马哥博客作业第十六周

架构题：前端有一个 LAMP 架构通过 wordpress 来部署，后端构建一个 NFS 服务器实现要求将用户上传的图片保存至后端 NFS 服务器上，并将上传后的图片实时备份到backup备份服务器上。

环境准备:10.0.0.17:httpd+php(fastcgi模式)
　　　　 10.0.0.27:mysql服务器
　　　　 10.0.0.37:nfs服务器+inotify服务+rsync客户端
　　　　 10.0.0.18:backup服务器+rsync服务端

软件版本:CentOS 7.8
　　　　mysql-8.0.21-linux-glibc2.12-x86_64.tar.xz通用二进制
　　　　apr-1.7.0.tar.gz
　　　　apr-util-1.6.1.tar.gz
　　　　httpd-2.4.46.tar.gz
　　　　php-7.4.7.tar.gz
　　　　wordpress-5.4.2-zh_CN.tar.gz
实验步骤:
1>.运行一键安装mysql脚本
#!/bin/bash
#wget https://cdn.mysql.com//Downloads/MySQL-8.0/mysql-8.0.21-linux-glibc2.12-x86_64.tar.xz
. /etc/init.d/functions
SRC_DIR=`pwd`
MYSQL='mysql-8.0.21-linux-glibc2.12-x86_64.tar.xz'
#MYSQL='mysql-5.7.31-linux-glibc2.12-x86_64.tar.gz'
MYSQL_DIR=`echo $MYSQL| sed -rn 's/(.*[0-9]).*/\1/p'`
COLOR='echo -e \E[01;31m'
END='\E[0m'
MYSQL_ROOT_PASSWORD=centos
SID=$(ip a |awk -F[./] '/inet/ && /brd/ {print $4}')
check () {
if [ $UID -ne 0 ];then
action "当前用户不是root,安装失败" false
exit 1
fi
cd $SRC_DIR
if [ ! -e $MYSQL ];then
$COLOR"缺少${MYSQL}文件"$END
$COLOR"请将相关软件放在${SRC_DIR}目录下"$END
exit
elif [ -e /usr/local/mysql ];then
action "数据库已存在，安装失败" false
exit
else
return
fi
}

install_mysql () {
$COLOR"开始安装MySQL数据库..."$END
yum -y -q install libaio &> /dev/null
cd $SRC_DIR
tar xf $MYSQL -C /usr/local/
ln -s /usr/local/$MYSQL_DIR /usr/local/mysql
chown -R root.root /usr/local/mysql/
id mysql &> /dev/null || { useradd -s /sbin/nologin -r mysql ; action "创建mysql用户"; }
echo 'PATH=/usr/local/mysql/bin/:$PATH' > /etc/profile.d/mysql.sh
source /etc/profile.d/mysql.sh
cat > /etc/my.cnf <<-EOF
[mysqld]
server-id=$SID
log-bin
datadir=/data/mysql
socket=/data/mysql/mysql.sock
log-error=/data/mysql/mysql.log
pid-file=/data/mysql/mysql.pid
default_authentication_plugin=mysql_native_password
[client]
socket=/data/mysql/mysql.sock
EOF
[ -d /data ] || mkdir /data
mysqld --initialize --user=mysql --datadir=/data/mysql
cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld
chkconfig --add mysqld
chkconfig mysqld on
service mysqld start
[ $? -ne 0 ] && { $COLOR"数据库启动失败，退出!"$END;exit; }
MYSQL_OLDPASSWORD=`awk '/A temporary password/{print $NF}' /data/mysql/mysql.log`
mysqladmin -uroot -p${MYSQL_OLDPASSWORD} password ${MYSQL_ROOT_PASSWORD} &>/dev/null
action "数据库安装完成"
}

create_wd_ds () {
mysql -uroot -pcentos -e "create database wordpress;" &> /dev/null
mysql -uroot -pcentos -e "create user wpuser@'10.0.0.%' identified by 'magedu';" &> /dev/null
mysql -uroot -pcentos -e "grant all on wordpress.* to wpuser@'10.0.0.%';" &> /dev/null
action "数据库修改完成"
}

