group source 監控 instance rsyslog state root then 數據庫加密

MYSQL高可用方案主要分為兩大類，一類是前置管理，一類是後置管理。
前置管理的思想是利用各種前置管理工具，動態切換或者分發請求到不同的實例並切換master，如keepalived、MHA、packmaker+Corosync、MySQLProxy等，一般通過暴露VIP將整個MYQL集群隱藏起來，其中Proxy主要用以讀寫分離。後置管理則是利用共享存儲的思想，如NDB方案。由於我們的用戶尚不足百萬，所以一開始的計劃是選擇最簡單的前置管理模式-雙主+keepalived方案，後來因為阿裏雲停用了VIP服務，於是購買了其提供的負載均衡SLB服務（替代keepalived使用），最終完成了雙主+VIP的搭建。不管怎樣，keepalived的思想還是比較經典的，所以也做了簡單記錄。

Part1 mysql bin 方式安裝和配置

#查詢已經存在的mysql並刪除

rpm -qa |grep mysql
rpm -qa |grep mariadb

#刪除已經存在的mysql

rpm -e --nodeps mariadbxxxx
rpm -e --nodeps mysqlxxxx

#下載解壓並copy到/usr/local/mysql
#創建mysql數據日誌目錄

mkdir -p /data/mysql/data
mkdir -p /data/mysql/log
mkdir -p /data/mysql/bak

#初始化my.cnf

[mysql]
default-character-set=utf8

[mysqld]
character_set_server=utf8
default-storage-engine=INNODB
datadir=/data/mysql/data
#socket=/data/mysql/data/mysql.sock
port=3306
symbolic-links=0
log-error=/data/mysql/log/mysqld.log
pid-file=/data/mysql/mysqld.pid
 

###將support-files的mysql.server copy 到etc/init.d/以開機啟動

cd /usr/local/mysql/support-files/
cp mysql.server /etc/init.d/mysql

#修改mysql默認配置

vim /etc/init.d/mysql
basedir=/usr/local/mysql
datadir=/data/mysql/data

#創建mysql系統用戶並授權到mysql啟動

groupadd mysql
useradd -r -g mysql mysql
passwd mysql
mysqlpwd

chown -R mysql:mysql /usr/local/mysql/
chown -R mysql:mysql /data/mysql/
 

#將mysqlbin目錄添加到環境變量

echo ‘export PATH=/usr/local/mysql/bin:$PATH‘ >> /etc/profile 
source /etc/profile

#初始化mysql數據庫

yum install  libaio-devel.x86_64
mysqld --initialize --user=mysql --basedir=/usr/local/mysql --datadir=/data/mysql/data

#獲取初始密碼

tail -f /data/mysql/log/mysql.log
[Note] A temporary password is generated for root@localhost: im>wqfae&7tY

#給數據庫加密

mysql_ssl_rsa_setup --datadir=/data/mysql/data
chown -R mysql:mysql /data/mysql/

##設置開機自動重啟

chkconfig --add mysql
chkconfig mysql on

##查看、停止、重啟mysql

systemclt status mysql.service
systemctl start mysql.service
systemctl stop mysql.service
systemctl restart mysql.service

#啟動mysql服務
systemctl start mysql.service

#使用初始密碼登錄
mysql -uroot -p --socket=/data/mysql/data/mysql.sock
#設置新密碼,授權root用戶訪問

set password=password(‘*******‘);
grant all privileges on *.* to root@‘%‘ identified by ‘(‘*******‘);‘;
flush privileges;

Part2 mysql高可用配置 - keepalived

1. 配置master1和master2 binlog
#master1配置

[mysqld]
log-bin=mysql-bin
server-id=70
gtid_mode = on
enforce_gtid_consistency = 1
log_slave_updates=1
#binlog-ignore=mysql
#binlog-ignore=information_schema
#replicate-do-db=platform88

#master2配置

[mysqld]
log-bin=mysql-bin
server-id=71
gtid_mode = on
enforce_gtid_consistency = 1
log_slave_updates=1
#binlog-ignore=mysql
#binlog-ignore=information_schema
#replicate-do-db=platform88
#read_only=1

