作者:尹正杰
版权声明:原创作品,谢绝转载!否则将追究法律责任。
一.安装MariaDB并授权
1>.安装MariaDB数据库
[root@node107.yizhengjie.org.cn ~]# yum -y install mariadb-server
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.huaweicloud.com
Resolving Dependencies
--> Running transaction check
---> Package mariadb-server.x86_64 1:5.5.64-1.el7 will be installed
--> Processing Dependency: mariadb-libs(x86-64) = 1:5.5.64-1.el7 for package: 1:mariadb-server-5.5.64-1.el7.x86_64
--> Processing Dependency: mariadb(x86-64) = 1:5.5.64-1.el7 for package: 1:mariadb-server-5.5.64-1.el7.x86_64
--> Processing Dependency: perl-DBI for package: 1:mariadb-server-5.5.64-1.el7.x86_64
--> Processing Dependency: perl-DBD-MySQL for package: 1:mariadb-server-5.5.64-1.el7.x86_64
--> Processing Dependency: perl(DBI) for package: 1:mariadb-server-5.5.64-1.el7.x86_64
--> Running transaction check
---> Package mariadb.x86_64 1:5.5.64-1.el7 will be installed
---> Package mariadb-libs.x86_64 1:5.5.60-1.el7_5 will be updated
---> Package mariadb-libs.x86_64 1:5.5.64-1.el7 will be an update
---> Package perl-DBD-MySQL.x86_64 0:4.023-6.el7 will be installed
---> Package perl-DBI.x86_64 0:1.627-4.el7 will be installed
--> Processing Dependency: perl(RPC::PlServer) >= 0.2001 for package: perl-DBI-1.627-4.el7.x86_64
--> Processing Dependency: perl(RPC::PlClient) >= 0.2000 for package: perl-DBI-1.627-4.el7.x86_64
--> Running transaction check
---> Package perl-PlRPC.noarch 0:0.2020-14.el7 will be installed
--> Processing Dependency: perl(Net::Daemon) >= 0.13 for package: perl-PlRPC-0.2020-14.el7.noarch
--> Processing Dependency: perl(Net::Daemon::Test) for package: perl-PlRPC-0.2020-14.el7.noarch
--> Processing Dependency: perl(Net::Daemon::Log) for package: perl-PlRPC-0.2020-14.el7.noarch
--> Running transaction check
---> Package perl-Net-Daemon.noarch 0:0.48-5.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
========================================================================================================================
Package Arch Version Repository Size
========================================================================================================================
Installing:
mariadb-server x86_64 1:5.5.64-1.el7 base 11 M
Installing for dependencies:
mariadb x86_64 1:5.5.64-1.el7 base 8.7 M
perl-DBD-MySQL x86_64 4.023-6.el7 base 140 k
perl-DBI x86_64 1.627-4.el7 base 802 k
perl-Net-Daemon noarch 0.48-5.el7 base 51 k
perl-PlRPC noarch 0.2020-14.el7 base 36 k
Updating for dependencies:
mariadb-libs x86_64 1:5.5.64-1.el7 base 759 k
Transaction Summary
========================================================================================================================
Install 1 Package (+5 Dependent packages)
Upgrade ( 1 Dependent package)
Total download size: 22 M
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
(1/7): mariadb-libs-5.5.64-1.el7.x86_64.rpm | 759 kB 00:00:00
(2/7): mariadb-5.5.64-1.el7.x86_64.rpm | 8.7 MB 00:00:04
(3/7): perl-DBD-MySQL-4.023-6.el7.x86_64.rpm | 140 kB 00:00:00
(4/7): perl-DBI-1.627-4.el7.x86_64.rpm | 802 kB 00:00:00
(5/7): perl-Net-Daemon-0.48-5.el7.noarch.rpm | 51 kB 00:00:00
