记录与分享
最近发现其中一套生产环境的MySQL集群主从数据同步延迟问题严重,从库积累了很多中继日志,导致分配数据库磁盘使用率超过90%告警。这问题从排查到处理过程耗费了很长时间,在这里记录下整个处理过程,希望能给其他遇到此类问题的朋友一点帮助。
先介绍下环境情况,这套MySQL集群使用的k8s容器化部署,使用的三节点MySQL MGR复制模式,数据存储使用的ceph rbd块存储
– MySQL版本:8.0.19
– Ceph版本:12.2.10(Luminous)
最早发现主从数据库之间很多表数据不同步,MGR集群状态正常
检查操作系统负载情况
从库MySQL磁盘挂载(rbd0)IO情况,看到rbd0磁盘%util超过90%一直处在繁忙状态
查看防火墙规则,没什么限制
通过主库建立测试库操作来验证主从同步延迟情况,在test测试库下删除t2表
从库查看test库下表情况,半小时过去后从库t2表依然未删除,从库事务执行差距很大,查询过事务队列在堆积
中继日志积压一大堆未完成,导致从库磁盘使用率超过90%爆满
之前有写过编译安装的方式升级OpenSSH,为了能更好管理包版本,记录下CentOS制作rpm包升级OpenSSH的过程。网上也有很多关于制作OpenSSH的rpm包过程,也是根据各自需求记录分享一下。
系统:CentOS7 x86_64
OpenSSH版本:7.4p1
OpenSSL版本:1.0.2k-fips
# 修改如下配置,重启系统生效
vi /etc/selinx/config
SELINUX=disabled
# 立即生效
setenforce 0
getenforce
cp /etc/pam.d/sshd /etc/pam.d/sshd_bak
cp /etc/pam.d/system-auth /etc/pam.d/system-auth_bak
cp /etc/ssh/sshd_config /etc/ssh/sshd_config_bak
cp /etc/ssh/ssh_config /etc/ssh/ssh_config_bak
cp -r /etc/ssh /etc/ssh_bak
openssh-9.1p1下载地址:
curl -O https://mirrors.aliyun.com/pub/OpenBSD/OpenSSH/portable/openssh-9.1p1.tar.gz
ssh-askpass下载链接(可选):
curl -O https://src.fedoraproject.org/repo/pkgs/openssh/x11-ssh-askpass-1.2.4.1.tar.gz/8f2e41f3f7eaa8543a2440454637f3c3/x11-ssh-askpass-1.2.4.1.tar.gz
yum install rpm-build zlib-devel openssl-devel gcc perl-devel pam-devel unzip libXt-devel imake gtk2-devel
mysql -uroot -p
MariaDB [(none)]> CREATE DATABASE cinder;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'cinder';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'cinder';
MariaDB [(none)]> FLUSH PRIVILEGES;
. keystonerc_admin
[root@controller-01 ~]# openstack user create --domain default --password-prompt cinder
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 586034dc84fa427baec593ed32501d28 |
| name | cinder |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
openstack role add --project service --user cinder admin
[root@controller-01 ~]# openstack service create --name cinderv2 --description "OpenStack Block Storage" volumev2
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Block Storage |
| enabled | True |
| id | 08c72135ddcb46fda290c6ec94b270ed |
| name | cinderv2 |
| type | volumev2 |
+-------------+----------------------------------+
[root@controller-01 ~]# openstack service create --name cinderv3 --description "OpenStack Block Storage" volumev3
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Block Storage |
| enabled | True |
| id | 671d97addc654760be943446f9c158f6 |
| name | cinderv3 |
| type | volumev3 |
+-------------+----------------------------------+
[root@controller-01 ~]# openstack endpoint create --region RegionOne volumev2 public http://controller-01:8776/v2/%\(project_id\)s
+--------------+---------------------------------------------+
| Field | Value |
+--------------+---------------------------------------------+
| enabled | True |
| id | 7a53221557e04a619dc0c32f8c7317d0 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 08c72135ddcb46fda290c6ec94b270ed |
| service_name | cinderv2 |
| service_type | volumev2 |
| url | http://controller-01:8776/v2/%(project_id)s |
+--------------+---------------------------------------------+
[root@controller-01 ~]# openstack endpoint create --region RegionOne volumev2 internal http://controller-01:8776/v2/%\(project_id\)s
