关于Linux运维中监控方面的一些基础笔记
【摘要】 可能不是不喜欢了,而是累了,可能不是之前的喜欢都是假的,只是这个世界本来就很苍白
可能不是不喜欢了,而是累了,可能不是之前的喜欢都是假的,只是这个世界本来就很苍白,道不同,不相语。路不同,不相逢
写在前面
- 笔记是报班学习后整理的,适合温习,不适合新手。蹭着国庆长假整理了一份,希望对小伙伴有帮助.
- 生活加油,天天开心!博文主要围绕以几个方面:
- 监控的基本知识
- zabbix 的安装部署教程,
- 多节点监控实战
可能不是不喜欢了,而是累了,可能不是之前的喜欢都是假的,只是这个世界本来就很苍白
一、监控概述
1.1 监控的目的
| 监控的目的 | 描述 |
|---|---|
| 报告系统运行状况 | 每一部分必须同时监控,内容包括吞吐量、反应时间、使用率等 |
| 提前发现问题 | 进行服务器性能调整前,知道调整什么,找出系统的瓶颈在什么地方 |
1.1.1 监控的资源类别
| 监控的资源类别 | 描述 |
|---|---|
| 公开数据 | Web、FTP、SSH、数据库等应用服务,TCP或UDP端口 |
| 私有数据 | CPU、内存、磁盘、网卡流量等使用信息,用户、进程等运行信息 |
1.2 监控软件
| 命令 | 描述 |
|---|---|
ps |
查看进程信息 |
uptime |
查看CPU的负载 |
free |
查看系统内存信息 |
swapon -s |
查看交换分区信息 |
df -h |
查看文件系统挂载情况 |
ifconfg |
查看网卡信息 |
netstat或ss |
查看网络连接状态信息 (端口等) |
ping |
测试网络延迟 (是否可以通信) |
traceroute |
跟踪路由 |
iostat |
查询磁盘读写的性能 |
sar |
综合命令,可以查询cpu、磁盘、网络 , 查询历史或实时数据 |
查看进程信息
######查看进程信息
┌──[root@liruilongs.github.io]-[~]
└─$ ps -aux | less
┌──[root@liruilongs.github.io]-[~]
└─$
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.0 43264 3708 ? Ss 17:49 0:04 /usr/lib/systemd/systemd --switched-root --system --deserialize 21
root 2 0.0 0.0 0 0 ? S 17:49 0:00 [kthreadd]
root 3 0.0 0.0 0 0 ? S 17:49 0:00 [ksoftirqd/0]
root 5 0.0 0.0 0 0 ? S< 17:49 0:00 [kworker/0:0H]
root 7 0.0 0.0 0 0 ? S 17:49 0:00 [migration/0]
root 8 0.0 0.0 0 0 ? S 17:49 0:00 [rcu_bh]
root 9 0.0 0.0 0 0 ? S 17:49 0:01 [rcu_sched]
root 10 0.0 0.0 0 0 ? S 17:49 0:00 [watchdog/0]
root 11 0.0 0.0 0 0 ? S 17:49 0:00 [watchdog/1]
root 12 0.0 0.0 0 0 ? S 17:49 0:00 [migration/1]
root 13 0.0 0.0 0 0 ? S 17:49 0:00 [ksoftirqd/1]
root 15 0.0 0.0 0 0 ? S< 17:49 0:00 [kworker/1:0H]
root 17 0.0 0.0 0 0 ? S 17:49 0:00 [kdevtmpfs]
root 18 0.0 0.0 0 0 ? S< 17:49 0:00 [netns]
root 19 0.0 0.0 0 0 ? S 17:49 0:00 [khungtaskd]
root 20 0.0 0.0 0 0 ? S< 17:49 0:00 [writeback]
root 21 0.0 0.0 0 0 ? S< 17:49 0:00 [kintegrityd]
root 22 0.0 0.0 0 0 ? S< 17:49 0:00 [bioset]
root 23 0.0 0.0 0 0 ? S< 17:49 0:00 [kblockd]
root 24 0.0 0.0 0 0 ? S< 17:49 0:00 [md]
root 26 0.0 0.0 0 0 ? R 17:49 0:02 [kworker/1:1]
root 31 0.0 0.0 0 0 ? S 17:50 0:00 [kswapd0]
root 32 0.0 0.0 0 0 ? SN 17:50 0:00 [ksmd]
root 33 0.0 0.0 0 0 ? SN 17:50 0:00 [khugepaged]
root 34 0.0 0.0 0 0 ? S< 17:50 0:00 [crypto]
