【好书推荐】
购买链接:
-------------------------------------------------------------------- 正文---------------------------------------------------------------------------------
DELL服务器:1U(unit)=4.445cm 宽19英寸(48.26cm)
IDC机房电源线路分A路和B路(两路市电)
1U=4.445cm
2U=4.445*2=8.89cm
3U=4.445*3=13.335cm
4U=4.445*4=17.78cm
CPU比较大的厂商:Intel和AMD
硬盘接口类型:SSD、SAS、SATA、IDE(淘汰)
硬盘尺寸:2.5寸、3.5寸
硬盘品牌:西数、希捷
硬盘性能排列:SSD > SAS > SATA > IDE
优化核心三大件(速度容量关系图):CPU(一级缓存L1、二级缓存L2)、内存(物理内存、虚拟内存)、硬盘(SSD、SAS、SATA、IDE)
网站优化思想:多用内存,少用磁盘
【1】读多写少
数据写入硬盘-->硬盘读数据到内存-->用户在内存中读数据
【2】写多读少
数据写入内存-->异步写入硬盘(频率视能接受数据丢失程度)
Linux弹光驱命令(可以准确定位机房具体物理服务器)
[root@node1 ~]# eject
服务器品牌:DELL、IBM、HP、联想、华为、浪潮
DELL服务器历史
2010年 1U:1850、1950 2U:2850、2950
2010年~2013年 1U:R410、R610 2U:R710
2014年~2015年 1U:R420、R430、R620、R630 2U:R720
企业物理服务器:CPU颗数2-4颗,单颗CPU是八核,内存大小:16-256G
企业虚拟化物理服务器:CPU颗数4-8颗,单颗CPU是八核,内存大小:48-128G
程序:代码文件,静态的,放至在硬盘中
进程:正在运行的程序,进程会放在内存中执行
守护进程:持续保持运行的程序
互联网理念:缓存无处不在(缓存体系)
buffer(缓冲区):写入数据到内存
是为了提高内存和硬盘(或其它I/O设备)之间的数据交流的速度而设计的
cache(高速缓存):从内存读取数据
是为了提高CPU和内存之间的数据交流的速度而设计的
互联网理念:不以年龄论英雄
RAID卡(磁盘阵列卡):RAID是一种把多块独立的物理硬盘按不同方式组合起来形成一个逻辑硬盘,从而提供比单个硬盘有着更高的性能和提供数据冗余的技术
RAID类型
【1】硬RAID:通过硬件来实现RAID功能
【2】软RAID:通过软件来实现RAID功能
RAID级别:RAID1、RAID2、RAID3、RAID4、RAID5、RAID6、RAID7、RAID10、RAID01、RAID53
操作系统:英文名称Operating System,简称OS,管理和控制计算机软硬件,向下管理硬件,向上管理软件
Linux操作系统与计算机软硬件关系示意图:硬件-->系统核心(kernel、lib)-->命令解释器(shell)-->应用程序-->用户
常见的操作系统:Windows、Linux、Unix、DOS、Mac
Linux是一套开放源代码程序的,并可以自由传播的类Unix(Linux系统的前身)操作系统软件
Linux应用领域:服务器端、嵌入式开发、个人桌面
Unix诞生于1969年的贝尔实验室,1977年诞生了BSD,各厂商以BSD系统为基础,结合自己公司的硬件进行研发,从而产生了各种版本的Unix系统,典型代表如下
Sum公司:Solaris
IBM公司:AIX
HP公司:HP UNIX
Unix五大特性
【1】技术成熟、可靠性高
【2】强大的伸缩性
【3】强大的网络功能
【4】强大的数据库支持
【5】强大的开发功能
Richard Stallman发起了自由软件的运动(1984年),成立了自由软件基金会和GNU项目,系统叫GNU系统
Linux诞生于1991年,内核由Linus Torvalds开发
Linux内核官方网站:http://www.kernel.org
Linux系统的组成:核心由Linus Torvalds开发的Kernel,部分GNU组件(Emacs、gcc、bash、gawk),其它必要的应用程序组成
GPL许可的核心:保证任何人有共享和修改自由软件的自由,任何人有权取得、修改和重新发布自由软件源代码的权利,但都必须同时给出具体更改的源代码
Linux内核版本:Linux kernel 2.2、Linux kernel 2.4、Linux kernel 2.6
Linux的发行商:Redhat、CentOS、Fedora(Redhat预发布版本[小白鼠])、Debian、FreeBSD(安全)、SUSE、Ubuntu
Redhat[自由但不免费]和CentOS[自由且免费]区别:以Redhat所发布的源代码重建符合GPL许可协议的Linux系统,即把Redhat Linux源代码中去除商标LOGO以及非自由的软件部分后的再编译版
自由软件的核心:没有商业化软件版权制约,源代码开放,可无约束自由传播
FSF:自由软件基金会
系统版本:CentOS6.6 x86_64
虚拟化软件:VMware Workstation8.0.4
VMware Workstation网卡模式
【1】Bridged(桥接模式):和宿主机同一个网段,相当于一台独立的机器,可能会和其它物理机IP地址冲突,虚拟机和宿主机通信时数据包会经过路由器(出网做一次地址转换)
【2】NAT(地址转换模式):宿主机相当于网关,虚拟机的数据包都要经过宿主机(VMnet8),宿主机和虚拟机是不同的网段,虚拟机可以和宿主机通信,但不能和宿主机同一网段的其它主机通信(出网做两次地址转换)
【3】Host Only(仅主机模式):直接连接宿主机的VMnet1
CentOS系统下载(阿里云):http://mirrors.aliyun.com
32位和64位系统的区别:64位系统运算速度更快,可以发挥更大更好的硬件性能,提升业务工作效率
Linux硬盘分区:主分区、扩展分区、逻辑分区
【1】主分区:最多4个主分区(分区表占64字节,每个分区表占16字节)
【2】扩展分区:最多1个,可以没有(4P)
【3】逻辑分区:可以有多个,分区编号只能从5开始(5L 6L 7L......)
/dev/sdb划分成5个分区
【1】1P+1E(4L):/dev/sdb1 /dev/sdb5 /dev/sdb6 /dev/sdb7 /dev/sdb8
【2】2P+1E(3L):/dev/sdb1 /dev/sdb2 /dev/sdb5 /dev/sdb6 /dev/sdb7
【3】3P+1E(2L):/dev/sdb1 /dev/sdb2 /dev/sdb3 /dev/sdb5 /dev/sdb6
Linux分区编号
编号1~4:只能是P[主分区]+E[扩展分区](分区表占64字节,每个分区表占16字节,所以主分区最多有4个)
编号5~:只能是L(逻辑分区)
Linux硬盘设备命名规则
【1】IDE类型硬盘
/dev/hda 表示第一块硬盘
/dev/hdb 表示第二块硬盘
/dev/hda1 表示第一块硬盘的第一个分区
/dev/hda2 表示第一块硬盘的第二个分区
【2】SCSI类型硬盘(SSD/SAS/SATA)
/dev/sda 表示第一块硬盘
/dev/sdb 表示第二块硬盘
/dev/sda1 表示第一块硬盘的第一个分区
/dev/sda2 表示第一块硬盘的第二个分区
Linux分区要求
【1】/分区:根分区
【2】/swap分区:相当于Windows的虚拟内存,不是必须,一般都会分,物理内存(小于8G)的1.5倍,但是只是一个参考值
【3】/boot分区:引导分区,不是必须,不分则隶属于根分区
Linux挂载点:Linux下访问硬盘分区的入口,硬盘分区只有挂载才能够被访问
文件系统:操作系统组织和存储文件的一种机制,分区格式化过程就是创建文件系统(会生成一定数量的Inode和Block)
Windows常见文件系统:fat、fat32、ntfs
Linux常见文件系统:ext2、ext3、ext4、xfs
查看内核版本信息
[root@node1 ~]# uname -r
2.6.32-504el6.x86_64
2 表示内核主版本号,有结构性变化才会更改
6 表示内核次版本号,有新功能添加才会更改,奇数代表开发版本,偶数代表稳定版本
32 表示此版本修改次数
504 表示此版本编译次数
el6 表示企业版Linux 6
x86_64 表示64位系统
root 表示当前登录用户名
@ 表示分隔符
node1 表示主机名
~ 表示当前用户当前所在路径
# 表示超级管理员命令提示符
$ 表示普通用户命令提示符
uname -r 表示输入的命令
查看系统是32位还是64位
[root@node1 ~]# uname -m
x86_64
网卡配置文件路径:/etc/sysconfig/network-scripts/ifcfg-eth0(eth0表示第一块网卡,eth1表示第二块网卡)
配置网卡及DNS信息
[root@node1 ~]# setup
激活网卡
[root@node1 ~]# ifup eth0
禁用网卡
[root@node1 ~]# ifdown eth0
查看网络设备信息
[root@node1 ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:29:27:E5:60
inet addr:192.168.100.133 Bcast:192.168.100.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe27:e560/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3236 errors:0 dropped:0 overruns:0 frame:0
TX packets:1978 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:324426 (316.8 KiB) TX bytes:257334 (251.3 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
SecureCRT设置优化
选项-->会话选项-->仿真-->终端[Linux]-->回滚缓冲区[32000]-->外观-->标准字体-->字体[楷体、粗体、16号]-->精确字体-->字体[楷体、粗体、16号]-->字符编码[UTF-8]-->光标样式[短块]-->使用颜色[绿色]
相对路径和绝对路径概念
【1】相对路径:不从/开始,而是从当前目录开始,如:data/lb.txt
【2】绝对路径:从/开始就叫绝对路径,如:/data/lb.txt
vi/vim编辑器工作模式图(命令行模式、编辑模式、普通模式)
为文件lb.txt追加多行内容
【1】
[root@node1 ~]# cat >> lb.txt<<EOF
linbin
lb
EOF
【2】
[root@node1 ~]# cat >> lb.txt <==使用ctrl+c或ctrl+d结束输入内容
linbin
lb
【3】
[root@node1 ~]# echo "linbin
lb" >> lb.txt
【4】
[root@node1 ~]# echo -e "linbin\nlb" >> lb.txt <=="-e"表示激活特殊字符,"\n"表示换行符,"\t"表示横向制表符
find命令图
已知/data目录有如下文件,删除所有文件,保留文件linbin.txt
[root@node1 ~]# ls -l /data/
total 0
-rw-r--r--. 1 root root 0 Aug 30 20:07 blin.txt
-rw-r--r--. 1 root root 0 Aug 30 20:07 lbin.txt
-rw-r--r--. 1 root root 0 Aug 30 20:07 lb.txt
-rw-r--r--. 1 root root 0 Aug 30 20:07 linbin.txt
【1】
[root@node1 ~]# find /data/ -type f ! -name "linbin.txt" -exec rm -f {} \;
[root@node1 ~]# ls -l /data/
total 0
-rw-r--r--. 1 root root 0 Aug 30 20:07 linbin.txt
【2】
[root@node1 ~]# find /data/ -type f ! -name "linbin.txt"|xargs rm -f
[root@node1 ~]# ls -l /data/
total 0
-rw-r--r--. 1 root root 0 Aug 30 20:07 linbin.txt
最小化安装系统后安装常用的软件包
[root@node1 ~]# yum -y install tree nmap sysstat lrzsz dos2unix
拷贝文件或目录系统不提示是否覆盖(系统对cp命令定义了别名alias cp='cp -i')
[root@node1 ~]# ls -l /data/linbin.txt
-rw-r--r--. 1 root root 0 Aug 30 20:07 /data/linbin.txt
[root@node1 ~]# ls -l /tmp/linbin.txt
-rw-r--r--. 1 root root 0 Aug 30 20:07 /tmp/linbin.txt
【1】使用命令的绝对路径
[root@node1 ~]# /bin/cp /data/linbin.txt /tmp/linbin.txt
【2】使用"\"转义
[root@node1 ~]# \cp /data/linbin.txt /tmp/linbin.txt
【3】
[root@node1 ~]# yes|cp /data/linbin.txt /tmp/linbin.txt
系统别名永久生效配置文件
【1】针对所有用户生效:/etc/profile或/etc/bashrc
【2】针对指定用户生效:~/.bash_profile或~/.bashrc
取文件lb.txt的20-30行内容
【1】head+tail
[root@node1 ~]# head -30 lb.txt|tail -11
【2】sed(推荐,擅长取行)
[root@node1 ~]# sed -n '20,30p' lb.txt
【3】awk
[root@node1 ~]# awk '{if(NR>19&&NR<31) print $0}' lb.txt
【4】grep
【4-1】
[root@node1 ~]# grep "30" -B 10 lb.txt <=="-B"表示before
【4-2】
[root@node1 ~]# grep "20" -A 10 lb.txt <=="-A"表示after
【4-3】
[root@node1 ~]# grep "25" -C 5 lb.txt
三剑客grep、sed、awk过滤功能
[root@node1 ~]# grep "3306" /etc/services
mysql 3306/tcp # MySQL
mysql 3306/udp # MySQL
[root@node1 ~]# sed -n '/3306/p' /etc/services
mysql 3306/tcp # MySQL
mysql 3306/udp # MySQL
[root@node1 ~]# awk '/3306/' /etc/services
mysql 3306/tcp # MySQL
mysql 3306/udp # MySQL
find+sed批量替换
【1】
[root@node1 ~]# find ./ -type f -name "lb.txt"|xargs sed -i 's#linbin#lb#g'
【2】
[root@node1 ~]# find ./ -type f -name "lb.txt" -exec sed -i 's#linbin#lb#g' {} \;
【3】
[root@node1 ~]# sed -i 's#lb#linbin#g' `find ./ -type f -name "lb.txt"`
特殊字符">"使用场景
【1】自动创建文件
[root@node1 ~]# echo "linbin" > lb.txt
【2】清空文件内容
[root@node1 ~]# > lb.txt
SSH服务端软件
[root@node1 ~]# rpm -qa openssh openssl
openssl-1.0.1e-30.el6.x86_64 <==提供SSH连接加密的程序
openssh-5.3p1-104.el6.x86_64 <==提供SSH连接服务的程序
SSH默认监听端口
[root@node1 ~]# netstat -tnlup|grep "22"|grep -v "grep"
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1199/sshd
tcp 0 0 :::22 :::* LISTEN 1195/sshd
[root@node1 ~]# lsof -i:22
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 1211 root 3u IPv4 11926 0t0 TCP *:ssh (LISTEN)
sshd 1211 root 4u IPv6 11931 0t0 TCP *:ssh (LISTEN)
sshd 1722 root 3r IPv4 14008 0t0 TCP 192.168.100.133:ssh->192.168.100.1:54067 (ESTABLISHED)
windows下SSH客户端常用软件:SecureCRT、Xshell、Putty
SSH协议:Secure Shell Protocol
SSH版本:SSHv1(有漏洞)、SSHv2(广泛使用)
SSH专门为远程登录会话和其它网络服务提供的安全协议,主要用于登录远程计算机的加密过程
SSH服务进程
[root@node1 ~]# ps -ef|grep "sshd"|grep -v "grep"
root 1199 1 0 Feb25 ? 00:00:00 /usr/sbin/sshd
root 1411 1199 0 Feb25 ? 00:00:00 sshd: root@pts/0
SSH服务端配置文件:/etc/ssh/sshd_config
SSH客户端配置文件:/etc/ssh/ssh_config
SSH服务控制脚本:/etc/init.d/sshd {start|stop|restart|reload|force-reload|condrestart|try-restart|status}
SSH远程连接失败排查思路
【1】检查物理链路是否正常,检查方法ping server_ip,如果ping不通,[1]检查服务器端防火墙是否开启 [2]检查客户端和服务器端是否同一网段
[root@node1 ~]# ping 192.168.100.133
PING 192.168.100.133 (192.168.100.133) 56(84) bytes of data.
64 bytes from 192.168.100.133: icmp_seq=1 ttl=64 time=0.376 ms
64 bytes from 192.168.100.133: icmp_seq=2 ttl=64 time=0.409 ms
64 bytes from 192.168.100.133: icmp_seq=3 ttl=64 time=0.098 ms
64 bytes from 192.168.100.133: icmp_seq=4 ttl=64 time=0.097 ms
【2】检查服务是否正常,检查方法telnet server_ip port,如果telnet不通,[1]检查服务器端防火墙是否开启 [2]检查SSH服务是否启动
[root@node1 ~]# telnet 192.168.100.133 22
Trying 192.168.100.133...
Connected to 192.168.100.133.
Escape character is '^]'.
SSH-2.0-OpenSSH_5.3
【3】用户名密码是否正确
Linux<==>Windows文件共享
【1】rz/sz,需要安装lrzsz软件包:[root@node1 ~]# yum -y install lrzsz
【2】ftp/http/winscp
SecureCRT批量部署服务器
在标签页中打开-->查看-->交互窗口-->发送交互到所有会话(右键)
解决VMware Workstation克隆网卡不能上网问题
【1】修改网卡配置文件
[root@node1 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
HWADDR=00:0c:29:8f:93:f6 <==删除MAC
UUID=069f001c-d3d3-4b61-a71a-f8efafffba11 <==删除UUID
【2】清空文件
[root@node1 ~]# > /etc/udev/rules.d/70-persistent-net.rules
【3】重启服务器
[root@node1 ~]# reboot
查看系统版本
【1】
[root@node1 ~]# cat /etc/redhat-release
CentOS release 6.6 (Final)
【2】
[root@node1 ~]# cat /etc/issue
CentOS release 6.6 (Final)
Kernel \r on an \m
【3】
[root@node1 ~]# cat /etc/issue.net
CentOS release 6.6 (Final)
Kernel \r on an \m
查看内核版本
[root@node1 ~]# uname -r
2.6.32-504.el6.x86_64
查看系统是32位还是64位
【1】
[root@node1 ~]# uname -m
x86_64
【2】
[root@node1 ~]# uname -i
x86_64
查看系统主机名
【1】
[root@node1 ~]# hostname
node1
【2】
[root@node1 ~]# uname -n
node1
查看系统所有信息
[root@node1 ~]# uname -a
Linux node1 2.6.32-504.el6.x86_64 #1 SMP Wed Oct 15 04:27:16 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
Linux支持多任务、多用户、多进程
管理员命令行提示符:#
普通用命令行提示符:$
控制命令行提示符环境变量
[root@node1 ~]# echo $PS1
[\u@\h \W]\$
终端命令行提示符颜色设置(生产环境:红色,预发布环境:绿色,测试环境:蓝色)
语法格式:\[\e[F;Bm\],其中"F"为字体颜色,编号为30-37,"B"为背景颜色,编号为40-47
F B 基本描述
30 40 黑色
31 41 红色
32 42 绿色
33 43 黄色
34 44 蓝色
35 45 紫红色
36 46 青蓝色
37 47 白色
【1】生产环境:红色
字体颜色红色,背景颜色黑色
[root@node1 ~]# export PS1='\[\e[31;40m\][\u@\h \W]\$ '
【2】预发布环境:绿色
字体颜色绿色,背景颜色黑色
[root@node1 ~]# export PS1='\[\e[32;40m\][\u@\h \W]\$ '
【3】测试环境:蓝色
[root@node1 ~]# export PS1='\[\e[34;40m\][\u@\h \W]\$ '
su和su -的区别
【1】su是切换了root身份,但是shell环境依然是普通用户的shell
【2】su -是用户身份和shell环境都切换成root
以普通用户lb切换到root为例(从普通用户切换成root需要密码,从root切换成普通用户无需密码):
[lb@node1 ~]$ whoami
lb
[lb@node1 ~]$ su <==不完整切换
Password:
[root@node1 lb]# whoami
root
[root@node1 lb]# env|egrep "USER|^PATH|MAIL|PWD"
USER=lb
PATH=/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin:/home/lb/bin
MAIL=/var/spool/mail/lb
PWD=/home/lb
[lb@node1 ~]$ whoami
lb
[lb@node1 ~]$ su - <==完整切换
Password:
[root@node1 ~]# whoami
root
[root@node1 ~]# env|egrep "USER|^PATH|MAIL|PWD"
USER=root
MAIL=/var/spool/mail/root
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
PWD=/root
Linux系统基本优化
1、关闭selinux
配置文件:/etc/selinux/config或/etc/sysconfig/selinux(软链接文件)
[root@node1 ~]# ls -l /etc/selinux/config /etc/sysconfig/selinux
-rw-r--r--. 1 root root 458 Aug 30 17:31 /etc/selinux/config
lrwxrwxrwx. 1 root root 17 Aug 30 17:31 /etc/sysconfig/selinux -> ../selinux/config
配置选项
[root@node1 ~]# grep "^SELINUX=enforcing" -B 4 /etc/selinux/config
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced. <==启用
# permissive - SELinux prints warnings instead of enforcing. <==警告但不启用
# disabled - No SELinux policy is loaded. <==关闭
SELINUX=enforcing
临时生效
[root@node1 ~]# setenforce 0 <==0表示警告但不启用(Permissive),1表示启用(Enforcing)
[root@node1 ~]# getenforce <==查看selinux状态
Permissive
永久生效
[root@node1 ~]# sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config
[root@node1 ~]# grep "SELINUX=disabled" -B 4 /etc/selinux/config
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
2、设置系统运行级别
配置文件:/etc/inittab
[root@node1 ~]# tail /etc/inittab
# Default runlevel. The runlevels used are:
# 0 - halt (Do NOT set initdefault to this) 表示关闭系统
# 1 - Single user mode 表示单用户模式
# 2 - Multiuser, without NFS (The same as 3, if you do not have networking) 表示无网络支持的多用户模式
# 3 - Full multiuser mode 表示有网络支持的多用户模式,文本模式
# 4 - unused 系统保留、未使用
# 5 - X11 表示有网络和X-Window支持的多用户模式
# 6 - reboot (Do NOT set initdefault to this) 表示重启系统
#
id:3:initdefault:
显示系统当前运行级别
[root@node1 ~]# runlevel
N 3
切换系统运行级别
[root@node1 ~]# init 6
3、精简开机系统启动
设置crond服务开机不启动
[root@node1 ~]# chkconfig --list crond
crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off
[root@node1 ~]# chkconfig --level 35 crond off <==指定运行级别3、5开机不启动
[root@node1 ~]# chkconfig --list crond
crond 0:off 1:off 2:on 3:off 4:on 5:off 6:off
[root@node1 ~]# chkconfig crond off <==不指定运行级别,默认2、3、4、5级别(由服务控制脚本定义)
[root@node1 ~]# grep "chkconfig" /etc/init.d/crond
# chkconfig: 2345 90 60
[root@node1 ~]# chkconfig --list crond
crond 0:off 1:off 2:off 3:off 4:off 5:off 6:off
保留开机启动服务:crond、iptables、network、rsyslog、sshd、sysstat
【1】for循环
[root@node1 ~]# for name in `chkconfig --list|grep "3:on"|awk '{print $1}'|egrep -v "crond|iptables|network|rsyslog|sshd|sysstat"`;do chkconfig $name off;done
【2】sed后向引用 <=="-r"表示转义特殊字符,"\1"表示第一个()里的内容,"\2"表示第二个()里的内容
[root@node1 ~]# chkconfig --list|grep "3:on"|awk '{print $1}'|egrep -v "crond|iptables|network|rsyslog|sshd|sysstat"|sed -r 's#(.*)#chkconfig \1 off#g'|bash
【3】awk
[root@node1 ~]# chkconfig --list|grep "3:on"|awk '{print $1}'|egrep -v "crond|iptables|network|rsyslog|sshd|sysstat"|awk '{print "chkconfig",$1,"off"}'|bash
4、关闭防火墙iptables
查看防火墙状态
[root@node1 ~]# iptables -L -n --line-number
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
5 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
临时生效
[root@node1 ~]# /etc/init.d/iptables stop
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
永久生效
[root@node1 ~]# chkconfig --level 3 iptables off
[root@node1 ~]# chkconfig --list iptables
iptables 0:off 1:off 2:on 3:off 4:on 5:on 6:off
sed取指定行、取范围行、过滤、替换功能
【1】取指定行
[root@node1 ~]# sed -n '2p' /etc/services
# $Id: services,v 1.48 2009/11/11 14:32:31 ovasik Exp $
【2】取范围行
[root@node1 ~]# sed -n '5,8p' /etc/services
# IANA services version: last updated 2009-11-10
#
# Note that it is presently the policy of IANA to assign a single well-known
# port number for both TCP and UDP; hence, most entries here have two entries
【3】过滤
[root@node1 ~]# sed -n '/3306/p' /etc/services
mysql 3306/tcp # MySQL
mysql 3306/udp # MySQL
【4】替换
[root@node1 ~]# sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config
Linux基础正则表达式
^ 表示匹配以……开头的行
$ 表示匹配以……结尾的行
. 表示匹配任意单个字符
* 表示匹配前面项0次或多次
.* 表示匹配任意字符
\ 表示转义符,将特殊符号进行转义,忽略其特殊意义
^$ 表示匹配空行,不包括空格
[] 表示匹配集合以内的任意单个字符
[^] 表示匹配集合以外的任意单个字符
{n,m} 表示匹配前面项n~m次
{n,} 表示匹配前面项至少n次,包含n次
{n} 表示匹配前面项n次
{,m} 表示匹配前面项最多m次,包含m次
sed后向引用(正则表达式的贪婪匹配,按行匹配)
[root@node1 ~]# cat lb.txt
ddd fff
2ddd fff
3ddd fff
[root@node1 ~]# sed -r 's#(.*)fff#\1#g' lb.txt <==会匹配空格
ddd
2ddd
3ddd
[root@node1 ~]# sed -r 's#(.*) fff#\1#g' lb.txt <==不会匹配空格
ddd
2ddd
3ddd
[root@node1 ~]# sed -r 's#(.*) (.*)#\2#g' lb.txt <=="\1"表示第一个()匹配的内容,"\2"表示第二个()匹配的内容
fff
fff
fff
5、SSH远程连接优化
服务端主配置文件:/etc/ssh/sshd_config
[root@node1 ~]# cp -a /etc/ssh/sshd_config /etc/ssh/sshd_config_$(date +%F)
[root@node1 ~]# vim /etc/ssh/sshd_config
13 Port 51898 <==监听端口
15 ListenAddress 192.168.100.133 <==监听地址,最好监听在内网地址
21 Protocol 2 <==协议版本
122 UseDNS no <==禁止DNS解析
42 PermitRootLogin no <==禁止管理员root远程登录
81 GSSAPIAuthentication no <==解决SSH远程连接慢的问题
[root@node1 ~]# /etc/init.d/sshd restart
Stopping sshd: [ OK ]
Starting sshd: [ OK ]
[root@node1 ~]# netstat -tnlup|grep "sshd"|grep -v "grep"
tcp 0 0 192.168.100.133:51898 0.0.0.0:* LISTEN 3043/sshd
[root@node1 ~]# ps -ef|grep "sshd"|grep -v "grep"
root 1383 1 0 04:50 ? 00:00:05 sshd: root@pts/0
root 3043 1 0 10:34 ? 00:00:00 /usr/sbin/sshd
[root@node1 ~]# lsof -i:51898
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 1383 root 3r IPv4 13166 0t0 TCP 192.168.100.133:ssh->192.168.100.1:65190 (ESTABLISHED)
sshd 3043 root 3u IPv4 16606 0t0 TCP 192.168.100.133:ssh (LISTEN)
6、sudo控制用户使用系统命令
禁止普通用户执行命令
【1】su -
【2】sudo su -
[root@node1 ~]# visudo
root ALL=(ALL) ALL
root 表示授权用户
ALL 表示允许从哪台机器登录
(ALL) 表示以什么身份执行命令,预设以管理员root身份执行命令
ALL 表示可以执行的命令(绝对路径),命令之间以","及" "分割
sudo企业应用
[root@node1 ~]# useradd linbin <==创建用户
[root@node1 ~]# id linbin
uid=500(linbin) gid=500(linbin) groups=500(linbin)
[root@node1 ~]# passwd linbin <==设置密码
Changing password for user linbin.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
[root@node1 ~]# visudo <==授权可执行的命令(绝对路径),相当于vim /etc/sudoers
98 root ALL=(ALL) ALL
99 linbin ALL=(ALL) /bin/touch, /bin/mkdir
[root@node1 ~]# visudo -c <==检查语法是否正确
/etc/sudoers: parsed OK
[root@node1 ~]# su - linbin <==切换用户
[linbin@node1 ~]$ touch /etc/lb.txt <==执行touch命令需要"兵符"sudo,没有兵符不能执行命令
touch: cannot touch `/etc/lb.txt': Permission denied
[linbin@node1 ~]$ sudo touch /etc/lb.txt
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for linbin: <==需要输入linbin的密码,如果不想输入密码:NOPASSWD: /bin/touch, /bin/mkdir
查看命令所在路径
【1】which
[root@node1 ~]# which useradd <==从环境变量PATH中查找
/usr/sbin/useradd
【2】find
[root@node1 ~]# find / -type f -name "useradd"
/etc/default/useradd
/usr/sbin/useradd
【3】whereis
[root@node1 ~]# whereis -b useradd <=="-b"查找二进制
useradd: /usr/sbin/useradd
【4】locate
[root@node1 ~]# locate useradd <==从数据库/var/lib/mlocate/mlocate.db中查找
/etc/default/useradd
/usr/sbin/luseradd
/usr/sbin/useradd
/usr/share/man/fr/man8/useradd.8.gz
/usr/share/man/id/man8/useradd.8.gz
/usr/share/man/it/man8/useradd.8.gz
/usr/share/man/ja/man8/useradd.8.gz
/usr/share/man/man1/luseradd.1.gz
/usr/share/man/man8/useradd.8.gz
/usr/share/man/pl/man8/useradd.8.gz
/usr/share/man/ru/man8/useradd.8.gz
/usr/share/man/sv/man8/useradd.8.gz
/usr/share/man/tr/man8/useradd.8.gz
/usr/share/man/zh_CN/man8/useradd.8.gz
/usr/share/man/zh_TW/man8/useradd.8.gz
which查找命令所在路径原理
从系统环境变量PATH所在路径搜索,如果没有找到则报告命令不存在
[root@node1 ~]# echo $PATH
/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
环境变量设置
临时生效
【1】
[root@node1 ~]# export <==推荐,比较规范
[root@node1 ~]# echo $LANG
en
【2】
[root@node1 ~]#
[root@node1 ~]# export LANG
[root@node1 ~]# echo $LANG
en
永久生效
配置文件:/etc/profile或/etc/bashrc
立即生效:. /etc/profile或source /etc/profile
7、设置系统字符集
GBK:支持中文较好,定长
UTF-8:广泛使用,非定长
配置文件:/etc/sysconfig/i18n
环境变量:LANG
临时生效
[root@node1 ~]# export
[root@node1 ~]# echo $LANG
en
永久生效
[root@node1 ~]# sed -i 's#LANG="en_US.UTF-8"#LANG="zh_CN.UTF-8"#g' /etc/sysconfig/i18n
[root@node1 ~]# source /etc/sysconfig/i18n
[root@node1 ~]# echo $LANG
zh_CN.UTF-8
8、同步网络时间服务器
[root@node1 ~]# ntpdate 0.pool.ntp.org
16 Apr 19:03:23 ntpdate[1154]: adjust time server 202.112.29.82 offset 0.015268 sec
[root@node1 ~]# hwclock
WFri 10 Mar 2017 03:02:37 PM CST -0.677635 seconds
[root@node1 ~]# crontab -e
####Synchronization Network Time Server####
*/5 * * * * /usr/sbin/ntpdate 0.pool.ntp.org &>/dev/null
[root@node1 ~]# crontab -l
####Synchronization Network Time Server####
*/5 * * * * /usr/sbin/ntpdate 0.pool.ntp.org &>/dev/null
修改系统时间
[root@node1 ~]# date -s "2017-04-16 19:06:00"
Sun Apr 16 19:06:00 CST 2017
局域网时间服务器:节约带宽,提高效率
9、设置历史命令记录数及终端登录超时时间
【9-1】设置历史命令记录数
保存历史命令文件:~/.bash_history
环境变量:HISTSIZE(控制命令行保存命令数)、HISTFILESIZE(控制~/.bash_history保存命令数)
临时生效
[root@node1 ~]# export HISTSIZE=100
[root@node1 ~]# echo $HISTSIZE
100
[root@node1 ~]# export HISTFILESIZE=100
[root@node1 ~]# echo $HISTFILESIZE
100
永久生效
[root@node1 ~]# sed -i 's#HISTSIZE=1000#HISTSIZE=100#g' /etc/profile
[root@node1 ~]# grep "^HISTSIZE" /etc/profile
HISTSIZE=100
[root@node1 ~]# echo "export HISTFILESIZE=100" >> /etc/profile
[root@node1 ~]# tail -1 /etc/profile
export HISTFILESIZE=100
[root@node1 ~]# source /etc/profile
【9-2】设置终端登录超时时间
临时生效
[root@node1 ~]# export TMOUT=300
[root@node1 ~]# echo $TMOUT
300
永久生效
[root@node1 ~]# echo "export TMOUT=300" >> /etc/profile
[root@node1 ~]# tail -1 /etc/profile
export TMOUT=300
[root@node1 ~]# source /etc/profile
10、设置文件描述符数
文件描述符:整数(范围0-65535),进程使用的时候会占用文件描述符,标识打开的文件
[root@node1 ~]# ulimit -n
1024
临时生效(当前登录Shell)
[root@node1 ~]# ulimit -SHn 65535 <=="S"表示软限制,"H"表示硬限制
[root@node1 ~]# ulimit -n
65535
永久生效(退出当前登录shell重新登录)
[root@node1 ~]# echo "* - nofile 65535" >> /etc/security/limits.conf
[root@node1 ~]# tail -1 /etc/security/limits.conf
* - nofile 65535
11、调整系统内核参数
配置文件:/etc/sysctl.conf
立即生效:sysctl -p
常用Web、负载均衡系统内核参数调整
[root@node1 ~]# vim /etc/sysctl.conf
net.ipv4.tcp_fin_timeout = 2 <==建立连接处理完成后超时时间,默认60秒
net.ipv4.tcp_tw_reuse = 1 <==开启重用,针对TIME-WAIT状态
net.ipv4.tcp_tw_recycle = 1 <==开启快速回收,针对TIME-WAIT状态
net.ipv4.tcp_max_tw_buckets = 5000 <==控制TIME-WAIT最大数量,不能太大,最好不要超过10000
net.ipv4.tcp_syncookies = 1 <==开启cookies,syn队列,防止syn攻击
net.ipv4.tcp_max_syn_backlog = 16384 <==syn队列长度
net.ipv4.tcp_keepalive_time = 600 <==超时时间
net.ipv4.ip_local_port_range = 4000 65000 <==打开端口范围,配置文件/proc/sys/net/ipv4/ip_local_port_range,默认范围32768-61000
net.ipv4.route.gc_timeout = 100
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.core.somaxconn = 16384
net.core.netdev_max_backlog = 16384
net.ipv4.tcp_max_orphans = 16384
#以下参数是对iptables防火墙的优化,防火墙不开会有提示,可以忽略不理
net.ipv4.ip_conntrack_max = 25000000
net.ipv4.netfilter.ip_conntrack_max = 25000000
net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 180
net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait = 120
net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait = 60
net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait = 120
TCP/IP三次握手四次断开
OSI7层模型
【7】应用层(Application Layer):提供为应用软件而设的界面,以设置与另一应用软件之间的通信,例如:HTTP、HTTPS、FTP、TELNET、SSH、SMTP、POP3等
【6】表示层(Presentation Layer):把数据转换为能与接收者的系统格式兼容并适合传输的格式
【5】会话层(Session Layer):负责在数据传输中建立和维护网络中两台电脑之间的通信连接
【4】传输层(Transport Layer):把传输表头[TH]加至数据以形成数据报,传输表头包含了所使用的协议等发送信息,例如:传输控制协协议(TCP)、用户数据协议(UDP)等
【3】网络层(Network Layer):决定数据的路径选择和转寄,把网络表头[NH]加至数据报以形成数据包,网络表头包含了网络数据,例如:互联网协议(IP)等,网关,多口网关(路由器)
【2】数据链路层(Data link Layer):负责网络寻址、错误侦测和改错
【1】物理层(Physical Layer):在局部局域网络上传送帧,它负责管理电脑通信设备和网络媒体之间的互通
数据包的封装与解封装
12、隐藏Linux版本及内核版本信息
查看Linux版本信息
【1】
[root@node1 ~]# cat /etc/redhat-release
CentOS release 6.6 (Final)
【2】
[root@node1 ~]# cat /etc/issue
CentOS release 6.6 (Final)
Kernel \r on an \m
【3】
[root@node1 ~]# cat /etc/issue.net
CentOS release 6.6 (Final)
Kernel \r on an \m
隐藏Linux版本信息
[root@node1 ~]# > /etc/issue
[root@node1 ~]# > /etc/issue.net
清空文件
【1】
[root@node1 ~]# > lb.txt
【2】
[root@node1 ~]# cat /dev/null > lb.txt
【3】
[root@node1 ~]# : > lb.txt <==":"是一个占位符,不产生任何输出
登录系统提示语
[root@node1 ~]# echo "Welcom To Linux Server" > /etc/motd
登录系统首先会执行脚本的目录:/etc/profile.d/
13、锁定系统重要文件
重要文件:/etc/passwd、/etc/group、/etc/shadow、/etc/gshadow、/etc/inittab等
[root@node1 ~]# chattr +i /etc/passwd /etc/shadow /etc/group /etc/gshadow /etc/inittab <==文件锁定(不能增、删、改、移动)
[root@node1 ~]# lsattr /etc/passwd /etc/shadow /etc/group /etc/gshadow /etc/inittab
----i--------e- /etc/passwd
----i--------e- /etc/shadow
----i--------e- /etc/group
----i--------e- /etc/gshadow
----i--------e- /etc/inittab
[root@node1 ~]# chattr -i /etc/passwd /etc/shadow /etc/group /etc/gshadow /etc/inittab <==文件解锁
14、清除不必要及可疑的账号
15、设置grub菜单密码
配置文件:/boot/grub/grub.conf或/etc/grub.conf(软链接文件)
[root@node1 ~]# ls -l /boot/grub/grub.conf /etc/grub.conf
-rw-------. 1 root root 771 Aug 30 17:33 /boot/grub/grub.conf
lrwxrwxrwx. 1 root root 22 Aug 30 17:33 /etc/grub.conf -> ../boot/grub/grub.conf
[root@node1 ~]# grub-md5-crypt <==md5生成密码
Password:
Retype password:
$1$TgX3d$8tN3MxhdyBclblYjoRKIp0
[root@node1 ~]# cp -a /boot/grub/grub.conf /boot/grub/grub.conf_$(date +%F)
[root@node1 ~]# vim /boot/grub/grub.conf
10 default=0
11 timeout=5
12 splashimage=(hd0,0)/grub/splash.xpm.gz
13 hiddenmenu
14 password --md5 $1$TgX3d$8tN3MxhdyBclblYjoRKIp0
15 title CentOS 6 (2.6.32-504.el6.x86_64)
16 root (hd0,0)
17 kernel /vmlinuz-2.6.32-504.el6.x86_64 ro root=UUID=71ecba56-f3be-42d0-a427-f1053833ecc8 rd_NO_LUKS
rd_NO_LVM.UTF-8 rd_NO_MD SYSFONT=latarcyrheb-sun16 crashkernel=auto KEYBOARDTYPE=pc KEYTABLE=us
rd_NO_DM rhgb quiet
18 initrd /initramfs-2.6.32-504.el6.x86_64.img
Linux开机启动流程
16、服务器禁ping
[root@node1 ~]# echo "net.ipv4.icmp_echo_ignore_all=1" >> /etc/sysctl.conf
[root@node1 ~]# sysctl -p
17、修复安全漏洞
18、更改国内yum源
阿里云镜像:http://mirrors.aliyun.com
[root@node1 ~]# cp -a /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo_$(date +%F)
[root@node1 ~]# wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
--2016-02-27 17:15:26-- http://mirrors.aliyun.com/repo/Centos-6.repo
Resolving mirrors.aliyun.com... 112.124.140.210, 115.28.122.210
Connecting to mirrors.aliyun.com|112.124.140.210|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2572 (2.5K) [application/octet-stream]
Saving to: “/etc/yum.repos.d/CentOS-Base.repo”
100%[=====================================================================>] 2,572 --.-K/s in 0s
2016-02-27 17:15:26 (225 MB/s) - “/etc/yum.repos.d/CentOS-Base.repo” saved [2572/2572]
[root@node1 ~]# yum makecache
epel镜像
[root@node1 ~]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
--2017-04-17 10:14:16-- http://mirrors.aliyun.com/repo/epel-6.repo
Resolving mirrors.aliyun.com... 112.124.140.210, 115.28.122.210
Connecting to mirrors.aliyun.com|112.124.140.210|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1083 (1.1K) [application/octet-stream]
Saving to: “/etc/yum.repos.d/epel.repo”
100%[=====================================================================>] 1,083 --.-K/s in 0s
2017-04-17 10:14:17 (5.47 MB/s) - “/etc/yum.repos.d/epel.repo” saved [1083/1083]
[root@node1 ~]# yum makecache
Linux优化小结
【1】不用root管理,以普通用户的名义通过sudo授权管理
【2】更改默认的远程连接SSH服务端口,禁止root用户远程连接,更改只监听在内网地址
【3】定时自动更新时间服务器,使其和互联网时间同步
【4】配置yum更新源,从国内更新源下载安装软件包(aliyun、epel、163)
【5】关闭selinux
【6】调整文件描述符的数量,进程及文件的打开都会消耗文件描述符
【7】定时清理邮件目录下的垃圾文件,防止inodes节点被占满
【8】精简并保留必要的开机自启动服务,如:crond、sshd、rsyslog、iptables、network、sysstat
【9】系统内核参数优化
【10】更改字符集,使其支持中文,但建议还是使用英文字符集,防止出现乱码
【11】锁定关键系统文件,如:/etc/passwd、/etc/shadow、/etc/group、/etc/gshadow /etc/inittab
【12】清空/etc/issue、/etc/issue.net,去除系统及内核版本登录信息
【13】清除多余的系统虚拟账号
【14】设置grub菜单密码
【15】禁止服务器被ping
【16】升级漏洞软件包
Linux目录结构
[root@node1 ~]# tree -Ld 1 /
/ Root directory <==根目录
├── bin Essential command binaries <==二进制命令
├── boot Static files of the boot loader <==引导程序文件
├── dev Device files <==设备文件
├── etc Host-specific system configuration <==系统配置文件
├── home User home directories (optional) <==普通用户家目录
├── lib Essential shared libraries and kernel modules <==共享库和内核模块
├── lib64
├── lost+found
├── media Mount point for removeable media <==可移动设备挂载点
├── mnt Mount point for mounting a filesystem temporarily <==临时文件系统挂载点
├── opt Add-on application software packages <==第三方安装软件目录
├── proc Kernel and process information virtual filesystem <==内核和进程信息的虚拟目录
├── root Home directory for the root user (optional) <==root家目录
├── sbin Essential system binaries <==系统二进制命令
├── selinux
├── srv
├── sys
├── tmp Temporary files <==临时文件
├── usr Secondary hierarchy <==第二层次
└── var Variable data <==可变化的数据
20 directorie
Linux目录结构图
Linux目录结构和磁盘分区是分离的,可以自由组合
Linux下一切皆文件
查看CPU信息
[root@node1 ~]# cat /proc/cpuinfo
查看内存信息
[root@node1 ~]# cat /proc/meminfo
查看负载信息
【1】
[root@node1 ~]# cat /proc/loadavg
0.00 0.00 0.00 1/150 28319
【2】
[root@node1 ~]# uptime
06:14:02 up 9:23, 1 user, load average: 0.00, 0.00, 0.00
【3】
[root@node1 ~]# top
【4】
[root@node1 ~]# w
13:47:46 up 4:53, 1 user, load average: 0.00, 0.00, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 192.168.100.1 Tue18 0.00s 0.46s 0.00s w
查看挂载信息
[root@node1 ~]# cat /proc/mounts
Linux重要文件
1、网卡配置文件
[root@node1 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0 <==网卡设备名称,第一块网卡eth0,第二块网卡eth1
HWADDR=00:0C:29:2B:C8:00 <==网卡物理地址(48位)
TYPE=Ethernet <==网卡类型以太网
UUID=078684ad-e2cb-4430-89b9-191215519bbb <==网卡UUID
ONBOOT=yes <==网卡随系统启动
NM_CONTROLLED=yes <==网络管理
BOOTPROTO=static <==获取IP的方式,none:引导不使用协议,static:静态方式,dhcp:动态方式
IPADDR=192.168.100.133 <==IP地址(32位)
NETMASK=255.255.255.0 <==子网掩码
GATEWAY=192.168.100.1 <==网关
DNS1=114.114.114.114 <==主DNS
DNS2=202.96.128.86 <==备DNS
2、DNS客户端配置文件
[root@node1 ~]# cat /etc/resolv.conf
; generated by /sbin/dhclient-script
search localdomain
nameserver 114.114.114.114 <==配置DNS地址,网卡配置文件里的DNS优先级别高于此文件配置的DNS
3、主机名解析配置文件
[root@node1 ~]# cat /etc/hosts <==Windows对应文件:C:\Windows\System32\drivers\etc\hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.100.133 node1 <==IP和主机名对应,相当于局域网DNS
[root@node1 ~]# ping node1
PING node1 (192.168.100.133) 56(84) bytes of data.
64 bytes from node1 (192.168.100.133): icmp_seq=1 ttl=64 time=0.587 ms
64 bytes from node1 (192.168.100.133): icmp_seq=2 ttl=64 time=0.664 ms
64 bytes from node1 (192.168.100.133): icmp_seq=3 ttl=64 time=0.188 ms
64 bytes from node1 (192.168.100.133): icmp_seq=4 ttl=64 time=0.190 ms
4、系统主机名配置文件
[root@node1 ~]# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=node1 <==配置系统主机名
GATEWAY=192.168.100.1 <==配置网关,也可以在网卡配置文件里配置
5、文件系统信息配置文件(开机自动挂载硬盘分区)
[root@node1 ~]# cat /etc/fstab
#
# /etc/fstab
# Created by anaconda on Thu Feb 25 06:49:39 2016
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
UUID=e14865cb-328c-43e1-b55d-1e7469607ebf / ext4 defaults 1 1
挂载的设备(设备名、UUID、标签) 挂载点 文件系统类型 挂载选项 备份 检查
UUID=ab42504a-13ef-4ab8-ad55-be1963c6391f /boot ext4 defaults 1 2
UUID=78798642-b362-474a-a7be-f159a030d2ff swap swap defaults 0 0
tmpfs /dev/shm tmpfs defaults 0 0
devpts /dev/pts devpts gid=5,mode=620 0 0
sysfs /sys sysfs defaults 0 0
proc /proc proc defaults 0 0
硬盘分区开机自动挂载
[root@node1 ~]# dd if=/dev/zero of=/mnt/lb bs=1M count=10 <==生成块设备
10+0 records in
10+0 records out
10485760 bytes (10 MB) copied, 0.102224 s, 103 MB/s
[root@node1 ~]# mkfs.ext4 /mnt/lb <==格式化
[root@node1 ~]# mount -t ext4 -o loop,defaults /mnt/lb /opt/ <==手动挂载
[root@node1 ~]# df -h <==查看挂载情况
Filesystem Size Used Avail Use% Mounted on
/dev/sda3 6.9G 1.4G 5.2G 22% /
tmpfs 244M 0 244M 0% /dev/shm
/dev/sda1 190M 27M 153M 16% /boot
/mnt/lb 8.7M 92K 8.1M 2% /opt
[root@node1 ~]# echo "/mnt/lb /opt ext4 loop,defaults 0 0" >> /etc/fstab <==随系统开机自动挂载
[root@node1 ~]# tail -1 /etc/fstab
/mnt/lb /opt ext4 loop,defaults 0 0
[root@node1 ~]# mount -a <==重新加载/etc/fstab
[root@node1 ~]# df -h <==查看挂载情况
Filesystem Size Used Avail Use% Mounted on
/dev/sda3 6.9G 1.4G 5.2G 22% /
tmpfs 244M 0 244M 0% /dev/shm
/dev/sda1 190M 27M 153M 16% /boot
/mnt/lb 8.7M 92K 8.1M 2% /opt
/etc/fatab文件损坏导致系统启动报错修复实践
【1】根据系统提示输入root密码
【2】以可读写的方式重新加载根分区(此时文件系统为只读,需要以可读写的方式重新挂载)
[root@node1 ~]# mount -o rw,remount /
【3】根据实际情况修复文件系统挂载配置文件/etc/fstab
[root@node1 ~]# vim /etc/fstab
【4】重新加载/etc/fstab
[root@node1 ~]# mount -a
【5】查看挂载是否正常
[root@node1 ~]# df -h
【6】重新启动系统
[root@node1 ~]# reboot
6、程序开机启动配置文件(添加必要的注释)
[root@node1 ~]# cat /etc/rc.local
#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.
touch /var/lock/subsys/local
/etc/fstab和/etc/rc.local区别 <==网络文件系统挂载必须写入/etc/rc.local
7、系统启动运行级别配置文件
[root@node1 ~]# tail /etc/inittab
# Default runlevel. The runlevels used are:
# 0 - halt (Do NOT set initdefault to this)
# 1 - Single user mode
# 2 - Multiuser, without NFS (The same as 3, if you do not have networking)
# 3 - Full multiuser mode
# 4 - unused
# 5 - X11
# 6 - reboot (Do NOT set initdefault to this)
#
id:3:initdefault:
Linux开机启动流程
【1】开机BIOS加电自检
【2】MBR引导,读取硬盘0磁道0柱面1扇区前446字节
【3】grub引导菜单,选择启动操作系统
【4】加载内核Kernel
【5】启动第一个进程init
【6】运行系统初始化脚本
【7】启动对应运行级别的服务
【8】打印登录提示语
8、系统环境变量及别名配置文件
[root@node1 ~]# ls -l /etc/profile /etc/bashrc
-rw-r--r--. 1 root root 2681 Oct 2 2013 /etc/bashrc
-rw-r--r--. 1 root root 1795 Aug 30 21:03 /etc/profile
9、系统重新启动或终端登录系统执行的脚本(程序)
[root@node1 ~]# ls -ld /etc/profile.d/ <==脚本不需要加执行权限
drwxr-xr-x. 2 root root 4096 Aug 30 17:31 /etc/profile.d/
10、系统服务控制脚本目录
[root@node1 ~]# ls -ld /etc/init.d/
drwxr-xr-x. 2 root root 4096 Aug 30 17:32 /etc/init.d/
11、系统日志文件
[root@node1 ~]# ls -l /var/log/messages <==每周自动轮询,由rsyslog服务控制
-rw-------. 1 root root 963 Sep 5 13:49 /var/log/messages
12、系统安全日志文件(SSH远程登录日志、用户创建/删除/修改密码) <==每周自动轮询,由rsyslog服务控制
[root@node1 ~]# ll /var/log/secure
-rw-------. 1 root root 0 Sep 5 13:12 /var/log/secure
13、定时任务目录
[root@node1 ~]# ls -ld /var/spool/cron/ <==每周自动轮询,由rsyslog服务控制
drwx------. 2 root root 4096 Nov 23 2013 /var/spool/cron/
14、内核和进程信息虚拟文件系统
[root@node1 ~]# ls -ld /proc/
dr-xr-xr-x. 92 root root 0 Aug 30 17:58 /proc/
查看设备挂载信息
【1】
[root@node1 ~]# df -h
【2】
[root@node1 ~]# cat /proc/mounts
grep/egrep别名,给匹配的字符串加上颜色
[root@node1 ~]# alias grep='grep --color=auto'
[root@node1 ~]# alias egrep='egrep --color=auto'
文件三大时间戳(访问文件会修改atime,修改文件元数据会修改ctime,修改文件内容会同时修改mtime、ctime)
【1】atime:文件最近一次访问时间
【2】ctime:文件元数据最后一次修改时间
【3】mtime:文件内容最后一次修改时间
文件三大时间戳
【1】atime(Access Time)
[root@node1 ~]# stat linbin.txt
File: `linbin.txt'
Size: 0 Blocks: 0 IO Block: 4096 regular empty file
Device: 803h/2051d Inode: 141705 Links: 1
Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2016-08-30 16:38:34.358902205 +0800
Modify: 2016-08-30 16:38:34.358902205 +0800
Change: 2016-08-30 16:38:34.358902205 +0800
[root@node1 ~]# cat linbin.txt
[root@node1 ~]# stat linbin.txt
File: `linbin.txt'
Size: 0 Blocks: 0 IO Block: 4096 regular empty file
Device: 803h/2051d Inode: 141705 Links: 1
Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2016-08-30 16:38:57.097903736 +0800
Modify: 2016-08-30 16:38:34.358902205 +0800
Change: 2016-08-30 16:38:34.358902205 +0800
【2】ctime(Change Time)
[root@node1 ~]# chmod 664 linbin.txt
[root@node1 ~]# ls -l linbin.txt
-rw-rw-r--. 1 root root 0 Aug 30 16:38 linbin.txt
[root@node1 ~]# stat linbin.txt
File: `linbin.txt'
Size: 0 Blocks: 0 IO Block: 4096 regular empty file
Device: 803h/2051d Inode: 141705 Links: 1
Access: (0664/-rw-rw-r--) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2016-08-30 16:38:57.097903736 +0800
Modify: 2016-08-30 16:38:34.358902205 +0800
Change: 2016-08-30 16:41:18.473303690 +0800
【3】mtime(Modify Time)
[root@node1 ~]# echo "Welcome To Linux Server" >> linbin.txt
[root@node1 ~]# cat linbin.txt
Welcome To Linux Server
[root@node1 ~]# stat linbin.txt
File: `linbin.txt'
Size: 24 Blocks: 8 IO Block: 4096 regular file
Device: 803h/2051d Inode: 141705 Links: 1
Access: (0664/-rw-rw-r--) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2016-08-30 16:43:15.435301890 +0800
Modify: 2016-08-30 16:43:12.456299858 +0800
Change: 2016-08-30 16:43:12.456299858 +0800
实时跟踪文件尾部变化
【1】
[root@node1 ~]# tail -f /var/log/messages
【2】
[root@node1 ~]# tailf /var/log/messages
【3】
[root@node1 ~]# tail -F /var/log/messages <==会随时探测文件是否存在
chkconfig原理
chkconfig管理系统服务sshd会在相应的运行级别(以3级别为例)/etc/rc3.d/添加软连接指向/etc/init.d/sshd
on:lrwxrwxrwx. 1 root root 14 Jan 20 21:55 S55sshd -> ../init.d/sshd <=="S"表示开启
off:lrwxrwxrwx 1 root root 14 Jan 28 13:31 K25sshd -> ../init.d/sshd <=="K"表示关闭
[root@node1 ~]# chkconfig --list sshd <==查看指定系统服务
sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
[root@node1 ~]# chkconfig --level 35 sshd off <==指定运行级别
[root@node1 ~]# chkconfig --list sshd
sshd 0:off 1:off 2:on 3:off 4:on 5:off 6:off
[root@node1 ~]# chkconfig sshd on <==不指定运行级别,默认2345级别(由服务控制脚本定义)
[root@node1 ~]# grep "chkconfig" /etc/init.d/sshd
# chkconfig: 2345 55 25
[root@node1 ~]# chkconfig --list sshd
sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
以3运行级别为例
[root@node1 ~]# chkconfig --list sshd
sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
[root@node1 ~]# ls -l /etc/rc3.d/|grep "sshd"
lrwxrwxrwx. 1 root root 14 Jan 20 21:55 S55sshd -> ../init.d/sshd
[root@node1 ~]# chkconfig --level 3 sshd off
[root@node1 ~]# chkconfig --list sshd
sshd 0:off 1:off 2:on 3:off 4:on 5:on 6:off
[root@node1 ~]# ls -l /etc/rc3.d/|grep "sshd"
lrwxrwxrwx 1 root root 14 Jan 28 13:31 K25sshd -> ../init.d/sshd
[root@node1 ~]# chkconfig --list sshd
sshd 0:off 1:off 2:on 3:off 4:on 5:on 6:off
[root@node1 ~]# rm -f /etc/rc3.d/K25sshd
[root@node1 ~]# ln -s /etc/init.d/sshd /etc/rc3.d/S55sshd
[root@node1 ~]# chkconfig --list sshd
sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
[root@node1 ~]# head /etc/init.d/sshd
#!/bin/bash
#
# sshd Start up the OpenSSH server daemon
#
# chkconfig: 2345 55 25 <==2345表示运行级别,55表示服务启动顺序,25表示服务关闭顺序
# description: SSH is a protocol for secure remote shell access. \
# This service starts up the OpenSSH server daemon.
tar+find打包压缩
【1】
[root@node1 ~]# find /data/ -type f|xargs tar cvfz data_$(date +%F).tar.gz
【2】
[root@node1 ~]# tar cvfz data_$(date +%F).tar.gz `find /data/ -type f`
打包压缩命令 压缩包格式 解压缩命令
tar name.tar.gz tar
gzip name.gz gunzip
zip name.zip unzip
cut截取字符串
已知lb.txt内容如下,请截取linbin及991395975
[root@node1 ~]# cat lb.txt
my name is linbin my qq is 991395975
【1】
[root@node1 ~]# awk '{print $4,$8}' lb.txt
linbin 991395975
【2】
[root@node1 ~]# cut -d" " -f4,8 lb.txt
linbin 991395975
【3】
[root@node1 ~]# cut -c12-17,27- lb.txt
linbin 991395975
已知lb.txt内容如下,请截取linbin及991395975
[root@node1 ~]# cat lb.txt
my name is linbin,my qq is 991395975
【1】
[root@node1 ~]# cut -c12-17,27- lb.txt
linbin 991395975
【2】
[root@node1 ~]# sed 's#,# #g' lb.txt|awk '{print $4,$8}'
linbin 991395975
【3】
[root@node1 ~]# sed 's#,# #g' lb.txt|cut -d" " -f4,8
linbin 991395975
【4】
[root@node1 ~]# sed 's#,# #g' lb.txt|cut -c12-17,27-
linbin 991395975
【5】
[root@node1 ~]# awk -F"[, ]" '{print $4,$8}' lb.txt <==awk多分隔符
linbin 991395975
awk必杀技:http://oldboy.blog.51cto.com/2561410/950730
sed必杀技:http://oldboy.blog.51cto.com/2561410/949365
wc判断服务是否正常运行
[root@node1 ~]# ps -ef|grep "sshd"|egrep -v "grep|pts"|wc -l <==结果>=1,说明服务正常运行
Linux文件及目录属性
[root@node1 ~]# ls -lih lb.txt
131081 -rw-r--r--. 1 root lb 4 Apr 19 09:22 lb.txt
131081 表示Inode(index node)索引节点编号,文件或目录在硬盘里的唯一标识(相当于身份证),读取文件或目录首先会读取索引节点
- 表示文件类型,"-"表示普通文件,"d"表示目录,"l"表示软链接文件,"s"表示套接口文件
rw-r--r-- 表示文件权限,"r"表示可读,"w"表示可写,"x"表示可执行,"-"表示无权限
. 与selinux状态有关,开启状态下存在,关闭状态下不存在
1 表示文件的硬链接数,硬链接是文件的另一个入口,索引节点编号相同
root 表示文件的属主
lb 表示文件的属组
4 表示文件大小
Apr 19 09:22 表示文件最近一次修改时间
lb.txt 表示文件名,文件名存放在上级目录的Block里
权限位对应
rwxrw-r--
rwx 表示文件属主权限
rw- 表示文件属组权限
r-- 表示文件其它用户权限
硬盘分区-->格式化-->创建文件系统
第一部分:Inode(很多,但不会占用很大的空间,存放文件的属性(ls -l的结果(但不包括文件名)、指向文件实体的指针,相当于书的目录)
第二部分:Block(很多,块,真正存放数据用的)
查看分区Inode大小
【1】/boot分区,每个Inode大小128字节
[root@node1 ~]# dumpe2fs /dev/sda1|grep -i "inode size"
dumpe2fs 1.41.12 (17-May-2010)
Inode size: 128
【2】/分区,每个Inode大小256字节
[root@node1 ~]# dumpe2fs /dev/sda3|grep -i "inode size"
dumpe2fs 1.41.12 (17-May-2010)
Inode size: 256
查看分区Block大小
【1】/boot分区,Block大小1k
[root@node1 ~]# dumpe2fs /dev/sda1|grep -i "block size"
dumpe2fs 1.41.12 (17-May-2010)
Block size: 1024
【2】/分区,Block大小4k
[root@node1 ~]# dumpe2fs /dev/sda3|grep -i "block size"
dumpe2fs 1.41.12 (17-May-2010)
Block size: 4096
硬盘Inode小结
【1】硬盘分区格式化为ext4文件系统后会生成一定数量的Inode和Block
【2】Inode是索引节点,作用是存放文件属性(但不存放文件名)以及作为文件的索引(指向文件的实体Blcok,也称之为指针)
【3】ext3/ext4/文件系统的Block存放文件的实际内容(真正的数据)
【4】Block大小一般有1k、2k、4k,引导分区为1k,非引导分区为4k
【5】Inode是一块硬盘存储空间,引导分区默认大小为128字节,非引导分区默认大小为256字节
【6】Inode是一串数字,不同的文件对应的Inode(一串数字)在文件系统里是唯一的(相当于身份证)
【7】Inode编号相同的文件,互为硬链接文件(访问文件的又一个入口)
【8】文件被创建后,至少占用一个Inode和一个Block
【9】如果文件很大,可能会占用多个Block(4k)
【10】如果文件很小,也要至少占用一个Block,未占满一个Block空间,剩余的Block空间也不能被其它文件使用,一个Block不能被两个不同的文件拥有
【11】修改默认Block和Inode大小,mkfs.ext4 -b 2048 -I 256 /dev/sda3,"-b"表示指定Block大小,"-I"指定Inode大小
硬盘Block小结
【1】磁盘读取数据是按Block为单位读取的
【2】一个文件可能占用多个Block,每读取一个Block就会消耗一次磁盘I/O
【3】如果要提升磁盘I/O性能,那么就要尽可能一次性读取数据尽量多
【4】一个Block只能存放一个文件的内容,无论内容多小,如果Block设置为4k,存放1k的文件,剩余3k就浪费了
【5】Block并不是越大越好,Blcok设置太大对于小文件的存放就会浪费磁盘空间
【6】Blcok设置大小要看工作中具体的文件大小,如果文件小,设置小点,如果文件大,则设置大点
【7】ext3/ext4文件系统Block一般设置大小4k
硬盘分区空间被占满的情况
【1】Inode已被占满
【2】Block已被占满
Linux文件类型(一切皆为文件)
- 表示普通文件
【1】纯文本文件
[root@node1 ~]# file lb.txt
lb.txt: ASCII text
[root@node1 ~]# ls -l lb.txt
-rw-r--r--. 1 root root 10 Jul 22 11:30 lb.txt
【2】二进制文件(命令)
[root@node1 ~]# file /bin/cp
/bin/cp: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.18, stripped
[root@node1 ~]# ls -l /bin/cp
-rwxr-xr-x. 1 root root 122872 Oct 15 2014 /bin/cp
【3】数据文件
[root@node1 ~]# file /var/log/lastlog
/var/log/lastlog: data
[root@node1 ~]# ls -l /var/log/lastlog
-rw-r--r--. 1 root root 146292 Jul 22 08:32 /var/log/lastlog
d 表示目录
b 表示块设备文件(硬盘、光驱)
c 表示字符设备文件(串口设备)
l 表示符号链接文件(软链接)
p 表示管道文件
s 表示套接口文件(本地进程通信)
Linux文件扩展名
【1】压缩包:.tar.gz、.tar.bz、.zip、.tgz
【2】脚本语言:.sh、.py、.pl、.html、.htm、.jsp、.do、.php
【3】配置文件:.conf、.cfg
【4】rpm格式安装包:.rpm
Linux系统文件链接(link)
【1】硬链接文件(Hard Link)
语法格式:ln 源文件 硬链接文件
硬链接文件小结
【1】具有相同Inode节点编号的多个文件互为硬链接文件
[root@node1 ~]# ls -li lb.txt lb_hard_link.txt
total 8
131081 -rw-r--r--. 2 root root 12 Mar 2 17:23 lb_hard_link.txt
131081 -rw-r--r--. 2 root root 12 Mar 2 17:23 lb.txt
【2】删除硬链接文件或源文件任意之一,并未真正删除文件
[root@node1 ~]# rm -f lb.txt
[root@node1 ~]# cat lb_hard_link.txt
hello world
【3】只有删除了源文件及所有对应的硬链接文件,文件才会真正被删除
【4】当所有的硬链接文件及源文件删除后,空间将被系统回收(删除)
【5】硬链接文件是文件的另一个入口
【6】通过给文件创建硬链接文件,来防止重要文件被误删除
【7】用命令ln来创建硬链接文件,ln 源文件 硬链接文件
[root@node1 ~]# ln lb.txt lb_hard_link.txt
【8】硬链接文件可以用rm命令删除
[root@node1 ~]# rm -f lb_hard_link.txt
【9】对于静态文件(没有进程正在调用的文件)当硬链接数i_link=0时,文件就被删除了
硬链接文件实践
[root@node1 ~]# echo "hello world" >> lb.txt <==创建源文件
[root@node1 ~]# ln lb.txt lb_hard_link.txt <==创建硬链接文件
[root@node1 ~]# ls -li lb.txt lb_hard_link.txt <==查看文件Inode和硬链接数
131081 -rw-r--r--. 2 root root 12 Mar 2 01:38 lb_hard_link.txt
131081 -rw-r--r--. 2 root root 12 Mar 2 01:38 lb.txt
[root@node1 ~]# cat lb.txt <==查看文件内容
hello world
[root@node1 ~]# cat lb_hard_link.txt
hello world
[root@node1 ~]# rm -f lb.txt <==删除源文件
[root@node1 ~]# ls -li lb_hard_link.txt <==查看硬链接数及文件内容
131081 -rw-r--r--. 1 root root 12 Mar 2 01:38 lb_hard_link.txt
[root@node1 ~]# ls -li lb.txt
ls: cannot access lb.txt: No such file or directory
[root@node1 ~]# cat lb_hard_link.txt
hello world
Linux文件删除原理
http://oldboy.blog.51cto.com/2561410/791322/
文件被删除的条件
【1】i_link=0(条件硬链接数)
【2】i_count=0(条件被进程调用)
Web服务器磁盘满故障深入解析
http://oldboy.blog.51cto.com/2561410/612351
查看文件具体被哪个进程正在调用
【1】
[root@node1 ~]# fuser -v /var/log/messages
USER PID ACCESS COMMAND
/var/log/messages: root 935 F.... rsyslogd
[root@node1 ~]# ps -ef|grep "935"|grep -v "grep"
root 935 1 0 08:53 ? 00:00:00 /sbin/rsyslogd -i /var/run/syslogd.pid -c 5
【2】
[root@node1 ~]# lsof /var/log/messages
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
rsyslogd 935 root 1w REG 8,3 159179 261421 /var/log/messages
[root@node1 ~]# ps -ef|grep "935"|grep -v "grep"
root 935 1 0 08:53 ? 00:00:00 /sbin/rsyslogd -i /var/run/syslogd.pid -c 5
杀死访问指定文件的所有进程
[root@node1 ~]# fuser -k /var/log/messages
请简述为何"."表示当前目录,".."表示当前目录的上级目录
[root@node1 ~]# ls -lid /data
393454 drwxr-xr-x. 2 root root 4096 Sep 5 14:34 /data/
[root@node1 ~]# ls -lid /
2 dr-xr-xr-x. 23 root root 4096 Aug 30 19:25 /
[root@node1 ~]# ls -ila /data <==/data目录的Inode编号为393454,"."的Inode编号为393454,同理"/"和".."的Inode编号均为2,当Inode编号相同时,文件互为硬链接文件
total 8
393454 drwxr-xr-x. 2 root root 4096 Sep 5 14:34 .
2 dr-xr-xr-x. 23 root root 4096 Aug 30 19:25 ..
【2】软链接文件(Soft Link)
语法格式:ln -s 源文件 软链接文件
误区:创建软链接源文件是需要存在的,要创建的软链接文件是不能事先存在的,软链接文件必须通过ln命令创建
软链接文件小结
【1】软链接文件类似Windows的快捷方式(使用命令readlink可以查看其指向)
[root@node1 ~]# readlink lb_soft_link.txt
lb.txt
【2】软链接文件类似一个文本文件,存放的是源文件的路径,指向源文件的实体
【3】删除源文件,软链接文件依然存在,但是无法访问指向的源文件路径的内容
[root@node1 ~]# rm -f lb.txt
[root@node1 ~]# cat lb_soft_link.txt
cat: lb_soft_link.txt: No such file or directory
【4】软链接文件失效的时候表现为白字红底闪烁提示
【5】执行命令ln -s 源文件 软链接文件,即可创建软链接文件(软链接文件不能事先存在)
[root@node1 ~]# ln -s lb.txt lb_soft_link.txt
【6】软链接文件和源文件是不同类型的文件,也是不同的文件,Inode编号也不相同
[root@node1 ~]# ls -li lb.txt lb_soft_link.txt
total 4
131093 lrwxrwxrwx. 1 root root 6 Mar 2 17:30 lb_soft_link.txt -> lb.txt
131081 -rw-r--r--. 1 root root 12 Mar 2 17:23 lb.txt
【7】可以使用rm命令删除软链接文件
[root@node1 ~]# rm -f lb_soft_link.txt
当删除源文件lb.txt后,其硬链接文件lb_hard_link.txt不受影响,对应的数据依然存在,但是其对应的软链接文件lb_soft_link.txt失效了,找不到源文件了
链接文件小结
【1】删除软链接文件对源文件及硬链接文件无任何影响
【2】删除硬链接文件对源文件及软链接文件无任何影响
【3】删除源文件,对硬链接文件无影响,但会导致软链接文件失效,白字红底闪烁提示
【4】同时删除源文件,硬链接文件,软链接文件,整个文件会被真正删除
【5】源文件和硬链接文件具有相同的索引节点编号,是同一个文件或一个文件的多个入口
【6】源文件和软链接文件索引节点编号不同,是不同类型的文件,也是不同的文件,软链接相当于源文件的快捷方式,存放源文件的位置指向
目录链接小结
【1】目录不可以创建硬链接,但可以创建软链接
【2】目录的硬链接不能跨文件系统
【3】每个目录下面都有一个硬链接"."(隐藏文件)和一个对应上级目录的硬链接".."(隐藏文件)
【4】在父目录里创建一个子目录,父目录的硬链接数会增加1(子目录下面有".."),创建文件硬链接数不会增加
请简述Linux下软链接和硬链接的区别(介绍软硬链接的概念,对于文件的软硬链接区别,对于目录的软硬链接区别)
【1】默认不带参数情况下,ln命令创建的是硬链接文件,带参数"-s"创建的是软链接文件
【2】硬链接文件和源文件的Inode节点编号相同,而软链接文件的Inode节点编号和源文件不同
【3】删除软链接文件,对源文件及硬链接文件无任何影响
【4】删除硬链接文件,对源文件及软链接文件无任何影响
【5】删除源文件,对硬链接文件无影响,但会导致软链接文件失效,白字红底闪烁提示
【6】同时删除源文件及其硬链接文件,整个文件才会被真正删除
【7】ln命令不能对目录创建硬链接,但可以对目录创建软链接
【8】软链接可以跨文件系统,但硬链接不可以跨文件系统
Linux用户角色划分(用户通过UID、GID来识别)
【1】超级用户,UID为0、GID为0
【2】虚拟用户,满足文件或程序运行需要,一般不能登录系统(傀儡),UID、GID范围1-499
【3】普通用户,由管理员创建,UID、GID范围500-65535
Linux账户管理核心配置文件:/etc/passwd /etc/shadow /etc/group /etc/gshadow
[root@node1 ~]# ls -l /etc/passwd /etc/shadow /etc/group /etc/gshadow
-rw-r--r-- 1 root root 586 Apr 17 15:26 /etc/group
---------- 1 root root 480 Apr 17 15:26 /etc/gshadow
-rw-r--r-- 1 root root 1101 Apr 17 15:26 /etc/passwd
---------- 1 root root 721 Apr 17 15:26 /etc/shadow
[root@node1 ~]# tail -1 /etc/passwd
linbin:x:500:500:lb:/home/linbin:/bin/bash
linbin 表示用户名称
x 表示用户密码,为了安全存放于/etc/shadow
500 表示用户UID
500 表示用户GID
lb 表示用户说明注释(备注信息)
/home/linbin 表示用户家目录
/bin/bash 表示用户登录系统使用的shell
目录Inode存放目录的属性,目录的Block存放子目录的文件名和目录名,文件名存放在上级目录的Block里
显示文件最近一次修改时间(可以做别名)
[root@node1 ~]# ls -l --time-style=long-iso lb.txt
total 0
-rw-r--r--. 1 root root 0 2016-03-03 21:51 lb.txt
系统别名:alias ls='ls --color=auto --time-style=long-iso'
文件三大时间戳(atime、ctime、mtime)
[root@node1 ~]# stat lb.txt
File: `lb.txt'
Size: 0 Blocks: 0 IO Block: 4096 regular empty file
Device: 803h/2051d Inode: 131081 Links: 1
Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2016-03-03 21:51:13.648000510 +0800 <==文件访问时间
Modify: 2016-03-03 21:51:13.648000510 +0800 <==文件修改时间,内容发生了变化
Change: 2016-03-03 21:51:13.648000510 +0800 <==文件改变时间,包含Modify,权限、属主、属组
Linux正则表达式字符集设置
[root@node1 ~]# export LC_ALL=C
[root@node1 ~]# alias grep='grep --color=auto'
[root@node1 ~]# alias egrep='egrep --color=auto'
Linux正则表达式:为处理大量的字符串而定义的一套规则和方法,以行为单位进行处理(合适三剑客grep、egrep、sed、awk)
【1】Linux基础正则表达式(Basic Regular Expression)
^ 表示匹配以……开头的行
$ 表示匹配以……结尾的行
^$ 表示匹配空行,不包括空格
. 表示匹配任意单个字符
\ 表示转义符,将特殊符号进行转义,忽略其特殊意义
* 表示匹配前面项0次或多次
.* 表示匹配任意字符
[] 表示匹配集合以内的任意单个字符
[^] 表示匹配集合以外的任意单个字符
[root@node1 ~]# cat lb.txt
I am oldboy teacher!
I teach linux.
I like badminton ball,billard ball and chinese chess.
my blog is http://oldboy.blog.51cto.com
our site is http://www.etiantian.org
my qq num is 49000488.
not 4900000448.
my god,i am not oldbey,but OLDBOY
oldb y
【1-1】匹配以……开头的行
[root@node1 ~]# grep "^m" lb.txt
my blog is http://oldboy.blog.51cto.com
my qq num is 49000488.
my god,i am not oldbey,but OLDBOY
【1-2】匹配以……结尾的行
[root@node1 ~]# grep "m$" lb.txt
my blog is http://oldboy.blog.51cto.com
【1-3】匹配空行
[root@node1 ~]# grep -vn "^$" lb.txt
1:I am oldboy teacher!
2:I teach linux.
4:I like badminton ball,billard ball and chinese chess.
6:my blog is http://oldboy.blog.51cto.com
7:our site is http://www.etiantian.org
9:my qq num is 49000488.
11:not 4900000448.
12:my god,i am not oldbey,but OLDBOY
13:oldb y
【1-4】匹配任意单个字符
[root@node1 ~]# grep "." lb.txt <==不匹配空行
I am oldboy teacher!
I teach linux.
I like badminton ball,billard ball and chinese chess.
my blog is http://oldboy.blog.51cto.com
our site is http://www.etiantian.org
my qq num is 49000488.
not 4900000448.
my god,i am not oldbey,but OLDBOY
oldb y
[root@node1 ~]# grep "oldb.y" lb.txt
I am oldboy teacher!
my blog is http://oldboy.blog.51cto.com
my god,i am not oldbey,but OLDBOY
oldb y
【1-5】转义符
[root@node1 ~]# grep "\.$" lb.txt
I teach linux.
I like badminton ball,billard ball and chinese chess.
my qq num is 49000488.
not 4900000448.
【1-6】匹配前面项0次或多次
[root@node1 ~]# grep "0*" lb.txt
I am oldboy teacher!
I teach linux.
I like badminton ball,billard ball and chinese chess.
my blog is http://oldboy.blog.51cto.com
our site is http://www.etiantian.org
my qq num is 49000488.
not 4900000448.
my god,i am not oldbey,but OLDBOY
oldb y
[root@node1 ~]# grep -o "0*" lb.txt <==精确匹配字符串
000
00000
【1-7】匹配任意字符
[root@node1 ~]# grep ".*" lb.txt <==匹配空行
I am oldboy teacher!
I teach linux.
I like badminton ball,billard ball and chinese chess.
my blog is http://oldboy.blog.51cto.com
our site is http://www.etiantian.org
my qq num is 49000488.
not 4900000448.
my god,i am not oldbey,but OLDBOY
oldb y
【1-8】匹配集合以内的任意单个字符
[root@node1 ~]# grep "[abc]" lb.txt
I am oldboy teacher!
I teach linux.
I like badminton ball,billard ball and chinese chess.
my blog is http://oldboy.blog.51cto.com
our site is http://www.etiantian.org
my god,i am not oldbey,but OLDBOY
oldb y
[root@node1 ~]# grep "[0-9]" lb.txt
my blog is http://oldboy.blog.51cto.com
my qq num is 49000488.
not 4900000448.
【1-9】匹配集合以外的任意单个字符
[root@node1 ~]# grep "[^a-z]" lb.txt <==匹配非小写字母
I am oldboy teacher!
I teach linux.
I like badminton ball,billard ball and chinese chess.
my blog is http://oldboy.blog.51cto.com
our site is http://www.etiantian.org
my qq num is 49000488.
not 4900000448.
my god,i am not oldbey,but OLDBOY
oldb y
[root@node1 ~]# grep "[^A-Z]" lb.txt <==匹配非大写字母
I am oldboy teacher!
I teach linux.
I like badminton ball,billard ball and chinese chess.
my blog is http://oldboy.blog.51cto.com
our site is http://www.etiantian.org
my qq num is 49000488.
not 4900000448.
my god,i am not oldbey,but OLDBOY
oldb y
[root@node1 ~]# grep "[^0-9]" lb.txt <==匹配非数字
I am oldboy teacher!
I teach linux.
