linux学习--week18--keepalived tomc
2019-11-18 本文已影响0人
亮仔_c1b5
回顾及今日内容:
1.整个网站权限规划
- 高可用服务
2.1 keepalived 工作原理
2.2 环境准备
2.3 keepalived指南
2.4 keepalived 故障 脑裂/列脑
2.5 keepalived高可用 基于服务器 - web java服务
3.1 环境
3.2 tomcat相关核心文件
3.3 开启tomcat管理端
3.4 开启tomcat远程监控功能
3.5 server.xml
3.6 tomcat部署应用
3.7 Tomcat安全优化体系
4.任务 - shell+git+jenkins
1.整个网站权限规划
- web 存储 数据库
- web
网站站点目录: 文件 644 目录755 root root
网站上传目录:文件 644 目录755 www www - 存储
共享用户与web用户一致 uid gid一致
限制网段
挂载参数nodev,noexec,nosuid - 数据库
精确授权 wordpress all
增删改查
select
insert create
delete drop
update alter
[root@web01 ~]# find /html/blog/ -type f |xargs chmod
644
[root@web01 ~]# find /html/blog/ -type d |xargs chmod
755
[root@web01 ~]# #chown -R root.root /html/blog/
[root@web01 ~]# umount /html/blog/wp-content/uploads/
[root@web01 ~]# mount -t nfs -o nosuid,noexec,nodev
172.16.1.31:/data/web_uploads /html/blog/wpcontent/
uploads/
2. 高可用服务
- ha high Available
- keepalived heartbeat
-
keepalived 诞生是为了给lvs做高可用 (keepalived for lvs)
image.png
2.1 keepalived 工作原理
-
vrrp 虚拟路由冗余协议 诞生是为公司网站网络设备做高可用 3层路由
image.png
2.2 环境准备
| lb01 |
|---|
| lb02 |
| web01 |
| web02 |
#web01 web02
curl 10.0.0.0.[7-8]/oldboy.html
web01 www
web02 www
[root@web01 ~]# cat /etc/nginx/nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user
[$time_local] "$request" '
'$status $body_bytes_sent
"$http_referer" '
'"$http_user_agent"
"$http_x_forwarded_for" $document_root';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
server {
listen 80 ;
server_name www.oldboy.com;
root /html/www;
location / {
index index.html;
}
}
server {
server_name blog.oldboy.com;
listen 80;
root /html/blog;
index index.php index.html;
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME
$document_root$fastcgi_script_name;
include fastcgi_params;
}
}
}
[root@web01 ~]# cat /html/www/oldboy.html
web01 10.0.0.7 172.16.1.7 www
#lb01 lb02
keepalived
yum install -y keepalived
nginx 负载均衡
2.3 keepalived指南
- 结构 分为3个部分
# GLOBAL CONFIGURATION 全局定义部分
# VRRPD CONFIGURATION vrrp实例部分 vip
# LVS CONFIGURATION keepalived 管理lvs配置
# keepalived.conf配置文件中 !或 #都表示注释
! Configuration File for keepalived
##全局定义
global_defs { #全局定义部分 global definations
router_id lb01 #我们每个keepalived服务/软件 要有1个独
一无二的id
}
##vrrp实例 设置vip
vrrp_instance VI_1 { #vrrp_instance 实例的名称 名称在
同一对主备之间要一致
state MASTER #state状态 MASTER(主 大写)
BACKUP(备)
interface eth0 #指定网卡
virtual_router_id 52 #每个vrrp实例的id号 每个实例要有
自己的id 在同一对主备中 id要一致
priority 100 #优先级 主大于备 主100 备50
advert_int 1 #心跳间隔 每1秒 发送1次存活状态 给
备
authentication { #简单认证 主备
auth_type PASS
auth_pass 1111
}
virtual_ipaddress { #vip 通过ip命令添加的
#10.0.0.3 #vip 阿里云HAVIP(keepalived 截止
2018)
10.0.0.3/24 dev eth0 label eth0:1 #被
ifconfig识别
}
}
image.png
2.4 keepalived 故障 脑裂/列脑
image.png
image.png
什么时候发送报警信息?