root 42 0.0 0.0 0 0 ? S< 17:50 0:00 [kthrotld]
root 44 0.0 0.0 0 0 ? S< 17:50 0:00 [kmpath_rdacd]
:
查看cpu负载
#######查看cpu负载
┌──[root@liruilongs.github.io]-[~]
└─$ uptime
19:09:58 up 1:20, 3 users, load average: 0.00, 0.01, 0.05
查看内存使用信息
#######查看内存使用信息
┌──[root@liruilongs.github.io]-[~]
└─$ free -h
total used free shared buff/cache available
Mem: 3.8G 202M 3.3G 16M 322M 3.4G
Swap: 9G 0B 9G
查看交换分区设备信息
#######查看交换分区设备信息
┌──[root@liruilongs.github.io]-[~]
└─$ swapon -s
Filename Type Size Used Priority
/dev/sda2 partition 10485756 0 -1
查看设备文件系统挂载信息
#######查看设备文件系统挂载信息
┌──[root@liruilongs.github.io]-[~]
└─$ df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda1 150G 2.7G 148G 2% /
devtmpfs 2.0G 0 2.0G 0% /dev
tmpfs 2.0G 0 2.0G 0% /dev/shm
tmpfs 2.0G 17M 2.0G 1% /run
tmpfs 2.0G 0 2.0G 0% /sys/fs/cgroup
tmpfs 394M 0 394M 0% /run/user/0
┌──[root@liruilongs.github.io]-[~]
└─$
查看网卡信息, 需安装 net-tools软件包
########查看网卡信息, 需安装 net-tools软件包
#RX packets 指进站的总流量(从开机开始计算)
#TX packets 指出站的总流量(从开机开始计算)
┌──[root@liruilongs.github.io]-[~]
└─$ ifconfig ens32
ens32: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.26.55 netmask 255.255.255.0 broadcast 192.168.26.255
inet6 fe80::20c:29ff:fec9:6fae prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:c9:6f:ae txqueuelen 1000 (Ethernet)
RX packets 754 bytes 72467 (70.7 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 562 bytes 64846 (63.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
┌──[root@liruilongs.github.io]-[~]
└─$
查看端口信息和对应的协议,与grep结合使用
######查看端口信息和对应的协议,与grep结合使用
##netsat 功能相同
┌──[root@liruilongs.github.io]-[~]
└─$ ss -ntulpa
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp UNCONN 0 0 127.0.0.1:323 *:* users:(("chronyd",pid=586,fd=1))
udp UNCONN 0 0 ::1:323 :::* users:(("chronyd",pid=586,fd=2))
tcp LISTEN 0 128 *:22 *:* users:(("sshd",pid=935,fd=3))
tcp LISTEN 0 100 127.0.0.1:25 *:*
users:(("master",pid=1050,fd=13))
tcp ESTAB 0 0 192.168.26.55:22 192.168.26.1:2326
users:(("sshd",pid=1203,fd=3))
tcp ESTAB 0 0 192.168.26.55:22 192.168.26.1:11634
users:(("sshd",pid=12072,fd=3))
tcp LISTEN 0 128 :::22 :::*
users:(("sshd",pid=935,fd=4))
tcp LISTEN 0 100 ::1:25 :::*
users:(("master",pid=1050,fd=14))
┌──[root@liruilongs.github.io]-[~]
└─$
测试网络延迟 (是否可以通信)