I like badminton ball,billard ball and chinese chess.
my blog is http://oldboy.blog.51cto.com
our site is http://www.etiantian.org
my qq num is 49000488.
not 4900000448.
my god,i am not oldbey,but OLDBOY
oldb y
【2】Linux扩展正则表达式(Extended Regular Expression)
+ 表示匹配前面项1次或多次
? 表示匹配前面项0次或1次
| 表示匹配|两边的任意一项
() 表示匹配表达式
{n,m} 表示匹配前面项n~m次
{n,} 表示匹配前面项至少n次,包含n次
{n} 表示匹配前面项n次
{,m} 表示匹配前面项最多m次,包含m次
[root@node1 ~]# cat lb.txt
I am oldboy teacher!
I teach linux.
I like badminton ball,billard ball and chinese chess.
my blog is http://oldboy.blog.51cto.com
our site is http://www.etiantian.org
my qq num is 49000488.
not 4900000448.
my god,i am not oldbey,but OLDBOY
good
goood
gd
【2-1】匹配前面项1次或多次
[root@node1 ~]# grep -E "go+d" lb.txt <==扩展正则表达式需要加-E参数或使用egrep
my god,i am not oldbey,but OLDBOY
good
good
[root@node1 ~]# egrep "go+d" lb.txt
my god,i am not oldbey,but OLDBOY
good
good
【2-2】匹配前面项0次或1次
[root@node1 ~]# grep -E "go?d" lb.txt <==扩展正则表达式需要加-E参数或使用egrep
my god,i am not oldbey,but OLDBOY
gd
[root@node1 ~]# egrep "go?d" lb.txt
my god,i am not oldbey,but OLDBOY
gd
【2-3】匹配|两边的任意一项
[root@node1 ~]# grep -E "god|good" lb.txt <==扩展正则表达式需要加-E参数或使用egrep
my god,i am not oldbey,but OLDBOY
good
[root@node1 ~]# egrep "god|good" lb.txt
my god,i am not oldbey,but OLDBOY
good
【2-4】匹配表达式
[root@node1 ~]# grep -E "g(la|oo)d" lb.txt <==扩展正则表达式需要加-E参数或使用egrep
good
[root@node1 ~]# egrep "g(la|oo)d" lb.txt
good
[root@node1 ~]# egrep "g(oo)?d" lb.txt
good
gd
【2-5】匹配前面项n~m次
[root@node1 ~]# grep -E "0{3,5}" lb.txt <==不加-E参数,需要对{}进行转义或使用egrep
my qq num is 49000488.
not 4900000448.
[root@node1 ~]# grep "0\{3,5\}" lb.txt
my qq num is 49000488.
not 4900000448.
【2-6】匹配前面项至少n次
[root@node1 ~]# grep -E "0{3,}" lb.txt <==不加-E参数,需要对{}进行转义或使用egrep
my qq num is 49000488.
not 4900000448.
[root@node1 ~]# grep "0\{3,\}" lb.txt
my qq num is 49000488.
not 4900000448.
【2-7】匹配前面项n次
[root@node1 ~]# grep -E "0{3}" lb.txt <==不加-E参数,需要对{}进行转义或使用egrep
my qq num is 49000488.
not 4900000448.
[root@node1 ~]# grep "0\{3\}" lb.txt
my qq num is 49000488.
not 4900000448.
正则表达式参考文档
http://aresxin.blog.51cto.com/4734097/1602624
http://man.linuxde.net/docs/shell_regex.html
sed截取IP地址(http://oldboy.blog.51cto.com/2561410/949365)
【1】
[root@node1 ~]# ifconfig eth0|sed -n '2p'|sed 's#.*addr:##g'|sed 's# Bc.*##g'
192.168.100.133
【2】
[root@node1 ~]# ifconfig eth0|sed -n '2p'|sed 's#^.*addr:##g'|sed 's# Bc.*$##g'
192.168.100.133
【3】
[root@node1 ~]# ifconfig eth0|sed -n '2p'|sed -r 's#^.*addr:(.*) Bc.*$#\1#g'
192.168.100.133
【4】
[root@node1 ~]# ifconfig eth0|sed -nr '2s#^.*addr:(.*) Bc.*$#\1#gp'
192.168.100.133
【5】
[root@node1 ~]# ifconfig eth0|sed -n '2p'|awk -F "[ :]+" '{print $4}'
192.168.100.133
【6】
[root@node1 ~]# ifconfig eth0|sed -n '2p'|awk -F "[ :]" '{print $13}'
192.168.100.133
【7】
[root@node1 ~]# ifconfig eth0|awk -F "[ :]+" 'NR==2 {print $4}'
192.168.100.133
sed截取HWaddr地址
【1】
[root@node1 ~]# ifconfig eth0|sed -n '1p'|awk '{print $5}'
00:0C:29:27:E5:60
【2】
[root@node1 ~]# ifconfig eth0|sed -n '1p'|sed 's#.*HWaddr ##g'
00:0C:29:27:E5:60
【3】
[root@node1 ~]# ifconfig eth0| sed -n '1p'|sed 's#^.*HWaddr ##g'
00:0C:29:27:E5:60
【4】
[root@node1 ~]# ifconfig eth0|sed -nr '1s#^.*HWaddr (.*)#\1#gp'
00:0C:29:27:E5:60
请截取/etc/hosts权限644
[root@node1 ~]# stat /etc/hosts
File: `/etc/hosts'
Size: 158 Blocks: 8 IO Block: 4096 regular file
Device: 803h/2051d Inode: 131102 Links: 1
Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2016-03-03 21:26:06.271999998 +0800
Modify: 2010-01-12 21:28:22.000000000 +0800
Change: 2016-02-24 21:46:15.722998464 +0800
【1】
[root@node1 ~]# stat /etc/hosts|sed -nr '4s#^.*0(.*)/-.*$#\1#gp'
644
【2】
[root@node1 ~]# stat /etc/hosts|awk -F "[0/]" 'NR==4 {print $2}'
644
【3】
[root@node1 ~]# stat -c %a /etc/hosts
644
Linux通配符:和Linux正则表达式是不一样的,因此它代表的意义也是有较大区别的,通配符一般用户命令行Bash环境,而Linux正则表达式用于grep、egrep、sed、awk
* 匹配任意字符
? 匹配任意单个字符
; 命令分隔符,多个命令在一行执行
# 管理员命令提示符;配置文件注释
| 管道,把前一个命令的输出作为后一个命令的输入
~ 当前用户家目录
- 当前用户上一次所在的路径,由变量OLDPWD控制
$ 普通用户命令提示符;取环境变量值
/ 根目录;路径分隔符
\ 转义符,将特殊符号进行转义,忽略其特殊意义
>或1> 输出重定向,会清空文件之前的内容
>>或1>> 追加输出重定向,在文件尾部追加内容,不会清空文件之前的内容
2> 错误输出重定向,会清空文件之前的内容
2>> 错误追加输出重定向,在文件尾部追加内容,不会清空文件之前的内容
<或<0 输入重定向,会清空文件之前的内容
<<或<<0 追加输入重定向,在文件尾部追加内容,不会清空文件之前的内容
2>&1 错误输出和正确输出一致
&> 错误输出和正确输出一致
'' 单引号,不具有变量置换功能,输出时所见即所得
"" 双引号,具有变量置换功能,解析变量后输出
`` 反引号,会执行命令后输出内容,相当于$()
{} 生成字符或数字序列;配合find使用表示前面查找到的内容
! !+字母表示执行上一次以此字母开头的命令;!+数字表示执行第几条历史命令;逻辑运算的非
& 后台执行程序
&& 当前一个命令执行成功时,则执行后一个命令
|| 当前一个命令执行成功时,则不执行后一个命令,当前一个命令执行失败时,则执行后一个命令
..或../ 当前目录的上一级目录
.或./ 当前目录;以"."开头的文件表示隐藏文件
\n 换行符
\t 横向制表符
\b 退格键;匹配单词边界
请简述Linux shell中单引号,双引号,不加引号的区别
【1】
单引号:可以说是所见即所得,即将单引号内的内容原样输出(看到的是什么就输出什么)
[root@node1 ~]# echo $PATH
/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
[root@node1 ~]# echo '$PATH'
$PATH
【2】
双引号:把双引号的内容输出,如果内容中有命令、变量等,会先把命令、变量解析出结果,然后再输出最终内容来
[root@node1 ~]# echo $PATH
/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
[root@node1 ~]# echo "$PATH"
/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
[root@node1 ~]# echo "`pwd`"
/root
【3】
无引号:把内容输出,可能不会将含有空格的字符串视为一个整体输出;如果内容中有命令、变量等,会先把命令、变量解析出结果,然后再输出最终内容来。如果字符串中带有空格等特殊字符,则不能完整输出,需要加双引号,一般连续的字符串、数字、路径等可以用,不过最好用双引号代替之
Linux系统基础网络配置
http://oldboy.blog.51cto.com/2561410/784625
深入浅出之route命令
http://oldboy.blog.51cto.com/2561410/974194
[root@linux-node1 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
0.0.0.0 192.168.100.2 0.0.0.0 UG 0 0 0 eth0
删除默认网关
[root@node1 ~]# route del default gw 192.168.100.2
[root@node1 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
[root@node1 ~]# ping -c 1 www.baidu.com
connect: Network is unreachable
添加默认网关
[root@node1 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
[root@node1 ~]# route add default gw 192.168.100.2
[root@node1 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
0.0.0.0 192.168.100.2 0.0.0.0 UG 0 0 0 eth0
[root@node1 ~]# ping -c 1 www.baidu.com
PING www.baidu.com (14.215.177.37) 56(84) bytes of data.
64 bytes from 14.215.177.37: icmp_seq=1 ttl=128 time=9.13 ms
添加网络路由
[root@node1 ~]# route add -net 172.16.35.0 netmask 255.255.255.0 gw 172.16.35.1
添加主机路由
[root@node1 ~]# route add -host 172.16.35.133 gw 172.16.35.1
linux路由表配置文件(默认不存在)
【1】/etc/sysconfig/network-scripts/route-eth0
【2】/etc/sysconfig/static-routes
【3】/etc/rc.local
su -或su -root切换用户角色需要输入root的密码
sudo su - linbin切换用户角色需要输入当前用户的密码
Linux显示日期格式
[root@node1 ~]# date +%y-%m-%d<==短格式
17-04-20
[root@node1 ~]# date +%F<==长格式
2017-04-20
[root@node1 ~]# date +%F\ %T<=="\"表示转义空格
2017-04-20 12:56:52
[root@node1 ~]# date +%Y-%m-%d\ %H:%M:%S<=="\"表示转义空格
2017-04-20 12:57:05
[root@node1 ~]# date %w<=="%w"表示周
4
以系统当前时间打包压缩/data目录
[root@node1 ~]# tar cvfz data_`date +%F`.tar.gz /data/<==`date +%F`相当于$(date +%F)
tar: Removing leading `/' from member names
/data/
/data/test/
/data/lb.txt
[root@node1 ~]# ls -l data_2017-04-20.tar.gz
-rw-r--r--. 1 root root 161 Mar 4 12:57 data_2017-04-20.tar.gz
Linux解析命令
【1】`command`
[root@node1 ~]# echo `pwd`
/root
【2】$(command)
[root@node1 ~]# echo $(pwd)
/root
显示系统三天前/后日期
[root@node1 ~]# date +%F<==当前日期
2017-04-20
[root@node1 ~]# date +%F -d "-3day"<==三天前
2017-04-17
[root@node1 ~]# date +%F -d "+72hour"<==三天前
2017-04-23
[root@node1 ~]# date +%F -d "+3day"<==三天后
2017-04-23
去除文件的空行
[root@node1 ~]# cat lb.txt
lb
linbin
anjubao
【1】
[root@node1 ~]# grep -v "^$" lb.txt
lb
linbin
anjubao
【2】
[root@node1 ~]# grep "." lb.txt
lb
linbin
anjubao
【3】
[root@node1 ~]# sed '/^$/d' lb.txt
lb
linbin
anjubao
【4】
[root@node1 ~]# awk '/^[^$]/' lb.txt
lb
linbin
anjubao
【5】
[root@node1 ~]# sed -n '/^[^$]/p' lb.txt
lb
linbin
anjubao
显示命令所在路径
【1】
[root@node1 ~]# which ifconfig<==从环境变量PATH所在路径查找
/sbin/ifconfig
【2】
[root@node1 ~]# whereis -b ifconfig<=="-b"表示只查找二进制
ifconfig: /sbin/ifconfig
【3】
[root@node1 ~]# find / -type f -name "ifconfig"
/sbin/ifconfig
【4】
[root@node1 ~]# locate ifconfig<==从数据库文件/var/lib/mlocate/mlocate.db里面查找,查找前需要先执行updatedb
/sbin/ifconfig
/usr/sbin/pifconfig
/usr/share/man/de/man8/ifconfig.8.gz
/usr/share/man/fr/man8/ifconfig.8.gz
/usr/share/man/man8/ifconfig.8.gz
/usr/share/man/man8/pifconfig.8.gz
/usr/share/man/pt/man8/ifconfig.8.gz
Linux权限体系
r:可读权限(read),对应数字4
w:可写权限(write),对应数字2
x:可执行权限(execute),对应数字1,可执行权限需要有可读权限
-:没有任何权限,对应数字0
文件权限小结
【1】可读权限,表示具有读取、阅读文件内容的权限
【2】可写权限,表示具有新增、修改文件内容的权限(文件没有可读权限,无法使用编辑器进行编辑,但echo可以追加)
【3】可执行权限,表示具有执行文件的权限,文件本身要能够执行,普通用户同时具有可读权限才能够执行,超级用户例外
Linux读取文件内容原理
目录权限小结
【1】可读权限,表示具有浏览目录下面文件及子目录的权限
【2】可写权限,表示具有增加、删除、修改目录里面的文件名(一般指文件名)的权限,需要可执行权限
【3】可执行权限,表示具有进入目录的权限,但是没有可读权限无法列表,没有可写权限无法新建和删除
修改文件权限
【1】
[root@node1 ~]# ls -ld /test/
drwxr-xr-x. 2 root root 4096 Mar 4 22:21 /test/
[root@node1 ~]# chmod 674 /test/<==八进制修改
[root@node1 ~]# ls -ld /test/
drw-rwxr--. 2 root root 4096 Mar 4 22:21 /test/
【2】
[root@node1 ~]# ls -ld /test/
drwxr-xr-x. 2 root root 4096 Mar 4 22:21 /test/
[root@node1 ~]# chmod u-x,g+w,o=rx /test/<==字符修改,"u"表示属主,"g"表示属组,"o"表示其它用户,"a"表示所有用户
[root@node1 ~]# ls -ld /test/
drw-rwxr--. 2 root root 4096 Mar 4 22:21 /test/
八进制数字权限
0---
1--x
2-w-
3-wx
4r--
5r-x
6rx-
7rwx
Linux系统文件及目录安全临界点
【1】目录:755 root:root dirname
【2】文件:644 root:root filename
umask:控制用户创建目录及文件默认权限
目录最大权限:777
文件最大权限:666(默认文件没有可执行权限)
http://oldboy.blog.51cto.com/2561410/1060032
[root@node1 ~]# id
uid=0(root) gid=0(root) groups=0(root)
[root@node1 ~]# umask
0022
创建目录默认权限:755(777-umask)
创建文件默认权限:644(666-umask)
[linbin@node1 ~]$ id
uid=500(linbin) gid=500(linbin) groups=500(linbin)
[linbin@node1 ~]$ umask
0002
创建目录默认权限:775(777-umask)
创建文件默认权限:664(666-umask)
umask值不相同原理
[root@node1 ~]# sed -n '65,69p' /etc/bashrc
if [ $UID -gt 199 ] && [ "`id -gn`" = "`id -un`" ]; then
umask 002
else
umask 022
fi
[root@node1 ~]# sed -n '66,70p' /etc/profile
if [ $UID -gt 199 ] && [ "`id -gn`" = "`id -un`" ]; then
umask 002
else
umask 022
fi
umask原理实践
[root@node1 ~]# useradd linbin
[root@node1 ~]# id linbin
uid=500(linbin) gid=500(linbin) groups=500(linbin)
[root@node1 ~]# id -gn linbin
linbin
[root@node1 ~]# id -un linbin
linbin
[root@node1 ~]# su - linbin
[linbin@node1 ~]$ umask
0002
[root@node1 ~]# groupadd linbin
[root@node1 ~]# useradd -g linbin lb
[root@node1 ~]# id lb
uid=500(lb) gid=500(linbin) groups=500(linbin)
[root@node1 ~]# id -gn lb
linbin
[root@node1 ~]# id -un lb
lb
[root@node1 ~]# su - lb
[lb@node1 ~]$ umask
0022
umask设置051,默认创建文件权限666-051+011=626(umask奇数位+1)
suid作用:让普通用户执行此命令时,临时拥有此命令属主的权限,对应数字4,针对二进制程序和命令(脚本除外)
[root@node1 ~]# ls -l `which crontab`<==如果属主有执行权限"x",则显示"s",如果属主没有执行权限"x",则显示"S"
-rwsr-xr-x. 1 root root 51784 Nov 23 2013 /usr/bin/crontab
[root@node1 ~]# ls -l `which passwd`<==如果属主有执行权限"x",则显示"s",如果属主没有执行权限"x",则显示"S"
-rwsr-xr-x. 1 root root 30768 Feb 22 2012 /usr/bin/passwd
请简述文件和目录rwx分别有什么权限
rwx
文件有读取、阅读文件内容的权限有新增、修改文件内容的权限有执行文件的权限,需要有可读权限
目录有浏览目录下面文件及子目录的权限有增加、删除或修改目录里面的文件名(一般指文件名)的权限,需要可执行权限有进入目录的权限
Linux特殊权限suid的作用以及应用场景
作用:让普通用户执行此命令时,临时拥有此命令属主的权限,对应数字4,针对二进制程序和命令(脚本除外)
场景:普通用户修改自己的密码、编写定时任务
sgid作用
【1】文件:让普通用户执行此命令时(二进制程序或命令),临时拥有此命令属组的权限,对应数字2
【2】目录:让普通用户在此目录下创建文件或目录与此目录的属组相同
locate查找文件原理
查找数据库文件:/var/lib/mlocate/mlocate.db
更新数据库文件:updatedb
[root@node1 ~]# ls -l /var/lib/mlocate/mlocate.db
-rw-r----- 1 root slocate 1335994 Jul 25 16:38 /var/lib/mlocate/mlocate.db
[root@node1 ~]# file /var/lib/mlocate/mlocate.db
/var/lib/mlocate/mlocate.db: data
[root@node1 ~]# ls -l `which locate`<==如果属组有执行权限"x",则显示"s",如果属组没有执行权限"x",则显示"S"
-rwx--s--x. 1 root slocate 38464 Oct 10 2012 /usr/bin/locate
sgid目录实践
[root@node1 ~]# groupadd lb
[root@node1 ~]# mkdir /data/linbin
[root@node1 ~]# ls -ld /data/linbin/
drwxr-xr-x 2 root root 4096 Jul 26 10:07 /data/linbin/
[root@node1 ~]# chgrp lb /data/linbin/
[root@node1 ~]# ls -ld /data/linbin/
drwxr-xr-x 2 root lb 4096 Jul 26 10:07 /data/linbin/
[root@node1 ~]# chmod g+s /data/linbin/
[root@node1 ~]# ls -ld /data/linbin/
drwxr-sr-x 2 root lb 4096 Jul 26 10:07 /data/linbin/
[root@node1 ~]# touch /data/linbin/lb.txt<==用户在此目录下创建文件,则文件的属组与此目录的属组相同
[root@node1 ~]# ls -l /data/linbin/lb.txt
-rw-r--r-- 1 root lb 0 Jul 26 10:11 /data/linbin/lb.txt
粘滞位作用:对应数字1,例如/tmp
[root@node1 ~]# ls -ld /tmp/<==如果其它用户权限位有执行权限"x",则显示"t",如果其它用户权限位没有执行权限"x",则显示"T"
drwxrwxrwt. 3 root root 4096 Jul 26 10:15 /tmp/
修改文件属主
[root@node1 ~]# touch lb.txt
[root@node1 ~]# ls -l lb.txt
-rw-r--r-- 1 root root 0 Jul 26 10:32 lb.txt
[root@node1 ~]# chown linbin lb.txt
[root@node1 ~]# ls -l lb.txt
-rw-r--r-- 1 linbin root 0 Jul 26 10:32 lb.txt
[root@node1 ~]# chown root: lb.txt<==":"可以用"."代替
[root@node1 ~]# ls -l lb.txt
-rw-r--r-- 1 root root 0 Jul 26 10:32 lb.txt
修改文件属组
[root@node1 ~]# ls -l lb.txt
-rw-r--r-- 1 root root 0 Jul 26 10:32 lb.txt
[root@node1 ~]# chgrp lb lb.txt
[root@node1 ~]# ls -l lb.txt
-rw-r--r-- 1 root lb 0 Jul 26 10:32 lb.txt
[root@node1 ~]# chown :root lb.txt<==":"可以用"."代替
[root@node1 ~]# ls -l lb.txt
-rw-r--r-- 1 root root 0 Jul 26 10:32 lb.txt
删除用户及用户组文件属主属组失效实践
[root@node1 ~]# groupadd test
[root@node1 ~]# useradd -g test lbin
[root@node1 ~]# id lbin
uid=502(lbin) gid=502(test) groups=502(test)
[root@node1 ~]# ls -l lb.txt
-rw-r--r--. 1 root root 0 Mar 8 00:49 lb.txt
[root@node1 ~]# chown lbin:test lb.txt
[root@node1 ~]# ls -l lb.txt
-rw-r--r--. 1 lbin test 0 Mar 8 00:49 lb.txt
[root@node1 ~]# userdel -r lbin
[root@node1 ~]# ls -l lb.txt
-rw-r--r--. 1 502 test 0 Mar 8 00:49 lb.txt
[root@node1 ~]# groupdel test
[root@node1 ~]# ls -l lb.txt
-rw-r--r--. 1 502 502 0 Mar 8 00:49 lb.txt
setfacl与getfacl实践
[root@node1 ~]# getfacl lb.txt
# file: lb.txt
# owner: root
# group: root
user::rw-
group::r--
other::r--
[root@node1 ~]# setfacl -m u:linbin:rwx lb.txt
[root@node1 ~]# getfacl lb.txt
# file: lb.txt
# owner: root
# group: root
user::rw-
user:linbin:rwx
group::r--
mask::rwx
other::r--
[root@node1 ~]# setfacl -x u:lb lb.txt
[root@node1 ~]# getfacl lb.txt
# file: lb.txt
# owner: root
# group: root
user::rw-
group::r--
mask::rwx
other::r--
大规模集群深度设置与防护
【1】目录:755 root:root dirname
【2】文件:644 root:root filename
定时任务crond(守护进程,持续保持运行)
【1】/etc/crontab(不推荐)
【2】crontab -e(推荐)
系统自动切割日志
[root@node1 ~]# cat /etc/logrotate.d/syslog
1 /var/log/cron
2 /var/log/maillog
3 /var/log/messages
4 /var/log/secure
5 /var/log/spooler
6 {
7 sharedscripts
8 postrotate
9 /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
10 endscript
11 }
usage: crontab [-u user] file
crontab [-u user] [ -e | -l | -r ]
(default operation is replace, per 1003.2)
-e (edit user's crontab)<==相当于 vim /var/spool/cron/username
-l (list user's crontab)<==相当于 cat /var/spool/cron/username
-r (delete user's crontab)
-i (prompt before deleting user's crontab)
-s (selinux context)
[root@node1 ~]# crontab -l
####Synchronization Network Time Server####
*/5 * * * * /usr/sbin/ntpdate 0.pool.ntp.org &>/dev/null
[root@node1 ~]# cat /var/spool/cron/root
####Synchronization Network Time Server####
*/5 * * * * /usr/sbin/ntpdate 0.pool.ntp.org &>/dev/null
crond日志文件路径:/var/log/cron(日志每周切割)
crontab格式:分 时 日 月 周 执行命令或程序
[root@node1 ~]# cat /etc/crontab
1 SHELL=/bin/bash
2 PATH=/sbin:/bin:/usr/sbin:/usr/bin
3 MAILTO=root
4 HOME=/
5
6 # For details see man 4 crontabs
7
8 # Example of job definition:
9 # .---------------- minute (0 - 59)<==分,取值范围:00-59
10 # | .------------- hour (0 - 23)<==时,取值范围:00-23
11 # | | .---------- day of month (1 - 31)<==日,取值范围:01-31
12 # | | | .------- month (1 - 12) OR jan,feb,mar,apr ...<==月,取值范围:01-12
13 # | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat<==周,取值范围:0-6
14 # | | | | |
15 # * * * * * user-name command to be executed
16
*表示每
-表示范围(整数),17-19
,表示分割(整数),17,19
/n表示每单位时间,"n"是数字,"*/5"表示每5分钟
atd:适合仅执行一次就结束的调度任务命令,对应命令at
定时任务编写实践
[root@node1 ~]# cat >> /var/spool/cron/root<<EOF
## Print My Name To /var/log/message At 20170421 By LinBin ##
* * * * * /bin/echo "linbin" >> /var/log/messages
EOF
[root@node1 ~]# crontab -l
## Print My Name To /var/log/message At 20170421 By LinBin ##
* * * * * /bin/echo "linbin" >> /var/log/messages
定时任务小结
【1】定时任务要加必要的注释
【2】定时任务中的路径要使用绝对路径
【3】定时任务服务要开启运行
脚本存放路径规范:/server/scripts
请实现每周六、日的9点、14点执行脚本/server/scripts/lb.sh
00 09,14 * * 6,0 /bin/bash /server/scripts/lb.sh >/dev/null 2>&1
编写定时任务核心要领
【1】为定时任务加必要的注释
【2】执行shell脚本任务前面加/bin/bash
【3】定时任务命令或脚本结尾加>/dev/null 2>&1(1>/dev/null 2>/dev/null或&>/dev/null)
【4】定时任务命令或程序最好写到脚本里执行
【5】在指定的用户下执行相关的定时任务
【6】任务程序生产不要随意打印输出信息
【7】定时任务执行脚本要规范路径(/server/scripts)
【8】配置定时任务规范操作过程
【9】注意环境变量
定时任务规范实践
[root@node1 /]# cd /
[root@node1 /]# tar cvfz /tmp/data_$(date +%F-%H).tar.gz ./data
./data/
./data/linbin.txt
./data/lb.txt
[root@node1 /]# tar tf /tmp/data_2017-04-21-13.tar.gz
./data/
./data/linbin.txt
./data/lb.txt
[root@node1 /]# ls -l /tmp/data_2017-04-21-13.tar.gz
-rw-r--r-- 1 root root 330 2017-04-21 13:27 /tmp/data_2017-04-21-13.tar.gz
[root@node1 /]# mkdir /server/scripts -p
[root@node1 /]# ls -ld /server/scripts/
drwxr-xr-x 2 root root 4096 Apr 21 13:29 /server/scripts/
[root@node1 /]# vim /server/scripts/tar.sh
cd / && tar cfz /tmp/data_$(date +%F-%H).tar.gz ./data
[root@node1 /]# /bin/bash /server/scripts/tar.sh
[root@node1 /]# crontab -e
#### For Tar Data At 20170421 By LinBin ####
* * * * * /bin/bash /server/scripts/tar.sh &>/dev/null
[root@node1 /]# crontab -l
#### For Tar Data At 20170421 By LinBin ####
* * * * * /bin/bash /server/scripts/tar.sh &>/dev/null
出错养成查看服务日志的习惯
请实现在11月份,每天早上6点到12点,每隔2小时执行/usr/bin/httpd.sh
[root@node1 ~]# crontab -e
00 06-12/2 * 11 * /bin/bash /usr/bin/httpd.sh >/dev/null 2>&1
[root@node1 ~]# crontab -l
00 06-12/2 * 11 * /bin/bash /usr/bin/httpd.sh >/dev/null 2>&1
crontab由六个域组成,每个域之间用空格分隔,每域代表的含义是什么
第一域:分,取值范围00-59
第二域:时,取值范围00-23
第三域:日,取值范围01-31
第四域:月,取值范围01-12
第五域:周,取值范围0-6
第六域:执行命令或程序
每周六凌晨03:15执行/home/shell/collect.sh,并将标准输出和标准错误输出到/dev/null设备,请写出相应的crontab语句
15 03 * * 6 /bin/bash /home/shell/collect.sh &>/dev/null
【1】/etc/skel/
存放新用户配置文件的目录,在新创建用户时,这个目录下的所有文件会自动被复制到新创建用户的家目录下,默认情况下,/etc/skel目录下的所有文件都是隐藏文件(以"."开头的文件),通过修改、添加、删除/etc/skel目录下的文件,我们可以为新创建的用户提供统一的、标准的、初始化用户环境
[root@node1 ~]# ls -la /etc/skel/
total 20
drwxr-xr-x. 2 root root 4096 Mar 6 09:01 .
drwxr-xr-x. 81 root root 4096 Apr 21 10:37 ..
-rw-r--r--. 1 root root 18 Oct 16 2014 .bash_logout
-rw-r--r--. 1 root root 176 Oct 16 2014 .bash_profile
-rw-r--r--. 1 root root 124 Oct 16 2014 .bashrc
[root@node1 ~]# echo "Please Do Not Use rm Command" >> /etc/skel/Readme.txt
[root@node1 ~]# cat /etc/skel/Readme.txt
Please Do Not Use rm Command
[root@node1 ~]# useradd lb
[root@node1 ~]# su - lb
[lb@node1 ~]$ ls -la
total 24
drwx------ 2 lb lb 4096 Apr 21 14:14 .
drwxr-xr-x. 3 root root 4096 Apr 21 14:14 ..
-rw-r--r-- 1 lb lb 18 Oct 16 2014 .bash_logout
-rw-r--r-- 1 lb lb 176 Oct 16 2014 .bash_profile
-rw-r--r-- 1 lb lb 124 Oct 16 2014 .bashrc
-rw-r--r-- 1 lb lb 29 Apr 21 14:14 Readme.txt
[lb@node1 ~]$ cat Readme.txt
Please Do Not Use rm Command
【2】/etc/login.defs
[root@node1 ~]# vim /etc/login.defs
14 #QMAIL_DIR Maildir
15 MAIL_DIR /var/spool/mail
18 # Password aging controls:
19 #
20 # PASS_MAX_DAYS Maximum number of days a password may be used.
21 # PASS_MIN_DAYS Minimum number of days allowed between password changes.
22 # PASS_MIN_LEN Minimum acceptable password length.
23 # PASS_WARN_AGE Number of days warning given before a password expires.
24 #
25 PASS_MAX_DAYS 99999
26 PASS_MIN_DAYS 0
27 PASS_MIN_LEN 5
28 PASS_WARN_AGE 7
31 # Min/max values for automatic uid selection in useradd
32 #
33 UID_MIN 500
34 UID_MAX 60000
37 # Min/max values for automatic gid selection in groupadd
38 #
39 GID_MIN 500
40 GID_MAX 60000
50 # If useradd should create home directories for users by default
51 # On RH systems, we do. This option is overridden with the -m flag on
52 # useradd command line.
53 #
54 CREATE_HOME yes
56 # The permission mask is initialized to this value. If not specified,
57 # the permission mask will be initialized to 022.
58 UMASK 077
60 # This enables userdel to remove user groups if no members exist.
61 #
62 USERGROUPS_ENAB yes
64 # Use SHA512 to encrypt password.
65 ENCRYPT_METHOD SHA512
【3】/etc/default/useradd
[root@node1 ~]# vim /etc/default/useradd
1 # useradd defaults file
2 GROUP=100
3 HOME=/home<==账号家目录
4 INACTIVE=-1<==账号过期是否停权 "-1"表示不启用
5 EXPIRE=<==账号是否过期
6 SHELL=/bin/bash<==账号默认登录shell类型
7 SKEL=/etc/skel
8 CREATE_MAIL_SPOOL=yes<==账号是否创建邮件目录
useradd创建用户会修改的文件
【1】/etc/passwd
【2】/etc/shadow
【3】/etc/group
【4】/etc/gshadow
[root@node1 ~]# ls -l /etc/passwd /etc/shadow /etc/group /etc/gshadow
-rw-r--r-- 1 root root 610 2017-04-21 16:47 /etc/group
---------- 1 root root 498 2017-04-21 16:47 /etc/gshadow
-rw-r--r-- 1 root root 1134 2017-04-21 16:47 /etc/passwd
---------- 1 root root 842 2017-04-21 16:47 /etc/shadow
[root@node1 ~]# useradd LinBin
[root@node1 ~]# ls -l /etc/passwd /etc/shadow /etc/group /etc/gshadow
-rw-r--r-- 1 root root 624 2017-04-21 16:47 /etc/group
---------- 1 root root 509 2017-04-21 16:47 /etc/gshadow
-rw-r--r-- 1 root root 1176 2017-04-21 16:47 /etc/passwd
---------- 1 root root 871 2017-04-21 16:47 /etc/shadow
useradd创建用户默认行为控制的文件
【1】/etc/login.defs
【2】/etc/default/useradd
groupadd创建用户组会修改的文件
【1】/etc/group
【2】/etc/gshadow
[root@node1 ~]# ls -l /etc/group /etc/gshadow
-rw-r--r-- 1 root root 624 2017-04-21 16:47 /etc/group
---------- 1 root root 509 2017-04-21 16:47 /etc/gshadow
[root@node1 ~]# groupadd admin
[root@node1 ~]# ls -l /etc/group /etc/gshadow
-rw-r--r-- 1 root root 637 2017-04-21 16:49 /etc/group
---------- 1 root root 519 2017-04-21 16:49 /etc/gshadow
groupadd创建用户组默认行为控制的文件
【1】/etc/login.defs
Linux设置用户密码
【1】
[root@node1 ~]# passwd lb
Changing password for user lb.
New password:
Retype new password:
passwd: all authentication tokens updated successfully
【2】
[root@node1 ~]# echo "axbc1kof"|passwd --stdin lb<==非交互式设置用户密码
Changing password for user lb.
passwd: all authentication tokens updated successfully.
批量创建10个用户stu01-stu10,并且设置随机8位密码,要求不能用shell循环(如for、while等),只能用命令和管道实现
http://user.qzone.qq.com/49000448/blog/1422183723?t=0.06937404605560005
用户管理小结
【1】用户相关的配置文件知识点
/etc/passwd:账号文件及不同列内容
/etc/shadow:账号密码文件及不同列内容
/etc/group:组的文件及不同列内容
/etc/gshadow:组密码文件及不同列内容
【2】用户管理命令
useradd -u -g -G -s -M m -e -c -d<==对应文件/etc/skel、/etc/login.defs、/etc/default/useradd
userdel -r
usermod -u -g -G -s -M -e -c -d -L -U
id -u -g -n
chage -l -E -m -M -W -l
passwd --stdin -n -x -i -w
su - -l -c
sudo -l
visudo -c
【3】组管理命令
groupadd -g
groupdel
su和su -的区别
http://oldboy.blog.51cto.com/2561410/1053606
sudo工作原理实践
[root@node1 ~]# useradd lb
[root@node1 ~]# passwd lb
Changing password for user lb.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
[root@node1 ~]# id lb
uid=500(lb) gid=500(lb) groups=500(lb)
[root@node1 ~]# ls -l /var/db/sudo/
total 0
[root@node1 ~]# visudo
98 root ALL=(ALL) ALL
99 lb ALL=(ALL) /usr/sbin/useradd
[root@node1 ~]# visudo -c
/etc/sudoers: parsed OK
[root@node1 ~]# su - lb
[lb@node1 ~]$ sudo rm -f /data/lb.txt<==无权限,未生成时间戳
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for lb:
Sorry, user lb is not allowed to execute '/bin/rm -f /data/lb.txt' as root on node1.
[root@node1 ~]# ls -l /var/db/sudo/lb/
total 0
[lb@node1 ~]$ sudo useradd linbin<==密码错误,未生成时间戳
[sudo] password for lb:
Sorry, try again.
[sudo] password for lb:
Sorry, try again.
[sudo] password for lb:
Sorry, try again.
sudo: 3 incorrect password attempts
[root@node1 ~]# ls -l /var/db/sudo/lb/
total 0
[lb@node1 ~]$ sudo useradd LINBIN<==有权限,密码正确,生成时间戳
[lb@node1 ~]$ id LINBIN
uid=501(LINBIN) gid=501(LINBIN) groups=501(LINBIN)
[root@node1 ~]# ls -l /var/db/sudo/lb/
total 4
-rw------- 1 root lb 48 2017-04-24 09:44 0
visudo用户别名、主机别名、角色别名、命令别名(别名需要大写)
【1】用户别名
User_Alias ADMINS = jsmith, mikem,%sa<==用户和组最好是系统存在
【2】主机别名
Host_Alias FILESERVERS = fs1, fs2
Host_Alias MAILSERVERS = smtp, smtp2
【3】角色别名
Runas_Alias OP = lb, linbin
【4】命令别名
Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum
规范操作
ADMINSFILESERVERS =(OP)SOFTWARE
sudo配置文件/etc/sudoers授权规则小结
【1】授权规则中所有ALL字符串必须大写
【2】一行很长可以使用"\"换行
【3】禁止命令尽量放在后面,如/sbin/*, !/sbin/fdisk
【4】"!"表示非,即禁止执行此命令
Linux用户权限集中管理方法企业案例
【1】在了解公司业务流程后,提出权限整改解决方案改进公司超级用户root权限泛滥的现状
【2】编写方案后,给上级领导看,取得上级领导支持后,召集大家开会讨论
【3】讨论确认后,由运维工程师负责推进实施
【4】实施后效果,公司的服务器权限管理更加清晰了
【5】制定账号权限申请流程及权限申请表格
http://oldboy.blog.51cto.com/2561410/1290671
yunwei_1:zhangsan、lisi,权限:/bin/mkdir /usr/sbin/useradd
yunwei_2:wangwu、gouer,权限:/sbin/ifconfig /bin/ping
kaifa_1:linbin、lb,权限:/usr/bin/vim /usr/bin/tail
kaifa_2:linyafang、lyf,权限:/bin/rm
boss,权限:ALL
password:123456
[root@node1 ~]# for user in zhangsan lisi wangwu gouer linbin lb linyafang lyf boss;do useradd $user;done
[root@node1 ~]# for user in zhangsan lisi wangwu gouer linbin lb linyafang lyf boss;do echo "123456"|passwd --stdin $user;done
[root@node1 ~]# tail -7 /etc/passwd
zhangsan:x:502:502::/home/zhangsan:/bin/bash
lisi:x:503:503::/home/lisi:/bin/bash
wangwu:x:504:504::/home/wangwu:/bin/bash
gouer:x:505:505::/home/gouer:/bin/bash
linyafang:x:506:506::/home/linyafang:/bin/bash
lyf:x:507:507::/home/lyf:/bin/bash
boss:x:508:508::/home/boss:/bin/bash
[root@node1 ~]# groupadd yunwei_1
[root@node1 ~]# groupadd yunwei_2
[root@node1 ~]# groupadd kaifa_1
[root@node1 ~]# groupadd kaifa_2
[root@node1 ~]# usermod -g yunwei_1 zhangsan
[root@node1 ~]# usermod -g yunwei_1 lisi
[root@node1 ~]# usermod -g yunwei_2 wangwu
[root@node1 ~]# usermod -g yunwei_2 gouer
[root@node1 ~]# cat >> /etc/sudoers<<EOF
####By LinBin At 20170421####
User_Alias YUNWEI_1 = zhangsan, lisi
User_Alias YUNWEI_2 = %yunwei_2
Runas_Alias OP = root
Cmnd_Alias YUNWEI_1_CMD = /bin/mkdir, /usr/sbin/useradd
YUNWEI_1 ALL=(OP) YUNWEI_1_CMD
YUNWEI_2 ALL=(OP) /sbin/ifconfig, /bin/ping
boss ALL=(OP) NOPASSWD: ALL
[root@node1 ~]# visudo -c
/etc/sudoers: parsed OK
[root@node1 ~]# su - zhangsan
[zhangsan@node1 ~]$ sudo -l
Matching Defaults entries for zhangsan on this host:
requiretty, !visiblepw, always_set_home, env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC
KDEDIR LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE", env_keep+="LC_COLLATE
LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES", env_keep+="LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER
LC_TELEPHONE", env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY",
secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin
User zhangsan may run the following commands on this host:
(root) /bin/mkdir, /usr/sbin/useradd
[zhangsan@node1 ~]$ sudo useradd ddd
[zhangsan@node1 ~]$ id ddd
uid=509(ddd) gid=513(ddd) groups=513(ddd)
[zhangsan@node1 ~]$ su - wangwu
[wangwu@node1 ~]$ sudo -l
Matching Defaults entries for wangwu on this host:
requiretty, !visiblepw, always_set_home, env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC
KDEDIR LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE", env_keep+="LC_COLLATE
LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES", env_keep+="LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER
LC_TELEPHONE", env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY",
secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin
User wangwu may run the following commands on this host:
(root) /sbin/ifconfig, (root) /bin/ping
[zhangsan@node1 ~]$ su - boss
[boss@node1 ~]$ sudo -l
Matching Defaults entries for boss on this host:
requiretty, !visiblepw, always_set_home, env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC
KDEDIR LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE", env_keep+="LC_COLLATE
LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES", env_keep+="LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER
LC_TELEPHONE", env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY",
secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin
User boss may run the following commands on this host:
(root) ALL
sudo配置事项
【1】命令别名下的成员必须是文件或目录的绝对路径
【2】别名名称是包含大写字母,数字,下划线,如果是字母都要大写
【3】一个别名下有多个成员,成员与成员之间通过", "分割,成员必须是系统真实有效存在的
【4】别名成员受别名类型User_Alias,Host_Alias,Runas_Alias,Cmnd_Alias制约,定义什么类型的别名,就需要有什么类型的成员相配
【5】别名规则是每行算一个规则,如果一个别名规则一行内容写不下时,可以通过"\"来续行
【6】指定切换的用户要用()括起来,如果省略括号,则默认是root用户,如果括号是ALL,则代表能切换到所有用户
【7】如果不需要密码直接运行命令的,应该加"NOPASSWD:"参数
【8】禁止某类程序或命令运行,要在命令动作前面加上"!",并且放在允许执行命令的后面
【9】用户组前面必须加"%"(系统用户组)
Linux用户行为日志审计管理方法企业案例
【1】实施对所有用户日志记录审计
【2】通过sudo和syslog配合实现对所有用户进行日志审计并将记录集中管理
【3】实施后让所有运维和开发的所有执行命令都有记录可查,杜绝了内部人员的操作安全隐患
【4】不记录普通的操作,只记录执行sudo命令的用户操作
[root@node1 ~]# rpm -qa rsyslog sudo
rsyslog-5.8.10-8.el6.x86_64
sudo-1.8.6p3-15.el6.x86_64
[root@node1 ~]# echo "Defaults logfile=/var/log/sudo.log" >> /etc/sudoers
[root@node1 ~]# tail -1 /var/log/sudo.log
Defaults logfile=/var/log/sudo.log
[root@node1 ~]# visudo -c
/etc/sudoers: parsed OK
[root@node1 ~]# echo "local2.debug /var/log/sudo.log" >> /etc/rsyslog.conf
[root@node1 ~]# tail -1 /etc/rsyslog.conf
local2.debug /var/log/sudo.log
[root@node1 ~]# /etc/init.d/rsyslog restart
Shutting down system logger: [ OK ]
Starting system logger: [ OK ]
[root@node1 ~]# ls -l /var/log/sudo.log
-rw-------. 1 root root 0 Mar 9 00:15 /var/log/sudo.log
[root@node1 ~]# su - linbin
[linbin@node1 ~]$ whoami
linbin
[linbin@node1 ~]$ sudo -l
[sudo] password for linbin:
Matching Defaults entries for linbin on this host:
requiretty, !visiblepw, always_set_home, env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC
KDEDIR LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE", env_keep+="LC_COLLATE
LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES", env_keep+="LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER
LC_TELEPHONE", env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY",
secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin, logfile=/var/log/sudo.log
User linbin may run the following commands on this host:
(ALL) /bin/mkdir, (ALL) !/bin/su
[linbin@node1 ~]$ useradd lb
-bash: /usr/sbin/useradd: Permission denied
[linbin@node1 ~]$ sudo useradd lb
Sorry, user linbin is not allowed to execute '/usr/sbin/useradd lb' as root on node1.
[linbin@node1 ~]$ sudo mkdir /linbin
[linbin@node1 ~]$ sudo su -
Sorry, user linbin is not allowed to execute '/bin/su -' as root on node1.
[root@node1 ~]# tail /var/log/sudo.log
Mar 9 00:22:52 : linbin : TTY=pts/0 ; PWD=/home/linbin ; USER=root ;
COMMAND=list
Mar 9 00:23:27 : linbin : TTY=pts/0 ; PWD=/home/linbin ; USER=root ;
COMMAND=list
Mar 9 00:23:48 : linbin : TTY=pts/0 ; PWD=/home/linbin ; USER=root ;
COMMAND=list
Mar 9 00:24:09 : linbin : command not allowed ; TTY=pts/0 ; PWD=/home/linbin ;
USER=root ; COMMAND=/usr/sbin/useradd lb
Mar 9 00:24:56 : linbin : TTY=pts/0 ; PWD=/home/linbin ; USER=root ;
COMMAND=/bin/mkdir /linbin
Mar 9 00:25:12 : linbin : command not allowed ; TTY=pts/0 ; PWD=/home/linbin ;
USER=root ; COMMAND=/bin/su -
日志收集工具汇总
【1】scribe
【2】flume
【3】logstash
【4】stom
运维人员必会的开源软件汇总
http://oldboy.blog.51cto.com/2561410/775056
Linux网络基础
网线网序
【1】568A
【2】568B(广泛使用)<==线序:橙白-1 橙-2 绿白-3 蓝-4 蓝白-5 绿-6 棕白-7 棕-8
交换机:DLINK、H3C、CISCO、HUAWEI
作用:是一种用于电(光)信号转发的网络设备,它可以为接入交换机的任意两个网络节点提供独享的电信号通路
路由器:CISCO、HUAWEI
作用:是连接因特网中各局域网、广域网的设备,它会根据信道的情况自动选择和设定路由,以最佳路径,按前后顺序发送信号
OSI7层模型图(从上至下)
【7】应用层
【6】表示层
【5】会话层
【4】传输层
【3】网络层
【2】数据链路层
【1】物理层
HTTP协议工作原理、流程
TCP/IP协议三次握手及四次断开,原理、流程
用户上网原理、流程
用户访问网站流程
IP地址划分
【1】A类:1.0.0.0~126.0.0.0
【2】B类:128.0.0.0~191.255.255.255
【3】C类:192.0.0.0~223.255.255.255
【4】D类:用于多点广播
【5】E类:用于保留
保留私有地址
【1】A类:10.0.0.0~10.255.255.255
【2】B类:172.16.0.0~172.31.255.255
【3】C类:192.168.0.0~192.168.255.255
DNS(Domain Name System,域名系统)
作用:域名和IP地址相互映射的一个分布式数据库,能够使用户更方便的访问互联网,而不用去记住能够被机器直接读取的IP数字串
【1】A记录:域名解析到IP的过程(正向代理),如www.baidu.com-->121.14.47.36
【2】CNAME记录:别名记录,常被CDN服务商应用
【3】MX记录:邮件交换记录
【4】PTR记录:IP解析到域名的过程(反向代理),如121.14.47.36-->www.baidu.com
【5】NS记录:指定负责给定区域的名称服务器(域名由哪台授权域名服务器管理)
DNS解析原理、流程
DNS本身是倒置的数状结构,类似Linux目录结构,它的顶点也是根(全球共13台)
全世界现有三个大的网络信息中心:位于美国的 Inter-NIC,负责美国及其它地区;位于荷兰的RIPE-NIC,负责欧洲地区;位于日本的APNIC ,负责亚太地区
递归查询和迭代查询
递归查询:DNS服务器接收到客户机请求,必须使用一个准确的查询结果回复客户机
迭代查询:客户机发送查询请求时,DNS服务器并不直接回复查询结果,而是告诉客户机另一台DNS服务器地址,客户机再向这台DNS服务器提交请求,依次循环直到返回查询的结果为止
查看DNS解析原理
[root@node1 ~]# dig @8.8.8.8 www.baidu.com +trace<==@8.8.8.8表示指定域名服务器
解析域名
【1】dig
[root@node1 ~]# dig @8.8.8.8 www.baidu.com +trace
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6 <<>> @8.8.8.8 www.baidu.com +trace
; (1 server found)
;; global options: +cmd
. 4289 IN NS a.roots.net.
. 4289 IN NS b.roots.net.
. 4289 IN NS c.roots.net.
. 4289 IN NS d.roots.net.
. 4289 IN NS e.roots.net.
. 4289 IN NS f.roots.net.
. 4289 IN NS g.roots.net.
. 4289 IN NS h.roots.net.
. 4289 IN NS i.roots.net.
. 4289 IN NS j.roots.net.
. 4289 IN NS k.roots.net.
. 4289 IN NS l.roots.net.
. 4289 IN NS m.roots.net.
;; Received 228 bytes from 8.8.8.8#53(8.8.8.8) in 720 ms
com. 172800 IN NS i.gtlds.net.
com. 172800 IN NS c.gtlds.net.
com. 172800 IN NS e.gtlds.net.
com. 172800 IN NS l.gtlds.net.
com. 172800 IN NS j.gtlds.net.
com. 172800 IN NS h.gtlds.net.
com. 172800 IN NS g.gtlds.net.
com. 172800 IN NS k.gtlds.net.
com. 172800 IN NS d.gtlds.net.
com. 172800 IN NS a.gtlds.net.
com. 172800 IN NS f.gtlds.net.
com. 172800 IN NS m.gtlds.net.
com. 172800 IN NS b.gtlds.net.
;; Received 491 bytes from 199.7.91.13#53(199.7.91.13) in 638 ms
baidu.com. 172800 IN NS dns.baidu.com.
baidu.com. 172800 IN NS ns2.baidu.com.
baidu.com. 172800 IN NS ns3.baidu.com.
baidu.com. 172800 IN NS ns4.baidu.com.
baidu.com. 172800 IN NS ns7.baidu.com.
;; Received 201 bytes from 192.55.83.30#53(192.55.83.30) in 4380 ms
www.baidu.com. 1200 IN CNAME www.a.shifen.com.
a.shifen.com. 1200 IN NS ns2.a.shifen.com.
a.shifen.com. 1200 IN NS ns1.a.shifen.com.
a.shifen.com. 1200 IN NS ns3.a.shifen.com.
a.shifen.com. 1200 IN NS ns5.a.shifen.com.
a.shifen.com. 1200 IN NS ns4.a.shifen.com.
;; Received 228 bytes from 61.135.165.235#53(61.135.165.235) in 50 ms
【2】nslookup
[root@node1 ~]# nslookup www.baidu.com
Server: 192.168.100.2
Address: 192.168.100.2#53
Non-authoritative answer:
www.baidu.com canonical name = www.a.shifen.com.
Name: www.a.shifen.com
Address: 14.215.177.37
Name: www.a.shifen.com
Address: 14.215.177.38
Address: 14.215.177.38
【3】host
[root@node1 ~]# host www.baidu.com
www.baidu.com is an alias for www.a.shifen.com.
www.a.shifen.com has address 14.215.177.38
www.a.shifen.com has address 14.215.177.37
【4】ping
[root@node1 ~]# ping www.baidu.com
PING www.a.shifen.com (14.215.177.38) 56(84) bytes of data.
64 bytes from 14.215.177.38: icmp_seq=1 ttl=128 time=14.4 ms
64 bytes from 14.215.177.38: icmp_seq=2 ttl=128 time=9.38 ms
64 bytes from 14.215.177.38: icmp_seq=3 ttl=128 time=9.07 ms
64 bytes from 14.215.177.38: icmp_seq=4 ttl=128 time=9.44 ms
系统主机名操作规范
【1】
[root@node1 ~]# hostname node1
【2】
[root@node1 ~]# vim /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=node1
【3】
[root@node1 ~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.100.133 node1
【4】
退出重新登录系统
Linux配置默认网关
【1】网卡配置文件,优先级别高于/etc/sysconfig/network
[root@node1 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
GATEWAY=192.168.100.2
【2】配置文件/etc/sysconfig/network
[root@node1 ~]# vim /etc/sysconfig/network
GATEWAY=192.168.100.2
【3】命令行,临时生效
[root@node1 ~]# route add default gw 192.168.100.2
Linux查看网关信息
http://oldboy.blog.51cto.com/2561410/1119453
http://oldboy.blog.51cto.com/2561410/974194
【1】
[root@node1 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0表示网卡eth0,到达192.168.0.0网段不走网关,
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0表示网卡eth0,到达169.254.0.0网段不走网关
0.0.0.0 192.168.100.2 0.0.0.0 UG 0 0 0 eth0表示网卡eth0,到达除了上述网段都走网关192.168.100.2
【2】
[root@node1 ~]# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 192.168.100.2 0.0.0.0 UG 0 0 0 eth0
查看及配置网络接口信息
【1】查看网络接口信息
[root@node1 ~]# ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:0C:29:27:E5:60
inet addr:192.168.100.133 Bcast:192.168.100.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe27:e560/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:90122 errors:0 dropped:0 overruns:0 frame:0
TX packets:36586 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:128378840 (122.4 MiB) TX bytes:2369987 (2.2 MiB)
【2】配置网络接口信息
【2-1】
[root@node1 ~]# ifconfig eth0:1 192.168.100.134 netmask 255.255.255.0 up
[root@node1 ~]# ip addr|grep "eth0"
eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
inet 192.168.100.133/24 brd 192.168.100.255 scope global eth0
inet 192.168.100.134/24 brd 192.168.100.255 scope global secondary eth0:1
【2-2】
[root@node1 ~]# ip addr add 192.168.100.135/24 dev eth0:2
[root@node1 ~]# ip addr|grep "eth0"
eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
inet 192.168.100.133/24 brd 192.168.100.255 scope global eth0
inet 192.168.100.134/24 brd 192.168.100.255 scope global secondary eth0:1
inet 192.168.100.135/24 scope global secondary eth0
检查网站故障方法
【1】ping server_ip
[root@node1 ~]# ping www.ajbcloud.com
PING www.ajbcloud.com (115.29.243.72) 56(84) bytes of data.
64 bytes from 115.29.243.72: icmp_seq=1 ttl=51 time=27.0 ms
64 bytes from 115.29.243.72: icmp_seq=2 ttl=51 time=27.0 ms
64 bytes from 115.29.243.72: icmp_seq=3 ttl=51 time=26.9 ms
64 bytes from 115.29.243.72: icmp_seq=4 ttl=51 time=26.8 ms
【2】traceroute server_ip(Windows:tracert -d server_ip)
[root@node1 ~]# traceroute -n www.ajbcloud.com
traceroute to www.ajbcloud.com (115.29.243.72), 30 hops max, 60 byte packets
1 124.172.225.1 9.769 ms 9.989 ms 10.218 ms
2 211.155.16.89 0.307 ms 0.943 ms 0.686 ms
3 211.155.20.101 1.331 ms 1.561 ms 1.554 ms
4 * * *
5 61.145.85.14 3.000 ms 3.234 ms 3.780 ms
6 61.145.78.53 4.037 ms 61.145.78.177 5.288 ms 5.129 ms
7 61.145.78.225 3.632 ms 7.156 ms 7.153 ms
8 202.97.56.158 19.262 ms 202.97.77.66 28.871 ms 28.876 ms
9 * * *
10 115.236.101.209 31.819 ms 115.238.21.121 26.067 ms 115.236.101.213 31.354 ms
11 42.120.244.182 31.278 ms 42.120.244.170 30.874 ms 42.120.244.198 26.591 ms
12 42.120.244.210 31.756 ms 42.120.244.202 31.745 ms 42.120.244.210 32.469 ms
13 * * *
14 115.29.243.72 31.776 ms 26.743 ms 32.430 ms
【3】telnet server_ip port
[root@node1 ~]# telnet www.ajbcloud.com 80
Trying 115.29.243.72...
Connected to www.ajbcloud.com.
Escape character is '^]'.
抓包工具汇总
【1】tcpdump
[root@node1 ~]# tcpdump -n icmp -i eth0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
10:53:29.350906 IP 192.168.100.1 > 192.168.100.133: ICMP echo request, id 1, seq 186, length 40
10:53:29.351317 IP 192.168.100.133 > 192.168.100.1: ICMP echo reply, id 1, seq 186, length 40
10:53:30.357718 IP 192.168.100.1 > 192.168.100.133: ICMP echo request, id 1, seq 187, length 40
10:53:30.357827 IP 192.168.100.133 > 192.168.100.1: ICMP echo reply, id 1, seq 187, length 40
10:53:31.357868 IP 192.168.100.1 > 192.168.100.133: ICMP echo request, id 1, seq 188, length 40
10:53:31.357976 IP 192.168.100.133 > 192.168.100.1: ICMP echo reply, id 1, seq 188, length 40
10:53:32.358905 IP 192.168.100.1 > 192.168.100.133: ICMP echo request, id 1, seq 189, length 40
10:53:32.359023 IP 192.168.100.133 > 192.168.100.1: ICMP echo reply, id 1, seq 189, length 40
10:53:32.359023 IP 192.168.100.133 > 192.168.100.1: ICMP echo reply, id 1, seq 189, length 40
【2】nmap
[root@node1 ~]# nmap www.ajbcloud.com
Starting Nmap 5.51 ( http://nmap.org ) at 2017-04-25 10:59 CST
Nmap scan report for www.ajbcloud.com (115.29.243.72)
Host is up (0.0025s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE
80/tcp open http
1723/tcp open pptp
Nmap done: 1 IP address (1 host up) scanned in 59.51 seconds
【3】Windows软件Wireshark、Sniffer、科来网络分析
硬盘组成:读写磁头、硬盘盘片(2-14片)、盘片主轴、磁头控制器、控制电机
磁头组件:读写磁头、传动手臂、传动轴
体积更小:存储密度更高
速度更快:读写更灵敏的磁头,主轴的转速更快,接口更先进
容量更大:存储密度更高
使用更安全:数据保持技术
请简述buffer和cache的区别
硬盘主轴的转速是衡量硬盘读写性能的重要标准,以及接口类型(SSD、SAS、SATA)
SAS:10K转速、15K转速(对外提供服务业务)
SATA:7.2K转速(数据备份业务)
硬盘专业术语
【1】Disk:磁盘
【2】Head:磁头
【3】Sector:扇区
【4】Track:磁道
【5】Cylinder:柱面
【6】Units:单元块,一个柱面大小
【7】Blcok:数据块
【8】Inode:索引节点编号
盘片:有多块,每片有两面,一般是2-14片,从上至下按照盘面,编号从0开始,每个盘面对应一个磁头
磁头数 = 盘片数 * 2 = 盘面数
在硬盘最外圈,离主轴最远的磁道称为0磁道,硬盘存数据就是从最外圈0磁道开始的
系统引导程序就在0磁头0磁道1扇区的前446字节,64字节为分区表(每个分区表占16字节),后面2字节为55aa分区结束标志
磁道:每个盘片有两个面,都可以记录信息,盘片表面以盘片中心为圆心,用于记录数据的不同半径的圆形磁化轨迹称为磁道,磁道看起来就是一个平面圆周形
寻道:机械的,从一个磁道移动到另一个磁道
柱面:有多少个磁道就有多少个柱面,不同的盘片相同半径的磁道轨迹从上到下所组成的圆柱形
扇区:磁道的组成单元,大小512字节,一个扇区包括存储数据地点的标示符和存储数据的数据段,编号从1开始
硬盘容量计算公式
【1】
硬盘容量 = 512B * 扇区数 * 磁道数 * 磁头数(盘面数)
【2】
硬盘容量 = 柱面数(磁道数)* 柱面大小(磁道大小 * 磁头数)
硬盘容量计算实践
[root@node1 ~]# fdisk -l
Disk /dev/sda: 8589 MB, 8589934592 bytes
255 heads, 63 sectors/track, 1044 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x0005be94
Device Boot Start End Blocks Id System
/dev/sda1 * 1 26 204800 83 Linux
Partition 1 does not end on cylinder boundary.
/dev/sda2 26 115 716800 82 Linux swap / Solaris
Partition 2 does not end on cylinder boundary.
/dev/sda3 115 1045 7465984 83 Linux
容量大小(字节)= 512B(扇区大小) * 63(扇区数) * 1044(柱面数) * 255(磁头数) = 8587192320字节
硬盘工作原理(机械硬盘)
【1】硬盘是按照柱面为单位读写数据
先读取同一个盘面的某个磁道,读完之后,如果数据没有读完,磁头不会切换到其它磁道,而是选择切换下一个磁头,读取下一个盘面的相同半径的磁道,直到所有盘面的相同半径的磁道读取完成,如果数据还没有读写完成,才会切换到其它半径不相同的磁道,这个切换过程称为寻道
【2】不同磁头间的切换是电子切换
不同磁道间的切换需要磁头做径向移动,这种移动需要电机调节,也是机械切换
数据在硬盘的位置:磁头、磁道、扇区
备份MBR实践
[root@node1 ~]# dd if=/dev/sda of=mbr bs=512 count=1
1+0 records in
1+0 records out
512 bytes (512 B) copied, 0.000256567 s, 2.0 MB/s
查看MBR信息
[root@node1 ~]# hexdump -C mbr
00000000 eb 48 90 10 8e d0 bc 00 b0 b8 00 00 8e d8 8e c0 |.H..............|
00000010 fb be 00 7c bf 00 06 b9 00 02 f3 a4 ea 21 06 00 |...|.........!..|
00000020 00 be be 07 38 04 75 0b 83 c6 10 81 fe fe 07 75 |....8.u........u|
00000030 f3 eb 16 b4 02 b0 01 bb 00 7c b2 80 8a 74 03 02 |.........|...t..|
00000040 80 00 00 80 5a 4e 00 00 00 08 fa 90 90 f6 c2 80 |....ZN..........|
00000050 75 02 b2 80 ea 59 7c 00 00 31 c0 8e d8 8e d0 bc |u....Y|..1......|
00000060 00 20 fb a0 40 7c 3c ff 74 02 88 c2 52 f6 c2 80 |. ..@|<.t...R...|
00000070 74 54 b4 41 bb aa 55 cd 13 5a 52 72 49 81 fb 55 |tT.A..U..ZRrI..U|
00000080 aa 75 43 a0 41 7c 84 c0 75 05 83 e1 01 74 37 66 |.uC.A|..u....t7f|
00000090 8b 4c 10 be 05 7c c6 44 ff 01 66 8b 1e 44 7c c7 |.L...|.D..f..D|.|
000000a0 04 10 00 c7 44 02 01 00 66 89 5c 08 c7 44 06 00 |....D...f.\..D..|
000000b0 70 66 31 c0 89 44 04 66 89 44 0c b4 42 cd 13 72 |pf1..D.f.D..B..r|
000000c0 05 bb 00 70 eb 7d b4 08 cd 13 73 0a f6 c2 80 0f |...p.}....s.....|
000000d0 84 f0 00 e9 8d 00 be 05 7c c6 44 ff 00 66 31 c0 |........|.D..f1.|
000000e0 88 f0 40 66 89 44 04 31 d2 88 ca c1 e2 02 88 e8 |..@f.D.1........|
000000f0 88 f4 40 89 44 08 31 c0 88 d0 c0 e8 02 66 89 04 |..@.D.1......f..|
00000100 66 a1 44 7c 66 31 d2 66 f7 34 88 54 0a 66 31 d2 |f.D|f1.f.4.T.f1.|
00000110 66 f7 74 04 88 54 0b 89 44 0c 3b 44 08 7d 3c 8a |f.t..T..D.;D.}<.|
00000120 54 0d c0 e2 06 8a 4c 0a fe c1 08 d1 8a 6c 0c 5a |T.....L......l.Z|
00000130 8a 74 0b bb 00 70 8e c3 31 db b8 01 02 cd 13 72 |.t...p..1......r|
00000140 2a 8c c3 8e 06 48 7c 60 1e b9 00 01 8e db 31 f6 |*....H|`......1.|
00000150 31 ff fc f3 a5 1f 61 ff 26 42 7c be 7f 7d e8 40 |1.....a.&B|..}.@|
00000160 00 eb 0e be 84 7d e8 38 00 eb 06 be 8e 7d e8 30 |.....}.8.....}.0|
00000170 00 be 93 7d e8 2a 00 eb fe 47 52 55 42 20 00 47 |...}.*...GRUB .G|
00000180 65 6f 6d 00 48 61 72 64 20 44 69 73 6b 00 52 65 |eom.Hard Disk.Re|
00000190 61 64 00 20 45 72 72 6f 72 00 bb 01 00 b4 0e cd |ad. Error.......|
000001a0 10 ac 3c 00 75 f4 c3 00 00 00 00 00 00 00 00 00 |..<.u...........|
000001b0 00 00 00 00 00 00 00 00 d4 18 02 00 00 00 80 20 |............... |
000001c0 21 00 83 9f 06 19 00 08 00 00 00 40 06 00 00 9f |!..........@....|
000001d0 07 19 82 db 29 72 00 48 06 00 00 e0 15 00 00 db |....)r.H........|
000001e0 2a 72 83 fe ff ff 00 28 1c 00 00 d8 c3 01 00 00 |*r.....(........|
000001f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 aa |..............U.|
00000200
恢复MBR
[root@node1 ~]# dd if=mbr of=/dev/sda bs=512 count=1
恢复分区表
[root@node1 ~]# dd if=mbr of=/dev/sda bs=512 skip=446 count=66
硬盘分区实质:修改硬盘分区表信息
硬盘分区工具:小于2T使用fdisk,大于2T使用parted,二者不兼容,首选fdisk
硬盘柱面扇区小结
【1】一块硬盘有2-14个盘片,每个盘片有两个盘面,每个盘面对应有一个读写磁头,用磁头来区分盘面,盘面数就是磁头数,盘片数*2=磁头数(盘面)
【2】不同盘面的磁道被划分成多个区域,每个区域就是一个扇区
【3】同一个盘面,以盘片中心为圆心,每个不同半径的圆形轨迹就是一个磁道
【4】不同盘面相同半径的磁道组成一个圆柱面就是柱面
【5】一个柱面包含多个磁道(这些磁道半径相同),一个磁道包含多个扇区
【6】数据信息记录可表示为:某磁头,某磁道,某扇区
硬盘分区表大小64字节,每个分区表大小16字节
fdisk命令分区实际上是修改分区表
http://oldboy.blog.51cto.com/2561410/634725
常见的文件系统类型:ext2/3/4、xfs、fat、fat32、ntfs
文件系统小结
【1】文件系统是对一个存储设备上的数据和元数据进行组织的一种机制
【2】分区必须格式化创建文件系统才能存放数据
【3】一个分区只能有一种文件系统
【4】Linux常见文件系统ext2/3/4、xfs,windows常见文件系统fat、fat32、ntfs
fdisk硬盘分区实践
[root@node1 ~]# fdisk -cu /dev/sdb
Device contains neither a valid DOS partition table, nor Sun, SGI or OSF disklabel
Building a new DOS disklabel with disk identifier 0x0fe50d91.
Changes will remain in memory only, until you decide to write them.
After that, of course, the previous content won't be recoverable.
Warning: invalid flag 0x0000 of partition table 4 will be corrected by w(rite)
Command (m for help): m
Command action
a toggle a bootable flag
b edit bsd disklabel
c toggle the dos compatibility flag
d delete a partition
l list known partition types
m print this menu
n add a new partition
o create a new empty DOS partition table
p print the partition table
q quit without saving changes
s create a new empty Sun disklabel
t change a partition's system id
u change display/entry units
v verify the partition table
w write table to disk and exit
x extra functionality (experts only)
Command (m for help): n
Command action
e extended
p primary partition (1-4)
p
Partition number (1-4): 1
First sector (2048-2097151, default 2048):
Using default value 2048
Last sector, +sectors or +size{K,M,G} (2048-2097151, default 2097151): +10M
Command (m for help): p
Disk /dev/sdb: 1073 MB, 1073741824 bytes
255 heads, 63 sectors/track, 130 cylinders, total 2097152 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x0fe50d91
Device Boot Start End Blocks Id System
/dev/sdb1 2048 22527 10240 83 Linux
Command (m for help): p
Disk /dev/sdb: 1073 MB, 1073741824 bytes
255 heads, 63 sectors/track, 130 cylinders, total 2097152 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x0fe50d91
Device Boot Start End Blocks Id System
/dev/sdb1 2048 22527 10240 83 Linux
/dev/sdb2 22528 2097151 1037312 5 Extended
/dev/sdb5 24576 45055 10240 83 Linux
/dev/sdb6 47104 67583 10240 83 Linux
/dev/sdb7 69632 90111 10240 83 Linux
/dev/sdb8 92160 112639 10240 83 Linux
/dev/sdb9 114688 2097151 991232 83 Linux
Command (m for help): w
The partition table has been altered!
Calling ioctl() to re-read partition table.
Syncing disks.
[root@node1 ~]# partprobe /dev/sdb<==通知操作系统分区表的变化
[root@node1 ~]# ls -l /dev/sdb*
brw-rw----. 1 root disk 8, 16 Mar 10 21:55 /dev/sdb
brw-rw----. 1 root disk 8, 17 Mar 10 21:55 /dev/sdb1
brw-rw----. 1 root disk 8, 18 Mar 10 21:55 /dev/sdb2
brw-rw----. 1 root disk 8, 21 Mar 10 21:55 /dev/sdb5
brw-rw----. 1 root disk 8, 22 Mar 10 21:55 /dev/sdb6
brw-rw----. 1 root disk 8, 23 Mar 10 21:55 /dev/sdb7
brw-rw----. 1 root disk 8, 24 Mar 10 21:55 /dev/sdb8
brw-rw----. 1 root disk 8, 25 Mar 10 21:55 /dev/sdb9
fdisk自动化硬盘分区实践
[root@node1 ~]# echo -e "n\np\n1\n\n+10M\nw\n"|fdisk -cu /dev/sdb
Command (m for help): Command action
e extended
p primary partition (1-4)
Partition number (1-4): First sector (2048-2097151, default 2048): Using default value 2048
Last sector, +sectors or +size{K,M,G} (2048-2097151, default 2097151):
Command (m for help): The partition table has been altered!
Calling ioctl() to re-read partition table.
Syncing disks.
[root@node1 ~]# fdisk -cu /dev/sdb
Command (m for help): p
Disk /dev/sdb: 1073 MB, 1073741824 bytes
103 heads, 37 sectors/track, 550 cylinders, total 2097152 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x000e8e9a
Device Boot Start End Blocks Id System
/dev/sdb1 2048 22527 10240 83 Linux
parted硬盘分区实践(支持大于2T磁盘分区,使用GTP分区表,与fdisk不兼容)
[root@node1 ~]# parted /dev/sdb
GNU Parted 2.1
Using /dev/sdb
Welcome to GNU Parted! Type 'help' to view a list of commands.
(parted) help
align-check TYPE N check partition N for TYPE(min|opt) alignment
check NUMBER do a simple check on the file system
cp [FROM-DEVICE] FROM-NUMBER TO-NUMBER copy file system to another partition
help [COMMAND] print general help, or help on COMMAND
mklabel,mktable LABEL-TYPE create a new disklabel (partition table)
mkfs NUMBER FS-TYPE make a FS-TYPE file system on partition NUMBER
mkpart PART-TYPE [FS-TYPE] START END make a partition
mkpartfs PART-TYPE FS-TYPE START END make a partition with a file system
move NUMBER START END move partition NUMBER
name NUMBER NAME name partition NUMBER as NAME
print [devices|free|list,all|NUMBER] display the partition table, available devices, free space, all found partitions, or a particular partition
quit exit program
rescue START END rescue a lost partition near START and END
resize NUMBER START END resize partition NUMBER and its file system
rm NUMBER delete partition NUMBER
select DEVICE choose the device to edit
set NUMBER FLAG STATE change the FLAG on partition NUMBER
toggle [NUMBER [FLAG]] toggle the state of FLAG on partition NUMBER
unit UNIT set the default unit to UNIT
version display the version number and copyright information of GNU Parted
(parted) mklabel gpt<==修改成GPT分区表
Warning: The existing disk label on /dev/sdb will be destroyed and all data on this disk will be lost. Do you
want to continue?
Yes/No? Yes
(parted) p
Model: VMware, VMware Virtual S (scsi)
Disk /dev/sdb: 1074MB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Number Start End Size File system Name Flags
(parted) mkpart primary 0 10<==创建主分区,默认10M
Warning: The resulting partition is not properly aligned for best performance.
Ignore/Cancel? Ignore
(parted) p
Model: VMware, VMware Virtual S (scsi)
Disk /dev/sdb: 1074MB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Number Start End Size File system Name Flags
1 17.4kB 10.0MB 9983kB primary
(parted) quit
[root@node1 ~]# ls -l /dev/sdb*
brw-rw----. 1 root disk 8, 16 Mar 11 00:57 /dev/sdb
parted自动化硬盘分区实践
[root@node1 ~]# parted /dev/sdb mklabel gpt yes
Warning: The existing disk label on /dev/sdb will be destroyed and all data on this disk will be lost. Do you
want to continue?
Information: You may need to update /etc/fstab.
[root@node1 ~]# parted /dev/sdb mkpart primary ext4 0 10 Ignore
Warning: The resulting partition is not properly aligned for best performance.
Information: You may need to update /etc/fstab.
[root@node1 ~]# parted /dev/sdb p
Model: VMware, VMware Virtual S (scsi)
Disk /dev/sdb: 1074MB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Number Start End Size File system Name Flags
1 17.4kB 10.0MB 9983kB primary
分区格式化实践
[root@node1 ~]# mkfs -t ext4 /dev/sdb1
mke2fs 1.41.12 (17-May-2010)
Filesystem label=
OS type: Linux
Block size=1024 (log=0)
Fragment size=1024 (log=0)
Stride=0 blocks, Stripe width=0 blocks
2448 inodes, 9748 blocks
487 blocks (5.00%) reserved for the super user
First data block=1
Maximum filesystem blocks=10223616
2 block groups
8192 blocks per group, 8192 fragments per group
1224 inodes per group
Superblock backups stored on blocks: 8193
Writing inode tables: done
Creating journal (1024 blocks): done
Writing superblocks and filesystem accounting information: done
This filesystem will be automatically checked every 35 mounts or
180 days, whichever comes first. Use tune2fs -c or -i to override.
[root@node1 ~]# tune2fs -c -1 /dev/sdb1
tune2fs 1.41.12 (17-May-2010)
Setting maximal mount count to -1
分区挂载及开机自动挂载实践
[root@node1 ~]# mount /dev/sdb1 /mnt/<==手动挂载
[root@node1 ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda3 6.9G 1.4G 5.2G 21% /
tmpfs 244M 0 244M 0% /dev/shm
/dev/sda1 190M 27M 153M 16% /boot
/dev/sdb1 8.3M 90K 7.7M 2% /mnt
[root@node1 ~]# blkid /dev/sdb1<==开机自动挂载
/dev/sdb1: UUID="7c2b0d41-e81f-4563-83d9-e8cadd6728e9" TYPE="ext4"
[root@node1 ~]# vim /etc/fstab
UUID=7c2b0d41-e81f-4563-83d9-e8cadd6728e9 /mnt ext4 defaults 0 0
[root@node1 ~]# tail -1 /etc/fstab
UUID=7c2b0d41-e81f-4563-83d9-e8cadd6728e9 /mnt ext4 defaults 0 0
[root@node1 ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda3 6.9G 1.4G 5.2G 21% /
tmpfs 244M 0 244M 0% /dev/shm
/dev/sda1 190M 27M 153M 16% /boot
[root@node1 ~]# mount -a
[root@node1 ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda3 6.9G 1.4G 5.2G 21% /
tmpfs 244M 0 244M 0% /dev/shm
/dev/sda1 190M 27M 153M 16% /boot
/dev/sdb1 8.3M 90K 7.7M 2% /mnt
Linux系统swap实践
[root@node1 ~]# fdisk -cu /dev/sdb
Command (m for help): n
Command action
e extended
p primary partition (1-4)
p
Partition number (1-4): 2
First sector (4196352-16777215, default 4196352):
Using default value 4196352
Last sector, +sectors or +size{K,M,G} (4196352-16777215, default 16777215): +300M
Command (m for help): t
Partition number (1-4): 2
Hex code (type L to list codes): 82
Changed system type of partition 2 to 82 (Linux swap / Solaris)
Command (m for help): p
Disk /dev/sdb: 8589 MB, 8589934592 bytes
54 heads, 48 sectors/track, 6472 cylinders, total 16777216 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x15e4ef30
Device Boot Start End Blocks Id System
/dev/sdb1 2048 4196351 2097152 83 Linux
/dev/sdb2 4196352 4810751 307200 82 Linux swap / Solaris
Command (m for help): w
The partition table has been altered!
Calling ioctl() to re-read partition table.
WARNING: Re-reading the partition table failed with error 16: Device or resource busy.
The kernel still uses the old table. The new table will be used at
the next reboot or after you run partprobe(8) or kpartx(8)
Syncing disks.
[root@node1 ~]# partprobe /dev/sdb
[root@node1 ~]# ls -l /dev/sdb?
brw-rw---- 1 root disk 8, 17 Apr 5 17:38 /dev/sdb1
brw-rw---- 1 root disk 8, 18 Apr 5 17:38 /dev/sdb2
[root@node1 ~]# mkswap /dev/sdb2
Setting up swapspace version 1, size = 307196 KiB
no label, UUID=9ebe8cf0-5ba1-4076-9b1a-33490a0d6ae8
[root@node1 ~]# swapon /dev/sdb2
[root@node1 ~]# free -m
total used free shared buffers cached
Mem: 486 97 389 0 10 35
-/+ buffers/cache: 50 435
Swap: 999 0 999
NFS简介:网络文件系统(Network File System,简称NFS)是FreeBSD支持的文件系统中的一种,它允许网络中的计算机之间通过TCP/IP网络共享资源,在NFS的应用中,本地NFS的客户端应用可以透明地读写位于远端NFS服务器上的文件,就像访问本地文件一样
NFS应用场景:存储图片、视频、附件等静态资源
NFS(Network File System)原理
环境准备
192.168.100.133Nfs-Server
192.168.100.134Web01-Server
192.168.100.135Web02-Server
服务端安装配置
[root@Nfs-Server ~]# cat /etc/redhat-release
CentOS release 6.6 (Final)
[root@Nfs-Server ~]# uname -r
2.6.32-504.el6.x86_64
[root@Nfs-Server ~]# uname -m
x86_64
[root@Nfs-Server ~]# rpm -qa nfs-utils rpcbind
[root@Nfs-Server ~]# yum -y install nfs-utils rpcbind
[root@Nfs-Server ~]# rpm -qa nfs-utils rpcbind
rpcbind-0.2.0-13.el6.x86_64
nfs-utils-1.2.3-75.el6.x86_64
[root@Nfs-Server ~]# /etc/init.d/rpcbind start
Starting rpcbind: [ OK ]
[root@Nfs-Server ~]# /etc/init.d/rpcbind status
rpcbind (pid 1855) is running...