+--------------+---------------------------------------------+
| Field | Value |
+--------------+---------------------------------------------+
| enabled | True |
| id | 09a252a768084d889d512fcc9d2a654a |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 08c72135ddcb46fda290c6ec94b270ed |
| service_name | cinderv2 |
| service_type | volumev2 |
| url | http://controller-01:8776/v2/%(project_id)s |
+--------------+---------------------------------------------+
[root@controller-01 ~]# openstack endpoint create --region RegionOne volumev2 admin http://controller-01:8776/v2/%\(project_id\)s
+--------------+---------------------------------------------+
| Field | Value |
+--------------+---------------------------------------------+
| enabled | True |
| id | b9f21f762ce841bba9d54611bd2ecd42 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 08c72135ddcb46fda290c6ec94b270ed |
| service_name | cinderv2 |
| service_type | volumev2 |
| url | http://controller-01:8776/v2/%(project_id)s |
+--------------+---------------------------------------------+
[root@controller-01 ~]# openstack endpoint create --region RegionOne volumev3 public http://controller-01:8776/v3/%\(project_id\)s
+--------------+---------------------------------------------+
| Field | Value |
+--------------+---------------------------------------------+
| enabled | True |
| id | d7e6dffcafbb4c4f807808c834af160a |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 671d97addc654760be943446f9c158f6 |
| service_name | cinderv3 |
| service_type | volumev3 |
| url | http://controller-01:8776/v3/%(project_id)s |
+--------------+---------------------------------------------+
[root@controller-01 ~]# openstack endpoint create --region RegionOne volumev3 internal http://controller-01:8776/v3/%\(project_id\)s
+--------------+---------------------------------------------+
| Field | Value |
+--------------+---------------------------------------------+
| enabled | True |
| id | ac3c4e5395cc4b82b0ffa3af5548c69c |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 671d97addc654760be943446f9c158f6 |
| service_name | cinderv3 |
| service_type | volumev3 |
| url | http://controller-01:8776/v3/%(project_id)s |
+--------------+---------------------------------------------+
[root@controller-01 ~]# openstack endpoint create --region RegionOne volumev3 admin http://controller-01:8776/v3/%\(project_id\)s
+--------------+---------------------------------------------+
| Field | Value |
+--------------+---------------------------------------------+
| enabled | True |
| id | a6479e61952b4e7a85719195c4ac5728 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 671d97addc654760be943446f9c158f6 |
| service_name | cinderv3 |
| service_type | volumev3 |
| url | http://controller-01:8776/v3/%(project_id)s |
+--------------+---------------------------------------------+
Queens版本horizon具有以下依赖:
– Python 2.7
– Django 1.11
– Django 1.8 to 1.10 也是支持的,他们的支持将在Rocky后被移除。
– 一个可访问的 keystone 端点服务
– 所有其他服务都是可选的。从 Queens 版本开始,Horizon 支持以下服务。如果配置了服务的 keystone 端点,horizon 会检测到它并自动启用它的支持。
– cinder: Block Storage
– glance: Image Management
– neutron: Networking
– nova: Compute
– swift: Object Storage
– Horizon also supports many other OpenStack services via plugins. For more information, see the Plugin Registry.
