[Add]修改mariadb分布式部署文档

a76159dd · wojiushixiaobai · d657c401 · a76159dd · a76159dd · a76159dd
Commit a76159dd authored May 04, 2019 by wojiushixiaobai
5 changed files
--- a/docs/distributed_02.rst
+++ b/docs/distributed_02.rst
@@ -17,6 +17,8 @@
 +==========+============+=================+===============+========================+
 |    TCP   |    Nginx   | 192.168.100.100 | 80, 443, 2222 |           All          |
 +----------+------------+-----------------+---------------+------------------------+
+|    TCP   |    Nginx   | 192.168.100.100 |      3306     |       Jumpserver       |
+----------+------------+-----------------+---------------+------------------------+
 开始安装
 ~~~~~~~~~~~~
@@ -33,11 +35,14 @@
    $ firewall-cmd --zone=public --add-port=80/tcp --permanent
    $ firewall-cmd --zone=public --add-port=443/tcp --permanent
    $ firewall-cmd --zone=public --add-port=2222/tcp --permanent
+    $ firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.100.0/24" port protocol="tcp" port="3306" accept"
+    # 192.168.100.0/24 为整个 Jumpserver 网络网段, 这里就偷懒了, 自己根据实际情况修改即可
    $ firewall-cmd --reload
-    # 设置 http 访问权限
+    # 设置 selinux
-    $ setsebool -P httpd_can_network_connect 1
+    $ setenforce 0
-    $ semanage port -a -t http_port_t -p tcp 2222
+    $ sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
 .. code-block:: shell
@@ -92,17 +97,30 @@
        access_log /var/log/nginx/tcp-access.log  proxy;
        open_log_file_cache off;
+        upstream MariaDB {
+            server 192.168.100.10:3306;
+            server 192.168.100.11:3306 backup;  # 多节点
+            server 192.168.100.12:3306 down;  # 多节点
+            # 这里是 Mariadb 的后端ip
+        }
        upstream cocossh {
-            server 192.168.100.40:2222 weight=1;
+            server 192.168.100.40:2222;
-            server 192.168.100.40:2223 weight=1;  # 多节点
+            server 192.168.100.40:2223;  # 多节点
            # 这里是 coco ssh 的后端ip
-            hash $remote_addr;
+            least_conn;
        }
+        server {
+            listen 3306;
+            proxy_pass MariaDB;
+            proxy_connect_timeout 1s;  # detect failure quickly
+        }
        server {
            listen 2222;
            proxy_pass cocossh;
-            proxy_connect_timeout 10s;
+            proxy_connect_timeout 1s;  # detect failure quickly
-            proxy_timeout 24h;   #代理超时
        }
    }

--- a/docs/distributed_03.rst
+++ b/docs/distributed_03.rst
@@ -12,42 +12,137 @@
 -  系统: CentOS 7
 -  IP: 192.168.100.10
+-  服务: MariaDB Galera Cluster
 +----------+------------+-----------------+---------------+------------------------+
 | Protocol | ServerName |        IP       |      Port     |         Used By        |
 +==========+============+=================+===============+========================+
-|    TCP   |    Mysql   | 192.168.100.10  |      3306     |        Jumpserver      |
+|    TCP   | Mariadb-01 | 192.168.100.10  |      3306     |        Jumpserver      |
 +----------+------------+-----------------+---------------+------------------------+
+|    TCP   | Mariadb-02 | 192.168.100.11  |      3306     |        Jumpserver      |
+----------+------------+-----------------+---------------+------------------------+
+|    TCP   | Mariadb-03 | 192.168.100.12  |      3306     |        Jumpserver      |
+----------+------------+-----------------+---------------+------------------------+
 开始安装
 ~~~~~~~~~~~~
 .. code-block:: shell
-    # 升级系统
+    # 以下命令需要在三台数据库服务器分别执行
    $ yum upgrade -y
-    # 安装 mariadb 服务
+    # 添加 MariaDB 源
-    $ yum install -y install mariadb mariadb-devel mariadb-server
+    $ vi /etc/yum.repos.d/MariaDB.repo
+    [mariadb]
+    name = MariaDB
+    baseurl = http://mirrors.ustc.edu.cn/mariadb/yum/10.1/centos7-amd64
+    gpgkey=http://mirrors.ustc.edu.cn/mariadb/yum/RPM-GPG-KEY-MariaDB
+    gpgcheck=1
+    # 安装 MariaDB Galera Cluster
+    $ yum install -y mariadb mariadb-server mariadb-common galera rsync
+    # 设置 Firewalld 和 Selinux
+    $ firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.100.0/24" port protocol="tcp" port="3306" accept"
+    $ firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.100.0/24" port protocol="tcp" port="4567" accept"
+    $ firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.100.0/24" port protocol="tcp" port="4568" accept"
+    $ firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.100.0/24" port protocol="tcp" port="4444" accept"
+    $ firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.100.0/24" port protocol="udp" port="4567" accept"
+    # 192.168.100.0/24 为整个 Jumpserver 网络网段, 这里就偷懒了, 自己根据实际情况修改即可
-    # 设置防火墙, 开放 3306 端口 给 jumpserver 访问
-    $ firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.100.30" port protocol="tcp" port="3306" accept"
    $ firewall-cmd --reload
-    # 设置 mariadb 服务
+    $ setenforce 0
-    $ systemctl enable mariadb
+    $ sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
+.. code-block:: shell
+    # 在 192.168.100.10 上执行初始化命令
    $ systemctl start mariadb
+    $ mysql_secure_installation  # 推荐设置 root 密码, 其他选项可以全部 y
+    $ systemctl stop mariadb
+.. code-block:: shell
+    # 在 192.168.100.10 上执行以下命令
+    $ vi /etc/my.cnf.d/server.cnf
+    ...
