cluster node 1 -> 10.0.0.1

cluster node 2 -> 10.0.0.2

cluster node 3 -> 10.0.0.3


### yum repositories 등록

cat << EOF >  /etc/yum.repos.d/mariadb.repo

[mariadb]

name = MariaDB

baseurl = http://yum.mariadb.org/10.0/centos6-amd64

gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB

gpgcheck=1

EOF


### 설치전 

selinux = disabled

iptable을 사용한다면 사용되는 기본 port를 열어줘야한다.



### 설치

# 필요한 프로그램

yum install http://dl.fedoraproject.org/pub/epel/6/x86_64/socat-1.7.2.3-1.el6.x86_64.rpm

yum install socat


# Mariadb 설치

yum install MariaDB-Galera-server MariaDB-client rsync galera


# 설치 완료이후

/etc/init.d/mysql start

/usr/bin/mysql_secure_installation

root 비밀번호 입력


# galera config

mysql -u root -p

DELETE FROM mysql.user WHERE user='';

GRANT ALL ON *.* TO 'root'@'%' IDENTIFIED BY 'root_pass';

GRANT USAGE ON *.* to sst_user@'%' IDENTIFIED BY 'sst_pass';

GRANT ALL PRIVILEGES on *.* to sst_user@'%';

FLUSH PRIVILEGES;

quit

ㅁ db에서 root 비밀번호 및, sst 관련 유저 비밀번호 생성

service mysql stop

cat >> /etc/my.cnf.d/server.cnf << EOF

binlog_format=ROW

default-storage-engine=innodb

innodb_autoinc_lock_mode=2

innodb_locks_unsafe_for_binlog=1

query_cache_size=0

query_cache_type=0

bind-address=0.0.0.0

datadir=/var/lib/mysql

innodb_log_file_size=100M

innodb_file_per_table

innodb_flush_log_at_trx_commit=2

wsrep_provider=/usr/lib64/galera/libgalera_smm.so

wsrep_cluster_address="gcomm://10.0.0.1,10.0.0.2,10.0.0.3"

wsrep_cluster_name='galera_cluster'

wsrep_node_address='10.0.0.1'

wsrep_node_name='db1'

wsrep_sst_method=rsync

wsrep_sst_auth=sst_user:sst_pass

EOF


ㅁ config db2

wsrep_node_address='10.0.0.2'

wsrep_node_name='db2'


ㅁ config db3

wsrep_node_address='10.0.0.3'

wsrep_node_name='db3'


### 실행 및 확인


/etc/init.d/mysql start --wsrep-new-cluster 

ㄴ db1 에서 실행


mysql -u root -p -e "show status like 'wsrep%'"

.

.

wsrep_local_state_comment | Synced

wsrep_incoming_addresses  | 10.0.0.1:3306

wsrep_cluster_size        | 1

wsrep_ready               | ON

.

.



2번, 3번 서버 mysql 시작한이후 위의 값에서 wsrep_cluster_size 값이 2, 3 으로 올라가는지 확인


1번에 쿼리문 날리셔 나머지 2,3번에서 동일 내용이 select 되는지 확인


### 부하분산

Lvs를 이용하여서 3306 Port 부하분산 진행


ㅁ LVS 설정 (/etc/keepalived/keepalived.conf)

! Configuration File for keepalived


global_defs {

   notification_email {

     root

   }

   notification_email_from admin@admin.com

   smtp_server 127.0.0.1

   smtp_connect_timeout 30

}


vrrp_instance ETH0 {

    state BACKUP

    interface eth0

    virtual_router_id 9

    priority 100

    garp_master_delay 1

    advert_int 1

    lvs_sync_daemon_interface eth0

    authentication {

        auth_type PASS

        auth_pass xxxxxx

    }

    virtual_ipaddress {

        10.0.0.100 (VIP사용할 IP)

