企业官网建设流程全解析

某拍卖公司企业网站源码,网站页面html静态化是什么意思,电子商务网站建设 教学大纲,北京给网站做系统的公司声明与使用说明环境声明与注意事项实验环境说明#xff1a; 本文档基于以下标准实验环境编写#xff0c;实际部署时请根据您的环境进行调整#xff1a;操作系统#xff1a;Rocky Linux 9.5#xff08;其他RHEL 9系衍生版也可参考#xff09;虚拟化平台#xff1a;KVM本文档基于以下标准实验环境编写实际部署时请根据您的环境进行调整操作系统Rocky Linux 9.5其他RHEL 9系衍生版也可参考虚拟化平台KVM使用virt-manager/virsh进行管理网络规划公共网络192.168.88.0/24私有网络192.168.99.0/24用于Ceph后端软件版本Ansible 7.7.0Ceph Quincyv17Nginx 1.20Keepalived 2.2HAProxy 2.4重要提示环境差异性您的实际环境IP地址、主机名、网卡名称、磁盘设备等可能与文档不同请务必根据实际情况调整配置生产环境警告本文档配置主要用于学习测试环境生产环境需要考虑安全性、性能优化、备份策略等因素技术思路优先文档重点展示技术实现思路和架构设计具体参数可根据需求调整版本兼容性不同软件版本间可能存在差异建议先查阅官方文档如何参考本文档首先理解每个技术的核心概念和工作原理根据您的实际环境规划网络拓扑和资源分配参考配置思路调整具体的IP地址、路径等参数在测试环境中验证通过后再应用于生产第一部分集群概念与LVS负载均衡一、集群基础概念1.1 集群核心概念集群定义一组相互独立的计算机通过网络连接形成统一的整体为用户提供一组网络资源。集群目的提高性能通过多台计算机并行处理任务降低成本相比超级计算机更经济实惠提高可扩展性按需增加节点即可扩展性能增强可靠性多节点冗余避免单点故障集群分类HA集群高可用集群确保服务持续可用LBC集群负载均衡集群分散请求压力HPC集群高性能计算集群用于科学计算1.2 LVS基础架构LVSLinux Virtual Server由章文嵩博士开发已被集成到Linux内核中的高性能负载均衡解决方案。核心组件IPVS模块工作在内核空间实现负载均衡ipvsadm工具工作在用户空间管理配置LVS工作模式NAT模式网络地址转换调度器修改数据包地址DR模式直接路由真实服务器直接响应客户端TUN模式隧道模式用于跨网络部署关键术语调度器安装LVS的负载均衡服务器真实服务器Real Server实际提供服务的后端主机VIP虚拟IP地址客户端访问的地址DIP调度器与真实服务器通信的地址RIP真实服务器的实际IP地址常用调度算法rr轮询调度wrr加权轮询调度lc最少连接调度wlc加权最少连接调度二、LVS-NAT模式实战部署2.1 实验环境准备网络拓扑规划公共网络192.168.88.0/24 私有网络192.168.99.0/24主机配置清单主机名IP地址角色配置要求pubserver192.168.88.240Ansible控制节点已存在client192.168.88.10测试客户端网关192.168.88.5lvs1192.168.88.5, 192.168.99.5LVS调度器双网卡配置web1192.168.99.100Web服务器网关192.168.99.5web2192.168.99.200Web服务器网关192.168.99.52.2 详细部署步骤步骤1请自行创建并配置虚拟机步骤2验证网络连通性# 在lvs1上开启路由转发 [rootlvs1 ~]# cat /proc/sys/net/ipv4/ip_forward # 如果返回0则开启路由转发 [rootlvs1 ~]# echo 1 /proc/sys/net/ipv4/ip_forward # 测试网络连通性 [rootclient ~]# ping -c 2 192.168.99.100 [rootclient ~]# ping -c 2 192.168.99.200步骤3配置Ansible自动化管理# 在pubserver上配置Ansible [rootpubserver ~]# dnf -y remove ansible-core [rootpubserver ~]# dnf -y install /root/ansible-7.7.0-1.el9.noarch.rpm [rootpubserver ~]# mkdir cluster; cd cluster/ # 创建Ansible配置文件 [rootpubserver cluster]# vim ansible.cfg [defaults] inventory inventory host_key_checking false module_name shell # 创建主机清单 [rootpubserver cluster]# vim inventory [clients] client ansible_ssh_host192.168.88.10 [webservers] web1 ansible_ssh_host192.168.99.100 web2 ansible_ssh_host192.168.99.200 [lbs] lvs1 ansible_ssh_host192.168.88.5 [all:vars] ansible_ssh_port22 ansible_ssh_userroot ansible_ssh_passa # 测试Ansible连接 [rootpubserver cluster]# ansible all -m ping # 更新Web服务器repo文件 [rootpubserver cluster]# ansible webservers -a \ sed -i /88/s/88/99/ /etc/yum.repos.d/rocky.repo步骤4部署Web服务器# 创建网页模板 [rootpubserver cluster]# vim index.html Welcome to {{ ansible_hostname }} # 创建Web服务器部署Playbook [rootpubserver cluster]# vim 01_config_web.yml --- - name: config web hosts: webservers tasks: - name: install nginx yum: name: nginx state: present - name: copy index template: src: index.html dest: /usr/share/nginx/html/index.html - name: start nginx service: name: nginx state: started enabled: true # 执行Playbook [rootpubserver cluster]# ansible-playbook 01_config_web.yml # 验证Web服务 [rootpubserver cluster]# curl http://192.168.99.100/ [rootpubserver cluster]# curl http://192.168.99.200/步骤5配置LVS-NAT模式# 持久化开启路由转发 [rootpubserver cluster]# vim 02_config_nat_sysctl.yml --- - name: config sysctl hosts: lbs tasks: - name: modify kernel args sysctl: name: net.ipv4.ip_forward value: 1 sysctl_set: true sysctl_file: /etc/sysctl.conf notify: flush args handlers: - name: flush args shell: sysctl -p # 执行配置 [rootpubserver cluster]# ansible-playbook 02_config_nat_sysctl.yml # 安装LVS软件 [rootpubserver cluster]# vim 03_install_lvs.yml --- - name: install lvs hosts: lbs tasks: - name: install soft yum: name: ipvsadm state: present [rootpubserver cluster]# ansible-playbook 03_install_lvs.yml # ipvsadm命令详解 # -A: 添加虚拟服务器 # -E: 编辑虚拟服务器 # -D: 删除虚拟服务器 # -t: TCP服务 # -u: UDP服务 # -s: 指定调度算法 # -a: 添加真实服务器 # -r: 指定真实服务器地址 # -w: 设置权重 # -m: NAT模式 # -g: DR模式步骤6配置LVS规则# 在lvs1上配置LVS规则 [rootlvs1 ~]# ipvsadm -Ln # 创建虚拟服务器轮询算法 [rootlvs1 ~]# ipvsadm -A -t 192.168.88.5:80 -s rr # 添加真实服务器 [rootlvs1 ~]# ipvsadm -a -t 192.168.88.5:80 \ -r 192.168.99.100:80 -w 1 -m [rootlvs1 ~]# ipvsadm -a -t 192.168.88.5:80 \ -r 192.168.99.200:80 -w 2 -m # 查看配置 [rootlvs1 ~]# ipvsadm -Ln IP Virtual Server version 1.2.1 (size4096) Prot LocalAddress:Port Scheduler Flags - RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.88.5:80 rr - 192.168.99.100:80 Masq 1 0 0 - 192.168.99.200:80 Masq 2 0 0 # 测试负载均衡 [rootclient ~]# for i in {1..6}; do curl http://192.168.88.5; done步骤7调整调度算法# 修改为加权轮询算法 [rootlvs1 ~]# ipvsadm -E -t 192.168.88.5:80 -s wrr [rootlvs1 ~]# ipvsadm -Ln # 验证权重生效 [rootclient ~]# for i in {1..6}; do curl http://192.168.88.5; done三、LVS-DR模式实战部署3.1 实验环境重构网络拓扑调整所有节点位于同一网段192.168.88.0/24主机重新配置# 清理并重建Web主机 [rootserver1 ~]# vm remove web1 web2 [rootserver1 ~]# vm clone web1 web2 # 重新配置IP地址 [rootserver1 ~]# vm setip web1 192.168.88.100 [rootserver1 ~]# vm setip web2 192.168.88.200 # 清理LVS-NAT规则 [rootlvs1 ~]# ipvsadm -C [rootlvs1 ~]# ipvsadm -Ln # 关闭lvs1的eth1网卡 [rootlvs1 ~]# nmcli connection down eth13.2 DR模式详细部署步骤1调整Ansible配置# 更新主机清单 [rootpubserver cluster]# vim inventory [clients] client ansible_ssh_host192.168.88.10 [webservers] web1 ansible_ssh_host192.168.88.100 web2 ansible_ssh_host192.168.88.200 [lbs] lvs1 ansible_ssh_host192.168.88.5 [all:vars] ansible_ssh_userroot ansible_ssh_passa # 测试连接 [rootpubserver cluster]# ansible all -m ping # 重新部署Web服务 [rootpubserver cluster]# ansible-playbook 01_config_web.yml步骤2配置虚拟IP地址# 在调度器上配置VIP [rootpubserver cluster]# ansible lbs -a \ ifconfig eth0:0 192.168.88.15/24 # 在真实服务器上配置VIPlo回环接口 [rootpubserver