当前位置:网站首页>Brief introduction of Integrated Architecture

Brief introduction of Integrated Architecture

2020-11-08 20:18:32 Good as water ~ Xiaohui

The first 1 Chapter   Small and medium-sized website structure composition   

Introduction to structural terms

1. What is a project , It's like a cell phone app, every last app Can be counted as a project .

2. What is architecture , A set of server maintenance projects .

3. What is cluster , A single system of computers combined to solve a particular problem .

4. What is high availability , When a server is not available , Another server takes over automatically , Make sure the business doesn't down machine .

5. What is load balancing , Will the user's request , Spread over multiple units of operation , Ensure the stability of the server .

Architecture access process - User perspective

1. The user enters oldboyedu.com-> enter

2. The browser will have a jump , analysis URL-> Then proceed DNS analysis -> Access to the real Internet IP Address

3. User pass tcp Three handshakes to initiate the connection -> Real Internet IP

4. The connection will go through the public network -> Router -> Switch -> Hardware firewall to the front end

5. Firewall according to its own access rules , Match -> If a malicious connection is made, it is rejected -> If it's a normal connection, let it go

6. The firewall forwards the connection to the load balancer -> See what the user requested -> According to the content of the task -> Issue to web The server

7.web After receiving the request, the service will judge according to the request If it's a request for pictures or attachments -> Find the static resources stored by the storage server If the content on the requested website -> Cache server -> If the cache server doesn't have -> database The database will return the data to web The server -> It also returns a copy to the cache server

8. Database returns content ->web The server -> Load balancing -> user

Architecture access process - O & M perspective

1. Users connect through the public network ( Tunnel )VPN The server , This makes it easy to manage internal hosts ,

2. Automated configuration management , Save labor costs , Convenient for later maintenance . Unified environment , Standardization

3. Automated monitoring services , Monitor the running state of the system , Forewarning , Retroactivity .

summary : A project covers a set of Architecture , A set of architecture covers different roles ( High availability 、 Load balancing 、web colony ) Five layer architecture model --> Load balancing web service Storage service Caching services Database services ( adopt tcp Connect )

1) customer -- user
       People who visit the site
    2) Security staff -- A firewall (firewalld)
       Access policy control
    3) Welcome guests -- Load balancing server   (nginx)
       Schedule the user's access request
    4) The waiter ---web The server     (nginx)
       Handle user requests
    5) The cook --- database server    (mysql)
       Stored character data   ( The headset   500   SONY   black   Beijing address   The order time 2019-05-05 13:00)
    6) The cook --- Storage server      (nfs)
       Store image Audio video Attachment and other data information
    7) The cook --- Backup server      (rsync+crond- Scheduled backup rsync+sersync-- Real time backup )
       Store important data of all servers on the website
    8) The cook --- Cache server      (memcache redis mongodb)
       a Store data information in memory
       b Slow down the pressure on the server        
    9) The manager --- Batch management server (ansible)
       Batch management of multiple server hosts
    Deploy site architecture :
    1) Need to solve the single point problem of website architecture
       Welcome guests :      High Availability Services ---keepalived
       database :   High Availability Services ---mha
       Storage service : High Availability Services ---keepalived Realization
       High Availability Services --- Distributed storage
       Backup service :  
       Interview questions : How the company's data is backed up

1)  Using open source software to backup data   rsync( free )
2)  Use enterprise network disk for data backup    Seven cattle cloud storage 
3)  Using self built backup storage architecture        Three centers in two places   
 Caching services :  High Availability Services ---  Cache service cluster / Sentinel mode 

    2) How internal employees access the architecture remotely
       Deploy and build VPN The server PPTP vpn
       https://blog.oldboyedu.com/pptp-l2tp/
    3) Internal staff operation management architecture server to audit
       Springboard server   jumpserver
       https://jumpserver.readthedocs.io/zh/docs/setup_by_centos.html
    4) In the architecture, if there is a problem with the server, it needs to give an alarm in advance
       Deploy monitoring server zabbix

The first 2 Chapter   Integrated Architecture Planning    

Host name and IP Address planning

    01.  Firewall server       firewalld    10.0.0.81( Internet address )     172.16.1.81( Inside and outside address )       Software : firewalld
    02.  Load balancing server     lb01         10.0.0.5                 172.16.1.5                 Software : nginx keepalived
    03.  Load balancing server     lb02         10.0.0.6                 172.16.1.6                 Software : nginx keepalived
    04. web The server          web01        10.0.0.7               172.16.1.7                  Software : nginx
    05. web The server          web02        10.0.0.8               172.16.1.8                  Software : nginx
    06. web The server          web03        10.0.0.9( Storage )         172.16.1.9                  Software : nginx
    07.  database server       db01         10.0.0.51              172.16.1.51              Software : mysql( slow )  mariaDB
    08.  Storage server         nfs01        10.0.0.31              172.16.1.31              Software : nfs
    09.  Backup server         backup       10.0.0.41              172.16.1.41              Software : rsync
    10.  Batch management server     m01          10.0.0.61              172.16.1.61              Software : ansible
    11.  Springboard server        jumpserver   10.0.0.71(61)          172.16.1.71              Software : jumpserver
    12.  Monitoring server         zabbix       10.0.0.72(61)          172.16.1.72              Software : zabbix
     Let's go first , And then make a change    
  13. Cache server      Ignore


03. Optimize configuration template host
    1) Network configuration
       a Add network card
       b Configure network card
       vim /etc/sysconfig/network-scripts/ifcfg-eth1
       c Confirm network configuration
    2) System optimization process
       1. Template machine optimization configuration ---hosts File configuration

   \cp /etc/hosts{,.bak}
cat >/etc/hosts<<EOF
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
172.16.1.5      lb01
172.16.1.6      lb02
172.16.1.7      web01
172.16.1.8      web02
172.16.1.9      web03
172.16.1.51     db01 db01.etiantian.org
172.16.1.31     nfs01
172.16.1.41     backup
172.16.1.61     m01
EOF

The first 3 Chapter   Optimize configuration template host

1. Network configuration

  • Add network card
  • Configure network card
    vim /etc/sysconfig/network-scripts/ifcfg-eth1
  • Confirm network configuration

 

 

 

 

 

 

 

 

 

2. hosts File configuration

\cp /etc/hosts{,.bak}
cat >/etc/hosts<<EOF
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
172.16.1.5      lb01
172.16.1.6      lb02
172.16.1.7      web01
172.16.1.8      web02
172.16.1.9      web03
172.16.1.51     db01 db01.etiantian.org
172.16.1.31     nfs01
172.16.1.41     backup
172.16.1.61     m01
EOF

3. change yum Source

mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup &&\
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
yum install -y wget  
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
PS:yum repolist  List yum The source of information ;

4. close selinux

sed -i.bak 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
grep SELINUX=disabled /etc/selinux/config 
setenforce 0
getenforce

5. close iptables

systemctl stop firewalld
systemctl disable firewalld
systemctl status  firewalld

6. Raise the right oldboy Sure sudo ( Optional configuration )

useradd oldboy
echo 123456|passwd --stdin oldboy
\cp /etc/sudoers /etc/sudoers.ori
echo "oldboy  ALL=(ALL) NOPASSWD: ALL " >>/etc/sudoers
tail -1 /etc/sudoers
visudo -c

7. English character set

localectl set-locale LANG="en_US.UTF-8"

8. Time synchronization

yum install -y ntpdate
echo '#time sync by lidao at 2017-03-08' >>/var/spool/cron/root
echo '*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com >/dev/null 2>&1' >>/var/spool/cron/root
crontab -l

9. Enlarge the file description

yum install -y lsof
lsof -i:22
# Enlarge the file description 
echo '*               -       nofile          65536' >>/etc/security/limits.conf 
tail -1 /etc/security/limits.conf
 explain :
        A service program runs , Will open the corresponding file 
		crond Scheduled task service ---systemctl start crond ---  Open the corresponding file 
		/var/spool/cron/root  ---  Load open configuration file 
		/var/log/cron         ---  Load open log file 

10. Install other small software

yum install lrzsz nmap tree dos2unix nc telnet wget lsof ntpdate bash-completion bash-completion-extras -y

11. ssh Slow connection speed optimization

sed -i.bak 's@#UseDNS yes@UseDNS no@g;s@^GSSAPIAuthentication yes@GSSAPIAuthentication no@g'  /etc/ssh/sshd_config
systemctl restart sshd

12. Modify hostname

Modify host name
hostnamectl set-hostname backup
Modify host address

sed -i 's#200#41#g' /etc/sysconfig/network-scripts/ifcfg-eth[01]
grep 41 /etc/sysconfig/network-scripts/ifcfg-eth[01]
sed -i '/UUID/d' /etc/sysconfig/network-scripts/ifcfg-eth[01]
grep UUID /etc/sysconfig/network-scripts/ifcfg-eth[01]
systemctl restart network
PS:  Start one by one in sequence , Make changes , Don't start at the same time 	  
 Add :  The cloned host cannot be remotely connected :
 Solution :
01.  utilize ping Way test 
02.  close xshell The software opens again 
sed -i 's#200#41#g' /etc/sysconfig/network-scripts/ifcfg-eth[01]
grep 41 /etc/sysconfig/network-scripts/ifcfg-eth[01]
sed -i '/UUID/d' /etc/sysconfig/network-scripts/ifcfg-eth[01]
grep UUID /etc/sysconfig/network-scripts/ifcfg-eth[01]
systemctl restart network

版权声明
本文为[Good as water ~ Xiaohui]所创,转载请带上原文链接,感谢