- 备:只要备节点有vip 就报警
老男孩教育-Linux学院 - 备VIP: 主挂了
- 备VIP: 脑裂
[root@lb02 ~]# ip a |grep 10.0.0.3
inet 10.0.0.3/24 scope global secondary eth0:1
[root@lb02 ~]# ip a |grep -c 10.0.0.3
1
[root@lb02 ~]# systemctl stop firewalld.service
[root@lb02 ~]# ip a |grep -c 10.0.0.3
0
2.5 keepalived高可用 基于服务器
- keepalived漂移:
keep挂了
断网
nginx或某个服务挂了 目前不会漂移 - nginx负载均衡高可用
#给 keepalived 添加 检查脚本
脚本:检查nginx是否运行 如果不运行 关闭keepalived
配置keepalived调用脚本
##脚本:检查nginx是否运行 如果不运行 关闭keepalived
###第1个里程碑-命令行取出nginx服务状态
#检查进程数量
ps -ef |grep -c '[n]ginx'
#检查端口数量
ss -lntup |grep nginx
ss -lntup |grep -c nginx
#检查端口
lsof -i:80
image.png
###第2个里程碑-keepalived调用 脚本
#####vrrp_script
[root@lb01 /server/scripts]# cat
/etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
router_id lb01
}
vrrp_script chk_lb {
script /server/scripts/chk_lb.sh
interval 2
timeout 10
weight 1
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 52
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3/24 dev eth0 label eth0:1
}
track_script {
chk_lb
}
}
vrrp_instance VI_2 {
state MASTER
interface eth0
virtual_router_id 53
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.4/24 dev eth0 label eth0:2
}
track_script {
chk_lb
}
}
3. web java服务
- LNMP (架构) php开发
- java开发
jvm
1份放在jvm中 只要机器有jvm环境 就可以运行java代码 1份
代码处处使用 可移植性
java virutal machine java虚拟机
jdk jre
jdk java development kit java 开发环境 jdk ~ jre + 开
发工具
jre java runtime environment java运行环境
java代码容器
tomcat
resin
weblogic (配合oracle数据库 )
3.1 环境
- web01 db01 nfs01
- jdk
jdk (oracle)
openjdk - tomcat
-
准备jdk环境
image.png
image.png
- jdk 环境准备
[root@web01 /app/tools]# tar xf jdk-8u60-linuxx64.
tar.gz -C /app/
[root@web01 /app/tools]#
[root@web01 /app/tools]# ln -s /app/jdk1.8.0_60/
/app/jdk
[root@web01 /app/tools]# ll -d /app/jdk
lrwxrwxrwx 1 root root 17 Nov 17 14:46 /app/jdk ->
/app/jdk1.8.0_60/
cat >>/etc/profile<<'EOF'
export JAVA_HOME=/app/jdk
export PATH=$JAVA_HOME/bin:$JAVA_HOME/jre/bin:$PATH
export
CLASSPATH=.:$JAVA_HOME/lib:$JAVA_HOME/jre/lib:$JAVA_HO
ME/lib/tools.jar
EOF
[root@web01 /app/tools]# . /etc/profile
[root@web01 /app/tools]# java -version
java version "1.8.0_60"
Java(TM) SE Runtime Environment (build 1.8.0_60-b27)
Java HotSpot(TM) 64-Bit Server VM (build 25.60-b23,
mixed mode)
- tomcat环境准备
[root@web01 /app/tools]# tar xf apache-tomcat-
8.0.27.tar.gz -C /app/
[root@web01 /app/tools]# ln -s /app/apache-tomcat-
8.0.27/ /app/tomcat
[root@web01 /app/tools]# /app/tomcat/bin/version.sh
Using CATALINA_BASE: /app/tomcat
Using CATALINA_HOME: /app/tomcat
Using CATALINA_TMPDIR: /app/tomcat/temp
Using JRE_HOME: /app/jdk
Using CLASSPATH:
/app/tomcat/bin/bootstrap.jar:/app/tomcat/bin/tomcatjuli.
jar
Server version: Apache Tomcat/8.0.27
Server built: Sep 28 2015 08:17:25 UTC
Server number: 8.0.27.0
OS Name: Linux
OS Version: 3.10.0-957.el7.x86_64
Architecture: amd64
JVM Version: 1.8.0_60-b27
JVM Vendor: Oracle Corporation
- tomcat启动与检查
[root@web01 /app/tools]# /app/tomcat/bin/startup.sh
Using CATALINA_BASE: /app/tomcat
Using CATALINA_HOME: /app/tomcat
Using CATALINA_TMPDIR: /app/tomcat/temp
Using JRE_HOME: /app/jdk
Using CLASSPATH:
/app/tomcat/bin/bootstrap.jar:/app/tomcat/bin/tomcatjuli.
jar
Tomcat started.
