Linux Server Enterprise Cluster architecture Deployment (i)----environment configuration requirements and System Foundation optimization

Source: Internet
Author: User
Tags inotify rsyslog

Fate is the sea, when you can swim, you will indulge in your love, because you do not know what will come, roll away all hope and dream.

This article Sunson _estelle
Copyright Notice: Test learning, deficiencies, welcome correction. Permission to reprint, please be sure to use hyperlinks in the form of the original source of the article, author information and this statement

Chapter One cluster architecture to build a deployment target
1.1 Overview of this architecture deployment configuration
It is suggested that the servers used in this cluster architecture are simulated test and learning for VM virtual machines.

① two Linux servers as load Balancer Server (LVS-01/LVS-02), Basic mode: lvs-dr+keepalived. Responsible for distributing all requests to the following Web server.


② two Linux servers as a Web server (web-01/web-02), learning to configure Apache and Nginx, respectively, to provide HTTP Web services, respectively, the implementation of lamp and LNMP Web service architecture.


③ two Linux servers as database servers (mysql-01/mysql-02), respectively, to deploy MySQL multi-instance, the database realizes master-slave synchronization, and has the relevant data backup scheme.


④ a Linux server as a memcache cache server, deployed in the front of the database server, as a Web server session sharing, as well as the database cache caches, reduce the database pressure.


⑤ a Linux server as an NFS shared Server for NFS and backup server real-time data Synchronization (rsync+inotify). Provides data-sharing access services for all Web server public data.


⑥ a Linux server as a backup server, providing backup for full-network server data, as well as a log server for a full-network server. Also back up the server as a standby for NFS.


⑦ a Linux server as a full-network monitoring Server (NAGIOS+CACTI), responsible for all the host network server traffic conditions and graphical display monitoring (active passive).


⑧ software version: Virtual machine VMware work staation version 10. Linux is cent os-6.5-x86_64 version. The Linux kernel version is selected as "other linux2.6.x kernel 64-bit".


⑨ external remote connection software uses the CRT5.1 version.


1.2 Cluster deployment overall requirements target
① the basic optimization of Linux system at the beginning of all server construction. All-network server time synchronization and installation directory, directory path uniform specification.
②web Server, configure the site product catalog (pseudo static/dynamic separation). The lamp environment and LNMP environment are optimized in depth respectively. Internal business implements domain name invocation.
③ full network server important files, scheduled updates backup, and backup storage of important business data.
④web Service database for dynamic and static separation deployment. Deploy DB read-write separation software.
⑤ the database server front-end deployment cache server, alleviate the back-end database access request pressure.
⑥ any machine outage in the entire cluster architecture does not affect the continued delivery of the overall business.
⑦ Linux servers that provide extranet services open iptables (based on business requirements). The intranet server sets up the Nat gateway online via iptables.
⑧ realizes the centralized management and log audit of sudo permissions for all-network servers.