main () {
check
install_mysql
create_wd_ds
}
main

2>.运行一键安装httpd脚本
#!/bin/bash
#相关源码包路径
#wget https://mirrors.tuna.tsinghua.edu.cn/apache/apr/apr-1.7.0.tar.gz
#wget https://mirrors.tuna.tsinghua.edu.cn/apache/apr/apr-util-1.6.1.tar.gz
#wget https://mirrors.tuna.tsinghua.edu.cn/apache/httpd/httpd-2.4.46.tar.gz
. /etc/init.d/functions
SRC_DIR=`pwd`
COLOR='echo -e \E[01;31m'
END='\E[0m'
APR='apr-1.7.0'
APR_UTIL='apr-util-1.6.1'
HTTPD='httpd-2.4.46'
SUF='.tar.gz'
INS_DIR=/app/httpd24

check_httpd () {
if [ $UID -ne 0 ];then
action "当前用户不是root,安装失败!" false
exit
fi
cd ${SRC_DIR}
if [ ! -f $APR$SUF -o ! -f $APR_UTIL$SUF -o ! -f $HTTPD$SUF ];then
$COLOR "缺少相关源码包,请将相关源码包放到${SRC_DIR}" $END
exit
fi
rpm -q httpd &> /dev/null
if [ $? -eq 0 ];then
action "httpd已安装，安装失败" false
exit
fi
}

install_httpd () {
$COLOR "开始安装httpd服务..." $END
yum -q -y install wget bzip2 gcc make pcre-devel openssl-devel expat-devel &>/dev/null
tar xf $APR$SUF;tar xf $APR_UTIL$SUF;tar xf $HTTPD$SUF
mv $APR $HTTPD/srclib/apr
mv $APR_UTIL $HTTPD/srclib/apr-util
cd $HTTPD
./configure \
--prefix=$INS_DIR \
--enable-so \
--enable-ssl \
--enable-cgi \
--enable-rewrite \
--with-zlib \
--with-pcre \
--with-included-apr \
--enable-modules=most \
--enable-mpms-shared=all \
--with-mpm=event
make -j 4 && make install
id apache &> /dev/null || { useradd -s /sbin/nologin -r apache ; action "创建apache用户"; }
sed -ri 's/^User.*/User apache/;s/^Group.*/Group apache/' ${INS_DIR}/conf/httpd.conf
echo "PATH=${INS_DIR}/bin:$PATH" > /etc/profile.d/httpd.sh
source /etc/profile.d/httpd.sh
cat > /usr/lib/systemd/system/httpd24.service <<EOF
[Unit]
Description=The Apache HTTP Server
After=network.target remote-fs.target nss-lookup.target
Documentation=man:httpd(8)
Documentation=man:apachectl(8)
[Service]
Type=forking
#EnvironmentFile=/etc/sysconfig/httpd
ExecStart=/app/httpd24/bin/apachectl start
#ExecStart=/app/httpd24/bin/httpd $OPTIONS -k start
ExecReload=/app/httpd24/bin/apachectl graceful
#ExecReload=/app/httpd24/bin/httpd $OPTIONS -k graceful
ExecStop=/app/httpd24/bin/apachectl stop
KillSignal=SIGCONT
PrivateTmp=true
[Install]
WantedBy=multi-user.target
EOF
systemctl enable --now httpd24
[ $? -ne 0 ] && { $COLOR"httpd启动失败，退出!"$END;exit; }
action "httpd安装完成"
}

main () {
check_httpd
install_httpd
}
main

3>.运行一键安装php脚本
#!/bin/bash
#wget https://www.php.net/distributions/php-7.4.7.tar.gz
#wget https://cn.wordpress.org/latest-zh_CN.tar.gz
. /etc/init.d/functions
SRC_DIR=`pwd`
COLOR='echo -e \E[01;31m'
END='\E[0m'
PHP='php-7.4.7'
SUF='.tar.gz'
INS_DIR=/app/php74
WP='wordpress-5.4.2-zh_CN.tar.gz'
DS='Discuz_X3.4_SC_UTF8【20200818】.zip'
DIR=/data

check_php () {
if [ $UID -ne 0 ];then
action "当前用户不是root,安装失败!" false
exit
fi
cd ${SRC_DIR}
if [ ! -f $PHP$SUF ];then
$COLOR "缺少相关源码包,请将相关源码包放到${SRC_DIR}" $END
exit
fi
rpm -q php &> /dev/null
if [ $? -eq 0 ];then
action "php已安装，安装失败" false
exit
fi
}