#########测试网络延迟 (是否可以通信)
##time=0.519 ms 为网络延迟时间,时间越小,网络延迟越短
┌──[root@liruilongs.github.io]-[~]
└─$ ping 127.0.0.1
PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.406 ms
64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.090 ms
64 bytes from 127.0.0.1: icmp_seq=3 ttl=64 time=0.130 ms
64 bytes from 127.0.0.1: icmp_seq=4 ttl=64 time=0.124 ms
^C
--- 127.0.0.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 0.090/0.187/0.406/0.127 ms
┌──[root@liruilongs.github.io]-[~]
└─$
traceroute可以跟踪路由,查看到目标主机经过哪些路由
########traceroute可以跟踪路由,查看到目标主机经过哪些路由
[root@proxy ~]# yum -y install traceroute
[root@proxy ~]# traceroute 192.168.2.254
traceroute to 192.168.2.254 (192.168.2.254), 30 hops max, 60 byte packets
1 192.168.2.254 (192.168.2.254) 0.929 ms * *
iostat 查询磁盘的读写性能,需要安装软件包sysstat
########iostat 查询磁盘的读写性能,需要安装软件包sysstat
┌──[root@liruilongs.github.io]-[~]
└─$ iostat
Linux 3.10.0-693.el7.x86_64 (liruilongs.github.io) 09/30/2021 _x86_64_ (2 CPU)
avg-cpu: %user %nice %system %iowait %steal %idle
0.16 0.01 0.18 0.11 0.00 99.54
##kB_read/s 磁盘每秒读的数据大小(KB)
##kB_wrtn/s 磁盘每秒写入的数据大小(KB)
##kB_read 磁盘读的总数据大小(KB)
##kB_wrtn 磁盘写入的总数据大小(KB)
Device: tps kB_read/s kB_wrtn/s kB_read kB_wrtn
sda 1.59 59.74 11.22 360970 67798
┌──[root@liruilongs.github.io]-[~]
└─$
sar查看CPU的信息,第一个数字:指每隔几秒读取数据; 第二个数字: 指取几次CPU的数据
┌──[root@liruilongs.github.io]-[~]
└─$ sar 1 2
Linux 3.10.0-693.el7.x86_64 (liruilongs.github.io) 09/30/2021 _x86_64_ (2 CPU)
###%idle 指CPU的空闲率
08:59:07 PM CPU %user %nice %system %iowait %steal %idle
08:59:08 PM all 0.00 0.00 0.00 0.00 0.00 100.00
08:59:09 PM all 0.00 0.00 0.00 0.00 0.00 100.00
Average: all 0.00 0.00 0.00 0.00 0.00 100.00
┌──[root@liruilongs.github.io]-[~]
└─$
使用sar查看所有网卡的实时流量信息
┌──[root@liruilongs.github.io]-[~]
└─$ sar -n DEV 1 2
#############使用sar查看所有网卡的实时流量信息
#第一个数字1:指每隔1秒查看一次网络数据流量; 第二个数字2: 指查看两次
Linux 3.10.0-693.el7.x86_64 (liruilongs.github.io) 09/30/2021 _x86_64_ (2 CPU)
#rxkB/s 指每秒接收数据的流量(KB);
#txkB/s 指每秒发送数据的流量 (KB);
09:00:26 PM IFACE rxpck/s txpck/s rxkB/s txkB/s rxcmp/s txcmp/s rxmcst/s
09:00:27 PM ens32 0.00 0.00 0.00 0.00 0.00 0.00 0.00
09:00:27 PM lo 0.00 0.00 0.00 0.00 0.00 0.00 0.00
09:00:27 PM docker0 0.00 0.00 0.00 0.00 0.00 0.00 0.00
09:00:27 PM IFACE rxpck/s txpck/s rxkB/s txkB/s rxcmp/s txcmp/s rxmcst/s
09:00:28 PM ens32 1.00 1.00 0.06 0.47 0.00 0.00 0.00
09:00:28 PM lo 0.00 0.00 0.00 0.00 0.00 0.00 0.00
09:00:28 PM docker0 0.00 0.00 0.00 0.00 0.00 0.00 0.00
Average: IFACE rxpck/s txpck/s rxkB/s txkB/s rxcmp/s txcmp/s rxmcst/s
Average: ens32 0.50 0.50 0.03 0.23 0.00 0.00 0.00
Average: lo 0.00 0.00 0.00 0.00 0.00 0.00 0.00
Average: docker0 0.00 0.00 0.00 0.00 0.00 0.00 0.00
┌──[root@liruilongs.github.io]-[~]
└─$
1.3 自动化监控系统
| Cacti | 特点:将监控到的数据,绘制成各种图形 | 基于SNMP协议 (网络管理协议) 的监控软件,强大的绘图能力 |
| Nagios | 特点:状态检查和报警机制 (例如:内存不足或CPU负载高时,及时的给管理员发送报警信息(邮件报警,短信报警等) ) | 基于Agent监控,强大的状态检查与报警机制,插件极多,自己写监控脚本嵌入到Nagios非常方便 |
| Zabbix | 特点:支持多种报警机制,支持分布式监控,支持数据绘图 | 基于多种监控机制,支持分布式监控 |
1.3.1 Zabbix简介
Zabbix 是一个高度集成的监控解决方案,可以实现企业级的开源分布式监控,
Zabbix 通过 C/S模式采集监控数据
C/S (client/server):客户端/服务器
客户端程序负载采集要监控的数据,然后发送给监控服务器;
监控服务器对客户发送过来的数据进行存储和处理;
Zabbix通过B/S模式实现Web管理
B/S (browser/server): 浏览器/服务器
管理员可以通过浏览器,访问监控服务器web页面,并可以查看和管理监控系统
1.3.2 监控拓扑
| Zabbix监控原理: |
|---|
| 部署一个Zabbix监控服务器, 用于存储和处理监控数据; |
| 如果被监控的是Linux或Windows主机,需要安装客户端程序agent来采集监控数据; |
| 如果被监控的是网络设备(交换机,路由器等),通过SNMP协议进行监控; |
| 最后Zabbix监控服务器,将客户端收集来的数据存储到数据库中,通过web页面来管理 |
| 监控角色 |
|---|
| 监控服务器 |
| 监控服务器可以通过SNMP (网络管理协议)或Agent采集数据 |
| 数据可以写入MYSQL、Oracle等数据库中 |
| 服务器使用LNMP实现web前端的管理 |
| 被监控主机 |
| 被监控主机需要安装Agent |
| 常见的网络设备一般支持SNMP (网络管理协议) |
二、LNMP环境准备
这里的话,因为zabbix web系统使用的是php,所以需要配置LNMP环境。
Nginx是一款小巧而高效的Web服务器软件,可帮您在Linux系统下快速方便地搭建出LNMP Web服务环境。在ECS实例上搭建LNMP环境,其中LNMP分别代表Linux、Nginx、MySQL和PHP。
2.1 部署LNMP
这里小伙伴可以参考这个:手动部署LNMP环境(CentOS 7)
2.1.1 安装前准备
- 监控服务器(需要使用Web页面操作,因此需要先部署LNMP)
- 设置主机名(zabbixserver)
- 设置IP地址(192.168.26.15)
- 关闭防火墙、SELinux
- 监控客户端 (2.100和2.200)
- 主机web1(192.168.26.14)
- 主机web2(192.168.26.13)
- 关闭防火墙、SELinux
虚拟机环境准备(克隆centos7 模板机): ——> 关闭防火墙和SELinux,嗯,因为需要多个机器,所以我们用
ansible,方便一点,这里,192.168.26.15为控制机,192.168.26.14,192.168.26.13 为节点机
| 主机名 | IP地址 |
|---|---|
| zabbixserver | 192.168.26.15 |
| web1 | 192.168.26.14 |
| web2 | 192.168.26.13 |
配置到物理机的SSH免密
┌──(liruilong㉿Liruilong)-[/mnt/e/docker]
└─$ ssh-copy-id root@192.168.26.13
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/liruilong/.ssh/id_rsa.pub"
The authenticity of host '192.168.26.13 (192.168.26.13)' can't be established.
ECDSA key fingerprint is SHA256:1F/T20FjhEaLDtutI1rXCwOFGZ5nPs3hFzHyjsnAs3Q.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.26.13's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.26.13'"
and check to make sure that only the key(s) you wanted were added.
┌──(liruilong㉿Liruilong)-[/mnt/e/docker]
└─$ ssh-copy-id root@192.168.26.14
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/liruilong/.ssh/id_rsa.pub"
The authenticity of host '192.168.26.14 (192.168.26.14)' can't be established.
ECDSA key fingerprint is SHA256:cfpb8zAi+otnaU0YIoRb76iaOYiFDI4JHyU9N0LmNkY.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.26.14's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.26.14'"
and check to make sure that only the key(s) you wanted were added.
┌──(liruilong㉿Liruilong)-[/mnt/e/docker]
└─$ ssh-copy-id root@192.168.26.15
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/liruilong/.ssh/id_rsa.pub"
The authenticity of host '192.168.26.15 (192.168.26.15)' can't be established.
ECDSA key fingerprint is SHA256:Ix6WxiXXJVdMFdSqiXLaPYdg+khbzkjuYO4raDDnih0.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.26.15's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.26.15'"
and check to make sure that only the key(s) you wanted were added.
┌──(liruilong㉿Liruilong)-[/mnt/e/docker]
└─$
ansible环境准备
┌──[root@zabbixserver]-[/]
└─$ mkdir ansible;cd ansible;vim ansible.cfg
┌──[root@zabbixserver]-[/ansible]
└─$ cat ansible.cfg
[defaults]
# 主机清单文件,就是要控制的主机列表
inventory=inventory
# 连接受管机器的远程的用户名
remote_user=root
# 角色目录
roles_path=roles
# 设置用户的su 提权
[privilege_escalation]
become=True
become_method=sudo
become_user=root
become_ask_pass=False
┌──[root@zabbixserver]-[/ansible]
└─$ vim inventory
┌──[root@zabbixserver]-[/ansible]
└─$ cat inventory
[web]
192.168.26.13
192.168.26.14
[zabbix]
192.168.26.13
192.168.26.14
127.0.0.1
┌──[root@zabbixserver]-[/ansible]
└─$
配置控制机到节点机的SSH免密
┌──[root@zabbixserver]-[/ansible]
└─$ ssh-copy-id root@192.168.26.13
/usr/bin/ssh-copy-id: ERROR: failed to open ID file '/root/.pub': No such file or directory
(to install the contents of '/root/.pub' anyway, look at the -f option)
┌──[root@zabbixserver]-[/ansible]
└─$ ssh-copy-id root@192.168.26.14
/usr/bin/ssh-copy-id: ERROR: failed to open ID file '/root/.pub': No such file or directory
(to install the contents of '/root/.pub' anyway, look at the -f option)
┌──[root@zabbixserver]-[/ansible]
└─$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:/wLemqRJd5tsIWj/hxole6EpNTZ9M2lDooVGnYTx3I4 root@zabbixserver
The key's randomart image is:
+---[RSA 2048]----+
| o=.. |
| ..+o. |
| o = o |
| . + = . |
| .S E O |
| oooX.+ + |
| .ooB++o |
| . *o*=+. |
| o +==o. |
+----[SHA256]-----+
┌──[root@zabbixserver]-[/ansible]
└─$ ssh-copy-id root@192.168.26.14
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.26.14 (192.168.26.14)' can't be established.
ECDSA key fingerprint is SHA256:cfpb8zAi+otnaU0YIoRb76iaOYiFDI4JHyU9N0LmNkY.
ECDSA key fingerprint is MD5:35:32:02:28:b3:2f:9b:11:3c:d9:16:29:ab:2f:75:73.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.26.14's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.26.14'"
and check to make sure that only the key(s) you wanted were added.
┌──[root@zabbixserver]-[/ansible]
└─$ ssh-copy-id root@192.168.26.13
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.26.13 (192.168.26.13)' can't be established.
ECDSA key fingerprint is SHA256:1F/T20FjhEaLDtutI1rXCwOFGZ5nPs3hFzHyjsnAs3Q.
ECDSA key fingerprint is MD5:b3:c9:31:0e:08:31:5b:7b:25:dd:a3:a7:f1:db:ac:7a.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.26.13's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.26.13'"
and check to make sure that only the key(s) you wanted were added.
┌──[root@zabbixserver]-[/ansible]
└─$ ssh-copy-id root@192.168.26.15
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.26.15's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.26.15'"
and check to make sure that only the key(s) you wanted were added.
┌──[root@zabbixserver]-[/ansible]
测试ansible
┌──[root@zabbixserver]-[/ansible]
└─$ ansible all -m ping
192.168.26.13 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
192.168.26.14 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
127.0.0.1 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
┌──[root@zabbixserver]-[/ansible]
└─$
检查防火墙和selinux
┌──[root@zabbixserver]-[/ansible]
└─$ ansible all -m shell -a 'sed -n 7p /etc/selinux/config'
[WARNING]: Consider using the replace, lineinfile or template module rather than running 'sed'. If
you need to use command because replace, lineinfile or template is insufficient you can add 'warn:
false' to this command task or set 'command_warnings=False' in ansible.cfg to get rid of this
message.
127.0.0.1 | CHANGED | rc=0 >>
SELINUX=disabled
192.168.26.14 | CHANGED | rc=0 >>
SELINUX=disabled
192.168.26.13 | CHANGED | rc=0 >>
SELINUX=disabled
┌──[root@zabbixserver]-[/ansible]
└─$ ansible all -m shell -a ' systemctl status firewalld | grep Active'
127.0.0.1 | CHANGED | rc=0 >>
Active: active (running) since Fri 2021-10-01 17:48:56 CST; 51min ago
192.168.26.14 | CHANGED | rc=0 >>
Active: active (running) since Fri 2021-10-01 17:49:47 CST; 50min ago
192.168.26.13 | CHANGED | rc=0 >>
Active: active (running) since Fri 2021-10-01 17:49:14 CST; 51min ago
发现防火墙还没有关闭,所以在关闭一下防火墙:
┌──[root@zabbixserver]-[/ansible]
└─$ ansible all -m shell -a 'systemctl disable firewalld --now'
192.168.26.14 | CHANGED | rc=0 >>
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
192.168.26.13 | CHANGED | rc=0 >>
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
127.0.0.1 | CHANGED | rc=0 >>
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
┌──[root@zabbixserver]-[/ansible]
└─$
2.1.2 部署LNMP
┌──[root@zabbixserver]-[/ansible]
└─$ yum -y install nginx php php-fpm php-mysql mariadb-server mariadb mariadb-devel
安装需要的软件包,也可以分别安装
##安装Ng
[root@zabbixserver ~]yum -y install nginx
###安装php解释器及相关软件包
[root@zabbixserver ~]# yum -y install php #php解释器
[root@zabbixserver ~]# yum -y install php-fpm #可以支持 Fastcgi 通用语言
[root@zabbixserver ~]# yum -y install php-mysql #php和数据通信的扩展包
###安装数据库及相关软件包
[root@web1 ~]# yum -y install mariadb-server #数据库服务端软件
[root@web1 ~]# yum -y install mariadb #数据库客户端软件
[root@web1 ~]# yum -y install mariadb-devel #相关的依赖包
修改nginx配置
┌──[root@zabbixserver]-[~]
└─$ vim /etc/nginx/nginx.conf
┌──[root@zabbixserver]-[~]
└─$ cat /etc/nginx/nginx.conf
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 4096;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server {
listen 80;
listen [::]:80;
server_name _;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
error_page 404 /404.html;
location = /404.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
fastcgi_buffers 8 16k; #缓存php生成的数据,缓存大小为8个16k
fastcgi_buffer_size 32k; #缓存php产生的头部信息,缓存大小为32k
fastcgi_connect_timeout 300; #连接php的超时时间为300秒
fastcgi_send_timeout 300; #发送请求的超时时间为300秒
fastcgi_read_timeout 300; #读取请求的超时时间为300秒
location ~ \.php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi.conf;
}
# location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1: 9000;
# fastcgi_index index.php;
#fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
}
# Settings for a TLS enabled server.
#
# server {
# listen 443 ssl http2;
# listen [::]:443 ssl http2;
# server_name _;
# root /usr/share/nginx/html;
#
# ssl_certificate "/etc/pki/nginx/server.crt";
# ssl_certificate_key "/etc/pki/nginx/private/server.key";
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 10m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
#
# # Load configuration files for the default server block.
# include /etc/nginx/default.d/*.conf;
#
# error_page 404 /404.html;
# location = /40x.html {
# }
#
# error_page 500 502 503 504 /50x.html;
# location = /50x.html {
# }
# }
}
通过systemd的方式管理nginx服务,通过源码安装的NG需要
##此文件,每次Linux开机时,都会运行里面的所有命令
[root@zabbixserver ~]# vim /etc/rc.d/rc.local
/usr/local/nginx/sbin/nginx
[root@zabbixserver ~]# chmod +x /etc/rc.d/rc.local
####nginx管理服务模板文件路径,也可在百度搜索nginx systemd
https://www.nginx.com/resources/wiki/start/topics/examples/systemd/
#####在/usr/lib/systemcd/systemd下创建nginx服务配置文件
##拷贝模板
[root@web1 ~]# vim /usr/lib/systemd/system/nginx.service
[Unit]
Description=The NGINX HTTP server #描述信息
##After 指nginx开机时,启动服务的顺序
After=syslog.target network-online.targetnss-lookup.target
[Service]
#Type 指启动服务后只有一个进程使用simple,有多个进程使用forking
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
####修改路径为/usr/local/nginx/sbin 实际nginx安装路径
##ExecStartPre 指启动服务之前检测nginx配置语法是否正确
ExecStartPre=/usr/local/nginx/sbin/nginx -t
ExecStart=/usr/local/nginx/sbin/nginx #启动nginx服务
ExecReload=/usr/local/nginx/sbin/ -s reload #重启nginx服务
ExecStop=/bin/kill -s QUIT $MAINPID #停止nginx服务
PrivateTmp=true
[Install]
#WantedBy 指将nginx服务放到 multi-user.target 服务组
#路径在/etc/systemd/system/multi-user.target
#重启multi-user.target,会启动这个目录下的所有服务
WantedBy=multi-user.target
2.1.4 启动服务
┌──[root@zabbixserver]-[~]
└─$ systemctl enable mariadb.service --now
Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.
┌──[root@zabbixserver]-[~]
└─$ systemctl enable php-fpm --now
Created symlink from /etc/systemd/system/multi-user.target.wants/php-fpm.service to /usr/lib/systemd/system/php-fpm.service.
┌──[root@zabbixserver]-[~]
└─$ systemctl enable nginx --now
Created symlink from /etc/systemd/system/multi-user.target.wants/nginx.service to /usr/lib/systemd/system/nginx.service.
┌──[root@zabbixserver]-[~]
└─$
页面测试
######编写php动态测试页面
[root@zabbixserver ~]# vim /usr/local/nginx/html/test.php
<?php
$i=33;
echo $i;
?>
【版权声明】本文为华为云社区用户原创内容,转载时必须标注文章的来源(华为云社区)、文章链接、文章作者等基本信息, 否则作者和本社区有权追究责任。如果您发现本社区中有涉嫌抄袭的内容,欢迎发送邮件进行举报,并提供相关证据,一经查实,本社区将立刻删除涉嫌侵权内容,举报邮箱:
cloudbbs@huaweicloud.com
- 点赞
- 收藏
- 关注作者
评论(0)