1.3 Full-network server configuration implementation requirements
① Load Balancer Server
LVS-01 is primarily load balanced and is responsible for distributing all user requests to the following Web servers. (lvs+leepalived)
LVS-02 is a standby load balancer, (lvs+keepalived), when the primary load is balanced, the service is not available, by the standby load Balancer takeover, can also be configured as multi-instance multi-master load Balancing mode.
Note: You can deploy dual-master load Balancing mode, two Web site programs run on LB1, another two Web site services run on LB2, LB1 and LB2 listen to each other, when one party encounters a fault, the other party takes over the service.
②lamp Architecture Web Service
Payload provides HTTP Web services, post-deployment db read-write separation software (amoeba or mysql-proxy), deployment of four virtual host Web applications (local host file parsing implementation).
Note: Lamp must be deeply optimized for configuration such as gzip compression, expires, directory permissions control, upload directory prohibit PHP parsing (one-click Scripting Optimization). The Web page implements pseudo-static parsing. Website file tampering Monitoring alarm.
③LNMP Architecture Web Service
With LANP Architecture Web deployment. Note the depth optimization of the LNMP.
④ Backing up Server backup
Set up Scheduled tasks, backup the important files of the whole network server and the important directory files of the Web server, archive by server IP backup. Provides shared access to public data for all Web servers.
Merge Web Access logs for multiple site sites by business. and analysis of IP access to the top ten IP address and corresponding traffic, daily PV and IP volume to send the administrator mailbox.
Note 1: The backup server saves the last 7th, all data, save a full copy of the data every Saturday, and retain data for one year (scheduled tasks).
NOTE 2: The backup server does the integrity check, log analysis and so on can use the Script + timed task implementation, send the administrator mailbox.
⑤memcache cache and Session shared cache
For database memory caching and Web session sharing. Cache of the load database and the data cache for the Web service.
Note 1: Deploy Memcache Server program, at least two Memache instances launched, on-line service, only intranet network card. No external network network card, through the fixed gateway to the Internet. The database cache needs to modify the program support, BB and other cache interface settings.
Note the session shared storage of the 2:web service can be configured in the php.ini, or it can be persisted through the LVS session. or through cookies.
⑥ database Server MySQL
Responsible for providing database services, MySQL-01 and MySQL-02, and deploying two instances separately.
MySQL-01 3306-Port to MySQL-02 3306-port Deployment Master-Slave synchronization.
MySQL-02 3307-Port to MySQL-01 3307-port Deployment Master-Slave synchronization.
MYSQL-01 Server: Ports 3306 and 3307, where 3306 specifies the primary library write data service for two sites (BBS/WWW), and 3307 ports are used for read-write databases from libraries in two additional sites (Blog/wiki).
Note: The database service does not have an extranet IP and is connected via a fixed gateway. Minimum authorization for the library, read-only from the library.
MYSQL-02 Server: Ports 3306 and 3307, where 3306 specifies a read data service from the library for two sites (BBS/WWW), and 3307 ports are used for the main library write database for another two sites (Blog/wiki).
Note: The database service does not have an extranet IP and is connected via a fixed gateway. Minimum authorization for the library, read-only from the library.
Tip: Provide developers with different read/write libraries (3306 ports and 3307 ports are configured separately).
Another: high-availability scenarios for MySQL Main library:
1, using the Mysql-mmm tool to achieve the main library high-availability deployment, to achieve the hot standby semi-synchronous (maintain real-time synchronization).
2, using Leeepalved+mysql dual master, realize the high-availability deployment of MySQL main library, realize the semi-synchronization of hot standby (maintain real-time synchronization).
3. Use the HEARTBEAT-MYSQL-DRBD scheme to achieve high availability (DRBD) of the MySQL main library.
⑦ Shared Server NFS
Shared directory and Backup server Live Sync (nfs+inotify). The NFS service also serves as a back-end storage server.
⑧ Monitoring Server Nagios+cacti
Nagios is responsible for monitoring the system Resource usage and service operation of the whole network server, and making the alarm of the timing malfunction. , cacti is responsible for the network traffic situation of all network hosts, as well as the flow chart of the export of the uplink, the system resources out of the map. The monitoring server also distributes or updates the server as code.
The final Test platform for IDC's formal environment, which requires the environment: the WEB (lamp or LNMP).

# # #注意事项:
① a project that needs to be done on a daily basis.
② Batch Management optimization project to do script implementation.
③ Add services as well as service run management to make scripting implementations (if necessary).
④ key service projects, provide a variety of methods to achieve, and do comparative analysis.


Chapter II VMware Test System Environment Deployment configuration
2.1 VM Deployment Installation Considerations (CentOS6.5)
The number of ① virtual machines is 10 units, respectivelyNagios/lvs-01/lvs-02/nfs/apache_web-01/nginx_web-02/memcache/mysql-01/mysql-02/backup.
The ② virtual machine chooses the VMware work staation 10 version. Linux is cent os-6.5-x86_64 version. The Linux kernel version is selected as "other linux2.6.x kernel 64-bit".
③ virtual machine's hard disk unified configuration 8G, memory configuration as needed to adjust. The network connection mode is initially set to NAT.
④ Virtual machine initialization installation, set to three partitions: Swap partition 512M, boot partition 200M, root partition all remaining,.
⑤ Initial installation package Select 1. Base, 2.Compatibility libraries, 3.Debugging tools, 4.Development tools, 5.dial-up Networking support, 6.Hardware Monitoring utilities, 7.Performance Tools.
⑥ Log on to the virtual machine, Setu settings DCHP automatically get the IP, and then edit the network card profile: Remove the UUID option, set the Onboot option to Yes and restart the NIC. Get the native IP address.
2.2 Linux Server host name, IP planning configuration
192.168.109.154 Memcache
192.168.109.155 Nagios
192.168.109.156 LVS-01
192.168.109.157 LVS-02
192.168.109.158 apache_web-01
192.168.109.159 nginx_web-02
192.168.109.162 NFS
192.168.109.164 Backup
192.168.109.165 MySQL-01
192.168.109.166 MySQL-02
192.168.109.167 Spare
2.3 Linux Server basic General requirements Configuration
This cluster operation simulation specification is simple to configure as follows:
① pre-deployment, all Linux unified access to the external network, software installation and configuration, etc., the network card is a dual network card (inside and outside), after the deployment is completed, back-end servers such as MySQL, Nagios, and so on, only leave the intranet network card, provide services.
② Virtual machine initialization installation, set to three partitions: Swap partition 512M, boot partition 200M, root partition remaining all
③ Initial installation Package selection
1.Base
2.Compatibility Libraries
3.Debugging Tools
4.Development Tools
5.dial-up Networking Support
6.Hardware Monitoring Utilities
7.Performance Tools.
Note: Install the relevant plug-ins as needed during the deployment process.
④ full network Server Configuration directory specification: The storage directory of the software:/application/toos/, script storage:/server/scripts/, installation directory:/appliacation/. Native backup directory:/data/backup.
⑤ Monitoring Server D development script, according to the settings, alarm information sent to the administrator mailbox.
⑥ Backup Server D The development script is implemented to check the integrity of all backed up data and send the check results to the OPS person's mailbox on a timed basis.
⑦ all services are added to/etc/rc.local in the boot, and note
⑧ Note the setting specification for the overall environment character set.