install_php () {
$COLOR "开始安装php服务..." $END
yum -y -q install unzip gcc libxml2-devel bzip2-devel libmcrypt-devel sqlite-devel oniguruma-devel &>/dev/null
tar xf $PHP$SUF
cd $PHP
./configure \
--prefix=${INS_DIR} \
--enable-mysqlnd \
--with-mysqli=mysqlnd \
--with-pdo-mysql=mysqlnd \
--with-openssl \
--with-zlib \
--with-config-file-path=/etc \
--with-config-file-scan-dir=/etc/php.d \
--enable-mbstring \
--enable-xml \
--enable-sockets \
--enable-fpm \
--enable-maintainer-zts \
--enable-opcache \
--disable-fileinfo
make -j 4 && make install
echo "PATH=${INS_DIR}/bin:$PATH" > /etc/profile.d/php.sh
source /etc/profile.d/httpd.sh

#准备php配置文件和启动文件
cp php.ini-production /etc/php.ini
cp sapi/fpm/php-fpm.service /usr/lib/systemd/system/
cd ${INS_DIR}/etc
cp php-fpm.conf.default php-fpm.conf
cd php-fpm.d/
cp www.conf.default www.conf

#修改进程所有者
sed -ri 's/user = nobody/user = apache/;s/group = nobody/group = apache/' ${INS_DIR}/etc/php-fpm.d/www.conf
#支持status和ping页面
sed -ri 's@;(pm.status_path.*)@\1@;s@;(ping.path.*)@\1@' ${INS_DIR}/etc/php-fpm.d/www.conf
#支持opcache加速
# cat >> /etc/php.ini <<EOF
#[opcache]
#zend_extension=opcache.so 
#opcache.enable=1
#EOF
systemctl daemon-reload
systemctl enable --now php-fpm.service
[ $? -ne 0 ] && { $COLOR"php启动失败，退出!"$END;exit; }
action "php安装完成"
}

modify_httpd () {
#修改配置httpd 支持php-fpm
sed -ri 's@^#(LoadModule proxy_module.*)@\1@;s@^#(LoadModule proxy_fcgi_module.*)@\1@' /app/httpd24/conf/httpd.conf
sed -ri 's@(DirectoryIndex) (index.html)@\1 index.php \2@' /app/httpd24/conf/httpd.conf
cat >> /app/httpd24/conf/httpd.conf <<EOF
AddType application/x-httpd-php .php
ProxyRequests Off

<virtualhost *:80>
servername blog.magedu.org
documentroot $DIR/wordpress
<directory $DIR/wordpress>
require all granted
</directory>
ProxyPassMatch ^/(.*\.php)$ fcgi://127.0.0.1:9000$DIR/wordpress/$1
ProxyPassMatch ^/(status|ping)$ fcgi://127.0.0.1:9000/$1
CustomLog "logs/access_wordpress_log" common
</virtualhost>

<virtualhost *:80>
servername forum.magedu.org
documentroot $DIR/discuz
<directory $DIR/discuz/>
require all granted
</directory>
ProxyPassMatch ^/(.*\.php)$ fcgi://127.0.0.1:9000$DIR/discuz/$1
ProxyPassMatch ^/(status|ping)$ fcgi://127.0.0.1:9000/$1
CustomLog "logs/access_discuz_log" common
</virtualhost>
EOF
systemctl restart httpd24
[ $? -ne 0 ] && { $COLOR"httpd启动失败，退出!"$END;exit; }
action "httpd修改完成"
}

config_wordpress() {
[ -d "$DIR" ] || mkdir $DIR/
cd ${SRC_DIR}
tar xf $WP
mv wordpress/ $DIR
setfacl -R -m u:apache:rwx $DIR/wordpress/
action "wordpress配置完成"
}

main () {
check_php
install_php
modify_httpd
config_wordpress
}
main

4>.nfs服务器配置
　　1.安装nfs服务并启动
　　#yum -y install nfs-utils
　　systemctl enable --now nfs-server
　　2.修改配置文件
　　#vim /etc/exports.d/http.exports
　　/data/wp_picture 10.0.0.0/24(rw,no_root_squash,no_all_squash,sync)
　　3.创建后台图片保存目录并赋予相应的权限
　　#mkdir -pv /data/wp_picture
　　#setfacl -m u:apache:rwx /data/wp_picture/
　　4.创建apache用户并保证和httpd端uid及gid相同(如不相同使用usermod和groupmod修改)
　　#useradd -s /sbin/nologin -r apache
　　5.重读配置文件，并查看本机所有NFS共享
　　#exportfs -r
　　#exportfs -v
　　/data/wp_picture
　　10.0.0.0/24(sync,wdelay,hide,no_subtree_check,sec=sys,rw,secure,root_squash,no_all_squash)

