有8台web服务器,现在要搭建一台NFS服务器用来存放8台web的日志(nginx的错误日志,php的错误日志,php的慢执行日志)

现在模拟一下这个场景


web1

192.168.183.175    CentOS7

web2

192.168.183.176    CentOS7

NFS

192.168.183.163    ubuntu18.04


一、NFS服务器的搭建:

1.1安装NFS

root@NFS:~# apt install nfs-kernel-server rpcbind

1.2修改配置文件,设置要挂载的目录,允许192.168.183.*主机访问

root@NFS:~# vim /etc/exports 
root@NFS:~# tail -1 /etc/exports 
/data 192.168.183.*(rw,sync,no_subtree_check,no_root_squash)

1.3创建共享目录,给足权限

root@NFS:~# mkdir /data
root@NFS:~# chmod 777 /data
root@NFS:~# echo $HOSTNAME > /data/README.md

1.4重启nfs-kernel-server,rpcbind并将二者加入开机启动项

root@NFS:~# systemctl restart nfs-kernel-server.service 
root@NFS:~# systemctl restart rpcbind 
root@NFS:~# systemctl enable nfs-kernel-server
Synchronizing state of nfs-kernel-server.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable nfs-kernel-server
root@NFS:~# systemctl enable rpcbind
Synchronizing state of rpcbind.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable rpcbind

1.5查看可挂载的共享目录

root@NFS:~# showmount -e 192.168.183.163
Export list for 192.168.183.163:
/data 192.168.183.*

二、web端的设置

2.1安装nfs客户端

[root@node1 ~]# yum install nfs-utils

2.2查看可挂载的共享目录

[root@node1 ~]# showmount -e 192.168.183.163
Export list for 192.168.183.163:
/data 192.168.183.*

2.3创建目录,将NFS端的目录挂载到本地

[root@node1 ~]# mkdir /NFS
[root@node1 ~]# mount -t nfs 192.168.183.163:/data /NFS
[root@node1 ~]# ls /NFS/
README.md
[root@node1 ~]# cat /NFS/README.md 
NFS
[root@node1 ~]# echo $HOSTNAME >> /NFS/README.md 
[root@node1 ~]# cat /NFS/README.md 
NFS
node1

三、在NFS端查看详情

3.1查看NFS运行状态

root@NFS:~# nfsstat 
Server rpc stats:
calls      badcalls   badfmt     badauth    badclnt
92         0          0          0          0       

Server nfs v4:
null             compound         
2         2%     90       97%     

Server nfs v4 operations:
op0-unused       op1-unused       op2-future       access           close            
0         0%     0         0%     0         0%     9         3%     4         1%     
commit           create           delegpurge       delegreturn      getattr          
0         0%     0         0%     0         0%     2         0%     66       24%     
getfh            link             lock             lockt            locku            
6         2%     0         0%     0         0%     0         0%     0         0%     
lookup           lookup_root      nverify          open             openattr         
4         1%     0         0%     0         0%     5         1%     0         0%     
open_conf        open_dgrd        putfh            putpubfh         putrootfh        
0         0%     0         0%     71       26%     0         0%     4         1%     
read             readdir          readlink         remove           rename           
2         0%     2         0%     0         0%     0         0%     0         0%     
renew            restorefh        savefh           secinfo          setattr          
0         0%     0         0%     0         0%     0         0%     0         0%     
setcltid         setcltidconf     verify           write            rellockowner     
0         0%     0         0%     0         0%     1         0%     0         0%     
bc_ctl           bind_conn        exchange_id      create_ses       destroy_ses      
0         0%     0         0%     2         0%     2         0%     0         0%     
free_stateid     getdirdeleg      getdevinfo       getdevlist       layoutcommit     
0         0%     0         0%     0         0%     0         0%     0         0%     
layoutget        layoutreturn     secinfononam     sequence         set_ssv          
0         0%     0         0%     2         0%     86       31%     0         0%     
test_stateid     want_deleg       destroy_clid     reclaim_comp     allocate         
0         0%     0         0%     0         0%     2         0%     0         0%     
copy             copy_notify      deallocate       ioadvise         layouterror      
0         0%     0         0%     0         0%     0         0%     0         0%     
layoutstats      offloadcancel    offloadstatus    readplus         seek             
0         0%     0         0%     0         0%     0         0%     0         0%     
write_same       
0         0%

