CentOS 7 : Install HAProxy Load Balancer by Apache and MariaDB

流程參考網誌

yum install haproxy wget gcc pcre-static pcre-devel mariadb-client -y

#新增相關的電腦名稱及對應IP
vi /etc/hosts

#在目標DB建立使用者_應用於balance source
CREATE USER 'haAccount'@'10.1.0.X';
flush privileges;

vi /etc/haproxy/haproxy.cfg 參考網誌

defaults
    mode                    tcp
    log                     global
    timeout http-request    5s
    timeout queue           1m
    timeout connect         5s
    timeout client          30s
    timeout server          30s
    timeout http-keep-alive 10s
    timeout check           10s

#WebServer
frontend ft_web
  bind 0.0.0.0:80

  # Use General Purpose Couter (gpc) 0 in SC1 as a global abuse counter
  # Monitors the number of request sent by an IP over a period of 10 seconds
  stick-table type ip size 1m expire 10s store gpc0,http_req_rate(10s)
  tcp-request connection track-sc1 src
  tcp-request connection reject if { src_get_gpc0 gt 0 }

  # Split static and dynamic traffic since these requests have different impacts on the servers
  use_backend bk_web_static if { path_end .jpg .png .gif .css .js }

  default_backend bk_web

# Dynamic part of the application

backend bk_web

  balance roundrobin

  cookie MYSRV insert indirect nocache

  # If the source IP sent 10 or more http request over the defined period,

  # flag the IP as abuser on the frontend

  acl abuse src_http_req_rate(ft_web) ge 10

  acl flag_abuser src_inc_gpc0(ft_web)

  tcp-request content reject if abuse flag_abuser

  server WWW1 10.1.0.1:80 check cookie TibSrv maxconn 100

  server WWW2 10.1.0.2:80 check cookie SNS maxconn 100

# Static objects

backend bk_web_static

  balance roundrobin

  server WWW1 10.1.0.1:80 check maxconn 1000

  server WWW2 10.1.0.2:80 check maxconn 1000

#DB Server
listen garlera 0.0.0.0:3306
     balance leastconn
     mode tcp
     option tcpka
     option mysql-check user haAccount
     server DB1 10.1.0.3:3306 check weight 1
     server DB2 10.1.0.4:3306 check weight 1

## HAProxy stats web gui running on port 9000 - username and password: howtoforge.
## url http://X.X.X.X:9000/stats
listen stats 0.0.0.0:9000
        mode http
        stats enable
        stats uri /stats
        stats realm HAProxy\ Statistics
        stats auth howtoforge:howtoforge
        stats admin if TRUE

設定開機啟動
systemctl enable haproxy

啟動服務
systemctl start haproxy

檢查服務狀態
systemctl status haproxy

#備忘...

1. 防火牆記得開
systemctl start firewalld
firewall-cmd --permanent --add-port=9000/tcp
firewall-cmd --permanent --add-port=3306/tcp
firewall-cmd --permanent --add-port=80/tcp
firewall-cmd --reload

2. 檢查Selinux設定
特徵~CI連線時只有localhost可連其餘的都被擋掉就是它的關係了...
暫時關閉指令 setenforce 0
永久關閉就去改成disable即可

3. 目標電腦連線檢查
ssh account@IPAddr

4. 服務是否運作
netstat -ant

5. 時區...將資料匯入後發現都差8小時，要記得改timezone
指令 timedatectl set-timezone Asia/Taipei

CentOS 7 YUM 安裝 MariaDB 10.01 Galera Cluster Server

1. 安裝MariaDB ，相關參考的網頁 1, 2, 3, 4, 5 

※mysql_secure_installation 要記得允許root從Remote Login

2 .安裝其他套件(可能會用到的)
yum install http://www.percona.com/downloads/percona-release/redhat/0.1-3/percona-release-0.1-3.noarch.rpm
yum install -y percona-xtrabackup-24 yum rsync nmap lsof perl-DBI nc galera socat jemalloc

如果要使用RSYNC，可以設定SSH KEY
ssh-keygen -t rsa
cat /var/lib/jenkins/.ssh/id_rsa.pub >> “other db server” /root/.ssh/authorized_keys

如果只是要測安裝，可以先關閉firewall與selinux ，正式環境還是乖乖啟動吧。
systemctl disable firewalld
systemctl stop firewalld

vim /etc/sysconfig/selinux set disable

3. 啟動DB，設定帳號
service mysql start
GRANT ALL PRIVILEGES ON *.* TO 'sync'@localhost  IDENTIFIED BY 'Password' WITH GRANT OPTION;
GRANT ALL PRIVILEGES ON *.* TO 'sync'@'10.1.0.%' IDENTIFIED BY 'Password' WITH GRANT OPTION;
flush privileges;

4. 關閉DB，設定環境Node 1環境

service mysql stop

Node 1.

vim /etc/my.con.f/server.cnf

[mysqld]
innodb_use_sys_malloc = 1
event_scheduler = ON
max_connections = 1024
log-bin-trust-function-creators = 1
default-time-zone = '+8:00'
character-set-server=utf8

wsrep_sst_auth=sync:Password
wsrep_sst_method=rsync

#wsrep_sst_method=xtrabackup

[galera]
wsrep_on=ON

binlog_format=ROW
default_storage_engine = innodb
innodb_autoinc_lock_mode = 2
innodb_buffer_pool_size = 122M
query_cache_type = 0

wsrep_provider=/usr/lib64/galera/libgalera_smm.so
wsrep_cluster_name='mycluster'
wsrep_cluster_address='gcomm://'
wsrep_node_name='DB-1'
wsrep_node_address='192.168.1.1'

bind-address=0.0.0.0

啟動First DB
galera_new_cluster
或
service mysql start  --wsrep-new-cluster

6. Node N的部分，重新處理1~4的步驟，差異點如下

Node N.

vim /etc/my.con.f/server.cnf
[mysqld]
innodb_use_sys_malloc = 1
event_scheduler = ON
max_connections = 1024
log-bin-trust-function-creators = 1
default-time-zone = '+8:00'
character-set-server=utf8

wsrep_sst_auth=sync:Password
wsrep_sst_method=rsync

#wsrep_sst_method=xtrabackup

[galera]
wsrep_on=ON

binlog_format=ROW
default_storage_engine = innodb
innodb_autoinc_lock_mode = 2
innodb_buffer_pool_size = 122M
query_cache_type = 0

wsrep_provider=/usr/lib64/galera/libgalera_smm.so
wsrep_cluster_name='mycluster'
wsrep_cluster_address='gcomm://192.168.1.1:4567,192.168.1.N:4567(看有幾台都設上去)'
wsrep_node_name='DB-N'
wsrep_node_address='192.168.1.N'

bind-address=0.0.0.0

啟動Node N DB
service mysql start

7. 當第2台DB同步後，記得回到第一台設定
wsrep_cluster_address='gcomm://192.168.1.1:4567,192.168.1.N:4567(看有幾台都設上去)'

啟動Node 1 DB
service mysql start 

8. 檢查狀態
netstat -ant ...  注意3306與4567是否有啟動

mysql -u root -p -e "show status like 'wsrep%'" ... 檢查相關的Node是否有上線

How to Test SMTP AUTH using Telnet

新的SERVER常發現無法寄信的狀況，往往顯示permission denied或time out的回覆就沒ㄌ，測試過程MEMO一下，不然每次GOOGLE都要再篩選解答...

telnet mailsrv.domain.name 25
[enter]
ehlo mailsrv.domain.name
[enter]
auth login
[enter]
先輸入帳號的base64碼
[enter]
再輸入密碼的base64碼
[enter]

之後就看結果囉...

第一步，如果telnet無法連線，表示是mail server的問題，可能是PORT可能是防火牆
第二步，如果認證失敗，就表示是帳號問題；另外要注意如果有開啟SELinux務必檢查httpd_can_sendmail是否為OFF。