xen3.4.0_another_install
[
2010/01/06 19:39 | by suibing ]
2010/01/06 19:39 | by suibing ]
1. First we need to add the YUM repository holding the updated Xen. Only use ONE of the following files depending on your CPU architecture!
Create the following file with a text editor and save it as /etc/yum.repos.d/gitco.repo
# Name: RPM Repository for Red Hat Enterprise 5 - gitco
[gitco]
name = Red Hat Enterprise $releasever - gitco
baseurl = http://www.gitco.de/linux/i386/centos/5/rpms_testing/
enabled = 1
protect = 0
gpgcheck = 0
2. Uninstall old Virtualization files
yum groupremove Virtualization
3. Install the relevant packages using YUM
yum groupinstall -y Virtualization
Yum will probably want to upgrade some other files along with the ones we've chosen.
Warning! If you get an error message from grubby this is bad!
Installing: kernel-xen ####################### [ 9/13]
grubby fatal error: unable to find a suitable template
This means that your grub.conf file couldn't be written to for whaterver reason. I'm not sure yet why this is happening but it basically means the grub.conf will be pointing to your old xen-kernel instead of your new one so you won't be able to successfully reboot. If you get this message you need to edit your /boot/grub/grub.conf file and make the kernel lines match the kernel you installed. To get your installed xen-kernel version check it with rpm.
[ root@vs / ] rpm -q kernel-xen
kernel-xen-2.6.18-92.1.6.el5
Now edit your /boot/grub/grub.conf to match
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You have a /boot partition. This means that
# all kernel and initrd paths are relative to /boot/, eg.
# root (hd0,0)
# kernel /vmlinuz-version ro root=/dev/vgsys/lvroot
# initrd /initrd-version.img
#boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title CentOS (2.6.18-92.1.6.el5xen)
root (hd0,0)
kernel /xen.gz-3.3.0
module /vmlinuz-2.6.18-92.1.6.el5xen ro root=/dev/vgsys/lvroot rhgb quiet
module /initrd-2.6.18-92.1.6.el5xen.img
4. Reboot - no really I mean it.
5. Try it out by using the xm dmesg command
[ root@vs ~ ] xm dmesg
__ __ _____ _ _ ___
\ \/ /___ _ __ |___ /| || | / _ \
\ // _ \ '_ \ |_ \| || |_| | | |
/ \ __/ | | | ___) |__ _| |_| |
/_/\_\___|_| |_| |____(_) |_|(_)___/
(XEN) Xen version 3.4.0 ( root@gitco.tld This e-mail address is being protected from spambots. You need JavaScript enabled to view it
That's about all. If you have any questions drop a comment here.
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* rpmforge: apt.sw.be
* extras: mirror01.idc.hinet.net
* updates: mirror01.idc.hinet.net
* base: mirror01.idc.hinet.net
* addons: mirror01.idc.hinet.net
Setting up Group Process
Checking for new repos for mirrors
Package virt-viewer-0.0.2-2.el5.i386 already installed and latest version
Resolving Dependencies
--> Running transaction check
---> Package xen.i386 0:3.4.0-3.el5 set to be updated
--> Processing Dependency: xen-libs = 3.4.0-3.el5 for package: xen
--> Processing Dependency: libflask.so.1.0 for package: xen
--> Processing Dependency: libxenctrl.so.3.4 for package: xen
--> Processing Dependency: libxenguest.so.3.4 for package: xen
---> Package virt-manager.i386 0:0.7.0-1.el5 set to be updated
--> Processing Dependency: python-virtinst >= 0.400.3 for package: virt-manager
--> Processing Dependency: gtk-vnc-python >= 0.3.4 for package: virt-manager
--> Processing Dependency: libvirt-python >= 0.6.1 for package: virt-manager
---> Package gnome-applet-vm.i386 0:0.1.2-1.el5 set to be updated
---> Package libvirt.i386 0:0.6.4-3.el5 set to be updated
--> Processing Dependency: /usr/bin/qemu-img for package: libvirt
--> Processing Dependency: cyrus-sasl-md5 for package: libvirt
--> Processing Dependency: iscsi-initiator-utils for package: libvirt
---> Package kernel-xen.i686 0:2.6.18-164.el5 set to be installed
--> Processing Dependency: libvirt = 0.3.3 for package: libvirt-devel
--> Running transaction check
---> Package libvirt-devel.i386 0:0.6.4-3.el5 set to be updated
---> Package iscsi-initiator-utils.i386 0:6.2.0.868-0.18.el5_3.1 set to be updated
---> Package libvirt-python.i386 0:0.6.4-3.el5 set to be updated
---> Package qemu.i386 0:0.10.5-1.el5.rf set to be updated
---> Package gtk-vnc-python.i386 0:0.3.7-2 set to be updated
--> Processing Dependency: gtk-vnc = 0.3.7 for package: gtk-vnc-python
--> Processing Dependency: libxenctrl.so.3.0 for package: xen-devel
--> Processing Dependency: libxenguest.so.3.0 for package: xen-devel
--> Processing Dependency: xen-libs = 3.0.3-80.el5_3.3 for package: xen-devel
---> Package xen-libs.i386 0:3.4.0-3.el5 set to be updated
---> Package cyrus-sasl-md5.i386 0:2.1.22-4 set to be updated
---> Package python-virtinst.noarch 0:0.400.3-1.el5 set to be updated
--> Running transaction check
---> Package xen-devel.i386 0:3.4.0-3.el5 set to be updated
---> Package gtk-vnc.i386 0:0.3.7-2 set to be updated
--> Processing Dependency: libgdkglext-x11-1.0.so.0 for package: gtk-vnc
--> Processing Dependency: libgtkglext-x11-1.0.so.0 for package: gtk-vnc
--> Running transaction check
---> Package gtkglext-libs.i386 0:1.2.0-6 set to be updated
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
gnome-applet-vm i386 0.1.2-1.el5 base 76 k
kernel-xen i686 2.6.18-164.el5 updates 17 M
xen i386 3.4.0-3.el5 gitco 9.1 M
Updating:
gtk-vnc i386 0.3.7-2 gitco 78 k
gtk-vnc-python i386 0.3.7-2 gitco 13 k
libvirt i386 0.6.4-3.el5 gitco 2.1 M
libvirt-devel i386 0.6.4-3.el5 gitco 260 k
libvirt-python i386 0.6.4-3.el5 gitco 139 k
python-virtinst noarch 0.400.3-1.el5 gitco 383 k
virt-manager i386 0.7.0-1.el5 gitco 1.4 M
xen-devel i386 3.4.0-3.el5 gitco 252 k
xen-libs i386 3.4.0-3.el5 gitco 161 k
Installing for dependencies:
cyrus-sasl-md5 i386 2.1.22-4 base 45 k
gtkglext-libs i386 1.2.0-6 gitco 145 k
iscsi-initiator-utils i386 6.2.0.868-0.18.el5_3.1 updates 566 k
qemu i386 0.10.5-1.el5.rf rpmforge 26 M
Transaction Summary
================================================================================
Install 7 Package(s)
Update 9 Package(s)
Remove 0 Package(s)
Total size: 57 M
Total download size: 57 M
Downloading Packages:
--------------------------------------------------------------------------------
Total 62 kB/s | 57 MB 15:36
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Updating : xen-libs [ 1/25]
Installing : qemu [ 2/25]
Installing : cyrus-sasl-md5 [ 3/25]
Installing : gtkglext-libs [ 4/25]
Updating : gtk-vnc [ 5/25]
Updating : gtk-vnc-python [ 6/25]
Installing : iscsi-initiator-utils [ 7/25]
Updating : xen-devel [ 8/25]
Installing : kernel-xen [ 9/25]
Updating : libvirt [10/25]
Updating : libvirt-python [11/25]
Updating : python-virtinst [12/25]
Updating : libvirt-devel [13/25]
Installing : xen [14/25]
warning: /etc/xen/scripts/locking.sh created as /etc/xen/scripts/locking.sh.rpmnew
warning: /etc/xen/scripts/network-bridge created as /etc/xen/scripts/network-bridge.rpmnew
warning: /etc/xen/scripts/network-nat created as /etc/xen/scripts/network-nat.rpmnew
warning: /etc/xen/scripts/vif-common.sh created as /etc/xen/scripts/vif-common.sh.rpmnew
warning: /etc/xen/scripts/xen-hotplug-cleanup created as /etc/xen/scripts/xen-hotplug-cleanup.rpmnew
warning: /etc/xen/xend-config.sxp created as /etc/xen/xend-config.sxp.rpmnew
Updating : virt-manager [15/25]
Installing : gnome-applet-vm [16/25]
Cleanup : gtk-vnc [17/25]
Cleanup : libvirt-devel [18/25]
Cleanup : xen-libs [19/25]
Cleanup : libvirt-python [20/25]
Cleanup : virt-manager [21/25]
Cleanup : libvirt [22/25]
Cleanup : gtk-vnc-python [23/25]
Cleanup : xen-devel [24/25]
Cleanup : python-virtinst [25/25]
Installed: gnome-applet-vm.i386 0:0.1.2-1.el5 kernel-xen.i686 0:2.6.18-164.el5 xen.i386 0:3.4.0-3.el5
Dependency Installed: cyrus-sasl-md5.i386 0:2.1.22-4 gtkglext-libs.i386 0:1.2.0-6 iscsi-initiator-utils.i386 0:6.2.0.868-0.18.el5_3.1 qemu.i386 0:0.10.5-1.el5.rf
Updated: gtk-vnc.i386 0:0.3.7-2 gtk-vnc-python.i386 0:0.3.7-2 libvirt.i386 0:0.6.4-3.el5 libvirt-devel.i386 0:0.6.4-3.el5 libvirt-python.i386 0:0.6.4-3.el5 python-virtinst.noarch 0:0.400.3-1.el5 virt-manager.i386 0:0.7.0-1.el5 xen-devel.i386 0:3.4.0-3.el5 xen-libs.i386 0:3.4.0-3.el5
Create the following file with a text editor and save it as /etc/yum.repos.d/gitco.repo
# Name: RPM Repository for Red Hat Enterprise 5 - gitco
[gitco]
name = Red Hat Enterprise $releasever - gitco
baseurl = http://www.gitco.de/linux/i386/centos/5/rpms_testing/
enabled = 1
protect = 0
gpgcheck = 0
2. Uninstall old Virtualization files
yum groupremove Virtualization
3. Install the relevant packages using YUM
yum groupinstall -y Virtualization
Yum will probably want to upgrade some other files along with the ones we've chosen.
Warning! If you get an error message from grubby this is bad!
Installing: kernel-xen ####################### [ 9/13]
grubby fatal error: unable to find a suitable template
This means that your grub.conf file couldn't be written to for whaterver reason. I'm not sure yet why this is happening but it basically means the grub.conf will be pointing to your old xen-kernel instead of your new one so you won't be able to successfully reboot. If you get this message you need to edit your /boot/grub/grub.conf file and make the kernel lines match the kernel you installed. To get your installed xen-kernel version check it with rpm.
[ root@vs / ] rpm -q kernel-xen
kernel-xen-2.6.18-92.1.6.el5
Now edit your /boot/grub/grub.conf to match
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You have a /boot partition. This means that
# all kernel and initrd paths are relative to /boot/, eg.
# root (hd0,0)
# kernel /vmlinuz-version ro root=/dev/vgsys/lvroot
# initrd /initrd-version.img
#boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title CentOS (2.6.18-92.1.6.el5xen)
root (hd0,0)
kernel /xen.gz-3.3.0
module /vmlinuz-2.6.18-92.1.6.el5xen ro root=/dev/vgsys/lvroot rhgb quiet
module /initrd-2.6.18-92.1.6.el5xen.img
4. Reboot - no really I mean it.
5. Try it out by using the xm dmesg command
[ root@vs ~ ] xm dmesg
__ __ _____ _ _ ___
\ \/ /___ _ __ |___ /| || | / _ \
\ // _ \ '_ \ |_ \| || |_| | | |
/ \ __/ | | | ___) |__ _| |_| |
/_/\_\___|_| |_| |____(_) |_|(_)___/
(XEN) Xen version 3.4.0 ( root@gitco.tld This e-mail address is being protected from spambots. You need JavaScript enabled to view it
That's about all. If you have any questions drop a comment here.
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* rpmforge: apt.sw.be
* extras: mirror01.idc.hinet.net
* updates: mirror01.idc.hinet.net
* base: mirror01.idc.hinet.net
* addons: mirror01.idc.hinet.net
Setting up Group Process
Checking for new repos for mirrors
Package virt-viewer-0.0.2-2.el5.i386 already installed and latest version
Resolving Dependencies
--> Running transaction check
---> Package xen.i386 0:3.4.0-3.el5 set to be updated
--> Processing Dependency: xen-libs = 3.4.0-3.el5 for package: xen
--> Processing Dependency: libflask.so.1.0 for package: xen
--> Processing Dependency: libxenctrl.so.3.4 for package: xen
--> Processing Dependency: libxenguest.so.3.4 for package: xen
---> Package virt-manager.i386 0:0.7.0-1.el5 set to be updated
--> Processing Dependency: python-virtinst >= 0.400.3 for package: virt-manager
--> Processing Dependency: gtk-vnc-python >= 0.3.4 for package: virt-manager
--> Processing Dependency: libvirt-python >= 0.6.1 for package: virt-manager
---> Package gnome-applet-vm.i386 0:0.1.2-1.el5 set to be updated
---> Package libvirt.i386 0:0.6.4-3.el5 set to be updated
--> Processing Dependency: /usr/bin/qemu-img for package: libvirt
--> Processing Dependency: cyrus-sasl-md5 for package: libvirt
--> Processing Dependency: iscsi-initiator-utils for package: libvirt
---> Package kernel-xen.i686 0:2.6.18-164.el5 set to be installed
--> Processing Dependency: libvirt = 0.3.3 for package: libvirt-devel
--> Running transaction check
---> Package libvirt-devel.i386 0:0.6.4-3.el5 set to be updated
---> Package iscsi-initiator-utils.i386 0:6.2.0.868-0.18.el5_3.1 set to be updated
---> Package libvirt-python.i386 0:0.6.4-3.el5 set to be updated
---> Package qemu.i386 0:0.10.5-1.el5.rf set to be updated
---> Package gtk-vnc-python.i386 0:0.3.7-2 set to be updated
--> Processing Dependency: gtk-vnc = 0.3.7 for package: gtk-vnc-python
--> Processing Dependency: libxenctrl.so.3.0 for package: xen-devel
--> Processing Dependency: libxenguest.so.3.0 for package: xen-devel
--> Processing Dependency: xen-libs = 3.0.3-80.el5_3.3 for package: xen-devel
---> Package xen-libs.i386 0:3.4.0-3.el5 set to be updated
---> Package cyrus-sasl-md5.i386 0:2.1.22-4 set to be updated
---> Package python-virtinst.noarch 0:0.400.3-1.el5 set to be updated
--> Running transaction check
---> Package xen-devel.i386 0:3.4.0-3.el5 set to be updated
---> Package gtk-vnc.i386 0:0.3.7-2 set to be updated
--> Processing Dependency: libgdkglext-x11-1.0.so.0 for package: gtk-vnc
--> Processing Dependency: libgtkglext-x11-1.0.so.0 for package: gtk-vnc
--> Running transaction check
---> Package gtkglext-libs.i386 0:1.2.0-6 set to be updated
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
gnome-applet-vm i386 0.1.2-1.el5 base 76 k
kernel-xen i686 2.6.18-164.el5 updates 17 M
xen i386 3.4.0-3.el5 gitco 9.1 M
Updating:
gtk-vnc i386 0.3.7-2 gitco 78 k
gtk-vnc-python i386 0.3.7-2 gitco 13 k
libvirt i386 0.6.4-3.el5 gitco 2.1 M
libvirt-devel i386 0.6.4-3.el5 gitco 260 k
libvirt-python i386 0.6.4-3.el5 gitco 139 k
python-virtinst noarch 0.400.3-1.el5 gitco 383 k
virt-manager i386 0.7.0-1.el5 gitco 1.4 M
xen-devel i386 3.4.0-3.el5 gitco 252 k
xen-libs i386 3.4.0-3.el5 gitco 161 k
Installing for dependencies:
cyrus-sasl-md5 i386 2.1.22-4 base 45 k
gtkglext-libs i386 1.2.0-6 gitco 145 k
iscsi-initiator-utils i386 6.2.0.868-0.18.el5_3.1 updates 566 k
qemu i386 0.10.5-1.el5.rf rpmforge 26 M
Transaction Summary
================================================================================
Install 7 Package(s)
Update 9 Package(s)
Remove 0 Package(s)
Total size: 57 M
Total download size: 57 M
Downloading Packages:
--------------------------------------------------------------------------------
Total 62 kB/s | 57 MB 15:36
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Updating : xen-libs [ 1/25]
Installing : qemu [ 2/25]
Installing : cyrus-sasl-md5 [ 3/25]
Installing : gtkglext-libs [ 4/25]
Updating : gtk-vnc [ 5/25]
Updating : gtk-vnc-python [ 6/25]
Installing : iscsi-initiator-utils [ 7/25]
Updating : xen-devel [ 8/25]
Installing : kernel-xen [ 9/25]
Updating : libvirt [10/25]
Updating : libvirt-python [11/25]
Updating : python-virtinst [12/25]
Updating : libvirt-devel [13/25]
Installing : xen [14/25]
warning: /etc/xen/scripts/locking.sh created as /etc/xen/scripts/locking.sh.rpmnew
warning: /etc/xen/scripts/network-bridge created as /etc/xen/scripts/network-bridge.rpmnew
warning: /etc/xen/scripts/network-nat created as /etc/xen/scripts/network-nat.rpmnew
warning: /etc/xen/scripts/vif-common.sh created as /etc/xen/scripts/vif-common.sh.rpmnew
warning: /etc/xen/scripts/xen-hotplug-cleanup created as /etc/xen/scripts/xen-hotplug-cleanup.rpmnew
warning: /etc/xen/xend-config.sxp created as /etc/xen/xend-config.sxp.rpmnew
Updating : virt-manager [15/25]
Installing : gnome-applet-vm [16/25]
Cleanup : gtk-vnc [17/25]
Cleanup : libvirt-devel [18/25]
Cleanup : xen-libs [19/25]
Cleanup : libvirt-python [20/25]
Cleanup : virt-manager [21/25]
Cleanup : libvirt [22/25]
Cleanup : gtk-vnc-python [23/25]
Cleanup : xen-devel [24/25]
Cleanup : python-virtinst [25/25]
Installed: gnome-applet-vm.i386 0:0.1.2-1.el5 kernel-xen.i686 0:2.6.18-164.el5 xen.i386 0:3.4.0-3.el5
Dependency Installed: cyrus-sasl-md5.i386 0:2.1.22-4 gtkglext-libs.i386 0:1.2.0-6 iscsi-initiator-utils.i386 0:6.2.0.868-0.18.el5_3.1 qemu.i386 0:0.10.5-1.el5.rf
Updated: gtk-vnc.i386 0:0.3.7-2 gtk-vnc-python.i386 0:0.3.7-2 libvirt.i386 0:0.6.4-3.el5 libvirt-devel.i386 0:0.6.4-3.el5 libvirt-python.i386 0:0.6.4-3.el5 python-virtinst.noarch 0:0.400.3-1.el5 virt-manager.i386 0:0.7.0-1.el5 xen-devel.i386 0:3.4.0-3.el5 xen-libs.i386 0:3.4.0-3.el5
Nginx+PHP+MySQL双机互备、全自动切换方案
[ 2010/01/04 21:43 | by suibing ]
2010/01/04 21:43 | by suibing ]
[文章作者:张宴 本文版本:v1.0 最后修改:2008.11.19 转载请注明原文链接:http://blog.s135.com/post/379/]
在生产应用中,某台“Nginx+PHP+MySQL”接口数据服务器,扮演的角色十分重要,如果服务器硬件或Nginx、MySQL发生故障,而短时间内无法恢复,后果将非常严重。为了避免单点故障,我设计了此套方案,编写了failover.sh脚本,实现了双机互备、全自动切换,故障转移时间只需几十秒。
一、双机互备、全自动切换方案:
1、拓扑图:
2、解释:
(1)、假设外网域名blog.s135.com解析到外网虚拟IP 72.249.146.214上,内网hosts设置db10对应内网虚拟IP 192.168.146.214
(2)、默认情况下,由主机绑定内、外网虚拟IP,备机作为备份,当主机的MySQL、Nginx或服务器出现故障无法访问时,备机会自动接管内、外网虚拟IP。两台服务器都启动负责监控、自动切换虚拟IP的守护进程/usr/bin/nohup /bin/sh /usr/local/webserver/failover/failover.sh 2>&1 > /dev/null &
(3)、主机和备机上的MySQL服务器互为主从,互相同步。在主机处于活动状态(即由主机绑定虚拟IP)时,读写主机的MySQL,写到主机的数据会同步到备机;在备机处于活动状态时,读写备机的MySQL,写到备机的数据会同步到主机(如果主机上的MySQL死掉暂时无法同步,主机上的MySQL恢复后,数据会自动从备机上同步过来,反之亦然)。
(4)、主机处于活动状态时,每20秒会把/data0/htdocs/(网页、程序、图片存放目录)、/usr/local/webserver/php/etc/(php.ini等配置文件目录)、/usr/local/webserver/nginx/conf/(Nginx配置文件目录)三个目录下的文件通过rsync推送到备机服务器上的对应目录(增量推送,两台服务器上一样的文件不会重复推送),反之如果备机处于活动状态时,每20秒会尝试把文件推送到主机。rsync的配置文件见两台服务器的/etc/rsyncd.conf,rsync守护进程的启动命令为rsync --daemon
3、自动切换流程
(1)、主机默认绑定内、外网虚拟IP,当主机的MySQL、Nginx无法访问或服务器宕机,主机上的failover.sh守护进程会自动摘除自己绑定的内、外网虚拟IP(如果主机上的failover.sh死掉,无法摘除自己绑定的虚拟IP也没关系),备机上的failover.sh守护进程会自动接管备机原来绑定的内、外网虚拟IP,并发送ARPing包给内、外网网关更新MAC,强行接管。
(2)、备机绑定虚拟IP后,会发送ARPing包给内、外网网关,通知网关更新虚拟IP的MAC地址为备机的MAC地址,从而保证了切换后能够通过虚拟IP及时访问到备机。
(3)、如果主机的MySQL、Nginx启动起来,全部恢复正常访问,主机上的failover.sh守护进程会检测主机上的MySQL数据是否已经完全从备机上同步过来。如果同步延迟时间为0,主机会自动接管内、外网虚拟IP,并发送ARPing包给内、外网网关,而备机也会自动摘除内、外网虚拟IP。
(4)、整个切换流程均由failover.sh自动完成,无需人工处理。
4、注意事项(很重要):
(1)、crontab里的文件没有做自动同步,如果修改,需要手工在两台服务器上都做修改。
(2)、/data0/htdocs/目录内任何用ln -s建立的软连接,rsync不会自动同步,如果在一台服务器上建了软连接,需要手工在另外一台服务器上也建相同的软连接。
(3)、如果要删除/data0/htdocs/目录内的某些文件或目录,需要先删除处于活动状态(即绑定了虚拟IP)服务器上的文件或目录,再删除处于备用状态服务器上的文件或目录。
(4)、除了/data0/htdocs/(网页、程序、图片存放目录)、/usr/local/webserver/php/etc/(php.ini等配置文件目录)、/usr/local/webserver/nginx/conf/(Nginx配置文件目录)三个目录之外的其他配置修改,需要在两台服务器上都做修改。
二、配置文档与脚本:
1、主机、备机两台服务器的rsync配置(配置相同)
(1)、rsync配置文件
vi /etc/rsyncd.conf
输入一些内容并保存:
引用
uid = root
gid = root
use chroot = no
max connections = 20
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock
log file = /var/log/rsyncd.log
[data0_htdocs]
path = /data0/htdocs/
ignore errors
read only = no
hosts allow = 192.168.146.0/24
hosts deny = 0.0.0.0/32
[php_etc]
path = /usr/local/webserver/php/etc/
ignore errors
read only = no
hosts allow = 192.168.146.0/24
hosts deny = 0.0.0.0/32
[nginx_conf]
path = /usr/local/webserver/nginx/conf/
ignore errors
read only = no
hosts allow = 192.168.146.0/24
hosts deny = 0.0.0.0/32
(2)、启动rsync守护进程
/usr/bin/rsync --daemon
2、两台MySQL互为主从的配置
这里就不详细写出互为主从的配置过程了,如果不懂的朋友可以在Google上搜一下。有一点需要指出,my.cnf配置文件中请加上skip-name-resolve参数,使用IP来进行MySQL帐号验证。
3、主机、备机两台服务器负载监控、虚拟IP自动切换的failover.sh守护进程
(1)、启动failover.sh守护进程(为了开机能够自动运行,请将以下语句添加到/etc/rc.local文件中):
/usr/bin/nohup /bin/sh /usr/local/webserver/failover/failover.sh 2>&1 > /dev/null &
(2)、停止failover.sh守护进程:
ps -ef | grep failover.sh
会显示以下信息:
root 15428 1 0 Nov17 ? 00:00:03 /bin/sh /usr/local/webserver/failover/failover.sh
root 20123 6878 0 16:16 pts/2 00:00:00 grep failover.sh
然后杀死failover.sh的进程:
kill -9 15428
(3)、failover.sh代码内容(请注意其中的type设置,主机设为master,备机设为slave):
#!/bin/sh
LANG=C
date=$(date -d "today" +"%Y-%m-%d %H:%M:%S")
#---------------配置信息(开始)---------------
#类型:主机设为master,备机设为slave
type="master"
#主机、备机切换日志路径
logfile="/var/log/failover.log"
#MySQL可执行文件地址,例如/usr/local/mysql/bin/mysql;MySQL用户名;密码;端口
mysql_bin="/usr/local/webserver/mysql/bin/mysql"
mysql_username="root"
mysql_password="123456"
mysql_port="3306"
#内网网关
gateway_eth0="192.168.146.1"
#主机内网真实IP
rip_eth0_master="192.168.146.213"
#备机内网真实IP
rip_eth0_slave="192.168.146.215"
#主机、备机内网共用的虚拟IP
vip_eth0_share="192.168.113.214"
#外网网关
gateway_eth1="72.249.146.193"
#主机外网真实IP
rip_eth1_master="72.249.146.213"
#备机外网真实IP
rip_eth1_slave="72.249.146.215"
#主机、备机外网共用的虚拟IP
vip_eth1_share="72.249.146.214"
#---------------配置信息(结束)---------------
#绑定内、外网虚拟IP
function_bind_vip()
{
/sbin/ifconfig eth0:vip ${vip_eth0_share} broadcast ${vip_eth0_share} netmask 255.255.255.255 up
/sbin/route add -host ${vip_eth0_share} dev eth0:vip
/sbin/ifconfig eth1:vip ${vip_eth1_share} broadcast ${vip_eth1_share} netmask 255.255.255.255 up
/sbin/route add -host ${vip_eth1_share} dev eth1:vip
/usr/local/webserver/php/sbin/php-fpm reload
kill -USR1 `cat /usr/local/webserver/nginx/logs/nginx.pid`
/sbin/service crond start
}
#解除内、外网虚拟IP
function_remove_vip()
{
/sbin/ifconfig eth0:vip ${vip_eth0_share} broadcast ${vip_eth0_share} netmask 255.255.255.255 down
/sbin/ifconfig eth1:vip ${vip_eth1_share} broadcast ${vip_eth1_share} netmask 255.255.255.255 down
/sbin/service crond stop
}
#主机向备机推送文件的函数
function_rsync_master_to_slave()
{
/usr/bin/rsync -zrtuog /data0/htdocs/ ${rip_eth0_slave}::data0_htdocs/ > /dev/null 2>&1
/usr/bin/rsync -zrtuog /usr/local/webserver/php/etc/ ${rip_eth0_slave}::php_etc/ > /dev/null 2>&1
/usr/bin/rsync -zrtuog /usr/local/webserver/nginx/conf/ ${rip_eth0_slave}::nginx_conf/ > /dev/null 2>&1
}
#备机向主机推送文件的函数
function_rsync_slave_to_master()
{
/usr/bin/rsync -zrtuog /data0/htdocs/ ${rip_eth0_master}::data0_htdocs/ > /dev/null 2>&1
/usr/bin/rsync -zrtuog /usr/local/webserver/php/etc/ ${rip_eth0_master}::php_etc/ > /dev/null 2>&1
/usr/bin/rsync -zrtuog /usr/local/webserver/nginx/conf/ ${rip_eth0_master}::nginx_conf/ > /dev/null 2>&1
}
#虚拟IP ARPing
function_vip_arping()
{
/sbin/arping -I eth0 -c 3 -s ${vip_eth0_share} ${gateway_eth0} > /dev/null 2>&1
/sbin/arping -I eth1 -c 3 -s ${vip_eth1_share} ${gateway_eth1} > /dev/null 2>&1
}
while true
do
#用HTTP协议检查虚拟IP
if (curl -m 30 -G http://${vip_eth1_share}/ > /dev/null 2>&1) && (${mysql_bin} -u"${mysql_username}" -p"${mysql_password}" -P"${mysql_port}" -h"${vip_eth0_share}" -e"show slave status\G" > /dev/null 2>&1)
then
#取得与内网VIP绑定的服务器内网IP
eth0_active_server=$(${mysql_bin} -u"${mysql_username}" -p"${mysql_password}" -P"${mysql_port}" -h"${vip_eth0_share}" -e"show slave status\G" | grep "Master_Host" | awk -F ': ' '{printf $2}')
#如果内网VIP=主机内网IP(主机MySQL中的Master_Host显示的是备机的域名或IP),且本机为主机
if [ "${eth0_active_server}" = "${rip_eth0_slave}" ] && [ "${type}" = "master" ]
then
function_rsync_master_to_slave
function_vip_arping
#如果内网VIP=备机内网IP(备机MySQL中的Master_Host显示的是主机的域名或IP)
elif [ "${eth0_active_server}" = "${rip_eth0_master}" ]
then
if (curl -m 30 -G http://${rip_eth1_master}/ > /dev/null 2>&1) && (${mysql_bin} -u"${mysql_username}" -p"${mysql_password}" -P"${mysql_port}" -h"${rip_eth0_master}" -e"show slave status\G" | grep "Seconds_Behind_Master: 0" > /dev/null 2>&1)
then
#如果主机能够访问,数据库同步无延迟,且本机就是主机,那么由本机绑定虚拟IP
if [ "${type}" = "master" ]
then
#如果本机为主机
function_bind_vip
function_vip_arping
echo "${date} 主机已绑定虚拟IP!(Type:1)" >> ${logfile}
else
#如果本机为备机
function_remove_vip
echo "${date} 备机已去除虚拟IP!(Type:2)" >> ${logfile}
fi
else
if [ "${type}" = "slave" ]
then
#如果本机为备机
function_rsync_slave_to_master
function_vip_arping
fi
fi
fi
else
#虚拟IP无法访问时,判断主机能否访问
if (curl -m 30 -G http://${rip_eth1_master}/ > /dev/null 2>&1) && (${mysql_bin} -u"${mysql_username}" -p"${mysql_password}" -P"${mysql_port}" -h"${rip_eth0_master}" -e"show slave status\G" > /dev/null 2>&1)
then
#如果主机能够访问,且本机就是主机,那么由本机绑定虚拟IP
if [ "${type}" = "master" ]
then
function_bind_vip
function_vip_arping
echo "${date} 主机已绑定虚拟IP!(Type:3)" >> ${logfile}
else
function_remove_vip
echo "${date} 备机已去除虚拟IP!(Type:4)" >> ${logfile}
fi
elif (curl -m 30 -G http://${rip_eth1_slave}/ > /dev/null 2>&1) && (${mysql_bin} -u"${mysql_username}" -p"${mysql_password}" -P"${mysql_port}" -h"${rip_eth0_slave}" -e"show slave status\G" > /dev/null 2>&1)
then
#如果主机不能访问而备机能够访问,且本机就是备机,那么由备机绑定虚拟IP
if [ "${type}" = "slave" ]
then
function_bind_vip
function_vip_arping
echo "${date} 备机已绑定虚拟IP!(Type:5)" >> ${logfile}
else
function_remove_vip
echo "${date} 主机已去除虚拟IP!(Type:6)" >> ${logfile}
fi
else
echo "${date} 主机、备机全部无法访问!(Type:7)" >> ${logfile}
fi
fi
#每次循环暂停20秒(即间隔20秒检测一次)
sleep 20
done
在生产应用中,某台“Nginx+PHP+MySQL”接口数据服务器,扮演的角色十分重要,如果服务器硬件或Nginx、MySQL发生故障,而短时间内无法恢复,后果将非常严重。为了避免单点故障,我设计了此套方案,编写了failover.sh脚本,实现了双机互备、全自动切换,故障转移时间只需几十秒。
一、双机互备、全自动切换方案:
1、拓扑图:
2、解释:
(1)、假设外网域名blog.s135.com解析到外网虚拟IP 72.249.146.214上,内网hosts设置db10对应内网虚拟IP 192.168.146.214
(2)、默认情况下,由主机绑定内、外网虚拟IP,备机作为备份,当主机的MySQL、Nginx或服务器出现故障无法访问时,备机会自动接管内、外网虚拟IP。两台服务器都启动负责监控、自动切换虚拟IP的守护进程/usr/bin/nohup /bin/sh /usr/local/webserver/failover/failover.sh 2>&1 > /dev/null &
(3)、主机和备机上的MySQL服务器互为主从,互相同步。在主机处于活动状态(即由主机绑定虚拟IP)时,读写主机的MySQL,写到主机的数据会同步到备机;在备机处于活动状态时,读写备机的MySQL,写到备机的数据会同步到主机(如果主机上的MySQL死掉暂时无法同步,主机上的MySQL恢复后,数据会自动从备机上同步过来,反之亦然)。
(4)、主机处于活动状态时,每20秒会把/data0/htdocs/(网页、程序、图片存放目录)、/usr/local/webserver/php/etc/(php.ini等配置文件目录)、/usr/local/webserver/nginx/conf/(Nginx配置文件目录)三个目录下的文件通过rsync推送到备机服务器上的对应目录(增量推送,两台服务器上一样的文件不会重复推送),反之如果备机处于活动状态时,每20秒会尝试把文件推送到主机。rsync的配置文件见两台服务器的/etc/rsyncd.conf,rsync守护进程的启动命令为rsync --daemon
3、自动切换流程
(1)、主机默认绑定内、外网虚拟IP,当主机的MySQL、Nginx无法访问或服务器宕机,主机上的failover.sh守护进程会自动摘除自己绑定的内、外网虚拟IP(如果主机上的failover.sh死掉,无法摘除自己绑定的虚拟IP也没关系),备机上的failover.sh守护进程会自动接管备机原来绑定的内、外网虚拟IP,并发送ARPing包给内、外网网关更新MAC,强行接管。
(2)、备机绑定虚拟IP后,会发送ARPing包给内、外网网关,通知网关更新虚拟IP的MAC地址为备机的MAC地址,从而保证了切换后能够通过虚拟IP及时访问到备机。
(3)、如果主机的MySQL、Nginx启动起来,全部恢复正常访问,主机上的failover.sh守护进程会检测主机上的MySQL数据是否已经完全从备机上同步过来。如果同步延迟时间为0,主机会自动接管内、外网虚拟IP,并发送ARPing包给内、外网网关,而备机也会自动摘除内、外网虚拟IP。
(4)、整个切换流程均由failover.sh自动完成,无需人工处理。
4、注意事项(很重要):
(1)、crontab里的文件没有做自动同步,如果修改,需要手工在两台服务器上都做修改。
(2)、/data0/htdocs/目录内任何用ln -s建立的软连接,rsync不会自动同步,如果在一台服务器上建了软连接,需要手工在另外一台服务器上也建相同的软连接。
(3)、如果要删除/data0/htdocs/目录内的某些文件或目录,需要先删除处于活动状态(即绑定了虚拟IP)服务器上的文件或目录,再删除处于备用状态服务器上的文件或目录。
(4)、除了/data0/htdocs/(网页、程序、图片存放目录)、/usr/local/webserver/php/etc/(php.ini等配置文件目录)、/usr/local/webserver/nginx/conf/(Nginx配置文件目录)三个目录之外的其他配置修改,需要在两台服务器上都做修改。
二、配置文档与脚本:
1、主机、备机两台服务器的rsync配置(配置相同)
(1)、rsync配置文件
vi /etc/rsyncd.conf
输入一些内容并保存:
引用
uid = root
gid = root
use chroot = no
max connections = 20
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock
log file = /var/log/rsyncd.log
[data0_htdocs]
path = /data0/htdocs/
ignore errors
read only = no
hosts allow = 192.168.146.0/24
hosts deny = 0.0.0.0/32
[php_etc]
path = /usr/local/webserver/php/etc/
ignore errors
read only = no
hosts allow = 192.168.146.0/24
hosts deny = 0.0.0.0/32
[nginx_conf]
path = /usr/local/webserver/nginx/conf/
ignore errors
read only = no
hosts allow = 192.168.146.0/24
hosts deny = 0.0.0.0/32
(2)、启动rsync守护进程
/usr/bin/rsync --daemon
2、两台MySQL互为主从的配置
这里就不详细写出互为主从的配置过程了,如果不懂的朋友可以在Google上搜一下。有一点需要指出,my.cnf配置文件中请加上skip-name-resolve参数,使用IP来进行MySQL帐号验证。
3、主机、备机两台服务器负载监控、虚拟IP自动切换的failover.sh守护进程
(1)、启动failover.sh守护进程(为了开机能够自动运行,请将以下语句添加到/etc/rc.local文件中):
/usr/bin/nohup /bin/sh /usr/local/webserver/failover/failover.sh 2>&1 > /dev/null &
(2)、停止failover.sh守护进程:
ps -ef | grep failover.sh
会显示以下信息:
root 15428 1 0 Nov17 ? 00:00:03 /bin/sh /usr/local/webserver/failover/failover.sh
root 20123 6878 0 16:16 pts/2 00:00:00 grep failover.sh
然后杀死failover.sh的进程:
kill -9 15428
(3)、failover.sh代码内容(请注意其中的type设置,主机设为master,备机设为slave):
#!/bin/sh
LANG=C
date=$(date -d "today" +"%Y-%m-%d %H:%M:%S")
#---------------配置信息(开始)---------------
#类型:主机设为master,备机设为slave
type="master"
#主机、备机切换日志路径
logfile="/var/log/failover.log"
#MySQL可执行文件地址,例如/usr/local/mysql/bin/mysql;MySQL用户名;密码;端口
mysql_bin="/usr/local/webserver/mysql/bin/mysql"
mysql_username="root"
mysql_password="123456"
mysql_port="3306"
#内网网关
gateway_eth0="192.168.146.1"
#主机内网真实IP
rip_eth0_master="192.168.146.213"
#备机内网真实IP
rip_eth0_slave="192.168.146.215"
#主机、备机内网共用的虚拟IP
vip_eth0_share="192.168.113.214"
#外网网关
gateway_eth1="72.249.146.193"
#主机外网真实IP
rip_eth1_master="72.249.146.213"
#备机外网真实IP
rip_eth1_slave="72.249.146.215"
#主机、备机外网共用的虚拟IP
vip_eth1_share="72.249.146.214"
#---------------配置信息(结束)---------------
#绑定内、外网虚拟IP
function_bind_vip()
{
/sbin/ifconfig eth0:vip ${vip_eth0_share} broadcast ${vip_eth0_share} netmask 255.255.255.255 up
/sbin/route add -host ${vip_eth0_share} dev eth0:vip
/sbin/ifconfig eth1:vip ${vip_eth1_share} broadcast ${vip_eth1_share} netmask 255.255.255.255 up
/sbin/route add -host ${vip_eth1_share} dev eth1:vip
/usr/local/webserver/php/sbin/php-fpm reload
kill -USR1 `cat /usr/local/webserver/nginx/logs/nginx.pid`
/sbin/service crond start
}
#解除内、外网虚拟IP
function_remove_vip()
{
/sbin/ifconfig eth0:vip ${vip_eth0_share} broadcast ${vip_eth0_share} netmask 255.255.255.255 down
/sbin/ifconfig eth1:vip ${vip_eth1_share} broadcast ${vip_eth1_share} netmask 255.255.255.255 down
/sbin/service crond stop
}
#主机向备机推送文件的函数
function_rsync_master_to_slave()
{
/usr/bin/rsync -zrtuog /data0/htdocs/ ${rip_eth0_slave}::data0_htdocs/ > /dev/null 2>&1
/usr/bin/rsync -zrtuog /usr/local/webserver/php/etc/ ${rip_eth0_slave}::php_etc/ > /dev/null 2>&1
/usr/bin/rsync -zrtuog /usr/local/webserver/nginx/conf/ ${rip_eth0_slave}::nginx_conf/ > /dev/null 2>&1
}
#备机向主机推送文件的函数
function_rsync_slave_to_master()
{
/usr/bin/rsync -zrtuog /data0/htdocs/ ${rip_eth0_master}::data0_htdocs/ > /dev/null 2>&1
/usr/bin/rsync -zrtuog /usr/local/webserver/php/etc/ ${rip_eth0_master}::php_etc/ > /dev/null 2>&1
/usr/bin/rsync -zrtuog /usr/local/webserver/nginx/conf/ ${rip_eth0_master}::nginx_conf/ > /dev/null 2>&1
}
#虚拟IP ARPing
function_vip_arping()
{
/sbin/arping -I eth0 -c 3 -s ${vip_eth0_share} ${gateway_eth0} > /dev/null 2>&1
/sbin/arping -I eth1 -c 3 -s ${vip_eth1_share} ${gateway_eth1} > /dev/null 2>&1
}
while true
do
#用HTTP协议检查虚拟IP
if (curl -m 30 -G http://${vip_eth1_share}/ > /dev/null 2>&1) && (${mysql_bin} -u"${mysql_username}" -p"${mysql_password}" -P"${mysql_port}" -h"${vip_eth0_share}" -e"show slave status\G" > /dev/null 2>&1)
then
#取得与内网VIP绑定的服务器内网IP
eth0_active_server=$(${mysql_bin} -u"${mysql_username}" -p"${mysql_password}" -P"${mysql_port}" -h"${vip_eth0_share}" -e"show slave status\G" | grep "Master_Host" | awk -F ': ' '{printf $2}')
#如果内网VIP=主机内网IP(主机MySQL中的Master_Host显示的是备机的域名或IP),且本机为主机
if [ "${eth0_active_server}" = "${rip_eth0_slave}" ] && [ "${type}" = "master" ]
then
function_rsync_master_to_slave
function_vip_arping
#如果内网VIP=备机内网IP(备机MySQL中的Master_Host显示的是主机的域名或IP)
elif [ "${eth0_active_server}" = "${rip_eth0_master}" ]
then
if (curl -m 30 -G http://${rip_eth1_master}/ > /dev/null 2>&1) && (${mysql_bin} -u"${mysql_username}" -p"${mysql_password}" -P"${mysql_port}" -h"${rip_eth0_master}" -e"show slave status\G" | grep "Seconds_Behind_Master: 0" > /dev/null 2>&1)
then
#如果主机能够访问,数据库同步无延迟,且本机就是主机,那么由本机绑定虚拟IP
if [ "${type}" = "master" ]
then
#如果本机为主机
function_bind_vip
function_vip_arping
echo "${date} 主机已绑定虚拟IP!(Type:1)" >> ${logfile}
else
#如果本机为备机
function_remove_vip
echo "${date} 备机已去除虚拟IP!(Type:2)" >> ${logfile}
fi
else
if [ "${type}" = "slave" ]
then
#如果本机为备机
function_rsync_slave_to_master
function_vip_arping
fi
fi
fi
else
#虚拟IP无法访问时,判断主机能否访问
if (curl -m 30 -G http://${rip_eth1_master}/ > /dev/null 2>&1) && (${mysql_bin} -u"${mysql_username}" -p"${mysql_password}" -P"${mysql_port}" -h"${rip_eth0_master}" -e"show slave status\G" > /dev/null 2>&1)
then
#如果主机能够访问,且本机就是主机,那么由本机绑定虚拟IP
if [ "${type}" = "master" ]
then
function_bind_vip
function_vip_arping
echo "${date} 主机已绑定虚拟IP!(Type:3)" >> ${logfile}
else
function_remove_vip
echo "${date} 备机已去除虚拟IP!(Type:4)" >> ${logfile}
fi
elif (curl -m 30 -G http://${rip_eth1_slave}/ > /dev/null 2>&1) && (${mysql_bin} -u"${mysql_username}" -p"${mysql_password}" -P"${mysql_port}" -h"${rip_eth0_slave}" -e"show slave status\G" > /dev/null 2>&1)
then
#如果主机不能访问而备机能够访问,且本机就是备机,那么由备机绑定虚拟IP
if [ "${type}" = "slave" ]
then
function_bind_vip
function_vip_arping
echo "${date} 备机已绑定虚拟IP!(Type:5)" >> ${logfile}
else
function_remove_vip
echo "${date} 主机已去除虚拟IP!(Type:6)" >> ${logfile}
fi
else
echo "${date} 主机、备机全部无法访问!(Type:7)" >> ${logfile}
fi
fi
#每次循环暂停20秒(即间隔20秒检测一次)
sleep 20
done
PHP实现http与https转化
[ 2010/01/04 15:55 | by suibing ]
2010/01/04 15:55 | by suibing ]
如果网页使用https访问,在网页开头加入以下代码:
<?php
//http转化为https
if ($_SERVER["HTTPS"]<>"on")
{
$xredir="https://".$_SERVER["SERVER_NAME"].
$_SERVER["REQUEST_URI"];
header("Location: ".$xredir);
}
?>
如果网页使用http访问,在网页开头加入以下代码:
<?php
//https转化为http
if ($_SERVER["HTTPS"]=="on")
{
$xredir="http://".$_SERVER["SERVER_NAME"].
$_SERVER["REQUEST_URI"];
header("Location: ".$xredir);
}
?>
<?php
//http转化为https
if ($_SERVER["HTTPS"]<>"on")
{
$xredir="https://".$_SERVER["SERVER_NAME"].
$_SERVER["REQUEST_URI"];
header("Location: ".$xredir);
}
?>
如果网页使用http访问,在网页开头加入以下代码:
<?php
//https转化为http
if ($_SERVER["HTTPS"]=="on")
{
$xredir="http://".$_SERVER["SERVER_NAME"].
$_SERVER["REQUEST_URI"];
header("Location: ".$xredir);
}
?>
[DiaHosting] PPTPD一键安装包
[ 2009/12/27 23:11 | by suibing ]
2009/12/27 23:11 | by suibing ]
系统要求:CentOS 5 32bits/64bits。
使用方法:
wget http://www.diahosting.com/dload/pptpd.sh
sh pptpd.sh
安装完成后会提示vpn用户名和密码。
VPN用户管理:
直接编辑/etc/ppp/chap-secrets文件,按照相同格式添加用户名和密码即可。
使用方法:
wget http://www.diahosting.com/dload/pptpd.sh
sh pptpd.sh
安装完成后会提示vpn用户名和密码。
VPN用户管理:
直接编辑/etc/ppp/chap-secrets文件,按照相同格式添加用户名和密码即可。
centos5精简优化初级教程
[ 2009/12/15 14:47 | by suibing ]
2009/12/15 14:47 | by suibing ]
下面写的是针对vps的,请谨慎使用,建议先google查证一下相关命令的作用,然后再进行操作。说是精简优化,其实就是关闭一些用不上的服务,节省系统资源。一般vps的主机都做过相当的优化,商家给vps装的系统也都是针对服务器用途精简优化过的,但作为性格偏执而且资源有限的小站长,我们还是忍不住要再来优化一番,这是针对做web服务用途的vps做的精简,仅供参考。操作前做好备份,操作中一定要做好记录,都改了哪些设置要记下来。
1、精简用不上的账户
这个只是为了安全和心理上舒服一点,可以跳过。
userdel adm
userdel lp
userdel sync
userdel shutdown
userdel halt
userdel news
userdel uucp
userdel operator
userdel games
userdel gopher
userdel ftp
groupdel adm
groupdel lp
groupdel news
groupdel uucp
groupdel games
groupdel dip
groupdel pppusers2、精简用不上的系统服务
chkconfig anacron off
chkconfig apmd off
chkconfig atd off
chkconfig autofs off
chkconfig cpuspeed off
chkconfig cups off
chkconfig cups-config-daemon off
chkconfig gpm off
chkconfig isdn off
chkconfig netfs off
chkconfig nfslock off
chkconfig openibd off
chkconfig pcmcia off
chkconfig portmap off
chkconfig rawdevices off
chkconfig readahead_early off
chkconfig rpcgssd off
chkconfig rpcidmapd off
chkconfig smartd off
chkconfig xfs off
chkconfig ip6tables off
chkconfig avahi-daemon off
chkconfig firstboot off
chkconfig yum-updatesd off
chkconfig sendmail off
chkconfig mcstrans off
chkconfig pcscd off
chkconfig bluetooth off
chkconfig hidd off
chkconfig haldaemon off
chkconfig messagebus off
chkconfig mdmonitor off
chkconfig acpid off像sendmail之类如果是在有需要的话,就不要像我一样关闭了,我只是习惯了用smtp。
精简完之后可以运行这个命令查看一下还剩下什么服务:
chkconfig --list |grep "3:on" |awk '{print $1}' |sort3、减少Virtual Terminals
一般是默认6个,精简到2个即可。
vi /etc/inittab
把后四个前加上#注释掉,像这样:
# Run gettys in standard runlevels
1:2345:respawn:/sbin/mingetty tty1
2:2345:respawn:/sbin/mingetty tty2
#3:2345:respawn:/sbin/mingetty tty3
#4:2345:respawn:/sbin/mingetty tty4
#5:2345:respawn:/sbin/mingetty tty5
#6:2345:respawn:/sbin/mingetty tty64、修改完别忘了重启一下系统,看看是否运行正常,如果有问题,可以尝试逐个回复前面禁用的东西,总结出需要去掉和保留的东西。
1、精简用不上的账户
这个只是为了安全和心理上舒服一点,可以跳过。
userdel adm
userdel lp
userdel sync
userdel shutdown
userdel halt
userdel news
userdel uucp
userdel operator
userdel games
userdel gopher
userdel ftp
groupdel adm
groupdel lp
groupdel news
groupdel uucp
groupdel games
groupdel dip
groupdel pppusers2、精简用不上的系统服务
chkconfig anacron off
chkconfig apmd off
chkconfig atd off
chkconfig autofs off
chkconfig cpuspeed off
chkconfig cups off
chkconfig cups-config-daemon off
chkconfig gpm off
chkconfig isdn off
chkconfig netfs off
chkconfig nfslock off
chkconfig openibd off
chkconfig pcmcia off
chkconfig portmap off
chkconfig rawdevices off
chkconfig readahead_early off
chkconfig rpcgssd off
chkconfig rpcidmapd off
chkconfig smartd off
chkconfig xfs off
chkconfig ip6tables off
chkconfig avahi-daemon off
chkconfig firstboot off
chkconfig yum-updatesd off
chkconfig sendmail off
chkconfig mcstrans off
chkconfig pcscd off
chkconfig bluetooth off
chkconfig hidd off
chkconfig haldaemon off
chkconfig messagebus off
chkconfig mdmonitor off
chkconfig acpid off像sendmail之类如果是在有需要的话,就不要像我一样关闭了,我只是习惯了用smtp。
精简完之后可以运行这个命令查看一下还剩下什么服务:
chkconfig --list |grep "3:on" |awk '{print $1}' |sort3、减少Virtual Terminals
一般是默认6个,精简到2个即可。
vi /etc/inittab
把后四个前加上#注释掉,像这样:
# Run gettys in standard runlevels
1:2345:respawn:/sbin/mingetty tty1
2:2345:respawn:/sbin/mingetty tty2
#3:2345:respawn:/sbin/mingetty tty3
#4:2345:respawn:/sbin/mingetty tty4
#5:2345:respawn:/sbin/mingetty tty5
#6:2345:respawn:/sbin/mingetty tty64、修改完别忘了重启一下系统,看看是否运行正常,如果有问题,可以尝试逐个回复前面禁用的东西,总结出需要去掉和保留的东西。