yum install openstack-dashboard
/etc/openstack-dashboard/local_settings文件,修改如下配置:OPENSTACK_HOST = "controller-01"
ALLOWED_HOSTS = ['horizon.example.com', 'localhost'] # 主机也可以填写为'*',但是存在安全风险
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller-01:11211',
}
}
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 2,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
OPENSTACK_NEUTRON_NETWORK = {
'enable_router': False,
'enable_quotas': False,
'enable_distributed_router': False,
'enable_ha_router': False,
'enable_lb': False,
'enable_firewall': False,
'enable_vpn': False,
'enable_fip_topology_check': False,
}
TIME_ZONE = "TIME_ZONE" # TIME_ZONE替换为具体时区,比如Asia/Shanghai
/etc/httpd/conf.d/openstack-dashboard.conf文件,添加如下行:WSGIApplicationGroup %{GLOBAL}
systemctl restart httpd.service memcached.service
systemctl status httpd.service memcached.service
hosts文件(Linux在/etc/hosts,Windows在C:\Windwos\System32\drivers\etc\hosts),添加测试的域名解析192.168.1.10 horizon.example.com # IP填写控制节点controller-01的IP,域名填写上面配置ALLOWED_HOSTS对应域名
本机浏览器打开http://horizon.example.com/dashboard访问,出现dashboard登录页面,Domain填写default,分别输入admin跟demo对应的帐号密码登录验证
mysql -uroot -proot
MariaDB [(none)]> CREATE DATABASE neutron;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';
MariaDB [(none)]> FLUSH PRIVILEGES;
source keystonerc_admin
[root@controller-01 ~]# openstack user create --domain default --password-prompt neutron
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 6dba19fbf1e44fc5b38d81315ecd141e |
| name | neutron |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
openstack role add --project service --user neutron admin
[root@controller-01 ~]# openstack service create --name neutron --description "OpenStack Networking" network
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Networking |
| enabled | True |
| id | 6d99c27e4ca74b4b80db2ea15d1214e1 |
| name | neutron |
| type | network |
+-------------+----------------------------------+
[root@controller-01 ~]# openstack endpoint create --region RegionOne network public http://controller-01:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | eaa491b4812a4f22892f8e31179e035b |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 6d99c27e4ca74b4b80db2ea15d1214e1 |
| service_name | neutron |
| service_type | network |
| url | http://controller-01:9696 |
+--------------+----------------------------------+
[root@controller-01 ~]# openstack endpoint create --region RegionOne network internal http://controller-01:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 071f2a4a84404310b10f9cb610766e4f |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 6d99c27e4ca74b4b80db2ea15d1214e1 |
| service_name | neutron |
| service_type | network |
| url | http://controller-01:9696 |
+--------------+----------------------------------+
[root@controller-01 ~]# openstack endpoint create --region RegionOne network admin http://controller-01:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 34016fc444894a7c887e0ae62ca264cf |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 6d99c27e4ca74b4b80db2ea15d1214e1 |
| service_name | neutron |
| service_type | network |
| url | http://controller-01:9696 |
+--------------+----------------------------------+
您可以使用选项1和2表示的两种体系结构之一来部署网络服务。
选项2、增加了选项1的第3层服务支持将实例附加到自助服务网络。该demo用户或其他非特权用户可以管理自助服务网络,包括在自助服务网络和提供商网络之间提供连接的路由器。此外,浮动IP地址使用来自外部网络(例如 Internet)的自助服务网络提供与实例的连接。
自助服务网络通常使用覆盖网络。诸如 VXLAN 之类的覆盖网络协议包括额外的标头,这些标头会增加开销并减少可用于有效负载或用户数据的空间。在不了解虚拟网络基础结构的情况下,实例会尝试使用 1500 字节的默认以太网最大传输单元 (MTU) 发送数据包。网络服务通过 DHCP 自动为实例提供正确的 MTU 值。但是,某些云映像不使用 DHCP 或忽略 DHCP MTU 选项,需要使用元数据或脚本进行配置。
根据自己需求,这里我选择的选项2自助服务网络。
这里开始网络组件可以选择linuxbridge或者openvswitch,根据需要选择其中一种
mysql -uroot -p
CREATE DATABASE nova_api;
CREATE DATABASE nova;
CREATE DATABASE nova_cell0;
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'nova';
FLUSH PRIVILEGES;
– 创建nova用户,密码自定义为nova
openstack user create --domain default --password-prompt nova
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | cf5b4a1ac9284483a8601ce212b2150b |
| name | nova |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
openstack role add --project service --user nova admin
openstack service create --name nova --description "OpenStack Compute" compute
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Compute |
| enabled | True |
| id | 91ef7780ac984136ac0a98a8382f97f0 |
| name | nova |
| type | compute |
+-------------+----------------------------------+
openstack endpoint create --region RegionOne compute public http://controller-01:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 70039fd4b0434a79a3da46135a594e40 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 91ef7780ac984136ac0a98a8382f97f0 |
| service_name | nova |
| service_type | compute |
| url | http://controller-01:8774/v2.1 |
+--------------+----------------------------------+
openstack endpoint create --region RegionOne compute internal http://controller-01:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 71103854136c433e80868ed03405b3e3 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 91ef7780ac984136ac0a98a8382f97f0 |
| service_name | nova |
| service_type | compute |
| url | http://controller-01:8774/v2.1 |
+--------------+----------------------------------+
openstack endpoint create --region RegionOne compute admin http://controller-01:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 54f013b9691d4e7d88e6d49334e7d16b |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 91ef7780ac984136ac0a98a8382f97f0 |
| service_name | nova |
| service_type | compute |
| url | http://controller-01:8774/v2.1 |
+--------------+----------------------------------+
openstack user create --domain default --password-prompt placement
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 46cd680656344258993928db3717f8ff |
| name | placement |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
mysql -uroot -p
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'glance';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';
FLUSH PRIVILEGES;
source keystonerc_admin
[root@controller-01 ~]# openstack user create --domain default --password-prompt glance
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | d9dc186702da415db6b202327b73e08c |
| name | glance |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@controller-01 ~]# openstack role add --project service --user glance admin
[root@controller-01 ~]# openstack service create --name glance --description "OpenStack Image" image
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Image |
| enabled | True |
| id | c5fa51ca63b440bda5d277ee6dda23ec |
| name | glance |
| type | image |
+-------------+----------------------------------+
[root@controller-01 ~]# openstack endpoint create --region RegionOne image public http://controller-01:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 580275b630f14f91903c90f0a46f260d |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | c5fa51ca63b440bda5d277ee6dda23ec |
| service_name | glance |
| service_type | image |
| url | http://controller-01:9292 |
+--------------+----------------------------------+
[root@controller-01 ~]# openstack endpoint create --region RegionOne image internal http://controller-01:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 0f8142d6abd048fd8c72f1861f713bde |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | c5fa51ca63b440bda5d277ee6dda23ec |
| service_name | glance |
| service_type | image |
| url | http://controller-01:9292 |
+--------------+----------------------------------+
[root@controller-01 ~]# openstack endpoint create --region RegionOne image admin http://controller-01:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | e40b8990bab5493a92469f2ffb7ad55e |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | c5fa51ca63b440bda5d277ee6dda23ec |
| service_name | glance |
| service_type | image |
| url | http://controller-01:9292 |
+--------------+----------------------------------+
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';
FLUSH PRIVILEGES;
yum install openstack-keystone httpd mod_wsgi
[database]
connection = mysql+pymysql://keystone:keystone@controller-01/keystone
[token]
provider = fernet
su -s /bin/sh -c "keystone-manage db_sync" keystone
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
[root@controller-01 ~]# mysql -ukeystone -pkeystone keystone -e 'show tables'
Enter password:
+-----------------------------+
| Tables_in_keystone |
+-----------------------------+
| access_token |
| application_credential |
| application_credential_role |
| assignment |
| config_register |
| consumer |
| credential |
| endpoint |
| endpoint_group |
| federated_user |
| federation_protocol |
| group |
| id_mapping |
| identity_provider |
| idp_remote_ids |
| implied_role |
| limit |
| local_user |
| mapping |
| migrate_version |
| nonlocal_user |
| password |
| policy |
| policy_association |
| project |
| project_endpoint |
| project_endpoint_group |
| project_tag |
| region |
| registered_limit |
| request_token |
| revocation_event |
| role |
| sensitive_config |
| service |
| service_provider |
| system_assignment |
| token |
| trust |
| trust_role |
| user |
| user_group_membership |
| user_option |
| whitelisted_config |
+-----------------------------+
做一个学习OpenStack的记录,先从安装部署开始。由于OpenStack需要安装部署的内容较多,按内容章节编写。因为是部署学习,都是在虚拟机下操作完成,节点配置都不是很高。系统上选择的CentOS,也可以根据自己喜好选择其他Linux版本。如无特殊说明,都是切换到root帐号在所有节点操作执行。
概念架构
逻辑架构
硬件要求
操作系统:CentOS Linux release 7.9.2009 (Core)
控制节点controller:192.168.1.10、10.0.0.10
计算节点compute:192.168.1.11、10.0.0.11
存储节点storage:192.168.1.12、10.0.0.12
今天监控信息收到一个磁盘容量告警
根据监控告警信息去相应服务器检查磁盘空间情况
使用df与du命令显示的结果不一致,/data分区主要用于应用服务部署运行,应用服务部署的tomcat服务,每天日志量增长比较大。前段时间手动清理过tomcat的历史日志,其他应用服务不存在占用磁盘空间增长太大的情况。首先想到的是日志文件在被程序打开的时候被删除了,因为之前遇到过这种情况。但是tomcat日志都是按天切割的,删除的都不是当前程序打开的文件。
还是使用lsof检查看下有没有程序打开已经被删除的文件
继续阅读“Linux下使用df与du命令磁盘容量不一致”