3.2查看rpc运行情况

root@NFS:~# rpcinfo

3.3优化NFS服务,将登入NFS主机的用户全部设定成指定的ID

root@NFS:~# useradd -s /bin/nologin nfsuser
root@NFS:~# getent passwd nfsuser 
nfsuser:x:1001:1001::/home/nfsuser:/bin/nologin
root@NFS:~# vim /etc/exports 
root@NFS:~# fg
vim /etc/exports
root@NFS:~# tail -1 /etc/exports 
/data 192.168.183.*(rw,sync,no_subtree_check,anonuid=1001,anongid=1001)
root@NFS:~# exp
expand    expiry    export    exportfs  expr      
root@NFS:~# exportfs -rv
exporting 192.168.183.*:/data
root@NFS:~# chown -R nfsuser.nfsuser /data/

四、让web机器实现开机自动挂载NFS(autofs)

使用autofs自动挂载或者写入/etc/fstab,autofs相对来说更稳妥一点,因为据我的经历,若NFS服务器挂掉,那么web端开机会因为挂载不到NFS盘而开不了机,这还是比较危险的

4.1在所有web端安装autofs

[root@node1 ~]# yum install -y autofs

4.2修改主配置

这相当于定义子配置文件的位置以及挂载目录

[root@node1 ~]# vim /etc/auto.master
[root@node1 ~]# grep nfs /etc/auto.master
/NFS	/etc/nfs.misc

4.3编辑子配置

[root@node1 ~]# vim /etc/nfs.misc
[root@node1 ~]# grep '' /etc/nfs.misc 
web1	-rw	192.168.183.128:/data/

4.4重启autofs服务并加入开机启动项

[root@node1 ~]# systemctl restart autofs
[root@node1 ~]# systemctl enable autofs
Created symlink from /etc/systemd/system/multi-user.target.wants/autofs.service to /usr/lib/systemd/system/autofs.service.

4.5见证奇迹的时刻:

注意,可能创建/NFS/web1会提示权限不足,请关闭autofs服务重试

[root@node1 ~]# mkdir -p /NFS/web1
[root@node1 ~]# df -h
文件系统                 容量  已用  可用 已用% 挂载点
/dev/mapper/centos-root   50G  1.2G   49G    3% /
devtmpfs                 476M     0  476M    0% /dev
tmpfs                    488M     0  488M    0% /dev/shm
tmpfs                    488M  7.7M  480M    2% /run
tmpfs                    488M     0  488M    0% /sys/fs/cgroup
/dev/sda1               1014M  130M  885M   13% /boot
/dev/mapper/centos-home  147G   33M  147G    1% /home
tmpfs                     98M     0   98M    0% /run/user/1000
[root@node1 ~]# ls /NFS/web1
README.md
[root@node1 ~]# df -h
文件系统                 容量  已用  可用 已用% 挂载点
/dev/mapper/centos-root   50G  1.2G   49G    3% /
devtmpfs                 476M     0  476M    0% /dev
tmpfs                    488M     0  488M    0% /dev/shm
tmpfs                    488M  7.7M  480M    2% /run
tmpfs                    488M     0  488M    0% /sys/fs/cgroup
/dev/sda1               1014M  130M  885M   13% /boot
/dev/mapper/centos-home  147G   33M  147G    1% /home
tmpfs                     98M     0   98M    0% /run/user/1000
192.168.183.128:/data    118G  4.9G  107G    5% /NFS/web1
[root@node1 ~]# date >> /NFS/web1/node1_`date +%F`.txt
[root@node1 ~]# cat /NFS/web1/node1_2018-12-16.txt 
2018年 12月 16日 星期日 22:28:53 CST

4.6 其他web同理

五、web机器日志切割

日志切割参考:

所有日志进行切割处理,每天一次,日志后缀要加上时间,保存30天

5.1nginx默认有这个切割,基本不用处理

注意:配置文件中不要写后面的注释,此处仅作演示

[root@node1 ~]# vim /etc/logrotate.d/nginx 
[root@node1 ~]# cat /etc/logrotate.d/nginx 
/var/log/nginx/*.log {
        daily		#转储周期为每天
        missingok	#如果日志丢失,不报错,继续滚动下一个日志
        rotate 30	#保留30个备份
	dateext		#使用当前日期作为命名格式
        compress	#通过gzip压缩转储以后的日志,nocompress表示不对日志做gzip压缩处理
        delaycompress	#转储的日志到下一次转储时才使用
        notifempty	#当日志文件未空时,不进行轮转
        create 640 nginx adm	轮转时指定创建新文件的属性
        sharedscripts	#运行postrotate脚本,作用是在所有日志都轮转后统一执行一次脚本
        postrotate	#在logrotate转储之后需要执行的指令
                if [ -f /var/run/nginx.pid ]; then
                        kill -USR1 `cat /var/run/nginx.pid`
                fi
        endscript	#脚本结束
}
[root@node1 ~]#

5.2php的脚本

[root@node1 ~]# vim /etc/logrotate.d/php7.0-fpm
/var/log/php/*.log {
        rotate 30
        daily
        dateext
        missingok
        notifempty
        compress
        delaycompress
}

5.3写完配置文件要使用下面命令对配置文件进行检查

[root@node1 ~]# logrotate -d /etc/logrotate.d/nginx 
reading config file /etc/logrotate.d/nginx
Allocating hash table for state file, size 15360 B

Handling 1 logs

rotating pattern: /var/log/nginx/*.log  after 1 days (30 rotations)
empty log files are not rotated, old logs are removed
considering log /var/log/nginx/access.log
  log does not need rotating (log has been already rotated)considering log /var/log/nginx/error.log
  log does not need rotating (log has been already rotated)not running postrotate script, since no logs were rotated

或者手动让其轮转一次看看效果:

[root@node1 ~]# logrotate -f /etc/logrotate.d/nginx

5.4关于php的日志需要说明一下:

php正常有三个配置文件:php.ini,php-fpm.conf,www.conf,具体区别可以网上查

php的错误日志在php.ini中定义,可以自行去看:

[qqq@node1 ~]$ vim /etc/php/7.0/fpm/php.ini
log_errors = On
error_log = /var/log/php/php_errors.log

php的慢执行日志在www.conf中

[root@node1 ~]# vim /etc/php/7.0/fpm/pool.d/www.conf
slowlog = /var/log/php/slow.log
request_slowlog_timeout = 2s

六、rsync同步

要使用rsync将日志同步到NFS盘中

rsync参考:

rsync参考2:https://www.ilanni.com/?s=rsync

6.1同步nginx的日志

注意,nginx后面没有加斜杠,表示同步的nginx目录,加了斜杠就表示同步nginx目录里面的文件

[root@node1 ~]# rsync -avzH /var/log/nginx /NFS/web1
sending incremental file list
nginx/
nginx/access.log
nginx/error.log
nginx/ls.log

sent 3,342 bytes  received 77 bytes  6,838.00 bytes/sec
total size is 8,000  speedup is 2.34
[root@node1 ~]# ls /NFS/web1/nginx/ -l
总用量 8
-rw-r----- 1 nginx adm     0 12月 16 22:49 access.log
-rw-r----- 1 nginx adm     0 12月 16 22:49 error.log
-rw-r--r-- 1 root  root 8000 12月 16 23:42 ls.log

6.2同步php日志(包括php错误日志,php慢执行日志)

[root@node1 ~]# rsync -avzH /var/log/php /NFS/web1/
sending incremental file list
php/
php/error.log

sent 128 bytes  received 39 bytes  111.33 bytes/sec
total size is 5  speedup is 0.03
[root@node1 ~]# ls /NFS/web1/php/ -l
总用量 4
-rw-r--r-- 1 root root 5 12月 16 23:53 error.log

6.3将rsync加入计划任务

[root@node1 ~]# crontab -e -u root
[root@node1 ~]# crontab -l
* */2 * * * /usr/bin/rsync -avzH /var/log/nginx /NFS/web1/
* */2 * * * /usr/bin/rsync -avzH /var/log/php /NFS/web1/

七、杂项

7.1web服务器要ntp同步时间

现在都用chrony了,那就用chrony吧,随便搜了一篇文章:

7.2zabbix要监控web机器的时区正确