Chapter three analysis of basic optimization of Linux system

3.1 Basic Optimization Projects
# #禁止root远程登录使用普通用户登录
Port 52113
Permitrootlogin No
Permitemptypasswords No
Usedns No
Gssapiauthentication No

# #创建普通用户及sudo授权
Tslove all= (All) all

# #关闭Selinux及防火墙iptables
View Selinux:getenforce
Open Selinux:setenforce
Close Selinux:setenforce 0

# #更新国内镜像yum源
Change the installation source address: Wget-o/etc/yum.repos.d/centos-base.repo Http://mirrors.aliyun.com/repo/Centos-6.repo

# #更改字符集, support Chinese display: The contents of the file after the modification are
Lang= "en_US. UTF-8 "
Sysfont= "Latarcyrheb-sun16"

# #加大文字描述符
Echo ' *-nofile 65535 ' >>/etc/security/limits.conf

# #精简开机启动服务(Crond, sshd, network, Rsyslog)
For Oldboy in ' chkconfig--list|grep ' 3:on ' |awk ' {print '} ' |grep-ve ' Crond|network|sshd|rsyslog ' ';d o chkconfig $oldboy o Ff;done

# #Linux内核参数优化/etc/sysctl.conf, Execution sysct-p effective
# #Kernel Base
Net.ipv4.tcp_fin_timeout = 2
Net.ipv4.tcp_tw_reuse = 1
Net.ipv4.tcp_tw_recycle = 1
Net.ipv4.tcp_syncookies = 1
Net.ipv4.tcp_keepalive_time = 600
Net.ipv4.ip_local_port_range = 4000 65000
Net.ipv4.tcp_max_syn_backlog = 16384
Net.ipv4.tcp_max_tw_buckets = 36000
Net.ipv4.route.gc_timeout = 100
Net.ipv4.tcp_syn_retries = 1
Net.ipv4.tcp_synack_retries = 1
Net.core.somaxconn = 16384
Net.core.netdev_max_backlog = 16384
Net.ipv4.tcp_max_orphans = 16384

# #IF START iptables
Net.nf_conntrack_max = 25000000
Net.netfilter.nf_conntrack_max = 25000000
net.netfilter.nf_conntrack_tcp_timeout_established = 180
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
Net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120

# #时间同步:Periodically update server time automatically, adding the following scheduled tasks:
# #time Sync by tslove at 2014-12-19
*/5 * * * */usr/sbin/ntpdate time.nist.gov >/dev/null 2>&1
# #锁定关键系统文件(Chattr +i/etc/passwd/etc/shadow/etc/group/etc/gshadow/etc/inittab
Chattr +i/etc/passwd/etc/shadow/etc/group/etc/gshadow/etc/inittab
# #清空/etc/issue, remove system and kernel version before landing screen display
# #删除 The two files of/etc/issue and/etc/issue.net. /ETC/MOTD additions to the file are:
Where We love is home, home the feet may leave, but not our hearts.

# # time-out login and history data, edit/etc/profile file
tmout=3600 #超时时间
HISTFILESIZE=50 # #包含最大内容行数
HISTSIZE=50 # #包含最大命令内容行数


This article is from the "Sunson _estelle" blog, please be sure to keep this source http://tslove.blog.51cto.com/9115838/1591887

Linux Server Enterprise Cluster architecture Deployment (i)----environment configuration requirements and System Foundation optimization

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.