[root@Nfs-Server ~]# netstat -tnlup|grep "rpcbind"|grep -v "grep"
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1855/rpcbind
tcp 0 0 :::111 :::* LISTEN 1855/rpcbind
udp 0 0 0.0.0.0:111 0.0.0.0:* 1855/rpcbind
udp 0 0 0.0.0.0:758 0.0.0.0:* 1855/rpcbind
udp 0 0 :::111 :::* 1855/rpcbind
udp 0 0 :::758 :::* 1855/rpcbind
[root@Nfs-Server ~]# lsof -i:111
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
rpcbind 1855 rpc 6u IPv4 15621 0t0 UDP *:sunrpc
rpcbind 1855 rpc 8u IPv4 15624 0t0 TCP *:sunrpc (LISTEN)
rpcbind 1855 rpc 9u IPv6 15626 0t0 UDP *:sunrpc
rpcbind 1855 rpc 11u IPv6 15629 0t0 TCP *:sunrpc (LISTEN)
[root@Nfs-Server ~]# rpcinfo -p localhost<==查看NFS注册端口信息
program vers proto port service
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
[root@Nfs-Server ~]# /etc/init.d/nfs start
Starting NFS services: [ OK ]
Starting NFS quotas: [ OK ]
Starting NFS mountd: [ OK ]
Starting NFS daemon: [ OK ]
Starting RPC idmapd: [ OK ]
[root@Nfs-Server ~]# /etc/init.d/nfs status
rpc.svcgssd is stopped
rpc.mountd (pid 27057) is running...
nfsd (pid 27073 27072 27071 27070 27069 27068 27067 27066) is running...
rpc.rquotad (pid 27052) is running...
[root@Nfs-Server ~]# netstat -tnlup|grep "2049"|grep -v "grep"
tcp 0 0 0.0.0.0:2049 0.0.0.0:* LISTEN -
tcp 0 0 :::2049 :::* LISTEN -
[root@Nfs-Server ~]# rpcinfo -p localhost
program vers proto port service
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
100011 1 udp 875 rquotad
100011 2 udp 875 rquotad
100011 1 tcp 875 rquotad
100011 2 tcp 875 rquotad
100005 1 udp 52329 mountd
100005 1 tcp 4257 mountd
100005 2 udp 9617 mountd
100005 2 tcp 29066 mountd
100005 3 udp 56146 mountd
100005 3 tcp 7727 mountd
100003 2 tcp 2049 nfs
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
100227 2 tcp 2049 nfs_acl
100227 3 tcp 2049 nfs_acl
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100003 4 udp 2049 nfs
100227 2 udp 2049 nfs_acl
100227 3 udp 2049 nfs_acl
100021 1 udp 23470 nlockmgr
100021 3 udp 23470 nlockmgr
100021 4 udp 23470 nlockmgr
100021 1 tcp 15660 nlockmgr
100021 3 tcp 15660 nlockmgr
100021 4 tcp 15660 nlockmgr
[root@Nfs-Server ~]# chkconfig --level 3 rpcbind on
[root@Nfs-Server ~]# chkconfig --level 3 nfs on
[root@Nfs-Server ~]# chkconfig --list nfs
nfs 0:off 1:off 2:off 3:on 4:off 5:off 6:off
[root@Nfs-Server ~]# chkconfig --list rpcbind
rpcbind 0:off 1:off 2:off 3:on 4:off 5:off 6:off
启动顺序:rpcbind(13)-->nfs(30)
关闭顺序:nfs(60)-->rpcbind(87)
[root@Nfs-Server ~]# head -5 /etc/init.d/rpcbind
#! /bin/sh
#
# rpcbind Start/Stop RPCbind
#
# chkconfig: 2345 13 87
[root@Nfs-Server ~]# head -6 /etc/init.d/nfs
#!/bin/sh
#
# nfs This shell script takes care of starting and stopping
# the NFS services.
#
# chkconfig: - 30 60
NFS配置文件:/etc/exports
NFS配置文件语法格式
第一列:共享目录
第二列:客户端地址(权限)
EXAMPLE
# sample /etc/exports file
/ master(rw) trusty(rw,no_root_squash)
/projects proj*.local.domain(rw)
/usr *.local.domain(ro) @trusted(rw)
/home/joe pc001(rw,all_squash,anonuid=150,anongid=100)
/pub *(ro,insecure,all_squash)
/srv/www -sync,rw server @trusted @external(ro)
/foo 2001:db8:9:e54::/64(rw) 192.0.2.0/24(rw)
/build buildhost[0-9].local.domain(rw)
[root@Nfs-Server ~]# mkdir /data<==创建共享目录
[root@Nfs-Server ~]# ls -ld /data/
drwxr-xr-x. 2 root root 4096 Apr 27 13:54 /data/
[root@Nfs-Server ~]# vim /etc/exports
/data 192.168.100.0/24(rw,sync,all_squash)
[root@Nfs-Server ~]# cat /etc/exports
/data 192.168.100.0/24(rw,sync,all_squash)
[root@Nfs-Server ~]# /etc/init.d/nfs reload
[root@Nfs-Server ~]# exportfs -rv
exporting 192.168.100.0/24:/data
[root@Nfs-Server ~]# showmount -e localhost
Export list for localhost:
/data 192.168.100.0/24
[root@Nfs-Server ~]# mount -t nfs 192.168.100.133:/data /mnt/
[root@Nfs-Server ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda3 13G 1.6G 11G 13% /
tmpfs 244M 0 244M 0% /dev/shm
/dev/sda1 976M 27M 898M 3% /boot
192.168.100.133:/data 13G 1.6G 11G 13% /mnt
[root@Nfs-Server ~]# cat /proc/mounts|grep "mnt"|grep -v "grep"
192.168.100.133:/data/ /mnt nfs4 rw,relatime,vers=4,rsize=65536,wsize=65536,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=192.168.100.133,minorversion=0,local_lock=none,addr=192.168.100.133 0 0
[root@Nfs-Server ~]# touch /mnt/lb.txt<==创建文件失败,没有权限
touch: cannot touch `/mnt/lb.txt': Permission denied
[root@Nfs-Server ~]# cat /var/lib/nfs/etab<==查看共享目录参数,NFS客户端访问服务端是以ID为65534的用户身份访问,也就是nfsnobody
/data 192.168.100.0/24(rw,sync,wdelay,hide,nocrossmnt,secure,root_squash,all_squash,no_subtree_check,secure_locks,acl,anonuid=65534,anongid=65534,sec=sys,rw,root_squash,all_squash)
[root@Nfs-Server ~]# grep "nfsnobody" /etc/passwd
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
[root@Nfs-Server ~]# ls -ld /data/
drwxr-xr-x. 2 root root 4096 Mar 12 22:39 /data/
[root@Nfs-Server ~]# chown -R nfsnobody: /data/
[root@Nfs-Server ~]# ls -ld /data/
drwxr-xr-x. 2 nfsnobody root 4096 Aug 30 20:36 /data/
[root@Nfs-Server ~]# touch /mnt/lb.txt
[root@Nfs-Server ~]# ls -l /mnt/lb.txt
-rw-r--r--. 1 nfsnobody nfsnobody 0 Apr 27 14:38 /mnt/lb.txt
[root@Nfs-Server ~]# ls -l /data/lb.txt
-rw-r--r--. 1 nfsnobody nfsnobody 0 Apr 27 14:38 /data/lb.txt
客户端安装配置
[root@Web01-Server ~]# cat /etc/redhat-release
CentOS release 6.6 (Final)
[root@Web01-Server ~]# uname -r
2.6.32-504.el6.x86_64
[root@Web01-Server ~]# uname -m
x86_64
[root@Web01-Server ~]# rpm -qa nfs-utils rpcbind
[root@Web01-Server ~]# yum -y install nfs-utils rpcbind
[root@Web01-Server ~]# rpm -qa nfs-utils rpcbind
rpcbind-0.2.0-13.el6.x86_64
nfs-utils-1.2.3-75.el6.x86_64
[root@Web01-Server ~]# /etc/init.d/rpcbind start
Starting rpcbind: [ OK ]
[root@Web01-Server ~]# /etc/init.d/rpcbind status
rpcbind (pid 26992) is running...
[root@Web01-Server ~]# netstat -tnlup|grep "rpcbind"|grep -v "grep"
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 26992/rpcbind
tcp 0 0 :::111 :::* LISTEN 26992/rpcbind
udp 0 0 0.0.0.0:879 0.0.0.0:* 26992/rpcbind
udp 0 0 0.0.0.0:111 0.0.0.0:* 26992/rpcbind
udp 0 0 :::879 :::* 26992/rpcbind
udp 0 0 :::111 :::* 26992/rpcbind
[root@Web01-Server ~]# lsof -i:111
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
rpcbind 26992 rpc 6u IPv4 36885 0t0 UDP *:sunrpc
rpcbind 26992 rpc 8u IPv4 36888 0t0 TCP *:sunrpc (LISTEN)
rpcbind 26992 rpc 9u IPv6 36890 0t0 UDP *:sunrpc
rpcbind 26992 rpc 11u IPv6 36893 0t0 TCP *:sunrpc (LISTEN)
[root@Web01-Server ~]# chkconfig --level 3 rpcbind on
[root@Web01-Server ~]# chkconfig --list rpcbind
rpcbind 0:off 1:off 2:on 3:on 4:on 5:on 6:off
[root@Web01-Server ~]# showmount -e 192.168.100.133
clnt_create: RPC: Port mapper failure - Unable to receive: errno 113 (No route to host)<==未关闭服务器端防火墙
[root@Nfs-Server ~]# /etc/init.d/iptables stop
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
[root@Nfs-Server ~]# chkconfig --level 3 iptables off
[root@Web01-Server ~]# showmount -e 192.168.100.133
Export list for 192.168.100.133:
/data 192.168.100.0/24
[root@Web01-Server ~]# mount -t nfs 192.168.100.133:/data /mnt/
[root@Web01-Server ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda3 13G 1.6G 11G 13% /
tmpfs 244M 0 244M 0% /dev/shm
/dev/sda1 976M 27M 898M 3% /boot
192.168.100.133:/data 13G 1.6G 11G 13% /mnt
[root@Web01-Server ~]# cat /proc/mounts|grep "mnt"|grep -v "grep"
192.168.100.133:/data/ /mnt nfs4 rw,relatime,vers=4,rsize=65536,wsize=65536,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=192.168.100.134,minorversion=0,local_lock=none,addr=192.168.100.133 0 0
[root@Web01-Server ~]# echo "/bin/mount -t nfs 192.168.100.133:/data /mnt/" >> /etc/rc.local
[root@Web01-Server ~]# tail -1 /etc/rc.local
/bin/mount -t nfs 192.168.100.133:/data /mnt/
[root@Web01-Server ~]# ls -l /mnt/lb.txt
-rw-r--r--. 1 nfsnobody nfsnobody 0 Apr 27 14:38 /mnt/lb.txt
[root@Web01-Server ~]# touch /mnt/linbin.txt<==创建文件
[root@Web01-Server ~]# ls -l /mnt/linbin.txt
-rw-r--r--. 1 nfsnobody nfsnobody 0 Apr 27 14:40 /mnt/linbin.txt
NFS配置文件权限参数
rw<==读写权限
ro<==只读权限
sync<==数据同步写入硬盘,效率不高
async<==数据异步写入硬盘,效率比sync高,但可能会丢失数据
root_squash<==将root用户及所属组都映射为匿名用户或用户组nfsnobody
no_root_squash<==与root_squahs相反
all_squash<==将所有用户都映射为匿名用户nfsnobody
no_all_squash<==与all_squash相反
anonuid<==匿名用户UID
anongid<==匿名用户GID
NFS服务重要文件
【1】/etc/exports<==NFS服务配置文件
【2】/usr/sbin/exportfs<==NFS服务管理命令,重新加载配置文件
【3】/usr/sbin/showmount<==NFS服务端挂载信息查看命令
【4】/var/lib/nfs/etab<==NFS配置文件完整参数设定文件
【5】/proc/mounts<==系统挂载信息查看
[root@Nfs-Server ~]# cat /var/lib/nfs/etab
/data 192.168.100.0/24(rw,sync,wdelay,hide,nocrossmnt,secure,root_squash,all_squash,no_subtree_check,secure_locks,acl,anonuid=65534,anongid=65534,sec=sys,rw,root_squash,all_squash)
[root@Web01-Server ~]# grep "mnt" /proc/mounts|grep -v "grep"
192.168.100.133:/data/ /mnt nfs4 rw,relatime,vers=4,rsize=65536,wsize=65536,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=192.168.100.134,minorversion=0,local_lock=none,addr=192.168.100.133 0 0
[root@Web01-Server ~]# mount -t nfs -o bg,hard,nosuid,noexec,noatime,nodev,nodiratime,rsize=65535,wsize=65535 192.168.100.133:/data /mnt
[root@Web01-Server ~]# echo “/bin/mount -t nfs -o bg,hard,nosuid,noexec,noatime,nodev,nodiratime,rsize=65535,wsize=65535 192.168.100.133:/data /mnt” >> /etc/rc.local
[root@Web01-Server ~]# tail -1 /etc/rc.local
/bin/mount -t nfs -o bg,hard,nosuid,noexec,noatime,nodev,nodiratime,rsize=65535,wsize=65535 192.168.100.133:/data /mnt
bg<==后台执行
hard<==硬挂载,持续呼叫,结合参数intr支持中断,避免整个系统被NFS锁死
rsize<==限制读取速度
wsize<==限制写入速度
proto<==协议
nosuid<==不允许设置suid
noexec<==不允许执行二进制文件
nodev<==不允许解读字符或区块设备
noatime<==不更新文件访问时间
nodiratime<==不更新目录访问时间
请简述TCP和UDP概念及二者区别
【1】TCP:Transmission Control Protocol 传输控制协议,是一种面向连接的、可靠的、基于字节流的传输层通信协议
【2】UDP:User Datagram Protocol 用户数据报协议,是一种简单的面向数据报的传输层协议,是不可靠的,不面向连接的
【3】区别:面向连接和面向非连接
【3-1】TCP协议面向连接,UDP协议面向非连接
【3-2】TCP协议传输速度慢,UDP协议传输速度快
【3-3】TCP有丢包重传机制,UDP没有丢包重传机制
【3-4】TCP协议保证数据正确性,UDP协议可能丢包
defaults默认挂载选项:rw, suid, dev, exec, auto, nouser, async, and relatime
文件系统只读故障修复实践
【1】根据系统提示输入root密码
【2】以可读写的方式重新加载根分区(此时文件系统为只读,需要以可读写的方式重新挂载)
[root@node1 ~]# mount -o rw,remount /
【3】根据实际情况修复文件系统挂载配置文件/etc/fstab
[root@node1 ~]# vim /etc/fstab
【4】重新加载/etc/fstab
[root@node1 ~]# mount -a
【5】查看挂载是否正常
[root@node1 ~]# df -h
【6】重新启动系统
[root@node1 ~]# reboot
内核参数优化(客户端及服务端)
[root@Nfs-Server ~]# cat >> /etc/sysctl.conf<<EOF
####For NFS Server By LinBin At 2017-04-27####
net.core.wmem_default = 8388608<==默认写内存缓冲区
net.core.rmem_default = 8388608<==默认写内存缓冲区
net.core.rmem_max = 16777216<==最大写内存缓冲区
net.core.wmem_max = 16777216<==最大读内存缓冲区
EOF
[root@Nfs-Server ~]# sysctl -p
[root@Web01-Server mnt]# umount /mnt/<==不能卸载已挂载文件系统
umount.nfs: /mnt: device is busy
umount.nfs: /mnt: device is busy
[root@Web01-Server mnt]# umount -lf /mnt/
[root@Web01-Server mnt]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda3 6.9G 1.4G 5.2G 22% /
tmpfs 244M 0 244M 0% /dev/shm
/dev/sda1 190M 27M 153M 16% /boot
rsync简介:rsync是类unix系统下的数据镜像备份工具——remote sync。一款快速增量备份工具 Remote Sync,远程同步 支持本地复制,或者与其他SSH、rsync主机同步
rsync官网文档:https://rsync.samba.org/ftp/rsync/rsync.html
CentOS5.x先比较再同步,CentOS6.x边比较边同步
rsync应用场景
【1】定时备份:rsync+crontab
【2】实时备份:rsync+inotify(sersync)
rsync工作模式
【1】本地拷贝,相当于cp
【2】远程拷贝,相当于scp
【3】删除功能,相当于rm
Local: rsync [OPTION...] SRC... [DEST]
Access via remote shell:<==通过隧道传输数据
Pull: rsync [OPTION...] [USER@]HOST:SRC... [DEST]<==远端-->本地
Push: rsync [OPTION...] SRC... [USER@]HOST:DEST<==本地-->远端
Access via rsync daemon:
Pull: rsync [OPTION...] [USER@]HOST::SRC... [DEST]
rsync [OPTION...] rsync://[USER@]HOST[:PORT]/SRC... [DEST]
Push: rsync [OPTION...] SRC... [USER@]HOST::DEST
rsync [OPTION...] SRC... rsync://[USER@]HOST[:PORT]/DEST
本地模式
【1】拷贝功能:rsync -avz /etc/hosts /tmp == cp -a /etc/hosts /tmp
【2】删除功能:rsync -avz --delete /null/ /tmp == rm<==/null存在的,/tmp也存在;/null不存在的,/tmp也不存在
远程模式
【1】本地-->远端:rsync -avzP -e 'ssh -p 22' /tmp/ root@192.168.100.133:/tmp/<=="-P"表示显示同步过程,"-e"表示使用信道协议
【2】远端-->本地:rsync -avzP -e 'ssh -p 22' root@192.168.100.133:/tmp/ /opt<=="-P"表示显示同步过程,"-e"表示使用信道协议
服务模式
【1】服务端安装配置
[root@Backup-Server ~]# rpm -qa rsync
rsync-3.0.6-12.el6.x86_64
[root@Backup-Server ~]# rsync --version
rsync version 3.0.6 protocol version 30
Copyright (C) 1996-2009 by Andrew Tridgell, Wayne Davison, and others.
Web site: http://rsync.samba.org/
Capabilities:
64-bit files, 64-bit inums, 64-bit timestamps, 64-bit long ints,
socketpairs, hardlinks, symlinks, IPv6, batchfiles, inplace,
append, ACLs, xattrs, iconv, symtimes
rsync comes with ABSOLUTELY NO WARRANTY. This is free software, and you
are welcome to redistribute it under certain conditions. See the GNU
General Public Licence for details.
[root@Backup-Server ~]# vim /etc/rsyncd.conf
# Rsync Server Conf
# Created By LinBin At 14:00 2017-04-28
####rsyncd.conf start####
uid = rsync
gid = rsync
port = 873
address = 192.168.100.136
use chroot = no
max connections = 500
timeout = 300
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsyncd.lock
log file = /var/log/rsyncd.log
ignore errors
read only = false
list = false
hosts allow = 192.168.100.0/24
hosts deny = 10.0.0.0/24
auth users = rsync_backup
secrets file = /etc/rsync.password
########################
[backup]
comment = Backup By LinBin At 14:00 2017-04-28
path = /backup
####rsyncd.conf end####
[root@Backup-Server ~]# useradd -s /sbin/nologin -M rsync
[root@Backup-Server ~]# id rsync
uid=500(rsync) gid=500(rsync) groups=500(rsync)
[root@Backup-Server ~]# grep "rsync" /etc/passwd
rsync:x:500:500::/home/rsync:/sbin/nologin
[root@Backup-Server ~]# mkdir /backup
[root@Backup-Server ~]# ls -ld /backup/
drwxr-xr-x. 2 root root 4096 Apr 28 13:54 /backup/
[root@Backup-Server ~]# chown -R rsync /backup/
[root@Backup-Server ~]# ls -ld /backup/
drwxr-xr-x. 2 rsync root 4096 Mar 15 19:14 /backup/
[root@Backup-Server ~]# echo "rsync_backup:axbc1kof" >> /etc/rsync.password
[root@Backup-Server ~]# cat /etc/rsync.password
rsync_backup:axbc1kof
[root@Backup-Server ~]# ls -l /etc/rsync.password
-rw-r--r--. 1 root root 22 Mar 15 19:16 /etc/rsync.password
[root@Backup-Server ~]# chmod 600 /etc/rsync.password
[root@Backup-Server ~]# ls -l /etc/rsync.password
-rw-------. 1 root root 22 Mar 15 19:16 /etc/rsync.password
[root@Backup-Server ~]# rsync --daemon
[root@Backup-Server ~]# netstat -tnlup|grep "rsync"|grep -v "grep"
tcp 0 0 192.168.100.136:873 0.0.0.0:* LISTEN 27206/rsync
[root@Backup-Server ~]# lsof -i:873
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
rsync 27206 root 3u IPv4 37747 0t0 TCP Backup-Server:rsync (LISTEN)
[root@Backup-Server ~]# ps -ef|grep "rsync"|grep -v "grep"
root 27206 1 0 14:02 ? 00:00:00 rsync --daemon
[root@Backup-Server ~]# echo "/usr/bin/rsync --daemon" >> /etc/rc.local
[root@Backup-Server ~]# tail -1 /etc/rc.local
/usr/bin/rsync --daemon
【2】客户端安装配置
[root@Web01-Server ~]# echo "axbc1kof" >> /etc/rsync.password
[root@Web01-Server ~]# cat /etc/rsync.password
axbc1kof
[root@Web01-Server ~]# chmod 600 /etc/rsync.password
[root@Web01-Server ~]# ls -l /etc/rsync.password
-rw-------. 1 root root 9 Feb 25 21:05 /etc/rsync.password
【3】测试检验
[root@Web01-Server ~]# touch /tmp/{a..d}.txt
[root@Web01-Server ~]# ls /tmp/
a.txt b.txt c.txt d.txt
[root@Web01-Server ~]# rsync -avz /tmp/ rsync_backup@192.168.100.136::backup --password-file=/etc/rsync.password
sending incremental file list
./
a.txt
b.txt
c.txt
d.txt
.ICE-unix/
sent 254 bytes received 91 bytes 690.00 bytes/sec
total size is 0 speedup is 0.00
[root@Backup-Server ~]# ls /backup/
a.txt b.txt c.txt d.txt
【4】安全优化
[root@Backup-Server ~]# rsync --daemon --address=192.168.100.136 --port=873 --config=/etc/rsyncd.conf
[root@Backup-Server ~]# netstat -tnlup|grep "rsync"|grep -v "grep"
tcp 0 0 192.168.100.136:873 0.0.0.0:* LISTEN 27311/rsync
[root@Backup-Server ~]# lsof -i:873
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
rsync 27311 root 3u IPv4 38937 0t0 TCP Backup-Server:rsync (LISTEN)
[root@Backup-Server ~]# ps -ef|grep "rsync"|grep -v "grep"
root 27311 1 0 14:27 ? 00:00:00 rsync --daemon --address=192.168.100.136 --port=873 --config=/etc/rsyncd.conf
rsync优点及缺点
【1】优点:增量备份同步,支持Daemon模式,集中备份
【2】缺点:大量小文件同步时候,对比时间较长,会出现rsync进程停止(解决方案:打包同步或DRBR),大文件同步时候,会出现中断,未完整同步前,是隐藏文件,同步完成之后改为正常文件
rsync无差异同步
【1】推:本地有远端有,本地没有,会删除远端独有的
[root@Web01-Server ~]# rsync -avz --delete /tmp/ rsync_backup@192.168.100.136::backup --password-file=/etc/rsync.password
【2】拉:远端有本地有,远端没有,会删除本地独有的
[root@Web01-Server ~]# rsync -avz --delete rsync_backup@192.168.100.136::backup /tmp/ --password-file=/etc/rsync.password
rsync排除文件同步
[root@Web01-Server ~]# touch /tmp/{a..d}.txt
[root@Web01-Server ~]# ls /tmp/
a.txt b.txt c.txt d.txt
【1】排除单个文件
[root@Web01-Server ~]# rsync -avz --exclude=a.txt /tmp/ rsync_backup@192.168.100.136::backup --password-file=/etc/rsync.password
sending incremental file list
./
b.txt
c.txt
d.txt
sent 205 bytes received 69 bytes 42.15 bytes/sec
total size is 0 speedup is 0.00
[root@Backup-Server ~]# ls /backup/
b.txt c.txt d.txt
【2】排除多个文件
[root@Web01-Server ~]# rsync -avz --exclude={a..c}.txt /tmp/ rsync_backup@192.168.100.136::backup --password-file=/etc/rsync.password
sending incremental file list
./
d.txt
sent 105 bytes received 31 bytes 54.40 bytes/sec
total size is 0 speedup is 0.00
[root@Backup-Server ~]# ls /backup/
d.txt
【3】排除文件列表
[root@Web01-Server ~]# cat >> /root/paichu.txt<<EOF
> a.txt
> d.txt
> EOF
[root@Web01-Server ~]# cat /root/paichu.txt
a.txt
d.txt
[root@Web01-Server ~]# rsync -avz --exclude-from=/root/paichu.txt /tmp/ rsync_backup@192.168.100.136::backup --password-file=/etc/rsync.password
sending incremental file list
./
b.txt
c.txt
sent 163 bytes received 50 bytes 60.86 bytes/sec
total size is 0 speedup is 0.00
[root@Backup-Server ~]# ls /backup/
b.txt c.txt
rsync+crontab定时备份实践
【1】服务端安装配置
[root@Backup-Server ~]# rpm -qa rsync
rsync-3.0.6-12.el6.x86_64
[root@Backup-Server ~]# rsync --version
rsync version 3.0.6 protocol version 30
Copyright (C) 1996-2009 by Andrew Tridgell, Wayne Davison, and others.
Web site: http://rsync.samba.org/
Capabilities:
64-bit files, 64-bit inums, 64-bit timestamps, 64-bit long ints,
socketpairs, hardlinks, symlinks, IPv6, batchfiles, inplace,
append, ACLs, xattrs, iconv, symtimes
rsync comes with ABSOLUTELY NO WARRANTY. This is free software, and you
are welcome to redistribute it under certain conditions. See the GNU
General Public Licence for details.
[root@Backup-Server ~]# vim /etc/rsyncd.conf
# Rsync Server Conf
# Created By LinBin At 14:00 2017-04-28
####rsyncd.conf start####
uid = rsync
gid = rsync
port = 873
address = 192.168.100.136
use chroot = no
max connections = 500
timeout = 300
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsyncd.lock
log file = /var/log/rsyncd.log
ignore errors
read only = false
list = false
hosts allow = 192.168.100.0/24
hosts deny = 10.0.0.0/24
auth users = rsync_backup
secrets file = /etc/rsync.password
########################
[backup]
comment = Backup By LinBin At 14:00 2017-04-28
path = /backup
####rsyncd.conf end####
[root@Backup-Server ~]# useradd -s /sbin/nologin -M rsync
[root@Backup-Server ~]# id rsync
uid=500(rsync) gid=500(rsync) groups=500(rsync)
[root@Backup-Server ~]# grep "rsync" /etc/passwd
rsync:x:500:500::/home/rsync:/sbin/nologin
[root@Backup-Server ~]# mkdir /backup
[root@Backup-Server ~]# ls -ld /backup/
drwxr-xr-x. 2 root root 4096 Apr 28 13:54 /backup/
[root@Backup-Server ~]# chown -R rsync /backup/
[root@Backup-Server ~]# ls -ld /backup/
drwxr-xr-x. 2 rsync root 4096 Mar 15 19:14 /backup/
[root@Backup-Server ~]# echo "rsync_backup:axbc1kof" >> /etc/rsync.password
[root@Backup-Server ~]# cat /etc/rsync.password
rsync_backup:axbc1kof
[root@Backup-Server ~]# ls -l /etc/rsync.password
-rw-r--r--. 1 root root 22 Mar 15 19:16 /etc/rsync.password
[root@Backup-Server ~]# chmod 600 /etc/rsync.password
[root@Backup-Server ~]# ls -l /etc/rsync.password
-rw-------. 1 root root 22 Mar 15 19:16 /etc/rsync.password
[root@Backup-Server ~]# rsync --daemon
[root@Backup-Server ~]# netstat -tnlup|grep "rsync"|grep -v "grep"
tcp 0 0 192.168.100.136:873 0.0.0.0:* LISTEN 27206/rsync
[root@Backup-Server ~]# lsof -i:873
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
rsync 27206 root 3u IPv4 37747 0t0 TCP Backup-Server:rsync (LISTEN)
[root@Backup-Server ~]# ps -ef|grep "rsync"|grep -v "grep"
root 27206 1 0 14:02 ? 00:00:00 rsync --daemon
[root@Backup-Server ~]# echo "/usr/bin/rsync --daemon" >> /etc/rc.local
[root@Backup-Server ~]# tail -1 /etc/rc.local
/usr/bin/rsync --daemon
【2】客户端安装配置
[root@Web01-Server ~]# echo "axbc1kof" >> /etc/rsync.password
[root@Web01-Server ~]# cat /etc/rsync.password
axbc1kof
[root@Web01-Server ~]# chmod 600 /etc/rsync.password
[root@Web01-Server ~]# ls -l /etc/rsync.password
-rw-------. 1 root root 9 Feb 25 21:05 /etc/rsync.password
【3】测试检验
[root@Web01-Server ~]# touch /tmp/{a..d}.txt
[root@Web01-Server ~]# ls /tmp/
a.txt b.txt c.txt d.txt
[root@Web01-Server ~]# rsync -avz /tmp/ rsync_backup@192.168.100.136::backup --password-file=/etc/rsync.password
sending incremental file list
./
a.txt
b.txt
c.txt
d.txt
.ICE-unix/
sent 254 bytes received 91 bytes 690.00 bytes/sec
total size is 0 speedup is 0.00
[root@Backup-Server ~]# ls /backup/
a.txt b.txt c.txt d.txt
【4】编写打包备份脚本
[root@Web01-Server ~]# mkdir /server/scripts -p
[root@Web01-Server ~]# ls -ld /server/scripts/
drwxr-xr-x. 2 root root 4096 Sep 1 00:59 /server/scripts/
[root@Web01-Server ~]# vim /server/scripts/backup.sh
#!/bin/bash
# Name:backup.sh
# Version:V1.0
# Type:Backup
# Language:Bash Shell
# Date:2017-04-28
# Author:LinBin
# Email:linbin@keysou.com
####Script Start####
# Determines Whether The Current User Is An Administrator.
if [ $UID -ne 0 ];then
echo "User has insufficient privilege."
exit 1
fi
# Variable Definition.
IP=$(ifconfig eth0|awk -F "[ :]+" 'NR==2{print $4}')
Day=$(date +%F)
WebDir="/data/www/www.keysou.com"
BackupDir="/backup/$IP"
Tar="/bin/tar"
Md5sum="/usr/bin/md5sum"
Rsync="/usr/bin/rsync"
Find="/bin/find"
# To Determine Whether The Backup Directory Exists.
if [ ! -d $BackupDir ];then
mkdir $BackupDir -p
fi
# Delete History Backup Data.
$Find $BackupDir -type f -name "*.tar.gz" -mtime +30|xargs rm -f
# Backup Site Data.
cd $WebDir && $Tar cfz $BackupDir/${Day}_www.tar.gz ./ || exit 5
# Check If The Backup Is Successful.
if [ -f $BackupDir/${Day}_www.tar.gz ] && [ -s $BackupDir/${Day}_www.tar.gz ];then
$Md5sum $BackupDir/${Day}_www.tar.gz > $BackupDir/www.md5sum.txt
else
echo "Backup Data Fail" > /dev/null
exit 6
fi
# Synchronous Data.
$Rsync -az /backup/ rsync_backup@192.168.100.136::backup --password-file=/etc/rsync.password
####Script End####
【5】编写备份定时任务
[root@Web01-Server ~]# crontab -e
####For Backup www By LinBin At 2017-04-28####
00 00 * * 6 /bin/bash /server/scripts/backup.sh &>/dev/null
[root@Web01-Server ~]# crontab -l
####For Backup www By LinBin At 2017-04-28####
00 00 * * 6 /bin/bash /server/scripts/backup.sh &>/dev/null
【6】检查备份是否正常
[root@Backup-Server ~]# mkdir /server/scripts -p
[root@Backup-Server ~]# ls -ld /server/scripts/
drwxr-xr-x. 2 root root 4096 Apr 28 16:30 /server/scripts/
[root@Backup-Server ~]# vim /server/scripts/check.sh
#!/bin/bash
# Name:check.sh
# Version:V1.0
# Type:Check
# Language:Bash Shell
# Date:2017-04-28
# Author:LinBin
# Email:linbin@keysou.com
####Script Start####
# Determines Whether The Current User Is An Administrator.
if [ $UID -ne 0 ];then
echo "User has insufficient privilege."
exit 4
fi
# Variable Definition.
Day=$(date +%F)
CheckDir="/backup"
LogDir="/tmp"
Md5sum="/usr/bin/md5sum"
Email="linbin@keysou.com"
Find="/bin/find"
Mail="/bin/mail"
# To Determine Whether The Backup Directory Exists.
[ ! -d $CheckDir ] && exit 5
# Delete History Backup Data.
$Find $CheckDir -type f -name "*.tar.gz" -mtime +180|xargs rm -f
$Find $LogDir -type f -name "*.check.log" -mtime +7|xargs rm -f
# Check If The Backup Is Successful.
for file in `$Find $CheckDir -type f -name "*.md5sum.txt"`
do
$Md5sum -c $file|grep "FAILED" >> $LogDir/${Day}_check.log
done
# Send Email Notification To The System Administrator.
$Mail -s "Backup Failed List" $Email < $LogDir/${Day}_check.log
####Script End####
【7】编写检查定时任务
[root@Backup-Server ~]# crontab -e
####For Check Backup By LinBin At 2017-04-28####
00 08 * * * /bin/bash /server/scripts/check.sh &>/dev/null
[root@Backup-Server ~]# crontab -l
####For Check Backup By LinBin At 2017-04-28####
00 08 * * * /bin/bash /server/scripts/check.sh &>/dev/null
实时同步备份方案
【1】rsync+inotify
【2】rsync+sersync
rsync+inotify实时备份实践
【1】服务端安装配置
[root@Backup-Server ~]# rpm -qa rsync
rsync-3.0.6-12.el6.x86_64
[root@Backup-Server ~]# rsync --version
rsync version 3.0.6 protocol version 30
Copyright (C) 1996-2009 by Andrew Tridgell, Wayne Davison, and others.
Web site: http://rsync.samba.org/
Capabilities:
64-bit files, 64-bit inums, 64-bit timestamps, 64-bit long ints,
socketpairs, hardlinks, symlinks, IPv6, batchfiles, inplace,
append, ACLs, xattrs, iconv, symtimes
rsync comes with ABSOLUTELY NO WARRANTY. This is free software, and you
are welcome to redistribute it under certain conditions. See the GNU
General Public Licence for details.
[root@Backup-Server ~]# vim /etc/rsyncd.conf
# Rsync Server Conf
# Created By LinBin At 14:00 2017-04-28
####rsyncd.conf start####
uid = rsync
gid = rsync
port = 873
address = 192.168.100.136
use chroot = no
max connections = 500
timeout = 300
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsyncd.lock
log file = /var/log/rsyncd.log
ignore errors
read only = false
list = false
hosts allow = 192.168.100.0/24
hosts deny = 10.0.0.0/24
auth users = rsync_backup
secrets file = /etc/rsync.password
########################
[picture]
comment = Backup Picture By LinBin At 14:00 2017-05-02
path = /picture
####rsyncd.conf end####
[root@Backup-Server ~]# useradd -s /sbin/nologin -M rsync
[root@Backup-Server ~]# id rsync
uid=500(rsync) gid=500(rsync) groups=500(rsync)
[root@Backup-Server ~]# grep "rsync" /etc/passwd
rsync:x:500:500::/home/rsync:/sbin/nologin
[root@Backup-Server ~]# mkdir /picture
[root@Backup-Server ~]# ls -ld /picture/
drwxr-xr-x. 2 root root 4096 Apr 28 13:54 /picture/
[root@Backup-Server ~]# chown -R rsync /picture/
[root@Backup-Server ~]# ls -ld /picture/
drwxr-xr-x. 2 rsync root 4096 Mar 15 19:14 /picture/
[root@Backup-Server ~]# echo "rsync_backup:axbc1kof" >> /etc/rsync.password
[root@Backup-Server ~]# cat /etc/rsync.password
rsync_backup:axbc1kof
[root@Backup-Server ~]# ls -l /etc/rsync.password
-rw-r--r--. 1 root root 22 Mar 15 19:16 /etc/rsync.password
[root@Backup-Server ~]# chmod 600 /etc/rsync.password
[root@Backup-Server ~]# ls -l /etc/rsync.password
-rw-------. 1 root root 22 Mar 15 19:16 /etc/rsync.password
[root@Backup-Server ~]# rsync --daemon
[root@Backup-Server ~]# netstat -tnlup|grep "rsync"|grep -v "grep"
tcp 0 0 192.168.100.136:873 0.0.0.0:* LISTEN 27206/rsync
[root@Backup-Server ~]# lsof -i:873
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
rsync 27206 root 3u IPv4 37747 0t0 TCP Backup-Server:rsync (LISTEN)
[root@Backup-Server ~]# ps -ef|grep "rsync"|grep -v "grep"
root 27206 1 0 14:02 ? 00:00:00 rsync --daemon
[root@Backup-Server ~]# echo "/usr/bin/rsync --daemon" >> /etc/rc.local
[root@Backup-Server ~]# tail -1 /etc/rc.local
/usr/bin/rsync --daemon
【2】客户端安装配置
[root@Nfs-Server ~]# echo "axbc1kof" >> /etc/rsync.password
[root@Nfs-Server ~]# cat /etc/rsync.password
axbc1kof
[root@Nfs-Server ~]# chmod 600 /etc/rsync.password
[root@Nfs-Server ~]# ls -l /etc/rsync.password
-rw-------. 1 root root 9 Feb 25 21:05 /etc/rsync.password
[root@Nfs-Server ~]# uname -r<==内核从2.6.13开始支持inotify
2.6.32-504.el6.x86_64
[root@Nfs-Server ~]# ls -l /proc/sys/fs/inotify/
total 0
-rw-r--r-- 1 root root 0 May 2 09:39 max_queued_events
-rw-r--r-- 1 root root 0 May 2 09:39 max_user_instances
-rw-r--r-- 1 root root 0 May 2 09:39 max_user_watches
[root@Nfs-Server ~]# ls -l inotify-tools-3.14.tar.gz
-rw-r--r-- 1 root root 358772 Mar 15 2016 inotify-tools-3.14.tar.gz
[root@Nfs-Server ~]# tar xvfz inotify-tools-3.14.tar.gz -C /usr/local/src/
[root@Nfs-Server ~]# cd /usr/local/src/inotify-tools-3.14/
[root@Nfs-Server inotify-tools-3.14]# ./configure --prefix=/usr/local/inotify-tools-3.14
[root@Nfs-Server inotify-tools-3.14]# make && make install
[root@Nfs-Server inotify-tools-3.14]# ln -s /usr/local/inotify-tools-3.14/ /usr/local/inotify-tools
[root@Nfs-Server inotify-tools-3.14]# ls -ld /usr/local/inotify-tools
lrwxrwxrwx 1 root root 30 May 2 10:13 /usr/local/inotify-tools -> /usr/local/inotify-tools-3.14/
[root@Nfs-Server inotify-tools-3.14]# ls -l /usr/local/inotify-tools/
total 16
drwxr-xr-x 2 root root 4096 May 2 10:12 bin
drwxr-xr-x 3 root root 4096 May 2 10:12 include
drwxr-xr-x 2 root root 4096 May 2 10:12 lib
drwxr-xr-x 4 root root 4096 May 2 10:12 share
[root@Nfs-Server inotify-tools-3.14]# ls -l /usr/local/inotify-tools/bin/
total 88
-rwxr-xr-x 1 root root 44287 May 2 10:12 inotifywait
-rwxr-xr-x 1 root root 41409 May 2 10:12 inotifywatch
【3】测试检验
[root@Nfs-Server ~]# /usr/local/inotify-tools/bin/inotifywait -mrq --timefmt '%Y-%m-%d %H:%M:%S' --format '%T %w%f %e' -e create /picture
[root@Nfs-Server ~]# touch /picture/linbin.txt
[root@Nfs-Server ~]# /usr/local/inotify-tools/bin/inotifywait -mrq --timefmt '%Y-%m-%d %H:%M:%S' --format '%T %w%f %e' -e create /picture/
2017-05-02 11:23:15 /picture/lb.txt CREATE
[root@Nfs-Server ~]# rm -f /picture/lb.txt
[root@Nfs-Server ~]# /usr/local/inotify-tools/bin/inotifywait -mrq --timefmt '%Y-%m-%d %H:%M:%S' --format '%T %w%f %e' -e create,delete /picture/
2017-05-02 11:24:35 /picture/lb.txt DELETE
[root@Nfs-Server ~]# echo "axbc1kof" >> /picture/lb.txt
[root@Nfs-Server ~]# /usr/local/inotify-tools/bin/inotifywait -mrq --timefmt '%Y-%m-%d %H:%M:%S' --format '%T %w%f %e' -e create,delete,close_write /picture/
2017-05-02 11:28:30 /picture/lb.txt CLOSE_WRITE,CLOSE
[root@Nfs-Server ~]# chmod 600 /picture/lb.txt
[root@Nfs-Server ~]# /usr/local/inotify-tools/bin/inotifywait -mrq --timefmt '%Y-%m-%d %H:%M:%S' --format '%T %w%f %e' -e create,delete,close_write,attrib /picture/
2017-05-02 11:41:15 /picture/lb.txt ATTRIB
[root@Nfs-Server ~]# chown nfsnobody:nfsnobody /picture/lb.txt
[root@Nfs-Server ~]# /usr/local/inotify-tools/bin/inotifywait -mrq --timefmt '%Y-%m-%d %H:%M:%S' --format '%T %w%f %e' -e create,delete,close_write,attrib /picture/
2017-05-02 11:42:18 /picture/lb.txt ATTRIB
[root@Nfs-Server ~]# mv /picture/lb.txt /picture/linbin.txt
[root@Nfs-Server ~]# /usr/local/inotify-tools/bin/inotifywait -mrq --timefmt '%Y-%m-%d %H:%M:%S' --format '%T %w%f %e' -e create,delete,close_write,attrib,move /picture/
2017-05-02 13:00:24 /picture/lb.txt MOVED_FROM
2017-05-02 13:00:24 /picture/linbin.txt MOVED_TO
【4】编写监控脚本
[root@Nfs-Server ~]# mkdir /server/scripts -p
[root@Nfs-Server ~]# ls -ld /server/scripts/
drwxr-xr-x 2 root root 4096 May 2 10:02 /server/scripts/
[root@Nfs-Server ~]# vim /server/scripts/backup_picture.sh
#!/bin/bash
# Name:backup_picture.sh
# Version:V1.0
# Type:Backup
# Language:Bash Shell
# Date:2017-05-02
# Author:LinBin
# Email:linbin@keysou.com
####Script Start####
# Determines Whether The Current User Is An Administrator.
if [ $UID -ne 0 ];then
echo "User has insufficient privilege."
exit 1
fi
# Variable Definition.
Inotify="/usr/local/inotify-tools/bin/inotifywait"
Rsync="/usr/bin/rsync"
PictureDir="/picture"
# Monitor Directory Changes.
$Inotify -mrq --format '%T %w%f %e' -e create,close_write,delete,attrib,move $PictureDir|while read file
do
$Rsync -az --delete $PictureDir/ rsync_backup@192.168.100.136::picture --password-file=/etc/rsync.password
done
####Script End####
[root@Nfs-Server ~]# /bin/bash /server/scripts/backup_picture.sh &
[1] 4552
[root@Nfs-Server ~]# echo "/bin/bash /server/scripts/backup_picture.sh &" >> /etc/rc.local
[root@Nfs-Server ~]# tail -1 /etc/rc.local
/bin/bash /server/scripts/backup_picture.sh &
【5】inotify优化
[root@Nfs-Server ~]# cat /proc/sys/fs/inotify/max_user_watches<==默认inotifywait或inotifywatch命令可以监视的文件数量(单进程)
8192
[root@Nfs-Server ~]# cat /proc/sys/fs/inotify/max_queued_events<==默认inotify实例事件队列可容纳的事件数量
16384
[root@Nfs-Server ~]# echo "50000000" > /proc/sys/fs/inotify/max_user_watches
[root@Nfs-Server ~]# echo "50000000" > /proc/sys/fs/inotify/max_queued_events
[root@Nfs-Server ~]# cat /proc/sys/fs/inotify/max_user_watches
50000000
[root@Nfs-Server ~]# cat /proc/sys/fs/inotify/max_queued_events
50000000
inotify优点与缺点
【1】实时数据同步,增量
【2】并发数如果大于200个文件(10-100k),同步会有延时
【3】监控到事件后,调用rsync同步是单进程的,sersync多进程同步
sersync优点
【1】通过配置文件控制服务运行
【2】守护进程
【3】失败重传机制
【4】第三方的HTTP接口
【5】支持多线程同步
高并发数据实时同步方案
【1】文件级别:rsync+inotify(sersync)
【2】文件系统级别(数据块):DRBD
【3】第三方软件同步功能:MySQL、Oracle、Mongodb、Redis
【4】程序双写
【5】业务逻辑解决
Linux批量分发管理应用场景
【1】批量分发文件
【2】批量执行命令
SSH服务认证类型
【1】基于口令的安全验证
【2】基于秘钥的安全验证
【2-1】公钥(锁):Public Key
【2-2】私钥(钥匙):Private Key
SSH服务端优化
[root@Management-Server ~]# vim /etc/ssh/sshd_config
13 Port 51898<==监听端口
15 ListenAddress 192.168.100.137<==监听地址,最好监听在内网地址
122 UseDNS no<==禁止DNS解析
42 PermitRootLogin no<==禁止root远程登录
80 GSSAPIAuthentication no<==解决SSH远程连接慢的问题
[root@Management-Server ~]# /etc/init.d/sshd restart
Stopping sshd: [ OK ]
Starting sshd: [ OK ]
[root@Management-Server ~]# netstat -tnlup|grep "51898"|grep -v "grep"
tcp 0 192.168.100.137:51898 0.0.0.0:* LISTEN 2413/sshd
[root@Management-Server ~]# ps -ef|grep "sshd"|grep -v "grep"
root 1792 1 0 21:20 ? 00:00:01 sshd: root@pts/0
root 2413 1 0 23:16 ? 00:00:00 /usr/sbin/sshd
[root@Management-Server ~]# lsof -i:51898
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 1383 root 3r IPv4 13166 0t0 TCP 192.168.100.137:ssh->192.168.100.1:65190 (ESTABLISHED)
sshd 3043 root 3u IPv4 16606 0t0 TCP 192.168.100.137:ssh (LISTEN)
ssh命令用法
【1】
[root@Management-Server ~]# ssh -p22 root@192.168.100.133<==首次连接会出现如下提示,下次连接不再提示,信息记录到了~/.ssh/known_hosts
The authenticity of host '192.168.100.133 (192.168.100.133)' can't be established.
RSA key fingerprint is 7a:b4:33:e7:6e:25:7d:d7:80:71:66:88:f2:c0:c4:f7.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.100.133' (RSA) to the list of known hosts.
root@192.168.100.133's password:
Last login: Fri Nov 25 09:51:20 2016 from 192.168.100.1
[root@Management-Server ~]# cat /root/.ssh/known_hosts
192.168.100.133 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA0Bz7TiNGvU++s0cc/yRM/yCM+UemQLQSsKS21FHVmOVDUNj38VYDoCSRmp9YBBOfKwZYL2djRhwmtL+ngzj/rSJG9eZAtiod7kLGjolW7IgnfJ7XyIDdJiaxDiDwUMwFec3oujPDChLrIaybiQsb5VbON7ZfWDHC6ZhZ0q9T1I78cctJECnxWC8xYxQa5i8nwQ/X+fxF/mfLiaxj2Gpy6J3hH+SP+g7y9OgUTIxK/xJldJWwk5hv9fqzEf1bWm673P1jvV0fWFWhUroAE1/ZbrLaSFj9wl3hg/VHSRzLGIshkV2Z8LaXr4cA8kRrWMRaUmaggwUM+ZfQ7o5EqxIPmw==
【2】
[root@Management-Server ~]# ssh -p22 root@192.168.100.133 /sbin/ifconfig eth0
root@192.168.100.131's password:
eth0 Link encap:Ethernet HWaddr 00:0C:29:27:E5:60
inet addr:192.168.100.133 Bcast:192.168.100.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe27:e560/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:11172 errors:0 dropped:0 overruns:0 frame:0
TX packets:6991 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:7534323 (7.1 MiB) TX bytes:723328 (706.3 KiB)
scp命令用法(全量)
【1】本地推文件或目录到远端
[root@Management-Server ~]# scp -P22 -rp /tmp root@192.168.100.133:/tmp
root@192.168.100.133's password:
[root@Nfs-Server ~]# ls /tmp/
backup yum.log
【2】远端拉文件或目录到本地
[root@Management-Server ~]# scp -P22 -rp root@192.168.100.133:/tmp/ /tmp
root@192.168.100.133's password:
[root@Management-Server ~]# ls /tmp/
tmp
[root@Management-Server ~]# rsync -avz -e 'ssh -p 22' root@192.168.100.133:/tmp/ /tmp
root@192.168.100.133's password:
receiving incremental file list
./
hosts
services
.ICE-unix/
sent 56 bytes received 127640 bytes 51078.40 bytes/sec
total size is 641325 speedup is 5.02
[root@Management-Server ~]# ls /tmp/
hosts services
scp命令小结
【1】scp为加密的远程拷贝,cp仅为本地拷贝
【2】可以把数据从一台机器推送到另外一台机器,也可以从其它服务器把数据拉回到本地执行命令的服务器
【3】每次都是全量完整拷贝,因此,效率不高,合适第一次拷贝用,如果需要增量拷贝,使用rsync
sftp命令用法
[root@Management-Server ~]# sftp -oPort=22 root@192.168.100.133
Connecting to 192.168.100.133...
root@192.168.100.133's password:
sftp> put /etc/hosts /opt<==上传/etc/hosts到远程服务器/opt
sftp> get yum.conf /opt<==下载yum.conf到本地/opt
sftp命令缺点
【1】无法锁定家目录
【2】必须是系统用户
小结
【1】SSH为加密的远程连接协议,相关软件有Openssh、Openssl
【2】默认端口22
【3】协议版本1.x和2.x,2.x更安全,了解SSH协议原理
【4】服务端SSH远程连接服务,sftp服务,sshd守护进程,开机要自启动
【5】SSH客户端包含ssh、scp、sftp命令
【6】SSH安全验证方式:口令和密钥,这两种都是基于口令的,SSH密钥登录的原理
【7】SSH服务安全优化,修改默认端口22,禁止root远程连接,禁止DNS,SSH只监听内网IP
【8】SSH密钥对,公钥在服务器端,比喻是锁头,私钥在客户端,比喻是钥匙
批量分发实践
【1】服务端配置
[root@Management-Server ~]# useradd linbin
[root@Management-Server ~]# echo "axbc1kof"|passwd --stdin linbin
Changing password for user linbin.
passwd: all authentication tokens updated successfully.
[root@Management-Server ~]# id linbin
uid=500(linbin) gid=500(linbin) groups=500(linbin)
[root@Management-Server ~]# grep "linbin" /etc/passwd
linbin:x:500:500::/home/linbin:/bin/bash
[root@Management-Server ~]# su - linbin
[linbin@Management-Server ~]$ ssh-keygen -t dsa<==生成秘钥对,密钥类型一种是rsa(默认),一种是dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/linbin/.ssh/id_dsa):
Created directory '/home/linbin/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/linbin/.ssh/id_dsa.
Your public key has been saved in /home/linbin/.ssh/id_dsa.pub.
The key fingerprint is:
5d:a1:b1:13:2a:9e:3a:52:58:c3:e1:79:cc:03:0b:40 linbin@Management-Server
The key's randomart image is:
+--[ DSA 1024]----+
|oE. o o . |
| + B . = . |
| B * . + . |
| o + + . o |
| . . o S . |
| . . |
| . o |
| . . |
| |
+-----------------+
[linbin@Management-Server ~]$ ls -l /home/linbin/.ssh/
total 8
-rw-------. 1 linbin linbin 672 May 2 16:19 id_dsa<==私钥
-rw-r--r--. 1 linbin linbin 614 May 2 16:19 id_dsa.pub<==公钥
【2】客户端配置
[root@Nfs-Server ~]# useradd linbin
[root@Nfs-Server ~]# echo "axbc1kof"|passwd --stdin linbin
Changing password for user linbin.
passwd: all authentication tokens updated successfully.
[root@Nfs-Server ~]# id linbin
uid=500(linbin) gid=500(linbin) groups=500(linbin)
[root@Nfs-Server ~]# grep "linbin" /etc/passwd
linbin:x:500:500::/home/linbin:/bin/bash
【3】拷贝公钥至客户端
[linbin@Management-Server ~]$ ssh-copy-id -i ./.ssh/id_dsa.pub linbin@192.168.100.133<=="-i"表示需要拷贝的内容,客户端远程端口非默认(22)时,使用ssh-copy-id -i ./.ssh/id_dsa.pub "-p 51898 linbin@192.168.100.133"
The authenticity of host '192.168.100.133 (192.168.100.133)' can't be established.
RSA key fingerprint is e8:71:8d:55:ed:2d:14:d2:d0:5e:fd:8f:e0:cd:63:5a.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.100.133' (RSA) to the list of known hosts.
linbin@192.168.100.133's password:
Now try logging into the machine, with "ssh 'linbin@192.168.100.133'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
【4】客户端查看公钥
[root@Nfs-Server ~]# ls -l /home/linbin/.ssh/<==公钥重命名为authorized_keys
total 4
-rw------- 1 linbin linbin 614 May 2 16:27 authorized_keys
【5】测试检验
[linbin@Management-Server ~]$ ssh linbin@192.168.100.133 /sbin/ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:0C:29:27:E5:60
inet addr:192.168.100.133 Bcast:192.168.100.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe27:e560/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:11689 errors:0 dropped:0 overruns:0 frame:0
TX packets:7497 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:7587736 (7.2 MiB) TX bytes:775534 (757.3 KiB)
[linbin@Management-Server ~]$ scp -P 22 -rp /etc/hosts linbin@192.168.100.133:~
hosts 100% 311 0.3KB/s 00:00
[root@Nfs-Server ~]# ls -l /home/linbin/
total 4
-rw-r--r-- 1 linbin linbin 311 May 2 16:10 hosts
【6】编写批量分发脚本
[linbin@Management-Server ~]$ vim fenfa.sh
#!/bin/bash
# Name:fenfa.sh
# Version:V1.0
# Type:Management
# Language:Bash Shell
# Date:2017-05-02
# Author:LinBin
# Email:linbin@keysou.com
####Script Start####
# Load The System Library.
. /etc/init.d/functions
# Determine The Number Of Parameters.
if [ $# -ne 1 ];then
echo "Usage: $0 Please Input File Or Directory You Want To Fenfa!"
exit 1
fi
# Distribute Files Or Directories To The Specified Server
for ip in 133
do
scp -P22 -rp $1 linbin@192.168.100.$ip:~ &>/dev/null
if [ $? -eq 0 ];then
action "Fenfa $1 Is Ok!" /bin/true
else
action "Fenfa $1 Is Fail!" /bin/false
fi
done
####Script End####
[linbin@Management-Server ~]$ /bin/bash fenfa.sh<==未加参数提示
Usage: fenfa.sh Please Input File Or Directory You Want To Fenfa!
[linbin@Management-Server ~]$ /bin/bash fenfa.sh hosts
Fenfa hosts Is Ok! [ OK ]
[root@Nfs-Server ~]# ls -l /home/linbin/hosts
-rw-r--r-- 1 linbin linbin 311 May 2 16:10 /home/linbin/hosts
【7】批量管理脚本
[linbin@Management-Server ~]$ vim cmd.sh
#!/bin/bash
# Name:cmd.sh
# Version:V1.0
# Type:Management
# Language:Bash Shell
# Date:2017-05-02
# Author:LinBin
# Email:linbin@keysou.com
####Script Start####
# Load The System Library.
. /etc/init.d/functions
# Determine The Number Of Parameters.
if [ $# -ne 1 ];then
echo "Usage: $0 Please Input Cmd You Want To Excue!"
exit 1
fi
# Manage The Specified Server.
for ip in 133
do
ssh -p22 linbin@192.168.100.$ip $1
done
####Script End####
[linbin@Management-Server ~]$ /bin/bash cmd.sh<==未加参数提示
Usage: cmd.sh Please Input Cmd You Want To Excue!
[linbin@Management-Server ~]$ /bin/bash cmd.sh "/sbin/ifconfig eth0"
eth0 Link encap:Ethernet HWaddr 00:0C:29:27:E5:60
inet addr:192.168.100.133 Bcast:192.168.100.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe27:e560/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:12495 errors:0 dropped:0 overruns:0 frame:0
TX packets:8192 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:7675302 (7.3 MiB) TX bytes:864235 (843.9 KiB)
批量分发管理解决权限问题方案
【1】使用root做ssh key验证
优点:简单,易用
缺点:不安全,不能禁止root远程登录
【2】普通用户 + sudo
[root@Nfs-Server ~]# echo "linbin ALL=(ALL) NOPASSWD: /usr/bin/rsync" >> /etc/sudoers
[root@Nfs-Server ~]# visudo -c
/etc/sudoers: parsed OK
[linbin@Management-Server ~]$ vim fenfa_1.sh
#!/bin/bash
# Name:fenfa_1.sh
# Version:V1.0
# Type:Management
# Language:Bash Shell
# Date:2017-05-03
# Author:LinBin
# Email:linbin@keysou.com
####Script Start####
# Load The System Library.
. /etc/init.d/functions
# Determine The Number Of Parameters.
if [ $# -ne 2 ];then
echo "Usage: $0 Please Input File Or Directory You Want To Fenfa!"
exit 1
fi
for ip in 133
do
scp -P22 -rp $1 linbin@192.168.100.$ip:~ &>/dev/null && \
ssh -t 192.168.100.$ip sudo rsync $1 $2 &>/dev/null
if [ $? -eq 0 ];then
action "Fenfa $1 To $2 Is Ok!" /bin/true
else
action "Fenfa $1 To $2 Is Fail!" /bin/false
fi
done
####Script End####
[linbin@Management-Server ~]$ /bin/bash fenfa_1.sh<==未加参数提示
Usage: fenfa_1.sh Please Input File Or Directory You Want To Fenfa!
[linbin@Management-Server ~]$ /bin/bash fenfa_1.sh services /tmp/
Fenfa services To /tmp/ Is Ok! [ OK ]
[linbin@Nfs-Server ~]$ ls -l /tmp/services
-rw-r--r--. 1 root root 641020 Nov 27 12:35 /tmp/services
【3】普通用户 + suid(不推荐)
[root@Nfs-Server ~]# ls -l `which rsync`
-rwxr-xr-x. 1 root root 414968 Apr 30 2014 /usr/bin/rsync
[root@Nfs-Server ~]# chmod 4755 /usr/bin/rsync
[root@Nfs-Server ~]# ls -l `which rsync`
-rwsr-xr-x. 1 root root 414968 Apr 30 2014 /usr/bin/rsync
[linbin@Management-Server ~]$ vim fenfa_2.sh
#!/bin/bash
# Name:fenfa_2.sh
# Version:V1.0
# Type:Management
# Language:Bash Shell
# Date:2017-05-03
# Author:LinBin
# Email:linbin@keysou.com
####Script Start####
# Load The System Library.
. /etc/init.d/functions
# Determine The Number Of Parameters.
if [ $# -ne 2 ];then
echo "Usage: $0 Please Input File Or Directory You Want To Fenfa!"
exit 1
fi
for ip in 133
do
scp -P22 -rp $1 linbin@192.168.100.$ip:~ &>/dev/null && \
ssh -t 192.168.0.$ip rsync $1 $2 &>/dev/null
if [ $? -eq 0 ];then
action "Fenfa $1 To $2 Is Ok!" /bin/true
else
action "Fenfa $1 To $2 Is Fail!" /bin/false
fi
done
[linbin@Management-Server ~]$ /bin/bash fenfa_2.sh<==未加参数提示
Usage: fenfa_2.sh Please Input File Or Directory You Want To Fenfa!
[linbin@Management-Server ~]$ /bin/bash fenfa_2.sh services /tmp/
Fenfa services To /tmp/ Is Ok! [ OK ]
[linbin@Nfs-Server ~]$ ls -l /tmp/services
-rw-r--r--. 1 root root 641020 Nov 27 12:35 /tmp/services [ OK ]
SSH密钥实现批量分发备份,批量管理实战
请准备有三台Linux机器分别为A B C,要求实现如下内容
【1】用自己的名字后面加888(例如:linbin888)的用户完成一把钥匙开多把锁的免密码验证登录部署场景(A登录B A登录C免密码登录)
环境准备
192.168.100.137Manage-Server(A)
192.168.100.134Web01-Server(B)
192.168.100.135Web02-Server(C)
[root@Web01-Server ~]# useradd linbin888
[root@Web01-Server ~]# id linbin888
uid=500(linbin888) gid=500(linbin888) groups=500(linbin888)
[root@Web01-Server ~]# grep "linbin888" /etc/passwd
linbin888:x:500:500::/home/linbin888:/bin/bash
[root@Web01-Server ~]# echo "axbc1kof"|passwd --stdin linbin888
Changing password for user linbin888.
passwd: all authentication tokens updated successfully.
[root@Web02-Server ~]# useradd linbin888
[root@Web02-Server ~]# id linbin888
uid=500(linbin888) gid=500(linbin888) groups=500(linbin888)
[root@Web02-Server ~]# grep "linbin888" /etc/passwd
linbin888:x:500:500::/home/linbin888:/bin/bash
[root@Web02-Server ~]# echo "axbc1kof"|passwd --stdin linbin888
Changing password for user linbin888.
passwd: all authentication tokens updated successfully.
[root@Management-Server ~]# useradd linbin888
[root@Management-Server ~]# id linbin888
uid=500(linbin888) gid=500(linbin888) groups=500(linbin888)
[root@Management-Server ~]# grep "linbin888" /etc/passwd
linbin888:x:500:500::/home/linbin888:/bin/bash
[root@Management-Server ~]# echo "axbc1kof"|passwd --stdin linbin888
Changing password for user linbin888.
passwd: all authentication tokens updated successfully.
[root@Management-Server ~]# su - linbin888
[linbin888@Management-Server ~]$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/linbin888/.ssh/id_dsa):
Created directory '/home/linbin888/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/linbin888/.ssh/id_dsa.
Your public key has been saved in /home/linbin888/.ssh/id_dsa.pub.
The key fingerprint is:
56:95:5f:6b:9f:f6:2a:f9:be:79:36:3c:78:06:bd:3a linbin888@Management-Server
The key's randomart image is:
+--[ DSA 1024]----+
| .. |
| .. .|
| . . ..|
| . .o |
| S o o|
| . . +.|
| .= o|
| oE O+|
| =@=o|
+-----------------+
[linbin888@Management-Server ~]$ ls -l .ssh/
total 8
-rw-------. 1 linbin888 linbin888 668 May 3 10:45 id_dsa
-rw-r--r--. 1 linbin888 linbin888 617 May 3 10:45 id_dsa.pub
[linbin888@Management-Server ~]$ ssh-copy-id -i .ssh/id_dsa.pub linbin888@192.168.100.134
The authenticity of host '192.168.100.134 (192.168.100.134)' can't be established.
RSA key fingerprint is 80:49:38:e8:9d:10:7a:06:9d:2f:72:39:1b:e6:56:a7.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.100.134' (RSA) to the list of known hosts.
linbin888@192.168.100.134's password:
Now try logging into the machine, with "ssh 'linbin888@192.168.100.134'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
[linbin888@Management-Server ~]$ ssh-copy-id -i .ssh/id_dsa.pub linbin888@192.168.100.135
The authenticity of host '192.168.100.135 (192.168.100.135)' can't be established.
RSA key fingerprint is 80:49:38:e8:9d:10:7a:06:9d:2f:72:39:1b:e6:56:a7.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.100.135' (RSA) to the list of known hosts.
linbin888@192.168.100.135's password:
Now try logging into the machine, with "ssh 'linbin888@192.168.100.135'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
[linbin888@Management-Server ~]$ ssh linbin888@192.168.100.134 /sbin/ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:0C:29:64:D3:14
inet addr:192.168.100.134 Bcast:192.168.100.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe64:d314/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:369 errors:0 dropped:0 overruns:0 frame:0
TX packets:491 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:40041 (39.1 KiB) TX bytes:45916 (44.8 KiB)
[linbin888@Management-Server ~]$ ssh linbin888@192.168.100.135 /sbin/ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:0C:29:87:20:4C
inet addr:192.168.100.135 Bcast:192.168.100.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe87:204c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:32084 errors:0 dropped:0 overruns:0 frame:0
TX packets:13361 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:45681382 (43.5 MiB) TX bytes:890424 (869.5 KiB)
【2】B登录A C登录A免密码登录
[linbin888@Management-Server ~]$ scp -P 22 -rp .ssh/id_dsa linbin888@192.168.100.134:~/.ssh/
id_dsa 100% 668 0.7KB/s 00:00
[linbin888@Management-Server ~]$ scp -P 22 -rp .ssh/id_dsa linbin888@192.168.100.135:~/.ssh/
id_dsa 100% 668 0.7KB/s 00:00 0.7KB/s 00:00
[linbin888@Management-Server ~]$ ssh-copy-id -i .ssh/id_dsa.pub linbin888@192.168.100.137
The authenticity of host '192.168.100.137 (192.168.100.137)' can't be established.
RSA key fingerprint is bd:61:50:b3:e7:76:b9:04:fe:4c:c9:04:96:13:5a:68.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.100.137' (RSA) to the list of known hosts.
linbin888@192.168.100.137's password:
Now try logging into the machine, with "ssh 'linbin888@192.168.100.137'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
[root@Web01-Server ~]# su - linbin888
[linbin888@Web01-Server ~]$ ssh 192.168.100.137 /sbin/ifconfig eth0
The authenticity of host '192.168.100.137 (192.168.100.137)' can't be established.
RSA key fingerprint is bd:61:50:b3:e7:76:b9:04:fe:4c:c9:04:96:13:5a:68.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.100.137' (RSA) to the list of known hosts.
eth0 Link encap:Ethernet HWaddr 00:0C:29:17:52:1E
inet addr:192.168.100.137 Bcast:192.168.100.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe17:521e/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:32151 errors:0 dropped:0 overruns:0 frame:0
TX packets:11417 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:45719438 (43.6 MiB) TX bytes:753454 (735.7 KiB)
[root@Web02-Server ~]# su - linbin888
[linbin888@Web02-Server ~]$ ssh 192.168.100.137 /sbin/ifconfig eth0
The authenticity of host '192.168.100.137 (192.168.100.137)' can't be established.
RSA key fingerprint is bd:61:50:b3:e7:76:b9:04:fe:4c:c9:04:96:13:5a:68.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.100.137' (RSA) to the list of known hosts.
eth0 Link encap:Ethernet HWaddr 00:0C:29:17:52:1E
inet addr:192.168.100.137 Bcast:192.168.100.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe17:521e/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:32191 errors:0 dropped:0 overruns:0 frame:0
TX packets:11462 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:45724653 (43.6 MiB) TX bytes:759539 (741.7 KiB)
【3】如何实现从A指定目录批量分发文件到B C用户家目录
[linbin888@Management-Server ~]$ vim fenfa_3.sh
#!/bin/bash
# Name:fenfa_3.sh
# Version:V1.0
# Type:Management
# Language:Bash Shell
# Date:2017-05-03
# Author:LinBin
# Email:linbin@keysou.com
####Script Start####
# Load The System Library.
. /etc/init.d/functions
# Determine The Number Of Parameters.
if [ $# -ne 1 ];then
echo "Usage: $0 Please Input File Or Directory You Want To Fenfa!"
exit 1
fi
for ip in 134 135
do
scp -P22 -rp $1 linbin888@192.168.100.$ip:~ &>/dev/null
if [ $? -eq 0 ];then
action "Fenfa $1 Is Ok!" /bin/true
else
action "Fenfa $1 Is Fail!" /bin/false
fi
done
####Script End####
[linbin888@Management-Server ~]$ sh fenfa_3.sh
Usage: fenfa_3.sh Please Input File Or Directory You Want To Fenfa!
[linbin888@Management-Server ~]$ /bin/bash fenfa_3.sh hosts
Fenfa hosts Is Ok! [ OK ]
Fenfa hosts Is Ok! [ OK ]
[linbin888@Web01-Server ~]$ ls -l hosts
-rw-r--r-- 1 linbin888 linbin888 193 May 2 13:55 hosts
[linbin888@Web02-Server ~]$ ls -l hosts
-rw-r--r--. 1 linbin888 linbin888 193 May 2 13:55 hosts
【4】如何实现A指定目录的文件分发到B C任意目录
[root@Web01-Server ~]# echo "linbin888 ALL=(ALL) NOPASSWD: /usr/bin/rsync" >> /etc/sudoers
[root@Web01-Server ~]# visudo -c
/etc/sudoers: parsed OK
[root@Web02-Server ~]# echo "linbin888 ALL=(ALL) NOPASSWD: /usr/bin/rsync" >> /etc/sudoers
[root@Web02-Server ~]# visudo -c
/etc/sudoers: parsed OK
[linbin888@Management-Server ~]$ vim fenfa_4.sh
#!/bin/bash
# Name:fenfa_4.sh
# Version:V1.0
# Type:Management
# Language:Bash Shell
# Date:2017-05-03
# Author:LinBin
# Email:linbin@keysou.com
####Script Start####
# Load The System Library.
. /etc/init.d/functions
# Determine The Number Of Parameters.
if [ $# -ne 2 ];then
echo "Usage: $0 Please Input File Or Directory You Want To Fenfa!"
exit 1
fi
for ip in 134 135
do
scp -P22 -rp $1 linbin888@192.168.100.$ip:~ &>/dev/null && \
ssh -t 192.168.100.$ip sudo rsync $1 $2 &>/dev/null
if [ $? -eq 0 ];then
action "Fenfa $1 To $2 Is Ok!" /bin/true
else
action "Fenfa $1 To $2 Is Fail!" /bin/false
fi
done
####Script End####
[linbin888@Management-Server ~]$ sh fenfa_4.sh<==未加参数提示
Usage: fenfa_4.sh Please Input File Or Directory You Want To Fenfa!
[linbin888@Management-Server ~]$ /bin/bash fenfa_4.sh hosts /etc/
Fenfa hosts To /etc/ Is Ok! [ OK ]
Fenfa hosts To /etc/ Is Ok! [ OK ]
[root@Web01-Server ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.100.137 Management-Server
192.168.100.134 Web02-Server
192.168.100.135 Web01-Server
[root@Web02-Server ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.100.137 Management-Server
192.168.100.134 Web02-Server
192.168.100.135 Web01-Server
【5】如何查看所有机器的负载,内存等信息
[linbin888@Management-Server ~]$ vim view.sh
#!/bin/bash
# Name:view.sh
# Version:V1.0
# Type:Management
# Language:Bash Shell
# Date:2017-05-03
# Author:LinBin
# Email:linbin@keysou.com
####Script Start####
# Load The System Library.
. /etc/init.d/functions
# Determine The Number Of Parameters.
if [ $# -ne 2 ];then
echo "Usage: $0 Please Input Cmd You Want To Excue!"
exit 1
fi
# Manage The Specified Server.
for ip in 134 135
do
echo "========For 192.168.100.$ip========"
ssh linbin888@192.168.100.$ip $1 2>/dev/null
echo "========For 192.168.100.$ip========"
ssh linbin888@192.168.100.$ip $2 2>/dev/null
done
####Script End####
[linbin888@Management-Server ~]$ /bin/bash view.sh<==未加参数提示
Usage: view.sh Please Input Cmd You Want To Excue!
[linbin888@Management-Server ~]$ /bin/bash view.sh "/usr/bin/uptime" "/usr/bin/free -m"
========For 192.168.100.134========
11:33:03 up 1:16, 1 user, load average: 0.00, 0.00, 0.00
========For 192.168.100.134========
total used free shared buffers cached
Mem: 486 99 386 0 10 38
-/+ buffers/cache: 50 435
Swap: 699 0 699
========For 192.168.100.135========
11:33:04 up 1:16, 1 user, load average: 0.00, 0.00, 0.00
========For 192.168.100.135========
total used free shared buffers cached
Mem: 486 405 80 0 12 290
-/+ buffers/cache: 102 383
Swap: 699 0 699
【6】如何实现每分钟定时分发hosts文件到所有机器上,并把分发失败,把没有分发成功的机器信息以邮件的形式发给运维人员
mail命令用法
【1】mail -s "标题" 邮件地址 < 文件
[root@Management-Server ~]# mail -s "Hello World" linbin@keysou.com < /etc/hosts
【2】echo "邮件正文"|mail -s "标题" 邮件地址
[root@Management-Server ~]# echo "axbc1kof"|mail -s "Hello World" linbin@keysou.com
[root@Management-Server ~]# /etc/init.d/postfix restart
Shutting down postfix: [ OK ]
Starting postfix: [ OK ]
[root@Management-Server ~]# netstat -tnlup|grep "25"|grep -v "grep"
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 27268/master
tcp 0 0 ::1:25 :::* LISTEN 27268/master
[root@Management-Server ~]# ps -ef|grep "master"|grep -v "grep"
root 27268 1 0 11:53 ? 00:00:00 /usr/libexec/postfix/master
[root@Management-Server ~]# lsof -i:25
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
master 27268 root 12u IPv4 37507 0t0 TCP localhost:smtp (LISTEN)
master 27268 root 13u IPv6 37509 0t0 TCP localhost:smtp (LISTEN)
[root@Management-Server ~]# mail -s "Hello LinBin" linbin@keysou.com < /etc/hosts
[root@Management-Server ~]# mailq
Mail queue is empty
[linbin888@Management-Server ~]$ vim fenfa_5.sh
#!/bin/bash
# Name:fenfa_5.sh
# Version:V1.0
# Type:Management
# Language:Bash Shell
# Date:2017-05-03
# Author:LinBin
# Email:linbin@keysou.com
####Script Start####
# Load The System Library.
. /etc/init.d/functions
# Determine The Number Of Parameters.
if [ $# -ne 2 ];then
echo "USAGE:$0 Plesase Input FILENAME And Remotedir You Want To Fenfa!"
exit 1
fi
for ip in 134 135 136
do
scp -P22 -rp $1 linbin888@192.168.100.$ip:~ &>/dev/null && \
ssh -t linbin888@192.168.100.$ip sudo rsync $1 $2 &>/dev/null
if [ $? -eq 0 ];then
echo "Fenfa $1 To 192.168.100.$ip $2 Is Ok!" >> fenfa_ok.log
else
echo "Fenfa $1 To 192.168.100.$ip $2 Is Fail" >> fenfa_fail.log
fi
done
if [ -f "fenfa_fail.log" ] && [ -s "fenfa_fail.log" ];then
mail -s "$(date +%F\ %T)_Fengfa" linbin@keysou.com < fenfa_fail.log
>fenfa_ok.log
>fenfa_fail.log
fi
####Script End####
[root@Management-Server ~]# crontab -u linbin888 -e
####For Fenfa host File By LinBin At 2017-05-03####
* * * * * /bin/bash /home/linbin888/fenfa_5.sh "/home/linbin888/hosts" "/opt" &>/dev/null
[root@Management-Server ~]# crontab -u linbin888 -l
####For Fenfa host File By LinBin At 2017-05-03####
* * * * * /bin/bash /home/linbin888/fenfa_5.sh "/home/linbin888/hosts" "/opt" &>/dev/null
解决索要yes和密码问题(非交互式)
[root@Management-Server ~]# yum -y install expect
[root@Management-Server ~]# rpm -qa expect
expect-5.44.1.15-5.el6_4.x86_64
expect工作流程:spawn启动进程-->expect期待关键字-->send向进程发送字符-->退出结束
expect语法格式
【1】首行加上/usr/bin/expect
【2】spawn:后面加上需要执行的shell命令,如spawn ssh -p22 root@192.168.100.134 /sbin/ifconfig eth0
【3】expect:只有spawn执行的命令结果才会被expect捕捉到,因为spawn会启动一个进程,只有这个进程的相关信息才会被捕捉到
【4】send和send_user:send会将expect脚本中需要的信息发送给spawn启动的那个进程,而send_user只是回显用户发出的信息,类似于Shell中的echo而已
[root@Management-Server ~]# vim /server/scripts/fenfa_6.exp
#!/usr/bin/expect
# Name:fenfa_6.exp
# Version:V1.0
# Type:Management
# Language:Expect
# Date:2017-05-03
# Author:LinBin
# Email:linbin@keysou.com
spawn ssh -p22 root@192.168.100.134 /sbin/ifconfig eth0
set timeout 60
expect "yes/no\n"
send "yes\n"
expect "*password:"
send "axbc1kof\n"
expect eof
exit
[root@Management-Server ~]# chmod 700 /server/scripts/fenfa_6.exp
[root@Management-Server ~]# ls -l /server/scripts/fenfa_6.exp
-rwx------. 1 root root 141 Nov 27 18:20 /server/scripts/fenfa_6.exp
[root@Management-Server ~]# expect fenfa.exp
spawn ssh -p22 root@192.168.100.134 /sbin/ifconfig eth0
The authenticity of host '192.168.100.134 (192.168.100.134)' can't be established.