###備註：手動切換主庫

 mysql> stop slave;
#千萬不要執行 reset master，否則會從最先的GTID上開始執行。
mysql> change master to master_host=‘127.0.0.1‘,master_user=‘rep‘,master_password=‘rep‘,master_port=3307,master_auto_position=1; #指定到另一個比較接近主的從上。
mysql> start slave; 

2. 創建可互相訪問的用戶

#master1配置

CREATE USER ‘ms_repl_usr‘@‘172.26.27.71‘ IDENTIFIED BY ‘ms_repl_pwd‘;
GRANT REPLICATION SLAVE ON *.* TO ‘ms_repl_usr‘@‘172.26.27.71‘;
FLUSH PRIVILEGES;

#master2配置

CREATE USER ‘ms_repl_usr‘@‘172.26.27.70‘ IDENTIFIED BY ‘ms_repl_pwd‘;
GRANT REPLICATION SLAVE ON *.* TO ‘ms_repl_usr‘@‘172.26.27.70‘;
FLUSH PRIVILEGES;

查看binlog及位移
show master status \G

#master1配置

CHANGE MASTER TO
  MASTER_HOST=‘172.26.27.71‘,
  MASTER_PORT=30468,
  MASTER_USER=‘ms_repl_usr‘,
  MASTER_PASSWORD=‘ms_repl_pwd‘,
  MASTER_LOG_FILE=‘mysql-bin.000002‘,
  MASTER_LOG_POS=1459;

或者：
change master to master_host=‘172.26.27.71‘,master_user=‘ms_repl_usr‘,master_password=‘ms_repl_pwd‘, master_auto_position=1;

#master2配置

CHANGE MASTER TO
  MASTER_HOST=‘172.26.27.70‘,
  MASTER_PORT=30468,
  MASTER_USER=‘ms_repl_usr‘,
  MASTER_PASSWORD=‘ms_repl_pwd‘,
  MASTER_LOG_FILE=‘mysql-bin.000002‘,
  MASTER_LOG_POS=2086;

或者：
change master to master_host=‘172.26.27.70‘‘,master_user=‘ms_repl_usr‘,master_password=‘ms_repl_pwd‘, master_auto_position=1;

#分別重啟master1和master2
查看 salve status
show slave status \G

Slave_IO_Running: Yes
Slave_SQL_Running: Yes

3. keepalived 配置

keepalived主要用檢測對方服務的狀態，並通過關閉或者重啟自身服務達到切換VIP優先級的效果。keepalived可以監控4層或者7層網絡，4層通過配置虛擬服務實現，本例子中使用7層監控。

#master1 配置

vrrp_script chk_mysql {
    script "/etc/keepalived/check_mysql.sh"
    interval 30         #設置檢查間隔時長，可根據自己的需求自行設定
}
vrrp_instance VI_1 {
    state BACKUP        #通過下面的priority來區分MASTER和BACKUP，也只有如此，底下的nopreempt才有效
    interface eth0
    virtual_router_id 51
    priority 100
    advert_int 1
    nopreempt           #防止切換到從庫後，主keepalived恢復後自動切換回主庫
    authentication {
        auth_type PASS
        auth_pass 88gongxiang
    }
    track_script {
        chk_mysql
    }

    virtual_ipaddress {
        192.168.72.109
    }
}

#master2配置

! Configuration File for keepalived

vrrp_instance VI_1 {
    state BACKUP
    interface eth0
    virtual_router_id 51
    priority 90
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 88gongxiang
    }
    notify_master /etc/keepalived/notify_master_mysql.sh    #此條指令告訴keepalived發現自己轉為MASTER後執行的腳本
    virtual_ipaddress {
        192.168.72.109
    }
}

修改keepalived的日誌輸出，默認輸出在/var/log/message

vim /etc/rsyslog.conf

keepalived -S 0 
local0.*                                                /var/log/keepalived.log

未完待續。。。

阿裏雲環境遷移記錄 - MYSQL高可用搭建