cluster]# ansible webservers -a \ ifconfig lo:0 192.168.88.15/32 # 验证VIP配置 [rootpubserver cluster]# ansible lbs,webservers -a \ ip a s | grep 192.168步骤3配置ARP抑制参数# 创建DR模式内核参数配置Playbook [rootpubserver cluster]# vim 05_config_dr_sysctl2.yml --- - name: config kernel args hosts: webservers tasks: - name: modify kernel args blockinfile: path: /etc/sysctl.conf block: | net.ipv4.conf.all.arp_ignore1 net.ipv4.conf.lo.arp_ignore1 net.ipv4.conf.all.arp_announce2 net.ipv4.conf.lo.arp_announce2 notify: flush args handlers: - name: flush args shell: sysctl -p # 执行配置 [rootpubserver cluster]# ansible-playbook 05_config_dr_sysctl2.yml # 验证配置 [rootpubserver cluster]# ansible webservers -m shell -a \ tail -6 /etc/sysctl.conf步骤4配置LVS-DR规则# 在lvs1上配置DR模式规则 [rootlvs1 ~]# ipvsadm -A -t 192.168.88.15:80 -s wrr [rootlvs1 ~]# ipvsadm -a -t 192.168.88.15:80 \ -r 192.168.88.100:80 -w 1 -g [rootlvs1 ~]# ipvsadm -a -t 192.168.88.15:80 \ -r 192.168.88.200:80 -w 2 -g # 查看配置 [rootlvs1 ~]# ipvsadm -Ln IP Virtual Server version 1.2.1 (size4096) Prot LocalAddress:Port Scheduler Flags - RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.88.15:80 wrr - 192.168.88.100:80 Route 1 0 6 - 192.168.88.200:80 Route 2 0 6 # 测试负载均衡 [rootclient ~]# for i in {1..6}; do curl http://192.168.88.15; done四、Keepalived高可用集群4.1 Keepalived概述Keepalived功能LVS规则管理真实服务器健康检查VIP管理基于VRRP协议实现高可用4.2 实验环境准备新增节点lvs2: 192.168.88.6备用调度器清理环境# 创建lvs2主机 [rootserver1 ~]# vm clone lvs2 [rootserver1 ~]# vm setip lvs2 192.168.88.6 # 清理lvs1原有配置 [rootlvs1 ~]# ipvsadm -C [rootlvs1 ~]# ifconfig eth0:0 down [rootlvs1 ~]# reboot # 更新Ansible配置 [rootpubserver cluster]# vim inventory [lbs] lvs1 ansible_ssh_host192.168.88.5 lvs2 ansible_ssh_host192.168.88.64.3 Keepalived详细配置步骤1安装软件# 创建安装Playbook [rootpubserver cluster]# vim 06_inst_lvs_kp.yml --- - name: install soft hosts: lbs tasks: - name: install pkgs yum: name: ipvsadm,keepalived state: present # 执行安装 [rootpubserver cluster]# ansible-playbook 06_inst_lvs_kp.yml步骤2配置lvs1主节点# 编辑Keepalived配置文件 [rootlvs1 ~]# vim /etc/keepalived/keepalived.conf global_defs { router_id lvs1 #vrrp_strict # 注释或删除此行 } vrrp_instance VI_1 { state MASTER interface eth0 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.88.15/24 dev eth0 label eth0:0 } } virtual_server 192.168.88.15 80 { delay_loop 6 lb_algo wrr lb_kind DR persistence_timeout 50 protocol TCP real_server 192.168.88.100 80 { weight 1 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } real_server 192.168.88.200 80 { weight 2 TCP_CHECK { connect_timeout 3 nb_get_retry 3 delay_before_retry 3 } } } # 启动服务 [rootlvs1 ~]# systemctl enable --now keepalived [rootlvs1 ~]# ipvsadm -Ln [rootlvs1 ~]# ip a s | grep 192.168步骤3配置lvs2备节点# 复制配置文件 [rootlvs2 ~]# scp root192.168.88.5:/etc/keepalived/keepalived.conf \ /etc/keepalived/ # 修改配置 [rootlvs2 ~]# vim /etc/keepalived/keepalived.conf router_id lvs2 state BACKUP priority 50 # 启动服务 [rootlvs2 ~]# systemctl start keepalived [rootlvs2 ~]# ipvsadm -Ln步骤4验证高可用功能# 测试真实服务器健康检查 [rootweb1 ~]# systemctl stop nginx [rootlvs1 ~]# ipvsadm -Ln [rootweb1 ~]# systemctl start nginx [rootlvs1 ~]# ipvsadm -Ln # 测试调度器故障转移 [rootlvs1 ~]# ip a s | grep 88.15 [rootlvs1 ~]# systemctl stop keepalived [rootlvs1 ~]# ip a s | grep 88.15 [rootlvs2 ~]# ip a s | grep 88.15 # 验证服务连续性 [rootclient ~]# for i in {1..6}; do curl http://192.168.88.15; done五、HAProxy负载均衡5.1 HAProxy概述HAProxy特点支持TCP/HTTP层负载均衡高性能支持高并发提供健康检查和状态监控支持多种调度算法工作模式mode httpHTTP应用代理mode tcpTCP层负载均衡mode health仅健康检查常用调度算法roundrobin轮询static-rr加权轮询leastconn最少连接source基于源IP5.2 HAProxy实战部署步骤1环境准备# 重新配置lvs1为haproxy节点 [rootpubserver cluster]# vim 07_install_haproxy.yml --- - name: config haproxy hosts: lvs1 tasks: - name: stop keepalived service: name: keepalived state: stopped enabled: false - name: remove softs yum: name: ipvsadm,keepalived state: absent - name: modify hostname shell: hostnamectl set-hostname haproxy - name: install haproxy yum: name: haproxy state: present # 执行配置 [rootpubserver cluster]# ansible-playbook 07_install_haproxy.yml步骤2配置HAProxy# 编辑HAProxy配置文件 [roothaproxy ~]# vim /etc/haproxy/haproxy.cfg # 删除64行后所有内容添加以下配置 listen webservers bind 0.0.0.0:80 mode http balance roundrobin server web1 192.168.88.100:80 check inter 2000 rise 2 fall 5 server web2 192.168.88.200:80 check inter 2000 rise 2 fall 5 # 参数说明 # check启用健康检查 # inter检查间隔毫秒 # rise连续成功次数认为健康 # fall连续失败次数认为故障 # 启动服务 [roothaproxy ~]# systemctl start haproxy [roothaproxy ~]# ss -antlp | grep haproxy # 测试负载均衡 [rootclient ~]# for i in {1..6}; do curl http://192.168.88.5; done步骤3启用状态监控页面# 添加状态监控配置 [roothaproxy ~]# vim /etc/haproxy/haproxy.cfg listen stats bind 0.0.0.0:1080 stats refresh 30s stats uri /stats stats auth admin:admin # 重启服务 [roothaproxy ~]# systemctl restart haproxy [roothaproxy ~]# ss -antlp | grep haproxy # 访问监控页面 # 浏览器访问http://192.168.88.5:1080/stats # 用户名/密码admin/admin第二部分Ceph分布式存储一、Ceph基础架构1.1 Ceph核心组件Ceph架构MONMonitor集群状态管理和监控MGRManager集群管理和监控接口OSDObject Storage Daemon数据存储和复制MDSMetadata ServerCephFS元数据管理RGWRADOS Gateway对象存储网关数据存储逻辑Object存储的基本单元Pool数据的逻辑分区PGPlacement Group数据分布单元CRUSH算法数据分布算法1.2 实验环境准备硬件要求三台Ceph节点ceph1、ceph2、ceph3每节点4GB内存 3块20GB额外硬盘网络规划ceph1: 192.168.88.11 ceph2: 192.168.88.12 ceph3: 192.168.88.13 client: 192.168.88.10二、Ceph集群部署2.1 环境准备步骤1创建并配置虚拟机# 创建Ceph节点 [rootserver1 ~]# vm clone ceph1 ceph2 ceph3 # 配置IP地址 [rootserver1 ~]# vm setip ceph1 192.168.88.11 [rootserver1 ~]# vm setip ceph2 192.168.88.12 [rootserver1 ~]# vm setip ceph3 192.168.88.13 # 配置主机名 [rootserver1 ~]# ssh 192.168.88.11 [rootbogon ~]# echo ceph1 /etc/hostname [rootbogon ~]# poweroff # 同样配置ceph2、ceph3 # 为每个节点添加3块20GB硬盘 # 调整内存为4GB步骤2配置Ansible管理# 创建Ceph专用目录 [rootpubserver ~]# mkdir ceph; cd ceph/ # 配置Ansible [rootpubserver ceph]# vim ansible.cfg [defaults] inventory inventory module_name shell host_key_checking false roles_path roles # 创建主机清单 [rootpubserver ceph]# vim inventory [ceph] ceph1 ansible_ssh_host192.168.88.11 ceph2 ansible_ssh_host192.168.88.12 ceph3 ansible_ssh_host192.168.88.13 [clients] client ansible_ssh_host192.168.88.10 [all:vars] ansible_ssh_userroot ansible_ssh_passa # 验证配置 [rootpubserver ceph]# ansible all -m ping # 检查硬件配置 [rootpubserver ceph]# ansible ceph -m shell -a free -h [rootpubserver ceph]# ansible ceph -a lsblk步骤3基础环境配置# 更新yum源 [rootpubserver ~]# tar -xf /root/ceph_soft.tar.gz -C /root/ [rootpubserver ~]# cp /root/ceph_soft/ceph-client/* /var/ftp/rpms/ [rootpubserver ~]# createrepo --update /var/ftp/rpms/ # 分发repo文件 [rootpubserver ceph]# vim 01_update_yum.yml --- - name: update yum hosts: all tasks: - name: upload file copy: src: /etc/yum.repos.d/rocky.repo dest: /etc/yum.repos.d/rocky.repo # 配置主机名解析 [rootpubserver ceph]# vim /etc/hosts 192.168.88.10 client 192.168.88.11 ceph1 192.168.88.12 ceph2 192.168.88.13 ceph3 [rootpubserver ceph]# vim 02_update_hosts.yml --- - name: update hosts hosts: all tasks: - name: add host resolv copy: src: /etc/hosts dest: /etc/hosts步骤4时间同步配置# 配置Chrony时间服务 [rootpubserver ~]# timedatectl set-timezone Asia/Shanghai [rootpubserver ~]# vim /etc/chrony.conf allow 192.168.88.0/24 local stratum 10 [rootpubserver ~]# systemctl enable chronyd [rootpubserver ~]# systemctl restart chronyd # 配置客户端时间同步 [rootpubserver ceph]# cp -r /usr/share/ansible/roles/rhel-system-roles.timesync/ ./roles/timesync [rootpubserver ceph]# vim 03_timesync.yml --- - name: config ntp hosts: all vars: timesync_ntp_servers: - hostname: 192.168.88.240 iburst: true roles: - timesync [rootpubserver ceph]# ansible-playbook 03_timesync.yml步骤5搭建私有容器仓库# 导入Ceph镜像 [rootpubserver ~]# cd /root/ceph_soft/ceph-server/ [rootpubserver ceph-server]# docker load -i ceph17.tar.xz # 配置私有仓库 [rootpubserver ~]# vim /etc/docker/daemon.json { registry-mirrors: [http://192.168.88.240:5000], insecure-registries:[192.168.88.240:5000] } [rootpubserver ~]# systemctl enable --now docker [rootpubserver ceph-server]# docker push 192.168.88.240:5000/ceph/ceph:v17 # 安装必要软件 [rootpubserver ceph]# vim 04_inst_pkgs.yml --- - name: install pkgs hosts: ceph tasks: - name: install pkgs yum: name: - python39 - podman - lvm2 state: present # 配置私有镜像仓库 [rootpubserver ceph]# vim 05_config_priv_registry.yml --- - name: config private registry hosts: ceph tasks: - name: add quay.io blockinfile: path: /etc/containers/registries.conf block: | [[registry]] location 192.168.88.240 insecure true2.2 Ceph集群初始化步骤1初始化第一个节点# 在ceph1上执行 [rootceph1 ~]# scp 192.168.88.240:/root/ceph_soft/ceph-server/cephadm /root/ [rootceph1 ~]# chmod x cephadm # 初始化集群 [rootceph1 ~]# ./cephadm bootstrap \ --mon-ip 192.168.88.11 \ --initial-dashboard-password123456 \ --dashboard-password-noupdate \ --skip-monitoring-stack # 等待3分钟验证初始化 [rootceph1 ~]# podman images [rootceph1 ~]# podman ps # 安装管理工具 [rootceph1 ~]# dnf -y install ceph-common [rootceph1 ~]# ceph -s步骤2集群扩容# 同步SSH密钥 [rootceph1 ~]# ssh-copy-id -f -i /etc/ceph/ceph.pub rootceph1 [rootceph1 ~]# ssh-copy-id -f -i /etc/ceph/ceph.pub rootceph2 [rootceph1 ~]# ssh-copy-id -f -i /etc/ceph/ceph.pub rootceph3 # 查看当前主机 [rootceph1 ~]# ceph orch host ls # 添加其他节点 [rootceph1 ~]# ceph orch host add ceph2 192.168.88.12 [rootceph1 ~]# ceph orch host add ceph3 192.168.88.13 # 等待并验证 [rootceph1 ~]# ceph orch host ls [rootceph1 ~]# ceph orch ls步骤3调整集群配置# 调整mon和mgr数量 [rootceph1 ~]# ceph orch apply mon --placement3 ceph1 ceph2 ceph3 [rootceph1 ~]# ceph orch apply mgr --placement3 ceph1 ceph2 ceph3 # 等待调整完成 [rootceph1 ~]# ceph orch ls [rootceph1 ~]# ceph -s步骤4添加OSD存储# 添加所有可用磁盘作为OSD [rootceph1 ~]# ceph orch apply osd --all-available-devices # 或手动添加每个磁盘 [rootceph1 ~]# ceph orch daemon add osd ceph1:/dev/vdb [rootceph1 ~]# ceph orch daemon add osd ceph1:/dev/vdc [rootceph1 ~]# ceph orch daemon add osd ceph1:/dev/vdd # 同样为ceph2、ceph3添加 # 验证集群状态 [rootceph1 ~]# ceph -s [rootceph1 ~]# ceph orch ls步骤5访问Ceph Dashboard浏览器访问https://192.168.88.11:8443 用户名admin 密码123456三、Ceph块存储RBD3.1 RBD基础操作步骤1创建存储池# 查看现有存储池 [rootceph1 ~]# ceph osd pool ls # 创建RBD存储池 [rootceph1 ~]# ceph osd pool create rbd 64 [rootceph1 ~]# ceph osd pool application enable rbd rbd # 查看存储空间 [rootceph1 ~]# ceph df步骤2管理RBD镜像# 创建镜像 [rootceph1 ~]# rbd create img1 --size 10G [rootceph1 ~]# rbd ls # 查看镜像信息 [rootceph1 ~]# rbd info img1 # 调整镜像大小 [rootceph1 ~]# rbd resize img1 --size 20G [rootceph1 ~]# rbd resize img1 --size 15G --allow-shrink # 删除镜像 [rootceph1 ~]# rbd remove img13.2 客户端使用RBD步骤1客户端配置# 安装必要软件 [rootclient ~]# dnf -y install ceph-common # 获取集群配置文件 [rootclient ~]# scp root192.168.88.11:/etc/ceph/ceph.conf /etc/ceph/ [rootclient ~]# scp root192.168.88.11:/etc/ceph/ceph.client.admin.keyring /etc/ceph/ # 验证连接 [rootclient ~]# ceph -s步骤2使用块设备# 创建镜像 [rootclient ~]# rbd create img1 --size 10G [rootclient ~]# rbd ls # 映射镜像到本地 [rootclient ~]# rbd map img1 [rootclient ~]# lsblk # 格式化并挂载 [rootclient ~]# mkfs.xfs /dev/rbd0 [rootclient ~]# mkdir /data [rootclient ~]# mount /dev/rbd0 /data/ # 验证使用 [rootclient ~]# df -hT | grep rbd [rootclient ~]# cp /etc/hosts /data/ # 卸载和取消映射 [rootclient ~]# umount /data [rootclient ~]# rbd unmap img13.3 RBD高级功能步骤1镜像快照管理# 创建镜像并写入数据 [rootclient ~]# rbd create img2 --size 10G [rootclient ~]# rbd map img2 [rootclient ~]# mkfs.xfs /dev/rbd0 [rootclient ~]# mount /dev/rbd0 /mnt/ [rootclient ~]# cp /etc/hosts /etc/passwd /mnt/ # 创建快照 [rootclient ~]# rbd snap create img2 --snap img2-sn [rootclient ~]# rbd snap ls img2 # 模拟数据损坏 [rootclient ~]# rm -rf /mnt/* # 恢复快照需先卸载 [rootclient ~]# umount /mnt [rootclient ~]# rbd unmap img2 [rootclient ~]# rbd snap rollback img2 --snap img2-sn # 重新挂载验证 [rootclient ~]# rbd map img2 [rootclient ~]# mount /dev/rbd0 /mnt/ [rootclient ~]# ls /mnt/步骤2快照保护与克隆# 保护快照 [rootclient ~]# rbd snap protect img2 --snap img2-sn [rootclient ~]# rbd snap ls img2 # 基于快照克隆 [rootclient ~]# rbd clone img2 --snap img2-sn img2-clone1 [rootclient ~]# rbd clone img2 --snap img2-sn img2-clone2 [rootclient ~]# rbd ls # 使用克隆镜像 [rootclient ~]# rbd map img2-clone1 [rootclient ~]# mount /dev/rbd0 /data/ [rootclient ~]# ls /data/ # 合并父子镜像 [rootclient ~]# rbd flatten img2-clone2 [rootclient ~]# rbd info img2-clone2 # 清理资源 [rootclient ~]# umount /data [rootclient ~]# rbd unmap img2-clone1 [rootclient ~]# rbd snap unprotect img2 --snap img2-sn [rootclient ~]# rbd snap rm img2 --snap img2-sn [rootclient ~]# rbd rm img2步骤3自动挂载配置# 创建测试镜像 [rootclient ~]# rbd create img-auto --size 10G [rootclient ~]# rbd map img-auto [rootclient ~]# mkfs.xfs /dev/rbd0 [rootclient ~]# mount /dev/rbd0 /data/ # 配置自动映射 [rootclient ~]# vim /etc/ceph/rbdmap rbd/img-auto idadmin,keyring/etc/ceph/ceph.client.admin.keyring [rootclient ~]# systemctl enable --now rbdmap # 配置自动挂载 [rootclient ~]# vim /etc/fstab /dev/rbd/rbd/img-auto /data xfs noauto 0 0 # 测试重启后自动挂载 [rootclient ~]# reboot [rootclient ~]# df -h | grep data四、Ceph文件存储CephFS4.1 CephFS部署步骤1创建CephFS# 创建存储池 [rootceph1 ~]# ceph osd pool create cephfs_data 128 [rootceph1 ~]# ceph osd pool create cephfs_meta 128 # 创建文件系统 [rootceph1 ~]# ceph fs new myfs cephfs_meta cephfs_data [rootceph1 ~]# ceph fs ls # 部署MDS服务 [rootceph1 ~]# ceph orch apply mds myfs --placement3 ceph1 ceph2 ceph3 # 验证状态 [rootceph1 ~]# ceph -s步骤2客户端挂载# 获取认证密钥 [rootclient ~]# cat /etc/ceph/ceph.client.admin.keyring # 找到 key AQAVfwtmJmI/CRAAKg1mVOsRIHcTvQckllYZsA # 挂载CephFS [rootclient ~]# mkdir /mydata [rootclient ~]# mount -t ceph 192.168.88.11:/ /mydata \ -o nameadmin,secretAQAVfwtmJmI/CRAAKg1mVOsRIHcTvQckllYZsA # 验证挂载 [rootclient ~]# df -hT | grep ceph [rootclient ~]# cp /etc/hosts /mydata/ [rootclient ~]# umount /mydata五、Ceph对象存储RGW5.1 RGW部署步骤1启动RGW服务# 部署RGW网关 [rootceph1 ~]# ceph orch apply rgw myrgw \ --placement3 ceph1 ceph2 ceph3 \ --port 8080 # 验证部署 [rootceph1 ~]# ceph orch ls | grep rgw # 访问测试 # 浏览器访问http://192.168.88.11:80805.2 客户端使用对象存储步骤1创建S3用户# 创建用户 [rootclient ~]# radosgw-admin user create \ --uidtestuser \ --display-nameTest User \ --emailtestexample.com \ --access-key12345 \ --secret-key67890 # 查看用户信息 [rootclient ~]# radosgw-admin user info --uidtestuser步骤2配置S3客户端# 安装AWS CLI [rootclient ~]# yum -y install awscli2 # 配置访问凭证 [rootclient ~]# aws configure --profileceph AWS Access Key ID [None]: 12345 AWS Secret Access Key [None]: 67890 Default region name [None]: us-east-1 Default output format [None]: json # 查看配置 [rootclient ~]# cat /root/.aws/credentials步骤3对象存储操作# 创建存储桶 [rootclient ~]# aws --profileceph \ --endpointhttp://192.168.88.11:8080 \ s3 mb s3://testbucket \ --region us-east-1 # 列出存储桶 [rootclient ~]# aws --profileceph \ --endpointhttp://192.168.88.11:8080 \ s3 ls # 上传文件 [rootclient ~]# aws --profileceph \ --endpointhttp://192.168.88.11:8080 \ s3 cp /etc/hosts s3://testbucket/ \ --aclpublic-read-write # 下载文件 [rootclient ~]# wget -O downloaded.txt \ http://192.168.88.11:8080/testbucket/hosts5.3 应用集成示例# 配置Nginx访问对象存储中的图片 [rootclient ~]# dnf -y install nginx [rootclient ~]# vim /usr/share/nginx/html/index.html html head titleCeph对象存储测试/title /head body h1测试Ceph对象存储/h1 img srchttp://192.168.88.11:8080/testbucket/hosts /body /html [rootclient ~]# systemctl start nginx # 浏览器访问http://192.168.88.10第三部分故障排查与优化一、常见问题排查1.1 LVS相关故障问题1Keepalived启动后看不到VIP可能原因防火墙阻止VRRP通信网络接口配置错误配置文件语法错误多播地址冲突解决方案# 检查防火墙 firewall-cmd --list-all | grep vrrp firewall-cmd --add-servicevrrp --permanent firewall-cmd --reload # 检查网络接口 ip link show eth0 ifconfig eth0:0 # 检查Keepalived日志 journalctl -u keepalived -f tail -f /var/log/messages # 验证配置文件 keepalived -t -f /etc/keepalived/keepalived.conf问题2DR模式ARP问题解决方案# 检查ARP抑制配置 sysctl -a | grep arp_ignore sysctl -a | grep arp_announce # 临时修复 echo 1 /proc/sys/net/ipv4/conf/all/arp_ignore echo 2 /proc/sys/net/ipv4/conf/all/arp_announce # 验证ARP表 arp -an | grep VIP1.2 Ceph相关故障问题1OSD添加失败解决方案# 检查磁盘状态 ceph orch device ls # 清理磁盘 ceph orch device zap hostname device --force # 手动添加OSD ceph-volume lvm create --data /dev/vdb # 查看日志 journalctl -u ceph-osdosd_id -f问题2集群健康状态异常解决方案# 查看详细健康状态 ceph health detail # 检查MON状态 ceph mon stat ceph mon dump # 检查PG状态 ceph pg stat ceph pg dump # 修复PG ceph pg repair pg_id二、性能优化建议2.1 LVS优化# 调整内核参数 vim /etc/sysctl.conf net.core.somaxconn 65535 net.ipv4.tcp_max_syn_backlog 65535 net.ipv4.tcp_syncookies 1 net.ipv4.tcp_tw_reuse 1 net.ipv4.tcp_tw_recycle 0 net.ipv4.tcp_fin_timeout 30 # 应用配置 sysctl -p # 调整连接超时 ipvsadm --set tcp tcpfin udp2.2 Ceph优化# 调整OSD参数 ceph config set osd osd_memory_target 4GB ceph config set osd bluestore_cache_size_hdd 1GB ceph config set osd bluestore_cache_size_ssd 3GB # 调整PG数量 ceph osd pool set poolname pg_num 128 ceph osd pool set poolname pgp_num 128 # 启用压缩如果CPU充足 ceph osd pool set poolname compression_algorithm snappy ceph osd pool set poolname compression_mode aggressive总结本文详细介绍了从基础的LVS负载均衡到Ceph分布式存储的完整部署流程。通过实践这些步骤您可以掌握负载均衡技术LVS NAT/DR模式、Keepalived高可用、HAProxy应用层负载分布式存储Ceph集群部署、块存储、文件存储、对象存储自动化管理Ansible批量配置管理故障排查常见问题定位与解决技术选型建议高并发四层负载LVSKeepalived应用层精细控制HAProxy统一存储平台Ceph块/文件/对象存储自动化运维Ansible