RSA key fingerprint is 80:49:38:e8:9d:10:7a:06:9d:2f:72:39:1b:e6:56:a7.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.100.134' (RSA) to the list of known hosts.
root@192.168.100.134's password:
eth0 Link encap:Ethernet HWaddr 00:0C:29:64:D3:14
inet addr:192.168.100.134 Bcast:192.168.100.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe64:d314/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2473 errors:0 dropped:0 overruns:0 frame:0
TX packets:2366 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:277381 (270.8 KiB) TX bytes:264004 (257.8 KiB)
[root@Management-Server ~]# vim /server/scripts/fenfa_7.exp
#!/usr/bin/expect
# Name:fenfa_7.exp
# Version:V1.0
# Type:Management
# Language:Expect
# Date:2017-05-03
# Author:LinBin
# Email:linbin@keysou.com
spawn ssh -p22 root@192.168.100.134 /sbin/ifconfig eth0
set timeout 60
expect {
"yes/no" { exp_send "yes\n";exp_continue }
"*password:" { exp_send "axbc1kof\n" }
}
expect eof
exit
[root@Management-Server ~]# chmod 700 /server/scripts/fenfa_7.exp
[root@Management-Server ~]# ls -l /server/scripts/fenfa_7.exp
-rwx------. 1 root root 200 Nov 27 18:39 /server/scripts/fenfa_7.exp
[root@Management-Server ~]# expect /server/scripts/fenfa_7.exp
spawn ssh -p22 root@192.168.100.134 /sbin/ifconfig eth0
The authenticity of host '192.168.100.134 (192.168.100.134)' can't be established.
RSA key fingerprint is 80:49:38:e8:9d:10:7a:06:9d:2f:72:39:1b:e6:56:a7.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.100.134' (RSA) to the list of known hosts.
root@192.168.100.134's password:
eth0 Link encap:Ethernet HWaddr 00:0C:29:64:D3:14
inet addr:192.168.100.134 Bcast:192.168.100.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe64:d314/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2612 errors:0 dropped:0 overruns:0 frame:0
TX packets:2514 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:292571 (285.7 KiB) TX bytes:281446 (274.8 KiB)
[root@Management-Server ~]# vim /server/scripts/fenfa_8.exp
#!/usr/bin/expect
# Name:fenfa_8.exp
# Version:V1.0
# Type:Management
# Language:Expect
# Date:2017-05-03
# Author:LinBin
# Email:linbin@keysou.com
set CMD [lindex $argv 0]<==[lindex $argv 0]表示第一个参数
if { $argc != 1 } {
send_user "Usage:Plesase Input Cmd You Want To Exec\n"<==send_user用来发送内容给用户
exit
}
spawn ssh -p22 root@192.168.100.134 $CMD
set timeout 60
expect {
"yes/no" { exp_send "yes\n";exp_continue }
"*password:" { exp_send "axbc1kof\n" }
}
expect eof
exit
[root@Management-Server ~]# expect /server/scripts/fenfa_8.exp
Usage:Plesase Input Cmd You Want To Exec
[root@Management-Server ~]# expect /server/scripts/fenfa_8.exp "/sbin/ifconfig eth0"
spawn ssh -p22 root@192.168.100.134 /sbin/ifconfig eth0
The authenticity of host '192.168.100.134 (192.168.100.134)' can't be established.
RSA key fingerprint is 80:49:38:e8:9d:10:7a:06:9d:2f:72:39:1b:e6:56:a7.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.100.134' (RSA) to the list of known hosts.
root@192.168.100.134's password:
eth0 Link encap:Ethernet HWaddr 00:0C:29:64:D3:14
inet addr:192.168.100.134 Bcast:192.168.100.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe64:d314/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2803 errors:0 dropped:0 overruns:0 frame:0
TX packets:2696 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:319027 (311.5 KiB) TX bytes:313689 (306.3 KiB)
用户访问网站流程
DNS解析原理、流程
[root@Web01-Server ~]# dig @114.114.114.114 www.baidu.com +trace
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6 <<>> @114.114.114.114 www.baidu.com +trace
; (1 server found)
;; global options: +cmd
. 190881 IN NS d.root-servers.net.
. 190881 IN NS f.root-servers.net.
. 190881 IN NS e.root-servers.net.
. 190881 IN NS j.root-servers.net.
. 190881 IN NS l.root-servers.net.
. 190881 IN NS a.root-servers.net.
. 190881 IN NS m.root-servers.net.
. 190881 IN NS c.root-servers.net.
. 190881 IN NS h.root-servers.net.
. 190881 IN NS g.root-servers.net.
. 190881 IN NS b.root-servers.net.
. 190881 IN NS k.root-servers.net.
. 190881 IN NS i.root-servers.net.
;; Received 228 bytes from 114.114.114.114#53(114.114.114.114) in 43318 ms
com. 172800 IN NS h.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.
com. 172800 IN NS g.gtld-servers.net.
com. 172800 IN NS k.gtld-servers.net.
com. 172800 IN NS f.gtld-servers.net.
com. 172800 IN NS m.gtld-servers.net.
com. 172800 IN NS b.gtld-servers.net.
com. 172800 IN NS l.gtld-servers.net.
com. 172800 IN NS e.gtld-servers.net.
com. 172800 IN NS i.gtld-servers.net.
com. 172800 IN NS d.gtld-servers.net.
com. 172800 IN NS a.gtld-servers.net.
com. 172800 IN NS j.gtld-servers.net.
;; Received 491 bytes from 199.7.91.13#53(199.7.91.13) in 4311 ms
baidu.com. 172800 IN NS dns.baidu.com.
baidu.com. 172800 IN NS ns2.baidu.com.
baidu.com. 172800 IN NS ns3.baidu.com.
baidu.com. 172800 IN NS ns4.baidu.com.
baidu.com. 172800 IN NS ns7.baidu.com.
;; Received 201 bytes from 192.26.92.30#53(192.26.92.30) in 7466 ms
www.baidu.com. 1200 IN CNAME www.a.shifen.com.
a.shifen.com. 1200 IN NS ns2.a.shifen.com.
a.shifen.com. 1200 IN NS ns4.a.shifen.com.
a.shifen.com. 1200 IN NS ns3.a.shifen.com.
a.shifen.com. 1200 IN NS ns1.a.shifen.com.
a.shifen.com. 1200 IN NS ns5.a.shifen.com.
;; Received 228 bytes from 220.181.38.10#53(220.181.38.10) in 4159 ms
运维十大原理
【1】DNS解析原理、流程
【2】HTTP协议通信原理、流程
【3】TCP/IP三次握手四次断开流程
HTTP协议简介:超文本传输协议,最重要的应用WWW(World Wide Web)服务,默认端口80,默认加密端口443
HTTP协议版本:0.9、1.0(广泛)、1.1(主流)
[root@Web01-Server ~]# curl -I www.baidu.com
HTTP/1.1 200 OK
Server: bfe/1.0.8.18
Date: Wed, 03 May 2017 08:35:45 GMT
Content-Type: text/html
Content-Length: 277
Last-Modified: Mon, 13 Jun 2016 02:50:26 GMT
Connection: Keep-Alive
ETag: "575e1f72-115"
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Pragma: no-cache
Accept-Ranges: bytes
HTTP/1.0和HTTP/1.1的区别
【1】在同一个TCP的连接中可以传送多个HTTP请求和响应
【2】多个请求和响应可以重叠,多个请求和响应可以同时进行
【3】更加多的请求头和响应头(如HTTP1.0没有host字段)
【4】在HTTP/1.0中,大多实现为每个请求/响应交换使用新的连接;在HTTP/1.1中,一个连接可用于一次或多次请求/响应交换,尽管连接可能由于各种原因被关闭,这是它们之间最大的分别
常见HTTP方法(想对Web服务器干什么)
GET客户端请求指定资源,服务器返回指定资源
HEAD只请求响应报文中的HTTP首部
POST将客户端的数据提交到服务器
PUT从客户端向服务器传送的数据取代指定的文档内容
DELETE请求服务器删除指定的资源
MOVE请求服务器将指定的页面移至另一个网络地址
常见HTTP状态码(客户端请求Web服务器返回结果状态)
200 - OK成功
301 - Moved Permanently永久跳转
403- Forbidden禁止访问
404- Not Found未找到客户请求的页面
500- Internal Server Error内部服务器错误
502- Bad Gateway一般是代理服务器请求后端服务器时,后端服务器不可用或没有完成响应代理服务器
503- Service Unavailable服务不可用,服务器负载较高或维护
504- Gateway Timeout网关超时,后端服务器没有在给定的时间返回代理服务器
HTTP报文(数据包)
【1】请求报文客户端-->服务端
请求行请求方法请求内容HTTP版本协议
请求头部 字段值
空行空白无内容
请求报文主体GET方法没有请求报文主体,只有POST方法才有
【2】响应报文服务端-->客户端
起始行协议及版本号数字状态代码状态信息
响应头部 字段值
空行空白无内容
响应报文主体可能是网页,图片,视频等
HTTP协议通信原理图
捕获请求报文和响应报文软件fiddler
HTTP协议小结
【1】用户访问网站流程
【2】DNS解析流程
【3】建立TCP连接后发送HTTP报文流程
【4】HTTP请求报文
【5】HTTP响应报文
【6】Web服务器请求后端集群存储流程
HTTP协议重点知识小结
【1】HTTP协议位于OSI模型中第7层应用层
【2】HTTP协议的重要应用是WWW服务
【3】用户上网流程,DNS解析原理流程
【4】DNS解析获取到IP后,建立TCP连接,然后发送HTTP请求细节和Web服务器响应细节
【5】HTTP请求报文和HTTP响应报文知识
【6】到达HTTP服务器后请求后端集群节点的流程,Nginx-->Fastcgi-->PHP(数据库,存储等)
HTTP协议资源:媒体(MIME)类型
URL及URI:URL是URI命名机制的一个子集
静态网页特点(http://sports.sina.com.cn/basketball/nba/2016-11-28/doc-ifxyawmp0390582.shtml)
【1】客户端浏览器端解析程序,不需要读取数据库,性能和效率很高
【2】扩展名格式:纯文本类程序或文件,htm、html、xml、shtml、js、css等;图片类文件或数据文档,jpg、gif、png、bmp、txt、doc、ppt等;视频类流媒体文件,mp4、swf、avi、wmv、flv等
【3】后端没有数据库支持,和用户交互性差,功能实现差
动态网页特点(http://cas.ajbcloud.com/cas/login?locale=zh_CN&service=http%3A%2F%2Fwww.ajbcloud.com%3A80%2F)
【1】网页扩展名常见为asp、aspx、php、jsp、do、cgi等
【2】网页一般以数据库技术为基础,大大降低了网站维护的工作量
【3】采用动态网页技术的网站可以实现更多的功能,如用户注册、用户登录、在线调查、投票、用户管理、订单管理、发博文等
【4】动态网页不是独立存在于服务器上的一个个网页文件(php/jsp),当用户请求服务器上的动态程序时,服务器解析程序并读取数据库返回一个完整的页面内容
【5】动态网页中的"?"对搜索引擎的收录存在一定的问题
【6】程序在服务器端解析,加上后端需要数据库的支持,因此访问效率较差
伪静态
【1】利用rewrite技术将动态页面伪装成静态页面
【2】便于搜索引擎收录提升用户访问量及用户体验
【3】访问性能没有提升,转换成伪静态还会消耗一定的资源,因此性能反而会下降
【4】尽可能将动态页面转成真正的静态页面
【5】并发量不是很大或动态更新过于频繁的时候,可以用rewrite实现伪静态
批量重命名文件名
[root@node1 ~]# ls -l *.jpg
-rw-r--r-- 1 root root 0 May 4 13:05 keysou_20170504_1_lb.jpg
-rw-r--r-- 1 root root 0 May 4 13:05 keysou_20170504_2_lb.jpg
-rw-r--r-- 1 root root 0 May 4 13:05 keysou_20170504_3_lb.jpg
-rw-r--r-- 1 root root 0 May 4 13:05 keysou_20170504_4_lb.jpg
-rw-r--r-- 1 root root 0 May 4 13:05 keysou_20170504_5_lb.jpg
【1】for循环
[root@node1 ~]# for file in `ls *.jpg`;do mv $file `echo "$file"|sed 's#_lb##g'`;done
[root@node1 ~]# ls -l *.jpg
-rw-r--r-- 1 root root 0 May 4 13:05 keysou_20170504_1.jpg
-rw-r--r-- 1 root root 0 May 4 13:05 keysou_20170504_2.jpg
-rw-r--r-- 1 root root 0 May 4 13:05 keysou_20170504_3.jpg
-rw-r--r-- 1 root root 0 May 4 13:05 keysou_20170504_4.jpg
-rw-r--r-- 1 root root 0 May 4 13:05 keysou_20170504_5.jpg
【2】awk
[root@node1 ~]# ls *.jpg|sed -r 's#^(.*)_lb(.*)$#mv \1_lb\2 \1\2#g'|bash
[root@node1 ~]# ls -l *.jpg
-rw-r--r-- 1 root root 0 May 4 13:05 keysou_20170504_1.jpg
-rw-r--r-- 1 root root 0 May 4 13:05 keysou_20170504_2.jpg
-rw-r--r-- 1 root root 0 May 4 13:05 keysou_20170504_3.jpg
-rw-r--r-- 1 root root 0 May 4 13:05 keysou_20170504_4.jpg
-rw-r--r-- 1 root root 0 May 4 13:05 keysou_20170504_5.jpg
【3】sed后项引用
[root@node1 ~]# ls *.jpg|awk -F"_lb" '{print "mv",$0,$1$2}'|bash
[root@node1 ~]# ls -l *.jpg
-rw-r--r-- 1 root root 0 May 4 13:12 keysou_20170504_1.jpg
-rw-r--r-- 1 root root 0 May 4 13:12 keysou_20170504_2.jpg
-rw-r--r-- 1 root root 0 May 4 13:12 keysou_20170504_3.jpg
-rw-r--r-- 1 root root 0 May 4 13:12 keysou_20170504_4.jpg
-rw-r--r-- 1 root root 0 May 4 13:12 keysou_20170504_5.jpg
【4】rename
[root@node1 ~]# rename "_lb" "" *.jpg
[root@node1 ~]# ls -l *.jpg
-rw-r--r-- 1 root root 0 May 4 13:19 keysou_20170504_1.jpg
-rw-r--r-- 1 root root 0 May 4 13:19 keysou_20170504_2.jpg
-rw-r--r-- 1 root root 0 May 4 13:19 keysou_20170504_3.jpg
-rw-r--r-- 1 root root 0 May 4 13:19 keysou_20170504_4.jpg
-rw-r--r-- 1 root root 0 May 4 13:19 keysou_20170504_5.jpg
IP(Internet Protocol)独立IP数,00:00~24:00内相同IP访问同一个网站只被计算一次
PV(Page View)页面浏览数或点击量,访问一个页面就是一个PV
UV(Unique Vistor)独立访客数,00:00~24:00内相同的客户端访问同一个网站只被计算一次UV,统计方式Cookie
Nginx访问日志IP统计
IP/PV/UV网站流量度量
并发访问量:网站服务器单位时间内能够处理的最大连接数(请求数)
QPS(每秒查询数)
IOPS(每秒读写数)
小结
【1】什么是静态资源,作用和优缺点
【2】什么是动态资源,作用和优缺点
【3】什么是伪静态,作用和优缺点
【4】什么是URL(统一资源定位符),URI(统一资源标识符),MIME类型
【5】什么是HTTP状态码,200 301 302 403 404 500 502 503 504代表的含义
【6】用户访问网站流程
【7】DNS解析原理
【8】HTTP协议原理
静态页面的优缺点与动态页面的优缺点是相对的
静态页面优点
【1-1】真实存在服务器上,用户只要提交申请,静态网页就会下载到浏览器上,而且还可以通过浏览器的缓存,让用户在第二次打开时,就基本上不用再次到服务器下载,访问速度要快于动态网站
【1-2】利于搜索引擎的收录和抓取
静态页面缺点
【1-3】不利于网站的维护,无数据库支持
【1-4】互动性较差
动态页面优点
【2-1】互动性较好
【2-2】利于网站的维护,有数据库支持
动态页面缺点
【2-3】利于搜索引擎的收录和抓取
【2-4】访问速度要慢于静态网站
伪静态页面优点
【3-1】利于搜索引擎的收录和抓取
【3-2】提升用户体验
伪静态页面缺点
【3-3】会消耗一定的服务器资源
【3-4】不会提升网站性能
WWW服务常用Web软件:Nginx、Apache
LAMP:Linux + Apache + MySQL + PHP
LNMP:Linux + Nginx + MySQL + PHP
LEMP:Linux + Nginx + MySQL + PHP
Nginx特点
【1】配置简单、灵活、轻量
【2】高并发(静态资源),静态资源几万的并发
【3】资源占用少
【4】功能丰富(web、cache、proxy)
请简述Apache select模式和Nginx epoll模式二者的区别
请简述正向代理和反向代理概念及二者的区别
Nginx支持虚拟主机
【1】基于域名的虚拟主机:通过域名来区分虚拟主机
【2】基于端口的虚拟主机:通过端口来区分虚拟主机
【3】基于IP的虚拟主机:通过IP来区分虚拟主机
Nginx官方网站:http://nginx.org
查看版本信息
[root@Web01-Server ~]# cat /etc/redhat-release
CentOS release 6.6 (Final)
[root@Web01-Server ~]# uname -r
2.6.32-504.el6.x86_64
[root@Web01-Server ~]# uname -m
x86_64
安装pcre支持正则表达式
[root@Web01-Server ~]# rpm -qa pcre pcre-devel
pcre-7.8-6.el6.x86_64
[root@Web01-Server ~]# yum -y install pcre pcre-devel
[root@Web01-Server ~]# rpm -qa pcre pcre-devel
pcre-7.8-7.el6.x86_64
pcre-devel-7.8-7.el6.x86_64
安装openssl支持加密访问
[root@Web01-Server ~]# rpm -qa openssl openssl-devel
openssl-1.0.1e-30.el6.x86_64
[root@Web01-Server ~]# yum -y install openssl openssl-devel
[root@Web01-Server ~]# rpm -qa openssl openssl-devel
openssl-devel-1.0.1e-57.el6.x86_64
openssl-1.0.1e-57.el6.x86_64
安装zlib支持压缩
[root@Web01-Server ~]# rpm -qa zlib zlib-devel
zlib-devel-1.2.3-29.el6.x86_64
zlib-1.2.3-29.el6.x86_64
安装Nginx
[root@Web01-Server ~]# useradd -c "For Run Nginx Service" -s /sbin/nologin -M www
[root@Web01-Server ~]# id www
uid=500(www) gid=500(www) groups=500(www)
[root@Web01-Server ~]# grep "^\bwww\b" /etc/passwd
www:x:500:500:For Run Nginx Service:/home/www:/sbin/nologin
[root@Web01-Server ~]# tar xvfz nginx-1.10.1.tar.gz -C /usr/local/src/
[root@Web01-Server ~]# cd /usr/local/src/nginx-1.10.1/
[root@Web01-Server nginx-1.10.1]# ./configure --prefix=/applicaction/nginx-1.10.1 --user=www --group=www --with-http_ssl_module --with-http_stub_status_module --with-http_gzip_static_module
[root@Web01-Server nginx-1.10.1]# make && make install
[root@Web01-Server nginx-1.10.1]# /applicaction/nginx-1.10.1/sbin/nginx -V
nginx version: nginx/1.10.1
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-11) (GCC)
built with OpenSSL 1.0.1e-fips 11 Feb 2013
TLS SNI support enabled
configure arguments: --prefix=/applicaction/nginx-1.10.1 --user=nginx --group=nginx --with-http_ssl_module --with-http_stub_status_module --with-http_gzip_static_module
[root@Web01-Server nginx-1.10.1]# ln -s /applicaction/nginx-1.10.1/ /applicaction/nginx
[root@Web01-Server nginx-1.10.1]# ls -ld /applicaction/nginx
lrwxrwxrwx 1 root root 27 May 4 18:13 /applicaction/nginx -> /applicaction/nginx-1.10.1/
[root@Web01-Server nginx-1.10.1]# /applicaction/nginx/sbin/nginx
[root@Web01-Server nginx-1.10.1]# netstat -tnlup|grep "nginx"|grep -v "grep"
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 11505/nginx
[root@Web01-Server nginx-1.10.1]# ps -ef|grep "nginx"|grep -v "grep"
root 11505 1 0 18:20 ? 00:00:00 nginx: master process /applicaction/nginx/sbin/nginx
www 11506 11505 0 18:20 ? 00:00:00 nginx: worker process
[root@Web01-Server nginx-1.10.1]# lsof -i:80
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
nginx 11505 root 6u IPv4 22588 0t0 TCP *:http (LISTEN)
nginx 11506 www 6u IPv4 22588 0t0 TCP *:http (LISTEN)
[root@Web01-Server nginx-1.10.1]# curl 127.0.0.1
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
查看版本号及编译参数
[root@Web01-Server nginx-1.10.1]# /applicaction/nginx/sbin/nginx -V
nginx version: nginx/1.10.1
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-11) (GCC)
built with OpenSSL 1.0.1e-fips 11 Feb 2013
TLS SNI support enabled
configure arguments: --prefix=/applicaction/nginx-1.10.1 --user=www --group=www --with-http_ssl_module --with-http_stub_status_module --with-http_gzip_static_module
查看目录结构
[root@Web01-Server nginx-1.10.1]# ls -l /applicaction/nginx/|grep -v "temp"
total 36
drwxr-xr-x 2 root root 4096 May 4 18:19 conf<==Nginx配置文件目录
drwxr-xr-x 2 root root 4096 May 4 18:19 html<==Nginx网站代码目录
drwxr-xr-x 2 root root 4096 May 4 18:20 logs<==Nginx日志目录,包括访问日志和错误日志和进程文件(PID)
drwxr-xr-x 2 root root 4096 May 4 18:19 sbin<==Nginx可执行二进制命令
Nginx官方文档网站:http://nginx.org/en/docs/
Nginx核心模块网站:http://nginx.org/en/docs/ngx_core_module.html
Nginx常用模块
【1】核心模块
【2】事件模块
【3】HTTP模块
[root@Web01-Server nginx-1.10.1]# cd /applicaction/nginx/conf/
[root@Web01-Server conf]# cp -a nginx.conf nginx.conf_$(date +%F)
[root@Web01-Server conf]# egrep -v "#|^$" nginx.conf.default > nginx.conf
[root@Web01-Server conf]# vim nginx.conf
user www www;<==核心区块
worker_processes 1;
error_log logs/error.log notice;
pid logs/nginx.pid;
events {<==事件区块
use epoll
worker_connections 1024;
}
http {<==HTTP区块
include mime.types;
default_type application/octet-stream;
sendfile on;
tcp_nopush on;
keepalive_timeout 65;
}
server {<==虚拟主机区块
listen 80;
server_name localhost;
location / {
root html;
index index.html index.htm;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
【1】基于域名的虚拟主机
[root@Web01-Server conf]# vim nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name www.keysou.com;
location / {
root html/www;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 80;
server_name bbs.keysou.com;
location / {
root html/bbs;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
[root@Web01-Server conf]# /applicaction/nginx/sbin/nginx -t
nginx: the configuration file /applicaction/nginx-1.10.1/conf/nginx.conf syntax is ok
nginx: configuration file /applicaction/nginx-1.10.1/conf/nginx.conf test is successful
[root@Web01-Server conf]# mkdir ../html/{www,bbs} -p
[root@Web01-Server conf]# ls -ld ../html/{www,bbs}
drwxr-xr-x 2 root root 4096 May 4 22:07 ../html/bbs
drwxr-xr-x 2 root root 4096 May 4 22:07 ../html/www
[root@Web01-Server conf]# echo "www.keysou.com" >> ../html/www/index.html
[root@Web01-Server conf]# echo "bbs.keysou.com" >> ../html/bbs/index.html
[root@Web01-Server conf]# cat >> /etc/hosts<<EOF
192.168.100.134 www.keysou.com
192.168.100.134 bbs.keysou.com
EOF
[root@Web01-Server conf]# tail -2 /etc/hosts
192.168.100.134 www.keysou.com
192.168.100.134 bbs.keysou.com
[root@Web01-Server conf]# /applicaction/nginx/sbin/nginx -s reload
[root@Web01-Server conf]# curl www.keysou.com
www.keysou.com
[root@Web01-Server conf]# curl bbs.keysou.com
bbs.keysou.com
【2】基于端口的虚拟主机
[root@Web01-Server conf]# vim nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 8080;
server_name www.keysou.com;
location / {
root html/www;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 8081;
server_name www.keysou.com;
location / {
root html/bbs;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
[root@Web01-Server conf]# /applicaction/nginx/sbin/nginx -t
nginx: the configuration file /applicaction/nginx-1.10.1/conf/nginx.conf syntax is ok
nginx: configuration file /applicaction/nginx-1.10.1/conf/nginx.conf test is successful
[root@Web01-Server conf]# /applicaction/nginx/sbin/nginx -s reload
[root@Web01-Server conf]# curl www.keysou.com:8080
www.keysou.com
[root@Web01-Server conf]# curl www.keysou.com:8081
bbs.keysou.com
【3】基于IP的虚拟主机
[root@Web01-Server conf]# ip addr add 192.168.100.135/24 dev eth0:0
[root@Web01-Server conf]# ip addr|grep "eth0"|grep -v "grep"
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
inet 192.168.100.134/24 brd 192.168.100.255 scope global eth0
inet 192.168.100.135/24 scope global secondary eth0
[root@Web01-Server conf]# vim nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name 192.168.100.134;
location / {
root html/www;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 80;
server_name 192.168.100.135;
location / {
root html/bbs;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
[root@Web01-Server conf]# /applicaction/nginx/sbin/nginx -t
nginx: the configuration file /applicaction/nginx-1.10.1/conf/nginx.conf syntax is ok
nginx: configuration file /applicaction/nginx-1.10.1/conf/nginx.conf test is successful
[root@Web01-Server conf]# /applicaction/nginx/sbin/nginx -s reload
[root@Web01-Server conf]# curl 192.168.100.134
www.keysou.com
[root@web01 conf]# curl 192.168.100.135
bbs.keysou.com
【4】include配置
[root@Web01-Server conf]# vim nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
include vhost/www.conf;
include vhost/bbs.conf;
}
[root@Web01-Server conf]# mkdir vhost
[root@Web01-Server conf]# ls -ld vhost/
drwxr-xr-x 2 root root 4096 May 5 09:43 vhost/
[root@Web01-Server conf]# vim vhost/www.conf
server {
listen 80;
server_name www.keysou.com;
location / {
root html/www;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
[root@Web01-Server conf]# vim vhost/bbs.conf
server {
listen 80;
server_name bbs.keysou.com;
location / {
root html/bbs;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
[root@Web01-Server conf]# /applicaction/nginx/sbin/nginx -t
nginx: the configuration file /applicaction/nginx-1.10.1/conf/nginx.conf syntax is ok
nginx: configuration file /applicaction/nginx-1.10.1/conf/nginx.conf test is successful
[root@Web01-Server conf]# /applicaction/nginx/sbin/nginx -s reload
[root@Web01-Server conf]# curl www.keysou.com
www.keysou.com
[root@Web01-Server conf]# curl bbs.keysou.com
bbs.keysou.com
【5】别名配置
[root@Web01-Server conf]# vim vhost/www.conf
server {
listen 80;
server_name www.keysou.com keysou.com;<==访问http://keysou.com不会跳转到http://www.keysou.com,如果需要跳转,可以使用rewrite规则
location / {
root html/www;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
[root@Web01-Server conf]# cat >> /etc/hosts<<EOF
192.168.100.134 keysou.com
EOF
[root@Web01-Server conf]# tail -1 /etc/hosts
192.168.100.134 keysou.com
[root@Web01-Server conf]# /applicaction/nginx/sbin/nginx -t
nginx: the configuration file /applicaction/nginx-1.10.1/conf/nginx.conf syntax is ok
nginx: configuration file /applicaction/nginx-1.10.1/conf/nginx.conf test is successful
[root@Web01-Server conf]# /applicaction/nginx/sbin/nginx -s reload
[root@Web01-Server conf]# curl keysou.com
www.keysou.com
【6】状态信息配置
[root@Web01-Server conf]# vim nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
include vhost/www.conf;
include vhost/bbs.conf;
include vhost/status.conf;
}
[root@Web01-Server conf]# vim vhost/status.conf
server {
listen 80;
server_name status.keysou.com;
location / {
stub_status on;
access_log off;
}
}
[root@Web01-Server conf]# cat >> /etc/hosts<<EOF
192.168.100.134 status.keysou.com
EOF
[root@Web01-Server conf]# tail -1 /etc/hosts
192.168.100.134 status.keysou.com
[root@Web01-Server conf]# /applicaction/nginx/sbin/nginx -t
nginx: the configuration file /applicaction/nginx-1.10.1/conf/nginx.conf syntax is ok
nginx: configuration file /applicaction/nginx-1.10.1/conf/nginx.conf test is successful
[root@Web01-Server conf]# /applicaction/nginx/sbin/nginx -s reload
[root@Web01-Server conf]# curl status.keysou.com
Active connections: 1
server accepts handled requests
5 5 5
Reading: 0 Writing: 1 Waiting: 0
Active connections: 11921<==正在处理的活动链接数11921
server accepts handled requests<==server表示启动到现在共处理了11989个链接数,accepts handled表示启动到现在共创建了11989次握手,requests表示共处理了11991次请求
11989 11989 11991
Reading: 0 Writing: 7 Waiting: 42<==Reading表示读取客户端的Header信息数,Writing表示返回客户端的Header信息数,Waiting已经处理完正在等候下一次请求指令的驻留链接
【7】错误日志配置
[root@Web01-Server conf]# vim nginx.conf
worker_processes 1;
error_log logs/error.log error;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
include vhost/*.conf;
}
[root@Web01-Server conf]# /applicaction/nginx/sbin/nginx -t
nginx: the configuration file /applicaction/nginx-1.10.1/conf/nginx.conf syntax is ok
nginx: configuration file /applicaction/nginx-1.10.1/conf/nginx.conf test is successful
[root@Web01-Server conf]# /applicaction/nginx/sbin/nginx -s reload
[root@Web01-Server conf]# ls -l ../logs/error.log
-rw-r--r-- 1 root root 1684 May 5 10:24 ../logs/error.log
【8】访问日志配置
[root@Web01-Server conf]# vim nginx.conf
worker_processes 1;
error_log logs/error.log error;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$request_body" "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"'
'$http_host $upstream_status $upstream_addr $request_time $upstream_response_time';
include vhost/*.conf;
}
[root@Web01-Server conf]# vim vhost/www.conf
server {
listen 80;
server_name www.keysou.com keysou.com;
location / {
root html/www;
index index.html index.htm;
}
access_log logs/www.access.log main;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
[root@Web01-Server conf]# /applicaction/nginx/sbin/nginx -t
nginx: the configuration file /applicaction/nginx-1.10.1/conf/nginx.conf syntax is ok
nginx: configuration file /applicaction/nginx-1.10.1/conf/nginx.conf test is successful
[root@Web01-Server conf]# /applicaction/nginx/sbin/nginx -s reload
[root@Web01-Server conf]# curl www.keysou.com
www.keysou.com
[root@Web01-Server conf]# tail ../logs/www.access.log
192.168.100.1 - - [05/May/2017:11:05:41 +0800] "GET / HTTP/1.1" 304 0 "-" "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.97 Safari/537.36" "-"www.keysou.com - - 0.000 -
【9】访问及错误日志轮询(按天)
[root@Web01-Server conf]# vim /server/scripts/cut_nginx_log.sh
#!/bin/bash
# Name:cut_nginx_log.sh
# Version:V1.0
# Type:Log
# Language:Bash Shell
# Date:2017-05-05
# Author:LinBin
# Email:linbin@keysou.com
####Script Start####
# Determines Whether The Current User Is An Administrator.
if [ $UID -ne 0 ];then
echo "User has insufficient privilege."
exit 4
fi
# Defined Variables.
Log_Path="/var/log/nginx/www.keysou.com"
Pid_Path="/var/run/nginx/nginx.pid"
Date=$(date -d '-1 day' +%Y%m%d)
Mv="/bin/mv"
Gzip="/bin/gzip"
# To Determine Whether The Log Directory Exists.
[ -f $Log_Path ] && cd $Log_Path || exit 5
# Rename Log File.
$Mv $Log_Path/access.log $Log_Path/access_$Date.log
$Mv $Log_Path/error.log $Log_Path/error_$Date.log
# Compressed Log File.
$Gzip $Log_Path/access_$Date.log
$Gzip $Log_Path/error_$Date.log
# Sends A Signal To The Nginx Main Process.
kill -USR1 `cat $Pid_Path`
# Delete History Backup, Save The Last Month Backup Data.
find $Log_Path -type f -name "*.gz" -mtime +30|xargs rm -f
####Script End####
[root@Web01-Server conf]# cat >> /var/spool/cron/root<<EOF
####For Cut Nginx Log By LinBin At 20170505####
00 00 * * * /bin/bash /server/scripts/cut_nginx_log.sh &>/dev/null
EOF
[root@Web01-Server conf]# tail -2 /var/spool/cron/root
####For Cut Nginx Log By LinBin At 20170505####
00 00 * * * /bin/bash /server/scripts/cut_nginx_log.sh &>/dev/null
【10】rewrite配置
语法格式:rewrite regex replacement[flag]
rewrite ^/(.*) http://www.keysou.com/$1 permanent;<==$1表示前面匹配的内容^/(.*),类似sed的后项引用,permanent表示永久跳转,状态码为301
[root@Web01-Server conf]# vim vhost/www.conf
server {
listen 80;
server_name www.keysou.com;
location / {
root html/www;
index index.html index.htm;
}
access_log logs/www.access.log main;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 80;
server_name keysou.com;
rewrite ^/(.*) http://www.keysou.com/$1 permanent;
access_log logs/www.access.log main;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
[root@Web01-Server conf]# /applicaction/nginx/sbin/nginx -t
nginx: the configuration file /applicaction/nginx-1.10.1/conf/nginx.conf syntax is ok
nginx: configuration file /applicaction/nginx-1.10.1/conf/nginx.conf test is successful
[root@Web01-Server conf]# /applicaction/nginx/sbin/nginx -s reload
[root@Web01-Server conf]# curl -I keysou.com
HTTP/1.1 301 Moved Permanently
Server: nginx/1.10.1
Date: Fri, 05 May 2017 03:42:12 GMT
Content-Type: text/html
Content-Length: 185
Connection: keep-alive
Location: http://www.keysou.com/
flag标记符号符号描述
last本条规则匹配完成后,继续向下匹配新的location URI规则
break本条规则匹配完成后即终止,不再匹配后面的任何规则
redirect返回302临时重定向,浏览器地址栏会显示跳转后的URI地址
permanent返回301永久重定向,浏览器地址栏会显示跳转后的URI地址
数据库(存放数据的仓库)
【1】传统关系型数据库:MySQL、MariaDB、Oracle、SQL Server、DB2
【2】数据读写更多是和磁盘打交道,数据一致性,安全性,缺点速度慢
关系型数据库:二维表
IDNameSex
01LinBinMan
02LiuWenQianWoman
SQL:Structured Query Language,结构化查询语言
非关系型数据库(NOSQL):Memcached、Redis,以高效性,高性能为目的
非关系型数据库:哈希表
KeyValue
01LinBin
02LiuWenQian
非关系型数据库NOSQL小结
【1】NOSQL不是否定关系型数据库,而是作为关系型数据库的补充
【2】NOSQL为了高性能、高并发而诞生
【3】NOSQL典型代表Memcached(纯内存)、Redis(持久化缓存)、Mongodb(文档数据库)
MySQL家谱
【1】商业版
【2】社区版
MySQL安装方式
【1】rpm/yum安装
【2】二进制安装
【3】编译安装,Cmake、MySQL(5.5.x)
MySQL二进制安装
[root@Web01-Server ~]# useradd -c "For Run MySQL Service" -s /sbin/nologin -M mysql
[root@Web01-Server ~]# id mysql
uid=501(mysql) gid=501(mysql) groups=501(mysql)
[root@Web01-Server ~]# grep "^\bmysql\b" /etc/passwd
mysql:x:501:501:For Run MySQL Service:/home/mysql:/sbin/nologin
[root@Web01-Server ~]# tar xvfz mysql-5.5.32-linux2.6-x86_64.tar.gz
[root@Web01-Server ~]# ls -ld mysql-5.5.32-linux2.6-x86_64
drwxr-xr-x 13 root root 4096 May 5 13:53 mysql-5.5.32-linux2.6-x86_64
[root@Web01-Server ~]# mv mysql-5.5.32-linux2.6-x86_64 /applicaction/mysql-5.5.32
[root@Web01-Server ~]# ln -s /applicaction/mysql-5.5.32/ /applicaction/mysql
[root@Web01-Server ~]# ls -ld /applicaction/mysql
lrwxrwxrwx 1 root root 27 May 5 13:54 /applicaction/mysql -> /applicaction/mysql-5.5.32/
[root@Web01-Server ~]# cd /applicaction/mysql
[root@Web01-Server mysql]# ./scripts/mysql_install_db --basedir=/applicaction/mysql --datadir=/applicaction/mysql/data/ --user=mysql
Installing MySQL system tables...
OK
Filling help tables...
OK
To start mysqld at boot time you have to copy
support-files/mysql.server to the right place for your system<==控制脚本
PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !
To do so, start the server, then issue the following commands:
/applicaction/mysql/bin/mysqladmin -u root password 'new-password'<==设置root密码命令
/applicaction/mysql/bin/mysqladmin -u root -h Web01-Server password 'new-password'<==设置root密码命令
Alternatively you can run:
/applicaction/mysql/bin/mysql_secure_installation<==安全优化
which will also give you the option of removing the test
databases and anonymous user created by default. This is
strongly recommended for production servers.
See the manual for more instructions.
You can start the MySQL daemon with:
cd /applicaction/mysql ; /applicaction/mysql/bin/mysqld_safe &<==以守护进程方式运行MySQL
You can test the MySQL daemon with mysql-test-run.pl
cd /applicaction/mysql/mysql-test ; perl mysql-test-run.pl
Please report any problems with the /applicaction/mysql/scripts/mysqlbug script!
[root@Web01-Server mysql]# chown -R mysql:mysql /applicaction/mysql/
[root@Web01-Server mysql]# ls -ld /applicaction/mysql
lrwxrwxrwx 1 mysql mysql 27 May 5 13:54 /applicaction/mysql -> /applicaction/mysql-5.5.32/
[root@Web01-Server mysql]# /bin/cp -a ./support-files/my-medium.cnf /etc/my.cnf
[root@Web01-Server mysql]# ls -l /etc/my.cnf
-rw-r--r--. 1 mysql mysql 4676 Jun 19 2013 /etc/my.cnf
[root@Web01-Server mysql]# cp -a /applicaction/mysql/support-files/mysql.server /etc/init.d/mysqld
[root@Web01-Server mysql]# ls -l /etc/init.d/mysqld
-rwxr-xr-x 1 mysql mysql 10880 Jun 19 2013 /etc/init.d/mysqld
[root@Web01-Server mysql]# sed -i 's#/usr/local/mysql#/applicaction/mysql#g' /etc/init.d/mysqld
[root@Web01-Server mysql]# sed -i 's#/usr/local/mysql#/applicaction/mysql#g' /applicaction/mysql/bin/mysqld_safe
[root@Web01-Server mysql]# ./bin/mysqld_safe &
[root@Web01-Server mysql]# netstat -tnlup|grep "mysqld"|grep -v "grep"
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 2736/mysqld
[root@Web01-Server mysql]# ps -ef|grep "mysqld"|grep -v "grep"
root 2494 1045 0 14:54 pts/1 00:00:00 /bin/sh ./bin/mysqld_safe
mysql 2736 2494 1 14:54 pts/1 00:00:02 /applicaction/mysql/bin/mysqld --basedir=/applicaction/mysql --datadir=/applicaction/mysql/data --plugin-dir=/applicaction/mysql/lib/plugin --user=mysql --log-error=/applicaction/mysql/data/Web01-Server.err --pid-file=/applicaction/mysql/data/Web01-Server.pid --socket=/tmp/mysql.sock --port=3306
[root@Web01-Server mysql]# lsof -i:3306
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
mysqld 2736 mysql 11u IPv4 21505 0t0 TCP *:mysql (LISTEN)
[root@Web01-Server mysql]# vim /etc/profile
export PATH=$PATH:/applicaction/mysql/bin
[root@Web01-Server mysql]# tail -1 /etc/profile
export PATH=$PATH:/applicaction/mysql/bin
[root@Web01-Server mysql]# source /etc/profile
[root@Web01-Server mysql]# which mysql
/applicaction/mysql/bin/mysql
[root@Web01-Server mysql]# mysqladmin -uroot password "axbc1kof"
[root@Web01-Server mysql]# mysql -uroot -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 2
Server version: 5.5.32-log MySQL Community Server (GPL)
Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| test |
+--------------------+
4 rows in set (0.00 sec)
mysql> drop database test;
Query OK, 0 rows affected (0.07 sec)
mysql> select user,host,password from mysql.user;
+------+--------------+-------------------------------------------+
| user | host | password |
+------+--------------+-------------------------------------------+
| root | localhost | *63C053DE068F3E8F1E9D13A8D8C9C124E4D34264 |
| root | Web01-Server | |
| root | 127.0.0.1 | |
| root | ::1 | |
| | localhost | |
| | Web01-Server | |
+------+--------------+-------------------------------------------+
6 rows in set (0.01 sec)
mysql> drop user 'root'@'::1';
Query OK, 0 rows affected (0.00 sec)
mysql> drop user ''@'localhost';
Query OK, 0 rows affected (0.00 sec)
mysql> delete from mysql.user where user='root' and host='Web01-Server';
Query OK, 1 row affected (0.03 sec)
mysql> delete from mysql.user where user='' and host='Web01-Server';
Query OK, 1 row affected (0.01 sec)
mysql> set password for root@'127.0.0.1' = password('axbc1kof');
Query OK, 0 rows affected (0.00 sec)
mysql> select user,host,password from mysql.user;
+------+-----------+-------------------------------------------+
| user | host | password |
+------+-----------+-------------------------------------------+
| root | localhost | *63C053DE068F3E8F1E9D13A8D8C9C124E4D34264 |
| root | 127.0.0.1 | *63C053DE068F3E8F1E9D13A8D8C9C124E4D34264 |
+------+-----------+-------------------------------------------+
2 rows in set (0.01 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
mysql> exit
Bye
[root@Web01-Server mysql]# chkconfig --level 3 mysqld on
[root@Web01-Server mysql]# chkconfig --list mysqld
mysqld 0:off 1:off 2:on 3:on 4:on 5:on 6:off
MySQL命令小结
【1】帮助:mysql> help command(如:mysql> help drop user)
【2】查库:mysql> show databases;
【3】切库:mysql> use mysql;
【4】查表:mysql> show tables;
【5】查用户表:mysql> select user,host,password from mysql.user;
【6】查当前用户:mysql> select user();
【7】查当前所在库:mysql> select database();
【8】查版本信息:mysql> select version();
【9】删除数据库:mysql> drop database keysou;
【10】创建用户:mysql> grant all on keysou.* to 'linbin'@'localhost' identified by 'axbc1kof' with grant option;
【11】删除用户:mysql> drop user 'root'@'localhost';或delete from mysql.user where user='root' and host='localhost';
【12】刷新权限表:mysql> flush privileges;
【13】设置密码:[root@Web01-Server ~]# mysqladmin -uroot password "axbc1kof"
【14】修改密码:[root@Web01-Server ~]# mysqladmin -uroot -paxbc1kof password "AXBC1KOF"
网络连接状态
http://oldboy.blog.51cto.com/2561410/1184139
CGI(Common Gateway Interface)通用网关接口,HTTP服务和其它应用程序服务(PHP)通信交流的一种工具,缺点性能较差,安全性差,每次HTTP服务器遇到动态程序需要重新启动解析器来执行解析,然后再把结果返回给HTTP服务器
FastCGI:可伸缩的,高速的在HTTP服务器和动态脚本语言间通信的接口,优点是把动态语言和HTTP服务分离开来(C/S架构)
FastCGI特点小结
【1】FastCGI是HTTP服务和动态脚本语言间通信的接口或者工具
【2】FastCGI优点是把动态语言解析和HTTP服务分离出来
【3】Nginx、Apache、Lighttpd以及多数动态语言都支持FastCGI
【4】FastCGI接口方式采用C/S架构,分为客户端(HTTP服务器)和服务端(动态语言解析服务器)
【5】PHP动态语言服务端可以启动多个FastCGI的守护进程
【6】HTTP服务器通过(如nginx fastcgi_pass)FastCGI客户端和动态语言FastCGI服务端通信(如php-fpm)
Nginx结合PHP工作FastCGI运行原理
PHP官方网站:http://php.net/
PHP依赖包安装
[root@Web01-Server ~]# tar xvfz libmcrypt-2.5.7.tar.gz -C /usr/local/src/
[root@Web01-Server ~]# cd /usr/local/src/libmcrypt-2.5.7/
[root@Web01-Server libmcrypt-2.5.7]# ./configure --prefix=/usr/local/libmcrypt
[root@Web01-Server libmcrypt-2.5.7]# make && make install
[root@Web01-Server libmcrypt-2.5.7]# ls -ld /usr/local/libmcrypt/
drwxr-xr-x 7 root root 4096 May 8 10:12 /usr/local/libmcrypt/
[root@Web01-Server ~]# tar xvfz libiconv-1.14.tar.gz -C /usr/local/src/
[root@Web01-Server ~]# cd /usr/local/src/libiconv-1.14/
[root@Web01-Server libiconv-1.14]# ./configure --prefix=/usr/local/libiconv
[root@Web01-Server libiconv-1.14]# make && make install
[root@Web01-Server libiconv-1.14]# ls -ld /usr/local/libiconv/
drwxr-xr-x 6 root root 4096 May 8 10:36 /usr/local/libiconv/
[root@Web01-Server libiconv-1.14]# yum -y install zlib-devel libxml2 libxml2-devel curl-devel libjpeg-devel libpng-devel libxslt libxslt-devel freetype-devel gd-devel mhash-devel
PHP编译安装
[root@Web01-Server ~]# tar xvfz php-5.3.27.tar.gz -C /usr/local/src/
[root@Web01-Server ~]# cd /usr/local/src/php-5.3.27/
[root@Web01-Server php-5.3.27]# ./configure \
--prefix=/applicaction/php-5.3.27 \
--with-mysql=/applicaction/mysql \<==未安装MySQL使用--enable-mysqlnd --with-pdo-mysql=mysqlnd --with-mysqli=mysqlnd --with-mysql=mysqlnd
--with-iconv \
--with-freetype-dir \
--with-jpeg-dir \
--with-png-dir \
--with-zlib \
--with-libxml-dir \
--enable-xml \
--disable-rpath \
--enable-safe-mode \
--enable-bcmath \
--enable-shmop \
--enable-sysvsem \
--enable-inline-optimization \
--with-curl \
--with-curlwrappers \
--enable-mbregex \
--enable-fpm \
--enable-mbstring \
--with-mcrypt=/usr/local/libmcrypt/ \
--with-gd \
--enable-gd-native-ttf \
--with-openssl \
--with-mhash \
--enable-pcntl \
--enable-sockets \
--with-xmlrpc \
--enable-zip \
--enable-soap \
--enable-short-tags \
--enable-zend-multibyte \
--enable-static \
--with-xsl \
--with-fpm-user=www \
--with-fpm-group=www \
--enable-ftp
[root@Web01-Server php-5.3.27]# echo "/applicaction/mysql/lib" >> /etc/ld.so.conf<==其它方法ln -s /applicaction/mysql/lib/libmysqlclient.so.18 /usr/lib64/;touch ext/phar/phar.phar
[root@Web01-Server php-5.3.27]# ldconfig
[root@Web01-Server php-5.3.27]# make && make install
[root@Web01-Server php-5.3.27]# ln -s /applicaction/php-5.3.27/ /applicaction/php
[root@Web01-Server php-5.3.27]# ls -ld /applicaction/php
lrwxrwxrwx 1 root root 25 May 8 11:44 /applicaction/php -> /applicaction/php-5.3.27/
[root@Web01-Server php-5.3.27]# cp -a php.ini-production /applicaction/php/lib/php.ini
[root@Web01-Server php-5.3.27]# ls -l /applicaction/php/lib/php.ini
-rw-r--r-- 1 101 101 69627 Jul 11 2013 /applicaction/php/lib/php.ini
[root@Web01-Server php-5.3.27]# cp -a /applicaction/php/etc/php-fpm.conf.default /applicaction/php/etc/php-fpm.conf
[root@Web01-Server php-5.3.27]# ls -l /applicaction/php/etc/php-fpm.conf
-rw-r--r-- 1 root root 21689 May 8 11:43 /applicaction/php/etc/php-fpm.conf
[root@Web01-Server php-5.3.27]# vim /applicaction/php/etc/php-fpm.conf
pid = /app/logs/php-fpm.pid
error_log = /app/logs/php-fpm.log
log_level = error
rlimit_files = 32768
events.mechanism = epoll
pm.max_children = 1024
pm.start_servers = 16
pm.min_spare_servers = 5
pm.max_spare_servers = 20
pm.process_idle_timeout = 15s;
pm.max_requests = 2048
slowlog = /app/logs/$pool.log.slow
request_slowlog_timeout = 10
php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f linbin@keysou.com
[root@Web01-Server-5.3.27]# mkdir /app/logs -p
[root@Web01-Server-5.3.27]# ls -ld /app/logs/
drwxr-xr-x 2 root root 4096 May 8 13:05 /app/logs/
[root@Web01-Server php-5.3.27]# /applicaction/php/sbin/php-fpm
[root@Web01-Server php-5.3.27]# netstat -tnlup|grep "php-fpm"|grep -v "grep"
tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 1496/php-fpm
[root@Web01-Server php-5.3.27]# ps -ef|grep "php-fpm"|grep -v "grep"
root 1496 1 0 13:05 ? 00:00:00 php-fpm: master process (/applicaction/php-5.3.27/etc/php-fpm.conf)
www 1497 1496 0 13:05 ? 00:00:00 php-fpm: pool www
www 1498 1496 0 13:05 ? 00:00:00 php-fpm: pool www
www 1499 1496 0 13:05 ? 00:00:00 php-fpm: pool www
www 1500 1496 0 13:05 ? 00:00:00 php-fpm: pool www
www 1501 1496 0 13:05 ? 00:00:00 php-fpm: pool www
www 1502 1496 0 13:05 ? 00:00:00 php-fpm: pool www
www 1503 1496 0 13:05 ? 00:00:00 php-fpm: pool www
www 1504 1496 0 13:05 ? 00:00:00 php-fpm: pool www
www 1505 1496 0 13:05 ? 00:00:00 php-fpm: pool www
www 1506 1496 0 13:05 ? 00:00:00 php-fpm: pool www
www 1507 1496 0 13:05 ? 00:00:00 php-fpm: pool www
www 1508 1496 0 13:05 ? 00:00:00 php-fpm: pool www
www 1509 1496 0 13:05 ? 00:00:00 php-fpm: pool www
www 1510 1496 0 13:05 ? 00:00:00 php-fpm: pool www
www 1511 1496 0 13:05 ? 00:00:00 php-fpm: pool www
www 1512 1496 0 13:05 ? 00:00:00 php-fpm: pool www
[root@Web01-Server php-5.3.27]# lsof -i:9000
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
php-fpm 1496 root 7u IPv4 215613 0t0 TCP localhost:cslistener (LISTEN)
php-fpm 1497 www 0u IPv4 215613 0t0 TCP localhost:cslistener (LISTEN)
php-fpm 1498 www 0u IPv4 215613 0t0 TCP localhost:cslistener (LISTEN)
php-fpm 1499 www 0u IPv4 215613 0t0 TCP localhost:cslistener (LISTEN)
php-fpm 1500 www 0u IPv4 215613 0t0 TCP localhost:cslistener (LISTEN)
php-fpm 1501 www 0u IPv4 215613 0t0 TCP localhost:cslistener (LISTEN)
php-fpm 1502 www 0u IPv4 215613 0t0 TCP localhost:cslistener (LISTEN)
php-fpm 1503 www 0u IPv4 215613 0t0 TCP localhost:cslistener (LISTEN)
php-fpm 1504 www 0u IPv4 215613 0t0 TCP localhost:cslistener (LISTEN)
php-fpm 1505 www 0u IPv4 215613 0t0 TCP localhost:cslistener (LISTEN)
php-fpm 1506 www 0u IPv4 215613 0t0 TCP localhost:cslistener (LISTEN)
php-fpm 1507 www 0u IPv4 215613 0t0 TCP localhost:cslistener (LISTEN)
php-fpm 1508 www 0u IPv4 215613 0t0 TCP localhost:cslistener (LISTEN)
php-fpm 1509 www 0u IPv4 215613 0t0 TCP localhost:cslistener (LISTEN)
php-fpm 1510 www 0u IPv4 215613 0t0 TCP localhost:cslistener (LISTEN)
php-fpm 1511 www 0u IPv4 215613 0t0 TCP localhost:cslistener (LISTEN)
php-fpm 1512 www 0u IPv4 215613 0t0 TCP localhost:cslistener (LISTEN)
LNMP整合
[root@Web01-Server ~]# vim /applicaction/nginx/conf/nginx.conf
user www www;
worker_processes 1;
error_log logs/error.log error;
events {
use epoll;
worker_connections 65535;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name localhost;
root html/www;
location / {
index index.php index.html index.htm;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
}
[root@Web01-Server ~]# /applicaction/nginx/sbin/nginx -t
nginx: the configuration file /applicaction/nginx-1.10.1/conf/nginx.conf syntax is ok
nginx: configuration file /applicaction/nginx-1.10.1/conf/nginx.conf test is successful
[root@Web01-Server ~]# /applicaction/nginx/sbin/nginx -s reload
[root@Web01-Server ~]# vim /applicaction/nginx/html/www/index.php
<?php
phpinfo();
?>
[root@Web01-Server ~]# vim /applicaction/nginx/html/www/mysql.php
<?php
$link_id=mysql_connect('localhost','root','axbc1kof') or mysql_error();
if($link_id){
echo "PHP Connection MySQL Successfully By LinBin";
}else{
echo mysql_error();
}
?>
[root@Web01-Server ~]# /applicaction/nginx/sbin/nginx -t
nginx: the configuration file /applicaction/nginx-1.10.1/conf/nginx.conf syntax is ok
nginx: configuration file /applicaction/nginx-1.10.1/conf/nginx.conf test is successful
[root@Web01-Server ~]# /applicaction/nginx/sbin/nginx -s reload
Wordpress搭建
[root@Web01-Server ~]# tar xvfz wordpress-4.4.2-zh_CN.tar.gz
[root@Web01-Server ~]# mv wordpress/* /applicaction/nginx/html/www/
[root@Web01-Server ~]# chown -R root:root /applicaction/nginx/html/www/
[root@Web01-Server ~]# cd /applicaction/nginx/html/www/
[root@Web01-Server www]# find ./ -type f|xargs chmod 644
[root@Web01-Server www]# find ./ -type d|xargs chmod 755
[root@Web01-Server www]# mkdir wp-content/uploads -p
[root@Web01-Server www]# chown -R www:www wp-content/uploads
[root@Web01-Server www]# ls -ld wp-content/uploads
drwxr-xr-x 2 www www 4096 May 8 14:03 wp-content/uploads
[root@Web01-Server ~]# mysql -uroot -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 5
Server version: 5.5.32-log MySQL Community Server (GPL)
Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> create database wordpress;
Query OK, 1 row affected (0.15 sec)
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| wordpress |
+--------------------+
4 rows in set (0.11 sec)
mysql> grant all on wordpress.* to 'wordpress'@'localhost' identified by 'wordpress';
Query OK, 0 rows affected (0.22 sec)
mysql> select user,host,password from mysql.user where user="wordpress";
+-----------+-----------+-------------------------------------------+
| user | host | password |
+-----------+-----------+-------------------------------------------+
| wordpress | localhost | *C260A4F79FA905AF65142FFE0B9A14FE0E1519CC |
+-----------+-----------+-------------------------------------------+
1 row in set (0.03 sec)
mysql> show grants for 'wordpress'@'localhost'\G
*************************** 1. row ***************************
Grants for wordpress@localhost: GRANT USAGE ON *.* TO 'wordpress'@'localhost' IDENTIFIED BY PASSWORD '*C260A4F79FA905AF65142FFE0B9A14FE0E1519CC'
*************************** 2. row ***************************
Grants for wordpress@localhost: GRANT ALL PRIVILEGES ON `wordpress`.* TO 'wordpress'@'localhost'
2 rows in set (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.05 sec)
mysql> exit
Bye
[root@Web01-Server ~]# vim /applicaction/nginx/conf/nginx.conf
user www www;
worker_processes 1;
events {
use epoll;
worker_connections 65535;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name localhost;
root html/www;
location / {
index index.php index.html index.htm;
if (-f $request_filename/index.html){
rewrite (.*) $1/index.html break;
}
if (-f $request_filename/index.php){
rewrite (.*) $1/index.php;
}
if (!-f $request_filename){
rewrite (.*) /index.php;
}
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
}
[root@Web01-Server ~]# /applicaction/nginx/sbin/nginx -t
nginx: the configuration file /applicaction/nginx-1.10.1/conf/nginx.conf syntax is ok
nginx: configuration file /applicaction/nginx-1.10.1/conf/nginx.conf test is successful
[root@Web01-Server ~]# /applicaction/nginx/sbin/nginx -s reload
[root@Web01-Server www]# vim wp-config.php
<?php
/**
* WordPress基础配置文件。
*
* 这个文件被安装程序用于自动生成wp-config.php配置文件,
* 您可以不使用网站,您需要手动复制这个文件,
* 并重命名为“wp-config.php”,然后填入相关信息。
*
* 本文件包含以下配置选项:
*
* * MySQL设置
* * 密钥
* * 数据库表名前缀
* * ABSPATH
*
* @link https://codex.wordpress.org/zh-cn:%E7%BC%96%E8%BE%91_wp-config.php
*
* @package WordPress
*/
// ** MySQL 设置 - 具体信息来自您正在使用的主机 ** //
/** WordPress数据库的名称 */
define('DB_NAME', 'wordpress');
/** MySQL数据库用户名 */
define('DB_USER', 'wordpress');
/** MySQL数据库密码 */
define('DB_PASSWORD', 'wordpress');
/** MySQL主机 */
define('DB_HOST', 'localhost');
/** 创建数据表时默认的文字编码 */
define('DB_CHARSET', 'utf8mb4');
/** 数据库整理类型。如不确定请勿更改 */
define('DB_COLLATE', '');
/**#@+
* 身份认证密钥与盐。
*
* 修改为任意独一无二的字串!
* 或者直接访问{@link https://api.wordpress.org/secret-key/1.1/salt/
* WordPress.org密钥生成服务}
* 任何修改都会导致所有cookies失效,所有用户将必须重新登录。
*
* @since 2.6.0
*/
define('AUTH_KEY', '#-otd^*)4mg]_>d<QvM.R={R95hyQlgHO/)U66|xCdS[0B3G7G-O:H4l_|Gfu=%l');
define('SECURE_AUTH_KEY', 'U-+7=OK p&2WX2)+>$#[^|$#@=?,?HY~IK6@zz- 8==a8&@UR@*SZ92bJzLbMUn:');
define('LOGGED_IN_KEY', 'xtLyC+ipu;DF)sL|OVL_Q|+pW|?P~9:]&P`->0}N-E|gVq9N-#`ANVlmg!:vA14B');
define('NONCE_KEY', '/=_ORcJ;hT[bPQkeX(]pfJ?F1+X/,()WF/c60kJw3YbJ+!jCHsi^U+Ios}_{<i]2');
define('AUTH_SALT', 'ACNkMG{~ZE2xD_L1|I{g9&}X#S8S<g?~*`J3ECcdruq%/r=]KtXnaXKp/S6GQ~2+');
define('SECURE_AUTH_SALT', '96QX{8.Y}S(W#ax8!+v-E3JoMW^`?U5db//H6d)ew[9 ;`@?d*IJXNx3wUSXgjlH');
define('LOGGED_IN_SALT', '(&lw.`3y1)OZ80%<^1Uc#|?>$l}x/sD^{M!02T&emof)#:[ <&L->D |wA{n@bO|');
define('NONCE_SALT', '&Wvi6qNFWxG>Vh oOPo-RcvBl/R<z@V];Frszb+Bu]O8F6a|Bm+)=-6G Nlq&EXd');
/**#@-*/
/**
* WordPress数据表前缀。
*
* 如果您有在同一数据库内安装多个WordPress的需求,请为每个WordPress设置
* 不同的数据表前缀。前缀名只能为数字、字母加下划线。
*/
$table_prefix = 'lb_';
/**
* 开发者专用:WordPress调试模式。
*
* 将这个值改为true,WordPress将显示所有用于开发的提示。
* 强烈建议插件开发者在开发环境中启用WP_DEBUG。
*
* 要获取其他能用于调试的信息,请访问Codex。
*
* @link https://codex.wordpress.org/Debugging_in_WordPress
*/
define('WP_DEBUG', false);
/**
* zh_CN本地化设置:启用ICP备案号显示
*
* 可在设置→常规中修改。
* 如需禁用,请移除或注释掉本行。
*/
define('WP_ZH_CN_ICP_NUM', true);
/* 好了!请不要再继续编辑。请保存本文件。使用愉快! */
/** WordPress目录的绝对路径。 */
if ( !defined('ABSPATH') )
define('ABSPATH', dirname(__FILE__) . '/');
/** 设置WordPress变量和包含文件。 */
require_once(ABSPATH . 'wp-settings.php');
Wordpress伪静态设置:Wordpress后台-->设置-->固定链接-->/archives/%post_id%.html
MySQL最常用的备份工具:mysqldump(MySQL自带,原生态)
MySQL备份方式
【1】逻辑备份:将数据库的数据以逻辑的SQL语句方式导出
【2】物理备份
【2-1】scp /applicaction/mysql/data拷贝至独立数据库
【2-2】xtrabackup开源物理备份工具
[root@Web01-Server ~]# mkdir /backup/mysql -p
[root@Web01-Server ~]# ls -ld /backup/mysql/
drwxr-xr-x 2 root root 4096 May 8 14:59 /backup/mysql/
[root@Web01-Server ~]# mysqldump -uroot -paxbc1kof -B -x wordpress|gzip > /backup/mysql/wordpress_$(date +%F).sql.gz
[root@Web01-Server ~]# ls -l /backup/mysql/wordpress_2017-05-08.sql.gz
-rw-r--r-- 1 root root 140489 May 8 15:40 /backup/mysql/wordpress_2017-05-08.sql.gz
[root@Master-Server ~]# mkdir /backup/mysql -p
[root@Master-Server ~]# ls -ld /backup/mysql/
drwxr-xr-x. 2 root root 4096 May 8 15:49 /backup/mysql/
[root@Web01-Server ~]# scp -P22 -rp /backup/mysql/wordpress_2017-05-08.sql.gz root@192.168.100.138:/backup/mysql/
The authenticity of host '192.168.100.138 (192.168.100.138)' can't be established.
RSA key fingerprint is ec:f0:e3:47:e5:93:8a:7d:c7:07:eb:23:46:c8:a9:50.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.100.138' (RSA) to the list of known hosts.