+    [galera]
+    wsrep_on=ON
+    wsrep_provider=/usr/lib64/galera/libgalera_smm.so
+    wsrep_cluster_name=galera_cluster
+    wsrep_cluster_address="gcomm://192.168.100.10,192.168.100.11,192.168.100.12"
+    wsrep_node_name=Mariadb-01   # 注意这里改成本机 hostname
+    wsrep_node_address=192.168.100.10   # 注意这里改成本机 ip
+    binlog_format=row
+    default_storage_engine=InnoDB
+    innodb_autoinc_lock_mode=2
+    ...
+    # 在 192.168.100.11 上执行以下命令
+    $ vi /etc/my.cnf.d/server.cnf
+    ...
+    [galera]
+    wsrep_on=ON
+    wsrep_provider=/usr/lib64/galera/libgalera_smm.so
+    wsrep_cluster_name=galera_cluster
+    wsrep_cluster_address="gcomm://192.168.100.10,192.168.100.11,192.168.100.12"
+    wsrep_node_name=Mariadb-02   # 注意这里改成本机 hostname
+    wsrep_node_address=192.168.100.11   # 注意这里改成本机 ip
+    binlog_format=row
+    default_storage_engine=InnoDB
+    innodb_autoinc_lock_mode=2
+    # 在 192.168.100.12 上执行以下命令
+    $ vi /etc/my.cnf.d/server.cnf
+    ...
+    [galera]
+    wsrep_on=ON
+    wsrep_provider=/usr/lib64/galera/libgalera_smm.so
+    wsrep_cluster_name=galera_cluster
+    wsrep_cluster_address="gcomm://192.168.100.10,192.168.100.11,192.168.100.12"
+    wsrep_node_name=Mariadb-03   # 注意这里改成本机 hostname
+    wsrep_node_address=192.168.100.12   # 注意这里改成本机 ip
+    binlog_format=row
+    default_storage_engine=InnoDB
+    innodb_autoinc_lock_mode=2
+.. code-block:: shell
+    # 在 192.168.100.10 上执行以下命令
+    $ sudo -u mysql /usr/sbin/mysqld --wsrep-new-cluster &> /tmp/wsrep_new_cluster.log &
+    $ disown $!