    }

}


virtual_server 10.0.0.100 3306 {

    delay_loop 3

    lb_algo rr

    lb_kind DR

    protocol TCP


    real_server 10.0.0.1 3306 {

        weight 100

        TCP_CHECK {

            connect_timeout 3

            nb_get_retry 3

            delay_before_retry 3

        }

    }


    real_server 10.0.0.2 3306 {

        weight 100

        TCP_CHECK {

            connect_timeout 3

            nb_get_retry 3

            delay_before_retry 3

        }

    }


    real_server 10.0.0.3 3306 {

        weight 100

        TCP_CHECK {

            connect_timeout 3

            nb_get_retry 3

            delay_before_retry 3

        }

    }

}


/etc/init.d/keepalived restart 혹은 서비스 중이면 /etc/init.d/keepalived reload

ㅁ 각 DB서버에 10.0.0.100 VIP 등록

cat << EOF >>/etc/sysconfig/network-scripts/ifcfg-lo:0

DEVICE=lo:0
IPADDR=10.0.0.100
NETMASK=255.255.255.255
NETWORK=10.0.0.100
ONBOOT=yes
NAME=loopback
EOF

ifup lo:0

ifconfig | grep 10.0.0.100


ㅁ LVS 서버에서 확인
watch -n 1 "ipvsadm -L"






'Linux > Document' 카테고리의 다른 글

swap size  (0) 2017.03.09
mmm  (0) 2016.05.09
keepalived + haproxy + dns  (0) 2016.04.07
ubuntu banner 설정  (0) 2016.03.04
glusterFS  (0) 2016.03.04

yum install -y proftpd


# Server Config - config used for anything outside a <VirtualHost> or <Global> context

# See: http://www.proftpd.org/docs/howto/Vhost.html


ServerName                      "ProFTPD server"

ㄴ 유저가 접속하였을때에 보여주는 서버이름


ServerIdent                     on "FTP Server ready."

ㄴ 서버 접속하였을때에 보여주는 message


ServerAdmin                     root@localhost

ㄴ 해당 FTP 서버 관리자 이메일 주소


DefaultServer                   on

ㄴ 기본이 되는 FTP서버 설정(proftpd 서버는 가상호스트가 지원됨)



# Cause every FTP user except adm to be chrooted into their home directory
# Aliasing /etc/security/pam_env.conf into the chroot allows pam_env to
# work at session-end time (http://bugzilla.redhat.com/477120)
VRootEngine                     on
ㄴ pam 관련 설정인듯하나, 정확한것 모르겠음

DefaultRoot                     ~ !adm
ㄴ chroot 기본 디렉토리

VRootAlias                      /etc/security/pam_env.conf etc/security/pam_env.conf
ㄴ vroot 관련된 파일 설정



# Use pam to authenticate (default) and be authoritative
AuthPAMConfig                   proftpd
ㄴ pam을 사용할시에 보여주는 이름

AuthOrder                       mod_auth_pam.c* mod_auth_unix.c
ㄴ 인증관련되서 사용하는 모듈 설정


# If you use NIS/YP/LDAP you may need to disable PersistentPasswd
#PersistentPasswd               off
ㄴ /etc/shadow, passwd, group 사용여부 



# Don't do reverse DNS lookups (hangs on DNS problems)
UseReverseDNS                   off
ㄴ 역방향 DNS로 proftp를 조회하는것에 관련된 설정


# Set the user and group that the server runs as
User                            nobody
Group                           nobody
ㄴ proftpd가 standalone으로 (daemon)으로 운영될때 사용되는 유저랑, 그룹

# To prevent DoS attacks, set the maximum number of child processes
# to 20.  If you need to allow more than 20 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode; in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances                    20
ㄴ 자식 프로세스 최대 갯수


# Disable sendfile by default since it breaks displaying the download speeds in
# ftptop and ftpwho
UseSendfile                     off
ㄴ ftptop? ftpwho? 파일 다운로드속도 모니터링? 정확한건 모르겠음



# Define the log formats
LogFormat                       default "%h %l %u %t \"%r\" %s %b"
LogFormat                       auth    "%v [%P] %h %t \"%r\" %s"
ㄴ 로그포멧 관련 설정