root@192.168.100.138's password:
wordpress_2017-05-08.sql.gz 100% 137KB 137.2KB/s 00:00
mysqldump参数
-A备份所有数据库
-B备份多个库并添加切入数据库语句(use 数据库)、创建数据库(create database 数据库)语句
-x锁表,会影响数据库读写
gzip压缩
[root@Master-Server ~]# gzip -d /backup/mysql/wordpress_2017-05-08.sql.gz
[root@Master-Server ~]# ls -l /backup/mysql/wordpress_2017-05-08.sql
-rw-r--r--. 1 root root 521902 May 8 15:40 /backup/mysql/wordpress_2017-05-08.sql
[root@Master-Server ~]# mysql -uroot -paxbc1kof < /backup/mysql/wordpress_2017-05-08.sql
[root@Master-Server ~]# mysql -uroot -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 5
Server version: 5.5.32-log MySQL Community Server (GPL)
Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| wordpress |
+--------------------+
4 rows in set (0.01 sec)
mysql> use wordpress;
Database changed
mysql> show tables;
+-----------------------+
| Tables_in_wordpress |
+-----------------------+
| lb_commentmeta |
| lb_comments |
| lb_links |
| lb_options |
| lb_postmeta |
| lb_posts |
| lb_term_relationships |
| lb_term_taxonomy |
| lb_termmeta |
| lb_terms |
| lb_usermeta |
| lb_users |
+-----------------------+
12 rows in set (0.01 sec)
mysql> grant all on wordpress.* to 'wordpress'@'192.168.100.%' identified by 'wordpress';
Query OK, 0 rows affected (0.03 sec)
mysql> select user,host,password from mysql.user where user='wordpress';
+-----------+---------------+-------------------------------------------+
| user | host | password |
+-----------+---------------+-------------------------------------------+
| wordpress | 192.168.100.% | *C260A4F79FA905AF65142FFE0B9A14FE0E1519CC |
+-----------+---------------+-------------------------------------------+
1 row in set (0.02 sec)
mysql> show grants for 'wordpress'@'192.168.100.%'\G
*************************** 1. row ***************************
Grants for wordpress@192.168.100.%: GRANT USAGE ON *.* TO 'wordpress'@'192.168.100.%' IDENTIFIED BY PASSWORD '*C260A4F79FA905AF65142FFE0B9A14FE0E1519CC'
*************************** 2. row ***************************
Grants for wordpress@192.168.100.%: GRANT ALL PRIVILEGES ON `wordpress`.* TO 'wordpress'@'192.168.100.%'
2 rows in set (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.02 sec)
mysql> exit
Bye
BBS搭建
[root@Web01-Server ~]# unzip Discuz_X3.2_SC_UTF8.zip
[root@Web01-Server ~]# mv upload/* /applicaction/nginx/html/bbs/
[root@Web01-Server ~]# cd /applicaction/nginx/html/bbs/
[root@Web01-Server bbs]# chown -R www:www config/ data/ uc_client/ uc_server/
[root@Web01-Server bbs]# ls -ld config/ data/ uc_client/ uc_server/
drwxr-xr-x 2 www www 4096 May 31 2016 config/
drwxr-xr-x 13 www www 4096 May 31 2016 data/
drwxr-xr-x 6 www www 4096 May 31 2016 uc_client/
drwxr-xr-x 13 www www 4096 May 31 2016 uc_server/
[root@Master-Server ~]# mysql -uroot -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 8
Server version: 5.5.32-log MySQL Community Server (GPL)
Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> create database bbs;
Query OK, 1 row affected (0.03 sec)
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| bbs |
| mysql |
| performance_schema |
| wordpress |
+--------------------+
5 rows in set (0.02 sec)
mysql> grant all on bbs.* to 'bbs'@'192.168.100.%' identified by 'bbs';
Query OK, 0 rows affected (0.11 sec)
mysql> select user,host,password from mysql.user where user='bbs';
+------+---------------+-------------------------------------------+
| user | host | password |
+------+---------------+-------------------------------------------+
| bbs | 192.168.100.% | *74BAEAC2CAFC5C7162EF373C5C85EFBC7FC8B803 |
+------+---------------+-------------------------------------------+
1 row in set (0.01 sec)
mysql> show grants for 'bbs'@'192.168.100.%'\G
*************************** 1. row ***************************
Grants for bbs@192.168.100.%: GRANT USAGE ON *.* TO 'bbs'@'192.168.100.%' IDENTIFIED BY PASSWORD '*74BAEAC2CAFC5C7162EF373C5C85EFBC7FC8B803'
*************************** 2. row ***************************
Grants for bbs@192.168.100.%: GRANT ALL PRIVILEGES ON `bbs`.* TO 'bbs'@'192.168.100.%'
2 rows in set (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
mysql> exit
Bye
[root@Web01-Server ~]# vim /applicaction/nginx/conf/nginx.conf
user www www;
worker_processes 1;
events {
use epoll;
worker_connections 65535;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name localhost;
root html/bbs;
location / {
index index.php index.html index.htm;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
}
[root@Web01-Server ~]# /applicaction/nginx/sbin/nginx -t
nginx: the configuration file /applicaction/nginx-1.10.1/conf/nginx.conf syntax is ok
nginx: configuration file /applicaction/nginx-1.10.1/conf/nginx.conf test is successful
[root@Web01-Server ~]# /applicaction/nginx/sbin/nginx -s reload
BBS伪静态设置:管理中心-->全局-->SEO设置-->全选规则-->查看当前Rewrite规则
[root@Web01-Server ~]# vim /applicaction/nginx/conf/nginx.conf
user www www;
worker_processes 1;
events {
worker_connections 65535;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name localhost;
root html/bbs;
location / {
index index.php index.html index.htm;
rewrite ^([^\.]*)/article-([0-9]+)-([0-9]+)\.html$ $1/portal.php?mod=view&aid=$2&page=$3 last;
rewrite ^([^\.]*)/forum-(\w+)-([0-9]+)\.html$ $1/forum.php?mod=forumdisplay&fid=$2&page=$3 last;
rewrite ^([^\.]*)/thread-([0-9]+)-([0-9]+)-([0-9]+)\.html$ $1/forum.php?mod=viewthread&tid=$2&extra=page%3D$4&page=$3 last;
rewrite ^([^\.]*)/group-([0-9]+)-([0-9]+)\.html$ $1/forum.php?mod=group&fid=$2&page=$3 last;
rewrite ^([^\.]*)/space-(username|uid)-(.+)\.html$ $1/home.php?mod=space&$2=$3 last;
rewrite ^([^\.]*)/blog-([0-9]+)-([0-9]+)\.html$ $1/home.php?mod=space&uid=$2&do=blog&id=$3 last;
rewrite ^([^\.]*)/(fid|tid)-([0-9]+)\.html$ $1/index.php?action=$2&value=$3 last;
rewrite ^([^\.]*)/([a-z]+[a-z0-9_]*)-([a-z0-9_\-]+)\.html$ $1/plugin.php?id=$2:$3 last;
if (!-e $request_filename) {
return 404;
}
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
}
[root@Web01-Server ~]# /applicaction/nginx/sbin/nginx -t
nginx: the configuration file /applicaction/nginx-1.6.3/conf/nginx.conf syntax is ok
nginx: configuration file /applicaction/nginx-1.6.3/conf/nginx.conf test is successful
[root@Web01-Server ~]# /applicaction/nginx/sbin/nginx -s reload
页面访问:http://192.168.100.134/forum-40-1.html
匹配规则:rewrite ^([^\.]*)/forum-(\w+)-([0-9]+)\.html$ $1/forum.php?mod=forumdisplay&fid=$2&page=$3 last;
匹配详细:
http://192.168.100.134/forum-40-1.html
^([^\.]*)/forum-(\w+)-([0-9]+).html$
rewrite详细:
$1/forum.php?mod=forumdisplay&fid=$2&page=$3
^([^\.]*)/forum.php?mod=forumdisplay&fid=(\w+)&page=([0-9]+)
http://192.168.100.134/forum.php?mod=forumdisplay&fid=40&page=1
页面访问:http://192.168.100.134/thread-3-1-1.html
匹配规则:rewrite ^([^\.]*)/thread-([0-9]+)-([0-9]+)-([0-9]+)\.html$ $1/forum.php?mod=viewthread&tid=$2&extra=page%3D$4&page=$3 last;
匹配详细:
http://192.168.100.134/thread-3-1-1.html
^([^\.]*)/thread-([0-9]+)-([0-9]+)-([0-9]+)\.html$
rewrite详细:
$1/forum.php?mod=viewthread&tid=$2&extra=page%3D$4&page=$3
^([^\.]*)/forum.php?mod=viewthread&tid=([0-9]+)&extra=page%3D([0-9]+)&page=([0-9]+)
http://192.168.100.134/forum.php?mod=viewthread&tid=3&extra=page%3D1&page=1
企业伪静态实现过程
【1】运营、产品人员提出静态化需求
【2】开发人员解决需求,写好rewrite规则
【3】运维人员在服务器配置rewrite规则
负载均衡器调度算法
【1】轮询rr(Round Robin)
【2】加权轮询wrr(Weighted Round Robin)
【3】最少连接数lc(Least Connection)
【4】加权最少连接数wlc(Weighted Least Connection)
【5】源ip哈希ip_hash(Source IP Hash)
源IP哈希调度算法:实现会话保持的一种手段,缺点导致负载不均衡
memcached实现会话保持
[root@Web01-Server ~]# vim /applicaction/php/lib/php.ini
1461 session.save_handler = memcache
1490 session.save_path = "tcp://127.0.0.1:11211"
开源负载均衡软件汇总
【1】Lvs:L4负载均衡器
【2】Haproxy:L4、L7负载均衡器
【3】Nginx:L4(有待测试)、L7负载均衡器
正向代理(Forward Proxy)和反向代理(Reverse Proxy)概念
【1】正向代理:位于客户端和原始服务器(origin server)之间的服务器,为了从原始服务器取得内容,客户端向代理发送一个请求并指定目标(原始服务器),然后代理向原始服务器转交请求并将获得的内容返回给客户端(局域网上网)
【2】反向代理:代理服务器来接受客户端连接请求,然后将请求转发给内部网络上的服务器,并将从服务器上得到的结果返回给客户端(负载均衡)
Nginx负载均衡模块
【1】upstream模块语法格式(http://nginx.org/en/docs/http/ngx_http_upstream_module.html)
upstream backend {
server backend1.example.com weight=5;
server backend2.example.com:8080;
server unix:/tmp/backend3;
server backup1.example.com:8080 backup;<==不参与负载均衡,当上述的服务器不可用,则提供服务
server backup2.example.com:8080 backup;<==不参与负载均衡,当上述的服务器不可用,则提供服务
}
server {
location / {
proxy_pass http://backend;
}
}
[root@LB-Server ~]# vim /applicaction/nginx/conf/nginx.conf
user www www;
worker_processes 1;
error_log logs/error.log error;
events {
worker_connections 65535;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$request_body" "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"'
'$http_host $upstream_status $upstream_addr $request_time $upstream_response_time';
upstream www_group {
ip_hash
server 192.168.100.134:80;
server 192.168.100.135:80;
}
include vhost/*.conf;
}
[root@LB-Server ~]# vim /applicaction/nginx/conf/vhost/www.conf
server {
listen 80;
server_name www.keysou.com;
location / {
proxy_pass http://www_group;
}
access_log logs/www.access.log main;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
[root@LB-Server ~]# /applicaction/nginx/sbin/nginx -t
nginx: the configuration file /applicaction/nginx-1.10.1/conf/nginx.conf syntax is ok
nginx: configuration file /applicaction/nginx-1.10.1/conf/nginx.conf test is successful
[root@LB-Server ~]# /applicaction/nginx/sbin/nginx -s reload
【2】proxy_pass模块语法格式(http://nginx.org/en/docs/http/ngx_http_proxy_module.html)
location / {
proxy_pass http://www_group;<==可以调用已定义的upstream模块
proxy_set_header Host $host;<==告诉后端服务器客户端请求的主机头
proxy_set_header X-Forward-For $remote_addr;<==记录客户端真实IP,而不是代理服务器IP
}
[root@LB-Server ~]# vim /applicaction/nginx/conf/nginx.conf
user www www;
worker_processes 1;
error_log logs/error.log error;
events {
worker_connections 65535;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$request_body" "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"'
'$http_host $upstream_status $upstream_addr $request_time $upstream_response_time';
upstream www_group {
ip_hash
server 192.168.100.134:80;
server 192.168.100.135:80;
}
include vhost/*.conf;
}
[root@LB-Server ~]# vim /applicaction/nginx/conf/vhost/www.conf
server {
listen 80;
server_name www.keysou.com;
location / {
proxy_pass http://www_group;
proxy_set_header Host $host;
proxy_set_header X-Forward-For $remote_addr;
}
access_log logs/www.access.log main;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
[root@LB-Server ~]# /applicaction/nginx/sbin/nginx -t
nginx: the configuration file /applicaction/nginx-1.10.1/conf/nginx.conf syntax is ok
nginx: configuration file /applicaction/nginx-1.10.1/conf/nginx.conf test is successful
[root@LB-Server ~]# /applicaction/nginx/sbin/nginx -s reload
静态网站服务器
【1】Apache:http://www.apache.org
【2】Nginx:http://www.nginx.org
【3】Lighttpd:http://www.lighttpd.net
动态网站服务器
【1】IIS
【2】Tomcat:http://tomcat.apache.org
【3】Resin:http://caucho.com
【4】PHP:http://php.net
制作rpm包及自定义yum仓库
【1】http://oldboy.blog.51cto.com/2561410/1121725
【2】http://oldboy.blog.51cto.com/2561410/1121745
Apache(Apache HTTP Server)特点:功能强大,配置简单,速度快,应用广泛,性能稳定可靠,并可做代理服务器或负载均衡器
Apache官方网站:http://www.apache.org
Apache编译安装
[root@Web02-Server ~]# yum -y install zlib-devel openssl-devel pcre-devel
[root@Web02-Server ~]# useradd -c "For Run Apache Service" -s /sbin/nologin -M www
[root@Web02-Server ~]# id www
uid=500(www) gid=500(www) groups=500(www)
[root@Web02-Server ~]# grep "^\bwww\b" /etc/passwd
www:x:500:500:For Run Apache Service:/home/www:/sbin/nologin
[root@Web02-Server ~]# tar xvfz httpd-2.2.31.tar.gz -C /usr/local/src/
[root@Web02-Server ~]# cd /usr/local/src/httpd-2.2.31/
[root@Web02-Server httpd-2.2.31]# ./configure \
--prefix=/applicaction/apache-2.2.31 \
--enable-so \
--enable-deflate \
--enable-expires \
--enable-rewrite \
--enable-cache \
--enable-headers \
--enable-ssl \
--enable-modules=most \
--with-mpm=worker
[root@Web02-Server httpd-2.2.31]# make && make install
[root@Web02-Server httpd-2.2.31]# ln -s /applicaction/apache-2.2.31/ /applicaction/apache
[root@Web02-Server httpd-2.2.31]# ls -ld /applicaction/apache
lrwxrwxrwx 1 root root 28 May 9 14:47 /applicaction/apache -> /applicaction/apache-2.2.31/
[root@Web02-Server httpd-2.2.31]# /applicaction/apache/bin/httpd -v
Server version: Apache/2.2.31 (Unix)
Server built: May 9 2017 14:39:08
[root@Web02-Server httpd-2.2.31]# /applicaction/apache/bin/apachectl -t
Syntax OK
[root@Web02-Server httpd-2.2.31]# /applicaction/apache/bin/httpd -k start
httpd (pid 23120) already running
[root@Web02-Server httpd-2.2.31]# netstat -tnlup|grep "httpd"|grep -v "grep"
tcp 0 0 :::80 :::* LISTEN 23120/httpd
[root@Web02-Server httpd-2.2.31]# ps -ef|grep "httpd"|grep -v "grep"
root 23120 1 0 14:48 ? 00:00:00 /applicaction/apache/bin/httpd --help
daemon 23121 23120 0 14:48 ? 00:00:00 /applicaction/apache/bin/httpd --help
daemon 23122 23120 0 14:48 ? 00:00:00 /applicaction/apache/bin/httpd --help
daemon 23123 23120 0 14:48 ? 00:00:00 /applicaction/apache/bin/httpd --help
daemon 23129 23120 0 14:48 ? 00:00:00 /applicaction/apache/bin/httpd --help
[root@Web02-Server httpd-2.2.31]# lsof -i:80
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
httpd 23120 root 4u IPv6 73581 0t0 TCP *:http (LISTEN)
httpd 23122 daemon 4u IPv6 73581 0t0 TCP *:http (LISTEN)
httpd 23123 daemon 4u IPv6 73581 0t0 TCP *:http (LISTEN)
httpd 23129 daemon 4u IPv6 73581 0t0 TCP *:http (LISTEN)
[root@Web02-Server httpd-2.2.31]# curl 192.168.100.135
<html><body><h1>It works!</h1></body></html>
Apache主配置文件
[root@Web02-Server ~]# egrep -v "#|^$" /applicaction/apache/conf/httpd.conf
ServerRoot "/applicaction/apache-2.2.31"<==Apache安装目录
Listen 80<==监听端口
<IfModule !mpm_netware_module>
<IfModule !mpm_winnt_module>
User www<==用户身份
Group www<==用户组身份
</IfModule>
</IfModule>
ServerAdmin linbin@keysou.com<==管理员邮箱地址
ServerName 127.0.0.1:80
DocumentRoot "/applicaction/apache-2.2.31/htdocs"<==默认网站目录
<Directory /><==根目录权限
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
</Directory>
<Directory "/applicaction/apache-2.2.31/htdocs"><==网站目录权限,新增网站目录必须添加权限
Options -Indexes FollowSymLinks<=="Indexes"参数会在没有首页文件的时候可以展示网站目录结构(提供下载服务),如果想禁止用户访问网站目录,去掉此参数即可,也可以-Indexes
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<IfModule dir_module>
DirectoryIndex index.php index.html<==默认网站首页
</IfModule>
<FilesMatch "^\.ht">
Order allow,deny
Deny from all
Satisfy All
</FilesMatch>
ErrorLog "logs/error_log"<==错误日志
LogLevel warn<==日志级别
<IfModule log_config_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
CustomLog "logs/access_log" common
</IfModule>
<IfModule alias_module>
ScriptAlias /cgi-bin/ "/usr/local/apache-2.2.31/cgi-bin/"
</IfModule>
<IfModule cgid_module>
</IfModule>
<Directory "/usr/local/apache-2.2.31/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
DefaultType text/plain
<IfModule mime_module>
TypesConfig conf/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
</IfModule>
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
扩展配置文件
【1】虚拟主机配置文件
[root@Web02-Server ~]# egrep -v "#|^$" /applicaction/apache/conf/extra/httpd-vhosts.conf
NameVirtualHost *:80
<VirtualHost *:80>
ServerAdmin webmaster@dummy-host.example.com
DocumentRoot "/usr/local/apache-2.2.31/docs/dummy-host.example.com"
ServerName dummy-host.example.com
ServerAlias www.dummy-host.example.com
ErrorLog "logs/dummy-host.example.com-error_log"
CustomLog "logs/dummy-host.example.com-access_log" common
</VirtualHost>
<VirtualHost *:80>
ServerAdmin webmaster@dummy-host2.example.com
DocumentRoot "/usr/local/apache-2.2.31/docs/dummy-host2.example.com"
ServerName dummy-host2.example.com
ErrorLog "logs/dummy-host2.example.com-error_log"
CustomLog "logs/dummy-host2.example.com-access_log" common
</VirtualHost>
【2】mpm模式配置文件
[root@Web02-Server ~]# egrep -v "#|^$" /applicaction/apache/conf/extra/httpd-mpm.conf
<IfModule !mpm_netware_module>
PidFile "logs/httpd.pid"
</IfModule>
<IfModule !mpm_winnt_module>
<IfModule !mpm_netware_module>
LockFile "logs/accept.lock"
</IfModule>
</IfModule>
<IfModule mpm_prefork_module>
StartServers 5
MinSpareServers 5
MaxSpareServers 10
MaxClients 150
MaxRequestsPerChild 0
</IfModule>
<IfModule mpm_worker_module>
StartServers 2
MaxClients 150
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxRequestsPerChild 0
</IfModule>
<IfModule mpm_beos_module>
StartThreads 10
MaxClients 50
MaxRequestsPerThread 10000
</IfModule>
<IfModule mpm_netware_module>
ThreadStackSize 65536
StartThreads 250
MinSpareThreads 25
MaxSpareThreads 250
MaxThreads 1000
MaxRequestsPerChild 0
MaxMemFree 100
</IfModule>
<IfModule mpm_mpmt_os2_module>
StartServers 2
MinSpareThreads 5
MaxSpareThreads 10
MaxRequestsPerChild 0
</IfModule>
<IfModule mpm_winnt_module>
ThreadsPerChild 150
MaxRequestsPerChild 0
</IfModule>
请简述Apache prefork和Apache worker工作模式的区别
【3】默认配置文件
[root@Web02-Server ~]# egrep -v "#|^$" /applicaction/apache/conf/extra/httpd-default.conf
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 5
UseCanonicalName Off
AccessFileName .htaccess
ServerTokens Full
ServerSignature On
HostnameLookups Off
基于域名的虚拟主机
[root@Web02-Server ~]# mkdir /var/html/{www,blog,bbs} -p
[root@Web02-Server ~]# ls -ld /var/html/{www,blog,bbs}
drwxr-xr-x 2 root root 4096 May 9 16:05 /var/html/bbs
drwxr-xr-x 2 root root 4096 May 9 16:05 /var/html/blog
drwxr-xr-x 2 root root 4096 May 9 16:05 /var/html/www
[root@Web02-Server ~]# for web in www blog bbs;do echo "$web.keysou.com" > /var/html/$web/index.html;done
[root@Web02-Server ~]# for web in www blog bbs;do cat /var/html/$web/index.html;done
www.keysou.com
blog.keysou.com
bbs.keysou.com
[root@Web02-Server ~]# vim /applicaction/apache/conf/extra/httpd-vhosts.conf
NameVirtualHost *:80
<VirtualHost *:80>
ServerAdmin linbin@keysou.com
DocumentRoot "/var/html/www"
ServerName www.keysou.com
ServerAlias keysou.com
ErrorLog "logs/www_error_log"
CustomLog "logs/www_access_log" common
</VirtualHost>
<VirtualHost *:80>
ServerAdmin linbin@keysou.com
DocumentRoot "/var/html/blog"
ServerName blog.keysou.com
ErrorLog "logs/blog_error_log"
CustomLog "logs/blog_access_log" common
</VirtualHost>
<VirtualHost *:80>
ServerAdmin linbin@keysou.com
DocumentRoot "/var/html/bbs"
ServerName bbs.keysou.com
ErrorLog "logs/bbs_error_log"
CustomLog "logs/bbs_access_log" common
</VirtualHost>
[root@Web02-Server ~]# vim /applicaction/apache/conf/httpd.conf
####Configure By LinBin At 20170509####
<Directory "/var/html">
Options FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
Include conf/extra/httpd-vhosts.conf
Include conf/extra/httpd-mpm.conf
Include conf/extra/httpd-default.conf
[root@Web02-Server ~]# /applicaction/apache/bin/httpd -t
Syntax OK
[root@Web02-Server ~]# /applicaction/apache/bin/httpd -k graceful
[root@Web02-Server ~]# for web in www bbs blog;do curl $web.keysou.com;done
www.keysou.com
bbs.keysou.com
blog.keysou.com
基于端口的虚拟主机
[root@Web02-Server ~]# vim /applicaction/apache/conf/httpd.conf
Listen 80
Listen 8080
Listen 8081
[root@Web02-Server ~]# vim /applicaction/apache/conf/extra/httpd-vhosts.conf
NameVirtualHost *:80
NameVirtualHost *:8080
NameVirtualHost *:8081
<VirtualHost *:80>
ServerAdmin linbin@keysou.com
DocumentRoot "/var/html/www"
ServerName www.keysou.com
ServerAlias keysou.com
ErrorLog "logs/www_error_log"
CustomLog "logs/www_access_log" common
</VirtualHost>
<VirtualHost *:8080>
ServerAdmin linbin@keysou.com
DocumentRoot "/var/html/blog"
ServerName blog.keysou.com
ErrorLog "logs/blog_error_log"
CustomLog "logs/blog_access_log" common
</VirtualHost>
<VirtualHost *:8081>
ServerAdmin linbin@keysou.com
DocumentRoot "/var/html/bbs"
ServerName bbs.keysou.com
ErrorLog "logs/bbs_error_log"
CustomLog "logs/bbs_access_log" common
</VirtualHost>
[root@Web02-Server ~]# /applicaction/apache/bin/httpd -t
Syntax OK
[root@Web02-Server ~]# /applicaction/apache/bin/httpd -k graceful
[root@Web02-Server ~]# curl www.keysou.com
www.keysou.com
[root@Web02-Server ~]# curl blog.keysou.com:8080
blog.keysou.com
[root@Web02-Server ~]# curl bbs.keysou.com:8081
bbs.keysou.com
[root@Web02-Server ~]# curl blog.keysou.com<==默认找第一个虚拟主机
www.keysou.com
[root@Web02-Server ~]# curl bbs.keysou.com<==默认找第一个虚拟主机
www.keysou.com
基于IP的虚拟主机
[root@Web02-Server ~]# ip addr add 192.168.100.136/24 dev eth0:0
[root@Web02-Server ~]# ip addr add 192.168.100.137/24 dev eth0:1
[root@Web02-Server ~]# ip addr|grep "eth0"
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
inet 192.168.100.135/24 brd 192.168.100.255 scope global eth0
inet 192.168.100.136/24 scope global secondary eth0
inet 192.168.100.137/24 scope global secondary eth0
[root@Web02-Server ~]# vim /applicaction/apache/conf/httpd.conf
Listen 192.168.100.135:80
Listen 192.168.100.136:80
Listen 192.168.100.137:80
[root@Web02-Server ~]# vim /applicaction/apache/conf/extra/httpd-vhosts.conf
<VirtualHost 192.168.100.135:80>
ServerAdmin linbin@keysou.com
DocumentRoot "/var/html/www"
ServerName 192.168.100.135
ServerAlias keysou.com
ErrorLog "logs/www_error_log"
CustomLog "logs/www_access_log" common
</VirtualHost>
<VirtualHost 192.168.100.136:80>
ServerAdmin linbin@keysou.com
DocumentRoot "/var/html/blog"
ServerName 192.168.100.136
ErrorLog "logs/blog_error_log"
CustomLog "logs/blog_access_log" common
</VirtualHost>
<VirtualHost 192.168.100.137:80>
ServerAdmin linbin@keysou.com
DocumentRoot "/var/html/bbs"
ServerName 192.168.100.137
ErrorLog "logs/bbs_error_log"
CustomLog "logs/bbs_access_log" common
</VirtualHost>
[root@Web02-Server ~]# /applicaction/apache/bin/httpd -t
Syntax OK
[root@Web02-Server ~]# /applicaction/apache/bin/httpd -k graceful
[root@Web02-Server ~]# for ip in 135 136 137;do curl 192.168.100.$ip;done
www.keysou.com
blog.keysou.com
bbs.keysou.com
解决Apache FQDN
[root@Web02-Server ~]# vim /applicaction/apache/conf/httpd.conf
ServerName 127.0.0.1:80
[root@Web02-Server ~]# /applicaction/apache/bin/httpd -t
Syntax OK
[root@Web02-Server ~]# /applicaction/apache/bin/httpd -k graceful
Apache日志格式配置
[root@Web02-Server ~]# vim /applicaction/apache/conf/httpd.conf
ErrorLog "logs/error_log"
LogLevel warn
<IfModule log_config_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
</IfModule>
[root@Web02-Server ~]# vim /applicaction/apache/conf/extra/httpd-vhosts.conf
NameVirtualHost *:80
<VirtualHost *:80>
ServerAdmin linbin@keysou.com
DocumentRoot "/var/html/www"
ServerName www.keysou.com
ServerAlias keysou.com
ErrorLog "logs/www_error_log"
CustomLog "logs/www_access_log" combined
</VirtualHost>
[root@Web02-Server ~]# /applicaction/apache/bin/httpd -t
Syntax OK
[root@Web02-Server ~]# /applicaction/apache/bin/httpd -k graceful
Apache日志轮询
【1】使用cronolog工具(http://oldboy.blog.51cto.com/2561410/584513)
[root@Web02-Server ~]# tar xvfz cronolog-1.6.2.tar.gz -C /usr/local/src/
[root@Web02-Server ~]# cd /usr/local/src/cronolog-1.6.2/
[root@Web02-Server cronolog-1.6.2]# ./configure
[root@Web02-Server cronolog-1.6.2]# make && make install
[root@Web02-Server cronolog-1.6.2]# which cronolog
/usr/local/sbin/cronolog
[root@Web02-Server ~]# vim /applicaction/apache/conf/extra/httpd-vhosts.conf
NameVirtualHost *:80
<VirtualHost *:80>
ServerAdmin linbin@keysou.com
DocumentRoot "/var/html/www"
ServerName www.keysou.com
ServerAlias keysou.com
ErrorLog "logs/www_error_log"
CustomLog "|/usr/local/sbin/cronolog /app/log/www/access_%Y%m%d.log" combined
</VirtualHost>
<VirtualHost *:80>
ServerAdmin linbin@keysou.com
DocumentRoot "/var/html/blog"
ServerName blog.keysou.com
ErrorLog "logs/blog_error_log"
CustomLog "|/usr/local/sbin/cronolog /app/log/blog/access_%Y%m%d.log" combined
</VirtualHost>
<VirtualHost *:80>
ServerAdmin linbin@keysou.com
DocumentRoot "/var/html/bbs"
ServerName bbs.keysou.com
ErrorLog "logs/bbs_error_log"
CustomLog "|/usr/local/sbin/cronolog /app/log/bbs/access_%Y%m%d.log" combined
</VirtualHost>
[root@Web02-Server ~]# mkdir /app/log/{www,blog,bbs} -p
[root@Web02-Server ~]# ls -ld /app/log/{www,blog,bbs}
drwxr-xr-x 2 root root 4096 Sep 9 21:49 /app/log/bbs
drwxr-xr-x 2 root root 4096 Sep 9 21:49 /app/log/blog
drwxr-xr-x 2 root root 4096 Sep 9 21:49 /app/log/www
[root@Web02-Server ~]# /applicaction/apache/bin/httpd -t
Syntax OK
[root@Web02-Server ~]# /applicaction/apache/bin/httpd -k graceful
[root@Web02-Server ~]# tail -1 /app/log/www/access_20170510.log
192.168.100.1 - - [09/Sep/2016:21:52:18 +0800] "GET / HTTP/1.1" 200 14 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)"
【2】使用Apache自带rotatelogs工具
[root@Web02-Server ~]# vim /applicaction/apache/conf/extra/httpd-vhosts.conf
NameVirtualHost *:80
<VirtualHost *:80>
ServerAdmin linbin@keysou.com
DocumentRoot "/var/html/www"
ServerName www.keysou.com
ServerAlias keysou.com
ErrorLog "logs/www_error_log"
CustomLog "|/applicaction/apache/bin/rotatelogs /app/log/www/access_%Y%m%d.log 86400" combined
</VirtualHost>
<VirtualHost *:80>
ServerAdmin linbin@keysou.com
DocumentRoot "/var/html/blog"
ServerName blog.keysou.com
ErrorLog "logs/blog_error_log"
CustomLog "|/applicaction/apache/bin/rotatelogs /app/log/blog/access_%Y%m%d.log 86400" combined
</VirtualHost>
<VirtualHost *:80>
ServerAdmin linbin@keysou.com
DocumentRoot "/var/html/bbs"
ServerName bbs.keysou.com
ErrorLog "logs/bbs_error_log"
CustomLog "|/applicaction/apache/bin/rotatelogs /app/log/bbs/access_%Y%m%d.log 86400" combined
</VirtualHost>
[root@Web02-Server ~]# /applicaction/apache/bin/httpd -t
Syntax OK
[root@Web02-Server ~]# /applicaction/apache/bin/httpd -t graceful
[root@Web02-Server ~]# tail -1 /app/log/www/access_20170510.log
192.168.100.1 - - [09/Sep/2016:21:59:37 +0800] "GET / HTTP/1.1" 304 - "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)"
隐藏Apache版本信息
【1】编译安装前设置
[root@Web02-Server ~]# vim /usr/local/src/httpd-2.2.31/include/ap_release.h
40 #define AP_SERVER_BASEVENDOR ""
41 #define AP_SERVER_BASEPROJECT ""
42 #define AP_SERVER_BASEPRODUCT ""
44 #define AP_SERVER_MAJORVERSION_NUMBER 0
45 #define AP_SERVER_MINORVERSION_NUMBER 0
46 #define AP_SERVER_PATCHLEVEL_NUMBER 0
47 #define AP_SERVER_DEVBUILD_BOOLEAN 0
[root@Web02-Server ~]# vim /usr/local/src/httpd-2.2.31/os/unix/os.h
35 define PLATFORM "Windows"
【2】编译安装后设置
[root@Web02-Server ~]# vim /applicaction/apache/conf/extra/httpd-default.conf
55 ServerTokens Prod
65 ServerSignature Off
[root@Web02-Server ~]# vim /applicaction/apache/conf/httpd.conf
Include conf/extra/httpd-default.conf
[root@Web02-Server ~]# /applicaction/apache/bin/httpd -t
Syntax OK
[root@Web02-Server ~]# /applicaction/apache/bin/httpd -k graceful
[root@Web02-Server ~]# curl -I www.keysou.com
HTTP/1.1 200 OK
Date: Fri, 09 Sep 2016 14:24:42 GMT
Server: Apache
Last-Modified: Fri, 09 Sep 2016 12:05:45 GMT
ETag: "a1ee2-e-53c11f7606ab4"
Accept-Ranges: bytes
Content-Length: 14
Content-Type: text/html
PHP依赖包安装
[root@Web02-Server ~]# tar xvfz libiconv-1.14.tar.gz -C /usr/local/src/
[root@Web02-Server ~]# cd /usr/local/src/libiconv-1.14/
[root@Web02-Server libiconv-1.14]# ./configure --prefix=/usr/local/libiconv
[root@Web02-Server libiconv-1.14]# make && make install
[root@Web02-Server libiconv-1.14]# ls -ld /usr/local/libiconv/
drwxr-xr-x 6 root root 4096 May 10 10:09 /usr/local/libiconv/
[root@Web02-Server libiconv-1.14]# yum -y install openssl-devel zlib-devel libxml2-devel bzip2-devel curl-devel libjpeg-devel libpng-devel libxslt-devel freetype-devel gd-devel mhash-devel
PHP编译安装
[root@Web02-Server ~]# tar xvfz php-5.3.27.tar.gz -C /usr/local/src/
[root@Web02-Server ~]# cd /usr/local/src/php-5.3.27/
[root@Web02-Server php-5.3.27]# ./configure \
--prefix=/applicaction/php-5.3.27 \
--with-apxs2=/applicaction/apache/bin/apxs \
--with-mysql=/applicaction/mysql \
--with-xmlrpc \
--with-openssl \
--with-zlib \
--with-bz2 \
--with-freetype-dir \
--with-gd \
--with-jpeg-dir \
--with-png-dir \
--with-iconv \
--with-curl \
--with-xsl \
--with-libxml-dir \
--enable-mbstring \
--enable-gd-native-ttf \
--enable-short-tags \
--enable-sockets \
--enable-zend-multibyte \
--enable-ftp \
--enable-soap \
--enable-static \
--enable-bcmath
[root@Web02-Server php-5.3.27]# make && make install
[root@Web02-Server php-5.3.27]# ln -s /applicaction/php-5.3.27/ /applicaction/php
[root@Web02-Server php-5.3.27]# ls -ld /applicaction/php
lrwxrwxrwx 1 root root 25 May 10 11:18 /applicaction/php -> /applicaction/php-5.3.27/
[root@Web02-Server php-5.3.27]# ls -l /applicaction/apache/modules/libphp5.so
-rwxr-xr-x 1 root root 29751558 May 10 11:10 /applicaction/apache/modules/libphp5.so
[root@Web02-Server php-5.3.27]# grep "libphp5.so" /applicaction/apache/conf/httpd.conf
LoadModule php5_module modules/libphp5.so
[root@Web02-Server php-5.3.27]# cp -a php.ini-production /applicaction/php/lib/php.ini
[root@Web02-Server php-5.3.27]# vim /applicaction/php/lib/php.ini
date.timezone = PRC
expose_php = Off
[root@Web02-Server ~]# /applicaction/apache/bin/httpd -t
Syntax OK
[root@Web02-Server ~]# /applicaction/apache/bin/httpd -k graceful
LAMP整合
[root@Web02-Server ~]# vim /usr/local/apache/conf/httpd.conf
ServerRoot "/applicaction/apache-2.2.31"
Listen 80
LoadModule php5_module modules/libphp5.so
<IfModule !mpm_netware_module>
<IfModule !mpm_winnt_module>
User www
Group www
</IfModule>
</IfModule>
ServerAdmin linbin@keysou.com
ServerName 127.0.0.1:80
DocumentRoot "/applicaction/apache-2.2.31/htdocs"
<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
</Directory>
<Directory "/applicaction/apache-2.2.31/htdocs">
Options -Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
####Configure By LinBin At 20170509####
<Directory "/var/html">
Options FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<IfModule dir_module>
DirectoryIndex index.php index.html
</IfModule>
<FilesMatch "^\.ht">
Order allow,deny
Deny from all
Satisfy All
</FilesMatch>
ErrorLog "logs/error_log"
LogLevel warn
<IfModule log_config_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
CustomLog "logs/access_log" common
</IfModule>
<IfModule alias_module>
ScriptAlias /cgi-bin/ "/applicaction/apache-2.2.31/cgi-bin/"
</IfModule>
<IfModule cgid_module>
</IfModule>
<Directory "/applicaction/apache-2.2.31/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
DefaultType text/plain
<IfModule mime_module>
TypesConfig conf/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType application/x-httpd-php .php .phtml
AddType application/x-httpd-php-source .phps
</IfModule>
Include conf/extra/httpd-mpm.conf
Include conf/extra/httpd-vhosts.conf
Include conf/extra/httpd-default.conf
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
[root@Web02-Server ~]# vim /applicaction/apache/conf/extra/httpd-vhosts.conf
NameVirtualHost *:80
<VirtualHost *:80>
ServerAdmin linbin@keysou.com
DocumentRoot "/var/html/www"
ServerName www.keysou.com
ServerAlias keysou.com
ErrorLog "logs/www_error_log"
CustomLog "|/applicaction/apache/bin/rotatelogs /app/log/www/access_%Y%m%d.log 86400" combined
</VirtualHost>
[root@Web02-Server ~]# vim /var/html/www/index.php
<?php
phpinfo();
?>
[root@Web02-Server ~]# vim /var/html/www/mysql.php
<?php
$link_id=mysql_connect('localhost','root','axbc1kof') or mysql_error();
if($link_id){
echo "PHP Connection MySQL Successfully By LinBin";
}else{
echo mysql_error();
}
?>
[root@Web02-Server ~]# /applicaction/apache/bin/httpd -t
Syntax OK
[root@Web02-Server ~]# /applicaction/apache/bin/httpd -k graceful
[root@node1 ~]# cat lb.txt
192.168.100.9
192.168.100.8
192.168.100.7
192.168.100.7
192.168.100.8
192.168.100.8
192.168.100.9
[root@node1 ~]# uniq lb.txt<==只对相邻的相同内容的行去重
192.168.100.9
192.168.100.8
192.168.100.7
192.168.100.8
192.168.100.9
[root@node1 ~]# sort lb.txt<==让相同内容的行相邻
192.168.100.7
192.168.100.7
192.168.100.8
192.168.100.8
192.168.100.8
192.168.100.9
192.168.100.9
[root@node1 ~]# sort lb.txt|uniq<==先让相同内容的行相邻,再对相邻的相同内容的行去重(重复的行只显示一行)
192.168.100.7
192.168.100.8
192.168.100.9
[root@node1 ~]# sort -u lb.txt<=="-u"表示去重(unique)
192.168.100.7
192.168.100.8
192.168.100.9
[root@node1 ~]# sort lb.txt|uniq -c<=="-c"表示统计重复行行数(count)
2 192.168.100.7
3 192.168.100.8
2 192.168.100.9
[root@node1 ~]# sort lb.txt|uniq -c|sort -r<==统计重复行行数并逆向排序(降序)
3 192.168.100.8
2 192.168.100.9
2 192.168.100.7
[root@node1 ~]# cat lb.txt
192.168.100.9
192.168.100.8
192.168.100.7
192.168.100.7
192.168.100.8
192.168.100.8
192.168.100.9
192.168.100.71
192.168.100.77
[root@node1 ~]# sort -n lb.txt<=="-n"表示按照数值排序,默认升序排序
192.168.100.7
192.168.100.7
192.168.100.71
192.168.100.77
192.168.100.8
192.168.100.8
192.168.100.8
192.168.100.9
192.168.100.9
处理以下文件内容,取出域名并根据域名进行计数排序处理
[root@node1 ~]# cat lb.txt
http://www.keysou.com/index.html
http://www.keysou.com/mysql.html
http://test.keysou.com/index.html
http://uesr.keysou.com/index.html
http://www.keysou.com/nginx.html
http://test.keysou.com/mysql.html
【1】
[root@node1 ~]# awk -F"/" '{print $3}' lb.txt|sort|uniq -c|sort -rn
3 www.keysou.com
2 test.keysou.com
1 uesr.keysou.com
【2】
[root@node1 ~]# cut -d"/" -f3 lb.txt|sort|uniq -c|sort -rn
3 www.keysou.com
2 test.keysou.com
1 uesr.keysou.com
【3】
[root@node1 ~]# awk -F "/" '{array[$3]++}END{for(key in array) print array[key],key}' lb.txt|sort -r
3 www.anjubao.com
2 zhengjia.anjubao.com
1 choujiang.anjubao.com
[root@node1 ~]# cat lb.txt
192.168.100.9 a
192.168.100.8 k
192.168.100.7 f
192.168.100.7 d
192.168.100.8 g
192.168.100.8 o
192.168.100.9 b
[root@node1 ~]# sort -t" " -k2 lb.txt<=="-t"表示指定分隔符,默认是空格键,"-k"表示第几列或第几个字段
192.168.100.9 a
192.168.100.9 b
192.168.100.7 d
192.168.100.7 f
192.168.100.8 g
192.168.100.8 k
192.168.100.8 o
[root@node1 ~]# sort -k2 lb.txt<=="-k2"表示以空格为分割符,分割符后的第二列排序,默认升序排序
192.168.100.9 a
192.168.100.9 b
192.168.100.7 d
192.168.100.7 f
192.168.100.8 g
192.168.100.8 k
192.168.100.8 o
[root@node1 ~]# sort -rk2 lb.txt<=="-r"表示逆向排序
192.168.100.8 o
192.168.100.8 k
192.168.100.8 g
192.168.100.7 f
192.168.100.7 d
192.168.100.9 b
192.168.100.9 a
[root@node1 ~]# cat lb.txt
192.168.3.1 00:0F:AF:81:19:1F
192.168.3.2 00:0F:AF:85:6C:25
192.168.3.3 00:0F:AF:85:70:42
192.168.2.20 00:0F:AF:85:55:DE
192.168.2.21 00:0F:AF:85:6C:1F
192.168.2.22 00:0F:AF:87:6C:1F
192.168.0.151 00:0F:AF:85:6C:2F
192.168.0.152 00:0F:AF:85:6D:1F
192.168.0.153 00:0F:AF:85:6C:8F
192.168.1.10 00:0F:AF:73:6C:1F
192.168.1.11 00:0F:AF:85:9C:5F
192.168.1.12 00:0F:AF:15:5C:7F
[root@node1 ~]# sort -t"." -rnk3.1,3.1 -rnk4.1,4.3 lb.txt<==以"."为分隔符,第三列、第四列第一个字符到第四列的第三个字符按照数值倒序排序
192.168.3.3 00:0F:AF:85:70:42
192.168.3.2 00:0F:AF:85:6C:25
192.168.3.1 00:0F:AF:81:19:1F
192.168.2.22 00:0F:AF:87:6C:1F
192.168.2.21 00:0F:AF:85:6C:1F
192.168.2.20 00:0F:AF:85:55:DE
192.168.1.12 00:0F:AF:15:5C:7F
192.168.1.11 00:0F:AF:85:9C:5F
192.168.1.10 00:0F:AF:73:6C:1F
192.168.0.153 00:0F:AF:85:6C:8F
192.168.0.152 00:0F:AF:85:6D:1F
192.168.0.151 00:0F:AF:85:6C:2
-r表示倒序排序
-n表示按数值排序(numeric),默认升序排序
-t表示指定分隔符,默认空格
-k表示指定分割符后的第几列或第几个字段
-k3.1,3.1表示第三列的第一个字符到第三列的第一个字符结束排序
数组(array):简单的说数组就是一个个元素按一定顺序排列的集合
array[index]=value<=="array"表示数组名,"index"表示索引,"value"表示值
定义数组
【1】用数值作为数组索引(下标)
array[1]="lb"
array[2]="linbin"
【2】用字符串作为数组索引(下标除了数字之外,字符串最好用""引起来)
array["one"]="lb"
array["two"]="linbin"
打印数组
【1】
[root@node1 ~]# awk 'BEGIN{array[1]="Hello";array[2]="World";for(key in array) print key,array[key]}'<==awk不接文件需要加"BEGIN"
1 Hello
2 World
【2】
[root@node1 ~]# awk 'BEGIN{array[1]="Hello";array[2]="World"}END{for(key in array) print key,array[key]}' /etc/hosts<==BEGIN和END作用是给程序赋予初始状态和在程序结束之后执行一些扫尾工作;BEGIN之后列出的操作(在{}内)将在awk开始扫描输入之前执行,END之后列出的操作将在扫描完全部的输入之后执行;因此使用BEGIN来显示变量和预设(初始化)变量,使用END来输出最终结果
1 Hello
2 World
【3】
[root@node1 ~]# awk '{array[1]="Hello";array[2]="World"}END{for(key in array) print key,array[key]}' /etc/hosts<==后面需要接文件,文件任意但必须存在
1 Hello
2 World
【4】
[root@node1 ~]# cat /etc/hosts|awk '{array[1]="Hello";array[2]="World"}END{for(key in array) print key,array[key]}'
1 Hello
2 World
【5】
[root@node1 ~]# cat awk.txt
#!/bin/awk
BEGIN{
array[1]="Hello"
array[2]="World"
for(k in array)
print k,array[k]
}
[root@node1 ~]# awk -f awk.txt<=="-f"从文件中读取内容
1 Hello
2 World
[root@node1 ~]# cat lb.txt
1 Hello
2 World
[root@node1 ~]# awk '{array[$1]=$2}END{for(key in array) print key,array[key]}' lb.txt<==将文件第一列作为数组的索引,第二列作为数组的值,放入数组然后再输出
1 Hello
2 World
[root@node1 ~]# cat lb.txt
http://www.keysou.com/index.html
http://www.keysou.com/mysql.html
http://test.keysou.com/index.html
http://uesr.keysou.com/index.html
http://www.keysou.com/nginx.html
http://test.keysou.com/mysql.html
[root@node1 ~]# awk -F "/" '{array[$3]=array[$3]+1}END{for(key in array) print array[key],key}' lb.txt<==array[$3]=array[$3]+1也可以写成array[$3]++或array[$3]+=1
1 uesr.keysou.com
2 test.keysou.com
3 www.keysou.com
统计Web服务器网络状态
【1】
[root@node1 ~]# awk '/^tcp/ {print $NF}' netstat.log|sort|uniq -c|sort -rn|head
105 TIME_WAIT
101 ESTABLISHED
55 FIN_WAIT2
7 FIN_WAIT1
5 SYN_RECV
5 LISTEN
3 LAST_ACK
1 CLOSING
【2】
[root@node1 ~]# awk '/^tcp/ {array[$NF]++}END{for(key in array) print array[key],key}' netstat.log|sort -rn|head
105 TIME_WAIT
101 ESTABLISHED
55 FIN_WAIT2
7 FIN_WAIT1
5 SYN_RECV
5 LISTEN
3 LAST_ACK
1 CLOSING
统计Web服务器访问日志
【1】
[root@node1 ~]# awk '{print $1}' access.log|sort|uniq -c|sort -rn|head
775 10.0.0.3
5 10.0.0.124
2 10.0.0.132
2 10.0.0.120
2 10.0.0.108
1 10.0.0.100
【2】
[root@node1 ~]# awk '{array[$1]++}END{for(key in array) print array[key],key}' access.log|sort -rn|head
775 10.0.0.3
5 10.0.0.124
2 10.0.0.132
2 10.0.0.120
2 10.0.0.108
1 10.0.0.100
分析图片服务器日志,把日志(每个图片访问次数*图片大小的总和)排序,取top10,也就是计算每个URL的总访问大小(格式要求:图片总大小 访问次数 访问图片URL)
【1】
[root@node1 ~]# awk '{print $10,$7}' access.log|sort|uniq -c|sort -rn|awk '{print $1*$2"\t"$1"\t"$3}'|sort -rn|head
57254 1 /static/js/jquery-jquery-1.3.2.min.js
46232 1 /?=
44286 1 /back/upload/course/2010-10-25-23-48-59-048-18.jpg
33897 3 /static/images/photos/2.jpg
11809 1 /back/upload/teacher/2010-08-30-13-57-43-06210.jpg
10850 1 /back/upload/teacher/2010-08-06-11-39-59-0469.jpg
6417 1 /static/js/addToCart.js
4460 1 /static/js/web_js.js
3583 1 /static/flex/vedioLoading.swf
2686 1 /static/js/default.js
【2】
[root@node1 ~]# awk '{array_url[$7]++;array_size[$7]=array_size[$7]+$10}END{for(key in array_url) print array_size[key]"\t"array_url[key]"\t"key}' access.log|sort -rn|head
57254 1 /static/js/jquery-jquery-1.3.2.min.js
46232 1 /?=
44286 1 /back/upload/course/2010-10-25-23-48-59-048-18.jpg
33897 3 /static/images/photos/2.jpg
11809 1 /back/upload/teacher/2010-08-30-13-57-43-06210.jpg
10850 1 /back/upload/teacher/2010-08-06-11-39-59-0469.jpg
6417 1 /static/js/addToCart.js
4460 1 /static/js/web_js.js
3583 2 /static/flex/vedioLoading.swf
2686 1 /static/js/default.js
IDC带宽被占满分析思路(http://oldboy.blog.51cto.com/2561410/909696)
【1】遭受DDOS攻击
【2】服务器中毒,大量外发流量
【3】网站元素(如图片)被盗链,在门户页面被推广导致大量流量产生
【4】合作公司来抓数据
【5】购买了CDN业务,CDN猛抓源站
[root@node1 ~]# cat lb.txt
a 1
b 3
c 2
d 7
b 5
a 3
g 2
f 6
d 9
[root@node1 ~]# cat linbin.txt
a 4
b 8
c 2
d 16
f 6
g 2
[root@node1 ~]# awk '{array[$1]=array[$1]+$2}END{for(key in array) print key,array[key]}' lb.txt
a 4
b 8
c 2
d 16
f 6
g 2
[root@node1 ~]# cat lb.txt
zhangsan 80
lisi 81.5
wangwu 93
zhangsan 85
lisi 88
wangwu 97
zhangsan 90
lisi 92
wangwu 88
[root@node1 ~]# cat linbin.txt
zhangsan 255 85
lisi 261.5 87.1667
wangwu 278 92.6667
[root@node1 ~]# awk '{array[$1]=array[$1]+$2}END{for(key in array) print key"\t"array[key]"\t"array[key]/3}' lb.txt
zhangsan 255 85
lisi 261.5 87.1667
wangwu 278 92.6667
MySQL多实例优劣势
【1】充分利用服务器硬件资源
【2】节约服务器硬件资源
【3】资源互相抢占问题(雪崩效应)
socket:用于本地进程之间通信
MySQL主从复制并不是数据库磁盘上的文件直接拷贝复制,而是通过逻辑的binlog日志复制到同步的数据本地然后读取里面的SQL语句应用到数据库的过程
MySQL主从复制小结
【1】主从复制是异步的、逻辑的、SQL语句级别的复制(主从复制原理图)
【2】复制时,主库有一个IO线程,从库有两个线程(IO线程、SQL线程)
【3】实现主从复制的必要条件,主库要开启binlog功能(主从复制基于binlog)
【4】binlog日志只记录对数据库更改的SQL语句(不记录select、show语句)
MySQL多实例编译安装
安装cmake
[root@Master-Server ~]# tar xvfz cmake-2.8.8.tar.gz -C /usr/local/src/
[root@Master-Server ~]# cd /usr/local/src/cmake-2.8.8/
[root@Master-Server cmake-2.8.8]# ./configure
[root@Master-Server cmake-2.8.8]# gmake && gmake install
[root@Master-Server cmake-2.8.8]# cmake --version
cmake version 2.8.8
安装MySQL
[root@Master-Server ~]# useradd -c "For run MySQL Service" -s /sbin/nologin -M mysql
[root@Master-Server ~]# id mysql
uid=500(mysql) gid=500(mysql) groups=500(mysql)
[root@Master-Server ~]# grep "mysql" /etc/passwd
mysql:x:500:500:For run MySQL Service:/home/mysql:/sbin/nologin
[root@Master-Server ~]# yum -y install ncurses-devel bison libaio-devel
[root@Master-Server ~]# rpm -qa ncurses-devel bison libaio-devel
bison-2.4.1-5.el6.x86_64
libaio-devel-0.3.107-10.el6.x86_64
ncurses-devel-5.7-4.20090207.el6.x86_64
[root@Master-Server ~]# tar xvfz mysql-5.5.32.tar.gz -C /usr/local/src/
[root@Master-Server ~]# cd /usr/local/src/mysql-5.5.32/
[root@Master-Server mysql-5.5.32]# cmake \
-DCMAKE_INSTALL_PREFIX=/application/mysql-5.5.32 \
-DMYSQL_DATADIR=/application/mysql-5.5.32/data \
-DMYSQL_UNIX_ADDR=/application/mysql-5.5.32/tmp/mysql.sock \
-DDEFAULT_CHARSET=utf8 \
-DDEFAULT_COLLATION=utf8_general_ci \
-DEXTRA_CHARSETS=all \
-DWITH_INNOBASE_STORAGE_ENGINE=1 \
-DWITH_FEDERATED_STORAGE_ENGINE=1 \
-DWITH_BLACKHOLE_STORAGE_ENGINE=1 \
-DWITHOUT_EXAMPLE_STORAGE_ENGINE=1 \
-DWITHOUT_PARTITION_STORAGE_ENGINE=1 \
-DWITH_FAST_MUTEXES=1 \
-DWITH_ZLIB=bundled \
-DENABLED_LOCAL_INFILE=1 \
-DWITH_READLINE=1 \
-DWITH_EMBEDDED_SERVER=1 \
-DWITH_DEBUG=0
[root@Master-Server mysql-5.5.32]# make && make install
[root@Master-Server mysql-5.5.32]# ln -s /application/mysql-5.5.32/ /application/mysql
[root@Master-Server mysql-5.5.32]# ls -ld /application/mysql
lrwxrwxrwx. 1 root root 26 May 11 11:06 /application/mysql -> /application/mysql-5.5.32/
[root@Master-Server mysql-5.5.32]# mkdir /data/{3306,3307}/data -p
[root@Master-Server mysql-5.5.32]# tree /data/
/data/
├── 3306
│?? └── data
└── 3307
└── data
4 directories, 0 files
[root@Master-Server mysql-5.5.32]# chown -R mysql.mysql /data/
[root@Master-Server mysql-5.5.32]# ls -ld /data/
drwxr-xr-x. 4 mysql mysql 4096 May 11 11:40 /data/
[root@Master-Server mysql-5.5.32]# /application/mysql/scripts/mysql_install_db --basedir=/application/mysql --datadir=/data/3306/data --user=mysql
[root@Master-Server mysql-5.5.32]# /application/mysql/scripts/mysql_install_db --basedir=/application/mysql --datadir=/data/3307/data --user=mysql
[root@Master-Server mysql-5.5.32]# ls -l /data/3306/data/
total 12
drwx------. 2 mysql root 4096 May 11 13:22 mysql
drwx------. 2 mysql mysql 4096 May 11 13:22 performance_schema
drwx------. 2 mysql root 4096 May 11 13:22 test
[root@Master-Server mysql-5.5.32]# ls -l /data/3307/data/
total 12
drwx------. 2 mysql root 4096 May 11 13:22 mysql
drwx------. 2 mysql mysql 4096 May 11 13:22 performance_schema
drwx------. 2 mysql root 4096 May 11 13:22 test
[root@Master-Server bin]# chown -R mysql:mysql /application/mysql
[root@Master-Server bin]# ls -l /application/mysql
lrwxrwxrwx. 1 mysql mysql 26 May 11 11:06 /application/mysql -> /application/mysql-5.5.32/
[root@Master-Server mysql-5.5.32]# /data/3306/mysql start
Starting MySQL...
[root@Master-Server mysql-5.5.32]# /data/3307/mysql start
Starting MySQL...
[root@Master-Server mysql-5.5.32]# netstat -tnlup|egrep "3306|3307"|grep -v "grep"
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 16968/mysqld
tcp 0 0 0.0.0.0:3307 0.0.0.0:* LISTEN 17686/mysqld
[root@Master-Server mysql-5.5.32]# ps -ef|grep "mysqld"|grep -v "grep"
root 16244 1 0 13:24 pts/1 00:00:00 /bin/sh /application/mysql/bin/mysqld_safe --defaults-file=/data/3306/my.cnf
mysql 16968 16244 7 13:24 pts/1 00:00:03 /application/mysql-5.5.32/bin/mysqld --defaults-file=/data/3306/my.cnf --basedir=/application/mysql --datadir=/data/3306/data --plugin-dir=/application/mysql/lib/plugin --user=mysql --log-error=/data/3306/mysql_3306.err --open-files-limit=1024 --pid-file=/data/3306/mysqld.pid --socket=/data/3306/mysql.sock --port=3306
root 16982 1 0 13:25 pts/1 00:00:00 /bin/sh /application/mysql/bin/mysqld_safe --defaults-file=/data/3307/my.cnf
mysql 17686 16982 7 13:25 pts/1 00:00:03 /application/mysql-5.5.32/bin/mysqld --defaults-file=/data/3307/my.cnf --basedir=/application/mysql --datadir=/data/3307/data --plugin-dir=/application/mysql/lib/plugin --user=mysql --log-error=/data/3307/mysql_3307.err --open-files-limit=1024 --pid-file=/data/3307/mysqld.pid --socket=/data/3307/mysql.sock --port=3307
[root@Master-Server mysql-5.5.32]# lsof -i:3306,3307
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
mysqld 16968 mysql 12u IPv4 103337 0t0 TCP *:mysql (LISTEN)
mysqld 17686 mysql 11u IPv4 103961 0t0 TCP *:opsession-prxy (LISTEN)
[root@Master-Server mysql-5.5.32]# echo 'export PATH=$PATH:/application/mysql/bin' >> /etc/profile
[root@Master-Server mysql-5.5.32]# tail -1 /etc/profile
export PATH=$PATH:/application/mysql/bin
[root@Master-Server mysql-5.5.32]# source /etc/profile
[root@Master-Server mysql-5.5.32]# which mysql
/application/mysql/bin/mysql
[root@Master-Server mysql-5.5.32]# mysqladmin -uroot password "axbc1kof" -S /data/3306/mysql.sock
[root@Master-Server mysql-5.5.32]# mysqladmin -uroot password "axbc1kof" -S /data/3307/mysql.sock
[root@Master-Server mysql-5.5.32]# mysql -uroot -paxbc1kof -S /data/3306/mysql.sock
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 4
Server version: 5.5.32-log Source distribution
Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| test |
+--------------------+
4 rows in set (0.03 sec)
mysql> drop database test;
Query OK, 0 rows affected (0.08 sec)
mysql> select user,host,password from mysql.user;
+------+---------------+-------------------------------------------+
| user | host | password |
+------+---------------+-------------------------------------------+
| root | localhost | *63C053DE068F3E8F1E9D13A8D8C9C124E4D34264 |
| root | Master-Server | |
| root | 127.0.0.1 | |
| root | ::1 | |
| | localhost | |
| | Master-Server | |
+------+---------------+-------------------------------------------+
6 rows in set (0.00 sec)
mysql> drop user root@'::1';
Query OK, 0 rows affected (0.01 sec)
mysql> delete from mysql.user where user='' and host='localhost';
Query OK, 1 row affected (0.05 sec)
mysql> delete from mysql.user where user='' and host='Master-Server';
Query OK, 1 row affected (0.00 sec)
mysql> delete from mysql.user where user='root' and host='Master-Server';
Query OK, 1 row affected (0.00 sec)
mysql> set password for root@'127.0.0.1' = password('axbc1kof');
Query OK, 0 rows affected (0.02 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.01 sec)
mysql> exit
Bye
[root@Master-Server mysql-5.5.32]# mysql -uroot -paxbc1kof -S /data/3307/mysql.sock
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 3
Server version: 5.5.32 Source distribution
Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| test |
+--------------------+
4 rows in set (0.03 sec)
mysql> drop database test;
Query OK, 0 rows affected (0.08 sec)
mysql> select user,host,password from mysql.user;
+------+---------------+-------------------------------------------+
| user | host | password |
+------+---------------+-------------------------------------------+
| root | localhost | *63C053DE068F3E8F1E9D13A8D8C9C124E4D34264 |
| root | Master-Server | |
| root | 127.0.0.1 | |
| root | ::1 | |
| | localhost | |
| | Master-Server | |
+------+---------------+-------------------------------------------+
6 rows in set (0.00 sec)
mysql> drop user root@'::1';
Query OK, 0 rows affected (0.01 sec)
mysql> delete from mysql.user where user='' and host='localhost';
Query OK, 1 row affected (0.05 sec)
mysql> delete from mysql.user where user='' and host='Master-Server';
Query OK, 1 row affected (0.00 sec)
mysql> delete from mysql.user where user='root' and host='Master-Server';
Query OK, 1 row affected (0.00 sec)
mysql> set password for root@'127.0.0.1' = password('axbc1kof');
Query OK, 0 rows affected (0.02 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.01 sec)
mysql> exit
Bye
MySQL主从复制实践
[root@Master-Server ~]# egrep "log-bin|server-id" /data/{3306,3307}/my.cnf
/data/3306/my.cnf:log-bin = /data/3306/mysql-bin
/data/3306/my.cnf:server-id = 1
/data/3307/my.cnf:#log-bin = /data/3307/mysql-bin
/data/3307/my.cnf:server-id = 2
[root@Master-Server ~]# mysql -uroot -paxbc1kof -S /data/3306/mysql.sock
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 2
Server version: 5.5.32-log Source distribution
Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> show variables like 'server_id';
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| server_id | 1 |
+---------------+-------+
1 row in set (0.00 sec)
mysql> show variables like 'log_bin';
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| log_bin | ON |
+---------------+-------+
1 row in set (0.00 sec)
mysql> grant replication slave on *.* to 'rep'@'192.168.100.%' identified by "axbc1kof";
Query OK, 0 rows affected (0.03 sec)
mysql> select user,host,password from mysql.user where user="rep" and host="192.168.100.%";
+------+---------------+-------------------------------------------+
| user | host | password |
+------+---------------+-------------------------------------------+
| rep | 192.168.100.% | *63C053DE068F3E8F1E9D13A8D8C9C124E4D34264 |
+------+---------------+-------------------------------------------+
1 row in set (0.02 sec)
mysql> show grants for 'rep'@'192.168.100.%'\G <==查看用户权限
*************************** 1. row ***************************
Grants for rep@192.168.100.%: GRANT REPLICATION SLAVE ON *.* TO 'rep'@'192.168.100.%' IDENTIFIED BY PASSWORD '*63C053DE068F3E8F1E9D13A8D8C9C124E4D34264'
1 row in set (0.00 sec)
mysql> flush privileges; <==刷新权限表
Query OK, 0 rows affected (0.01 sec)
mysql> flush table with read lock; <==锁表
Query OK, 0 rows affected (0.00 sec)
mysql> show databases; <==查看数据库
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
+--------------------+
3 rows in set (0.01 sec)
mysql> create database keysou;
ERROR 1223 (HY000): Can't execute the query because you have a conflicting read lock
mysql> unlock tables; <==MySQL解锁
Query OK, 0 rows affected (0.00 sec)
mysql> show master status; <==查看主库状态
+------------------+----------+--------------+------------------+
| File | Position | Binlog_Do_DB | Binlog_Ignore_DB |
+------------------+----------+--------------+------------------+
| mysql-bin.000003 | 1595 | | |
+------------------+----------+--------------+------------------+
1 row in set (0.01 sec)
[root@Master-Server 3307]# mysql -uroot -paxbc1kof -S /data/3307/mysql.sock
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 1
Server version: 5.5.32 Source distribution
Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> CHANGE MASTER TO <==字符串需要加'',数字不能加'',会生成master.info
-> MASTER_HOST='192.168.100.138',
-> MASTER_PORT=3306,
-> MASTER_USER='rep',
-> MASTER_PASSWORD='axbc1kof',
-> MASTER_LOG_FILE='mysql-bin.000003',
-> MASTER_LOG_POS=1595;
Query OK, 0 rows affected (0.06 sec)
mysql> start slave;
Query OK, 0 rows affected (0.01 sec)
mysql> show slave status\G <==查看从库状态
*************************** 1. row ***************************
Slave_IO_State: Waiting for master to send event
Master_Host: 192.168.100.138
Master_User: rep
Master_Port: 3306
Connect_Retry: 60
Master_Log_File: mysql-bin.000003
Read_Master_Log_Pos: 1595
Relay_Log_File: relay-bin.000002
Relay_Log_Pos: 253
Relay_Master_Log_File: mysql-bin.000003
Slave_IO_Running: Yes
Slave_SQL_Running: Yes
Replicate_Do_DB:
Replicate_Ignore_DB: mysql
Replicate_Do_Table:
Replicate_Ignore_Table:
Replicate_Wild_Do_Table:
Replicate_Wild_Ignore_Table:
Last_Errno: 0
Last_Error:
Skip_Counter: 0
Exec_Master_Log_Pos: 1595
Relay_Log_Space: 403
Until_Condition: None
Until_Log_File:
Until_Log_Pos: 0
Master_SSL_Allowed: No
Master_SSL_CA_File:
Master_SSL_CA_Path:
Master_SSL_Cert:
Master_SSL_Cipher:
Master_SSL_Key:
Seconds_Behind_Master: 0
Master_SSL_Verify_Server_Cert: No
Last_IO_Errno: 0
Last_IO_Error:
Last_SQL_Errno: 0
Last_SQL_Error:
Replicate_Ignore_Server_Ids:
Master_Server_Id: 1
1 row in set (0.00 sec)
[root@Master-Server ~]# mysql -uroot -paxbc1kof -S /data/3306/mysql.sock
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 11
Server version: 5.5.32-log Source distribution
Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> create database keysou;
Query OK, 1 row affected (0.02 sec)
mysql> show master status;
+------------------+----------+--------------+------------------+
| File | Position | Binlog_Do_DB | Binlog_Ignore_DB |
+------------------+----------+--------------+------------------+
| mysql-bin.000003 | 1680 | | |
+------------------+----------+--------------+------------------+
1 row in set (0.00 sec)
[root@Master-Server ~]# mysql -uroot -paxbc1kof -S /data/3307/mysql.sock
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 5
Server version: 5.5.32 Source distribution
Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| keysou |
| mysql |
| performance_schema |
+--------------------+
4 rows in set (0.01 sec)
[root@Master-Server ~]# mysqlbinlog /data/3306/mysql-bin.000003 <==查看binlog日志
[root@Master-Server ~]# mysql -uroot -paxbc1kof -S /data/3307/mysql.sock -e "show slave status\G"|egrep -i "Running|Behind"|grep -v "grep" <==查看从库状态是否正常
Slave_IO_Running: Yes
Slave_SQL_Running: Yes
Seconds_Behind_Master: 0
[root@Master-Server ~]# mysql -uroot -paxbc1kof -S /data/3307/mysql.sock -e "show processlist\G" <==查看从库线程状态
*************************** 1. row ***************************
Id: 3
User: system user
Host:
db: NULL
Command: Connect
Time: 703
State: Waiting for master to send event
Info: NULL
*************************** 2. row ***************************
Id: 4
User: system user
Host:
db: NULL
Command: Connect
Time: 408
State: Slave has read all relay log; waiting for the slave I/O thread to update it
Info: NULL
*************************** 3. row ***************************
Id: 9
User: root
Host: localhost
db: NULL
Command: Query
Time: 0
State: NULL
Info: show processlist
[root@Master-Server ~]# mysql -uroot -paxbc1kof -S /data/3306/mysql.sock -e "show processlist\G" <==查看主库线程状态
*************************** 1. row ***************************
Id: 10
User: rep
Host: 192.168.100.138:54998
db: NULL
Command: Binlog Dump
Time: 786
State: Master has sent all binlog to slave; waiting for binlog to be updated
Info: NULL
*************************** 2. row ***************************
Id: 12
User: root
Host: localhost
db: NULL
Command: Query
Time: 0
State: NULL
Info: show processlist
MySQL5.1参考手册第5 6 7 8 13 14 15节
MySQL数据库备份
[root@Master-Server ~]# mysqldump -uroot -paxbc1kof -A -B -F --master-data=2 -x --events|gzip > /backup/mysql/master-sql-$(date +%F).gz
-A 表示备份所有数据库
-B 表示恢复数据库会自动创建数据库,数据库不需要事先存在
-F 表示切割binlog日志
--master-data=2 表示以注释的方式记录binlog日志名及pos,--master-data=1记录binlog日志名及pos,不需要指定binlog日志名及pos
-x 表示锁表,会影响数据的写入
--events 表示忽略事件
gzip 表示压缩
MySQL错误提示码
MySQL Slave跳过错误(配置文件参数:slave-skip-errors = 1007,1032,1062)
mysql> stop slave;
Query OK, 0 rows affected, 1 warning (0.01 sec)
mysql> set global sql_slave_skip_counter=1;
Query OK, 0 rows affected (0.00 sec)
mysql> start slave;
Query OK, 0 rows affected (0.01 sec)
MySQL Slave记录binlog日志(双主、级联复制)
log-slave-updates
log-bin = /data/3307/mysql-bin
expire_logs_days = 7
MySQL双主实现方案(高并发场景慎用)
【1】表ID自增,Master01写1、3、5...... Master02写2、4、6......
Master01
auto_increment_increment = 2 <==自增ID间隔(步长)
auto_increment_offset = 1 <==ID初始位置
Master02
auto_increment_increment = 2 <==自增ID间隔(步长)
auto_increment_offset = 2 <==ID初始位置
Master01:1 3 5 9 11 13
Master02: 6 8 10
【2】表ID不自增,Web程序去seq服务器取ID写入双主
MySQL主从复制应用场景
【1】从服务器作为主服务器的实时数据备份
【2】主从服务器实现读写分离,从服务器实现负载均衡
【3】把多个从服务器根据业务重要性进行拆分访问
MySQL读写分离方案
【1】通过程序实现读写分离,判断SQL语句分配数据源(性能、效果最佳,推荐)
【2】通过开源软件实现读写分离(MySQL-Proxy、Amoeba)
【3】大型门户独立开发DAL层综合软件(百度、阿里)
停止Slave SQL线程备份从库
mysql> stop slave sql_thread;
Query OK, 0 rows affected (0.03 sec)
MySQL远程备份binlog日志
MySQL主从复制延时原因
【1】主库的从库过多,导致主从复制延时
【2】慢SQL语句过多,SQL语句执行长,导致主从复制延时
【3】主从复制的设计问题(单线程、异步同步方式)
【4】主库读写压力大,导致主从复制延时
【5】主从库之间网络延时
【6】主从库软硬件不一致
MySQL主从复制延时解决思路
【1】减少从库数量(1~4个)
【2】优化慢SQL语句
【3】开发多线程同步工具或使用支持多线程的高版本
【4】不要跨公网同步
MySQL全量 + 增量备份
MySQL备份工具
mysqldump:数据量小于50G
xtrabackup:数据量大于50G
mysql5.6.x支持GTID、多线程复制(http://www.cnblogs.com/zhoujinyi/p/4313688.html)
slave_parallel_workers = 4 <==mysql5.6.x基于库的多线程复制,但是库里的表不能多线程
gtid_mode = ON
MySQL面试题
http://user.qzone.qq.com/49000448/blog/1427333863?t=0.2547507791314274
MySQL读写分离用户授权方法
【1】创建两个用户,一个用于写,一个用于读
【2】主库创建用户后在从库回收权限(mysql> revoke insert,update,delete on keysou.* to 'keysou'@'192.168.100.%')
【3】主库忽略授权表同步(replicate-ignore-db=mysql、binlog-ignore-db=mysql)
【4】从库设置read-only
read-only参数更新的条件
【1】具有Super权限的用户可以更新
【2】来自从服务器线程可以更新
binlog-do-db = keysou 表示记录指定数据库的binlog
replicate-do-db = keysou 表示复制数据库
replicate-do-table = linbin 表示复制表
binlog-ignore-db = mysql 表示忽略记录指定数据库的binlog
replicate-ignore-db = mysql 表示忽略复制数据库
同步实时性好,异步效率性高
Master宕机
Master --> Slave01
--> Slave02
--> Slave03
--> Slave04
--> Slave05
是否事先指定接班人,接班人如何选择
【1】半同步从库(谷歌半同步插件自带)
-->Slave01作为接班人
【1-1】Master插入数据后,同时写入到Slave01,成功返回
优点:主从库同时写入数据,数据完整
缺点:数据写入慢,如果网络不稳定,Master会持续等待
解决措施
【1-1-1】出现连接不上Slave01自动转为异步
【1-1-2】设置超时时间(10s),超过超时时间转为异步
【1-1-3】Slave01网络,硬件要好,不提供服务,干等接管
【2】Slave01只做同步的从库
【3】Master Down机现选(耽误事,容易被篡位)
MySQL半同步复制原理
MySQL异步复制原理
MySQL-MAH
MySQL-MMM
MySQL-HA-DRBR
MySQL高可用软件实现原理
MySQL基础命令
【1】启动MySQL
[root@Master-Server ~]# /etc/init.d/mysqld start
Starting MySQL.... SUCCESS!
[root@Master-Server ~]# netstat -tnlup|grep "mysqld"|grep -v "grep"
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 2143/mysqlds
[root@Master-Server ~]# lsof -i:3306
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
mysqld 1744 mysql 12u IPv4 9936 0t0 TCP *:mysql (LISTEN)
[root@Master-Server ~]# ps -ef|grep "mysqld"|grep -v "grep" <==查看MySQL进程,mysqld_safe管理mysqld进程,相当于Nginx的master管理进程和work进程
root 6100 1 0 13:23 pts/0 00:00:00 /bin/sh /application/mysql/bin/mysqld_safe --defaults-file=/data/3306/my.cnf
mysql 6822 6100 0 13:23 pts/0 00:00:00 /application/mysql-5.5.32/bin/mysqld --defaults-file=/data/3306/my.cnf --basedir=/application/mysql --datadir=/data/3306/data --plugin-dir=/application/mysql/lib/plugin --user=mysql --log-error=/data/3306/mysql_oldboy3306.err --open-files-limit=1024 --pid-file=/data/3306/mysqld.pid --socket=/data/3306/mysql.sock --port=3306
【2】关闭MySQL
【2-1】mysqladmin
[root@Master-Server ~]# mysqladmin -uroot -paxbc1kof shutdown
【2-2】控制脚本
[root@Master-Server ~]# /etc/init.d/mysqld stop
Shutting down MySQL.. SUCCESS!
【2-3】kill
MySQL故障实例
http://oldboy.blog.51cto.com/2561410/1431172
http://oldboy.blog.51cto.com/2561410/1431161
[root@Master-Server ~]# mysql -uroot -p <==登录MySQL,MySQL提示符控制变量prompt,也可在my.cnf配置文件配置([mysql]模块)
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 1
Server version: 5.6.22 Source distribution
Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
【3】MySQL帮助文档
【3-1】help
【3-2】\h
【3-3】help contents
mysql> help create database
Name: 'CREATE DATABASE'
Description:
Syntax:
CREATE {DATABASE | SCHEMA} [IF NOT EXISTS] db_name <=="{}"表示选择其一,"[]"表示可选
[create_specification] ...
create_specification:
[DEFAULT] CHARACTER SET [=] charset_name
| [DEFAULT] COLLATE [=] collation_name
CREATE DATABASE creates a database with the given name. To use this
statement, you need the CREATE privilege for the database. CREATE
SCHEMA is a synonym for CREATE DATABASE.
URL: http://dev.mysql.com/doc/refman/5.6/en/create-database.html
【4】退出MySQL
【4-1】quit
【4-2】exit
【4-3】Ctrl+c
【4-4】Ctrl+d
MySQL支持命令补全:[mysql]模块下添加参数"--auto-rehash",也可以做命令别名
支持自动补全和语法高亮的MySQL命令行工具:Mylic
[root@Master-Server ~]# yum -y install python-pip python-devel
[root@Master-Server ~]# pip install mycli
【5】MySQL设置用户密码
[root@Master-Server ~]# mysqladmin -uroot password 'axbc1kof'
【5-1】为root设置比较复杂密码
【5-2】删除无用的MySQL库内的用户账号
【5-3】删除默认存在的test数据库
【5-4】增加用户的时候,尽量授权的权限最小,允许访问的主机范围最小
【5-5】删除root,添加新的管理员用户
【6】MySQL更新用户密码
【6-1】[root@Master-Server ~]# mysqladmin -uroot -paxbc1kof password 'axbc1kof'
【6-2】mysql> update mysql.user set password=password('axbc1kof') where user='root' and host='localhost'
【6-3】mysql> set password=password('axbc1kof'); <==修改当前用户密码
MySQL忘记管理员密码
【1】停止MySQL数据库
[root@Master-Server ~]# /etc/init.d/mysqld stop
Shutting down MySQL. SUCCESS!
【2】使用mysqld_safe启动MySQL,--skip-grant-tables忽略授权登录验证
[root@Master-Server ~]# mysqld_safe --defaults-file=/data/3306/my.cnf --skip-grant-tables &
[1] 2567
【3】登录MySQL
[root@Master-Server ~]# mysql -S /data/3306/mysql.sock
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 1
Server version: 5.6.22 Source distribution
Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> update mysql.user set password=password('axbc1kof') where user='root' and host='localhost';
Query OK, 0 rows affected (0.02 sec)
Rows matched: 1 Changed: 0 Warnings: 0
mysql> flush privileges;
Query OK, 0 rows affected (0.01 sec)
SQL:Structured Query Language,结构化查询语言
SQL语句常见分类
【1】DDL(Data Definition Language) <==数据定义语言(create、drop、alter)
【2】DCL(Data Control Language) <==数据控制语言(grant、revoke、commit、rollback)
【3】DML(Data Manipulation Language) <==数据操作语言(insert、delete、update)
【4】DQL(Data Query Language) <==数据查询语言(select)
mysql> create database keysou; <==创建数据库
Query OK, 1 row affected (0.07 sec)
mysql> show databases like 'keysou'; <==查看数据库,'keysou'表示精确匹配,'keysou%'表示匹配以"keysou"开头,'%keysou%'表示匹配包含"keysou"
+------------------+
| Database (keysou) |
+------------------+
| keysou |
+------------------+
1 row in set (0.24 sec)
mysql> show databases like 'keysou%'; <==模糊匹配
+-------------------+
| Database (keysou%) |
+-------------------+
| keysou |
+-------------------+
1 row in set (0.01 sec)
mysql> show create database keysou; <==查看创建数据库语句,编译数据库的时候定义了默认字符集utf8
+----------+----------------------------------------------------------------+
| Database | Create Database |
+----------+----------------------------------------------------------------+
| keysou | CREATE DATABASE `keysou` /*!40100 DEFAULT CHARACTER SET utf8 */ |
+----------+----------------------------------------------------------------+
1 row in set (0.01 sec)
mysql> create database keysouutf8 character set utf8 collate utf8_general_ci; <==创建数据库并指定字符集
Query OK, 1 row affected (0.03 sec)
mysql> show create database keysouutf8;
+-----------+--------------------------------------------------------------------+
| Database | Create Database |
+-----------+--------------------------------------------------------------------+
| keysouutf8 | CREATE DATABASE `keysouutf8` /*!40100 DEFAULT CHARACTER SET utf8 */ |
+-----------+--------------------------------------------------------------------+
1 row in set (0.00 sec)
mysql> show character set; <==查看字符集校对规则
+----------+-----------------------------+---------------------+--------+
| Charset | Description | Default collation | Maxlen |
+----------+-----------------------------+---------------------+--------+
| big5 | Big5 Traditional Chinese | big5_chinese_ci | 2 |
| dec8 | DEC West European | dec8_swedish_ci | 1 |
| cp850 | DOS West European | cp850_general_ci | 1 |
| hp8 | HP West European | hp8_english_ci | 1 |
| koi8r | KOI8-R Relcom Russian | koi8r_general_ci | 1 |
| latin1 | cp1252 West European | latin1_swedish_ci | 1 |
| latin2 | ISO 8859-2 Central European | latin2_general_ci | 1 |
| swe7 | 7bit Swedish | swe7_swedish_ci | 1 |
| ascii | US ASCII | ascii_general_ci | 1 |
| ujis | EUC-JP Japanese | ujis_japanese_ci | 3 |
| sjis | Shift-JIS Japanese | sjis_japanese_ci | 2 |
| hebrew | ISO 8859-8 Hebrew | hebrew_general_ci | 1 |
| tis620 | TIS620 Thai | tis620_thai_ci | 1 |
| euckr | EUC-KR Korean | euckr_korean_ci | 2 |
| koi8u | KOI8-U Ukrainian | koi8u_general_ci | 1 |
| gb2312 | GB2312 Simplified Chinese | gb2312_chinese_ci | 2 |
| greek | ISO 8859-7 Greek | greek_general_ci | 1 |
| cp1250 | Windows Central European | cp1250_general_ci | 1 |
| gbk | GBK Simplified Chinese | gbk_chinese_ci | 2 |
| latin5 | ISO 8859-9 Turkish | latin5_turkish_ci | 1 |
| armscii8 | ARMSCII-8 Armenian | armscii8_general_ci | 1 |
| utf8 | UTF-8 Unicode | utf8_general_ci | 3 |
| ucs2 | UCS-2 Unicode | ucs2_general_ci | 2 |
| cp866 | DOS Russian | cp866_general_ci | 1 |
| keybcs2 | DOS Kamenicky Czech-Slovak | keybcs2_general_ci | 1 |
| macce | Mac Central European | macce_general_ci | 1 |
| macroman | Mac West European | macroman_general_ci | 1 |
| cp852 | DOS Central European | cp852_general_ci | 1 |
| latin7 | ISO 8859-13 Baltic | latin7_general_ci | 1 |
| utf8mb4 | UTF-8 Unicode | utf8mb4_general_ci | 4 |
| cp1251 | Windows Cyrillic | cp1251_general_ci | 1 |
| utf16 | UTF-16 Unicode | utf16_general_ci | 4 |
| utf16le | UTF-16LE Unicode | utf16le_general_ci | 4 |
| cp1256 | Windows Arabic | cp1256_general_ci | 1 |
| cp1257 | Windows Baltic | cp1257_general_ci | 1 |
| utf32 | UTF-32 Unicode | utf32_general_ci | 4 |
| binary | Binary pseudo charset | binary | 1 |
| geostd8 | GEOSTD8 Georgian | geostd8_general_ci | 1 |
| cp932 | SJIS for Windows Japanese | cp932_japanese_ci | 2 |
| eucjpms | UJIS for Windows Japanese | eucjpms_japanese_ci | 3 |
+----------+-----------------------------+---------------------+--------+
40 rows in set (0.00 sec)
mysql> show databases; <==显示所有数据库
+--------------------+
| Database |
+--------------------+
| information_schema |
| keysou |
| keysouutf8 |
| mysql |
| performance_schema |
+--------------------+
5 rows in set (0.09 sec)
mysql> drop database keysouutf8; <==删除数据库
Query OK, 0 rows affected (0.21 sec)
mysql> use keysou; <==连接数据库
Database changed
mysql> select database(); <==查看当前处于哪个数据库
+------------+
| database() |
+------------+
| keysou |
+------------+
1 row in set (0.00 sec)
mysql> select version(); <==查看数据库版本
+-----------+
| version() |
+-----------+
| 5.6.22 |
+-----------+
1 row in set (0.02 sec)
mysql> select user(); <==查看当前用户
+----------------+
| user() |
+----------------+
| root@localhost |
+----------------+
1 row in set (0.01 sec)
mysql> drop user 'lb'@'localhost'; <==删除用户
Query OK, 0 rows affected (0.01 sec)
mysql> delete from mysql.user where user='LB' and host='localhost'; <==如果drop删除不了(一般特殊字符或大写)可以使用这种方式删除
Query OK, 1 row affected (0.04 sec)
mysql> grant all on *.* to 'lb'@'localhost' identified by 'axbc1kof'; <==创建用户并授权
Query OK, 0 rows affected (0.07 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
mysql> show grants for 'lb'@'localhost'; <==查看指定用户权限
+--------------------------------------------------------------------------------------------------------------------+
| Grants for lb@localhost |
+--------------------------------------------------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'lb'@'localhost' IDENTIFIED BY PASSWORD '*63C053DE068F3E8F1E9D13A8D8C9C124E4D34264' |
+--------------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)
mysql> show grants for 'lb'@'localhost'\G
*************************** 1. row ***************************
Grants for lb@localhost: GRANT ALL PRIVILEGES ON *.* TO 'lb'@'localhost' IDENTIFIED BY PASSWORD '*63C053DE068F3E8F1E9D13A8D8C9C124E4D34264'
1 row in set (0.00 sec)
mysql> create user 'lb'@'localhost' identified by 'axbc1kof'; <==创建用户,只允许登录,不能操作数据库
Query OK, 0 rows affected (0.01 sec)
mysql> grant all on *.* to 'lb'@'localhost'; <==用户授权
Query OK, 0 rows affected (0.00 sec)
mysql> show grants for 'lb'@'localhost';
+--------------------------------------------------------------------------------------------------------------------+
| Grants for lb@localhost |
+--------------------------------------------------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'lb'@'localhost' IDENTIFIED BY PASSWORD '*63C053DE068F3E8F1E9D13A8D8C9C124E4D34264' |
+--------------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)
mysql> show grants for 'lb'@'localhost'\G
*************************** 1. row ***************************
Grants for lb@localhost: GRANT ALL PRIVILEGES ON *.* TO 'lb'@'localhost' IDENTIFIED BY PASSWORD '*63C053DE068F3E8F1E9D13A8D8C9C124E4D34264'
1 row in set (0.00 sec)
mysql> revoke insert on *.* from 'lb'@'localhost'; <==回收用户权限
Query OK, 0 rows affected (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
mysql> show grants for 'lb'@'localhost';
+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Grants for lb@localhost |
+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| GRANT SELECT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE ON *.* TO 'lb'@'localhost' IDENTIFIED BY PASSWORD '*63C053DE068F3E8F1E9D13A8D8C9C124E4D34264' |
+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
1 row in set (0.01 sec)
mysql> show grants for 'lb'@'localhost'\G
*************************** 1. row ***************************
Grants for lb@localhost: GRANT SELECT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE ON *.* TO 'lb'@'localhost' IDENTIFIED BY PASSWORD '*63C053DE068F3E8F1E9D13A8D8C9C124E4D34264'
1 row in set (0.00 sec)
MySQL性能监控工具:MySQL MTOP、天兔
创建表语法
create table tbl_name(
<字段名1> <类型1>,
<字段名2> <类型2>,
<字段名3> <类型3>,
........