+    $ tail -f /tmp/wsrep_new_cluster.log  # 如果出现 ready for connections, 表示启动成功
+.. code-block:: shell
+    # 在 192.168.100.11 和 192.168.100.12 启动 mariadb 服务
+    $ systemctl start mariadb
+.. code-block:: shell
+    # 回到第一台服务器
+    $ ps -ef | grep mysqld | grep -v grep | awk '{print $2}' | xargs kill -9
+    $ systemctl start mariadb
+.. code-block:: shell
-    # 推荐使用该命令进行一些安全设置(可跳过)
+    # 在任意数据库服务器执行以下命令验证 MariaDB Galera Cluster
-    $ mysql_secure_installation
+    $ mysql -uroot -p -e "show status like 'wsrep_cluster_size'"  # 这里应该显示集群里有3个节点
+    $ mysql -uroot -p -e "show status like 'wsrep_connected'"  # 这里应该显示ON
+    $ mysql -uroot -p -e "show status like 'wsrep_incoming_addresses'"  # 这里应该显示3个ip
+    $ mysql -uroot -p -e "show status like 'wsrep_local_state_comment'"  # 这里显示节点的同步状态
 .. code-block:: shell
-    # 创建数据库及授权, 192.168.100.30 是 jumpserver 服务器的 ip
+    # 创建 Jumpserver 数据库及授权
    $ mysql -uroot
    > create database jumpserver default charset 'utf8';
-    > grant all on jumpserver.* to 'jumpserver'@'192.168.100.30' identified by 'weakPassword';
+    > grant all on jumpserver.* to 'jumpserver'@'192.168.100.%' identified by 'weakPassword';
    > flush privileges;
    > quit
-    # 数据库的主从设置请参考其官方, 之后会补上
+之后去 nginx 设置 tcp 代理即可
--- a/docs/distributed_05.rst
+++ b/docs/distributed_05.rst
@@ -112,7 +112,7 @@
    # MySQL or postgres setting like:
    # 使用Mysql作为数据库
    DB_ENGINE: mysql
-    DB_HOST: 127.0.0.1
+    DB_HOST: 192.168.100.100
    DB_PORT: 3306
    DB_USER: jumpserver
    DB_PASSWORD: 你的数据库密码

--- a/docs/setup_by_aliyuncloud.rst
+++ b/docs/setup_by_aliyuncloud.rst
@@ -50,75 +50,12 @@
      && systemctl restart docker \
      && docker pull jumpserver/jms_coco:1.4.10 \
      && docker pull jumpserver/jms_guacamole:1.4.10 \
-      && rm -rf /etc/nginx/conf.d/default.conf
+      && rm -rf /etc/nginx/conf.d/default.conf \
+      && curl -o /etc/nginx/conf.d/jumpserver.conf https://demo.jumpserver.org/download/nginx/conf.d/jumpserver.conf
 .. code-block:: shell
-    $ echo -e "\033[31m 4. 配置nginx \033[0m" \
+    $ echo -e "\033[31m 4. 处理配置文件 \033[0m" \
-      && cat << EOF > /etc/nginx/conf.d/jumpserver.conf
-    server {
-        listen 80;
-        client_max_body_size 100m;  # 录像及文件上传大小限制
-        location /luna/ {
-            try_files \$uri / /index.html;
-            alias /opt/luna/;
-        }
-        location /media/ {
-            add_header Content-Encoding gzip;
-            root /opt/jumpserver/data/;
-        }
-        location /static/ {
-            root /opt/jumpserver/data/;
-        }
-        location /socket.io/ {
-            proxy_pass       http://localhost:5000/socket.io/;
-            proxy_buffering off;
-            proxy_http_version 1.1;
-            proxy_set_header Upgrade \$http_upgrade;
-            proxy_set_header Connection "upgrade";
-            proxy_set_header X-Real-IP \$remote_addr;
-            proxy_set_header Host \$host;
-            proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
-            access_log off;
-        }
-        location /coco/ {
-            proxy_pass       http://localhost:5000/coco/;
-            proxy_set_header X-Real-IP \$remote_addr;
-            proxy_set_header Host \$host;
-            proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
-            access_log off;
-        }
-        location /guacamole/ {
-            proxy_pass       http://localhost:8081/;
-            proxy_buffering off;
-            proxy_http_version 1.1;
-            proxy_set_header Upgrade \$http_upgrade;
-            proxy_set_header Connection \$http_connection;
-            proxy_set_header X-Real-IP \$remote_addr;
-            proxy_set_header Host \$host;
-            proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
-            access_log off;
-        }
-        location / {
-            proxy_pass http://localhost:8080;
-            proxy_set_header X-Real-IP \$remote_addr;
-            proxy_set_header Host \$host;
-            proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
-        }
-    }
-    EOF
-.. code-block:: shell
-    $ echo -e "\033[31m 5. 处理配置文件 \033[0m" \
      && if [ "$DB_PASSWORD" = "" ]; then DB_PASSWORD=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 24`; fi \
      && if [ "$SECRET_KEY" = "" ]; then SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`; echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc; fi \
      && if [ "$BOOTSTRAP_TOKEN" = "" ]; then BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`; echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc; fi \
@@ -128,7 +65,7 @@
 .. code-block:: shell
-    $ echo -e "\033[31m 6. 启动 Jumpserver \033[0m" \
+    $ echo -e "\033[31m 5. 启动 Jumpserver \033[0m" \
      && systemctl start nginx \
      && cd /opt/jumpserver \
      && ./jms start all -d \

--- a/docs/setup_by_centos7.rst
+++ b/docs/setup_by_centos7.rst
@@ -370,7 +370,6 @@ CentOS 7 安装文档
            listen 2220;  # 不能使用已经使用的端口, 自行修改, 用户ssh登录时的端口
            proxy_pass cocossh;
            proxy_connect_timeout 10s;
-            proxy_timeout 24h;   #代理超时
        }
    }
    # 到此结束