# TLS (http://www.castaglia.org/proftpd/modules/mod_tls.html)
<IfDefine TLS>
  TLSEngine                     on
  TLSRequired                   on
  TLSRSACertificateFile         /etc/pki/tls/certs/proftpd.pem
  TLSRSACertificateKeyFile      /etc/pki/tls/certs/proftpd.pem
  TLSCipherSuite                ALL:!ADH:!DES
  TLSOptions                    NoCertRequest
  TLSVerifyClient               off
  #TLSRenegotiate               ctrl 3600 data 512000 required off timeout 300
  TLSLog                        /var/log/proftpd/tls.log
  <IfModule mod_tls_shmcache.c>
    TLSSessionCache             shm:/file=/var/run/proftpd/sesscache
  </IfModule>
</IfDefine>
ㄴ SSL 인증서 관련 모듈 설정



# Dynamic ban lists (http://www.proftpd.org/docs/contrib/mod_ban.html)
# Enable this with PROFTPD_OPTIONS=-DDYNAMIC_BAN_LISTS in /etc/sysconfig/proftpd
<IfDefine DYNAMIC_BAN_LISTS>
  LoadModule                    mod_ban.c
  BanEngine                     on
  BanLog                        /var/log/proftpd/ban.log
  BanTable                      /var/run/proftpd/ban.tab

  # If the same client reaches the MaxLoginAttempts limit 2 times
  # within 10 minutes, automatically add a ban for that client that
  # will expire after one hour.
  BanOnEvent                    MaxLoginAttempts 2/00:10:00 01:00:00

  # Allow the FTP admin to manually add/remove bans
  BanControlsACLs               all allow user ftpadm
</IfDefine>
ㄴ Proftp ACL관련 모듈 설정


# Global Config - config common to Server Config and all virtual hosts
# See: http://www.proftpd.org/docs/howto/Vhost.html
<Global>

  # Umask 022 is a good standard umask to prevent new dirs and files
  # from being group and world writable
  Umask                         022

  # Allow users to overwrite files and change permissions
  AllowOverwrite                yes
  <Limit ALL SITE_CHMOD>
    AllowAll
  </Limit>

</Global>
ㄴ ftp 전체 설정내용
ㄴ Umask -> 파일생성시 Umask값
ㄴ 파일 권한변경 관련 설정



# A basic anonymous configuration, with an upload directory
# Enable this with PROFTPD_OPTIONS=-DANONYMOUS_FTP in /etc/sysconfig/proftpd
<IfDefine ANONYMOUS_FTP>
  <Anonymous ~ftp>
    User                        ftp
    Group                       ftp
    AccessGrantMsg              "Anonymous login ok, restrictions apply."

    # We want clients to be able to login with "anonymous" as well as "ftp"
    UserAlias                   anonymous ftp

    # Limit the maximum number of anonymous logins
    MaxClients                  10 "Sorry, max %m users -- try again later"

    # Put the user into /pub right after login
    #DefaultChdir               /pub

    # We want 'welcome.msg' displayed at login, '.message' displayed in
    # each newly chdired directory and tell users to read README* files.
    DisplayLogin                /welcome.msg
    DisplayChdir                .message
    DisplayReadme               README*

    # Cosmetic option to make all files appear to be owned by user "ftp"
    DirFakeUser                 on ftp
    DirFakeGroup                on ftp

    # Limit WRITE everywhere in the anonymous chroot
    <Limit WRITE SITE_CHMOD>
      DenyAll
    </Limit>

    # An upload directory that allows storing files but not retrieving
    # or creating directories.
    <Directory uploads/*>
      AllowOverwrite            no
      <Limit READ>
        DenyAll
      </Limit>

      <Limit STOR>
        AllowAll
      </Limit>
    </Directory>

    # Don't write anonymous accesses to the system wtmp file (good idea!)
    WtmpLog                     off

    # Logging for the anonymous transfers
    ExtendedLog                 /var/log/proftpd/access.log WRITE,READ default
    ExtendedLog                 /var/log/proftpd/auth.log AUTH auth

  </Anonymous>
</IfDefine>
ㄴ Proftp 익명 접속 관련 설정



Yum으로 proftp 설치시에 기본 설정 파일 내용




'FTP' 카테고리의 다른 글

vsftpd  (0) 2016.03.15

+ Recent posts

티스토리툴바