);
mysql> create table student( <==创建表
-> id int(4) not null,
-> name char(20) not null,
-> age tinyint(2) not null default '0',
-> dept varchar(20) default null
-> )ENGINE=InnoDB DEFAULT CHARSET=utf8;
Query OK, 0 rows affected (0.10 sec)
mysql> show create table student; <==查看创建表语句,MySQL5.1默认存储引擎MyISAM,MySQL5.5默认存储引擎InnoDB,char(20)不够20字节补到20字节(定长)
+---------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Table | Create Table |
+---------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| student | CREATE TABLE `student` (
`id` int(4) DEFAULT NULL,
`name` char(20) DEFAULT NULL,
`age` tinyint(2) DEFAULT NULL,
`dept` varchar(16) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8 |
+---------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
1 row in set (0.01 sec)
mysql> show create table student\G
*************************** 1. row ***************************
Table: student
Create Table: CREATE TABLE `student` (
`id` int(4) NOT NULL,
`name` char(20) NOT NULL,
`age` tinyint(2) NOT NULL DEFAULT '0',
`dept` varchar(20) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8
1 row in set (0.00 sec)
MySQL存储引擎:相当于文件系统,数据库组织和存储数据的一种机制
MySQL索引:可以理解为文件系统的Inode,索引列为查询条件时可以加快查询数据的速度
查看表结构
【1】
mysql> desc student;
+-------+-------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-------+-------------+------+-----+---------+-------+
| id | int(4) | NO | | NULL | |
| name | char(20) | NO | | NULL | |
| age | tinyint(2) | NO | | 0 | |
| dept | varchar(20) | YES | | NULL | |
+-------+-------------+------+-----+---------+-------+
4 rows in set (0.03 sec)
【2】
mysql> show columns from student;
+-------+-------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-------+-------------+------+-----+---------+-------+
| id | int(4) | NO | | NULL | |
| name | char(20) | NO | | NULL | |
| age | tinyint(2) | NO | | 0 | |
| dept | varchar(20) | YES | | NULL | |
+-------+-------------+------+-----+---------+-------+
4 rows in set (0.00 sec)
创建主键索引及普通索引
mysql> create table student( <==primary key(id)主键索引(主键列内容必须唯一,按照主键为查询条件速度最快),key index_name(name)普通索引
-> id int(4) not null auto_increment,
-> name char(20) not null,
-> age tinyint(2) not null default '0',
-> dept varchar(16) default null,
-> primary key(id),
-> key index_name(name)
-> );
Query OK, 0 rows affected (0.11 sec)
mysql> desc student; <==PRI主键索引标识,MUL普通索引标识
+-------+-------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+-------+-------------+------+-----+---------+----------------+
| id | int(4) | NO | PRI | NULL | auto_increment |
| name | char(20) | NO | MUL | NULL | |
| age | tinyint(2) | NO | | 0 | |
| dept | varchar(16) | YES | | NULL | |
+-------+-------------+------+-----+---------+----------------+
4 rows in set (0.01 sec)
mysql> show index from student\G <==查看索引
*************************** 1. row ***************************
Table: student
Non_unique: 0
Key_name: PRIMARY
Seq_in_index: 1
Column_name: id
Collation: A
Cardinality: 0
Sub_part: NULL
Packed: NULL
Null:
Index_type: BTREE
Comment:
Index_comment:
*************************** 2. row ***************************
Table: student
Non_unique: 1
Key_name: index_name
Seq_in_index: 1
Column_name: name
Collation: A
Cardinality: 0
Sub_part: NULL
Packed: NULL
Null:
Index_type: BTREE <==默认索引类型BTREE
Comment:
Index_comment:
2 rows in set (0.01 sec)
mysql> alter table student add index index_dept(dept); <==创建普通索引
Query OK, 0 rows affected (0.11 sec)
Records: 0 Duplicates: 0 Warnings: 0
mysql> desc student;
+-------+-------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+-------+-------------+------+-----+---------+----------------+
| id | int(4) | NO | PRI | NULL | auto_increment |
| name | char(20) | NO | MUL | NULL | |
| age | tinyint(2) | NO | | 0 | |
| dept | varchar(16) | YES | MUL | NULL | |
+-------+-------------+------+-----+---------+----------------+
4 rows in set (0.01 sec)
mysql> alter table student drop index index_dept; <==删除普通索引
Query OK, 0 rows affected (0.04 sec)
Records: 0 Duplicates: 0 Warnings: 0
mysql> desc student;
+-------+-------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+-------+-------------+------+-----+---------+----------------+
| id | int(4) | NO | PRI | NULL | auto_increment |
| name | char(20) | NO | MUL | NULL | |
| age | tinyint(2) | NO | | 0 | |
| dept | varchar(16) | YES | | NULL | |
+-------+-------------+------+-----+---------+----------------+
4 rows in set (0.00 sec)
给字段前N个字符创建索引(如果前N个字符已经可以标识唯一,没必要对整列做索引,因为索引也是要消耗空间的,读取索引的速度也会下降)
mysql> desc student;
+-------+-------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+-------+-------------+------+-----+---------+----------------+
| id | int(4) | NO | PRI | NULL | auto_increment |
| name | char(20) | NO | | NULL | |
| age | tinyint(2) | NO | | 0 | |
| dept | varchar(16) | YES | | NULL | |
+-------+-------------+------+-----+---------+----------------+
4 rows in set (0.01 sec)
mysql> create index index_name on student(name(8)); <==对name列的前8个字符做索引
Query OK, 0 rows affected (0.04 sec)
Records: 0 Duplicates: 0 Warnings: 0
mysql> desc student;
+-------+-------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+-------+-------------+------+-----+---------+----------------+
| id | int(4) | NO | PRI | NULL | auto_increment |
| name | char(20) | NO | MUL | NULL | |
| age | tinyint(2) | NO | | 0 | |
| dept | varchar(16) | YES | | NULL | |
+-------+-------------+------+-----+---------+----------------+
4 rows in set (0.01 sec)
mysql> show index from student\G
*************************** 1. row ***************************
Table: student
Non_unique: 0
Key_name: PRIMARY
Seq_in_index: 1
Column_name: id
Collation: A
Cardinality: 0
Sub_part: NULL
Packed: NULL
Null:
Index_type: BTREE
Comment:
Index_comment:
*************************** 2. row ***************************
Table: student
Non_unique: 1
Key_name: index_name
Seq_in_index: 1
Column_name: name
Collation: A
Cardinality: 0
Sub_part: 8
Packed: NULL
Null:
Index_type: BTREE
Comment:
Index_comment:
2 rows in set (0.01 sec)
创建联合索引(有前缀特性)
index(a,b,c)仅对a,ab,abc三个查询条件列可以走此索引,b,bc,ac,c等无法使用此索引,尽量把最常使用的作为查询条件列放置第一位置
mysql> desc student;
+-------+-------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+-------+-------------+------+-----+---------+----------------+
| id | int(4) | NO | PRI | NULL | auto_increment |
| name | char(20) | NO | | NULL | |
| age | tinyint(2) | NO | | 0 | |
| dept | varchar(16) | YES | | NULL | |
+-------+-------------+------+-----+---------+----------------+
4 rows in set (0.01 sec)
mysql> create index index_name_dept on student(name,dept);
Query OK, 0 rows affected (0.05 sec)
Records: 0 Duplicates: 0 Warnings: 0
mysql> show index from student\G
*************************** 1. row ***************************
Table: student
Non_unique: 0
Key_name: PRIMARY
Seq_in_index: 1
Column_name: id
Collation: A
Cardinality: 0
Sub_part: NULL
Packed: NULL
Null:
Index_type: BTREE
Comment:
Index_comment:
*************************** 2. row ***************************
Table: student
Non_unique: 1
Key_name: index_name_dept
Seq_in_index: 1
Column_name: name
Collation: A
Cardinality: 0
Sub_part: NULL
Packed: NULL
Null:
Index_type: BTREE
Comment:
Index_comment:
*************************** 3. row ***************************
Table: student
Non_unique: 1
Key_name: index_name_dept
Seq_in_index: 2
Column_name: dept
Collation: A
Cardinality: 0
Sub_part: NULL
Packed: NULL
Null: YES
Index_type: BTREE
Comment:
Index_comment:
3 rows in set (0.01 sec)
创建唯一索引(非主键)
mysql> desc student;
+-------+-------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+-------+-------------+------+-----+---------+----------------+
| id | int(4) | NO | PRI | NULL | auto_increment |
| name | char(20) | NO | | NULL | |
| age | tinyint(2) | NO | | 0 | |
| dept | varchar(16) | YES | | NULL | |
+-------+-------------+------+-----+---------+----------------+
4 rows in set (0.00 sec)
mysql> create unique index uni_index_name on student(name);
Query OK, 0 rows affected (0.06 sec)
Records: 0 Duplicates: 0 Warnings: 0
mysql> desc student;
+-------+-------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+-------+-------------+------+-----+---------+----------------+
| id | int(4) | NO | PRI | NULL | auto_increment |
| name | char(20) | NO | UNI | NULL | |
| age | tinyint(2) | NO | | 0 | |
| dept | varchar(16) | YES | | NULL | |
+-------+-------------+------+-----+---------+----------------+
4 rows in set (0.00 sec)
mysql> show index from student\G
*************************** 1. row ***************************
Table: student
Non_unique: 0
Key_name: PRIMARY
Seq_in_index: 1
Column_name: id
Collation: A
Cardinality: 0
Sub_part: NULL
Packed: NULL
Null:
Index_type: BTREE
Comment:
Index_comment:
*************************** 2. row ***************************
Table: student
Non_unique: 0
Key_name: uni_index_name
Seq_in_index: 1
Column_name: name
Collation: A
Cardinality: 0
Sub_part: NULL
Packed: NULL
Null:
Index_type: BTREE
Comment:
Index_comment:
2 rows in set (0.00 sec)
Q1:既然索引可以加快查询速度,那么就给所有的列建索引
A1:因为索引不但占用系统空间,而且更新数据库时还需要维护索引数据,因此,索引是一把双刃剑,并不是越多越好
Q2:需要在那些列上创建索引
A2:索引一定要创建在where后的条件列上,而不是select后的选择数据列上,另外我们要尽量选择在唯一值多的大表上的列创建索引
创建索引命令小结
【1】创建主键索引
mysql> alter table student change id id int primary key auto_increment;
【2】删除主键索引
mysql> alter table student drop primary key;
【3】创建普通索引
mysql> alter table student add index index_name(name);
mysql> create index index_name on student(name)
【4】根据列的前N个字符创建索引
mysql> create index index_name on student(name(8));
mysql> alter table student add index index_name(name(8));
【5】根据多个列创建联合索引
mysql> create index index_name_dept on student(name,dept);
【6】根据多个列的前n个字符创建联合索引
mysql> create index index_name_dept on student(name(8),dept(10));
【7】创建唯一索引
mysql> create unique index uni_index_name on student(name);
【8】删除普通索引及唯一索引
mysql> alter table student drop index index_name;
mysql> drop index index_dept on student;
创建索引知识小结
【1】索引类似书籍的目录,会加快查询数据的速度
【2】要在表的列(字段)上创建索引
【3】索引会加快查询速度,但是也会影响更新的速度,因为更新要维护索引数据
【4】索引列不是越多越好,要在频繁查询的where后的条件列上创建
【5】小表或重复值很多的列上可以不创建索引,要在大表及重复值少的列上创建索引
【6】多个列联合索引有前缀生效特性
【7】当字段前N个字符已经接近唯一时,可以对字段的前N个字符创建索引
【8】索引从工作方式区分,有主键,唯一,联合,普通索引
【9】索引类型有BTREE(默认)和HASH(合适做缓存(内存数据库))
插入数据
【1】
mysql> insert into lb(id,name) values(1,'linbin');
【2】
mysql> insert into lb(name) values('linbin');
【3】
mysql> insert into lb values(3,'linbin');
【4】
mysql> insert into lb values(4,'linbin'),(5,'lb');
mysql> create table lb (
-> id int(4) not null auto_increment,
-> name char(20) not null,
-> primary key(id)
-> );
Query OK, 0 rows affected (0.04 sec)
mysql> desc lb;
+-------+----------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+-------+----------+------+-----+---------+----------------+
| id | int(4) | NO | PRI | NULL | auto_increment |
| name | char(20) | NO | | NULL | |
+-------+----------+------+-----+---------+----------------+
2 rows in set (0.01 sec)
mysql> insert into lb(id,name) values(1,'linbin');
Query OK, 1 row affected (0.01 sec)
mysql> insert into lb(name) values('lb');
Query OK, 1 row affected (0.02 sec)
mysql> insert into lb values(3,'LB');
Query OK, 1 row affected (0.00 sec)
mysql> insert into lb values(4,'BL'),(5,'LinBin');
Query OK, 2 rows affected (0.01 sec)
Records: 2 Duplicates: 0 Warnings: 0
mysql> select * from lb;
+----+--------+
| id | name |
+----+--------+
| 1 | linbin |
| 2 | lb |
| 3 | LB |
| 4 | BL |
| 5 | LinBin |
+----+--------+
5 rows in set (0.00 sec)
[root@Master-Server ~]# mysqldump -uroot -p -B keysou > keysou.sql
Enter password:
[root@Master-Server ~]# ls -l keysou.sql
-rw-r--r-- 1 root root 2682 May 17 14:36 keysou.sql
[root@Master-Server ~]# egrep -v "^$|^-|^/" keysou.sql
CREATE DATABASE /*!32312 IF NOT EXISTS*/ `keysou` /*!40100 DEFAULT CHARACTER SET utf8 */;
USE `keysou`;
DROP TABLE IF EXISTS `lb`;
CREATE TABLE `lb` (
`id` int(4) NOT NULL AUTO_INCREMENT,
`name` char(20) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=6 DEFAULT CHARSET=utf8;
LOCK TABLES `lb` WRITE;
INSERT INTO `lb` VALUES (1,'linbin'),(2,'lb'),(3,'LB'),(4,'BL'),(5,'LinBin');
UNLOCK TABLES;
DROP TABLE IF EXISTS `student`;
CREATE TABLE `student` (
`id` int(4) NOT NULL AUTO_INCREMENT,
`name` char(20) NOT NULL,
`age` tinyint(2) NOT NULL DEFAULT '0',
`dept` varchar(16) DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
LOCK TABLES `student` WRITE;
UNLOCK TABLES;
mysql> show variables like 'binlog_format';
+---------------+-----------+
| Variable_name | Value |
+---------------+-----------+
| binlog_format | STATEMENT |
+---------------+-----------+
1 row in set (0.01 sec)
单表查询数据
mysql> select * from lb; <==查询表的所有记录,生产环境不建议此查询,如果数据量很大会很慢
+----+--------+
| id | name |
+----+--------+
| 1 | linbin |
| 2 | lb |
| 3 | LB |
| 4 | BL |
| 5 | LinBin |
+----+--------+
5 rows in set (0.00 sec)
mysql> select name from lb; <==查询指定的列
+--------+
| name |
+--------+
| linbin |
| lb |
| LB |
| BL |
| LinBin |
+--------+
5 rows in set (0.00 sec)
mysql> select id,name from lb; <==查询多列,用","分割
+----+--------+
| id | name |
+----+--------+
| 1 | linbin |
| 2 | lb |
| 3 | LB |
| 4 | BL |
| 5 | LinBin |
+----+--------+
5 rows in set (0.00 sec)
mysql> select id,name from lb limit 2; <==查询两行
+----+--------+
| id | name |
+----+--------+
| 1 | linbin |
| 2 | lb |
+----+--------+
2 rows in set (0.01 sec)
mysql> select id,name from lb limit 1,2; <==查询第一行之后的两行,不包括第一行
+----+------+
| id | name |
+----+------+
| 2 | lb |
| 3 | LB |
+----+------+
2 rows in set (0.00 sec)
mysql> select id,name from lb where id=1;
+----+--------+
| id | name |
+----+--------+
| 1 | linbin |
+----+--------+
1 row in set (0.02 sec)
mysql> select id,name from lb where name='lb';
+----+------+
| id | name |
+----+------+
| 2 | lb |
| 3 | LB |
+----+------+
2 rows in set (0.01 sec)
mysql> select id,name from lb where id=2 and name='lb'; <==条件越多,结果越少
+----+------+
| id | name |
+----+------+
| 2 | lb |
+----+------+
1 row in set (0.01 sec)
mysql> select id,name from lb where id>1 and id<4; <==默认是升序(asc)
+----+------+
| id | name |
+----+------+
| 2 | lb |
| 3 | LB |
+----+------+
2 rows in set (0.00 sec)
mysql> select id,name from lb where id>1 and id<4 order by id desc; <==对id列降序排序
+----+------+
| id | name |
+----+------+
| 3 | LB |
| 2 | lb |
+----+------+
2 rows in set (0.01 sec)
mysql> select id,name from lb where id>1 and id<4 order by id desc into outfile '/tmp/data.txt'; <==将数据导出到文件
Query OK, 2 rows affected (0.00 sec)
mysql> system cat /tmp/data.txt
3 LB
2 lb
多表查询(连表查询)
http://blog.csdn.net/yangyi22/article/details/7483859
mysql> create database linbin;
Query OK, 1 row affected (0.05 sec)
mysql> use linbin;
Database changed
创建学生表
mysql> create table student (
-> Sno int(10) not null comment '学号',
-> Sname varchar(16) not null comment '姓名',
-> Ssex char(2) not null comment '性别',
-> Sage tinyint(2) not null default '0' comment '年龄',
-> Sdept varchar(16) default null comment '系别',
-> primary key(Sno),
-> key index_Sname(Sname)
-> );
Query OK, 0 rows affected (0.04 sec)
mysql> desc student;
+-------+-------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-------+-------------+------+-----+---------+-------+
| Sno | int(10) | NO | PRI | NULL | |
| Sname | varchar(16) | NO | MUL | NULL | |
| Ssex | char(2) | NO | | NULL | |
| Sage | tinyint(2) | NO | | 0 | |
| Sdept | varchar(16) | YES | | NULL | |
+-------+-------------+------+-----+---------+-------+
5 rows in set (0.01 sec)
mysql> show create table student\G
*************************** 1. row ***************************
Table: student
Create Table: CREATE TABLE `student` (
`Sno` int(10) NOT NULL COMMENT '学号',
`Sname` varchar(16) NOT NULL COMMENT '姓名',
`Ssex` char(2) NOT NULL COMMENT '性别',
`Sage` tinyint(2) NOT NULL DEFAULT '0' COMMENT '年龄',
`Sdept` varchar(16) DEFAULT NULL COMMENT '系别',
PRIMARY KEY (`Sno`),
KEY `index_Sname` (`Sname`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8
1 row in set (0.00 sec)
创建课程表
mysql> create table course (
-> Cno int(10) not null comment '课程号',
-> Cname varchar(64) not null comment '课程名',
-> Ccredit tinyint(2) not null comment '学分',
-> primary key(Cno)
-> );
Query OK, 0 rows affected (0.06 sec)
mysql> desc course;
+---------+-------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+---------+-------------+------+-----+---------+-------+
| Cno | int(10) | NO | PRI | NULL | |
| Cname | varchar(64) | NO | | NULL | |
| Ccredit | tinyint(2) | NO | | NULL | |
+---------+-------------+------+-----+---------+-------+
3 rows in set (0.05 sec)
mysql> show create table course\G
*************************** 1. row ***************************
Table: course
Create Table: CREATE TABLE `course` (
`Cno` int(10) NOT NULL COMMENT '课程号',
`Cname` varchar(64) NOT NULL COMMENT '课程名',
`Ccredit` tinyint(2) NOT NULL COMMENT '学分',
PRIMARY KEY (`Cno`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8
1 row in set (0.00 sec)
创建成绩表
mysql> create table grade (
-> SCid int(12) not null auto_increment comment '主键',
-> Cno int(10) not null comment '课程号',
-> Sno int(10) not null comment '学号',
-> Grade tinyint(2) not null comment '成绩',
-> primary key(SCid)
-> );
Query OK, 0 rows affected (0.04 sec)
mysql> desc grade;
+-------+------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+-------+------------+------+-----+---------+----------------+
| SCid | int(12) | NO | PRI | NULL | auto_increment |
| Cno | int(10) | NO | | NULL | |
| Sno | int(10) | NO | | NULL | |
| Grade | tinyint(2) | NO | | NULL | |
+-------+------------+------+-----+---------+----------------+
4 rows in set (0.03 sec)
mysql> show create table grade\G
*************************** 1. row ***************************
Table: grade
Create Table: CREATE TABLE `grade` (
`SCid` int(12) NOT NULL AUTO_INCREMENT COMMENT '主键',
`Cno` int(10) NOT NULL COMMENT '课程号',
`Sno` int(10) NOT NULL COMMENT '学号',
`Grade` tinyint(2) NOT NULL COMMENT '成绩',
PRIMARY KEY (`SCid`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8
1 row in set (0.01 sec)
mysql> show tables;
+------------------+
| Tables_in_linbin |
+------------------+
| course |
| grade |
| student |
+------------------+
3 rows in set (0.01 sec)
mysql> insert into student values(0001,'萧萧一风','男',30,'计算机网络');
mysql> insert into student values(0002,'王军','男',30,'会计');
mysql> insert into student values(0003,'吴苏琴','男',28,'物流管理');
mysql> insert into student values(0004,'吴燕琼','男',29,'会计');
mysql> insert into student values(0005,'刘雯倩','女',26,'计算机科学与技术');
mysql> insert into student values(0006,'邱雯欣','女',22,'护士');
mysql> select * from student;
+-----+-----------+------+------+--------------------------+
| Sno | Sname | Ssex | Sage | Sdept |
+-----+-----------+------+------+--------------------------+
| 1 | 萧萧一风 | 男 | 30 | 计算机网络 |
| 2 | 王军 | 男 | 30 | 会计 |
| 3 | 吴苏琴 | 男 | 28 | 物流管理 |
| 4 | 吴燕琼 | 男 | 29 | 会计 |
| 5 | 刘雯倩 | 女 | 26 | 计算机科学与技术 |
| 6 | 邱雯欣 | 女 | 22 | 护士 |
+-----+-----------+------+------+--------------------------+
6 rows in set (0.00 sec)
mysql> insert into course values(1001,'Linux中高级运维',3);
mysql> insert into course values(1002,'Linux高级架构师',5);
mysql> insert into course values(1003,'MySQL高级DBA',4);
mysql> insert into course values(1004,'Python运维开发',4);
mysql> insert into course values(1005,'Jave Web开发',3);
mysql> select * from course;
+------+----------------------+---------+
| Cno | Cname | Ccredit |
+------+----------------------+---------+
| 1001 | Linux中高级运维 | 3 |
| 1002 | Linux高级架构师 | 5 |
| 1003 | MySQL高级DBA | 4 |
| 1004 | Python运维开发 | 4 |
| 1005 | Jave Web开发 | 3 |
+------+----------------------+---------+
5 rows in set (0.01 sec)
mysql> insert into grade values(1,1001,1,4);
mysql> insert into grade values(2,1002,1,3);
mysql> insert into grade values(3,1003,1,1);
mysql> insert into grade values(4,1004,1,6);
mysql> insert into grade values(5,1002,2,2);
mysql> insert into grade values(6,1003,2,2);
mysql> insert into grade values(7,1004,2,8);
mysql> insert into grade values(8,1001,3,4);
mysql> insert into grade values(9,1002,3,4);
mysql> insert into grade values(10,1003,3,2);
mysql> insert into grade values(11,1004,3,8);
mysql> insert into grade values(12,1001,4,1);
mysql> insert into grade values(13,1002,4,1);
mysql> insert into grade values(14,1003,4,2);
mysql> insert into grade values(15,1004,4,3);
mysql> insert into grade values(16,1001,5,5);
mysql> insert into grade values(17,1002,5,3);
mysql> insert into grade values(18,1003,5,2);
mysql> insert into grade values(19,1004,5,9);
mysql> select * from grade;
+------+------+-----+-------+
| SCid | Cno | Sno | Grade |
+------+------+-----+-------+
| 1 | 1001 | 1 | 4 |
| 2 | 1002 | 1 | 3 |
| 3 | 1003 | 1 | 1 |
| 4 | 1004 | 1 | 6 |
| 5 | 1002 | 2 | 2 |
| 6 | 1003 | 2 | 2 |
| 7 | 1004 | 2 | 8 |
| 8 | 1001 | 3 | 4 |
| 9 | 1002 | 3 | 4 |
| 10 | 1003 | 3 | 2 |
| 11 | 1004 | 3 | 8 |
| 12 | 1001 | 4 | 1 |
| 13 | 1002 | 4 | 1 |
| 14 | 1003 | 4 | 2 |
| 15 | 1004 | 4 | 3 |
| 16 | 1001 | 5 | 5 |
| 17 | 1002 | 5 | 3 |
| 18 | 1003 | 5 | 2 |
| 19 | 1004 | 5 | 9 |
+------+------+-----+-------+
19 rows in set (0.01 sec)
统计学号、姓名 课程名、学分
mysql> select student.Sno,student.Sname,course.Cname,course.Ccredit from student,course,grade where student.Sno=grade.Sno and course.Cno=grade.Cno order by Sno asc;
+-----+-----------+----------------------+---------+
| Sno | Sname | Cname | Ccredit |
+-----+-----------+----------------------+---------+
| 1 | 萧萧一风 | Linux中高级运维 | 3 |
| 1 | 萧萧一风 | Linux高级架构师 | 5 |
| 1 | 萧萧一风 | MySQL高级DBA | 4 |
| 1 | 萧萧一风 | Python运维开发 | 4 |
| 2 | 王军 | Linux高级架构师 | 5 |
| 2 | 王军 | MySQL高级DBA | 4 |
| 2 | 王军 | Python运维开发 | 4 |
| 3 | 吴苏琴 | Linux中高级运维 | 3 |
| 3 | 吴苏琴 | Linux高级架构师 | 5 |
| 3 | 吴苏琴 | MySQL高级DBA | 4 |
| 3 | 吴苏琴 | Python运维开发 | 4 |
| 4 | 吴燕琼 | Linux中高级运维 | 3 |
| 4 | 吴燕琼 | Linux高级架构师 | 5 |
| 4 | 吴燕琼 | MySQL高级DBA | 4 |
| 4 | 吴燕琼 | Python运维开发 | 4 |
| 5 | 刘雯倩 | Linux中高级运维 | 3 |
| 5 | 刘雯倩 | Linux高级架构师 | 5 |
| 5 | 刘雯倩 | MySQL高级DBA | 4 |
| 5 | 刘雯倩 | Python运维开发 | 4 |
+-----+-----------+----------------------+---------+
19 rows in set (0.02 sec)
创建成绩表
mysql> create table tb_grade(
-> Sno int(5),
-> Sname varchar(10),
-> Cno int(5),
-> Cname varchar(10),
-> score int(5)
-> );
Query OK, 0 rows affected (0.27 sec)
mysql> desc tb_grade;
+-------+-------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-------+-------------+------+-----+---------+-------+
| Sno | int(5) | YES | | NULL | |
| Sname | varchar(10) | YES | | NULL | |
| Cno | int(5) | YES | | NULL | |
| Cname | varchar(10) | YES | | NULL | |
| score | int(5) | YES | | NULL | |
+-------+-------------+------+-----+---------+-------+
5 rows in set (0.02 sec)
mysql> insert into tb_grade values(1001,'李菲',1,'语文',86);
mysql> insert into tb_grade values(1001,'李菲',2,'数学',56);
mysql> insert into tb_grade values(1001,'李菲',3,'物理',48);
mysql> insert into tb_grade values(1001,'李菲',4,'化学',90);
mysql> insert into tb_grade values(1001,'李菲',5,'英语',57);
mysql> insert into tb_grade values(1002,'王琪',1,'语文',90);
mysql> insert into tb_grade values(1002,'王琪',2,'数学',68);
mysql> insert into tb_grade values(1002,'王琪',3,'物理',87);
mysql> insert into tb_grade values(1002,'王琪',4,'化学',68);
mysql> insert into tb_grade values(1002,'王琪',5,'英语',45);
mysql> insert into tb_grade values(1003,'杨阳',1,'语文',86);
mysql> insert into tb_grade values(1003,'杨阳',2,'数学',56);
mysql> insert into tb_grade values(1003,'杨阳',3,'物理',48);
mysql> insert into tb_grade values(1003,'杨阳',4,'化学',90);
mysql> insert into tb_grade values(1003,'杨阳',5,'英语',52);
mysql> insert into tb_grade values(1004,'和树',1,'语文',82);
mysql> insert into tb_grade values(1004,'和树',2,'数学',56);
mysql> insert into tb_grade values(1004,'和树',3,'物理',67);
mysql> insert into tb_grade values(1004,'和树',4,'化学',30);
mysql> insert into tb_grade values(1004,'和树',5,'英语',68);
mysql> select * from tb_grade;
+------+--------+------+--------+-------+
| Sno | Sname | Cno | Cname | score |
+------+--------+------+--------+-------+
| 1001 | 李菲 | 1 | 语文 | 86 |
| 1001 | 李菲 | 2 | 数学 | 56 |
| 1001 | 李菲 | 3 | 物理 | 48 |
| 1001 | 李菲 | 4 | 化学 | 90 |
| 1001 | 李菲 | 5 | 英语 | 57 |
| 1002 | 王琪 | 1 | 语文 | 90 |
| 1002 | 王琪 | 2 | 数学 | 68 |
| 1002 | 王琪 | 3 | 物理 | 87 |
| 1002 | 王琪 | 4 | 化学 | 68 |
| 1002 | 王琪 | 5 | 英语 | 45 |
| 1003 | 杨阳 | 1 | 语文 | 86 |
| 1003 | 杨阳 | 2 | 数学 | 56 |
| 1003 | 杨阳 | 3 | 物理 | 48 |
| 1003 | 杨阳 | 4 | 化学 | 90 |
| 1003 | 杨阳 | 5 | 英语 | 52 |
| 1004 | 和树 | 1 | 语文 | 82 |
| 1004 | 和树 | 2 | 数学 | 56 |
| 1004 | 和树 | 3 | 物理 | 67 |
| 1004 | 和树 | 4 | 化学 | 30 |
| 1004 | 和树 | 5 | 英语 | 68 |
+------+--------+------+--------+-------+
20 rows in set (0.00 sec)
1、查询不及格科目数大于等于2的学生学号和不及格科目数量
mysql> select Sno,count(score) as '不及格科目数' from tb_grade where score<60 group by Sno having count(score)>=2;
+------+--------------------+
| Sno | 不及格科目数 |
+------+--------------------+
| 1001 | 3 |
| 1003 | 3 |
| 1004 | 2 |
+------+--------------------+
3 rows in set (0.02 sec)
2、查询不及格科目数大于等于2的学生学号和学生姓名
mysql> select Sno,Sname from tb_grade where score<60 group by Sno having count(score)>=2;
+------+--------+
| Sno | Sname |
+------+--------+
| 1001 | 李菲 |
| 1003 | 杨阳 |
| 1004 | 和树 |
+------+--------+
3 rows in set (0.01 sec)
3、查询不及格科目数大于等于2的学生学号、学生姓名、科目号、科目名称和分数,并按学号降序、科目号升序排序
mysql> select * from tb_grade where score<60 and Sno in(select Sno from tb_grade where score<60 group by Sno having count(score)>=2)order by Sno desc,Cno asc;
+------+--------+------+--------+-------+
| Sno | Sname | Cno | Cname | score |
+------+--------+------+--------+-------+
| 1004 | 和树 | 2 | 数学 | 56 |
| 1004 | 和树 | 4 | 化学 | 30 |
| 1003 | 杨阳 | 2 | 数学 | 56 |
| 1003 | 杨阳 | 3 | 物理 | 48 |
| 1003 | 杨阳 | 5 | 英语 | 52 |
| 1001 | 李菲 | 2 | 数学 | 56 |
| 1001 | 李菲 | 3 | 物理 | 48 |
| 1001 | 李菲 | 5 | 英语 | 57 |
+------+--------+------+--------+-------+
8 rows in set (0.02 sec)
多表查询实战
mysql> create table class(
-> classID int(4),
-> className varchar(20)
-> );
Query OK, 0 rows affected (0.03 sec)
mysql> desc class;
+-----------+-------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-----------+-------------+------+-----+---------+-------+
| classID | int(4) | YES | | NULL | |
| className | varchar(20) | YES | | NULL | |
+-----------+-------------+------+-----+---------+-------+
2 rows in set (0.01 sec)
mysql> insert into class values(1,'一班'),(2,'二班'),(3,'三班');
Query OK, 3 rows affected (0.03 sec)
Records: 3 Duplicates: 0 Warnings: 0
mysql> create table student(
-> stuID int(4),
-> classID int(4),
-> stuName varchar(20)
-> );
Query OK, 0 rows affected (0.28 sec)
mysql> desc student;
+---------+-------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+---------+-------------+------+-----+---------+-------+
| stuID | int(4) | YES | | NULL | |
| classID | int(4) | YES | | NULL | |
| stuName | varchar(20) | YES | | NULL | |
+---------+-------------+------+-----+---------+-------+
3 rows in set (0.00 sec)
mysql> insert into student values (1001,1,'张三'),(1002,1,'李丽'),(1003,1,'钱封'),(1004,2,'杨国'),(1005,2,'小样'),(1006,2,'区天'),(1007,3,'李三'),(1008,3,'黄武'),(1009,3,'赵六');
Query OK, 9 rows affected (0.00 sec)
Records: 9 Duplicates: 0 Warnings: 0
mysql> create table score(
-> courseID int(4),
-> stuID int(4),
-> course varchar(20),
-> score int(4)
-> );
Query OK, 0 rows affected (0.13 sec)
mysql> desc score;
+----------+-------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+----------+-------------+------+-----+---------+-------+
| courseID | int(4) | YES | | NULL | |
| stuID | int(4) | YES | | NULL | |
| course | varchar(20) | YES | | NULL | |
| score | int(4) | YES | | NULL | |
+----------+-------------+------+-----+---------+-------+
4 rows in set (0.02 sec)
mysql> insert into score values (2,1001,'数学',73),(3,1001,'英语',79),(1,1001,'语文',81),(3,1002,'英语',87),(2,1002,'数学',83),(1,1002,'语文',79),(1,1003,'语文',65),(3,1003,'英语',65),(2,1003,'数学',97),(1,1004,'语文',78),(3,1004,'英语',78),(2,1004,'数学',86),(1,1005,'语文',67),(3,1005,'英语',88),(2,1005,'数学',89),(2,1006,'数学',90),(3,1006,'英语',92),(1,1006,'语文',98),(1,1007,'语文',85),(2,1007,'数学',78),(3,1007,'英语',72),(1,1008,'语文',78),(3,1008,'英语',77),(2,1008,'数学',85),(3,1009,'英语',94),(2,1009,'数学',91),(1,1009,'语文',68);
Query OK, 27 rows affected (0.00 sec)
Records: 27 Duplicates: 0 Warnings: 0
mysql> select * from class;
+---------+-----------+
| classID | className |
+---------+-----------+
| 1 | 一班 |
| 2 | 二班 |
| 3 | 三班 |
+---------+-----------+
3 rows in set (0.02 sec)
mysql> select * from student;
+-------+---------+---------+
| stuID | classID | stuName |
+-------+---------+---------+
| 1001 | 1 | 张三 |
| 1002 | 1 | 李丽 |
| 1003 | 1 | 钱封 |
| 1004 | 2 | 杨国 |
| 1005 | 2 | 小样 |
| 1006 | 2 | 区天 |
| 1007 | 3 | 李三 |
| 1008 | 3 | 黄武 |
| 1009 | 3 | 赵六 |
+-------+---------+---------+
9 rows in set (0.00 sec)
mysql> select * from score;
+----------+-------+--------+-------+
| courseID | stuID | course | score |
+----------+-------+--------+-------+
| 2 | 1001 | 数学 | 73 |
| 3 | 1001 | 英语 | 79 |
| 1 | 1001 | 语文 | 81 |
| 3 | 1002 | 英语 | 87 |
| 2 | 1002 | 数学 | 83 |
| 1 | 1002 | 语文 | 79 |
| 1 | 1003 | 语文 | 65 |
| 3 | 1003 | 英语 | 65 |
| 2 | 1003 | 数学 | 97 |
| 1 | 1004 | 语文 | 78 |
| 3 | 1004 | 英语 | 78 |
| 2 | 1004 | 数学 | 86 |
| 1 | 1005 | 语文 | 67 |
| 3 | 1005 | 英语 | 88 |
| 2 | 1005 | 数学 | 89 |
| 2 | 1006 | 数学 | 90 |
| 3 | 1006 | 英语 | 92 |
| 1 | 1006 | 语文 | 98 |
| 1 | 1007 | 语文 | 85 |
| 2 | 1007 | 数学 | 78 |
| 3 | 1007 | 英语 | 72 |
| 1 | 1008 | 语文 | 78 |
| 3 | 1008 | 英语 | 77 |
| 2 | 1008 | 数学 | 85 |
| 3 | 1009 | 英语 | 94 |
| 2 | 1009 | 数学 | 91 |
| 1 | 1009 | 语文 | 68 |
+----------+-------+--------+-------+
27 rows in set (0.00 sec)
要求实现:查询各班各科分数最高的学生学号,姓名,班级名称,科目名称,分数
mysql> select student.stuID,student.stuName,class.className,score.course,score.score from student,class,score where student.stuID=score.stuID and class.classID=student.classID;
查看查询数据是否使用索引(explain)
mysql> select * from student;
+-------+---------+---------+
| stuID | classID | stuName |
+-------+---------+---------+
| 1001 | 1 | 张三 |
| 1002 | 1 | 李丽 |
| 1003 | 1 | 钱封 |
| 1004 | 2 | 杨国 |
| 1005 | 2 | 小样 |
| 1006 | 2 | 区天 |
| 1007 | 3 | 李三 |
| 1008 | 3 | 黄武 |
| 1009 | 3 | 赵六 |
+-------+---------+---------+
9 rows in set (0.00 sec)
mysql> create index stuID_index on student(stuID);
Query OK, 0 rows affected (0.11 sec)
Records: 0 Duplicates: 0 Warnings: 0
mysql> show index from student\G
*************************** 1. row ***************************
Table: student
Non_unique: 1
Key_name: stuID_index
Seq_in_index: 1
Column_name: stuID
Collation: A
Cardinality: 9
Sub_part: NULL
Packed: NULL
Null: YES
Index_type: BTREE
Comment:
Index_comment:
1 row in set (0.00 sec)
mysql> explain select classID,stuName from student where stuID=1002\G
*************************** 1. row ***************************
id: 1
select_type: SIMPLE
table: student
type: ref
possible_keys: stuID_index
key: stuID_index
key_len: 5
ref: const
rows: 1 <==表示只扫描了一行,如果没走索引会全表扫描
Extra: NULL
1 row in set (0.00 sec)
explain优化SQL语句的基本流程(http://blog.itpub.net/7607759/viewspace-692828/)
【1-1】mysql> show full processlist;
【1-2】分析慢查询日志
[mysqld]
long_query_time = 1
log-slow-queries = /data/3306/slow.log
log_queries_not_using_indexes
【2】explain SQL语句检查索引执行情况
【3】对需要建索引的列建立索引
【4】第三方分析MySQL慢查询日志(mysqlsla、pt-query-digest)
【5】切割慢查询日志(移动慢查询日志,执行命令mysqladmin -uroot -paxbc1kof flush-logs)
mysql> select SQL_NO_CACHE classID,stuName from student where stuID=1002 <==不查缓存
mysql> select count(distinct Cname) from tb_grade; <=="count"计数函数,"distinct"查看字段的唯一值
+-----------------------+
| count(distinct Cname) |
+-----------------------+
| 5 |
+-----------------------+
1 row in set (0.02 sec)
MySQL查询优化(profile)
http://blog.neazor.com/?p=316
查看SQL执行过程(profile)
Examples:
mysql> SELECT @@profiling; <==0表示关闭,1表示开启
+-------------+
| @@profiling |
+-------------+
| 0 |
+-------------+
1 row in set (0.00 sec)
mysql> SET profiling = 1;
Query OK, 0 rows affected (0.00 sec)
mysql> DROP TABLE IF EXISTS t1;
Query OK, 0 rows affected, 1 warning (0.00 sec)
mysql> CREATE TABLE T1 (id INT);
Query OK, 0 rows affected (0.01 sec)
mysql> SHOW PROFILES;
+----------+----------+--------------------------+
| Query_ID | Duration | Query |
+----------+----------+--------------------------+
| 0 | 0.000088 | SET PROFILING = 1 |
| 1 | 0.000136 | DROP TABLE IF EXISTS t1 |
| 2 | 0.011947 | CREATE TABLE t1 (id INT) |
+----------+----------+--------------------------+
3 rows in set (0.00 sec)
mysql> SHOW PROFILE;
+----------------------+----------+
| Status | Duration |
+----------------------+----------+
| checking permissions | 0.000040 |
| creating table | 0.000056 |
| After create | 0.011363 |
| query end | 0.000375 |
| freeing items | 0.000089 |
| logging slow query | 0.000019 |
| cleaning up | 0.000005 |
+----------------------+----------+
7 rows in set (0.00 sec)
mysql> SHOW PROFILE FOR QUERY 1;
+--------------------+----------+
| Status | Duration |
+--------------------+----------+
| query end | 0.000107 |
| freeing items | 0.000008 |
| logging slow query | 0.000015 |
| cleaning up | 0.000006 |
+--------------------+----------+
4 rows in set (0.00 sec)
mysql> SHOW PROFILE CPU FOR QUERY 2;
+----------------------+----------+----------+------------+
| Status | Duration | CPU_user | CPU_system |
+----------------------+----------+----------+------------+
| checking permissions | 0.000040 | 0.000038 | 0.000002 |
| creating table | 0.000056 | 0.000028 | 0.000028 |
| After create | 0.011363 | 0.000217 | 0.001571 |
| query end | 0.000375 | 0.000013 | 0.000028 |
| freeing items | 0.000089 | 0.000010 | 0.000014 |
| logging slow query | 0.000019 | 0.000009 | 0.000010 |
| cleaning up | 0.000005 | 0.000003 | 0.000002 |
+----------------------+----------+----------+------------+
7 rows in set (0.00 sec)
SQL优化思路
【1】explain(查看索引使用情况)
【2】profile(查看语句执行过程)
修改表数据语法
UPDATE [LOW_PRIORITY] [IGNORE] table_references
SET col_name1={expr1|DEFAULT} [, col_name2={expr2|DEFAULT}] ...
[WHERE where_condition]
mysql> update keysou.lb set name='linbin' where id=1;
防止MySQL误操作("-U"参数,也可以做别名)
http://oldboy.blog.51cto.com/2561410/1321061
可以设置系统别名,mysql命令加上选项-U后,当发出没有WHERE或LIMIT关键字的UPDATE或DELETE时,mysql程序拒绝执行
删除表数据语法
DELETE [LOW_PRIORITY] [QUICK] [IGNORE] FROM tbl_name
[PARTITION (partition_name,...)]
[WHERE where_condition]
[ORDER BY ...]
[LIMIT row_count]
mysql> delete from test where id>3;
删除表所有数据
【1】
mysql> truncate table class;
Query OK, 0 rows affected (0.09 sec)
mysql> select * from class;
Empty set (0.00 sec)
【2】
mysql> delete from class;
Query OK, 0 rows affected (0.00 sec)
mysql> select * from class;
Empty set (0.00 sec)
truncate和delete删除表数据的区别
【1】truncate table class; <==速度更快,直接清空对应数据的物理文件
【2】delete from class; <==速度慢,逻辑清除,按行删
增删改表的字段
语法格式:alter table 表名 add 字段 类型 其它;
mysql> desc lb;
+-------+----------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+-------+----------+------+-----+---------+----------------+
| id | int(4) | NO | PRI | NULL | auto_increment |
| name | char(20) | NO | | NULL | |
+-------+----------+------+-----+---------+----------------+
2 rows in set (0.02 sec)
增加字段
mysql> alter table lb add age int(4);
Query OK, 0 rows affected (0.14 sec)
Records: 0 Duplicates: 0 Warnings: 0
mysql> desc lb;
+-------+----------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+-------+----------+------+-----+---------+----------------+
| id | int(4) | NO | PRI | NULL | auto_increment |
| name | char(20) | NO | | NULL | |
| age | int(4) | YES | | NULL | |
+-------+----------+------+-----+---------+----------------+
3 rows in set (0.01 sec)
在指定字段后面增加字段
mysql> alter table test add sex char(4) after name;
Query OK, 0 rows affected (0.25 sec)
Records: 0 Duplicates: 0 Warnings: 0
mysql> desc lb;
+-------+----------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+-------+----------+------+-----+---------+----------------+
| id | int(4) | NO | PRI | NULL | auto_increment |
| name | char(20) | NO | | NULL | |
| sex | char(4) | YES | | NULL | |
| age | int(4) | YES | | NULL | |
+-------+----------+------+-----+---------+----------------+
4 rows in set (0.00 sec)
在最前面增加字段
mysql> alter table lb add shouji int(12) first;
Query OK, 0 rows affected (0.12 sec)
Records: 0 Duplicates: 0 Warnings: 0
mysql> desc lb;
+--------+----------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+--------+----------+------+-----+---------+----------------+
| shouji | int(12) | YES | | NULL | |
| id | int(4) | NO | PRI | NULL | auto_increment |
| name | char(20) | NO | | NULL | |
| sex | char(4) | YES | | NULL | |
| age | int(4) | YES | | NULL | |
+--------+----------+------+-----+---------+----------------+
5 rows in set (0.01 sec)
【1】增加1个字段
ALTER TABLE `etiantian` ADD `FIRSTPHOTO_URL` varchar(255) default NULL COMMENT '第一张图片URL'
【2】增加2个字段
ALTER TABLE `basic` ADD `adhtml_top` varchar(1024) default NULL COMMENT '顶部广告html',ADD `adhtml_right` varchar(1024) default NULL COMMENT '右侧广告html';
删除字段
mysql> alter table lb drop shouji;
Query OK, 0 rows affected (0.18 sec)
Records: 0 Duplicates: 0 Warnings: 0
mysql> desc lb;
+-------+----------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+-------+----------+------+-----+---------+----------------+
| id | int(4) | NO | PRI | NULL | auto_increment |
| name | char(20) | NO | | NULL | |
| sex | char(4) | YES | | NULL | |
| age | int(4) | YES | | NULL | |
+-------+----------+------+-----+---------+----------------+
4 rows in set (0.02 sec)
修改字段类型
mysql> desc lb;
+-------+----------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+-------+----------+------+-----+---------+----------------+
| id | int(4) | NO | PRI | NULL | auto_increment |
| name | char(20) | NO | | NULL | |
| sex | char(4) | YES | | NULL | |
| age | int(4) | YES | | NULL | |
+-------+----------+------+-----+---------+----------------+
4 rows in set (0.02 sec)
mysql> alter table lb modify age char(5);
Query OK, 0 rows affected (4.01 sec)
Records: 0 Duplicates: 0 Warnings: 0
mysql> desc lb;
+-------+----------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+-------+----------+------+-----+---------+----------------+
| id | int(4) | NO | PRI | NULL | auto_increment |
| name | char(20) | NO | | NULL | |
| sex | char(4) | YES | | NULL | |
| age | char(5) | YES | | NULL | |
+-------+----------+------+-----+---------+----------------+
4 rows in set (0.18 sec)
修改字段名称
mysql> desc lb;
+-------+----------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+-------+----------+------+-----+---------+----------------+
| id | int(4) | NO | PRI | NULL | auto_increment |
| name | char(20) | NO | | NULL | |
| sex | char(4) | YES | | NULL | |
| age | char(5) | YES | | NULL | |
+-------+----------+------+-----+---------+----------------+
4 rows in set (0.18 sec)
mysql> alter table lb change age newage char(4);
Query OK, 0 rows affected (0.04 sec)
Records: 0 Duplicates: 0 Warnings: 0
mysql> desc lb;
+--------+----------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+--------+----------+------+-----+---------+----------------+
| id | int(4) | NO | PRI | NULL | auto_increment |
| name | char(20) | NO | | NULL | |
| sex | char(4) | YES | | NULL | |
| newage | char(4) | YES | | NULL | |
+--------+----------+------+-----+---------+----------------+
4 rows in set (0.01 sec)
更改表名
RENAME TABLE tbl_name TO new_tbl_name
[, tbl_name2 TO new_tbl_name2] ...
【1】
mysql> rename table lb to newlb;
Query OK, 0 rows affected (0.06 sec)
mysql> show tables;
+-----------------+
| Tables_in_keysou |
+-----------------+
| newlb |
+-----------------+
1 rows in set (0.03 sec)
【2】
mysql> alter table lb rename to newlb;
Query OK, 0 rows affected (0.06 sec)
mysql> show tables;
+-----------------+
| Tables_in_keysou |
+-----------------+
| newlb |
+-----------------+
1 rows in set (0.03 sec)
修改客户端字符集
MySQL乱码
【1】环境本身不对,插入了错误数据,很难解决
【2】环境本身对,插入了正确数据,客户端环境破坏了,查看乱码
MySQL数据库中文不乱码(UTF8)
【1】Linux客户端字符集(UTF8)
【2】Linux服务端字符集(LANG="zh_CN.UTF-8")
【3】数据库客户端字符集(UTF8)
【4】数据库服务端字符集(UTF8)
【5】具体数据库的字符集
【6】具体表的字符集
【7】PHP/Java程序字符集
查看MySQL数据库客户端和服务端字符集
mysql> show variables like 'character_set%';
+--------------------------+-----------------------------------------+
| Variable_name | Value |
+--------------------------+-----------------------------------------+
| character_set_client | utf8 |
| character_set_connection | utf8 |
| character_set_database | utf8 |
| character_set_filesystem | binary |
| character_set_results | utf8 |
| character_set_server | utf8 |
| character_set_system | utf8 |
| character_sets_dir | /usr/local/mysql-5.6.22/share/charsets/ |
+--------------------------+-----------------------------------------+
8 rows in set (0.01 sec)
控制客户端字符集
character_set_client <==客户端字符集
character_set_connection <==连接字符集
character_set_results <==返回结果字符集
设置客户端字符集
【1】临时生效
mysql> set names gbk;
Query OK, 0 rows affected (0.01 sec)
mysql> show variables like 'character_set%';
+--------------------------+-----------------------------------------+
| Variable_name | Value |
+--------------------------+-----------------------------------------+
| character_set_client | gbk |
| character_set_connection | gbk |
| character_set_database | utf8 |
| character_set_filesystem | binary |
| character_set_results | gbk |
| character_set_server | utf8 |
| character_set_system | utf8 |
| character_sets_dir | /usr/local/mysql-5.6.22/share/charsets/ |
+--------------------------+-----------------------------------------+
8 rows in set (0.02 sec)
"set names gbk"相当于下面3条命令
mysql> set character_set_client = gbk;
mysql> set character_set_results = gbk;
mysql> set character_set_connection = gbk;
http://blog.sina.com.cn/s/blog_7c35df9b010122ir.html
【2】"--default-character-set=gbk"登录指定字符集
[root@Master-Server ~]# mysql -uroot -p --default-character-set=gbk
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 3
Server version: 5.6.22 Source distribution
Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> show variables like 'character_set%';
+--------------------------+-----------------------------------------+
| Variable_name | Value |
+--------------------------+-----------------------------------------+
| character_set_client | gbk |
| character_set_connection | gbk |
| character_set_database | utf8 |
| character_set_filesystem | binary |
| character_set_results | gbk |
| character_set_server | utf8 |
| character_set_system | utf8 |
| character_sets_dir | /usr/local/mysql-5.6.22/share/charsets/ |
+--------------------------+-----------------------------------------+
8 rows in set (0.01 sec)
【3】修改配置文件my.cnf
[root@Master-Server ~]# vim /etc/my.cnf
[client]
port = 3306
socket = /tmp/mysql/mysql.sock
default-character-set=gbk
mysql> show variables like 'character_set%';
+--------------------------+-----------------------------------------+
| Variable_name | Value |
+--------------------------+-----------------------------------------+
| character_set_client | gbk |
| character_set_connection | gbk |
| character_set_database | utf8 |
| character_set_filesystem | binary |
| character_set_results | gbk |
| character_set_server | utf8 |
| character_set_system | utf8 |
| character_sets_dir | /usr/local/mysql-5.6.22/share/charsets/ |
+--------------------------+-----------------------------------------+
8 rows in set (0.00 sec)
mysql、mysqladmin、mysqldump、mysqlbinlog命令总结
控制服务端字符集
character_set_database <==数据库字符集,配置文件指定或建库建表指定
character_set_server <==服务器字符集,配置文件指定或建库建表指定
设置服务端字符集
【1】
[root@Master-Server ~]# vim /etc/my.cnf
[mysqld]
character-set=gbk
mysql> show variables like 'character_set%';
+--------------------------+-----------------------------------------+
| Variable_name | Value |
+--------------------------+-----------------------------------------+
| character_set_client | utf8 |
| character_set_connection | utf8 |
| character_set_database | gbk |
| character_set_filesystem | binary |
| character_set_results | utf8 |
| character_set_server | gbk |
| character_set_system | utf8 |
| character_sets_dir | /usr/local/mysql-5.6.22/share/charsets/ |
+--------------------------+-----------------------------------------+
8 rows in set (0.01 sec)
【2】编译指定服务端字符集
修改字符集(原数据不生效)
mysql> alter table lb character set gbk collate gbk_chinese_ci; <==修改表字符集
mysql> alter database keysou character set latin1 collate latin1_swedish_ci; <==修改数据库字符集
MySQL字符集:包括字符集(character)和校对规则(collate)两个概念
修改生产环境已有数据的数据库字符集
【1】mysqldump备份(数据量大先导出表结构,sed替换),再导出数据备份
【2】在表结构中把字符集改了,例如:sed替换
【3】修改系统配置调整字符集生效
【4】MySQL把表结构还原,再把数据还原
【5】开发人员把程序的字符集调整好
MySQL常见字符集
gbk:一个汉字长度2个字节
utf8:一个汉字长度3个字节(推荐)
latin1:一个汉字长度1个字节,默认MySQL字符集
utf8mb4:一个汉字长度4个字节,移动互联网(IOS)
MySQL日志种类
【1】错误日志(error log)
MySQL错误日志记录MySQL服务进程mysqld在启动或关闭运行过程遇到的错误信息
[root@Master-Server ~]# vim /etc/my.cnf
[mysqld_safe]
log_error = /var/log/mysql/mysql-error.log
mysql> show variables like 'log_error%';
+---------------+--------------------------------+
| Variable_name | Value |
+---------------+--------------------------------+
| log_error | /var/log/mysql/mysql-error.log |
+---------------+--------------------------------+
1 row in set (0.00 sec)
【2】普通查询日志(general query log)
MySQL查询日志记录客户端连接信息和执行SQL语句信息,默认不开启,考虑到数据库的性能,生成环境一般不开启
mysql> show variables like 'general_log%';
+------------------+------------------------------+
| Variable_name | Value |
+------------------+------------------------------+
| general_log | OFF |
| general_log_file | /data/mysql/mysql.log |
+------------------+------------------------------+
2 rows in set (0.01 sec)
mysql> set global general_log = on; <=="global"表示全局生效
Query OK, 0 rows affected (0.00 sec)
mysql> show variables like 'general_log%';
+------------------+------------------------------+
| Variable_name | Value |
+------------------+------------------------------+
| general_log | ON |
| general_log_file | /data/mysql/mysql.log |
+------------------+------------------------------+
2 rows in set (0.01 sec)
mysql> system cat /data/mysql/mysql.log
/usr/local/mysql-5.6.22/bin/mysqld, Version: 5.6.22 (Source distribution). started with:
Tcp port: 3306 Unix socket: /tmp/mysql/mysql.sock
Time Id Command Argument
170518 10:40:31 1 Query set global general_log = on
170518 10:40:43 1 Query show variables like 'general_log%'
170518 10:40:56 1 Query show databases
170518 10:41:12 1 Query SELECT DATABASE()
1 Init DB linbin
1 Query show databases
1 Query show tables
170518 10:41:17 1 Query show tables
【3】慢查询日志(slow query log)
MySQL慢查询日志记录执行时间超过指定值(long_query_time)的SQL语句
[root@Master-Server ~]# vim /etc/my.cnf
[mysqld]
long_query_time = 1
log-slow-queries = /var/log/mysql/slow.log
log_queries_not_using_indexes
慢查询日志切割
[root@Master-Server ~]# cd /var/log/mysql/ &&\
mv slow.log slow-$(date +%F).log &&\
mysqladmin -uroot -paxbc1kof flush-log
【4】二进制日志(binary log)
MySQL二进制日志记录数据被修改的相关信息(不记录show、select)
binlog作用
【4-1】记录更改的SQL语句(不记录show、select)
【4-2】主从复制
【4-3】增量数据备份
mysql> show variables like '%log_bin%';
+---------------------------------+-------+
| Variable_name | Value |
+---------------------------------+-------+
| log_bin | ON |
| log_bin_trust_function_creators | OFF |
| sql_log_bin | ON | <=="sql_log_bin = OFF"临时不记录binlog
+---------------------------------+-------+
3 rows in set (0.03 sec)
binlog模式
【1】row level
mysql> delete from test;(5条记录,生成5条删除语句,详细的SQL语句,日志量大,性能不佳)
【2】statement level(默认模式)
mysql> show variables like 'binlog_format%'; <==查看binlog模式
+---------------+-----------+
| Variable_name | Value |
+---------------+-----------+
| binlog_format | STATEMENT |
+---------------+-----------+
1 row in set (0.02 sec)
【3】mixed(前面两种模式的结合)
mysql> reset master; <==清空MySQL binlog日志,不能轻易使用,会导致主从复制不正常
Query OK, 0 rows affected (0.09 sec)
MySQL备份
[root@Master-Server ~]# mysqldump -uroot -paxbc1kof -B keysou > /backup/mysql/keysou.sql
[root@Master-Server ~]# egrep -v "^\-|^/|^$" /backup/mysql/keysou.sql
CREATE DATABASE /*!32312 IF NOT EXISTS*/ `keysou` /*!40100 DEFAULT CHARACTER SET utf8 */;
USE `keysou`;
DROP TABLE IF EXISTS `test`;
CREATE TABLE `test` (
`id` int(4) NOT NULL DEFAULT '0',
`name` varchar(16) DEFAULT NULL,
`shouji` char(11) DEFAULT NULL,
PRIMARY KEY (`id`),
KEY `index_name_shouji` (`name`(6),`shouji`(8))
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
LOCK TABLES `test` WRITE;
UNLOCK TABLES;
[root@Master-Server ~]# mysqldump -uroot -paxbc1kof keysou --default-character-set=utf8 > /backup/mysql/keysou-1.sql <==指定字符集,防止乱码
[root@Master-Server ~]# mysqldump -uroot -paxbc1kof -B keysou > /backup/mysql/keysou-2.sql <==增加创建数据库和连接数据库的语句(create database和use database)
[root@Master-Server ~]# mysqldump -uroot -paxbc1kof -B keysou|gzip > /backup/mysql/keysou-3.sql.gz <==压缩备份
[root@Master-Server ~]# mysqldump -uroot -paxbc1kof -B keysou keysou1|gzip > /backup/mysql/keysou-4.sql.gz <==备份多个数据库
[root@Master-Server ~]# mysqldump -uroot -paxbc1kof keysou test|gzip > /backup/mysql/test.sql.gz <==备份单个表
[root@Master-Server ~]# mysqldump -uroot -paxbc1kof keysou test student|gzip > /backup/mysql/test-1.sql.gz <==备份多个表
[root@Master-Server ~]# mysqldump -uroot -paxbc1kof -d keysou test|gzip > /backup/mysql/test-2.sql.gz <==仅备份表结构
[root@Master-Server ~]# mysqldump -uroot -paxbc1kof -t keysou test student|gzip > /backup/mysql/test-3.sql.gz <==仅备份数据
[root@Master-Server ~]# mysqldump -uroot -paxbc1kof -F keysou test student|gzip > /backup/mysql/test-4.sql.gz <==刷新binlog
[root@Master-Server ~]# mysqldump -uroot -paxbc1kof -x keysou test student|gzip > /backup/mysql/test-5.sql.gz <==锁表备份
mysqldump备份原理:利用mysqldump备份数据库的过程,实际上是把数据从MySQL库里以逻辑的sql语句形式直接输出或生成备份文件的过程
-B 指定多个库,增加create database语句和use database语句
-compact 去掉注释,合适调试输出,生产不适用
-A 备份所有库
-F 刷新binlog日志,生成新文件,将来增加恢复从这个文件开始
--master-data 增加binlog日志文件名及对应的位置点
-x 锁表
-l 只读锁表
-d 只备份表结构,无数据
-t 只备份数据,无表结构
-T 表结构和数据分离不同的文件,数据是文本格式(非SQL语句)
--events 忽略事件,-A需要加上此参数
gzip 压缩
-q 快速导出
--single-transaction 适合Innodb事务数据库备份,其它提交的数据此次会话看不见
-R 备份存储过程
MySQL数据恢复
【1】
[root@Master-Server ~]# mysql -uroot -paxbc1kof
mysql> source /backup/mysql/keysou.sql
【2】
[root@Master-Server ~]# mysql -uroot -paxbc1kof < /backup/mysql/keysou.sql
解决MySQL sleep线程过多
mysql> show variables like "%timeout%";
+----------------------------+----------+
| Variable_name | Value |
+----------------------------+----------+
| connect_timeout | 10 |
| delayed_insert_timeout | 300 |
| innodb_lock_wait_timeout | 120 |
| innodb_rollback_on_timeout | OFF |
| interactive_timeout | 28800 |
| lock_wait_timeout | 31536000 |
| net_read_timeout | 30 |
| net_write_timeout | 60 |
| slave_net_timeout | 3600 |
| wait_timeout | 28800 |
+----------------------------+----------+
10 rows in set (0.02 sec)
mysql> set global wait_timeout = 60; <==默认28800秒
mysql> set global interactive_timeout = 60; <==默认28800秒
[root@Master-Server ~]# vim /etc/my.cnf
[mysqld]
wait_timeout = 60
interactive_timeout = 60
【1】PHP程序中,不使用长连接,即使用mysql_connect而不是pconnect(Java调整连接池)
【2】PHP程序执行完毕,应该显示调用mysql_close
【3】逐步分析MySQL的SQL查询及慢查询日志,找到查询过慢的SQL,并优化
mysql> show status; <==查看MySQL状态信息
mysql> show global status; <==查看MySQL状态信息
mysql> show status like "%select%";
+------------------------+-------+
| Variable_name | Value |
+------------------------+-------+
| Com_insert_select | 0 |
| Com_replace_select | 0 |
| Com_select | 1 |
| Select_full_join | 0 |
| Select_full_range_join | 0 |
| Select_range | 0 |
| Select_range_check | 0 |
| Select_scan | 3 |
+------------------------+-------+
8 rows in set (0.00 sec)
mysqlreport工具
http://blog.itpub.net/29500582/viewspace-1353030/
生产场景常用的MySQL重要命令小结
【1】mysql> show processlist; <==查看正在执行的SQL语句
【2】mysql> show full processlist; <==查看正在执行的SQL语句,完整显示
【3】mysql> set global key_buffer_size =32777218; <==不重启数据库调整数据库参数,临时生效
【4】mysql> show variables; <==查看数据库参数信息
【5】mysql> kill ID <==杀掉线程命令,ID为线程号
【6】mysql> show status; <==查看当前会话的数据库状态信息
【7】mysql> show global status; <==查看整个数据库运行状态信息,很重要,要分析并做好监控
【8】mysql> show engine innodb status <==显示Innodb引擎的性能状态
生产场景常用mysqladmin命令小结
【1】[root@Master-Server ~]# mysqladmin -uroot -paxbc1kof status
【2】[root@Master-Server ~]# mysqladmin -uroot -paxbc1kof -i 1 status
【3】[root@Master-Server ~]# mysqladmin -uroot -paxbc1kof flush-logs
【4】[root@Master-Server ~]# mysqladmin -uroot -paxbc1kof processlist
【5】[root@Master-Server ~]# mysqladmin -uroot -paxbc1kof extended-status
【6】[root@Master-Server ~]# mysqladmin -uroot -paxbc1kof processlist -i 1
【7】[root@Master-Server ~]# watch mysqladmin -uroot -paxbc1kof processlist
mysqlbinlog:解析MySQL binlog日志内容为SQL语句
mysqlbinlog命令小结
【1】作用解析binlog日志为SQL语句
【2】"-d"参数根据指定的库拆分binlog
【3】位置参数:--start-position=365 --stop-position=456,精确定位取内容
【4】时间参数:--start-datetime='2017-05-22 17:14:15' --stop-datetime='2017-05-22 17:15:15',模糊定位取内容
【5】"-r"生成文件,相当于">"
【6】解析ROW模式binlog:mysqlbinlog --base64-output=decode-rows -v mysql-bin-00004
MySQL备份方式
【1】逻辑备份
【2】物理备份
删除binlog日志
【1】mysql> reset master; <==会影响主从复制,生产环境慎用
【2】mysql> purge master logs to 'mysql-bin-00004'; <==删除mysql-bin-00004之前的所有日志,不包括mysql-bin-00004
【3】配置文件增加参数"expire_logs_days = 15"
增量恢复:一般由人为(或程序)逻辑的方式在数据库执行的SQL语句等误操作,才需要增量恢复,因此此时,所有的从库也执行了误操作语句,物理故障,直接切换到从库,无需恢复
MySQL增量恢复必要条件
【1】开启log-bin日志功能(从库备份也需要开启)
【2】存在一份全备加上全备之后的时刻到出问题时刻的所有增量binlog文件
MySQL binlog增量恢复实践
[root@Master-Server ~]# mysql -uroot -paxbc1kof
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 13
Server version: 5.6.32-log Source distribution
Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> use keysou;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> select * from test;
+----+------------+-----------+
| id | name | shouji |
+----+------------+-----------+
| 1 | linbin | 135491208 |
| 2 | lb | 135491202 |
| 3 | liuwenqian | 135291202 |
| 4 | LinBin | 135491201 |
| 5 | LB | 135432201 |
+----+------------+-----------+
5 rows in set (0.00 sec)
[root@Master-Server ~]# ls -l /data/mysql/mysql-bin.*
-rw-rw----. 1 mysql mysql 615 2016-12-12 17:37 /data/mysql/mysql-bin.000001
-rw-rw---- 1 mysql mysql 997 2016-12-13 17:35 /data/mysql/mysql-bin.000002
-rw-rw---- 1 mysql mysql 143 2016-12-13 21:41 /data/mysql/mysql-bin.000003
-rw-rw---- 1 mysql mysql 842 2016-12-14 11:45 /data/mysql/mysql-bin.000004
-rw-rw---- 1 mysql mysql 116 2016-12-14 08:34 /data/mysql/mysql-bin.index
[root@Master-Server ~]# mysqldump -uroot -paxbc1kof -x -B keysou -F > /backup/mysql/keysou.$(date +%F).sql
[root@Master-Server ~]# ls -l /data/mysql/mysql-bin.*
-rw-rw----. 1 mysql mysql 615 2016-12-12 17:37 /data/mysql/mysql-bin.000001
-rw-rw---- 1 mysql mysql 997 2016-12-13 17:35 /data/mysql/mysql-bin.000002
-rw-rw---- 1 mysql mysql 143 2016-12-13 21:41 /data/mysql/mysql-bin.000003
-rw-rw---- 1 mysql mysql 964 2016-12-14 11:50 /data/mysql/mysql-bin.000004
-rw-rw---- 1 mysql mysql 120 2016-12-14 11:50 /data/mysql/mysql-bin.000005
-rw-rw---- 1 mysql mysql 145 2016-12-14 11:50 /data/mysql/mysql-bin.index
[root@Master-Server ~]# mysql -uroot -paxbc1kof
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 15
Server version: 5.6.32-log Source distribution
Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> use keysou;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> insert into test values(6,'LiuWenQian',135791201),(7,'LWQ',133432201);
Query OK, 2 rows affected (0.04 sec)
Records: 2 Duplicates: 0 Warnings: 0
mysql> select * from test;
+----+------------+-----------+
| id | name | shouji |
+----+------------+-----------+
| 1 | linbin | 135491208 |
| 2 | lb | 135491202 |
| 3 | liuwenqian | 135291202 |
| 4 | LinBin | 135491201 |
| 5 | LB | 135432201 |
| 6 | LiuWenQian | 135791201 |
| 7 | LWQ | 133432201 |
+----+------------+-----------+
7 rows in set (0.00 sec)
mysql> drop table test;
Query OK, 0 rows affected (0.18 sec)
[root@Master-Server ~]# mysqlbinlog -d keysou /data/mysql/mysql-bin.000005 > /backup/mysql/test.sql
[root@Master-Server ~]# sed -i '/^DROP/d' /backup/mysql/test.sql
[root@Master-Server ~]# mysql -uroot -paxbc1kof < /backup/mysql/keysou.2017-05-19.sql
[root@Master-Server ~]# mysql -uroot -paxbc1kof keysou < /backup/mysql/test.sql
[root@Master-Server ~]# mysql -uroot -paxbc1kof
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 17
Server version: 5.6.32-log Source distribution
Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> use keysou;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> select * from test;
+----+------------+-----------+
| id | name | shouji |
+----+------------+-----------+
| 1 | linbin | 135491208 |
| 2 | lb | 135491202 |
| 3 | liuwenqian | 135291202 |
| 4 | LinBin | 135491201 |
| 5 | LB | 135432201 |
| 6 | LiuWenQian | 135791201 |
| 7 | LWQ | 133432201 |
+----+------------+-----------+
7 rows in set (0.00 sec)
MySQL增量恢复总结
【1】条件全备份及全备之后的binlog
【2】关键点确定全备份之后时刻binlog文件及位置
【3】恢复数据时最好停机
MySQL数据库引擎(比喻为操作系统的文件系统)
MySQL存储引擎概念及区别(不同的引擎存储,引擎功能,占用的空间大小,读取性能等可能有区别)
MySQL最常用存储引擎:MyISAM、InnoDB
MyISAM引擎
InnoDB引擎
MyISAM表在磁盘对应文件(mysql.user为例)
【1】user.frm<==user表的定义
【2】user.MYD<==user表的数据
【3】user.MYI<==user表的索引
MyISAM引擎特点
【1】不支持事务(事务是指逻辑上一组操作,组成这组操作的各个单元,要么全成功要么全失败)
【2】表级锁定,数据更新时锁定整个表,其锁定机制是表级锁定,这虽然可以让锁定的实现成本很小但是也同时大大降低了其并发性能
【3】读写互相阻塞,不仅会在写入的时候阻塞读取,还会在读取的时候阻塞写入,但读本身并不会阻塞另外的读
【4】只会缓存索引,通过key_buffer_size缓存索引,以大大提高访问性能减少磁盘I/O,但是这个缓存区只会缓存索引,不会缓存数据
【5】读取速度较快,占用资源相对少(表级锁定)
【6】不支持外键约束,但支持全文索引
MyISAM引擎适用的生产业务场景
【1】不需要事务支持的业务(银行转账不行)
【2】一般为读数据比较多的应用,读写都频繁场景不适合,读多或写多的都适合
【3】读写并发访问相对较低的业务(纯读或纯写高并发也可以)(锁定机制问题)
【4】数据修改相对较少的业务(阻塞问题)
【5】以读为主的业务
【6】对数据一致性要求不是很高的业务
【7】硬件资源比较差的机器
【8】使用读写分离的MySQL从库可以使用MyISAM
InnoDB引擎特点
【1】支持事务
【2】行级锁定(更新数据时一般锁定当前行),通过索引实现
【3】读写阻塞与事务隔离级别有关
【4】具有非常高效的缓存特性:能缓存索引,也能缓存数据
【5】支持分区、表空间
【6】支持外键约束
【7】占用资源多(行级锁定)
InnoDB引擎适用的生产业务场景
【1】需要事务支持的业务
【2】行级锁定对高并发有很好的适应能力,但需要确保查询是通过索引完成
【3】数据读写及更新都比较频繁的场景
【4】数据一致性要求比较高的业务(手机充值、银行转账)
【5】硬件内存较大,可以利用InnoDB较好的缓存能力提高内容的利用率,尽可能减少磁盘I/O
mysql> show engines\G<==查看支持引擎
*************************** 1. row ***************************
Engine: PERFORMANCE_SCHEMA
Support: YES
Comment: Performance Schema
Transactions: NO
XA: NO
Savepoints: NO
*************************** 2. row ***************************
Engine: CSV
Support: YES
Comment: CSV storage engine
Transactions: NO
XA: NO
Savepoints: NO
*************************** 3. row ***************************
Engine: MEMORY
Support: YES
Comment: Hash based, stored in memory, useful for temporary tables
Transactions: NO
XA: NO
Savepoints: NO
*************************** 4. row ***************************
Engine: BLACKHOLE
Support: YES
Comment: /dev/null storage engine (anything you write to it disappears)
Transactions: NO
XA: NO
Savepoints: NO
*************************** 5. row ***************************
Engine: MyISAM
Support: YES
Comment: MyISAM storage engine
Transactions: NO
XA: NO
Savepoints: NO
*************************** 6. row ***************************
Engine: MRG_MYISAM
Support: YES
Comment: Collection of identical MyISAM tables
Transactions: NO
XA: NO
Savepoints: NO
*************************** 7. row ***************************
Engine: ARCHIVE
Support: YES
Comment: Archive storage engine
Transactions: NO
XA: NO
Savepoints: NO
*************************** 8. row ***************************
Engine: InnoDB
Support: DEFAULT
Comment: Supports transactions, row-level locking, and foreign keys
Transactions: YES
XA: YES
Savepoints: YES
*************************** 9. row ***************************
Engine: FEDERATED
Support: NO
Comment: Federated MySQL storage engine
Transactions: NULL
XA: NULL
Savepoints: NULL
9 rows in set (0.00 sec)
事务的特性(ACID)
【1】原子性(Atomicity)<==事务是一个不可分割的单位,事务中的所有SQL等操作要么都发生,要么都不发生
【2】一致性(Consistency)<==事务发生前和发生后,数据的完整性保持一致性
【3】隔离性(Isolation)<==当并发访问数据库时,一个正在执行的事务在执行完毕前,对于其它的会话是不可见的,多个并发事务之间的数据是相互隔离的
【4】持久性(Durability)<==一个事务一旦被提交,它对数据库中的数据改变是永久性的,如果出错了,事务也不允许撤销
mysql> show variables like 'autocommit';<==自动提交事务
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| autocommit | ON |
+---------------+-------+
1 row in set (0.08 sec)
mysql> set global autocommit = 'OFF';
Query OK, 0 rows affected (0.04 sec)
mysql> show global variables like 'autocommit';
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| autocommit | OFF |
+---------------+-------+
1 row in set (0.00 sec)
mysql> commit<==提交事务
Query OK, 0 rows affected (0.00 sec)
mysql> rollback<==回滚事务(一但commit就不能rollback)
Query OK, 0 rows affected (0.00 sec)
数据库更新流程
开发人员提交需求-->开发主管审核-->部门领导审核-->DBA审核-->DBA执行更新
SHELL是一个命令解释器,它在操作系统的外层,负责直接与用户对话,把用户的输入解释给操作系统,并处理各种各样的操作系统的输出结果,输出到屏幕返回给用户。这种对话方式可以是交互的方式(从键盘输入命令,可以立即得到Shell的回应),或非交互(脚本)的方式
显示当前用户UID
[root@node1 ~]# echo $UID
0
显示当前用户家目录
[root@node1 ~]# echo $HOME
/root
显示当前用户使用的Shell
【1】
[root@node1 ~]# echo $BASH
/bin/bash
【2】
[root@node1 ~]# echo $SHELL
/bin/bash
查看系统Shell
[root@node1 ~]# cat /etc/shells
/bin/sh
/bin/bash
/sbin/nologin
/bin/dash
/bin/tcsh
/bin/csh
Shell优势在于处理操作系统底层的业务(简单、易用、高效)
脚本第一行表示脚本使用什么解释器进行解析
#!/bin/sh
#!/bin/bash(推荐,默认)
#!/usr/bin/env python
显示BASH版本信息
[root@node1 ~]# bash --version
GNU bash, version 4.1.2(1)-release (x86_64-redhat-linux-gnu)
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software; you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Shell脚本执行方式
【1】bash script-name或sh script-name(推荐使用,可以不指定解析器)
【2】/path/script-name或./path/script-name(脚本需要有执行权限)
【3】source script-name或. script-name
【4】sh < script-name或cat script-name|sh(同样适合bash)
企业面试题
已知如下命令及返回结果,请问echo $user的返回结果为(空)<==执行lb.sh脚本和当前命令行终端是两个不同的Shell进程,如果当前命令行终端需要调用lb.sh脚本中的变量,则执行source lb.sh或. lb.sh
[root@node1 ~]# cat lb.sh
user=`whoami`
[root@node1 ~]# sh lb.sh
[root@node1 ~]# echo $user
[root@node1 ~]#
[root@node1 ~]# source lb.sh
[root@node1 ~]# echo $user
root
Shell脚本开发基本规范及习惯
【1】脚本第一行指定脚本解释器
#!/bin/bash或#!/bin/sh
【2】脚本开头加版权等信息
#Namelb.sh<==脚本名
#Date10:00 2017-05-31<==脚本编写时间
#AuthorCreated By LinBin<==脚本编写人
#Maillinbin@keysou.com<==脚本编写人联系方式
#QQ991395975<==脚本编写人联系方式
#FunctionThis Scripts Function Is ......<==脚本基本描述
#VersionV1.0<==脚本版本号
【3】脚本中不用中文注释
尽量使用英文注释,防止出现中文乱码
【4】脚本以.sh为扩展名命名
script-name.sh
【5】代码书写优秀习惯技巧
【5-1】成对的符号尽量一次写出来,防止遗漏,如:"" '' `` [] {}
【5-2】"[]"中括号两端要有空格,"[ ]"口诀先写一对[],退一格,输入两个空格,再退一格
【5-3】流程控制语句一次书写完,再添加内容
【5-4】通过缩进让代码更易读
vimrc高级配置
变量:用一个固定的字符串(也可能是字符数字等组合),代替更多更复杂的内容,这个内容可能会包含变量、路径、字符串等其它内容,变量的定义是存在内存中的
变量类型
【1】环境变量
定义环境变量配置文件
【1-1】针对所有用户生效:/etc/profile或/etc/bashrc
【1-2】针对指定用户生效:~/.bash_profile或~/.bashrc
【2】局部变量
【2-1】定义本地变量(本地变量在用户当前的Shell生存期的脚本中使用)
【2-1-1】普通字符串变量定义
变量名=value
变量名='value'
变量名="value"
【2-1-2】变量命名及内容要求
一般是由字母、数字、下划线组成,以字母开头(不能以数字开头),如linbin linbin123 linbin_123
变量内容可以使用单引号、双引号、不加引号
单引号:可以说是所见即所得,即单引号内的所有内容都会原样输出,或描述为单引号里面看到的是什么就会输出什么
双引号:把双引号内的所有内容都输出出来,如果内容中有命令(要反引号)、变量、特殊转义符等,会先把命令、变量、特殊转义符解析出结果,然后再输出最终的内容
不加引号:把内容输出出来,如果内容中有命令(要反引号)、变量等,会先把命令、变量解析出结果,然后再输出最终的内容如果字符串中带有空格等特殊字符,则不能完整的输出(系统会当成命令),需要加双引号,一般连续的字符串、数字、路径等可以不加任何引号,不过无引号的情况最好用双引号替代之
反引号:`` 一般用于引用命令,命令会被解析
变量定义语法
【1】export 变量名=value(推荐)
【2】变量名=value --> export 变量名
显示环境变量
[root@node1 ~]# env
取消本地变量或环境变量
[root@node1 ~]# export linbin=123
[root@node1 ~]# echo $linbin
123
[root@node1 ~]# unset linbin
[root@node1 ~]# echo $linbin
[root@node1 ~]#
变量内容使用单引号、双引号、不加引号实战
[root@node1 ~]# a=192.168.100.133
[root@node1 ~]# b='192.168.100.133'
[root@node1 ~]# c="192.168.100.133"
[root@node1 ~]# echo "a=$a"
a=192.168.100.133
[root@node1 ~]# echo "b=$b"
b=192.168.100.133
[root@node1 ~]# echo "c=${c}"
c=192.168.100.133
[root@node1 ~]# a=192.168.100.133-$a
[root@node1 ~]# b='192.168.100.133-$a'
[root@node1 ~]# c="192.168.100.133-$a"
[root@node1 ~]# echo "a=$a"
a=192.168.100.133-192.168.100.133
[root@node1 ~]# echo "b=$b"
b=192.168.100.133-$a
[root@node1 ~]# echo "c=${c}"
c=192.168.100.133-192.168.100.133-192.168.100.133
定义变量建议
【1】在脚本中定义普通字符串变量,尽量把变量的内容用双引号""引起来
【2】连续的数字或字符串内容可以不加引号
【3】原样输出,使用单引号''
【4】引用命令,使用反引号``,相当于$()
grep、sed、awk取变量值<==三剑客中需要解析变量,grep使用双引号或不加引号,sed、awk使用单引号
[root@node1 ~]# export a=linbin
[root@node1 ~]# echo "linbin" >> lb.txt
[root@node1 ~]# grep '$a' lb.txt
[root@node1 ~]# grep "$a" lb.txt
linbin
[root@node1 ~]# grep $a lb.txt
linbin
[root@node1 ~]# sed -n '/'$a'/p' lb.txt
linbin
[root@node1 ~]# sed -n '/"$a"/p' lb.txt
[root@node1 ~]# sed -n '/$a/p' lb.txt
[root@node1 ~]# awk '/'$a'/' lb.txt
linbin
[root@node1 ~]# awk '/"$a"/' lb.txt
[root@node1 ~]# awk '/$a/' lb.txt
命令变量定义方法
【1】变量名=``
【2】变量名=$()
定义变量小结
【1】普通变量定义
A=1 <==连续的数字,可以不加引号
A=abc<==连续的字符串,可以不加引号
A='$(date)'<==原样输出,使用单引号''
A="$(date)"<==解析后输出结果,使用双引号""
【2】命令变量定义
A=`ls`<==解析后输出结果,使用反引号``
A=$(ls)
输出变量内容方法
【1】
[root@node1 ~]# echo $a
【2】
[root@node1 ~]# echo ${a}<==适用于变量后面紧接着字符串,如${a}linbin
一道实用linux运维问题的9种shell解答方法!
http://oldboy.blog.51cto.com/2561410/760192
变量名及变量内容定义小结
【1】变量名只能为字母、数字、下划线,字母开头(不能以数字开头)
【2】规范的变量名写法定义(见名知意)
【2-1】MyAge=27
【2-2】my_age=27
【2-3】myAge=27
【3】a=1中的"="表示赋值的意思,"=="表示比较是不是相等
【4】打印变量,变量名前接"$"符号,变量名后面紧接着字符串的时候,要用{}大括号将变量单独括起来
【5】打印变量内容,一般使用双引号或不加引号,希望原样输出,使用单引号
【6】注意变量内容引用方法,一般使用双引号,简单连续的数字或字符串可以不加引号,希望原样输出使用单引号
【7】变量内容是命令时,使用``或$()
dirname、basename<==dirname表示取文件路径,basename表示取文件名
[root@node1 ~]# dirname /var/log/messages
/var/log
[root@node1 ~]# basename /var/log/messages
messages
[root@node1 ~]# cat lb.txt
dirname $1
basename $1
[root@node1 ~]# sh lb.txt /var/log/messages
/var/log
messages
企业场景返回值用法
【1】判断命令或脚本是否执行成功
【2】通过在脚本调用执行"exit 数字",则脚本返回这个数字给$?