(6/7): perl-PlRPC-0.2020-14.el7.noarch.rpm | 36 kB 00:00:00
(7/7): mariadb-server-5.5.64-1.el7.x86_64.rpm | 11 MB 00:00:04
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 4.5 MB/s | 22 MB 00:00:04
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Updating : 1:mariadb-libs-5.5.64-1.el7.x86_64 1/8
Installing : 1:mariadb-5.5.64-1.el7.x86_64 2/8
Installing : perl-Net-Daemon-0.48-5.el7.noarch 3/8
Installing : perl-PlRPC-0.2020-14.el7.noarch 4/8
Installing : perl-DBI-1.627-4.el7.x86_64 5/8
Installing : perl-DBD-MySQL-4.023-6.el7.x86_64 6/8
Installing : 1:mariadb-server-5.5.64-1.el7.x86_64 7/8
Cleanup : 1:mariadb-libs-5.5.60-1.el7_5.x86_64 8/8
Verifying : 1:mariadb-libs-5.5.64-1.el7.x86_64 1/8
Verifying : perl-Net-Daemon-0.48-5.el7.noarch 2/8
Verifying : 1:mariadb-5.5.64-1.el7.x86_64 3/8
Verifying : perl-DBD-MySQL-4.023-6.el7.x86_64 4/8
Verifying : 1:mariadb-server-5.5.64-1.el7.x86_64 5/8
Verifying : perl-DBI-1.627-4.el7.x86_64 6/8
Verifying : perl-PlRPC-0.2020-14.el7.noarch 7/8
Verifying : 1:mariadb-libs-5.5.60-1.el7_5.x86_64 8/8
Installed:
mariadb-server.x86_64 1:5.5.64-1.el7
Dependency Installed:
mariadb.x86_64 1:5.5.64-1.el7 perl-DBD-MySQL.x86_64 0:4.023-6.el7 perl-DBI.x86_64 0:1.627-4.el7 perl-Net-Daemon.noarch 0:0.48-5.el7 perl-PlRPC.noarch 0:0.2020-14.el7
Dependency Updated:
mariadb-libs.x86_64 1:5.5.64-1.el7
Complete!
[root@node107.yizhengjie.org.cn ~]#
[root@node107.yizhengjie.org.cn ~]# yum -y install mariadb-server
2>.启动数据库
[root@node107.yizhengjie.org.cn ~]# ss -ntl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:80 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 128 :::22 :::*
[root@node107.yizhengjie.org.cn ~]#
[root@node107.yizhengjie.org.cn ~]# systemctl start mariadb
[root@node107.yizhengjie.org.cn ~]#
[root@node107.yizhengjie.org.cn ~]#
[root@node107.yizhengjie.org.cn ~]# ss -ntl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 50 *:3306 *:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 128 :::22 :::*
[root@node107.yizhengjie.org.cn ~]#
3>.对数据库进行安全初始化操作
[root@node107.yizhengjie.org.cn ~]# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] y
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
[root@node107.yizhengjie.org.cn ~]#
4>.授权Nginx服务器可以连接MySQL数据库
[root@node107.yizhengjie.org.cn ~]# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 11
Server version: 5.5.64-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> GRANT ALL PRIVILEGES ON *.* TO 'jason'@'172.30.1.102' IDENTIFIED BY 'yinzhengjie' WITH GRANT OPTION;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]>
MariaDB [(none)]> SELECT user,host,password FROM mysql.user;
+-------+--------------+-------------------------------------------+
| user | host | password |
+-------+--------------+-------------------------------------------+
| root | localhost | *BD0B1F48FDC55BD27555FC2F22FF29A68A25A1D7 |
| root | 127.0.0.1 | *BD0B1F48FDC55BD27555FC2F22FF29A68A25A1D7 |
| root | ::1 | *BD0B1F48FDC55BD27555FC2F22FF29A68A25A1D7 |
| jason | 172.30.1.102 | *BD0B1F48FDC55BD27555FC2F22FF29A68A25A1D7 |
+-------+--------------+-------------------------------------------+
4 rows in set (0.00 sec)
