template machine: weight lifting oldboy can sudo

#oldboy can be sudo (optional configuration)
useradd oldboy
echo 123456|passwd --stdin oldboy
\cp /etc/sudoers /etc/sudoers.ori
echo "oldboy  ALL=(ALL) NOPASSWD: ALL " >>/etc/sudoers
tail -1 /etc/sudoers
visudo -c

⑦ . optimized configuration of template machine --- English character set

 #English character set
cp /etc/sysconfig/i18n /etc/sysconfig/i18n.ori
echo 'LANG="en_US.UTF-8"'  >/etc/sysconfig/i18n 
source /etc/sysconfig/i18n
echo $LANG

⑧ . template machine optimization configuration - time synchronization

 #time synchronization 
echo '#time sync by lidao at 2017-03-08' >>/var/spool/cron/root
echo '*/5 * * * * /usr/sbin/ntpdate pool.ntp.org >/dev/null 2>&1' >>/var/spool/cron/root
crontab -l

⑨ . optimized configuration of template machine -- increase file description

#Enlarge file description
echo '*               -       nofile          65535 ' >>/etc/security/limits.conf 
tail -1 /etc/security/limits.conf 

⑩ . template machine optimization configuration - kernel optimization

  #Kernel optimization
cat >>/etc/sysctl.conf<<EOF
net.ipv4.tcp_fin_timeout = 2
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.ip_local_port_range = 4000    65000
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.route.gc_timeout = 100
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.core.somaxconn = 16384
net.core.netdev_max_backlog = 16384
net.ipv4.tcp_max_orphans = 16384
#The following parameters are the optimization of iptables firewall. The firewall does not prompt for a meeting and can be ignored.
net.nf_conntrack_max = 25000000
net.netfilter.nf_conntrack_max = 25000000
net.netfilter.nf_conntrack_tcp_timeout_established = 180
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
EOF
sysctl -p

⑪ . optimized configuration of template machine - install other small software

#Install other small software
yum install lrzsz nmap tree dos2unix nc telnet sl -y

⑫ . optimized configuration of template machine -- slow optimization of ssh connection speed

#Slow optimization of ssh connection speed          
sed -i.bak 's@#UseDNS yes@UseDNS no@g;s@^GSSAPIAuthentication yes@GSSAPIAuthentication no@g'  /etc/ssh/sshd_config
/etc/init.d/sshd reload

(4) Virtual host clone operation

Step 1: adjust the virtual host network configuration information

One clear two delete
 Two deletions: delete UUID (hardware identification information) and HWADDR (network mac address) in the network card (eth0 eth1)
sed -ri '/UUID|HWADDR/d'  /etc/sysconfig/network-scripts/ifcfg-eth[01]
1. Clear: clear the network rule configuration file
echo '>/etc/udev/rules.d/70-persistent-net.rules' >>/etc/rc.local 


Step 2: shut down the virtual template machine

shutdown -h now

Step 3: clone the template machine

 Link clone:
Advantages: saving system resources, high cloning efficiency
 Disadvantage: the template host cannot have problems. Once the template host fails, all clone hosts cannot work properly
 Full clone:
Advantages: the template host and clone host are independent of each other. If there is a problem with the template host, the clone host can still be used normally
 Disadvantage: low efficiency of system resource cloning

Step 4: turn on the virtual host after cloning (turn on one by one, confirm that the template host is turned off), and set the virtual host address and network card

 #Modify host name
hostname backup
 sed -i "s × host name × backup × g" / etc / sysconfig / network
 Note: the host name needs to be filled in as the current system host name, and then replaced		

#Modify host IP address information
sed -i "s#200#41#g" /etc/sysconfig/network-scripts/ifcfg-eth[01]
cat /etc/sysconfig/network-scripts/ifcfg-eth[01]

#Restart the network service and reconnect the virtual host

Tags: Linux network yum SELinux iptables

Posted on Mon, 04 May 2020 15:55:33 -0400 by atrum