Unverified Commit f32d9c26 authored by wojiushixiaobai's avatar wojiushixiaobai Committed by GitHub

Merge pull request #2656 from wojiushixiaobai/docs

[Add]修改mariadb分布式部署文档
parents 54b75539 a76159dd
......@@ -17,6 +17,8 @@
+==========+============+=================+===============+========================+
| TCP | Nginx | 192.168.100.100 | 80, 443, 2222 | All |
+----------+------------+-----------------+---------------+------------------------+
| TCP | Nginx | 192.168.100.100 | 3306 | Jumpserver |
+----------+------------+-----------------+---------------+------------------------+
开始安装
~~~~~~~~~~~~
......@@ -33,11 +35,14 @@
$ firewall-cmd --zone=public --add-port=80/tcp --permanent
$ firewall-cmd --zone=public --add-port=443/tcp --permanent
$ firewall-cmd --zone=public --add-port=2222/tcp --permanent
$ firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.100.0/24" port protocol="tcp" port="3306" accept"
# 192.168.100.0/24 为整个 Jumpserver 网络网段, 这里就偷懒了, 自己根据实际情况修改即可
$ firewall-cmd --reload
# 设置 http 访问权限
$ setsebool -P httpd_can_network_connect 1
$ semanage port -a -t http_port_t -p tcp 2222
# 设置 selinux
$ setenforce 0
$ sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
.. code-block:: shell
......@@ -92,17 +97,30 @@
access_log /var/log/nginx/tcp-access.log proxy;
open_log_file_cache off;
upstream MariaDB {
server 192.168.100.10:3306;
server 192.168.100.11:3306 backup; # 多节点
server 192.168.100.12:3306 down; # 多节点
# 这里是 Mariadb 的后端ip
}
upstream cocossh {
server 192.168.100.40:2222 weight=1;
server 192.168.100.40:2223 weight=1; # 多节点
server 192.168.100.40:2222;
server 192.168.100.40:2223; # 多节点
# 这里是 coco ssh 的后端ip
hash $remote_addr;
least_conn;
}
server {
listen 3306;
proxy_pass MariaDB;
proxy_connect_timeout 1s; # detect failure quickly
}
server {
listen 2222;
proxy_pass cocossh;
proxy_connect_timeout 10s;
proxy_timeout 24h; #代理超时
proxy_connect_timeout 1s; # detect failure quickly
}
}
......
......@@ -12,42 +12,137 @@
- 系统: CentOS 7
- IP: 192.168.100.10
- 服务: MariaDB Galera Cluster
+----------+------------+-----------------+---------------+------------------------+
| Protocol | ServerName | IP | Port | Used By |
+==========+============+=================+===============+========================+
| TCP | Mysql | 192.168.100.10 | 3306 | Jumpserver |
| TCP | Mariadb-01 | 192.168.100.10 | 3306 | Jumpserver |
+----------+------------+-----------------+---------------+------------------------+
| TCP | Mariadb-02 | 192.168.100.11 | 3306 | Jumpserver |
+----------+------------+-----------------+---------------+------------------------+
| TCP | Mariadb-03 | 192.168.100.12 | 3306 | Jumpserver |
+----------+------------+-----------------+---------------+------------------------+
开始安装
~~~~~~~~~~~~
.. code-block:: shell
# 升级系统
# 以下命令需要在三台数据库服务器分别执行
$ yum upgrade -y