【3】如果是函数里"return 数字",则函数返回这个数字给$?
set设置参数
[root@node1 ~]# set -- linbin lb lbin
[root@node1 ~]# echo $#<==相当于设置了三个参数
3
$*和$@的区别
$*(强调整体)所有参数列表,代表"$1 $2 … $n",即当成一个整体输出,每一个变量参数之间以空格隔开
$@(强调独立)所有参数列表,代表"$1" "$2" … "$n",即每一个参数是独立的,也是全部输出
[root@node1 ~]# cat lb.txt
for n in "$*"
do
echo $n
done
echo "======================"
for n in "$@"
do
echo $n
done
[root@node1 ~]# sh lb.txt 1 2 3
1 2 3
======================
1
2
3
Linux下set和eval的使用小案例精彩解答(特殊位置变量)
http://oldboy.blog.51cto.com/2561410/1175971
Shell特殊变量
【1】位置变量
【1-1】$n获取当前执行的shell脚本的第n个参数值,n=0..9,当n为0时表示脚本的文件名,如果n大于9,用大括号括起来$(10),参数以空格隔开
[root@node1 ~]# cat lb.txt
echo $0
echo $1 $2 $3
[root@node1 ~]# sh lb.txt lb lbin linbin
lb.txt
lb lbin linbin
【1-2】$0表示脚本名,$1表示第一个参数,$2表示第二个参数
[root@node1 ~]# cat lb.txt
echo $0
echo $1 $2 $3
[root@node1 ~]# sh lb.txt lb lbin linbin
lb.txt
lb lbin linbin
【1-3】$#表示参数个数
[root@node1 ~]# cat lb.txt
echo $0
echo $1 $2 $3
echo $#
[root@node1 ~]# sh lb.txt lb lbin linbin
lb.txt
lb lbin linbin
3
【1-4】$*获取当前shell脚本所有传参的参数,将所有的参数视为单个字符串,相当于"$1 $2 $3"
[root@node1 ~]# cat lb.txt
echo $0
echo $1 $2 $3
echo $#
echo $*
[root@node1 ~]# sh lb.txt lb lbin linbin
lb.txt
lb lbin linbin
3
lb lbin linbin
【1-5】$@将命令行每个参数视为单独的字符串(参数列表),相当于"$1" "$2" "$3" ......
[root@node1 ~]# cat lb.txt
echo $0
echo $1 $2 $3
echo $#
echo $*
echo $@
[root@node1 ~]# sh lb.txt lb lbin linbin
lb.txt
lb lbin linbin
3
lb lbin linbin
lb lbin linbin
【2】进程变量
【2-1】$?表示命令执行后退出状态返回值,0表示命令执行成功,非0表示命令执行失败(如果是脚本,则使用"exit 数字",如果是函数,则使用"return 数字")
[root@node1 ~]# cat lb.txt
if [ $# -ne 2 ]
then
echo "Please Input Two ARG"
exit 1
else
echo $@
fi
[root@node1 ~]# sh lb.txt linbin
Please Input Two ARG
[root@node1 ~]# echo $?
1
[root@node1 ~]# cat >> /etc/init.d/functions<<EOF
linbin() {
echo "My Name Is LinBin"
return 100
}
EOF
[root@node1 ~]# cat lb.txt
#!/bin/bash
. /etc/init.d/functions
if [ $# -ne 2 ]
then
echo "Please Input Two ARG"
exit 1
else
echo $@
fi
linbin
[root@node1 ~]# sh lb.txt lbin linbin
lbin linbin
My Name Is LinBin
[root@node1 ~]# echo $?
100
【2-2】$$表示当前shell的进程号(PID)
[root@node1 ~]# cat lb.txt
echo $0
echo $1 $2 $3
echo $#
echo $*
echo $@
echo $$
[root@node1 ~]# sh lb.txt lb lbin linbin<==捕获shell的进程号到指定的文件,可以防止脚本重复执行出现多进程
lb.txt
lb lbin linbin
3
lb lbin linbin
lb lbin linbin
27739
[root@node1 ~]# cat lb.sh
#!/bin/bash
sleep 300
[root@node1 ~]# sh lb.sh &
[1] 2985
[root@node1 ~]# ps -ef|grep "lb"|grep -v "grep"
root 2985 2826 0 14:52 pts/0 00:00:00 sh lb.sh
[root@node1 ~]# sh lb.sh &
[2] 2990
[root@node1 ~]# ps -ef|grep "lb"|grep -v "grep"
root 2985 2826 0 14:52 pts/0 00:00:00 sh lb.sh
root 2990 2826 0 14:52 pts/0 00:00:00 sh lb.sh
变量子串常用操作(了解即可)
【1】${#string}<==返回$string的长度
[root@node1 ~]# export linbin='welcome to linux'
[root@node1 ~]# echo $linbin
welcome to linux
[root@node1 ~]# echo ${#linbin}
16
【2】${string:position}<==在$string中,从$position之后开始提取子串
[root@node1 ~]# export linbin='welcome to linux'
[root@node1 ~]# echo $linbin
welcome to linux
[root@node1 ~]# echo ${linbin:2}
lcome to linux
【3】${string:position:length}<==在$string中,从$position之后开始提取$length长度的子串
[root@node1 ~]# export linbin='welcome to linux'
[root@node1 ~]# echo $linbin
welcome to linux
[root@node1 ~]# echo ${linbin:2:5}
lcome
【4】${string#substring}<==从变量$string开头开始删除最短匹配$substring子串
[root@node1 ~]# export linbin=abcABC123ABCabc
[root@node1 ~]# echo $linbin
abcABC123ABCabc
[root@node1 ~]# echo ${linbin#a*C}
123ABCabc
[root@node1 ~]# echo ${linbin#a*c}
ABC123ABCabc
【5】${string##substring}<==从变量$string开头开始删除最长匹配$substring子串
[root@node1 ~]# export linbin=abcABC123ABCabc
[root@node1 ~]# echo $linbin
abcABC123ABCabc
[root@node1 ~]# echo ${linbin##a*C}
abc
[root@node1 ~]# echo ${linbin##a*c}
[root@node1 ~]#
【6】${string%substring}<==从变量$string结尾开始删除最短匹配$substring子串
[root@node1 ~]# export linbin=abcABC123ABCabc
[root@node1 ~]# echo $linbin
abcABC123ABCabc
[root@node1 ~]# echo ${linbin%C*c}
abcABC123AB
[root@node1 ~]# echo ${linbin%a*c}
abcABC123ABC
【7】${string%%substring}<==从变量$string结尾开始删除最长匹配$substring子串
[root@node1 ~]# export linbin=abcABC123ABCabc
[root@nfs ~]# echo $linbin
abcABC123ABCabc
[root@node1 ~]# echo ${linbin%%C*c}
abcAB
[root@node1 ~]# echo ${linbin%%a*c}
[root@node1 ~]#
【8】${parameter/pattern/string}<==用string来替换第一个匹配的pattern
[root@node1 ~]# export linbin='I am linbin linbin'
[root@node1 ~]# echo $linbin
I am linbin linbin
[root@node1 ~]# echo ${linbin/linbin/lb}
I am lb linbin
【9】${parameter//pattern/string}<==用string来替换所有匹配的pattern
[root@node1 ~]# export linbin='I am linbin linbin'
[root@node1 ~]# echo $linbin
I am linbin linbin
[root@node1 ~]# echo ${linbin//linbin/lb}
I am lb lb
【10】${parameter/#pattern/string}<==从开头匹配parameter变量中的pattern,匹配上用string替换pattern
[root@node1 ~]# export linbin='I am linbin linbin'
[root@node1 ~]# echo $linbin
I am linbin linbin
[root@node1 ~]# echo ${linbin/#I*lin/My Name}
My Namebin
【11】${parameter/%pattern/string}<==从结尾匹配parameter变量中的pattern,匹配上用string替换pattern
[root@node1 ~]# export linbin='I am linbin linbin'
[root@node1 ~]# echo $linbin
I am linbin linbin
[root@node1 ~]# echo ${linbin/%l*n/My Name}
I am My Name
变量子串及替换小结
【1】#开头删除匹配最短
【2】##开头删除匹配最长
【3】%结尾删除匹配最短
【4】%%结尾删除匹配最长
字符串长度统计方法
[root@node1 ~]# export linbin=welcometolinux
[root@node1 ~]# echo $linbin
welcometolinux
【1】
[root@node1 ~]# echo ${#linbin}
14
【2】
[root@node1 ~]# expr length "$linbin"
14
【3】
[root@node1 ~]# echo "$linbin"|wc -L
14
打印下面语句中字符数小于6的单词
I am linbin linux welcome to our training
[root@node1 ~]# cat lb.sh
for word in I am linbin linux welcome to our training
do
if [ ${#word} -lt 6 ]
then echo $word
fi
done
[root@node1 ~]# sh lb.sh
I
am
linux
to
our
其它变量的替换
【1】${parameter:-word}<==如果变量名存在且非null,则返回变量的值,否则返回word字符串。用途:如果变量未定义,则返回默认值
[root@node1 ~]# result=${linbin:-unset}
[root@node1 ~]# echo $linbin
[root@node1 ~]# echo $result
unset
【2】${parameter:=word}<==如果变量名存在且非null,则返回变量的值,否则设置这个变量word的值赋给parameter
[root@node1 ~]# result=${linbin:=unset}
[root@node1 ~]# echo $linbin
unset
[root@node1 ~]# echo $result
unset
运算符号基本描述
++ --增加及减少,可前置也可以放在结尾
+ - ! ~一元的正号与负号
* / %乘法、除法、取余
+ -加法、减法
< <= > >=比较符号
== !=相等、不相等,一个=表示赋值
<< >>向左位移、向右位移
&位的AND
^位的异或
|位的或
&&逻辑与(AND)
||逻辑或(OR)
?:条件表达式
= += -= *= /= &= ^= <<= >>= |=赋值运算符
**幂运算
++ --小结
变量a在前,表达式的值为a,然后a自增或自减;变量a在后,表达式自增或自减,然后a值自增或自减
[root@node1 ~]# a=8
[root@node1 ~]# echo $a
8
[root@node1 ~]# echo $((a++))
8
[root@node1 ~]# echo $a
9
[root@node1 ~]# echo $((++a))
10
[root@node1 ~]# echo $a
10
变量的数值(整数)运算
变量的数值计算常见的有如下几个命令
(())、let、expr、bc(小数)、$[],其它的都是整数
【1】(())(推荐,整数运算,不支持小数)
[root@node1 ~]# ((a=1+2**3-4%3))
[root@node1 ~]# echo $a
8
[root@node1 ~]# echo $((1+2**3-4%3))
8
[root@node1 ~]# a=10
[root@node1 ~]# echo $((a+1))
11
[root@node1 ~]# echo $a<==只影响表达式的值,不影响变量的值
10
[root@node1 ~]# cat lb.sh
#!/bin/bash
a=$1
b=$2
if [ $# -ne 2 ]
then
echo "Please Input Two ARG"
exit 1
fi
echo "a+b=$(($a+$b))"
echo "a-b=$(($a-$b))"
echo "a*b=$(($a*$b))"
echo "a/b=$(($a/$b))"
echo "a**b=$(($a**$b))"
echo "a%b=$(($a%$b))"
[root@node1 ~]# sh lb.sh 10 3
a+b=13
a-b=7
a*b=30
a/b=3
a**b=1000
a%b=1
【2】let
[root@node1 ~]# a=5<=="="表示赋值
[root@node1 ~]# a=a+5
[root@node1 ~]# echo $a
a+5
[root@node1 ~]# a=5
[root@node1 ~]# let a=a+5<==相当于((a=a+5)),(())方式比较高效
[root@node1 ~]# echo $a
10
【3】expr
[root@node1 ~]# expr 2 + 2
4
[root@node1 ~]# expr 2 - 2
0
[root@node1 ~]# expr 2 \* 2<==特殊字符需要转义
4
[root@node1 ~]# expr 2 \/ 2<==特殊字符需要转义
1
[root@node1 ~]# expr 2 % 2
0
[root@node1 ~]# a=0
[root@node1 ~]# a=`expr $a + 1`
[root@node1 ~]# echo $a
1
[root@node1 ~]# vim `which ssh-copy-id`
if expr "$1" : ".*\.pub" > /dev/null ; then<==判断扩展名,判断$1扩展名是否为.pub
ID_FILE="$1"
else
ID_FILE="$1.pub"
fi
[root@node1 ~]# cat lb.sh<==判断是否为整数
#!/bin/bash
read -p "Please Input Int:" a
expr $a + 1 > /dev/null 2>&1
[ $? -eq 0 ] && echo "Int" || echo "Char"
[root@node1 ~]# sh lb.sh
Please Input Int:11
int
[root@node1 ~]# sh lb.sh
Please Input Int:aa
Char
【4】bc(支持小数运算)
[root@node1 ~]# a=1.1
[root@node1 ~]# a=`echo $a+1|bc`
[root@node1 ~]# echo $a
2.1
[root@node1 ~]# echo "5.5 4.5"|awk '{print $1-$2}'
1
[root@node1 ~]# echo "5.5 4.5"|awk '{print ($1-$2)}'
1
[root@node1 ~]# echo "scale=3;5.23/3.13"|bc<=="scale=3"表示保留小数点后3位
1.670
计算输出1+2+3+4+5..+10的表达式,并计算出结果,输出内容:1+2+3+4+5+6+7+8+9+10=55
【1】
[root@node1 ~]# echo "`seq -s "+" 10`=`seq -s "+" 10|bc`"
1+2+3+4+5+6+7+8+9+10=55
【2】
[root@node1 ~]# echo "`seq -s "+" 10`=$((`seq -s "+" 10`))"
1+2+3+4+5+6+7+8+9+10=55
【3】
[root@node1 ~]# echo "`seq -s "+" 10`=`seq -s " + " 10|xargs expr`"<==expr运算需要有空格
1+2+3+4+5+6+7+8+9+10=55
【5】$[]
[root@node1 ~]# a=3
[root@node1 ~]# a=$[a+1]
[root@node1 ~]# echo $a
4
条件测试(判断)与比较
语法格式1:test <测试表达式><==等价于语法格式2
语法格式2:[ <测试表达式> ]<==推荐使用,变量、字符串需要加双引号""
语法格式3:[[ <测试表达式> ]]<==可以使用通配符进行模糊匹配
文件表达式测试
[root@node1 ~]# test -f /etc/hosts && echo 0 || echo 1
0
[root@node1 ~]# test ! -f /etc/hosts && echo 0 || echo 1
1
[root@node1 ~]# [ -z "linbin" ] && echo 0 || echo 1
1
[root@node1 ~]# [ -z "" ] && echo 0 || echo 1
0
[root@node1 ~]# [ -z "" -o -f /etc/hosts ] && echo 0 || echo 1
0
[root@node1 ~]# [ -z "linbin" -a -f /etc/hosts ] && echo 0 || echo 1
1
[root@node1 ~]# [[ -d /etc/ && -f /etc/hosts ]] && echo 0 || echo 1
0
[root@node1 ~]# [[ -d /etc/ || -f /etc/hosts ]] && echo 0 || echo 1
0
[root@node1 ~]# cat lb.sh
#!/bin/bash
[ -f /etc/hosts ] && {
echo "linbin"
cat /etc/hosts
}
[root@node1 ~]# sh lb.sh
linbin
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.100.131 Master
192.168.100.130 Slave01
192.168.100.129 Slave02
[root@node1 ~]# cat lb.sh
#!/bin/bash
if [ -f /etc/hosts ]
then
echo "linbin"
echo "lb"
fi
字符串表达式测试
[root@node1 ~]# [ -n "abc" ] && echo 0 || echo 1
0
[root@node1 ~]# [ -z "abc" ] && echo 0 || echo 1
1
[root@node1 ~]# [ "abc" = "abc" ] && echo 0 || echo 1<==也可以用"=="
0
[root@node1 ~]# [ "abc" = "abcd" ] && echo 0 || echo 1<==也可以用"=="
1
[root@node1 ~]# [ "abc" != "abcd" ] && echo 0 || echo 1
0
整数表达式测试<==推荐使用[ A -ne B ]、((A>B))
[root@node1 ~]# [ 1 -eq 0 ] && echo 0 || echo 1
1
[root@node1 ~]# [ 1 -ne 0 ] && echo 0 || echo 1
0
[root@node1 ~]# [ 1 -gt 0 ] && echo 0 || echo 1<==也可以用[ 1 \> 0 ]或[[ 1 > 0 ]]
0
[root@node1 ~]# [ 1 -ge 0 ] && echo 0 || echo 1
0
[root@node1 ~]# [ 1 -lt 0 ] && echo 0 || echo 1
1
[root@node1 ~]# [ 1 -le 0 ] && echo 0 || echo 1
1
系统脚本整数比较示例
[root@node1 ~]# sed -n '61,65p' /etc/profile
if [ $UID -gt 199 ] && [ "`id -gn`" = "`id -un`" ]; then
umask 002
else
umask 022
fi
逻辑操作符号
[]:使用-a -o !
[[]]:使用&& || !
传参比较两个整数大小
[root@node1 ~]# cat lb.sh
#!/bin/bash
[ "$#" -ne 2 ] && {
echo "Please Input Two ARG"
exit 1
}
expr $1 + $2 &>/dev/null
[ "$?" -ne 0 ] && {
echo "Please Input Two Int"
exit 2
}
[ "$1" -lt "$2" ] && {
echo "$1 < $2"
exit 0
}
[ "$1" -eq "$2" ] && {
echo "$1 = $2"
exit 0
}
[ "$1" -gt "$2" ] && {
echo "$1 > $2"
exit 0
}
[root@node1 ~]# sh lb.sh 1
Please Input Two ARG
[root@node1 ~]# sh lb.sh 1 a
Please Input Two Int
[root@node1 ~]# sh lb.sh 1 1
1 = 1
[root@node1 ~]# echo $?
0
[root@node1 ~]# sh lb.sh 1 2
1 < 2
[root@node1 ~]# echo $?
0
[root@node1 ~]# sh lb.sh 2 1
2 > 1
[root@node1 ~]# echo $?
0
变量的输入
【1】定义:a=1
【2】传参:$1 $2
【3】交互式读入:read -p "......" a
[root@node1 ~]# read -p "Please Input A Character:" a
Please Input A Character:linbin
[root@node1 ~]# echo $a
linbin
[root@node1 ~]# cat lb.sh
#!/bin/bash
read -t 5 -p "Please Input A Character:" a<=="-t"指定输入超时时间
[ -n "$a" ] && {
echo "Your Input Is:$a"
exit 0
}
[root@node1 ~]# sh lb.sh
Please Input A Character:linbin
Your Input Is:linbin
打印选择菜单
[root@node1 ~]# cat lb.sh
#!/bin/bash
cat <<EOF
==========================
1:[install LAMP]
2:[install LNMP]
3:[exit]
==========================
EOF
read -t 30 -p "Please Input The Num You Want: " num
[ "$num" != 1 -a "$num" != 2 -a "$num" != 3 ] && {
echo "Please Input 1 or 2 or 3"
exit 1
}
[ "$num" -eq 1 ] && {
echo "Install LAMP"
echo "Installing LAMP"
exit 0
}
[ "$num" -eq 2 ] && {
echo "Install LNMP"
echo "Installing LNMP"
exit 0
}
[ "$num" -eq 3 ] && {
echo "Bye"
exit 0
}
[root@node1 ~]# sh lb.sh
==========================
1:[install LAMP]
2:[install LNMP]
3:[exit]
==========================
Please Input The Num You Want: 1
Install LAMP
Installing LAMP
[root@node1 ~]# sh lb.sh
==========================
1:[install LAMP]
2:[install LNMP]
3:[exit]
==========================
Please Input The Num You Want: 2
Install LNMP
Installing LNMP
[root@node1 ~]# sh lb.sh
==========================
1:[install LAMP]
2:[install LNMP]
3:[exit]
==========================
Please Input The Num You Want: 3
Bye
[root@node1 ~]# sh lb.sh
==========================
1:[install LAMP]
2:[install LNMP]
3:[exit]
==========================
Please Input The Num You Want: a
Please Input 1 or 2 or 3
[root@node1 ~]# echo $?
1
分支与结构
【1】单分支结构
【1-1】
if [ 条件 ]
then
指令
fi
【1-2】
if [ 条件 ]; then
指令
fi
[root@node1 ~]# cat lb.sh
#!/bin/bash
if [ -f /etc/hosts ]; then
echo "linbin"
fi
[root@node1 ~]# sh lb.sh
linbin
【2】双分支结构
if [ 条件 ]
then
指令1
else
指令2
fi
[root@node1 ~]# cat lb.sh
#!/bin/bash
if [ -f /etc/hosts ]; then
echo "linbin"
else
echo "lb"
fi
[root@node1 ~]# sh lb.sh
linbin
【3】多分支结构
if [ 条件1 ]
then
指令1
elif [ 条件2 ]<==elif可以有多个
then
指令2
else
指令3
fi
[root@node1 ~]# cat lb.sh
#!/bin/bash
echo "============================================="
read -t 40 -p "Please Input First Int ARG: " a
echo "============================================="
read -t 40 -p "Please Input Second Int ARG: " b
echo "============================================="
expr $a + $b &>/dev/null
[ "$?" -ne 0 ] && {
echo "Please Input Two Int ARG"
exit 1
}
if [ "$a" -lt "$b" ]
then
echo "$a < $b"
exit 0
elif [ "$a" -eq "$b" ]
then
echo "$a = $b"
exit 0
else
echo "$a > $b"
fi
[root@node1 ~]# sh lb.sh
=============================================
Please Input First Int ARG: 100
=============================================
Please Input Second Int ARG: 44
=============================================
100 > 44
实现通过传参的方式往/etc/user.conf里添加用户,具体要求如下
【1】命令用法:
USAGE: sh adduser {-add|-del|-search} username
【2】传参要求:
如果参数为-add时,表示添加后面接的用户名
如果参数为-del时,表示删除后面接的用户名
如果参数为-search时,表示查找后面接的用户名
【3】如果有同名的用户则不能添加,没有对应用户则无需删除,查找到用户以及没有用户时给出明确提示
【4】/etc/user.conf不能被所有外部用户直接删除及修改
[root@node1 ~]# cat adduser.sh
#!/bin/bash
[ "$#" -ne 2 ] && {
echo "Please Enter The Operation Type And User Name,For example: add linbin"
exit 1
}
if [ "$UID" -ne 0 ]
then
echo "This Script Must Be Executed By An Administrator"
exit 2
fi
File="/etc/user.conf"
if [ ! -f "$File" ]
then
touch $File
fi
User=$(grep "\b$2\b" $File|wc -l)
if [ "$1" = "add" ]
then
if [ "$User" -eq 0 ]
then
echo "$2" >> $File
else
echo "user $2 Already Exist"
exit 3
fi
elif [ "$1" = "del" ]
then
if [ "$User" -eq 0 ]
then
echo "user $2 No Exist"
exit 4
else
sed -i '/'$2'/d' $File
exit 0
fi
elif [ "$1" = "search" ]
then
if [ "$User" -eq 0 ]
then
echo "user $2 No Exist"
exit 5
else
grep "\b$2\b" $File
exit 0
fi
else
echo "USAGE: sh adduser.sh {add|del|search} username"
fi
【1】监控WEB服务是否正常,不低于5种思路
【2】监控DB(MySQL)是否正常,不低于5种思路
【2-1】端口:本地netstat/ss/lsof远程telnet/nmap/nc
【2-2】进程(本地)
【3】wget/curl(http的方式,判断根据返回值或者返回的内容)
【4】header(http)(http方式,根据状态码判断)
【5】数据库特有的,通过MySQL客户端连接,判断根据返回值或者返回的内容
精确匹配字符串的方法
[root@node1 ~]# cat linbin.txt
200 linbin
2000 LINBIN
0200 lb
【1】
[root@node1 ~]# grep "\b200\b" linbin.txt
200 linbin
【2】
[root@node1 ~]# grep "^200 linbin$" linbin.txt
200 linbin
【3】
[root@node1 ~]# grep -w "200" linbin.txt
200 linbin
【4】
[root@node1 ~]# grep -x "200 linbin" linbin.txt<==只能匹配完整的一行,如果grep -x "200" linbin.txt则不能出结果
200 linbin
如何监控文件/etc/passwd是否被修改
[root@node1 ~]# vim lb.sh
#!/bin/bash
File="/etc/passwd"
Md5="/tmp/md5sum.txt"
md5sum $File > $Md5
OK=$(md5sum -c $Md5 2>/dev/null|grep "OK"|wc -l)
if [ "$OK" -eq 1 ];then
echo "$File is not change"
exit 0
else
echo "$File is changed"
fi
函数:作用就是把程序里多次调用相同的代码部分定义成一份,然后为这段代码起个名字,其它所有的重复调用这部分代码就都调用这个名字就可以了,当需要修改这部分重复代码是,只需要改变函数体内的一份代码即可实现所有的调用
函数的优势
【1】把相同的程序段定义成函数,可以减少整个程序的代码量
【2】增加程序的可读,易读性
【3】可以实现程序功能模块化,不同的程序使用函数模块化
函数语法格式
【1】
函数名() {
指令......
return n
}
【2】
function 函数名() {<==规范的语法格式
指令......
return n
}
[root@node1 ~]# cat linbin.sh
linbin() {
echo "linbin"
}
function lb() {
echo "lb"
}
linbin
lb
[root@node1 ~]# sh linbin.sh<==需要跨脚本调用,需要用.或source执行
linbin
lb
函数传参:函数名 参数1 参数2
[root@node1 ~]# cat linbin.sh
linbin() {
echo "$1"
}
linbin lb
[root@node1 ~]# sh linbin.sh
lb
[root@node1 ~]# cat linbin.sh
linbin() {
echo "$1"
}
linbin $1
[root@node1 ~]# sh linbin.sh linbin
linbin
[root@node1 ~]# cat linbin.sh
#!/bin/bash
check=$(curl -I -s -w "%{http_code}\n" www.keysou.com -o /dev/null)
if [ "$check" = "200" ]
then
echo "www.keysou.com is running"
else
echo "www.keysou.com is no running"
fi
[root@node1 ~]# sh linbin.sh
www.keysou.com is running
[root@node1 ~]# cat linbin.sh
#!/bin/bash
check_url() {
check=$(curl -I -s -w "%{http_code}\n" $1 -o /dev/null)
if [ "$check" = "200" ]
then
echo "$1 is running"
else
echo "$1 is no running"
fi
}
check_url $1
[root@node1 ~]# sh linbin.sh www.keysou.com
www.keysou.com is running
[root@node1 ~]# sh linbin.sh www.baidu.com
www.baidu.com is running
case结构条件句
语法格式
case "字符串变量" in
值1) 指令1......
;;
值2) 指令2......
;;
*) 指令3......
esac
[root@node1 ~]# cat linbin.sh
#!/bin/bash
case "$1" in
1)
echo "1"
;;
2)
echo "2"
;;
3)
echo "3"
;;
*)
echo "Input Error"
exit 1
esac
exit $?
[root@node1 ~]# sh linbin.sh 1
1
[root@node1 ~]# sh linbin.sh 3
3
[root@node1 ~]# sh linbin.sh 4
Input Error
[root@node1 ~]# sh linbin.sh
Input Error
[root@node1 ~]# cat color.sh
RED_COLOR='\E[1;31m'
GREEN_COLOR='\E[1;32m'
YELLOW_COLOR='\E[1;33m'
BLUE_COLOR='\E[1;34m'
RES='\E[0m'
[root@node1 ~]# cat linbin.sh
#!/bin/bash
. /root/color.sh
cat <<EOF
=========================
1.Apple
2.Pear
3.Banana
4.Cherry
=========================
EOF
read -t 30 -p "Please Input What You Want To Choice,Example 1 Or 2: " num
case "$num" in
1)
echo -e "$RED_COLOR You Are Choice Is Apple $RES"
;;
2)
echo -e "$GREEN_COLOR You Are Choice Is Pear $RES"
;;
3)
echo -e "$YELLOW_COLOR You Are Choice Is Banana $RES"
;;
4)
echo -e "$BLUE_COLOR You Are Choice Is Cherry $RES"
;;
*)
echo "You Are Input Is Error,Please Input Agine"
exit 1
esac
exit $?
[root@node1 ~]# sh linbin.sh
=========================
1.Apple
2.Pear
3.Banana
4.Cherry
=========================
Please Input What You Want To Choice,Example 1 Or 2:
You Are Input Is Error,Please Input Agine
[root@node1 ~]# sh linbin.sh
=========================
1.Apple
2.Pear
3.Banana
4.Cherry
=========================
Please Input What You Want To Choice,Example 1 Or 2: 1
You Are Choice Is Apple
[root@node1 ~]# sh linbin.sh
=========================
1.Apple
2.Pear
3.Banana
4.Cherry
=========================
Please Input What You Want To Choice,Example 1 Or 2: 2
You Are Choice Is Pear
[root@node1 ~]# sh linbin.sh
=========================
1.Apple
2.Pear
3.Banana
4.Cherry
=========================
Please Input What You Want To Choice,Example 1 Or 2: 3
You Are Choice Is Banana
[root@node1 ~]# sh linbin.sh
=========================
1.Apple
2.Pear
3.Banana
4.Cherry
=========================
Please Input What You Want To Choice,Example 1 Or 2: 4
You Are Choice Is Cherry
前景色
[root@node1 ~]# echo -e "\033[30m 黑色字linbin Linux \033[0m"
[root@node1 ~]# echo -e "\033[31m 红色字linbin Linux \033[0m"
[root@node1 ~]# echo -e "\033[32m 绿色字linbin Linux \033[0m"
[root@node1 ~]# echo -e "\033[33m 黄色字linbin Linux \033[0m"
[root@node1 ~]# echo -e "\033[34m 蓝色字linbin Linux \033[0m"
[root@node1 ~]# echo -e "\033[35m 紫色字linbin Linux \033[0m"
[root@node1 ~]# echo -e "\033[36m 天蓝字linbin Linux \033[0m"
[root@node1 ~]# echo -e "\033[37m 白色字linbin Linux \033[0m"
[root@node1 ~]# cat linbin.sh
#!/bin/sh
add(){
RED_COLOR='\E[1;31m'
GREEN_COLOR='\E[1;32m'
YELLOW_COLOR='\E[1;33m'
BLUE_COLOR='\E[1;34m'
FLASH_COLOR='\33[5m'
RES='\E[0m'
case "$1" in
red|RED)
echo -e "$RED_COLOR $2 $RES"
;;
green|GREEN)
echo -e "$GREEN_COLOR $2 $RES"
;;
yellow|YELLOW)
echo -e "$YELLOW_COLOR $2 $RES"
;;
blue|BLUE)
echo -e "$BLUE_COLOR $2 $RES"
;;
*)
echo "Plu Use:{red|green|yellow|blue} {chars}"
exit
esac
}
menu(){
cat <<EOF
=========================
1.Apple
2.Pear
3.Banana
4.Cherry
5.Exit
=========================
EOF
}
fruit(){
read -p "Pls Input The Fruit Your Like: " fruit
case "$fruit" in
1)
add red apple
;;
2)
add green pear
;;
3)
add yellow banana
;;
4)
add blue cherry
;;
5)
exit
;;
*)
echo "Pls Select Right Num:{1|2|3|4}"
exit
esac
}
main(){
while true
do
menu
fruit
done
}
main
[root@node1 ~]# sh lb.sh
=========================
1.Apple
2.Pear
3.Banana
4.Cherry
5.Exit
=========================
Pls Input The Fruit Your Like: 1
apple
=========================
1.Apple
2.Pear
3.Banana
4.Cherry
5.Exit
=========================
Pls Input The Fruit Your Like: 2
pear
=========================
1.Apple
2.Pear
3.Banana
4.Cherry
5.Exit
=========================
Pls Input The Fruit Your Like: 3
banana
=========================
1.Apple
2.Pear
3.Banana
4.Cherry
5.Exit
=========================
Pls Input The Fruit Your Like: 4
cherry
=========================
1.Apple
2.Pear
3.Banana
4.Cherry
5.Exit
=========================
Pls Input The Fruit Your Like: 5
case语句小结
【1】case语句就相当于多分支的if语句,case语句优势更规范、易读
【2】case语句适合变量的值少,且为固定的数字或字符串集合(1,2,3)或(start,stop,restart)
【3】系统服务启动脚本传参的判断多用case语句,多参考rpcbind/nfs/crond脚本
【4】所有的case语句都可以用if实现,但是case更规范清晰一些
【5】case一般适合于服务的启动脚本
【6】case的变量的值如果已知固定的start/stop/restart元素的时候比较适合一些
当型循环和直到型循环
语法格式
【1】while条件句
语法格式
while 条件
do
指令......
done
[root@node1 ~]# cat linbin.sh<==while true表示条件永远为真,因此会一直运行,像死循环一样,可以根据需要加sleep时间
#!/bin/bash
while true
do
uptime
sleep 3
done
[root@node1 ~]# sh linbin.sh
20:52:05 up 8 min, 1 user, load average: 0.02, 0.06, 0.05
20:52:08 up 8 min, 1 user, load average: 0.02, 0.06, 0.05
20:52:11 up 8 min, 1 user, load average: 0.02, 0.06, 0.05
20:52:14 up 8 min, 1 user, load average: 0.02, 0.06, 0.05
防止脚本执行中断的方法
【1】sh linbin.sh &
【2】nohup /server/scripts/linbin.sh &
【3】screen,保持会话,总结此命令
系统CPU、内存进程占用率排序
vimrc高级安装(https://github.com/amix/vimrc/blob/master/README.md)
[root@node1 ~]# git clone https://github.com/amix/vimrc.git ~/.vim_runtime
[root@node1 ~]# sh ~/.vim_runtime/install_awesome_vimrc.sh
vimrc高级升级(https://github.com/amix/vimrc/blob/master/README.md)
[root@node1 ~]# cd ~/.vim_runtime
[root@node1 ~]# git pull --rebase
shell必会30道面试题
http://oldboy.blog.51cto.com/2561410/1632876
【1】手机充值,例如:充10元,每发一次短信(输出当前余额)扣1角5分钱,当余额低于1角5分钱不能发短信,提示余额不足,请充值(可以允许用户充值继续发短信),请使用while语句实现
提示(单位换算,统一单位,统一成整数)10元=1000分,1角5分=15分
【2】猜数字游戏,首先让系统随机生成一个数字,给这个数字定一个范围(数字前50及后50),让用户输入猜的数字,对输入判断,如果不符合数字就给予高与低的提示,猜对后给出猜对用的次数,请使用while语句实现
【3】使用while语句实现1+2+3....+100
[root@node1 ~]# cat linbin.sh
#!/bin/bash
sum=0
i=1
while [ "$i" -le 100 ]
do
((sum=sum+i))
((i++))
done
echo $sum
[root@node1 ~]# sh linbin.sh
5050
while按行读文件的方式
【1】
exec <FILE
sum=0
while read line
do
cmd
done
【2】
cat ${FILE_PATH}|while read line
do
cmd
done
【3】
while read line
do
cmd
done<FILE
[root@node1 ~]# cat linbin.sh
#!/bin/bash
sum=0
while read line
do
i=`echo $line|awk '{print $10}'`
expr $i + 1 &>/dev/null
[ $? -ne 0 ] && continue
((sum+=i))
done<access_2017-06-06.log
echo $sum
[root@node1 ~]# sh linbin.sh
226905
各个语句使用场景
【1】条件表达式,简单的判断(文件是否存在,字符串是否为空等)
【2】if取值判断,不同值数量较少的情况
【3】for正常的循环处理,最常使用
【4】while守护进程,无限循环(sleep)
【5】case服务启动脚本,菜单
【6】函数,逻辑清晰,减少重复语句
for循环结构
语法格式
for 变量名 in 列表
do
指令......
done
[root@node1 ~]# cat linbin.sh
#!/bin/bash
for i in 5 4 3 2 1
do
echo "$i"
done
[root@node1 ~]# sh linbin.sh
5
4
3
2
1
批量重命名文件
C语言型for循环结构
for((exp1;exp2;exp3))
do
指令......
done
[root@node1 ~]# cat linbin.sh
#!/bin/bash
for((i=1;i<=5;i++))
do
echo "$i"
done
[root@node1 ~]# sh linbin.sh
1
2
3
4
5
[root@node1 ~]# cat linbin.sh
#!/bin/bash
sum=0
for((i=1;i<=100;i++))
do
((sum=sum+i))
done
echo "$sum"
[root@node1 ~]# sh linbin.sh
5050
http://edu.51cto.com/course/course_id-1511.html
【1】使用for循环批量创建10个文件,名称依次为
linbin-1.html
linbin-2.html
linbin-3.html
linbin-4.html
linbin-5.html
linbin-6.html
linbin-7.html
linbin-8.html
linbin-9.html
linbin-10.html
[root@node1 ~]# for file in `seq 10`;do touch linbin-${file}.html;done
[root@node1 ~]# ls *.html
linbin-10.html linbin-2.html linbin-4.html linbin-6.html linbin-8.html
linbin-1.html linbin-3.html linbin-5.html linbin-7.html linbin-9.html
【2】使用for循环实现将以上文件名中的linbin全部改成linux,并且扩展名改为HTML(for循环的循环体不能出现linbin字符串)
[root@node1 ~]# cat linbin.sh
for file in `ls *.html`
do
mv $file `echo "$file"|sed -r 's#^lbin(.*)html#linux\1HTML#g'`
done
[root@node1 ~]# ls *.HTML
linux-10.HTML linux-2.HTML linux-4.HTML linux-6.HTML linux-8.HTML
linux-1.HTML linux-3.HTML linux-5.HTML linux-7.HTML linux-9.HTML
【3】批量创建10个系统账号linbin01-linbin10并设置密码(密码不能相同)
[root@node1 ~]# cat linbin.sh
for user in `seq -f "linbin%02g" 10`<=="-f"参数表示指定格式,2表示保留两位,0表达不足使用0补全
do
useradd $user
echo "$RANDOM"|passwd --stdin $user
done
[root@node1 ~]# sh linbin.sh
[root@node1 ~]# tail -10 /etc/passwd
linbin01:x:502:502::/home/linbin01:/bin/bash
linbin02:x:503:503::/home/linbin02:/bin/bash
linbin03:x:504:504::/home/linbin03:/bin/bash
linbin04:x:505:505::/home/linbin04:/bin/bash
linbin05:x:506:506::/home/linbin05:/bin/bash
linbin06:x:507:507::/home/linbin06:/bin/bash
linbin07:x:508:508::/home/linbin07:/bin/bash
linbin08:x:509:509::/home/linbin08:/bin/bash
linbin09:x:510:510::/home/linbin09:/bin/bash
linbin10:x:511:511::/home/linbin10:/bin/bash
【4】批量创建10个系统账号linbin01-linbin10并设置密码(密码为随机8位)
[root@node1 ~]# cat linbin.sh
for user in `seq -f"keysou%02g" 10`
do
pass=`echo "$RANDOM"|md5sum|cut -c 1-8`
useradd $user
echo "$pass"|passwd --stdin $user
echo -e "logname:$user \t password:$pass" >> /data/usermsg
done
[root@node1 ~]# cat /data/usermsg
logname:keysou01 password:05cfe7ce
logname:keysou02 password:65890d92
logname:keysou03 password:4fb4981d
logname:keysou04 password:bc201a97
logname:keysou05 password:a33a68df
logname:keysou06 password:30f451ce
logname:keysou07 password:69a26813
logname:keysou08 password:941e1618
logname:keysou09 password:3d481634
logname:keysou10 password:f7cf210d
[root@node1 ~]# cat linbin.sh
for file in `seq 10`
do
touch `echo "$RANDOM"|md5sum|cut -c 1-8`_linbin.html
done
[root@node1 ~]# ls *.html
04d15445_linbin.html 35468047_linbin.html 5adf22f2_linbin.html a3295b28_linbin.html cdfa9380_linbin.html
1e762cc5_linbin.html 40c957d6_linbin.html 71cc916a_linbin.html bf3f2474_linbin.html d88484e8_linbin.html
加密方式
【1】
[root@node1 ~]# echo "$RANDOM LINBIN"|md5sum
fc2366bb5395c53497874e11888e90bc -
【2】
[root@node1 ~]# openssl rand -base64 56
eaLCYRJHNUBI40zlzzAwAFZTGL1vLymUf/OD6h6J3KZ2hBpgjAVIks1uq5ymXfdx
lUH0EwIWsKI=
【3】
[root@node1 ~]# date +%s%N
1483511562615033042
【4】
[root@node1 ~]# head /dev/urandom|cksum
1498052087 2597
【5】
[root@node1 ~]# cat /proc/sys/kernel/random/uuid
b8c20e80-dc9a-4b5a-9732-8b6d00986595
【6】
[root@node1 ~]# yum -y install expect
[root@node1 ~]# mkpasswd -l 10
tabGUhv55]
[root@node1 ~]# cat linbin.sh
for ((i=0;i<=5;i++))
do
if [ $i -eq 3 ]
then
continue;<==跳出此次循环
fi
echo $i
done
echo ok
[root@node1 ~]# sh linbin.sh
0
1
2
4
5
ok
[root@node1 ~]# cat linbin.sh
for ((i=0;i<=5;i++))
do
if [ $i -eq 3 ]
then
break;<==跳出整个循环
fi
echo $i
done
echo ok
[root@node1 ~]# sh linbin.sh
0
1
2
ok
[root@node1 ~]# cat linbin.sh
for ((i=0;i<=5;i++))
do
if [ $i -eq 3 ]
then
exit;<==退出脚本
fi
echo $i
done
echo ok
[root@node1 ~]# sh linbin.sh
0
1
2
Shell数组
定义数组
【1】静态数组
array=(value1 value2 value3......)<==元素用括号括起来,元素之间用空格隔开
[root@node1 ~]# array=(1 2 3)
[root@node1 ~]# echo ${#array[@]}<==计算数组的长度,相当于元素的个数
3
[root@node1 ~]# echo ${#array[*]}<==计算数组的长度,相当于元素的个数
3
[root@node1 ~]# echo ${array[1]}<==读取数组的元素的值,下标从0开始
2
[root@node1 ~]# echo ${array[*]}<==读取所有数组的元素的值
1 2 32 67
[root@node1 ~]# echo ${array[@]}<==读取所有数组的元素的值
1 2 32 67
[root@node1 ~]# cat linbin.sh
array=(11 22 33)
for ((i=0;i<${#array[*]};i++))
do
echo ${array[i]}
done
[root@node1 ~]# sh linbin.sh
11
22
33
[root@node1 ~]# cat linbin.sh
array=(11 22 33)
for i in ${array[*]}
do
echo $i
done
[root@node1 ~]# sh linbin.sh
11
22
33
【2】动态数组
[root@node1 ~]# array=($(ls))
[root@node1 ~]# echo ${array[*]}
anaconda-ks.cfg color.sh install.log install.log.syslog lb.sh system_initialization.sh test.sh
[root@node1 ~]# echo ${#array[*]}
7
shell数组小结
【1】定义数组
静态数组:array=(1 2 3)
动态数组:array=($(ls))或array=(`ls`)
【2】打印数组
${array[@]}或${array[*]}<==打印所有元素
${#array[@]}或${#array[*]}<==打印数组的长度(几个元素)
${array[n]}<==打印单个元素,n为数组的下标
[root@node1 ~]# cat linbin.sh
#!/bin/bash
array=(
www.baidu.com
www.keysou.com
www.taobao.com
www.ajbcloud.com
www.aliyun.com
)
. /etc/init.d/functions
for ((web=0;web<${#array[*]};web++))
do
code=$(curl -I -s -w "%{http_code}\n" ${array[web]} -o /dev/null)
if [ "$code" = "200" -o "$code" = "302" ]
then
action "check web ${array[web]}" /bin/true
else
action "check web ${array[web]}" /bin/false
fi
done
[root@node1 ~]# sh linbin.sh
check web www.baidu.com [ OK ]
check web www.keysou.com [ OK ]
check web www.taobao.com [ OK ]
check web www.ajbcloud.com [ OK ]
check web www.aliyun.com [FAILED]
[root@node1 ~]# curl -I -s -w "%{http_code}\n" www.aliyun.com -o /dev/null
301
shell脚本调试
【1】学习脚本开发规范
【2】好的编码习惯
【3】Windows下开发的脚本需要用dos2unix调试
【4】sh -n name.sh检查脚本语法
【5】sh -x name.sh检查脚本执行过程(脚本不会执行)
vimrc高级配置
【1】添加脚本版权信息
【2】语法缩进
集群的概念:一堆服务器干一件事情
集群特点
【1】高性能
【2】可伸缩性(横向扩展代替纵向扩展)
【3】高可用性
只有当并发或总请求数量超过单台服务器的承受能力时,服务器集群的优势才会体现出来(会有网络开销)
集群分类
【1】负载均衡集群(LB)
【2】高可用集群(HA,不同业务的双主)
【3】高性能计算集群(HPC,航空航天、天气预报)
防止雪崩效应
负载均衡开源软件汇总
【1】LVS(L4)
【2】Haproxy(L4、L7)
【3】Nginx(L7)
负载均衡硬件汇总
【1】F5
【2】Netscaler
【3】Radware
【4】A10
集群开源软硬件汇总
【1】LVS、Haproxy、Nginx、Keepalived、Hearbeat(强调对资源控制)
【2】F5、Netscaler、Radware、A10
企业选型
【1】LVS+Keepalived
【2】Nginx+Keepalived
Nginx功能
【1】反向代理(负载均衡)
【2】网站服务
【3】缓存服务
反向代理和负载均衡的概念
Nginx官方网站:http://nginx.org/
Nginx官方文档:http://nginx.org/en/docs/
Nginx负载均衡模块
【1】ngx_http_upstream_module
【1-1】proxy_pass(常用)
【1-2】fastcgi_pass(常用)
【1-3】memcached_pass
【2】ngx_http_proxy_module
ngx_http_upstream_module语法格式
upstream backend {
server backend1.example.com weight=5;
server backend2.example.com:8080;
server unix:/tmp/backend3;
server backup1.example.com:8080 backup;
server backup2.example.com:8080 backup;
}
调度算法
【1】静态算法:rr、wrr、ip_hash(会话保持)、url_hash(缓存服务、CDN)、consistent_hash(一致性哈希)
【2】动态算法:fair(第三方)、lc
url_hash算法最大的问题是当后端缓存服务器宕机或新增时,所有的缓存都失效,导致访问源站
一致性哈希算法解决缓存服务问题最好的算法
一致性哈希算法原理
ngx_http_proxy_module语法格式
location / {
proxy_pass http://localhost:8000;
proxy_set_header Host $host;
proxy_set_header X-Forward-For $remote_addr;
proxy_connect_timeout 60;
proxy_send_timeout 60;
proxy_read_timeout 60;
proxy_buffer_size 4k;
proxy_buffers 4k 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
常用参数
【1】proxy_pass
【2】proxy_set_header
【3】proxy_connect_timeout
【4】proxy_send_timeout
【5】proxy_read_timeout
【6】proxy_buffer_size
【7】proxy_buffers
【8】proxy_busy_buffers_size
【9】proxy_temp_file_write_size
【10】proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504
Nginx根据URI实现不同跳转
Nginx根据客户终端实现不同跳转
Nginx反向代理后端节点健康检查
Nginx缓存功能
Nginx+Keepalived
Keepalived起初就是为LVS设计的,专门监控LVS集群系统中各个节点的状态
VRRP:虚拟路由冗余协议,解决静态路由出现单点故障的问题,VRRP通过一种竞选协议机制来将路由任务交给某一台VRRP路由器(优先级)
Keepalived功能
【1】failover:接管服务
【2】healthcheck:健康检查(LVS后端集群节点)
Keepalived工作原理
Keepalived Directors高可用之间的故障转移是通过VRRP协议(虚拟路由冗余协议)来实现的
在Keepalived Directors正常工作时,主Directors节点会不断的向备Directors节点广播心跳信息
告诉备Directors节点自己还活着,当主Directors节点发生故障时,备Directors节点无法收到
主Directors节点的广播心跳信息,进而调用自身的接管程序,接管主Directors节点的IP资源服务
当主Directors节点恢复故障时,备Directors节点释放IP资源服务,恢复到备Directors节点角色
Keepalived工作原理小结
【1】VRRP协议,全称Virtual Router Redundancy Protocol,中文名,虚拟路由冗余协议,VRRP的出现是为了解决静态路由单点故障
【2】VRRP通过一种竞选机制来将路由任务交给某一台VRRP路由器(优先级)
【3】VRRP通过IP组播的方式实现通信
【4】主节点发包,备节点收包,当备节点收不到主节点发送的包时,根据竞选机制接管主节点资源
【5】VRRP使用了加密协议
Keepalived官方网站:http://www.keepalived.org/
Keepalived安装
[root@LB01-Server ~]# ln -s /usr/src/kernels/2.6.32-504.el6.x86_64/ /usr/src/linux
[root@LB01-Server ~]# ls -ld /usr/src/linux/
drwxr-xr-x. 22 root root 4096 Jun 6 17:21 /usr/src/linux/
[root@LB01-Server ~]# yum -y install openssl-devel libnl-devel libnfnetlink-devel
[root@LB01-Server ~]# tar xvfz keepalived-1.3.5.tar.gz -C /usr/local/src/
[root@LB01-Server ~]# cd /usr/local/src/keepalived-1.3.5/
[root@LB01-Server keepalived-1.3.5]# ./configure --prefix=/usr/local/keepalived-1.3.5
[root@LB01-Server keepalived-1.3.5]# make && make install
[root@LB01-Server keepalived-1.3.5]# ln -s /usr/local/keepalived-1.3.5/ /usr/local/keepalived
[root@LB01-Server keepalived-1.3.5]# ls -l /usr/local/keepalived
lrwxrwxrwx. 1 root root 28 Jun 15 16:07 /usr/local/keepalived -> /usr/local/keepalived-1.3.5/
[root@LB01-Server keepalived-1.3.5]# cp -a /usr/local/src/keepalived-1.3.5/keepalived/etc/init.d/keepalived /etc/init.d/keepalived
[root@LB01-Server keepalived-1.3.5]# ls -l /etc/init.d/keepalived
-rwxrwxr-x. 1 1000 1000 1308 Feb 26 01:09 /etc/init.d/keepalived
[root@LB01-Server keepalived-1.3.5]# cp -a /usr/local/src/keepalived-1.3.5/keepalived/etc/sysconfig/keepalived /etc/sysconfig/keepalived
[root@LB01-Server keepalived-1.3.5]# ls -l /etc/sysconfig/keepalived
-rw-rw-r--. 1 1000 1000 667 Feb 26 01:09 /etc/sysconfig/keepalived
[root@LB01-Server keepalived-1.3.5]# mkdir /etc/keepalived -p
[root@LB01-Server keepalived-1.3.5]# ls -ld /etc/keepalived/
drwxr-xr-x. 2 root root 4096 Jun 15 16:03 /etc/keepalived/
[root@LB01-Server keepalived-1.3.5]# cp -a /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/
[root@LB01-Server keepalived-1.3.5]# ls -l /etc/keepalived/keepalived.conf
-rw-r--r--. 1 root root 3598 Jun 15 15:59 /etc/keepalived/keepalived.conf
[root@LB01-Server keepalived-1.3.5]# cp -a /usr/local/keepalived/sbin/keepalived /usr/sbin/
[root@LB01-Server keepalived-1.3.5]# ls -l /usr/sbin/keepalived
-rwxr-xr-x. 1 root root 1232774 Jun 15 15:59 /usr/sbin/keepalived
[root@LB01-Server keepalived-1.3.5]# /etc/init.d/keepalived start
Starting keepalived: [ OK ]
[root@LB01-Server keepalived-1.3.5]# ps -ef|grep "keepalived"|grep -v "grep"
root 23528 1 0 16:12 ? 00:00:00 keepalived -D
root 23530 23528 0 16:12 ? 00:00:00 keepalived -D
root 23531 23528 0 16:12 ? 00:00:00 keepalived -D
Keepalived配置
[root@LB01-Server ~]# cp -a /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf_$(date +%F)
[root@LB01-Server ~]# vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
linbin@keysou.com
}
notification_email_from system@keysou.com
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id KW_01<==keepalive_id号,"KW_01"表示ID名称,可自定义但必须唯一
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {<==VRRP实例,"VI_1"表示实例名称,可自定义
state MASTER<==实例状态,MASTER或BACKUP,实际由优先级控制
interface eth0<==绑定VIP地址的网络接口
virtual_router_id 51<==实例ID,必须唯一
priority 150<==优先级
advert_int 1<==心跳间隔
authentication {<==账号密码验证通信
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.100.137/24<==VIP
}
}
[root@LB02-Server ~]# /etc/init.d/keepalived start
Starting keepalived: [ OK ]
[root@LB02-Server ~]# ps -ef|grep "keepalived"|grep -v "grep"
root 23667 1 0 16:45 ? 00:00:00 keepalived -D
root 23669 23667 1 16:45 ? 00:00:00 keepalived -D
root 23670 23667 0 16:45 ? 00:00:00 keepalived -D
[root@LB02-Server ~]# ip addr|grep "192.168.100"|grep -v "grep"<==keepalived使用ip addr方式添加VIP,所以使用ifconfig命令查看不到VIP
inet 192.168.100.133/24 brd 192.168.100.255 scope global eth0
inet 192.168.100.137/24 scope global secondary eth0
[root@LB02-Server ~]# vim /etc/keepalived/keepalived.conf
global_defs {
notification_email {
linbin@keysou.com
}
notification_email_from system@keysou.com
smtp_server 192.168.200.1
smtp_connect_timeout 30
router_id KW_02<==keepalive_id号,"KW_02"表示ID名称,可自定义但必须唯一
vrrp_skip_check_adv_addr
vrrp_strict
vrrp_garp_interval 0
vrrp_gna_interval 0
}
vrrp_instance VI_1 {<==VRRP实例,"VI_1"表示实例名称,可自定义,与MASTER一致
state BACKUP<==实例状态,MASTER或BACKUP,实际由优先级控制
interface eth0<==绑定VIP地址的网络接口
virtual_router_id 51<==实例ID,必须唯一,与MASTER一致
priority 100<==优先级,低于MASTER
advert_int 1<==心跳间隔
authentication {<==账号密码验证通信,与MASTER一致
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.100.137/24<==VIP
}
}
[root@LB02-Server ~]# /etc/init.d/keepalived start
Starting keepalived: [ OK ]
[root@LB02-Server ~]# ps -ef|grep "keepalived"|grep -v "grep"
root 23667 1 0 16:45 ? 00:00:00 keepalived -D
root 23669 23667 1 16:45 ? 00:00:00 keepalived -D
root 23670 23667 0 16:45 ? 00:00:00 keepalived -D
[root@LB02-Server ~]# ip addr|grep "192.168.100"|grep -v "grep"<==keepalived使用ip addr方式添加VIP,所以使用ifconfig命令查看不到VIP
inet 192.168.100.134/24 brd 192.168.100.255 scope global eth0
防止脑裂
【1】直连网卡加串口线
【2】stonith、fence设备
【3】编写脚本监控
LVS负载均衡
LVS简介:Linux Virtual Server,意即Linux虚拟服务器,是一个虚拟的服务器集群系统,该项目在1998年5月由章文嵩博士组织成立,是中国国内最早出现的自由软件项目之一
LVS英文官方网站:http://www.linuxvirtualserver.org
LVS中文官方网站:http://www.linuxvirtualserver.org/zh/
LVS项目介绍:http://www.linuxvirtualserver.org/zh/lvs1.html
LVS集群的体系结构:http://www.linuxvirtualserver.org/zh/lvs2.html
LVS集群中的IP负载均衡技术:http://www.linuxvirtualserver.org/zh/lvs3.html
LVS集群的负载调度:http://www.linuxvirtualserver.org/zh/lvs4.html
LVS核心要素
【1】内核层面:IPVS
【2】用户层面:ipvsadm(管理IPVS)
LVS技术点小结
【1】真正实现负载调度工具的是IPVS,工作在Linux内核层面
【2】LVS自带的IPVS管理工具是ipvsadm
【3】Keepalive实现管理IPVS及负载均衡器的高可用
【4】RedHat套件工具Piranha Web管理实现调度的工具IPVS
LVS体系结构:LVS由前端的负载均衡器(Load Balancer,LB)和后端的真实服务器(Real Server,RS)群组成。RS间可通过局域网或广域网连接。LVS的这种结构对用户是透明的,用户只能看见一台作为LB的虚拟服务器(Virtual Server),而看不到提供服务的RS群。当用户的请求发往虚拟服务器,LB根据设定的包转发策略和负载均衡调度算法将用户请求转发给RS。RS再将用户请求结果返回给用户
LVS专业术语
【1】虚拟IP地址:VIP(Virtual IP Address)
【2】真实IP地址:RIP(Real Server IP Address)
【3】Director IP地址:DIP(Directory IP Address)
【4】客户端主机IP地址:CIP(Client IP Address)
ARP简介:全称Address Resolution Protocal,即地址解析协议,使用ARP协议可以实现IP地址解析成对应物理地址(MAC地址)
ARP工作原理
【1】主机A想发数据包给主机B,检查缓存(ARP表),发现没有主机B的MAC地址
【2】主机A在局域网发送ARP广播,主机B的MAC地址是多少?
【3】局域网所有主机收到主机A发送的ARP广播,只有主机B会响应主机A
【4】主机A收到主机B的MAC地址,并缓存到ARP表,发送数据包给主机B
ARP小结
【1】ARP全称:Address Resolution Protocol
【2】实现局域网内把IP地址解析成MAC地址
【3】MAC是48位主机的物理地址,局域网内必须唯一
【4】ARP协议类似DNS服务,但不需要配置服务
【5】ARP协议是三层协议,但工作在二层
ARP缓存表是把双刃剑
【1】主机有了ARP缓存表,可以加快ARP解析速度,减少局域网内广播风暴
【2】正是有了ARP缓存表,给恶意的黑客带来了攻击服务器主机的风险,也就是ARP欺骗攻击
【3】切换路由器,负载均衡器等设备时,可能会导致短时间网络中断
ARP生产环境面临的问题
【1】ARP病毒,ARP欺骗
【2】高可用服务器之间的切换需要考虑ARP缓存
【3】路由器等设备无缝迁移需要考虑ARP缓存,例如:办公室路由器更换
ARP欺骗原理
ARP防御措施
【1】在主机绑定网关MAC与IP地址为静态(默认为动态),命令:arp -s 网关IP 网关MAC
【2】在网关绑定主机MAC与IP地址
【3】使用ARP防火墙
LVS集群四种模式
【1】NAT模式:地址转换模式
【1-1】客户端将请求发往前端的负载均衡器,请求报文源地址是CIP,目标地址为VIP
【1-2】负载均衡器收到报文后,发现请求的是在规则里面存在的地址,那么它将客户端请求报文的目标地址改为了后端服务器的RIP地址并将报文根据算法发送出去
【1-3】报文送到Real Server后,由于报文的目标地址是自己,所以会响应该请求,并将响应报文返还给LVS
【1-4】然后LVS将此报文的源地址修改为本机并发送给客户端(在NAT模式中,Real Server的网关必须指向LVS,否则报文无法送达客户端)
NAT模式小结
【1】NAT技术将请求的报文(通过DNAT方式改写)和响应的报文(通过SNAT方式改写),通过调度器地址重写然后在转发给内部的服务器,报文返回时在改写成原来的用户请求的地址
【2】只需要在调度器LB上配置WAN公网IP即可,调度器也要有私有LAN IP和内部RS节点通信
【3】每台内部RS节点的网关地址,必须要配成调度器LB的私有LAN内物理网卡地址(LDIP),这样才能确保数据报文返回时仍然经过调度器LB
【4】由于请求与响应的数据报文都经过调度器LB,因此,网站访问量大时调度器LB有较大瓶颈,一般要求最多10-20台节点
【5】NAT模式支持对IP及端口的转换,即用户请求10.0.1.1:80,可以通过调度器转换到RS节点的10.0.1.2:8080(DR和TUN模式不具备的)
【6】所有NAT内部RS节点只需配置私有LAN IP即可
【7】由于数据包来回都需要经过调度器,因此,要开启内核转发net.ipv4.ip_forward = 1,当然也包括iptables防火墙的forward功能(DR和TUN模式不需要)
【2】DR模式:直接路由模式
【2-1】客户端将请求发往前端的负载均衡器,请求报文源地址是CIP,目标地址为VIP
【2-2】负载均衡器收到报文后,发现请求的是在规则里面存在的地址,那么它将客户端请求报文的源MAC地址改为自己DIP的MAC地址,目标MAC改为了RIP的MAC地址,并将此包发送给RS
【2-3】RS发现请求报文中的目的MAC是自己,就会将次报文接收下来,处理完请求报文后,将响应报文通过lo接口送给eth0网卡直接发送给客户端(注意:需要设置lo接口的VIP不能响应本地网络内的ARP请求)
DR模式小结
【1】通过在调度器LB上修改数据包的目的MAC地址实现转发。注意,源IP地址仍然是CIP,目的IP地址仍然是VIP
【2】请求的报文经过调度器,而RS响应处理后的报文无需经过调度器LB,因此,并发访问量大时使用效率很高(和NAT模式比)
【3】因DR模式是通过MAC地址的改写机制实现的转发,因此,所有RS节点和调度器LB只能在一个局域网LAN中(小缺点)
【4】需要注意RS节点的VIP的绑定(lo:vip/32,lo1:vip/32)和ARP抑制问题
【5】RS节点的默认网关不需要是调度器LB的DIP,而直接是IDC机房分配的上级路由器的IP(这是RS带有外网IP地址的情况),理论讲:只要RS可以出网即可,不是必须要配置外网IP
【6】由于DR模式的调度器仅进行了目的MAC地址的改写,因此,调度器LB无法改变请求的报文的目的端口(和NAT要区别)
【7】当前调度器LB支持几乎所有的UNIX,LINUX系统,但目前不支持WINDOWS系统。真实服务器RS节点可以是WINDOWS系统
【8】总的来说DR模式效率很高,但是配置也较麻烦,因此,访问量不是特别大的公司可以用haproxy/nginx取代之。这符合运维的原则:简单、易用、高效。日1000-2000W PV或并发请求1万以下都可以考虑用haproxy/nginx(LVS NAT模式)
【9】直接对外的访问业务,例如:web服务做RS节点,RS最好用公网IP地址。如果不直接对外的业务,例如:MySQL,存储系统RS节点,最好只用内部IP地址。
【3】TUN模式:隧道模式
【3-1】客户端将请求发往前端的负载均衡器,请求报文源地址是CIP,目标地址为VIP
【3-2】负载均衡器收到报文后,发现请求的是在规则里面存在的地址,那么它将在客户端请求报文的首部再封装一层IP报文,将源地址改为DIP,目标地址改为RIP,并将此包发送给RS
【3-3】RS收到请求报文后,会首先拆开第一层封装,然后发现里面还有一层IP首部的目标地址是自己lo接口上的VIP,所以会处理次请求报文,并将响应报文通过lo接口送给eth0网卡直接发送给客户端(需要设置lo接口的VIP不能在共网上出现)
TUN模式小结
【1】负载均衡器通过把请求的报文通过IP隧道(IPIP隧道)的方式(请求的报文不经过原目的地址的改写(包括MAC),而是直接封装成另外的IP报文)转发至真实服务器,而真实服务器将响应处理后直接返回给客户端用户
【2】由于真实服务器将响应处理后的报文直接返回给客户端用户,因此最好RS有一个外网IP地址,这样效率才会更高。理论上:只要能出网即可,无需外网IP地址
【3】由于调度器LB只处理入站请求的报文。因此,此集群系统的吞吐量可以提高10倍以上,但隧道模式也会带来一定的系统开销。TUN模式适合LAN/WAN
【4】TUN模式的LAN环境转发不如DR模式效率高,而且还要考虑系统对IP隧道的支持问题
【5】所有的RS服务器都要绑定VIP,抑制ARP,配置复杂
【6】LAN环境一般多采用DR模式,WAN环境可以用TUN模式,但是当前在WAN环境下,请求转发更多的被haproxy/nginx/DNS调度等代理取代。因此,TUN模式在国内公司实际应用的已经很少。跨机房应用要么拉光纤成局域网,要么DNS调度,底层数据还得同步
【7】直接对外的访问业务,例如:web服务做RS节点,最好用公网IP地址。不直接对外的业务,例如:MySQL,存储系统RS节点,最好用内部IP地址
【4】FULLNAT模式
NAT模式:入站DNAT,出站SNAT,入站出站都经过LVS,可以修改端口,私有网络
DR模式:修改数据包的目的MAC地址,入站经过LVS,出站不经过LVS,直接返回客户,不能修改端口,LAN内使用
TUN模式:不修改数据包内容,在数据包外部封装一个IP头,入站经过LVS,出站不经过LVS,直接返回客户,不能修改端口,LAN/WAN内使用,LVS和节点之间通过IPIP隧道通信
LVS调度算法
【1】静态调度算法
【1-1】rr:轮询
【1-2】wrr:权重轮询
【1-3】dh:目标地址哈希
【1-4】sh:源地址哈希
【2】动态调度算法
【2-1】lc:最少连接数
【2-2】wlc:权重最少连接数
【2-3】lblc
【2-4】lblcr
【2-5】sed
【2-6】nq
LVS安装
[root@LB01-Server ~]# cat /etc/redhat-release
CentOS release 6.6 (Final)
[root@LB01-Server ~]# uname -r
2.6.32-504.el6.x86_64
[root@LB01-Server ~]# uname -m
x86_64
[root@LB01-Server ~]# yum -y install keepalived
[root@LB01-Server ~]# /etc/init.d/keepalived start
Starting keepalived: [ OK ]
[root@LB01-Server ~]# lsmod|grep "ip_vs"
ip_vs 125694 0
libcrc32c 1246 1 ip_vs
ipv6 334932 73 ip_vs
[root@LB01-Server ~]# yum -y install ipvsadm
[root@LB01-Server ~]# rpm -qa keepalived ipvsadm
ipvsadm-1.26-4.el6.x86_64
keepalived-1.2.13-5.el6_6.x86_64
[root@LB01-Server ~]# ip addr add 192.168.100.137/24 dev eth0 label eth0:0
[root@LB01-Server ~]# ip addr|grep "192.168.100.137"
inet 192.168.100.137/24 scope global secondary eth0:0
[root@LB01-Server ~]# ping -c 1 192.168.100.137
PING 192.168.100.137 (192.168.100.137) 56(84) bytes of data.
64 bytes from 192.168.100.137: icmp_seq=1 ttl=64 time=0.832 ms
[root@LB01-Server ~]# ipvsadm -C
[root@LB01-Server ~]# ipvsadm -A -t 192.168.100.137:80 -s rr
[root@LB01-Server ~]# ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.100.137:80 rr
[root@LB01-Server ~]# ipvsadm -a -t 192.168.100.137:80 -r 192.168.100.135 -g
[root@LB01-Server ~]# ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.100.137:80 rr
-> 192.168.100.135:80 Local 1 0 0
[root@LB01-Server ~]# ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.100.137:80 rr
-> 192.168.100.135:80 Local 1 0 0
-> 192.168.100.136:80 Route 1 0 0
[root@LB01-Server ~]# ipvsadm -d -t 192.168.100.137:80 -r 192.168.100.136
[root@LB01-Server ~]# ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.100.137:80 rr
-> 192.168.100.135:80 Local 1 0 0
[root@LB01-Server ~]# ip addr add 192.168.100.137/32 dev lo label lo:0
[root@LB01-Server ~]# route add -host 192.168.100.137 dev lo
[root@LB01-Server ~]# ip addr|grep "192.168.100.137"
inet 192.168.100.137/32 scope global lo:0
inet 192.168.100.137/24 scope global secondary eth0:0
[root@LB01-Server ~]# echo "1" > /proc/sys/net/ipv4/conf/lo/arp_ignore
[root@LB01-Server ~]# echo "2" > /proc/sys/net/ipv4/conf/lo/arp_announce
[root@LB01-Server ~]# echo "1" > /proc/sys/net/ipv4/conf/all/arp_ignore
[root@LB01-Server ~]# echo "2" > /proc/sys/net/ipv4/conf/all/arp_announce
LVS自身没有健康检查功能
ipvsadm常用参数
--add-service -A add virtual service with options
--clear -C clear the whole table
--save -S save rules to stdout
--add-server -a add real server with options
--delete-server -d delete real server
--list -L|-l list the table
--set tcp tcpfin udp set connection timeout values
--tcp-service -t service-address service-address is host[:port]
--persistent -p [timeout] persistent service(会话保持)
--real-server -r server-address server-address is host (and port)
--gatewaying -g gatewaying (direct routing) (default)
--ipip -i ipip encapsulation (tunneling)
--masquerading -m masquerading (NAT)
--numeric -n numeric output of addresses and ports
LVS高可用方案
【1】LVS+Hearbeart+Ldirectord
【2】LVS+Keepalived
【3】Redhat套件Piranha
Memcached
Memcached简介
Memcached官方网站:http://memcached.org
Memcached服务端:memcached-1.4.34.tar.gz
Memcache客户端:memcache-2.2.7.tgz
Memcached诞生目的:缓存数据库数据
缓存软件汇总
纯内存缓存:Memcached
持久化缓存:MemcacheDB(新浪开发)、Redis
网站缓存:Squid、Nginx、Varnish
Memcached应用场景
【1】作为数据库的查询数据缓存
【2】热点数据的缓存(数据预热)
【3】作为集群节点的Session会话共享存储
Memcached特点(高并发,高性能的缓存服务)
【1】协议简单(基于文本行)(telnet/nc)
【2】支持epoll/kqueue异步I/O,使用libevent作为事件处理通知机制
【3】key/value键值数据类型
【4】纯内存缓存,效率高(Redis持久化存储)
【5】支持分布式集群,一致性哈希算法最大量缓存后端数据(Memcached不互相通信的分布式,没有像MySQL主从复制)
【6】使用LRU算法删除过期的缓存数据
Memcached安装
[root@Memcached-Server ~]# rpm -qa libevent libevent-devel nc telnet
[root@Memcached-Server ~]# yum -y install libevent libevent-devel nc telnet
[root@Memcached-Server ~]# rpm -qa libevent libevent-devel nc telnet
libevent-devel-1.4.13-4.el6.x86_64<==安装Memcached依赖包
telnet-0.17-48.el6.x86_64<==管理Memcached的客户端工具
libevent-1.4.13-4.el6.x86_64<==安装Memcached依赖包
nc-1.84-24.el6.x86_64<==管理Memcached的客户端工具
[root@Memcached-Server ~]# rpm -qa memcached
[root@Memcached-Server ~]# yum -y install memcached
[root@Memcached-Server ~]# rpm -qa memcached
memcached-1.4.4-5.el6.x86_64
[root@Memcached-Server ~]# which memcached
/usr/bin/memcached
[root@Memcached-Server ~]# memcached -m 16m -p 11211 -d -u root -c 8192
[root@Memcached-Server ~]# netstat -tnlup|grep "11211"|grep -v "grep"
tcp 0 0 0.0.0.0:11211 0.0.0.0:* LISTEN 3438/memcached
tcp 0 0 :::11211 :::* LISTEN 3438/memcached
udp 0 0 0.0.0.0:11211 0.0.0.0:* 3438/memcached
udp 0 0 :::11211 :::* 3438/memcached
[root@Memcached-Server ~]# ps -ef|grep "memcached"|grep -v "grep"
root 3438 1 0 10:59 ? 00:00:00 memcached -m 16m -p 11211 -d -u root -c 8192
[root@Memcached-Server ~]# lsof -i:11211
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
memcached 3659 root 26u IPv4 22784 0t0 TCP *:memcache (LISTEN)
memcached 3659 root 27u IPv6 22785 0t0 TCP *:memcache (LISTEN)
memcached 3659 root 28u IPv4 22788 0t0 UDP *:memcache
memcached 3659 root 29u IPv6 22789 0t0 UDP *:memcache
[root@Memcached-Server ~]# echo "memcached -m 16m -p 11211 -d -u root -c 8192" >> /etc/rc.local
[root@Memcached-Server ~]# tail -1 /etc/rc.local
memcached -m 16m -p 11211 -d -u root -c 8192
Memcached启动参数
-p <num> TCP port number to listen on (default: 11211)
-s <file> UNIX socket path to listen on (disables network support)
-l <ip_addr> interface to listen on (default: INADDR_ANY, all addresses)
-d run as a daemon
-u <username> assume identity of <username> (only when run as root)
-m <num> max memory to use for items in megabytes (default: 64 MB)
-M return error on memory exhausted (rather than removing items)
-c <num> max simultaneous connections (default: 1024)
-P <file> save PID in <file>, only used with -d option
-f <factor> chunk size growth factor (default: 1.25)
-n <bytes> minimum space allocated for key+value+flags (default: 48)
-t <num> number of threads to use (default: 4)
MySQL管理Memcached管理
MySQL的insert语句Memcached的set命令
MySQL的select语句Memcached的get命令
MySQL的delete语句Memcached的delete命令
MySQL的update语句Memcached的replace命令
Memcached命令操作基本语法
set key 0 0 6
<command name><key><flags> <exptime> <byte>\r\n
<datablock>\r\n
<status>\r\n
<flags>表示数据格式,如json、xml
<exptime>表示存放时间,0表示不过期
<byte>表示字节数(写入内容)
telnet管理Memcached
[root@Memcached-Server ~]# telnet 127.0.0.1 11211
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
set user01 0 0 3
linbin
CLIENT_ERROR bad data chunk
ERROR
set user01 0 0 6
linbin
STORED
get user01
VALUE user01 0 6
linbin
END
delete user01
DELETED
get user01
END
quit
Connection closed by foreign host.
nc管理Memcached
[root@Memcached-Server ~]# printf "set user01 0 0 6\r\nlinbin\r\n"|nc 127.0.0.1 11211
STORED
[root@Memcached-Server ~]# printf "get user01\r\n"|nc 127.0.0.1 11211
VALUE user01 0 6
linbin
END
[root@Memcached-Server ~]# printf "delete user01\r\n"|nc 127.0.0.1 11211
DELETED
[root@Memcached-Server ~]# printf "get user01\r\n"|nc 127.0.0.1 11211
END
[root@Memcached-Server ~]# printf "set user01 0 0 6\r\nlinbin\r\n"|nc 127.0.0.1 11211
STORED
[root@Memcached-Server ~]# printf "get user01\r\n"|nc 127.0.0.1 11211
VALUE user01 0 6
linbin
END
[root@Memcached-Server ~]# printf "replace user01 0 0 6\r\nLINBIN\r\n"|nc 127.0.0.1 11211
STORED
[root@Memcached-Server ~]# printf "get user01\r\n"|nc 127.0.0.1 11211
VALUE user01 0 6
LINBIN
END
PHP支持memcached扩展
<?php
$memcache = new Memcache;
$memcache->connect('192.168.100.133', 11211) or die ("Could Not Connect Memcached Server");
$memcache->set('key', 'keysou Server');
$get= $memcache->get('key');
echo $get;
?>
Memcached预热
Memcached持久化用Redis代替
集群开启顺序:后端-->前端
Memcached内存管理原理:Slab Allocator的内存分配机制,按照预先规定的大小,将分配的内存分割成特定长度的块(Chunk),再把尺寸相同的块分成组(Slab),这些内存块不会释放,可以重复利用,以完全解决内存碎片问题
Memcached内存管理原理图
Slab内存管理机制特点
【1】提前分配大内存Slab(默认1M),再进行小对象填充Chunk
【2】避免大量重复的初始化和清理,减轻内存管理负担
【3】避免频繁Malloc/Free内存分配导致的碎片
Memcached内存管理涉及三个概念
【1】Chunk:固定大小的内存空间,默认为48Byte
【2】Page:实际的物理空间
【3】Slab:相同大小的Chunk
[root@Memcache-Server ~]# memcached -f 2 -u root -vvv<=="-f"指定调优因子
slab class 1: chunk size 96 perslab 10922
slab class 2: chunk size 192 perslab 5461
slab class 3: chunk size 384 perslab 2730
slab class 4: chunk size 768 perslab 1365
slab class 5: chunk size 1536 perslab 682
slab class 6: chunk size 3072 perslab 341
slab class 7: chunk size 6144 perslab 170
slab class 8: chunk size 12288 perslab 85
slab class 9: chunk size 24576 perslab 42
slab class 10: chunk size 49152 perslab 21
slab class 11: chunk size 98304 perslab 10
slab class 12: chunk size 196608 perslab 5
slab class 13: chunk size 393216 perslab 2
slab class 14: chunk size 1048576 perslab 1
Memcached懒惰删除对象机制:不主动检查对象是否过期,而是在get对象时检查对象是否过期
Memcached删除机制小结
【1】不主动检查对象是否过期,而是在get时才会检查对象是否过期以及是否应该删除
【2】当删除对象时,一般不会释放内存空间,而是标记删除,将指针放入slot回收插槽,下次分配的时候直接使用
【3】当内存空间被沾满时,才会更加LRU算法把最近最少使用的对象删除
【4】数据存入可以设定过期时间,但是数据过期不会被立即删除,而是在get的时才会被检查对象是否过期以及应该删除
【5】如果不希望系统使用LRU算法清除数据,可以使用-M参数
[root@Memcached-Server ~]# telnet 127.0.0.1 11211
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
stats<==查看memcached状态信息
STAT pid 3438
STAT uptime 16636
STAT time 1486366601
STAT version 1.4.4
STAT pointer_size 64
STAT rusage_user 8.631687
STAT rusage_system 6.732976
STAT curr_connections 10
STAT total_connections 23
STAT connection_structures 11
STAT cmd_get 7
STAT cmd_set 4
STAT cmd_flush 0
STAT get_hits 4
STAT get_misses 3
STAT delete_misses 0
STAT delete_hits 3
STAT incr_misses 0
STAT incr_hits 0
STAT decr_misses 0
STAT decr_hits 0
STAT cas_misses 0
STAT cas_hits 0
STAT cas_badval 0
STAT auth_cmds 0
STAT auth_errors 0
STAT bytes_read 281
STAT bytes_written 236
STAT limit_maxbytes 16777216
STAT accepting_conns 1
STAT listen_disabled_num 0
STAT threads 4
STAT conn_yields 0
STAT bytes 0
STAT curr_items 0
STAT total_items 4
STAT evictions 0
END
stats settings<==查看memcached设置信息
STAT maxbytes 16777216
STAT maxconns 8192
STAT tcpport 11211
STAT udpport 11211
STAT inter NULL
STAT verbosity 0
STAT oldest 0
STAT evictions on
STAT domain_socket NULL
STAT umask 700
STAT growth_factor 1.25
STAT chunk_size 48
STAT num_threads 4
STAT stat_key_prefix :
STAT detail_enabled no
STAT reqs_per_event 20
STAT cas_enabled yes
stats items<==查看items信息
END
stats slabs<==查看slab信息
STAT 1:chunk_size 96
STAT 1:chunks_per_page 10922
STAT 1:total_pages 1
STAT 1:total_chunks 10922
STAT 1:used_chunks 0
STAT 1:free_chunks 2
STAT 1:free_chunks_end 10920
STAT 1:mem_requested 0
STAT 1:get_hits 4
STAT 1:cmd_set 4
STAT 1:delete_hits 3
STAT 1:incr_hits 0
STAT 1:decr_hits 0
STAT 1:cas_hits 0
STAT 1:cas_badval 0
STAT active_slabs 1
STAT total_malloced 1048512
END
stats sizes<==查看items大小和个数
END
stats reset<==清空计数器
RESET
memadmin管理Memcached
Memcached优化
【1】提高命中率
【2】减少Chunk空间浪费
【3】减少Slab空间浪费
Memcached会话保持(PHP)
PXE+Kickstart无人值守安装系统工作过程
DHCP工作流程
Nginx基本优化
【1】隐藏Nginx版本号信息
【1-1】修改配置文件
[root@nginx ~]# curl -I 127.0.0.1
HTTP/1.1 200 OK
Server: nginx/1.10.1
Date: Mon, 26 Jun 2017 00:59:53 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Sat, 24 Jun 2017 02:05:03 GMT
Connection: keep-alive
ETag: "594dc8cf-264"
Accept-Ranges: bytes
[root@nginx ~]# vim /etc/nginx/nginx.conf
http {
..........
server_tokens off;
..........