MariaDB [(none)]>
MariaDB [(none)]> SHOW GRANTS FOR jason@'172.30.1.102';
+--------------------------------------------------------------------------------------------------------------------------------------------+
| Grants for jason@172.30.1.102 |
+--------------------------------------------------------------------------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'jason'@'172.30.1.102' IDENTIFIED BY PASSWORD '*BD0B1F48FDC55BD27555FC2F22FF29A68A25A1D7' WITH GRANT OPTION |
+--------------------------------------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)
MariaDB [(none)]>
MariaDB [(none)]> QUIT
Bye
[root@node107.yizhengjie.org.cn ~]#
[root@node107.yizhengjie.org.cn ~]#
5>.haproxy节点测试连接数据库**
[root@node102.yinzhengjie.org.cn ~]# yum -y install mysql
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
epel/x86_64/metalink | 8.3 kB 00:00:00
* base: mirrors.aliyun.com
* epel: mirrors.tuna.tsinghua.edu.cn
* extras: mirror.bit.edu.cn
* updates: mirrors.aliyun.com
base | 3.6 kB 00:00:00
epel | 5.3 kB 00:00:00
extras | 2.9 kB 00:00:00
updates | 2.9 kB 00:00:00
(1/2): epel/x86_64/updateinfo | 1.0 MB 00:00:07
(2/2): epel/x86_64/primary_db | 6.9 MB 00:00:16
Resolving Dependencies
--> Running transaction check
---> Package mariadb.x86_64 1:5.5.64-1.el7 will be installed
--> Processing Dependency: mariadb-libs(x86-64) = 1:5.5.64-1.el7 for package: 1:mariadb-5.5.64-1.el7.x86_64
--> Running transaction check
---> Package mariadb-libs.x86_64 1:5.5.60-1.el7_5 will be updated
---> Package mariadb-libs.x86_64 1:5.5.64-1.el7 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
=================================================================================================================================================
Package Arch Version Repository Size
=================================================================================================================================================
Installing:
mariadb x86_64 1:5.5.64-1.el7 base 8.7 M
Updating for dependencies:
mariadb-libs x86_64 1:5.5.64-1.el7 base 759 k
Transaction Summary
=================================================================================================================================================
Install 1 Package
Upgrade ( 1 Dependent package)
Total download size: 9.5 M
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
(1/2): mariadb-libs-5.5.64-1.el7.x86_64.rpm | 759 kB 00:00:06
(2/2): mariadb-5.5.64-1.el7.x86_64.rpm | 8.7 MB 00:00:16
-------------------------------------------------------------------------------------------------------------------------------------------------
Total 594 kB/s | 9.5 MB 00:00:16
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Updating : 1:mariadb-libs-5.5.64-1.el7.x86_64 1/3
Installing : 1:mariadb-5.5.64-1.el7.x86_64 2/3
Cleanup : 1:mariadb-libs-5.5.60-1.el7_5.x86_64 3/3
Verifying : 1:mariadb-libs-5.5.64-1.el7.x86_64 1/3
Verifying : 1:mariadb-5.5.64-1.el7.x86_64 2/3
Verifying : 1:mariadb-libs-5.5.60-1.el7_5.x86_64 3/3
Installed:
mariadb.x86_64 1:5.5.64-1.el7
Dependency Updated:
mariadb-libs.x86_64 1:5.5.64-1.el7
Complete!
[root@node102.yinzhengjie.org.cn ~]#
[root@node102.yinzhengjie.org.cn ~]# yum -y install mysql #安装MariaDB的命令行连接工具mysql
[root@node102.yinzhengjie.org.cn ~]# mysql -h node107.yinzhengjie.org.cn -u jason -pyinzhengjie #测试连接,可以成功登录~
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 12
Server version: 5.5.64-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> SHOW DATABASES;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
+--------------------+
3 rows in set (0.00 sec)
MariaDB [(none)]> QUIT
Bye
[root@node102.yinzhengjie.org.cn ~]#
[root@node102.yinzhengjie.org.cn ~]#
二.安装Redis并授权
1>.安装epel源
[root@node106.yinzhengjie.org.cn ~]# yum -y install epel-release
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror.bit.edu.cn
* extras: mirror.bit.edu.cn
* updates: mirror.bit.edu.cn
base | 3.6 kB 00:00:00
extras | 2.9 kB 00:00:00
updates | 2.9 kB 00:00:00
Resolving Dependencies
--> Running transaction check
---> Package epel-release.noarch 0:7-11 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
=======================================================================================================================================
Package Arch Version Repository Size
=======================================================================================================================================
Installing:
epel-release noarch 7-11 extras 15 k
Transaction Summary
=======================================================================================================================================
Install 1 Package
Total download size: 15 k
Installed size: 24 k
Downloading packages:
epel-release-7-11.noarch.rpm | 15 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : epel-release-7-11.noarch 1/1
Verifying : epel-release-7-11.noarch 1/1
Installed:
epel-release.noarch 0:7-11
Complete!
[root@node106.yinzhengjie.org.cn ~]#
[root@node106.yinzhengjie.org.cn ~]# yum -y install epel-release
2>.利用epel源安装Redis服务
[root@node106.yinzhengjie.org.cn ~]# yum info redis
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
epel/x86_64/metalink | 8.3 kB 00:00:00
* base: mirror.bit.edu.cn
* epel: mirrors.tuna.tsinghua.edu.cn
* extras: mirror.bit.edu.cn
* updates: mirror.bit.edu.cn
epel | 5.3 kB 00:00:00
(1/3): epel/x86_64/group_gz | 90 kB 00:00:00
(2/3): epel/x86_64/updateinfo | 1.0 MB 00:00:02
(3/3): epel/x86_64/primary_db | 6.9 MB 00:00:06
Available Packages
Name : redis
Arch : x86_64
Version : 3.2.12
Release : 2.el7
Size : 544 k
Repo : epel/x86_64
Summary : A persistent key-value database
URL : http://redis.io
License : BSD
Description : Redis is an advanced key-value store. It is often referred to as a data
: structure server since keys can contain strings, hashes, lists, sets and
: sorted sets.
:
: You can run atomic operations on these types, like appending to a string;
: incrementing the value in a hash; pushing to a list; computing set
: intersection, union and difference; or getting the member with highest
: ranking in a sorted set.
:
: In order to achieve its outstanding performance, Redis works with an
: in-memory dataset. Depending on your use case, you can persist it either
: by dumping the dataset to disk every once in a while, or by appending
: each command to a log.
:
: Redis also supports trivial-to-setup master-slave replication, with very
: fast non-blocking first synchronization, auto-reconnection on net split
: and so forth.
:
: Other features include Transactions, Pub/Sub, Lua scripting, Keys with a
: limited time-to-live, and configuration settings to make Redis behave like
: a cache.
:
: You can use Redis from most programming languages also.
[root@node106.yinzhengjie.org.cn ~]#
[root@node106.yinzhengjie.org.cn ~]# yum info redis
[root@node106.yinzhengjie.org.cn ~]# yum -y install redis
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror.bit.edu.cn
* epel: mirrors.tuna.tsinghua.edu.cn
* extras: mirror.bit.edu.cn
* updates: mirror.bit.edu.cn
Resolving Dependencies
--> Running transaction check
---> Package redis.x86_64 0:3.2.12-2.el7 will be installed
--> Processing Dependency: libjemalloc.so.1()(64bit) for package: redis-3.2.12-2.el7.x86_64
--> Running transaction check
---> Package jemalloc.x86_64 0:3.6.0-1.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
=======================================================================================================================================
Package Arch Version Repository Size
=======================================================================================================================================
Installing:
redis x86_64 3.2.12-2.el7 epel 544 k
Installing for dependencies:
jemalloc x86_64 3.6.0-1.el7 epel 105 k
Transaction Summary
=======================================================================================================================================
Install 1 Package (+1 Dependent package)
Total download size: 648 k
Installed size: 1.7 M
Downloading packages:
warning: /var/cache/yum/x86_64/7/epel/packages/redis-3.2.12-2.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 352c64e5: NOKEYTA
Public key for redis-3.2.12-2.el7.x86_64.rpm is not installed
(1/2): redis-3.2.12-2.el7.x86_64.rpm | 544 kB 00:00:00
(2/2): jemalloc-3.6.0-1.el7.x86_64.rpm | 105 kB 00:00:06
---------------------------------------------------------------------------------------------------------------------------------------
Total 102 kB/s | 648 kB 00:00:06
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
Importing GPG key 0x352C64E5:
Userid : "Fedora EPEL (7) <epel@fedoraproject.org>"
Fingerprint: 91e9 7d7c 4a5e 96f1 7f3e 888f 6a2f aea2 352c 64e5
Package : epel-release-7-11.noarch (@extras)
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : jemalloc-3.6.0-1.el7.x86_64 1/2
Installing : redis-3.2.12-2.el7.x86_64 2/2
Verifying : redis-3.2.12-2.el7.x86_64 1/2
Verifying : jemalloc-3.6.0-1.el7.x86_64 2/2
Installed:
redis.x86_64 0:3.2.12-2.el7
Dependency Installed:
jemalloc.x86_64 0:3.6.0-1.el7
Complete!
[root@node106.yinzhengjie.org.cn ~]#
[root@node106.yinzhengjie.org.cn ~]# yum -y install redis
[root@node106.yinzhengjie.org.cn ~]# rpm -ql redis
/etc/logrotate.d/redis
/etc/redis-sentinel.conf
/etc/redis.conf
/etc/systemd/system/redis-sentinel.service.d
/etc/systemd/system/redis-sentinel.service.d/limit.conf
/etc/systemd/system/redis.service.d
/etc/systemd/system/redis.service.d/limit.conf
/usr/bin/redis-benchmark
/usr/bin/redis-check-aof
/usr/bin/redis-check-rdb
/usr/bin/redis-cli
/usr/bin/redis-sentinel
/usr/bin/redis-server
/usr/lib/systemd/system/redis-sentinel.service
/usr/lib/systemd/system/redis.service
/usr/libexec/redis-shutdown
/usr/share/doc/redis-3.2.12
/usr/share/doc/redis-3.2.12/00-RELEASENOTES
/usr/share/doc/redis-3.2.12/BUGS
/usr/share/doc/redis-3.2.12/CONTRIBUTING
/usr/share/doc/redis-3.2.12/MANIFESTO
/usr/share/doc/redis-3.2.12/README.md
/usr/share/licenses/redis-3.2.12
/usr/share/licenses/redis-3.2.12/COPYING
/usr/share/man/man1/redis-benchmark.1.gz
/usr/share/man/man1/redis-check-aof.1.gz
/usr/share/man/man1/redis-check-rdb.1.gz
/usr/share/man/man1/redis-cli.1.gz
/usr/share/man/man1/redis-sentinel.1.gz
/usr/share/man/man1/redis-server.1.gz
/usr/share/man/man5/redis-sentinel.conf.5.gz
/usr/share/man/man5/redis.conf.5.gz
/var/lib/redis
/var/log/redis
/var/run/redis
[root@node106.yinzhengjie.org.cn ~]#
[root@node106.yinzhengjie.org.cn ~]# rpm -ql redis
3>.启动Redis
[root@node106.yinzhengjie.org.cn ~]# grep bind /etc/redis.conf | grep -v ^#
bind 127.0.0.1
[root@node106.yinzhengjie.org.cn ~]#
[root@node106.yinzhengjie.org.cn ~]# vim /etc/redis.conf
[root@node106.yinzhengjie.org.cn ~]#
[root@node106.yinzhengjie.org.cn ~]# grep bind /etc/redis.conf | grep -v ^#
bind 172.30.1.106
[root@node106.yinzhengjie.org.cn ~]#
[root@node106.yinzhengjie.org.cn ~]# ss -ntl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:80 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 128 :::22 :::*
[root@node106.yinzhengjie.org.cn ~]#
[root@node106.yinzhengjie.org.cn ~]# systemctl start redis
[root@node106.yinzhengjie.org.cn ~]#
[root@node106.yinzhengjie.org.cn ~]# ss -ntl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 172.30.1.106:6379 *:*
LISTEN 0 128 *:80 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 128 :::22 :::*
[root@node106.yinzhengjie.org.cn ~]#
[root@node106.yinzhengjie.org.cn ~]#
三.基于haproxy实现四层负载案例实战
1>.编辑haproxy的配置文件
[root@node102.yinzhengjie.org.cn ~]# cat /etc/haproxy/haproxy.cfg
global
maxconn 100000
chroot /yinzhengjie/softwares/haproxy
stats socket /yinzhengjie/softwares/haproxy/haproxy.sock mode 600 level admin
user haproxy
group haproxy
daemon
nbproc 2
cpu-map 1 0
cpu-map 2 1
nbthread 2
pidfile /yinzhengjie/softwares/haproxy/haproxy.pid
log 127.0.0.1 local5 info
defaults
option http-keep-alive
option forwardfor
option redispatch
option abortonclose
maxconn 100000
mode http
timeout connect 300000ms
timeout client 300000ms
timeout server 300000ms
errorloc 503 http://node107.yinzhengjie.org.cn/monitor/503.html
listen status_page
bind 172.30.1.102:8888
stats enable
stats uri /haproxy-status
stats auth admin:yinzhengjie
stats realm "Welcome to the haproxy load balancer status page of YinZhengjie"
stats hide-version
stats admin if TRUE
stats refresh 5s
listen redis-port
bind 172.30.1.102:6379
mode tcp
balance leastconn
server redis01 172.30.1.106:6379 check
server redis02 172.30.1.107:6379 check backup
listen mysql-port
bind 172.30.1.102:3306
mode tcp
balance leastconn
server mysql01 172.30.1.106:3306 check backup
server mysql02 172.30.1.107:3306 check
[root@node102.yinzhengjie.org.cn ~]#
[root@node102.yinzhengjie.org.cn ~]# systemctl restart haproxy
[root@node102.yinzhengjie.org.cn ~]#
2>.查看haproxy的端口和进程信息
[root@node102.yinzhengjie.org.cn ~]# ss -ntl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 172.30.1.102:3306 *:*
LISTEN 0 128 172.30.1.102:6379 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 128 172.30.1.102:8888 *:*
LISTEN 0 128 :::22 :::*
[root@node102.yinzhengjie.org.cn ~]#
[root@node102.yinzhengjie.org.cn ~]# ps -ef | grep haproxy | grep -v grep
root 21396 1 0 22:31 ? 00:00:00 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /yinzhengjie/softwares/haproxy/haproxy.pid
haproxy 21397 21396 0 22:31 ? 00:00:00 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /yinzhengjie/softwares/haproxy/haproxy.pid
haproxy 21398 21396 0 22:31 ? 00:00:00 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /yinzhengjie/softwares/haproxy/haproxy.pid
[root@node102.yinzhengjie.org.cn ~]#
[root@node102.yinzhengjie.org.cn ~]#
3>.查看haproxy的状态页
4>.客户端安装连接工具
[root@node105.yinzhengjie.org.cn ~]# yum -y install epel-release
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror.bit.edu.cn
* extras: mirrors.huaweicloud.com
* updates: mirror.bit.edu.cn
Resolving Dependencies
--> Running transaction check
---> Package epel-release.noarch 0:7-11 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
============================================================================================================================================================================
Package Arch Version Repository Size
============================================================================================================================================================================
Installing:
epel-release noarch 7-11 extras 15 k
Transaction Summary
============================================================================================================================================================================
Install 1 Package
Total download size: 15 k
Installed size: 24 k
Downloading packages:
epel-release-7-11.noarch.rpm | 15 kB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : epel-release-7-11.noarch 1/1
Verifying : epel-release-7-11.noarch 1/1
Installed:
epel-release.noarch 0:7-11
Complete!
[root@node105.yinzhengjie.org.cn ~]#
[root@node105.yinzhengjie.org.cn ~]# yum -y install epel-release
[root@node105.yinzhengjie.org.cn ~]# yum -y install mariadb-5.5.64-1.el7.x86_64 redis-3.2.12-2.el7.x86_64
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror.bit.edu.cn
* extras: mirrors.huaweicloud.com
* updates: mirror.bit.edu.cn
No package redis-3.2.12-2.el7.x86_64 available.
Resolving Dependencies
--> Running transaction check
---> Package mariadb.x86_64 1:5.5.64-1.el7 will be installed
--> Processing Dependency: mariadb-libs(x86-64) = 1:5.5.64-1.el7 for package: 1:mariadb-5.5.64-1.el7.x86_64
--> Running transaction check
---> Package mariadb-libs.x86_64 1:5.5.60-1.el7_5 will be updated
---> Package mariadb-libs.x86_64 1:5.5.64-1.el7 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
========================================================================================================================
Package Arch Version Repository Size
========================================================================================================================
Installing:
mariadb x86_64 1:5.5.64-1.el7 base 8.7 M
Updating for dependencies:
mariadb-libs x86_64 1:5.5.64-1.el7 base 759 k
Transaction Summary
========================================================================================================================
Install 1 Package
Upgrade ( 1 Dependent package)
Total download size: 9.5 M
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
(1/2): mariadb-libs-5.5.64-1.el7.x86_64.rpm | 759 kB 00:00:00
(2/2): mariadb-5.5.64-1.el7.x86_64.rpm | 8.7 MB 00:00:01
------------------------------------------------------------------------------------------------------------------------
Total 8.7 MB/s | 9.5 MB 00:00:01
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Updating : 1:mariadb-libs-5.5.64-1.el7.x86_64 1/3
Installing : 1:mariadb-5.5.64-1.el7.x86_64 2/3
Cleanup : 1:mariadb-libs-5.5.60-1.el7_5.x86_64 3/3
Verifying : 1:mariadb-libs-5.5.64-1.el7.x86_64 1/3
Verifying : 1:mariadb-5.5.64-1.el7.x86_64 2/3
Verifying : 1:mariadb-libs-5.5.60-1.el7_5.x86_64 3/3
Installed:
mariadb.x86_64 1:5.5.64-1.el7
Dependency Updated:
mariadb-libs.x86_64 1:5.5.64-1.el7
Complete!
[root@node105.yinzhengjie.org.cn ~]#
[root@node105.yinzhengjie.org.cn ~]# yum -y install mariadb-5.5.64-1.el7.x86_64 redis-3.2.12-2.el7.x86_64
5>.连接haproxy的3306端口
[root@node105.yinzhengjie.org.cn ~]# mysql -h node102.yinzhengjie.org.cn -u jason -pyinzhengjie
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 13
Server version: 5.5.64-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]>
MariaDB [(none)]> SHOW DATABASES;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
+--------------------+
3 rows in set (0.00 sec)
MariaDB [(none)]> QUIT
Bye
[root@node105.yinzhengjie.org.cn ~]#
[root@node105.yinzhengjie.org.cn ~]#
6>.连接haproxy的6379端口
[root@node105.yinzhengjie.org.cn ~]# redis-cli -h node102.yinzhengjie.org.cn
node102.yinzhengjie.org.cn:6379>
node102.yinzhengjie.org.cn:6379> set name jason
OK
node102.yinzhengjie.org.cn:6379> get name
"jason"
node102.yinzhengjie.org.cn:6379>
node102.yinzhengjie.org.cn:6379> quit
[root@node105.yinzhengjie.org.cn ~]#
[root@node105.yinzhengjie.org.cn ~]#
四.基于haproxy实现四层访问控制
1>.编辑haprox的配置文件
[root@node102.yinzhengjie.org.cn ~]# cat /etc/haproxy/haproxy.cfg
global
maxconn 100000
chroot /yinzhengjie/softwares/haproxy
stats socket /yinzhengjie/softwares/haproxy/haproxy.sock mode 600 level admin
user haproxy
group haproxy
daemon
nbproc 2
cpu-map 1 0
cpu-map 2 1
nbthread 2
pidfile /yinzhengjie/softwares/haproxy/haproxy.pid
log 127.0.0.1 local5 info
defaults
option http-keep-alive
option forwardfor
option redispatch
option abortonclose
maxconn 100000
mode http
timeout connect 300000ms
timeout client 300000ms
timeout server 300000ms
errorloc 503 http://node107.yinzhengjie.org.cn/monitor/503.html
listen status_page
bind 172.30.1.102:8888
stats enable
stats uri /haproxy-status
stats auth admin:yinzhengjie
stats realm "Welcome to the haproxy load balancer status page of YinZhengjie"
stats hide-version
stats admin if TRUE
stats refresh 5s
listen redis-port
bind 172.30.1.102:6379
mode tcp
#定义拒绝的IP地址列表
acl deny_list src 172.30.1.105 192.168.1.0/24
#调用上面定义的规则
tcp-request connection reject if deny_list
balance leastconn
server redis01 172.30.1.106:6379 check
server redis02 172.30.1.107:6379 check backup
listen mysql-port
bind 172.30.1.102:3306
mode tcp
acl invalid_src src 172.30.1.105
tcp-request connection reject if invalid_src
balance leastconn
server mysql01 172.30.1.106:3306 check backup
server mysql02 172.30.1.107:3306 check
[root@node102.yinzhengjie.org.cn ~]#
[root@node102.yinzhengjie.org.cn ~]# systemctl restart haproxy #别忘记重启服务使得配置文件生效哟~
[root@node102.yinzhengjie.org.cn ~]#
2>.查看haproxy的端口和进程信息**
[root@node102.yinzhengjie.org.cn ~]# ss -ntl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 172.30.1.102:3306 *:*
LISTEN 0 128 172.30.1.102:6379 *:*
LISTEN 0 128 *:22 *:*
LISTEN 0 128 172.30.1.102:8888 *:*
LISTEN 0 128 :::22 :::*
[root@node102.yinzhengjie.org.cn ~]#
[root@node102.yinzhengjie.org.cn ~]# ps -ef | grep haproxy | grep -v grep
root 21540 1 0 22:48 ? 00:00:00 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /yinzhengjie/softwares/haproxy/haproxy.pid
haproxy 21542 21540 0 22:48 ? 00:00:00 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /yinzhengjie/softwares/haproxy/haproxy.pid
haproxy 21543 21540 0 22:48 ? 00:00:00 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /yinzhengjie/softwares/haproxy/haproxy.pid
[root@node102.yinzhengjie.org.cn ~]#
[root@node102.yinzhengjie.org.cn ~]#
3>.查看haproxy的状态页
4>.使用"node105.yinzhengjie.org.cn"访问haproxy代理的mysql和redis服务,都被拒绝了,如下图所示。
5>.使用"node107.yinzhengjie.org.cn"访问haproxy代理的mysql和redis服务,是可以正常访问的,如下图所示。**