# 安装 mariadb 服务
$ yum install -y install mariadb mariadb-devel mariadb-server
# 添加 MariaDB 源
$ vi /etc/yum.repos.d/MariaDB.repo
[mariadb]
name = MariaDB
baseurl = http://mirrors.ustc.edu.cn/mariadb/yum/10.1/centos7-amd64
gpgkey=http://mirrors.ustc.edu.cn/mariadb/yum/RPM-GPG-KEY-MariaDB
gpgcheck=1
# 安装 MariaDB Galera Cluster
$ yum install -y mariadb mariadb-server mariadb-common galera rsync
# 设置 Firewalld 和 Selinux
$ firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.100.0/24" port protocol="tcp" port="3306" accept"
$ firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.100.0/24" port protocol="tcp" port="4567" accept"
$ firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.100.0/24" port protocol="tcp" port="4568" accept"
$ firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.100.0/24" port protocol="tcp" port="4444" accept"
$ firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.100.0/24" port protocol="udp" port="4567" accept"
# 192.168.100.0/24 为整个 Jumpserver 网络网段, 这里就偷懒了, 自己根据实际情况修改即可
# 设置防火墙, 开放 3306 端口 给 jumpserver 访问
$ firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.100.30" port protocol="tcp" port="3306" accept"
$ firewall-cmd --reload
# 设置 mariadb 服务
$ systemctl enable mariadb
$ setenforce 0
$ sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
.. code-block:: shell
# 在 192.168.100.10 上执行初始化命令
$ systemctl start mariadb
$ mysql_secure_installation # 推荐设置 root 密码, 其他选项可以全部 y
$ systemctl stop mariadb
.. code-block:: shell
# 在 192.168.100.10 上执行以下命令
$ vi /etc/my.cnf.d/server.cnf
...
[galera]
wsrep_on=ON
wsrep_provider=/usr/lib64/galera/libgalera_smm.so
wsrep_cluster_name=galera_cluster
wsrep_cluster_address="gcomm://192.168.100.10,192.168.100.11,192.168.100.12"
wsrep_node_name=Mariadb-01 # 注意这里改成本机 hostname
wsrep_node_address=192.168.100.10 # 注意这里改成本机 ip
binlog_format=row
default_storage_engine=InnoDB
innodb_autoinc_lock_mode=2
...
# 在 192.168.100.11 上执行以下命令
$ vi /etc/my.cnf.d/server.cnf
...
[galera]
wsrep_on=ON
wsrep_provider=/usr/lib64/galera/libgalera_smm.so
wsrep_cluster_name=galera_cluster
wsrep_cluster_address="gcomm://192.168.100.10,192.168.100.11,192.168.100.12"
wsrep_node_name=Mariadb-02 # 注意这里改成本机 hostname
wsrep_node_address=192.168.100.11 # 注意这里改成本机 ip
binlog_format=row
default_storage_engine=InnoDB
innodb_autoinc_lock_mode=2
# 在 192.168.100.12 上执行以下命令
$ vi /etc/my.cnf.d/server.cnf
...
[galera]
wsrep_on=ON
wsrep_provider=/usr/lib64/galera/libgalera_smm.so
wsrep_cluster_name=galera_cluster
wsrep_cluster_address="gcomm://192.168.100.10,192.168.100.11,192.168.100.12"
wsrep_node_name=Mariadb-03 # 注意这里改成本机 hostname
wsrep_node_address=192.168.100.12 # 注意这里改成本机 ip
binlog_format=row
default_storage_engine=InnoDB
innodb_autoinc_lock_mode=2
.. code-block:: shell
# 在 192.168.100.10 上执行以下命令
$ sudo -u mysql /usr/sbin/mysqld --wsrep-new-cluster &> /tmp/wsrep_new_cluster.log &
$ disown $!