}
[root@nginx ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@nginx ~]# /usr/local/nginx/sbin/nginx -s reload
[root@nginx ~]# curl -I 127.0.0.1
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 26 Jun 2017 01:01:43 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Sat, 24 Jun 2017 02:05:03 GMT
Connection: keep-alive
ETag: "594dc8cf-264"
Accept-Ranges: bytes
【1-2】修改源码(编译生效)
[root@nginx ~]# vim /usr/local/src/nginx-1.10.1/src/core/nginx.h
#define NGINX_VERSION "2.10.1"<==显示版本号
#define NGINX_VAR "Apache"<==显示软件名称
[root@nginx ~]# vim /usr/local/src/nginx-1.10.1/src/http/ngx_http_header_filter_module.c
static char ngx_http_server_string[] = "Server: Apache" CRLF;
[root@nginx ~]# vim /usr/local/src/nginx-1.10.1/src/http/ngx_http_special_response.c
static u_char ngx_http_error_full_tail[] =
"<hr><center>" NGINX_VER " (http://www.keysou.com) </center>" CRLF
"</body>" CRLF
"</html>" CRLF
;
static u_char ngx_http_error_tail[] =
"<hr><center>Apache</center>" CRLF
"</body>" CRLF
"</html>" CRLF
;
【2】指定Nginx运行用户(work进程)
【2-1】编译时指定用户
[root@nginx nginx-1.10.1]# ./configure --prefix=/usr/local/nginx-1.10.1 \
--user=www \
--group=www
【2-2】修改配置文件
[root@nginx ~]# vim /etc/nginx/nginx.conf
user www www;
[root@nginx ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@nginx ~]# /usr/local/nginx/sbin/nginx -s reload
[root@nginx ~]# ps -ef|grep nginx|grep -v "grep"
root 968 1 0 09:00 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx -c /etc/nginx/nginx.conf
www 2599 968 0 16:32 ? 00:00:00 nginx: worker process
【3】调整Nginx进程数(work进程)
[root@nginx ~]# vim /etc/nginx/nginx.conf
worker_processes 4;<==与CPU核数相等
[root@nginx ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@nginx ~]# /usr/local/nginx/sbin/nginx -s reload
[root@nginx ~]# ps -ef|grep nginx|grep -v "grep"
root 968 1 0 09:00 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx -c /etc/nginx/nginx.conf
www 2599 968 0 16:32 ? 00:00:00 nginx: worker process
www 2600 968 0 16:32 ? 00:00:00 nginx: worker process
www 2601 968 0 16:32 ? 00:00:00 nginx: worker process
www 2602 968 0 16:32 ? 00:00:00 nginx: worker process
【4】调整CPU亲和力(让CPU平均运行Nginx进程)
[root@nginx ~]# vim /etc/nginx/nginx.conf
worker_processes 4;
worker_cpu_affinity 0001 0010 0100 1000;<==如果是8个进程数,8核CPU,可以调整:worker_cpu_affinity 00000001 00000010 00000100 00001000 00010000 00100000 01000000 10000000;
[root@nginx ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@nginx ~]# /usr/local/nginx/sbin/nginx -s reload
【5】调整事件处理模型(epoll模型)
[root@nginx ~]# vim /etc/nginx/nginx.conf
events {
use epoll;
}
[root@nginx ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@nginx ~]# /usr/local/nginx/sbin/nginx -s reload
epoll和select模型的区别
【6】调整单个worker进程最大并发连接数
events {
use epoll;
worker_connections 20480;<==单台最大连接数=worker_processes * worker_connections
}
[root@nginx ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@nginx ~]# /usr/local/nginx/sbin/nginx -s reload
【7】调整单个worker进程打开的文件数
[root@nginx ~]# vim /etc/nginx/nginx.conf
user www www;
worker_processes 4;
worker_cpu_affinity 0001 0010 0100 1000;
worker_rlimit_nofile 65535;
[root@nginx ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@nginx ~]# /usr/local/nginx/sbin/nginx -s reload
【8】调整域名HASH表大小
[root@nginx ~]# vim /etc/nginx/nginx.conf
http {
..........
server_names_hash_bucket_size 128;
server_names_hash_max_size 512;
..........
}
[root@nginx ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@nginx ~]# /usr/local/nginx/sbin/nginx -s reload
【9】开启高效的文件传输模式(数据在内核层操作,而传统的read和write需要把数据拷贝到应用层再操作)
[root@nginx ~]# vim /etc/nginx/nginx.conf
http {
..........
sendfile on;
tcp_nopush on;<==依赖sendfile开启才生效,减少网络报文的数量(先把数据缓存再发送)
tcp_nodelay on;<==默认情况下发送数据,内核并不会马上发送,可能会等待更多的字节组成一个数据包,提高I/O性能
..........
}
[root@nginx ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@nginx ~]# /usr/local/nginx/sbin/nginx -s reload
【10】调整连接超时时间(节约服务器资源,自我保护的一种管理和一种机制)
[root@nginx ~]# vim /etc/nginx/nginx.conf
http {
..........
keepalive_timeout 60;
..........
}
[root@nginx ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@nginx ~]# /usr/local/nginx/sbin/nginx -s reload
【11】调整读取客户端请求头部主体超时时间
[root@nginx ~]# vim /etc/nginx/nginx.conf
http {
..........
client_header_timeout 15;<==读取客户端请求头部超时时间,如果超过这个时间,服务端将返回Request time out(408)错误
client_body_timeout 15;<==读取客户端请求主体超时时间,如果超过这个时间,服务端将返回Request time out(408)错误
send_timeout 30;<==客户端和服务端建立连接超过这个时间不发送任何数据将关闭连接
..........
}
[root@nginx ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@nginx ~]# /usr/local/nginx/sbin/nginx -s reload
【12】调整客户端请求主体大小
[root@nginx ~]# vim /etc/nginx/nginx.conf
http {
..........
client_max_body_size 64m;
..........
}
[root@nginx ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@nginx ~]# /usr/local/nginx/sbin/nginx -s reload
【13】调整FastCGI相关参数
[root@nginx ~]# vim /etc/nginx/nginx.conf
http {
..........
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 128k;
fastcgi_buffers 8 128k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
..........
}
[root@nginx ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@nginx ~]# /usr/local/nginx/sbin/nginx -s reload
Nginx缓存功能(cache)
【14】开启Nginx压缩功能(节约带宽资源,提高传输效率)
[root@nginx ~]# vim /etc/nginx/nginx.conf
http {
..........
gzip on;
gzip_min_length 20k;
gzip_buffers 8 32k;
gzip_http_version 1.1;
gzip_comp_level 6;
gzip_types text/plain application/x-javascript text/javascript application/javascript text/css application/x-httpd-php image/jpeg image/gif image/png application/xml text/xml application/rss+xml application/octet-stream application/x-rar-compressed;
gzip_vary on;
gzip_disable "MSIE [1-6]\.";
..........
}
[root@nginx ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@nginx ~]# /usr/local/nginx/sbin/nginx -s reload
【15】Nginx expire功能
【15-1】可以降低网站的带宽,节约成本
【15-2】加快用户访问速度,提升用户体验
【15-3】降低服务器压力
[root@nginx ~]# vim /etc/nginx/nginx.conf
location ~^.*\.(jpg|jpeg|gif|png|bmp|css|js|swf|ico)$ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
expires 30d;
access_log off;
log_not_found off;<==是否在error_log中记录不存在的错误,默认是
}
[root@nginx ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@nginx ~]# /usr/local/nginx/sbin/nginx -s reload
【16】Nginx日志轮询
【17】Nginx根据URI访问控制
[root@nginx ~]# vim /etc/nginx/nginx.conf
location ~^/Runtime/ {
return 404;
}
[root@nginx ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@nginx ~]# /usr/local/nginx/sbin/nginx -s reload
[root@nginx ~]# mkdir /usr/local/nginx/html/Runtime/ -p
[root@nginx ~]# echo "keysou" >> /usr/local/nginx/html/Runtime/index.html
[root@nginx ~]# curl 127.0.0.1/Runtime/index.html
<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx</center>
</body>
</html>
【18】Nginx限制来源IP访问(后台访问、Nginx状态信息)
[root@nginx ~]# vim /etc/nginx/nginx.conf
location ~^/admin/ {
allow 192.168.100.0/24;
deny all;
}
[root@nginx ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@nginx ~]# /usr/local/nginx/sbin/nginx -s reload
【19】Nginx禁止非法域名解析
【19-1】让IP直接访问网站,非法域名解析直接返回501
[root@nginx ~]# vim /etc/nginx/nginx.conf
server {
listen 80 default_server;
server_name _;
return 501;
}
[root@nginx ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@nginx ~]# /usr/local/nginx/sbin/nginx -s reload
[root@nginx ~]# curl 192.168.100.133
<html>
<head><title>501 Internal Server Error</title></head>
<body bgcolor="white">
<center><h1>501 Internal Server Error</h1></center>
<hr><center>nginx</center>
</body>
</html>
【19-2】通过rewrite跳转
[root@nginx ~]# vim /etc/nginx/nginx.conf
server {
listen 80 default_server;
server_name _;
rewrite ^(.*) http://www.keysou.com/$1 permanent;
}
[root@nginx ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@nginx ~]# /usr/local/nginx/sbin/nginx -s reload
【20】Nginx资源防盗链
防盗链基本原理
【20-1】根据http referer实现防盗链(ngx_http_referer_module模块,简单、易用,只要referer域名不是本网站的域名则返回响应的状态码)
[root@nginx ~]# vim /etc/nginx/nginx.conf
location ~* \.(gif|jpg|png|bmp)$ {
valid_referers none blocked *.keysou.com;
if ($invalid_referer) {
return 403;
}
}
[root@nginx ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@nginx ~]# /usr/local/nginx/sbin/nginx -s reload
【20-2】根据cookie实现防盗链
【20-3】通过加密变换访问路径实现防盗链
【20-4】通过ngx_http_accesskey_module模块实现防盗链
【20-5】在产品设计上实现防盗链(水印)
【21】Nginx错误页面优雅显示(提升用户体验)
error_page 500 502 503 504 /50x.html;
【22】Nginx网站目录及文件权限
【22-1】文件权限644
【22-2】目录权限755
【22-3】文件及目录属主属组root
【22-4】上传目录属主属组www(Nginx用户)
【23】Nginx防爬虫
robots.txt机器人协议简介:Robots协议(也称为爬虫协议、机器人协议等)的全称是"网络爬虫排除标准"(Robots Exclusion Protocol),网站通过Robots协议告诉搜索引擎哪些页面可以抓取,哪些页面不能抓取
[root@nginx ~]# vim /etc/nginx/nginx.conf
if ($http_user_agent ~* "qihoobot|Baiduspider|Googlebot|Googlebot-Mobile|Googlebot-Image|Mediapartners-Google|Adsbot-Google|Feedfetcher-Google|Yahoo! Slurp|Yahoo! Slurp China|YoudaoBot|Sosospider|Sogou spider|Sogou web spider|MSNBot|ia_archiver|Tomato Bot") {
return 403;
}
[root@nginx ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@nginx ~]# /usr/local/nginx/sbin/nginx -s reload
【24】Nginx限制HTTP请求方法
[root@nginx ~]# vim /etc/nginx/nginx.conf
if ($request_method !~ ^(GET|HEAD|POST)$) {
return 403;
}
[root@nginx ~]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@nginx ~]# /usr/local/nginx/sbin/nginx -s reload
【25】Nginx程序架构优化
网站程序解耦:按照业务进行拆分提供服务
【26】Nginx使用普通用户启动(服务降权)
指定配置文件启动程序
【27】Nginx并发连接数限制(ngx_http_limit_conn_module限制单IP并发连接数)
http {
limit_conn_zone $binary_remote_addr zone=addr:10m;
...
server {
...
location /download/ {
limit_conn addr 1;
}
【28】Nginx请求速率限制(ngx_http_limit_req_module)
http {
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
...
server {
...
location /search/ {
limit_req zone=one burst=5;
}
【29】Nginx cache缓存网站数据
Nginx优化事项
【1】安全优化:隐藏Nginx版本号
【2】安全优化:更改掉默认的Nginx服务用户
【3】性能优化:根据硬件配置调整Nginx worker进程数
【4】性能优化:绑定不同的进程到不同的CPU上,资源平均分配
【5】性能优化:Nginx事件处理模型优化为epoll(Nginx epoll和Apache select的区别)
【6】性能优化:调整每个Nginx worker进程的最大连接数
【7】性能优化:调整每个Nginx worker进程的最大打开文件描述符数(配置参数不是越大越好,最好设为服务器承受的极限点)
【8】性能优化:开启Nginx高效的传输模式
【9】性能优化:调整各个超时参数,调整连接超时时间
【10】安全优化:上传文件大小限制(动态应用)
【11】性能优化:Nginx FastCGI参数优化
【12】性能优化:Nginx Gzip压缩优化
【13】性能优化:Nginx expirse缓存优化
【14】安全优化:更改源码隐藏软件名称及版本号
【15】性能优化:Nginx日志相关优化(访问日志切割轮询,不记录指定元素日志,最小化日志目录权限)
【16】安全优化:限制指定目录或指定扩展名的文件被访问(限制上传到资源目录的程序被访问,防止木马入侵)
【17】安全优化:限制来源IP客户端访问指定的网站或目录(适合内部使用的网站phpmyadmin)
【18】用户体检优化:针对错误页面进行优雅显示优化
【19】安全加性能优化:防爬虫优化(robots协议,根据Nginx内置变量HTTP_USER_AGENT进行控制)
【20】性能优化:防资源盗链优化(referer)
【21】安全优化:严格设置集群中读写分离后的Web站点目录的权限
【22】安全优化:防止使用IP访问Nginx网站(防止非法域名恶意解析)
【23】安全优化:防DOS攻击(单IP并发连接的控制及连接速率的控制)
【24】安全优化:防DDOS攻击策略(http://oldboy.blog.51cto.com/2561410/845349)
【25】安全优化:限制客户端请求的HTTP方法
【26】安全优化:为Web服务增加用户身份验证(适合内部机密网站)
【27】安全优化:让Nginx运行于(A Chroot Jail(Containers))监牢模式
【28】安全优化:Nginx加密传输优化(Nginx SSL)
【29】安全优化:移除所有不需要的Nginx Modules
【30】安全优化:Web服务器磁盘挂载及网络文件系统优化
【31】性能优化:使用Nginx cache缓存网站数据
PHP缓存加速优化
操作码简介及原理:当客户端请求一个PHP程序时,服务器的PHP引擎会解析该PHP程序,并将其编译为
特定的操作码文件(Operate Code,opcode),这是要执行的PHP代码的一种二进制表示形式,默认情况下
这个编译好的操作码由PHP引擎执行后丢弃,操作码缓存的原理就是将这个编译好的操作码保存下来
并将其放入内存中,以便下次调用该PHP页面时重用,避免相同的代码进行重新编译,节省PHP引擎编译
时间,降低服务器负载,减少资源的开销
PHP缓存加速器软件汇总
【1】xcache(内存、推荐)
【2】eaccelerator
【3】APC
【4】ZendOpcache(官方研发,推荐,--enable-opcache)
PHP缓存加速器xcache安装
[root@nginx ~]# tar xvfz xcache-3.2.0.tar.gz -C /usr/local/src/
[root@nginx ~]# cd /usr/local/src/xcache-3.2.0/
[root@nginx xcache-3.2.0]# /usr/local/php/bin/phpize
Configuring for:
PHP Api Version: 20131106
Zend Module Api No: 20131226
Zend Extension Api No: 220131226
[root@nginx xcache-3.2.0]# ./configure --enable-xcache --with-php-config=/usr/local/php/bin/php-config
[root@nginx xcache-3.2.0]# make && make install
[root@nginx xcache-3.2.0]# ls -l /usr/local/php-5.6.2/lib/php/extensions/no-debug-non-zts-20131226/xcache.so
-rwxr-xr-x 1 root root 701435 Jun 27 11:28 /usr/local/php-5.6.2/lib/php/extensions/no-debug-non-zts-20131226/xcache.so
[root@nginx ~]# vim /usr/local/php/etc/php.ini
extension = xcache.so
[root@nginx ~]# /etc/init.d/php-fpm restart
Gracefully shutting down php-fpm . done
Starting php-fpm done
[root@nginx ~]# /usr/local/php/bin/php -m|grep "XCache"
XCache
XCache Cacher
[root@nginx ~]# cd /usr/local/src/xcache-3.2.0/
[root@nginx xcache-3.2.0]# cat xcache.ini >> /usr/local/php/etc/php.ini
[root@nginx xcache-3.2.0]# vim /usr/local/php/etc/php.ini
[root@nginx xcache-3.2.0]# /etc/init.d/php-fpm restart
Gracefully shutting down php-fpm . done
Starting php-fpm done
PHP图像处理imagick安装
[root@nginx ~]# tar xvfz ImageMagick.tar.gz -C /usr/local/src/
[root@nginx ~]# cd /usr/local/src/ImageMagick-6.5.1-2/
[root@nginx ImageMagick-6.5.1-2]# ./configure
[root@nginx ImageMagick-6.5.1-2]# make && make install
[root@nginx ~]# tar xf imagick-3.3.0.tgz -C /usr/local/src/
[root@nginx ~]# cd /usr/local/src/imagick-3.3.0/
[root@nginx imagick-3.3.0]# /usr/local/php/bin/phpize
Configuring for:
PHP Api Version: 20131106
Zend Module Api No: 20131226
Zend Extension Api No: 220131226
[root@nginx imagick-3.3.0]# ./configure --with-php-config=/usr/local/php/bin/php-config
[root@nginx imagick-3.3.0]# make && make install
[root@nginx imagick-3.3.0]# ls -l /usr/local/php-5.6.2/lib/php/extensions/no-debug-non-zts-20131226/imagick.so
-rwxr-xr-x 1 root root 1053488 Jun 27 13:38 /usr/local/php-5.6.2/lib/php/extensions/no-debug-non-zts-20131226/imagick.so
[root@nginx ~]# vim /usr/local/php/etc/php.ini
extension = imagick.so
[root@nginx ~]# /etc/init.d/php-fpm restart
Gracefully shutting down php-fpm . done
Starting php-fpm done
[root@nginx ~]# /usr/local/php/bin/php -m|grep "imagick"
imagick
tmpfs文件系统:基于内存的文件系统
PHP优化事项
【1】开启PHP安全模式
PHP5.3已不再有此模式:safe_mode = On
【2】用户组安全
【3】关闭危险函数
disable_functions = passthru,exec,system,chroot,scandir,chgrp,chown,shell_exec,proc_open,proc_get_status,ini_alter,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server,escapeshellcmd,dll,popen,disk_free_space,checkdnsrr,checkdnsrr,getservbyname,getservbyport,disk_total_space,posix_ctermid,posix_get_last_error,posix_getcwd, posix_getegid,posix_geteuid,posix_getgid, posix_getgrgid,posix_getgrnam,posix_getgroups,posix_getlogin,posix_getpgid,posix_getpgrp,posix_getpid, posix_getppid,posix_getpwnam,posix_getpwuid, posix_getrlimit, posix_getsid,posix_getuid,posix_isatty, posix_kill,posix_mkfifo,posix_setegid,posix_seteuid,posix_setgid, posix_setpgid,posix_setsid,posix_setuid,posix_strerror,posix_times,posix_ttyname,posix_uname
【4】关闭PHP版本信息在HTTP头中的泄露
expose_php = Off
【5】关闭注册全局变量
PHP5.6已不再有此参数:register_globals = Off
【6】打开magic_quotes_gpc防止SQL注入
SQL注入简介
【7】错误信息控制
display_errors = Off
error_reporting = E_WARNING & E_ERROR
【8】错误日志
log_errors = On
error_log = /var/log/php_error.log
【9】资源限制参数优化
【9-1】设置每个脚本运行的最长时间
max_execution_time = 30
【9-2】设置每个脚本使用的最大内存
memory_limit = 128M
【9-3】设置每个脚本等待输入数据的最长时间
max_input_time = 60
【9-4】设置上传文件的最大许可大小
upload_max_filesize = 2M
【9-5】单个请求上传的最大文件数
max_file_uploads = 20
【10】安全参数优化
【10-1】禁止打开远程地址
allow_url_fopen = Off
【10-2】设置cgi.fix_pathinfo=0防止Nginx文件类型错误解析漏洞
cgi.fix_pathinfo= 0
【11】设置PHP session信息存放类型和位置
session.save_handler = memcache
session.save_path = "tcp://192.168.100.133:11211"
php-fpm优化事项
[root@nginx ~]# vim /usr/local/php/etc/php-fpm.conf
pid = run/php-fpm.pid
error_log = log/php-fpm.log
log_level = error
daemonize = yes
rlimit_files = 32768
events.mechanism = epoll
user = www
group = www
listen = 127.0.0.1:9000
pm = dynamic
pm.max_children = 1024
pm.start_servers = 15
pm.min_spare_servers = 15
pm.max_spare_servers = 20
pm.process_idle_timeout = 15s;
pm.max_requests = 2048
slowlog = log/$pool.log.slow
request_slowlog_timeout = 10
代码管理控制软件SVN
SVN简介
SVN运行模式
【1】独立服务运行(推荐)
【2】借助Apache等HTTP服务
【2-1】单独安装apache+svn
【2-2】CSVN(apache+svn)是一个单独的整合的软件,带WEB界面管理的SVN软件
【3】直接本地访问
SVN安装
[root@svn ~]# rpm -qa subversion
subversion-1.6.11-10.el6_5.x86_64
[root@svn ~]# mkdir /data/svndata
[root@svn ~]# ll -d /data/svndata/
drwxr-xr-x 2 root root 4096 2017-01-19 10:10 /data/svndata/
[root@svn ~]# mkdir /data/svnpasswd
[root@svn ~]# ll -d /data/svnpasswd/
drwxr-xr-x 2 root root 4096 2017-01-19 13:29 /data/svnpasswd/
[root@svn ~]# svnadmin create /data/svndata/sadoc
[root@svn ~]# svnserve -d -r /data/svndata/
[root@svn ~]# echo "svnserve -d -r /data/svndata/" >> /etc/rc.local
[root@svn ~]# tail -1 /etc/rc.local
svnserve -d -r /data/svndata/
[root@svn ~]# ps -ef|grep "svn"|grep -v "grep"
root 18174 1 0 13:32 ? 00:00:00 svnserve -d -r /data/svndata/
[root@svn ~]# netstat -tnlup|grep "3690"
tcp 0 0 0.0.0.0:3690 0.0.0.0:* LISTEN 18174/svnserve
[root@svn ~]# cd /data/svndata/sadoc/conf/
[root@svn conf]# ll
total 12
-rw-r--r-- 1 root root 1080 2017-01-19 13:32 authz
-rw-r--r-- 1 root root 309 2017-01-19 13:32 passwd
-rw-r--r-- 1 root root 2279 2017-01-19 13:32 svnserve.conf
[root@svn conf]# vim svnserve.conf
anon-access = none
auth-access = write
password-db = /data/svnpasswd/passwd
authz-db = /data/svnpasswd/authz
realm = sadoc
[root@svn conf]# mv passwd authz /data/svnpasswd/
[root@svn conf]# vim /data/svnpasswd/passwd
[users]
linbin = linbin12
lb = lb12
LINBIN = LINBIN12
LB = LB12
[root@svn conf]# chmod 600 /data/svnpasswd/passwd
[root@svn conf]# ll /data/svnpasswd/passwd
-rw------- 1 root root 337 2017-01-19 13:41 /data/svnpasswd/passwd
[root@svn conf]# vim /data/svnpasswd/authz
[groups]
keysou = linbin,lb
[sadoc:/]
LINBIN = r
LB = rw
@keysou = r
[root@svn conf]# ps -ef|grep "svn"|grep -v "grep"
root 18174 1 0 13:32 ? 00:00:00 svnserve -d -r /data/svndata/
[root@svn conf]# kill 18174
[root@svn conf]# kill 18174
-bash: kill: (18174) - No such process
[root@svn conf]# svnserve -d -r /data/svndata/
[root@svn conf]# ps -ef|grep "svn"|grep -v "grep"
root 18234 1 0 13:49 ? 00:00:00 svnserve -d -r /data/svndata/
trunk:主干
branch:分支
tag:打标记
定制RPM包
软件包安装方式
【1】yum安装:全自动化安装,不需要为依赖问题发愁,自主性太差,软件的功能、存放位置都已经固定好了,不易变更
【2】rpm安装
【3】编译安装:可以定制化安装目录、按需开启功能,需要查找并实验出适合的编译参数
【4】编译安装定制成rpm包,放置自建yum仓库
打包工具
【1】rpmbuild
【2】fpm(推荐)
参考文档:http://www.zyops.com/autodeploy-rpm
[root@node1 ~]# cat /etc/redhat-release
CentOS release 6.6 (Final)
[root@node1 ~]# uname -r
2.6.32-504.el6.x86_64
[root@node1 ~]# uname -m
x86_64
[root@node1 ~]# rpm -qa ruby rubygems ruby-devel
[root@node1 ~]# yum -y install ruby rubygems ruby-devel
[root@node1 ~]# rpm -qa ruby rubygems ruby-devel
rubygems-1.3.7-5.el6.noarch
ruby-1.8.7.374-5.el6.x86_64
ruby-devel-1.8.7.374-5.el6.x86_64
[root@node1 ~]# gem sources list
*** CURRENT SOURCES ***
http://rubygems.org/
[root@node1 ~]# gem sources --remove https://rubygems.org/
source https://rubygems.org/ not present in cache
[root@node1 ~]# gem sources -a http://gems.ruby-china.org/
http://gems.ruby-china.org/ added to sources
[root@node1 ~]# gem install json -v 1.8.3
[root@node1 ~]# gem install fpm -v 1.3.3
自定义yum仓库
[root@node1 ~]# mkdir /etc/yum/centos6.6/x86_64 -p
[root@node1 ~]# ls -ld /etc/yum/centos6.6/x86_64/
drwxr-xr-x 2 root root 4096 Jun 21 16:47 /etc/yum/centos6.6/x86_64/
[root@node1 ~]# cd /etc/yum/centos6.6/x86_64/<==rpm软件包目录
[root@node1 x86_64]# yumdownloader pcre-devel openssl-devel<==下载软件包但不安装
[root@node1 x86_64]# ls
openssl-devel-1.0.1e-57.el6.i686.rpm pcre-devel-7.8-7.el6.i686.rpm
openssl-devel-1.0.1e-57.el6.x86_64.rpm pcre-devel-7.8-7.el6.x86_64.rpm
[root@node1 x86_64]# yum -y install createrepo
[root@node1 x86_64]# createrepo -pdo /etc/yum/centos6.6/x86_64/ /etc/yum/centos6.6/x86_64/
Spawning worker 0 with 4 pkgs
Workers Finished
Gathering worker results
Saving Primary metadata
Saving file lists metadata
Saving other metadata
Generating sqlite DBs
Sqlite DBs complete
[root@node1 x86_64]# ls repodata/
38c8d9f69739c5cb19c7cb644bd31b8c3843593690277cdccebac09990b83a3c-filelists.xml.gz
45a30b215e8b6eaeef27951851b8b0057004e357978fc865ec23cd6d3997180a-primary.sqlite.bz2
67316dfa0d90266d902aa8741443e579bcc1d3fc752f735f1135949cb430cd41-filelists.sqlite.bz2
76bf5d06d69f930713de2e30d6012c9d2981619ab25d1e3f37dd049b07a538e1-other.xml.gz
f3d8e0e8b38c823fd1732765d963aae1d02f96d8bc6ae94f7ebf47bb091b00ac-primary.xml.gz
fb264e579a11a78c2f804122d6bad68d3371ed822949d6dc2988a446911eb106-other.sqlite.bz2
repomd.xml
[root@node1 x86_64]# python -m SimpleHTTPServer 80 &>/dev/null &
[1] 12007
[root@node1 x86_64]# createrepo --update /etc/yum/centos6.6/x86_64/<==每添加一个rpm包执行更新
Saving Primary metadata
Saving file lists metadata
Saving other metadata
Generating sqlite DBs
Sqlite DBs complete
客户端配置
[root@node2 ~]# cd /etc/yum.repos.d/
[root@node2 yum.repos.d]# vim keysou.repo
[keysou]
name=keysou
baseurl=http://192.168.100.135
enable=1
gpgcheck=0
[root@node2 yum.repos.d]# yum --enablerepo=keysou --disablerepo=base,epel,updates,extras list
Available Packages
openssl-devel.i686 1.0.1e-57.el6 keysou
openssl-devel.x86_64 1.0.1e-57.el6 keysou
pcre-devel.i686 7.8-7.el6 keysou
pcre-devel.x86_64 7.8-7.el6 keysou
PPTP VPN
VPN简介
VPN协议
【1】PPTP:点对点隧道协议
【2】L2TP
【3】IPSEC
【4】SSL VPN(openvpn)
iptables
iptables简介:netfilter/iptables(简称iptables)是Unix/Linux自带的一款优秀且开放源代码的完全自由的基于包过滤的防火墙工具,它功能十分强大,使用非常灵活,可以对流入和流出服务器的数据包进行很精细的控制(工作在OSI七层的二、三、四层)
在大并发的业务场景,不建议开启iptables,会影响性能,可以在内网服务器前端放置硬件防火墙
安全优化
【1】尽可能不给服务器配置外网IP,可以通过代理转发
【2】并发不是特别大的情况在有外网IP的环境,开启防火墙
防火墙分类
【1】软件防火墙
【2】硬件防火墙
如何学好iptables
【1】熟悉OSI7层模型以及不同层对应协议
【2】熟悉TCP/IP三次握手,四次断开的过程
【3】熟悉常见的服务端口
netfilter组件也称为内核空间(Kernel Space),是内核的一部分,由一些信息包过滤表组成,这些表包含内核用来控制信息包过滤处理的规则集
iptables组件是一种管理工具,也称为用户空间(User Space),它使插入、修改和除去信息包过滤表中的规则变得容易
netfilter和iptables的关系是一个很容易让人搞不清的问题,很多人知道iptables却不知道netfilter,其实iptables只是Linux防火墙的管理工具而已,真正实现防火墙功能的是netfilter,它是Linux内核中实现包过滤的内部结构
什么是表(Tables)
netfilter是表(Tables)的容器,netfilter包含多张表
什么是链(Chains)
链(Chains)是规则(Policy)的容器
什么是规则(Policy)
过滤数据包的规范和具体的方法
iptables分层结构
netfilter/iptables-->Tables-->Chains-->Policy
iptables采用数据包过滤机制工作,它会对请求的数据包的包头数据进行分析,并根据预设的规则进行匹配来决定是否可以流入主机
iptables工作流程小结
【1】防火墙是一层层过滤的,实际是按照配置规则的顺序从上到下,从前到后进行过滤的
【2】如果匹配上规则,即明确表明是阻止还是通过,此数据包就不会再向下匹配新规则了
【3】如果所有规则中没有明确表明是阻止还是通过此数据包,也就是没有匹配上规则,向下进行匹配,直到匹配默认规则得到明确的阻止还是通过
【4】防火墙的默认规则是对应链的所有规则执行完才会执行的
iptables表(Tables,四表五链)
【1】filter(默认的表,应用场景主机防火墙使用的表)
【1-1】INPUT(for packets destined to local sockets)流入主机的数据包
【1-2】OUTPUT(for locally-generated packets)流出主机的数据包
【1-3】FORWARD(for packets being routed through the box)流经主机的数据包
【2】nat(网络地址转换,应用场景局域网共享上网、IP及端口的映射)
【2-1】PREROUTING(for altering packets as soon as they come in)数据包到达防火墙最先经过的链(IP及端口的映射)
【2-2】OUTPUT(for altering locally-generated packets before routing)
【2-3】POSTROUTING(for altering packets as they are about to go out)数据包离开防火墙最后经过的链(局域网共享上网)
【3】mangle(一些路由标记)
【3-1】PREROUTING(for altering incoming packets before routing)
【3-2】OUTPUT(for altering locally-generated packets before routing)
【3-3】INPUT(for packets coming into the box itself)
【3-4】FORWARD(for altering packets being routed through the box)
【3-5】POSTROUTING(for altering packets as they are about to go out)
【4】raw(对防火墙规则跟踪调试)
【4-1】PREROUTING(for packets arriving via any network interface)
【4-2】OUTPUT(for packets generated by local processes)
iptables处理数据包流程图
TARGETS
【1】ACCEPT:接受
【2】DROP:丢弃
【3】REJECT:拒绝
【4】QUEUE
【5】RETURN
iptables语法格式
iptables -[AD] chain rule-specification [options]
iptables -I chain [rulenum] rule-specification [options]
iptables -R chain rulenum rule-specification [options]
iptables -D chain rulenum [options]
iptables -[LS] [chain [rulenum]] [options]
iptables -[FZ] [chain] [options]
iptables -[NX] chain
iptables -E old-chain-name new-chain-name
iptables -P chain target [options]
iptables -h (print this help information)
iptables常用参数
-L列表 --list [chain]
-n以数字查看规则 --numeric
-t指定表 --table table
-N自定义链 --new-chain chain
-F清空所有规则,不会处理默认的规则 --flush [chain]
-X删除自定义链 --delete-chain [chain]
-Z链的计数器清零 --zero [chain [rulenum]]
-A添加规则到指定的链的结尾(追加),最后一条 --append chain rule-specification
-I添加规则到指定的链的开头(插入),第一条,也可以添加到指定的位置 --insert chain [rulenum] rule-specification
-D删除指定规则(2种方法) --delete chain rule-specification、--delete chain rulenum
--line-number显示规则序号
!非,表示取反
-i eht0流入网络接口eth0 --in-interface name
-o eth0流出网络接口eth0 --out-interface name
-p指定协议类型(tcp、udp、icmp、all) --protocol protocol
-s根据源IP地址过滤 --source address[/mask][,...]
-d根据目标IP地址过滤 --destination address[/mask][,...]
--sport根据源端口过滤 --source-port,--sport port[:port]
--dport根据目标端口过滤 --destination-port,--dport port[:port]
-m multiport匹配多端口过滤
-m state匹配网络状态 --state state
-m limit限制
-p icmp --icmp-type 禁止ping --icmp-type {type[/code]|typename}
-P设置默认规则 --policy chain target
-j处理动作(target,包括ACCEPT(接受)、DROP(丢弃)、REJECT(拒绝))DROP优于REJECT
[root@node1 ~]# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@node1 ~]# iptables -F
[root@node1 ~]# iptables -X
[root@node1 ~]# iptables -Z
[root@node1 ~]# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@node1 ~]# iptables -t filter -I INPUT -p tcp --dport 22 -j DROP<==根据目标端口、协议进行过滤
[root@node1 ~]# iptables -t filter -I INPUT -s 192.168.100.0/24 -j DROP<==根据源IP地址、网段进行过滤
[root@node1 ~]# iptables -t filter -I INPUT !-s 192.168.100.133 -j DROP<==非,取反
[root@node1 ~]# iptables -t filter -I INPUT 2 !-s 192.168.100.133 -j DROP<==插入到指定的位置
[root@node1 ~]# iptables -t filter -D INPUT -p tcp --dport 82 -j DROP<==删除规则(具体)
[root@node1 ~]# iptables -t filter -D INPUT 2<==删除规则(序号)
[root@node1 ~]# iptables -t filter -I INPUT -i eth0 -s 192.168.100.0/24 -j DROP<==指定流入网络接口,-i表示流入,-o表示流出
匹配端口范围
[root@node1 ~]# iptables -t filter -I INPUT -p tcp --dport 22:80 -j ACCEPT
[root@node1 ~]# iptables -t filter -I INPUT -p tcp --dport 22,23,24 -j ACCEPT<<--错误语法
[root@node1 ~]# iptables -t filter -I INPUT -p tcp -m multiport --dport 22,23,24 -j ACCEPT
[root@node1 ~]# iptables -t filter -I INPUT -p tcp --dport 3306:8192 -j DROP
匹配icmp类型
[root@node1 ~]# iptables -t filter -I INPUT -p icmp --icmp-type=8 -j DROP<==根据icmp类型过滤
匹配网络状态
-m state --state
NEW已经或将启动新的连接
ESTABLISHED已经建立的连接
RELATED正在启动的新连接
INVALID非法或无法识别的连接<==ftp是一个特殊的服务(连接21号端口进行验证,20号端口进行传输数据),需要配合网络状态匹配
限制指定时间包的允许通过的数量及并发数
-m limit --limit n/(second/minute/hour)
指定时间内的请求速率 "n"为速率,后面为时间单位,分别是秒、分、时
--limit-burst [n]
在同一时间内允许通过的请求 "n"为数字,不指定默认为5
[root@node1 ~]# iptables -t filter -I INPUT -s 192.168.100.0/24 -p icmp --icmp-type 8 -m limit --limit 5/min --limit-burst 2 -j ACCEPT
生产环境配置防火墙iptables
[root@node1 ~]# iptables -F
[root@node1 ~]# iptables -X
[root@node1 ~]# iptables -Z
[root@node1 ~]# /etc/init.d/iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
[root@node1 ~]# iptables -t filter -A INPUT -s 192.168.100.0/24 -p tcp --dport 22 -j ACCEPT
[root@node1 ~]# iptables -t filter -A INPUT -i lo -j ACCEPT
[root@node1 ~]# iptables -t filter -A OUTPUT -o lo -j ACCEPT
[root@node1 ~]# iptables -t filter -P OUTPUT ACCEPT
[root@node1 ~]# iptables -t filter -P FORWARD DROP
[root@node1 ~]# iptables -t filter -P INPUT DROP
[root@node1 ~]# iptables -L -n --line-number
Chain INPUT (policy DROP)
num target prot opt source destination
1 ACCEPT tcp -- 192.168.100.0/24 0.0.0.0/0 tcp dpt:22
2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
开放网站访问端口(80/443)
[root@node1 ~]# iptables -t filter -I INPUT -p tcp -m multiport --dport 80,443 -j ACCEPT
开放icmp类型访问
[root@node1 ~]# iptables -t filter -A INPUT -s 192.168.100.0/24 -p icmp -m icmp --icmp-type 8 -j ACCEPT
开放已经建立连接的数据包访问
[root@node1 ~]# iptables -t filter -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
[root@node1 ~]# iptables -t filter -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
[root@node1 ~]# iptables -L -n --line-number
Chain INPUT (policy DROP)
num target prot opt source destination
1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443
2 ACCEPT tcp -- 192.168.100.0/24 0.0.0.0/0 tcp dpt:22
3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
4 ACCEPT icmp -- 192.168.100.0/24 0.0.0.0/0 icmp type 8
5 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
Chain FORWARD (policy DROP)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
[root@node1 ~]# /etc/init.d/iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
[root@node1 ~]# iptables-save > /etc/sysconfig/iptables<==相当于/etc/init.d/iptables save
[root@node1 ~]# cat /etc/sysconfig/iptables
# Generated by iptables-save v1.4.7 on Fri Jan 20 14:40:47 2017
*filter
:INPUT DROP [3:702]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [65:3774]
-A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT
-A INPUT -s 192.168.100.0/24 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -s 192.168.100.0/24 -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Fri Jan 20 14:40:47 2017
[root@node1 ~]# nmap 192.168.100.133 -p 20-100<==扫描主机端口
Starting Nmap 5.51 ( http://nmap.org ) at 2017-01-20 14:30 CST
Nmap scan report for node1 (192.168.100.133)
Host is up (0.00018s latency).
Not shown: 79 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
Nmap done: 1 IP address (1 host up) scanned in 0.14 seconds
[root@node1 ~]# nmap www.keysou.com -p22,80,3306,9000,443,25,10050,10051
Starting Nmap 5.51 ( http://nmap.org ) at 2017-01-20 14:35 CST
Nmap scan report for www.keysou.com (120.31.134.61)
Host is up (0.11s latency).
rDNS record for 120.31.134.61: ns1.eflydns.net
PORT STATE SERVICE
22/tcp filtered ssh
25/tcp filtered smtp
80/tcp open http
443/tcp closed https
3306/tcp filtered mysql
9000/tcp filtered cslistener
10050/tcp filtered unknown
10051/tcp filtered unknown
Nmap done: 1 IP address (1 host up) scanned in 6.47 seconds
解决DDOS攻击iptables脚本(根据Web访问日志或网络连接数,监控某个IP并发连接数或短时间内PV到达100,即调用防火墙命令封掉对应的IP,监控频率每隔三分钟)
iptables应用场景
【1】主机防火墙:filter(INPUT)
【2】局域网共享上网:nat(POSTROUTING)
【3】IP及端口映射:nat(PREROUTING)
iptables代理局域网电脑上网
【1】代理服务器双网卡,eth0:公网地址,eth1:私网地址(与需要代理pc同一网段)
【2】代理服务器开启转发功能
【3】被代理pc网关指向代理服务器eth1地址(私网地址)
【4】代理服务器设置地址转换规则(nat表POSTROUTING)
[root@gateway ~]# vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
[root@gateway ~]# sysctl -p
[root@gateway ~]# iptables -t nat -A POSTROUTING -s 172.16.35.0/24 -o eth0 -j SNAT --to-source 192.168.100.133<==代理服务器有固定的公网地址
[root@gateway ~]# iptables -t nat -A POSTROUTING -s 172.16.35.0/24 -j MASQUERADE<==伪装,代理服务器没有固定的公网地址(拨号上网:ADSL)
Linux配置zebra路由
[root@gateway ~]# iptables -t nat -A PREROUTING -d 192.168.100.133 -p tcp --dport 80 -j DNAT --to-destination 172.16.35.133:80<==端口映射
[root@gateway ~]# iptables -t nat -A PREROUTING -d 192.168.100.133 -p tcp --dport 9999 -j DNAT --to-destination 172.16.35.133:22<==端口映射
MySQL优化
【1】硬件优化(三大件)
【1-1】CPU(8~16颗)
【1-2】MEM(96G~128G、运行3~4个实例)
【1-3】DISK(数量越多越好,性能:SSD(高并发业务) > SAS(普通业务) > SATA(线下业务))
RAID(自带缓存功能,性能:RAID0 > RAID10 > RAID5 > RAID1)
【1-4】网卡(多块网卡bond,buffer、tcp优化)
【2】软件优化
【2-1】操作系统(x86_64)
【2-2】编译安装(自定义编译安装)
【3】参数优化(my.cnf)
【3-1】优化幅度比较小,大部分是架构及SQL语句的优化
【4】SQL语句优化
【4-1】索引优化(慢查询日志分析工具)
【4-2】复杂的SQL语句拆分成多条SQL
【4-3】不要使用数据库进行计算、搜索操作
【5】架构优化
【5-1】业务拆分
【5-2】前端缓存(memcache、redis)
【5-3】NOSQL持久化存储
【5-4】动态数据静态化放置CDN缓存
【5-5】数据库集群与读写分离
【5-6】分库分表
【6】流程、制度、安全优化
冲突概念:网络上的两台计算机在同时通信时会发生冲突
冲突域概念:在同一个网络上两个比特同时进行传输则会产生冲突
广播域概念
广播风暴概念
VLAN概念
Nagios官网网站:http://www.nagios.org
Nagios的特点
【1】监控网络服务(SMTP、POP3、HTTP、TCP、PING等)
【2】监控主机资源(CPU、负载、I/O、SWAP、内存、磁盘使用率等)
【3】简单的插件设计模式使得用户可以方便定制符合自己的服务的检查方法
【4】并行服务检查机制
【5】具备定义网络分层结构的能力,用"parent"主机定义来表达网络主机间的关系,这种关系可被用来发现和明晰主机宕机或不可达状态
【6】当服务或主机问题产生与解决后将告警发送给联系人(Mail、手机短信)
【7】具备定义事件句柄功能,它可以在服务或主机的事件发生时获取更多问题定位
【8】自动的日志回滚
【9】可以支持并实现对主机的冗余监控(支持分布式监控)
【10】可选的WEB界面用于查看当前的网络状态、通知和故障历史、日志文件等
Nagios监控系统家族成员的构成
Nagios监控一般由一个主程序(Nagios)、一个插件程序(Nagios-plugins)和一些可选的附件程序(NRPE、NSClient++、NSCA、NDOUtils等)
Nagios本身就是一个监控平台而已,其具体的监控工作都是通过插件(Nagios-plugins,也可以自己编写)来实现的,因此,Nagios主程序和Nagios-plugins插件都是Nagios服务端必须安装的程序组件,Nagios-plugins一般也要安装于被监控端
【1】NRPE(半被动模式):用于在被监控的远程Linux/Unix主机上执行脚本插件获取数据回传给服务器端,以实现对这些主机资源的监控,端口5666
【2】NSClient++(半被动模式):用于在被监控Windows系统的服务器,功能相当于NRPE
【3】NDOUtils(不推荐使用):用于将Nagios的配置信息和各event产生的数据存入数据库以实现对这些数据的检索和处理
【4】NSCA(纯被动模式):用于被监控的远程Linux/Unix主机主动将监控到的信息发送给Nagios服务器(在分布式监控集群模式中要用到,300台服务器以内可以不用)
【1】NRPE运行原理图
【2】NSClient++运行原理图
【3】NDOUtils运行原理图
【4】NSCA运行原理图
服务端安装
[root@nagios ~]# echo "export LC_ALL=C" >> /etc/profile
[root@nagios ~]# source /etc/profile
[root@nagios ~]# echo $LC_ALL
C
[root@nagios ~]# /etc/init.d/iptables stop
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
[root@nagios ~]# chkconfig --level 3 iptables off
[root@nagios ~]# chkconfig --list iptables
iptables 0:off 1:off 2:on 3:off 4:on 5:on 6:off
[root@nagios ~]# getenforce
Disabled
[root@nagios ~]# crontab -e
####Synchronization Network Time Server####
*/5 * * * * /usr/sbin/ntpdate 0.pool.ntp.org &>/dev/null
[root@nagios ~]# crontab -l
####Synchronization Network Time Server####
*/5 * * * * /usr/sbin/ntpdate 0.pool.ntp.org &>/dev/null
[root@nagios ~]# yum -y install gcc glibc glibc-common gd gd-devel httpd php php-gd mysql*
[root@nagios ~]# useradd nagios
[root@nagios ~]# id nagios
uid=502(nagios) gid=502(nagios) groups=502(nagios)
[root@nagios ~]# usermod -G nagcmd nagios
[root@nagios ~]# usermod -G nagcmd apache
[root@nagios ~]# cd /software/
[root@nagios software]# rz
[root@nagios software]# ll
total 8864
-rw-r--r-- 1 root root 1763584 Feb 10 11:40 nagios-3.5.1.tar.gz
-rw-r--r-- 1 root root 2087089 Feb 10 11:48 nagios-plugins-1.4.16.tar.gz
-rw-r--r-- 1 root root 405725 Feb 10 11:57 nrpe-2.12.tar.gz
-rw-r--r-- 1 root root 455593 Feb 10 11:54 pnp-0.4.14.tar.gz
-rw-r--r-- 1 root root 4353536 Feb 10 11:50 rrdtool-1.2.14.tar.gz
[root@nagios software]# tar xvfz nagios-3.5.1.tar.gz -C /usr/local/src/
[root@nagios software]# cd /usr/local/src/nagios/
[root@nagios nagios]# ./configure --with-command-group=nagcmd
[root@nagios nagios]# make all
[root@nagios nagios]# make install
[root@nagios nagios]# make install-init
[root@nagios nagios]# make install-commandmode
[root@nagios nagios]# make install-config
[root@nagios nagios]# make install-webconf
[root@nagios nagios]# htpasswd -cb /usr/local/nagios/etc/htpasswd.users keysou 123456
Adding password for user keysou
[root@nagios software]# tar xvfz nagios-plugins-1.4.16.tar.gz -C /usr/local/src/
[root@nagios software]# cd /usr/local/src/nagios-plugins-1.4.16/
[root@nagios nagios-plugins-1.4.16]# yum -y install perl-devel
[root@nagios nagios-plugins-1.4.16]# ./configure --with-nagios-user=nagios --with-nagios-group=nagios --enable-perl-modules
[root@nagios nagios-plugins-1.4.16]# make && make install
[root@nagios nagios-plugins-1.4.16]# ll /usr/local/nagios/libexec/|wc -l
62
[root@nagios software]# tar xvfz nrpe-2.12.tar.gz -C /usr/local/src/
[root@nagios software]# cd /usr/local/src/nrpe-2.12/
[root@nagios nrpe-2.12]# ./configure
[root@nagios nrpe-2.12]# make all
[root@nagios nrpe-2.12]# make install-plugin
[root@nagios nrpe-2.12]# make install-daemon
[root@nagios nrpe-2.12]# make install-daemon-config
[root@nagios nrpe-2.12]# /etc/init.d/nagios start
Starting nagios: done.
[root@nagios nrpe-2.12]# ps -ef|grep "nagios"|grep -v "grep"
nagios 10663 1 0 14:33 ? 00:00:01 /usr/local/nagios/bin/nagios -d /usr/local/nagios/etc/nagios.cfg
[root@nagios nrpe-2.12]# /etc/init.d/httpd start
[root@nagios nrpe-2.12]# netstat -tnlup|grep "80"
tcp 0 0 :::80 :::* LISTEN 10699/httpd
客户端安装
[root@client01 ~]# echo "export LC_ALL=C" >> /etc/profile
[root@client01 ~]# source /etc/profile
[root@client01 ~]# echo $LC_ALL
C
[root@client01 ~]# /etc/init.d/iptables stop
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
[root@client01 ~]# chkconfig --level 3 iptables off
[root@client01 ~]# chkconfig --list iptables
iptables 0:off 1:off 2:on 3:off 4:on 5:on 6:off
[root@client01 ~]# getenforce
Disabled
[root@client01 ~]# crontab -e
####Synchronization Network Time Server####
*/5 * * * * /usr/sbin/ntpdate 0.pool.ntp.org &>/dev/null
[root@client01 ~]# crontab -l
####Synchronization Network Time Server####
*/5 * * * * /usr/sbin/ntpdate 0.pool.ntp.org &>/dev/null
[root@client01 ~]# useradd -M -s /sbin/nologin nagios
[root@client01 ~]# id nagios
uid=500(nagios) gid=500(nagios) groups=500(nagios)
[root@client01 ~]# cd /software/
[root@client01 software]# rz
[root@client01 software]# ll
total 2872
-rw-r--r--. 1 root root 10964 Feb 10 15:41 Class-Accessor-0.31.tar.gz
-rw-r--r--. 1 root root 16072 Feb 10 15:49 Config-Tiny-2.12.tar.gz
-rw-r--r--. 1 root root 34025 Feb 10 15:53 Math-Calc-Units-1.07.tar.gz
-rw-r--r--. 1 root root 44846 Apr 15 2010 Nagios-Plugin-0.34.tar.gz
-rw-r--r--. 1 root root 89148 Feb 10 15:36 Params-Validate-0.91.tar.gz
-rw-r--r--. 1 root root 237712 Feb 10 16:15 Regexp-Common-2016060801.tar.gz
-rw-r--r--. 1 root root 2087089 Feb 10 11:48 nagios-plugins-1.4.16.tar.gz
-rw-r--r--. 1 root root 405725 Feb 10 11:57 nrpe-2.12.tar.gz
[root@client01 software]# tar xvfz nagios-plugins-1.4.16.tar.gz -C /usr/local/src/
[root@client01 software]# cd /usr/local/src/nagios-plugins-1.4.16/
[root@client01 nagios-plugins-1.4.16]# yum -y install perl-devel openssl-devel
[root@client01 nagios-plugins-1.4.16]# ./configure --prefix=/usr/local/nagios --enable-perl-modules --enable-redhat-pthread-workaround
[root@client01 nagios-plugins-1.4.16]# make && make install
[root@client01 nagios-plugins-1.4.16]# ll /usr/local/nagios/libexec/|wc -l
60
[root@client01 software]# tar xvfz nrpe-2.12.tar.gz -C /usr/local/src/
[root@client01 software]# cd /usr/local/src/nrpe-2.12/
[root@client01 nrpe-2.12]# ./configure
[root@client01 nrpe-2.12]# make all
[root@client01 nrpe-2.12]# make install-plugin
[root@client01 nrpe-2.12]# make install-daemon
[root@client01 nrpe-2.12]# make install-daemon-config
[root@client01 software]# tar xvfz Params-Validate-0.91.tar.gz -C /usr/local/src/
[root@client01 software]# cd /usr/local/src/Params-Validate-0.91/
[root@client01 Params-Validate-0.91]# perl Makefile.PL
[root@client01 Params-Validate-0.91]# make && make install
[root@client01 software]# tar xvfz Class-Accessor-0.31.tar.gz -C /usr/local/src/
[root@client01 software]# cd /usr/local/src/Class-Accessor-0.31/
[root@client01 Class-Accessor-0.31]# perl Makefile.PL
[root@client01 Class-Accessor-0.31]# make && make install
[root@client01 software]# tar xvfz Config-Tiny-2.12.tar.gz -C /usr/local/src/
[root@client01 software]# cd /usr/local/src/Config-Tiny-2.12/
[root@client01 Config-Tiny-2.12]# perl Makefile.PL
[root@client01 Config-Tiny-2.12]# make && make install
[root@client01 software]# tar xvfz Math-Calc-Units-1.07.tar.gz -C /usr/local/src/
[root@client01 software]# cd /usr/local/src/Math-Calc-Units-1.07/
[root@client01 Math-Calc-Units-1.07]# perl Makefile.PL
[root@client01 Math-Calc-Units-1.07]# make && make install
[root@client01 software]# tar xvfz Regexp-Common-2016060801.tar.gz -C /usr/local/src/
[root@client01 software]# cd /usr/local/src/Regexp-Common-2016060801/
[root@client01 Regexp-Common-2016060801]# perl Makefile.PL
[root@client01 Regexp-Common-2016060801]# make && make install
[root@client01 software]# tar xvfz Nagios-Plugin-0.34.tar.gz -C /usr/local/src/
[root@client01 software]# cd /usr/local/src/Nagios-Plugin-0.34/
[root@client01 Nagios-Plugin-0.34]# perl Makefile.PL
[root@client01 Nagios-Plugin-0.34]# make && make install
[root@client01 software]# yum -y install sysstat dos2unix
[root@client01 software]# cp -a check_iostat /usr/local/nagios/libexec/
[root@client01 software]# cp -a check_memory.pl /usr/local/nagios/libexec/
[root@client01 software]# chmod 755 /usr/local/nagios/libexec/check_iostat
[root@client01 software]# chmod 755 /usr/local/nagios/libexec/check_memory.pl
[root@client01 software]# dos2unix /usr/local/nagios/libexec/check_iostat
dos2unix: converting file /usr/local/nagios/libexec/check_iostat to UNIX format ...
[root@client01 software]# dos2unix /usr/local/nagios/libexec/check_memory.pl
dos2unix: converting file /usr/local/nagios/libexec/check_memory.pl to UNIX format ...
[root@client01 software]# ll /usr/local/nagios/libexec/|wc -l
63
[root@client01 software]# cd /usr/local/nagios/etc/
[root@client01 etc]# cp -a nrpe.cfg nrpe.cfg.backup
[root@client01 etc]# sed -i '199,203d' nrpe.cfg
[root@client01 etc]# vim nrpe.cfg
allowed_hosts=127.0.0.1,192.168.100.131
[root@client01 etc]# echo "command[check_load]=/usr/local/nagios/libexec/check_load -w 15,10,6 -c 30,25,20" >> /usr/local/nagios/etc/nrpe.cfg
[root@client01 etc]# echo "command[check_mem]=/usr/local/nagios/libexec/check_memory.pl -w 6% -c 3%" >> /usr/local/nagios/etc/nrpe.cfg
[root@client01 etc]# echo "command[check_disk]=/usr/local/nagios/libexec/check_disk -w 20% -c 8% -p /" >> /usr/local/nagios/etc/nrpe.cfg
[root@client01 etc]# echo "command[check_swap]=/usr/local/nagios/libexec/check_swap -w 20% -c 10%" >> /usr/local/nagios/etc/nrpe.cfg
[root@client01 etc]# echo "command[check_iostat]=/usr/local/nagios/libexec/check_iostat -w 6 -c 10" >> /usr/local/nagios/etc/nrpe.cfg
[root@client01 etc]# /usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -d
[root@client01 etc]# echo "/usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -d" >> /etc/rc.local
[root@client01 etc]# tail -1 /etc/rc.local
/usr/local/nagios/bin/nrpe -c /usr/local/nagios/etc/nrpe.cfg -d
[root@client01 etc]# netstat -tnlup|grep "5666"
tcp 0 0 0.0.0.0:5666 0.0.0.0:* LISTEN 23530/nrpe
服务器配置
[root@nagios ~]# cd /usr/local/nagios/etc/
[root@nagios etc]# ll
total 76
-rw-rw-r-- 1 nagios nagios 11669 2017-02-10 13:20 cgi.cfg
-rw-r--r-- 1 root root 20 2017-02-10 13:28 htpasswd.users
-rw-rw-r-- 1 nagios nagios 44710 2017-02-10 13:20 nagios.cfg
-rw-r--r-- 1 nagios nagios 7207 2017-02-10 14:32 nrpe.cfg
drwxrwxr-x 2 nagios nagios 4096 2017-02-10 13:20 objects
-rw-rw---- 1 nagios nagios 1340 2017-02-10 13:20 resource.cfg
[root@nagios etc]# cd objects/
[root@nagios objects]# ll
total 48
-rw-rw-r-- 1 nagios nagios 7716 2017-02-10 13:20 commands.cfg
-rw-rw-r-- 1 nagios nagios 2166 2017-02-10 13:20 contacts.cfg
-rw-rw-r-- 1 nagios nagios 5403 2017-02-10 13:20 localhost.cfg
-rw-rw-r-- 1 nagios nagios 3124 2017-02-10 13:20 printer.cfg
-rw-rw-r-- 1 nagios nagios 3293 2017-02-10 13:20 switch.cfg
-rw-rw-r-- 1 nagios nagios 10812 2017-02-10 13:20 templates.cfg
-rw-rw-r-- 1 nagios nagios 3208 2017-02-10 13:20 timeperiods.cfg
-rw-rw-r-- 1 nagios nagios 4019 2017-02-10 13:20 windows.cfg
[root@nagios objects]# cd ..
[root@nagios etc]# tar cvfz etc.tar.gz ./*
[root@nagios etc]# vim nagios.cfg +34
cfg_file=/usr/local/nagios/etc/objects/services.cfg
cfg_file=/usr/local/nagios/etc/objects/hosts.cfg
# Definitions for monitoring the local (Linux) host
#cfg_file=/usr/local/nagios/etc/objects/localhost.cfg
cfg_dir=/usr/local/nagios/etc/services
[root@nagios etc]# mkdir services
[root@nagios etc]# chown -R nagios:nagios services/
[root@nagios etc]# ll -d services/
drwxr-xr-x 2 nagios nagios 4096 2017-02-13 09:32 services/
[root@nagios etc]# cd objects/
[root@nagios objects]# head -51 localhost.cfg > hosts.cfg
[root@nagios objects]# chown -R nagios:nagios hosts.cfg
[root@nagios objects]# ll hosts.cfg
-rw-r--r-- 1 nagios nagios 1870 2017-02-13 09:33 hosts.cfg
[root@nagios objects]# touch services.cfg
[root@nagios objects]# chown -R nagios:nagios services.cfg
[root@nagios objects]# ll services.cfg
-rw-r--r-- 1 nagios nagios 0 2017-02-13 09:35 services.cfg
[root@nagios objects]# ll
total 52
-rw-rw-r-- 1 nagios nagios 7716 2017-02-10 13:20 commands.cfg
-rw-rw-r-- 1 nagios nagios 2166 2017-02-10 13:20 contacts.cfg
-rw-r--r-- 1 nagios nagios 1870 2017-02-13 09:33 hosts.cfg
-rw-rw-r-- 1 nagios nagios 5403 2017-02-10 13:20 localhost.cfg
-rw-rw-r-- 1 nagios nagios 3124 2017-02-10 13:20 printer.cfg
-rw-r--r-- 1 nagios nagios 0 2017-02-13 09:35 services.cfg
-rw-rw-r-- 1 nagios nagios 3293 2017-02-10 13:20 switch.cfg
-rw-rw-r-- 1 nagios nagios 10812 2017-02-10 13:20 templates.cfg
-rw-rw-r-- 1 nagios nagios 3208 2017-02-10 13:20 timeperiods.cfg
-rw-rw-r-- 1 nagios nagios 4019 2017-02-10 13:20 windows.cfg
[root@nagios objects]# vim hosts.cfg
define host{
use linux
host_name 132-client01
alias 132-client01
address 192.168.100.132
}
define host{
use linux
host_name 131-nagios
alias 131-nagios
address 192.168.100.131
}
define hostgroup{
hostgroup_name linuxs
alias Linux Servers
members 132-client01,131-nagios
}
[root@nagios objects]# vim services.cfg
define service {
use generic-service
host_name 132-client01
service_description Disk Partition
check_command check_nrpe!check_disk
}
[root@nagios objects]# vim commands.cfg
# 'check_nrpe' command definition
define command{
command_name check_nrpe
command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$
}
[root@nagios objects]# /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg
Nagios Core 3.5.1
Copyright (c) 2009-2011 Nagios Core Development Team and Community Contributors
Copyright (c) 1999-2009 Ethan Galstad
Last Modified: 08-30-2013
License: GPL
Website: http://www.nagios.org
Reading configuration data...
Read main config file okay...
Processing object config file '/usr/local/nagios/etc/objects/commands.cfg'...
Processing object config file '/usr/local/nagios/etc/objects/contacts.cfg'...
Processing object config file '/usr/local/nagios/etc/objects/timeperiods.cfg'...
Processing object config file '/usr/local/nagios/etc/objects/templates.cfg'...
Processing object config file '/usr/local/nagios/etc/objects/services.cfg'...
Processing object config file '/usr/local/nagios/etc/objects/hosts.cfg'...
Processing object config directory '/usr/local/nagios/etc/services'...
Read object config files okay...
Running pre-flight check on configuration data...
Checking services...
Checked 1 services.
Checking hosts...
Warning: Host '131-nagios' has no services associated with it!
Checked 2 hosts.
Checking host groups...
Checked 1 host groups.
Checking service groups...
Checked 0 service groups.
Checking contacts...
Checked 1 contacts.
Checking contact groups...
Checked 1 contact groups.
Checking service escalations...
Checked 0 service escalations.
Checking service dependencies...
Checked 0 service dependencies.
Checking host escalations...
Checked 0 host escalations.
Checking host dependencies...
Checked 0 host dependencies.
Checking commands...
Checked 25 commands.
Checking time periods...
Checked 5 time periods.
Checking for circular paths between hosts...
Checking for circular host and service dependencies...
Checking global event handlers...
Checking obsessive compulsive processor commands...
Checking misc settings...
Total Warnings: 1
Total Errors: 0
Things look okay - No serious problems were detected during the pre-flight check
[root@nagios objects]# /etc/init.d/nagios reload
Running configuration check...done.
Reloading nagios configuration...done
[root@nagios objects]# vim ../cgi.cfg
authorized_for_system_information=keysou
authorized_for_configuration_information=keysou
authorized_for_system_commands=keysou
authorized_for_all_services=keysou
authorized_for_all_hosts=keysou
[root@nagios objects]# /etc/init.d/nagios reload
Running configuration check...done.
Reloading nagios configuration...done
如何选择主动模式和半被动模式
【1】对于本地的资源性能等的监控,一般用被动模式(NRPE),例如,对负载、内存、硬盘、虚拟内存、磁盘I/O、温度、风扇等的监控(也可以通过SNMP实现监控部分系统的资源)
【2】对于WEB服务,数据库服务这种能对外提供服务的监控,一般用主动模式,例如,监控httpd、sshd、mysqld、rsyncd等的服务
【3】主动模式和被动模式是相对的,并且是可以互相切换的,即主动模式的服务,可以改成被动模式,被动模式的服务有时也可以改成主动模式
【4】主动模式,和NRPE没有关系,就是利用服务端本地插件直接获取数据
【5】被动模式,服务端主程序通过check_nrpe,和客户端的NRPE进程通信,客户端调用本地插件获取数据
URL监控
[root@nagios objects]# vim services.cfg
define service {
use generic-service
host_name 132-client01
service_description URL Index
check_command check_url!-H web01.keysou.com!-p 80!-s keysou
}
[root@nagios objects]# vim commands.cfg
# 'check_url' command definition
define command{
command_name check_url
command_line $USER1$/check_http $ARG1$ ARG2$ $ARG3$ -w 3 -c 5
}
[root@nagios objects]# /etc/init.d/nagios reload
Running configuration check...done.
Reloading nagios configuration...done
端口监控
[root@nagios objects]# vim services.cfg
define service {
use generic-service
host_name 132-client01
service_description Port 80
check_command check_tcp!
}
[root@nagios objects]# vim commands.cfg
# 'check_tcp' command definition
define command{
command_name check_tcp
command_line $USER1$/check_tcp -H $HOSTADDRESS$ -p $ARG1$ -w 1 -c 3
}
[root@nagios objects]# /etc/init.d/nagios reload
Running configuration check...done.
Reloading nagios configuration...done
小结:一般客户端对外开启的服务,用主动模式监控,例如,端口、URL
主动模式监控配置过程
【1】在服务端的命令行把要监控的命令先调试好
【2】在command.cfg里定义Nagios命令,同时调用命令行的插件
【3】在服务的配置文件里定义要监控的服务,调用command.cfg里定义的Nagios的监控命令
hosts.cfg配置文件详解
define host{<==define host为关键字,意思是定义主机,主机内容用一对大括号括起来
use linux<==定义主机使用的模板,具体参考templates.cfg
host_name 131-nagios<==定义主机名称,根据服务功能可随意定义
alias 131-nagios<==定义主机别名,同上
address 192.168.100.131<==定义被监控服务器的IP
check_commandcheck-host-alive<==检查主机存活命令,来自command.cfg
max_check_attempts3<==故障后,最大尝试检查次数
normal_check_interval2<==正常的检查间隔,默认单位分钟
retry_check_interval2<==故障后,重试的检查间隔,默认单位分钟
check_period7*24<==检查周期7*24,具体参考timeperiods.cfg
notification_interval300<==故障后,两次报警的通知间隔,默认单位分钟
notification_period7*24<==一天之内通知的周期,比如全天,还是半天等,具体参考timeperiods.cfg
notification_optionsd,u,r<==主机状态通知选项,d表示down,u表示unreacheable,r表示recovery
contact_groupsadmins<==报警到admins用户组,在contact.cfg里定义
}
services.cfg配置文件详解
define service{<==define service为关键字,意思是定义服务,服务内容用一对大括号括起来
use generic-service<==定义服务使用的模板,具体参考templates.cfg
host_name 131-nagios<==定义主机名称,根据服务功能可随意定义
service_description System Load<==报警服务描述,根据内容取有意义的名称
check_commandcheck_nrpe!check_lcoad<==检查服务的命令
max_check_attempts2<==故障后,最大尝试检查次数
normal_check_interval4<==正常的检查间隔,默认单位分钟
retry_check_interval4<==故障后,重试的检查间隔,默认单位分钟
check_period7*24<==检查周期7*24,具体参考timeperiods.cfg
notification_interval300<==故障后,两次报警的通知间隔,默认单位分钟
notification_period7*24<==一天之内通知的周期,比如全天,还是半天等,具体参考timeperiods.cfg
notification_optionsw,u,,c,r<==服务状态通知选项,w表示warning,u表示unknown,c表示critical,r表示recovery
contact_groupsadmins<==报警到admins用户组,在contact.cfg里定义
process_perf_data1<==PNP出图数据相关
}
Nagios插件程序提供两个返回值:
【1】插件的退出状态码
【2】插件在控制台打印的第一行数据
[root@nagios libexec]# md5sum /etc/passwd > /etc/passwd.md5
[root@nagios libexec]# vim check_passwd
#!/bin/bash
Char=$(md5sum -c /etc/passwd.md5 2>/dev/null|grep "OK"|wc -l)
if [ $Char -eq 1 ];then
echo "passwd is ok"
exit 0
else
echo "passwd is changed"
exit 2
fi
[root@nagios libexec]# chmod +x check_passwd
[root@nagios libexec]# echo "command[check_passwd]=/usr/local/nagios/libexec/check_passwd" /usr/local/nagios/etc/nrpe.cfg
[root@nagios libexec]# ./check_nrpe -H 192.168.100.131 -c check_passwd
passwd is ok
[root@nagios libexec]# vim /usr/local/nagios/etc/objects/services.cfg
define service {
use generic-service
host_name 131-nagios
service_description Check Passwd
check_command check_nrpe!check_passwd
}
[root@nagios libexec]# /etc/init.d/nagios reload
Running configuration check...done.
Reloading nagios configuration...done
Nagios图形显示
[root@nagios ~]# yum -y install cairo pango zlib zlib-devel freetype freetype-devel gd gd-devel
[root@nagios software]# tar xvfz libart_lgpl-2.3.17.tar.gz -C /usr/local/src/
[root@nagios software]# cd /usr/local/src/libart_lgpl-2.3.17/
[root@nagios libart_lgpl-2.3.17]# ./configure
[root@nagios libart_lgpl-2.3.17]# make && make install
[root@nagios libart_lgpl-2.3.17]# /bin/cp -r /usr/local/include/libart-2.0/ /usr/include/
[root@nagios software]# tar xf rrdtool-1.2.14.tar.gz -C /usr/local/src/
[root@nagios software]# cd /usr/local/src/rrdtool-1.2.14/
[root@nagios rrdtool-1.2.14]# ./configure --prefix=/usr/local/rrdtool --disable-python --disable-tcl
[root@nagios rrdtool-1.2.14]# make && make install
[root@nagios rrdtool-1.2.14]# ll /usr/local/rrdtool/bin/
total 116
-rwxr-xr-x 1 root root 55649 2017-02-14 13:26 rrdcgi
-rwxr-xr-x 1 root root 6727 2017-02-14 13:26 rrdtool
-rwxr-xr-x 1 root root 52643 2017-02-14 13:26 rrdupdate
[root@nagios software]# tar xvfz pnp-0.4.14.tar.gz -C /usr/local/src/
[root@nagios pnp-0.4.14]# ./configure --with-rrdtool=/usr/local/rrdtool/bin/rrdtool --with-perfdata-dir=/usr/local/nagios/share/perfdata
[root@nagios pnp-0.4.14]# make all
[root@nagios pnp-0.4.14]# make install
[root@nagios pnp-0.4.14]# make install-config
[root@nagios pnp-0.4.14]# make install-init
[root@nagios pnp-0.4.14]# ll /usr/local/nagios/libexec/|grep "process"
-rwxr-xr-x 1 nagios nagios 31826 2017-02-14 13:42 process_perfdata.pl
[root@nagios pnp-0.4.14]# cd /usr/local/nagios/etc/
[root@nagios etc]# cp -a nagios.cfg nagios.cfg.backup
[root@nagios etc]# vim nagios.cfg +833
process_performance_data=1
host_perfdata_command=process-host-perfdata
service_perfdata_command=process-service-perfdata
[root@nagios etc]# vim objects/commands.cfg +240
# 'process-host-perfdata' command definition
define command{
command_name process-host-perfdata
command_line /usr/local/nagios/libexec/process_perfdata.pl
}
# 'process-service-perfdata' command definition
define command{
command_name process-service-perfdata
command_line /usr/local/nagios/libexec/process_perfdata.pl
}
[root@nagios etc]# /etc/init.d/nagios checkconfig
[root@nagios etc]# /etc/init.d/nagios reload
Running configuration check...done.
Reloading nagios configuration...done
http://192.168.100.131/nagios/pnp/index.php<==测试PNP是否安装成功
[root@nagios etc]# vim objects/hosts.cfg<==也可以在主机模板里面配置
define host{
use linux
host_name 132-client01
alias 132-client01
address 192.168.100.132
action_url /nagios/pnp/index.php?host=$HOSTNAME$
}
[root@nagios etc]# vim objects/services.cfg<==也可以在主机模板里面配置
define service {
use generic-service
host_name 132-client01,131-nagios
service_description Disk Partition
check_command check_nrpe!check_disk
action_url /nagios/pnp/index.php?host=$HOSTNAME$&srv=$SERVICEDESC$
}
缓解数据库压力
【1】读写分离
【2】分库分表(开发、DBA、运维)
【3】NOSQL(Memcached、Redis)
缓解存储压力
【1】CDN缓存(图片、附件、视频)
架构原则:
【1】域名独立,不需要URL转发
【2】域名不独立,需要URL转发
Redis官方网站:http://www.redis.io
Redis应用场景
【1】Redis最佳的适用场景是全部数据in-memory
【2】Redis更多的场景是作为Memcached的替代品来使用
【3】当需要除key/value之外的更多数据类型支持时,使用Redis更合适
【4】当存储的数据不能被踢除时,使用Redis更合适
【5】需要负载均衡的场景(Redis主从同步)
Redis小结:
【1】提高了DB的扩展性,只需要将新加的数据放到新加的服务器上就可以了
【2】提高了DB的可用性,只影响到需要访问的shard服务器上的数据的用户
【3】提高了DB的可维护性,对系统的升级和配置可以按shard一个个来搞
IDC机房
机房带宽流量计算公式
1Byte = 8bit
1KB = 1024B
1MB = 1024KB
1GB = 1024MB
家庭带宽是10Mb,是bit,非Byte(数据传输是按照字节来传输的),也就是10Mb = 10*1024/8Kbyte的下载速度
远程控制卡
【1】集成
【2】独立
机柜标准:42U
电力标准:两路市电(双电源分别接入两路市电)
集群节点放置在不同的机柜,防止机柜断电造成服务不可用
机房速度测试
【1】上行速度
【2】下行速度
集群架构服务器选型(CPU、内存、磁盘)
DELL R730独立远程控制卡配置:按 <Ctrl><E> 组合键
DELL R730 RAID配置:按 <Ctrl><R> 组合键
CDN简介
CDN全称Content Delivery Network,即内容分发网络。其基本思路是尽可能避开互联网上有可能影响
数据传输速度和稳定性的瓶颈和环节,使内容传输的更快、更稳定。通过在网络各处放置节点服务器所构成
的在现有的互联网基础之上的一层智能虚拟网络,CDN系统能够实时地根据网络流量和各节点的连接、负载
状况以及到用户的距离和响应时间等综合信息将用户的请求重新导向离用户最近的服务节点上。其目的是使
用户可就近取得所需内容,解决Internet网络拥挤的状况,提高用户访问网站的响应速度
BGP简介
BGP是边界网关协议,是一种用在来自不同的运营商之间传递大量路由信息的路由协议
BGP机房简介
采用BGP方案来实现双线路互联或多线路互联的机房,我们称为BGP机房。将IDC网络和多个运营商互联起来,
实现单个IP绑定在多条线路上,所有互联运营商(电信、网通等)的用户访问IDC的网络,都会智能的走相应
线路,提升访问速度
BGP机房产生的原因
中国互联网网络的大格局,北网通南电信,不同的ISP线路之间互访速度缓慢
网络边缘:离用户接入网络最近的地方
CDN特点
【1】本地Cache加速 提高了企业网站(尤其含有大量图片和静态页面站点)访问响应速度,并大大提高以上性质站点的稳定性
【2】镜像服务消除了不同运营商之间互联的瓶颈造成的影响,实现了跨运营商的网络加速,保证不同网络中的用户都能得到良好的访问质量
【3】远程加速远程访问用户根据DNS负载均衡技术智能自动选择Cache服务器,选择最快的Cache服务器,加快远程访问的速度
【4】带宽优化自动生成服务器的远程Mirror(镜像)Cache服务器,远程用户访问时从Cache服务器上读取数据,减少远程访问的带宽、分担网络流量、减轻原站点WEB服务器负载等功能
【5】集群抗攻击广泛分布的CDN节点加上节点之间的智能冗余机制,可以有效地预防黑客入侵以及降低各种DDOS攻击对网站的影响,同时保证较好的服务质量
CDN可以认为是分布式的Web服务器缓存,减少源站的压力
CDN价值
【1】降低企业成本
【2】提升网站用户体检
【3】清洗恶意流量
CDN架构关键元素
【1】DNS和智能DNS集群(bind、powerdns)
【2】Cache集群(squid、ats、nginx、varnish)
【3】网站源站
【4】外围(计费、日志分析、存储、protal展示)
DNS解析原理
智能DNS解析原理:能自动判断访问者的IP地址并解析出对应的IP地址,使网通用户会访问到网通服务器,电信用户会访问到电信服务器
CDN加速原理
CDN用途
【1】企业或门户网站的图片、视频、css、js、html等静态资源的缓存
【2】大网站把全站首页(推广页)静态化放在CDN
【3】支持动态资源加速
CDN架构图
CDN计费模式
【1】按网站流量
【2】按购买带宽
【3】按时间段
【4】购买计费
【5】直接购买加速流量包
【6】免费
CDN数据更新
【1】用户触发
【2】源站往CDN推送
IDC机房知识问答
【1】机房的带宽如何计算
【2】你去过IDC机房吗?描述下感受
【3】U是什么?你曾经维护过服务器的品牌及型号
【4】什么情况下需要去机房维护
【5】机房带宽多大,带宽费用
【6】什么是BGP,什么是BGP机房,为什么一定要用BGP机房
【7】带宽多大,你们机房的位置,什么类型的机房
【8】如何选择IDC机房,有什么实际的测试方法
【9】如何快速找到自己机房的某一台服务器的物理位置
【10】集群架构不同业务硬件选型
【11】配置集群架构,从系统到各种服务,版本记录
原稿附件:
发表评论