5>.在httpd服务器挂载并加入开机自动挂载
#mount 10.0.0.37:/data/wp_picture /data/wordpress/wp-content/uploads
#df -h
Filesystem Size Used Avail Use% Mounted on
devtmpfs 900M 0 900M 0% /dev
tmpfs 910M 0 910M 0% /dev/shm
tmpfs 910M 9.5M 901M 2% /run
tmpfs 910M 0 910M 0% /sys/fs/cgroup
/dev/sda2 100G 2.4G 98G 3% /
/dev/sda5 50G 123M 50G 1% /data
/dev/sda1 1014M 142M 873M 14% /boot
10.0.0.37:/data/wp_picture 50G 33M 50G 1% /data/wordpress/wp-content/uploads
#vim /etc/fstab
10.0.0.37:/data/wp_picture /data/wordpress/wp-content/uploads nfs defaults,_netdev 0 0

6>.backup服务器配置
1.安装rsync服务端并启动
#yum -y install rsync-daemon
#systemctl start rsyncd 
2.修改配置文件
#vi /etc/rsyncd.conf
uid = root
gid = root
max connections = 0
ignore errors
exclude = lost+found/
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsyncd.lock
reverse lookup = no
[backup]
path = /data/backup/ 
comment = backup dir
read only = no
auth users = rsyncuser
secrets file = /etc/rsync.pas
3.准备需要备份的目录
#mkdir -pv /data/backup
4.生成验证文件
#echo "rsyncuser:magedu" > /etc/rsync.pas
#chmod 600 /etc/rsync.pas
5.重新启动rsync服务端
#systemctl restart rsyncd

7>.在nfs服务器编写rsync_nfs脚本，并在后台运行，开始实时同步nfs服务器数据数据到backup服务器
1.#vim rsync_nfs.sh
#!/bin/bash
#修改inotify事件队列最大长度以及可以监视的文件的总数量
cat >> /etc/sysctl.conf <<EOF
fs.inotify.max_queued_events=66666
fs.inotify.max_user_watches=100000
EOF
sysctl -p &> /dev/null
#配置和backup服务器同步时的密码文件
echo "magedu" > /etc/rsync.pas
chmod 600 /etc/rsync.pas
#NFS服务器图片存储目录，即需要备份的目录。
SRC='/data/wp_picture/'
#rsyncuser和backup是在backup服务器的/etc/rsyncd.conf配置文件里配置的用户名和模块名
DEST='rsyncuser@10.0.0.18::backup'
#安装实时同步需要的rsync客户端软件和inotify-tools软件
rpm -q rsync &> /dev/null || yum -y -q install rsync
rpm -q inotify-tools &> /dev/null || yum -y -q install inotify-tools
#开始监控NFS服务器图片目录，有变化时会实时同步到backup服务器中指定的目录
inotifywait -mrq --exclude=".*\.swp" --timefmt '%Y-%m-%d %H:%M:%S' --format '%T %w %f' -e create,delete,moved_to,close_write,attrib ${SRC} |while read DATE TIME DIR FILE;do
FILEPATH=${DIR}${FILE}
rsync -az --delete --password-file=/etc/rsync.pas $SRC $DEST && echo "At ${TIME} on ${DATE}, file $FILEPATH was backuped up via rsync" >> /var/log/changelist.log
done
2.#bash rsync_nfs.sh &

6>.修改C:\Windows\System32\drivers\etc\hosts文件，添加如下一行
　 10.0.0.17 blog.magedu.org forum.magedu.org

7>浏览器访问http://blog.magedu.org/通过WEB界面配置并上传图片，查看nfs服务器/data/wp_picture目录下是否生成相应图片，并在backup服务器的/data/backup目录下查看是否同步相应图片。