[root@web01 /app/tools]# ss -lntup |grep tomcat
[root@web01 /app/tools]# ps -ef |grep java
root 8730 1 13 15:00 pts/0 00:00:03
/app/jdk/bin/java -
Djava.util.logging.config.file=/app/tomcat/conf/loggin
g.properties -
Djava.util.logging.manager=org.apache.juli.ClassLoader
LogManager -Djava.endorsed.dirs=/app/tomcat/endorsed -
classpath
/app/tomcat/bin/bootstrap.jar:/app/tomcat/bin/tomcatjuli.
jar -Dcatalina.base=/app/tomcat -
Dcatalina.home=/app/tomcat -
Djava.io.tmpdir=/app/tomcat/temp
org.apache.catalina.startup.Bootstrap start
root 8761 8516 0 15:00 pts/0 00:00:00 grep
--color=auto java
[root@web01 /app/tools]# ss -lntup |grep java
tcp LISTEN 0 100 :::8009
:::* users:
(("java",pid=8730,fd=51))
tcp LISTEN 0 100 :::8080
:::* users:
(("java",pid=8730,fd=46))
tcp LISTEN 0 1 ::ffff:127.0.0.1:8005
:::* users:
(("java",pid=8730,fd=76))
image.png
3.2 tomcat相关核心文件
[root@web01 /app/tools]# ll /app/tomcat/
total 92
drwxr-xr-x 2 root root 4096 Nov 17 14:59 bin
drwxr-xr-x 3 root root 198 Nov 17 15:00 conf
drwxr-xr-x 2 root root 4096 Nov 17 14:59 lib
-rw-r--r-- 1 root root 57011 Sep 28 2015 LICENSE
drwxr-xr-x 2 root root 197 Nov 17 15:00 logs
-rw-r--r-- 1 root root 1444 Sep 28 2015 NOTICE
-rw-r--r-- 1 root root 6741 Sep 28 2015 RELEASENOTES
-rw-r--r-- 1 root root 16204 Sep 28 2015 RUNNING.txt
drwxr-xr-x 2 root root 30 Nov 17 14:59 temp
drwxr-xr-x 7 root root 81 Sep 28 2015 webapps
drwxr-xr-x 3 root root 22 Nov 17 15:00 work
| tomcat 目录 |
核心内容 | |
|---|---|---|
| bin | tomcat管理命令 | |
| startup.sh | ||
| shutdown.sh | ||
| catalina.sh #核心脚本 startup shutdown 都会调用 #修改 tomcat启动参数 (开启 tomcat远程监控功能) (跳转jvm参 数) |
||
| conf | server.xml #tomcat主配置文件 nginx.conf |
|
| web.xml #补充 额外配置 | ||
| tomcat-user.xml #配置tomcat管 理端的用户 |
||
| logs | catalina.out #tomcat最全日志 startup app启动时间. 切割后内容默认不会被清空 |
1s=1000ms 1ms=1000us 1us=1000ns |
| catalina.2019-11-17.log #catalina.out切割日志 |
||
| localhost_access_log.2019-11- 17.txt #tomcat访问日志 |
||
| webapps | 站点目录 |
3.3 开启tomcat管理端
[root@web01 /app/tomcat/conf]# cat tomcat-users.xml
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users xmlns="http://tomcat.apache.org/xml"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://tomcat.apache.org/xml
tomcat-users.xsd"
version="1.0">
<role rolename="admin-gui"/>
<role rolename="manager-gui"/>
<role rolename="host-gui"/>
<user username="tomcat" password="tomcat"
roles="admin-gui,manager-gui,host-gui"/>
</tomcat-users>
3.4 开启tomcat远程监控功能
- zabbix监控tomcat准备
- 开启tomcat远程监控功能
- zabbix 服务端 安装java gateway
- 监控 tomcat获取数据
- 开启tomcat远程监控功能
# catalina.sh
[root@web01 /app/tomcat/logs]# ps -ef |grep java
root 9021 1 0 15:49 pts/1 00:00:06
/app/jdk/bin/java -
Djava.util.logging.config.file=/app/tomcat/conf/loggin
g.properties -
Djava.util.logging.manager=org.apache.juli.ClassLoader
LogManager -Djava.endorsed.dirs=/app/tomcat/endorsed -
classpath
/app/tomcat/bin/bootstrap.jar:/app/tomcat/bin/tomcatjuli.
jar -Dcatalina.base=/app/tomcat -
Dcatalina.home=/app/tomcat -
Djava.io.tmpdir=/app/tomcat/temp
org.apache.catalina.startup.Bootstrap start
root 9110 8543 0 16:00 pts/1 00:00:00 grep
--color=auto java
CATALINA_OPTS="$CATALINA_OPTS
-Dcom.sun.management.jmxremote
-Dcom.sun.management.jmxremote.port=12345
-Dcom.sun.management.jmxremote.authenticate=false
-Dcom.sun.management.jmxremote.ssl=false
-Djava.rmi.server.hostname=10.0.0.7"
CATALINA_OPTS="$CATALINA_OPTS #CATALINA_OPTS
tomcat运行的参数
-Dcom.sun.management.jmxremote #jmxremote 开启tomcat
远程监控功能
-Dcom.sun.management.jmxremote.port=12345 #tomcat远程
监控端口
-Dcom.sun.management.jmxremote.authenticate=false #远程
监控认证
-Dcom.sun.management.jmxremote.ssl=false
#https
-Djava.rmi.server.hostname=10.0.0.7" #本地的ip地址
/app/jdk/bin/java -
Djava.util.logging.config.file=/app/tomcat/conf/loggin
g.properties -
Djava.util.logging.manager=org.apache.juli.ClassLoader
LogManager -Dcom.sun.management.jmxremote -
Dcom.sun.management.jmxremote.port=12345 -
Dcom.sun.management.jmxremote.authenticate=false -
Dcom.sun.management.jmxremote.ssl=false -
Djava.rmi.server.hostname=10.0.0.7 -
Djava.endorsed.dirs=/app/tomcat/endorsed -classpath
/app/tomcat/bin/bootstrap.jar:/app/tomcat/bin/tomcatjuli.
jar -Dcatalina.base=/app/tomcat -
Dcatalina.home=/app/tomcat -
Djava.io.tmpdir=/app/tomcat/temp
org.apache.catalina.startup.Bootstrap start
/app/jdk/bin/java
-
Djava.util.logging.config.file=/app/tomcat/conf/loggin
g.properties
-
Djava.util.logging.manager=org.apache.juli.ClassLoader
LogManager
-Dcom.sun.management.jmxremote
-Dcom.sun.management.jmxremote.port=12345
-Dcom.sun.management.jmxremote.authenticate=false
-Dcom.sun.management.jmxremote.ssl=false
-Djava.rmi.server.hostname=10.0.0.7
-Djava.endorsed.dirs=/app/tomcat/endorsed
-classpath
/app/tomcat/bin/bootstrap.jar:/app/tomcat/bin/tomcatjuli.
jar
-Dcatalina.base=/app/tomcat -
Dcatalina.home=/app/tomcat
-Djava.io.tmpdir=/app/tomcat/temp
org.apache.catalina.startup.Bootstrap
start
[root@web01 /app/tomcat/logs]# ss -lntup |grep java
tcp LISTEN 0 100 :::8009
:::* users:
(("java",pid=9239,fd=54))
tcp LISTEN 0 100 :::8080
:::* users:
(("java",pid=9239,fd=50))
tcp LISTEN 0 50 :::38547
:::* users:
(("java",pid=9239,fd=21))
tcp LISTEN 0 50 :::41589
:::* users:
(("java",pid=9239,fd=19))
tcp LISTEN 0 50 :::12345
:::* users:
(("java",pid=9239,fd=20))
tcp LISTEN 0 1 ::ffff:127.0.0.1:8005
:::* users:
(("java",pid=9239,fd=78))
- windows安装 jdk 进行连接12345端口
windows下面 通过everything jconsole.exe
C:\Program Files\Java\jdk1.8.0_31\bin\jconsole.exe
image.png
image.png
image.png
3.5 server.xml
<?xml version='1.0' encoding='utf-8'?>
<Server port="8005" shutdown="SHUTDOWN">
#8005
#8080
#8009
# tomcat 管理功能 相关配置
<GlobalNamingResources>
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be
updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabase
Factory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
#tomcat web端口
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
#8009
## 与apache进行沟通 端口
<Connector port="8009" protocol="AJP/1.3"
redirectPort="8443" />
#tomcat虚拟主机 配置
#name === nginx server_name
#appBase === nginx root
#unpackWARs 自动解压
#autoDeploy 自动部署
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<Valve
className="org.apache.catalina.valves.AccessLogValve"
directory="logs"
prefix="localhost_access_log"
suffix=".txt"
pattern="%h %l %u %t "%r" %s
%b" />
</Host>
Tomcat Connector(Tomcat连接器)有bio、nio、apr三种运行模式。
- bio(blocking I/O)是指阻塞式I/O操作,Tomcat在默认情况下就是以bio
模式运行的。这可以从守护线程的信息看出来。 - nio(non-blocking I/O)是非阻塞I/O操作。nio是一个基于缓冲区并能提
供非阻塞I/O操作的Java API,它拥有比bio更好的并发运行性能 - apr(Apache portable Run-time libraries/Apache可移植运行库)是
Apache HTTP服务器的支持库。
| <Server port="8005" shutdown="SHUTDOWN"> |
shutdown端口 连接到8005 输入暗号 tomcat关闭 |
|---|---|
3.6 tomcat部署应用
- wordpress.zip
- war 包 相当于是zip压缩包 需要包war包放在 tomcat webapps下面
运行 - jar 包 直接运行 java -jar xxxx.jar
- war包
select,insert,create,delete,drop,update,alter
create database jpress charset utf8;
grant all on jpress.* to 'jpress'@'172.16.1.%'
identified by '12345';
http://10.0.0.7:8080/jpress/ #用户访问
http://10.0.0.7:8080/jpress/admin #后台
- jar
3.7 Tomcat安全优化体系
4.任务
- heartbeat
- 部署java应用 jira
-
完成综合架构图 绘制
老男孩教育-期末架构-v2.0.jpg