$ tail -f /tmp/wsrep_new_cluster.log # 如果出现 ready for connections, 表示启动成功
.. code-block:: shell
# 在 192.168.100.11 和 192.168.100.12 启动 mariadb 服务
$ systemctl start mariadb
.. code-block:: shell
# 回到第一台服务器
$ ps -ef | grep mysqld | grep -v grep | awk '{print $2}' | xargs kill -9
$ systemctl start mariadb
.. code-block:: shell
# 推荐使用该命令进行一些安全设置(可跳过)
$ mysql_secure_installation
# 在任意数据库服务器执行以下命令验证 MariaDB Galera Cluster
$ mysql -uroot -p -e "show status like 'wsrep_cluster_size'" # 这里应该显示集群里有3个节点
$ mysql -uroot -p -e "show status like 'wsrep_connected'" # 这里应该显示ON
$ mysql -uroot -p -e "show status like 'wsrep_incoming_addresses'" # 这里应该显示3个ip
$ mysql -uroot -p -e "show status like 'wsrep_local_state_comment'" # 这里显示节点的同步状态
.. code-block:: shell
# 创建数据库及授权, 192.168.100.30 是 jumpserver 服务器的 ip
# 创建 Jumpserver 数据库及授权
$ mysql -uroot
> create database jumpserver default charset 'utf8';
> grant all on jumpserver.* to 'jumpserver'@'192.168.100.30' identified by 'weakPassword';
> grant all on jumpserver.* to 'jumpserver'@'192.168.100.%' identified by 'weakPassword';
> flush privileges;
> quit
# 数据库的主从设置请参考其官方, 之后会补上
之后去 nginx 设置 tcp 代理即可
......@@ -112,7 +112,7 @@
# MySQL or postgres setting like:
# 使用Mysql作为数据库
DB_ENGINE: mysql
DB_HOST: 127.0.0.1
DB_HOST: 192.168.100.100
DB_PORT: 3306
DB_USER: jumpserver
DB_PASSWORD: 你的数据库密码
......
......@@ -50,75 +50,12 @@
&& systemctl restart docker \
&& docker pull jumpserver/jms_coco:1.4.10 \
&& docker pull jumpserver/jms_guacamole:1.4.10 \
&& rm -rf /etc/nginx/conf.d/default.conf
&& rm -rf /etc/nginx/conf.d/default.conf \
&& curl -o /etc/nginx/conf.d/jumpserver.conf https://demo.jumpserver.org/download/nginx/conf.d/jumpserver.conf
.. code-block:: shell
$ echo -e "\033[31m 4. 配置nginx \033[0m" \
&& cat << EOF > /etc/nginx/conf.d/jumpserver.conf
server {
listen 80;
client_max_body_size 100m; # 录像及文件上传大小限制
location /luna/ {
try_files \$uri / /index.html;
alias /opt/luna/;
}
location /media/ {
add_header Content-Encoding gzip;
root /opt/jumpserver/data/;
}
location /static/ {
root /opt/jumpserver/data/;
}
location /socket.io/ {
proxy_pass http://localhost:5000/socket.io/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade \$http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header Host \$host;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
access_log off;
}
location /coco/ {
proxy_pass http://localhost:5000/coco/;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header Host \$host;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
access_log off;
}
location /guacamole/ {
proxy_pass http://localhost:8081/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade \$http_upgrade;
proxy_set_header Connection \$http_connection;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header Host \$host;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
access_log off;
}
location / {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header Host \$host;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
}
}
EOF
.. code-block:: shell
$ echo -e "\033[31m 5. 处理配置文件 \033[0m" \
$ echo -e "\033[31m 4. 处理配置文件 \033[0m" \
&& if [ "$DB_PASSWORD" = "" ]; then DB_PASSWORD=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 24`; fi \
&& if [ "$SECRET_KEY" = "" ]; then SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`; echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc; fi \
&& if [ "$BOOTSTRAP_TOKEN" = "" ]; then BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`; echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc; fi \
......@@ -128,7 +65,7 @@
.. code-block:: shell
$ echo -e "\033[31m 6. 启动 Jumpserver \033[0m" \
$ echo -e "\033[31m 5. 启动 Jumpserver \033[0m" \
&& systemctl start nginx \
&& cd /opt/jumpserver \
&& ./jms start all -d \
......
......@@ -370,7 +370,6 @@ CentOS 7 安装文档
listen 2220; # 不能使用已经使用的端口, 自行修改, 用户ssh登录时的端口
proxy_pass cocossh;
proxy_connect_timeout 10s;
proxy_timeout 24h; #代理超时
}
}
# 到此结束
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment