企业级Kodbox集群部署实战:从单机到高可用架构
项目概述
业务背景
在企业数字化转型过程中,文件管理与协作平台成为核心基础设施。Kodbox作为一款优秀的开源云盘系统,需要构建高可用、可扩展的集群架构来支撑企业级应用。
项目目标
构建具备以下特性的Kodbox集群:
- 高可用性:消除单点故障,实现服务不间断
- 可扩展性:支持水平扩展,应对业务增长
- 数据安全:多层次备份,保障数据可靠性
- 负载均衡:智能流量分发,优化用户体验
架构设计
系统架构图
.png)
用户访问 → [Keepalived VIP: 10.0.0.3] → [负载均衡层: lb01/lb02] → [应用层: web01/web02] → [数据层: db01]
↓
[共享存储: nfs01] → [备份层: backup] → [异地容灾: 阿里云]
服务器规划
| 角色 | 主机名 | IP地址 | 核心职责 |
|---|---|---|---|
| 应用服务器 | web01 | 10.0.0.7 | Nginx+PHP,业务处理 |
| 应用服务器 | web02 | 10.0.0.8 | Nginx+PHP,业务处理 |
| 负载均衡器 | lb01 | 10.0.0.5 | 流量分发,主Keepalived |
| 负载均衡器 | lb02 | 10.0.0.6 | 流量分发,备Keepalived |
| 数据库服务器 | db01 | 10.0.0.51 | MariaDB数据库服务 |
| 共享存储 | nfs01 | 10.0.0.31 | 文件共享,实时同步 |
| 备份服务器 | backup | 10.0.0.41 | 数据备份,异地同步 |
| 异地容灾 | aliyun | 公网IP | 异地数据保护 |
详细实施步骤
第一阶段:基础环境部署
1.1 数据库服务器部署 (db01)
MariaDB安装与配置:
# 安装MariaDB服务器
yum install -y mariadb-server
# 启动并设置开机自启
systemctl enable --now mariadb
# 验证服务状态
ss -lntup | grep mysql
ps -ef | grep mysql
数据库安全初始化:
# 执行安全配置脚本
mysql_secure_installation
# 按照提示完成以下配置:
# - 设置root密码
# - 移除匿名用户
# - 禁止root远程登录
# - 移除测试数据库
# - 重新加载权限表
业务数据库创建:
-- 登录数据库
mysql -uroot -p
-- 创建Kodbox专用数据库
CREATE DATABASE kodb CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
-- 创建本地访问用户
GRANT ALL PRIVILEGES ON kodb.* TO 'kodb'@'localhost' IDENTIFIED BY 'kodb';
-- 创建网络访问用户(按需调整网段)
GRANT ALL PRIVILEGES ON kodb.* TO 'kodb'@'10.0.0.%' IDENTIFIED BY 'kodb';
-- 刷新权限
FLUSH PRIVILEGES;
-- 验证用户创建
SELECT user, host FROM mysql.user;
1.2 应用服务器部署 (web01/web02)
PHP环境部署:
# 安装PHP及相关扩展
yum -y install php php-fpm php-bcmath php-cli php-common php-devel \
php-embedded php-gd php-intl php-mbstring php-mysqlnd \
php-opcache php-pdo php-process php-xml php-json
# 配置PHP-FPM
cat > /etc/php-fpm.d/www.conf << 'EOF'
[www]
user = nginx
group = nginx
listen = 127.0.0.1:9000
listen.allowed_clients = 127.0.0.1
pm = dynamic
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 35
slowlog = /var/log/php-fpm/www-slow.log
php_admin_value[error_log] = /var/log/php-fpm/www-error.log
php_admin_flag[log_errors] = on
EOF
# 启动PHP-FPM服务
systemctl enable --now php-fpm
php-fpm -t # 配置语法检查
Nginx环境部署:
# 配置Nginx官方YUM源
cat > /etc/yum.repos.d/nginx.repo << 'EOF'
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
EOF
# 安装Nginx
yum install -y nginx
# 配置Kodbox站点
cat > /etc/nginx/conf.d/kodbox.xiaozhi.cn.conf << 'EOF'
server {
listen 80;
server_name kodbox.xiaozhi.cn;
root /app/code/kodbox;
index index.php index.html;
access_log /var/log/nginx/kodbox-access.log main;
error_log /var/log/nginx/kodbox-error.log notice;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
# 优化性能参数
fastcgi_buffering on;
fastcgi_buffers 512 128k;
fastcgi_buffer_size 128k;
}
# 静态资源缓存
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
expires 1y;
add_header Cache-Control "public, immutable";
}
}
EOF
# 创建应用目录
mkdir -p /app/code/kodbox
# 验证配置并启动服务
nginx -t
systemctl enable --now nginx
服务验证:
# 创建测试文件验证各服务
cat > /app/code/kodbox/chk_php.php << 'EOF'
<?php
phpinfo();
?>
EOF
cat > /app/code/kodbox/chk_db.php << 'EOF'
<?php
$db_host = '10.0.0.51';
$db_user = 'kodb';
$db_pass = 'kodb';
$db_name = "kodb";
$link_id = mysqli_connect($db_host, $db_user, $db_pass, $db_name);
if ($link_id) {
echo "Database connection successful!\n";
} else {
echo "Connection failed: " . mysqli_connect_error() . "\n";
}
?>
EOF
1.3 Kodbox应用部署
代码部署:
# 上传并解压Kodbox代码
unzip -t kodbox.1.59.zip # 验证压缩包完整性
unzip kodbox.1.59.zip -d /app/code/kodbox/
# 设置正确的文件权限
chown -R nginx:nginx /app/code/kodbox/
find /app/code/kodbox/ -type d -exec chmod 755 {} \;
find /app/code/kodbox/ -type f -exec chmod 644 {} \;
# 设置运行时目录权限
chmod -R 777 /app/code/kodbox/data/
chmod -R 777 /app/code/kodbox/plugins/
Web安装:
通过浏览器访问 http://kodbox.xiaozhi.cn 完成安装:
- 接受许可协议
- 配置数据库连接(使用db01服务器)
- 设置管理员账户
- 完成安装
第二阶段:共享存储与高可用
2.1 NFS共享存储部署 (nfs01)
NFS服务端配置:
# 安装NFS服务
yum install -y nfs-utils rpcbind
# 创建共享用户和目录
useradd -s /sbin/nologin -M -u 1999 www
mkdir -p /nfs/kodbox
chown -R www:www /nfs/kodbox/
# 配置NFS导出
cat > /etc/exports << 'EOF'
/nfs/kodbox 10.0.0.0/24(rw,sync,all_squash,anonuid=1999,anongid=1999)
EOF
# 启动NFS服务
systemctl enable --now rpcbind nfs
exportfs -v # 验证导出配置
客户端挂载配置 (web01/web02):
# 安装NFS客户端
yum install -y nfs-utils
# 创建共享用户(UID必须与服务端一致)
useradd -s /sbin/nologin -M -u 1999 www
# 迁移现有数据到临时位置
mv /app/code/kodbox/data/files /tmp/files_backup
# 配置自动挂载
cat >> /etc/fstab << 'EOF'
10.0.0.31:/nfs/kodbox /app/code/kodbox/data/files nfs defaults 0 0
EOF
# 执行挂载
mkdir -p /app/code/kodbox/data/files
mount -a
# 恢复数据(如有)
cp -r /tmp/files_backup/* /app/code/kodbox/data/files/ 2>/dev/null || true
# 更新服务运行用户
sed -i 's/^user.*$/user www;/' /etc/nginx/nginx.conf
sed -i 's/^user = .*$/user = www/' /etc/php-fpm.d/www.conf
sed -i 's/^group = .*$/group = www/' /etc/php-fpm.d/www.conf
# 重启服务
systemctl restart nginx php-fpm
2.2 负载均衡部署 (lb01/lb02)
Nginx负载均衡配置:
# 安装Nginx(参考web服务器安装步骤)
# 配置负载均衡
cat > /etc/nginx/conf.d/kodbox.xiaozhi.cn.conf << 'EOF'
upstream kodbox_backend {
server 10.0.0.7:80 weight=3 max_fails=3 fail_timeout=30s;
server 10.0.0.8:80 weight=2 max_fails=3 fail_timeout=30s;
# 会话保持(可选)
ip_hash;
}
server {
listen 80;
server_name kodbox.xiaozhi.cn;
access_log /var/log/nginx/lb-access.log main;
error_log /var/log/nginx/lb-error.log notice;
location / {
proxy_pass http://kodbox_backend;
# 透传客户端信息
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# 超时设置
proxy_connect_timeout 30s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
# 缓冲区优化
proxy_buffering on;
proxy_buffer_size 4k;
proxy_buffers 8 4k;
}
# 负载均衡状态监控
location /nginx_status {
stub_status on;
access_log off;
allow 127.0.0.1;
allow 10.0.0.0/24;
deny all;
}
}
EOF
# 验证并重载配置
nginx -t
systemctl reload nginx
2.3 Keepalived高可用配置
主负载均衡器配置 (lb01):
# 安装Keepalived
yum install -y keepalived
# 配置Keepalived
cat > /etc/keepalived/keepalived.conf << 'EOF'
! Configuration File for keepalived
global_defs {
router_id lb01
script_user root
enable_script_security
}
vrrp_script chk_nginx {
script "/server/scripts/check_nginx.sh"
interval 2
weight -10
fall 2
rise 1
timeout 2
}
vrrp_instance VI_KODBOX {
state MASTER
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3/24 dev ens33 label ens33:0
}
track_script {
chk_nginx
}
# 通知脚本(可选)
notify_master "/server/scripts/notify_master.sh"
notify_backup "/server/scripts/notify_backup.sh"
}
EOF
备负载均衡器配置 (lb02):
cat > /etc/keepalived/keepalived.conf << 'EOF'
! Configuration File for keepalived
global_defs {
router_id lb02
script_user root
enable_script_security
}
vrrp_script chk_nginx {
script "/server/scripts/check_nginx.sh"
interval 2
weight -10
fall 2
rise 1
timeout 2
}
vrrp_instance VI_KODBOX {
state BACKUP
interface ens33
virtual_router_id 51
priority 90
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3/24 dev ens33 label ens33:0
}
track_script {
chk_nginx
}
}
EOF
健康检查脚本:
# 创建脚本目录
mkdir -p /server/scripts
# 编写Nginx健康检查脚本
cat > /server/scripts/check_nginx.sh << 'EOF'
#!/bin/bash
# Nginx服务健康检查脚本
COUNT=$(ps -ef | grep nginx | grep -v grep | wc -l)
if [ $COUNT -eq 0 ]; then
echo "Nginx is not running"
exit 1
else
# 进一步检查Nginx是否真正可用
if curl -f http://localhost/nginx_status >/dev/null 2>&1; then
exit 0
else
echo "Nginx is running but not responding"
exit 1
fi
fi
EOF
chmod +x /server/scripts/check_nginx.sh
# 启动Keepalived服务
systemctl enable --now keepalived
第三阶段:数据备份与容灾
3.1 实时同步配置 (nfs01 → backup)
NFS服务器配置实时同步:
# 安装lsyncd
yum install -y lsyncd
# 配置lsyncd
cat > /etc/lsyncd.conf << 'EOF'
settings {
logfile = "/var/log/lsyncd/lsyncd.log",
statusFile = "/var/log/lsyncd/lsyncd.status",
inotifyMode = "CloseWrite",
maxProcesses = 8
}
sync {
default.rsync,
source = "/nfs/kodbox",
target = "backup@10.0.0.41::kodbox_backup",
rsync = {
binary = "/usr/bin/rsync",
archive = true,
compress = true,
verbose = true,
password_file = "/etc/rsync.pass",
_extra = {"--bwlimit=10000"}
},
delay = 1
}
EOF
# 创建密码文件
echo "password123" > /etc/rsync.pass
chmod 600 /etc/rsync.pass
# 创建日志目录
mkdir -p /var/log/lsyncd
# 启动lsyncd服务
systemctl enable --now lsyncd
3.2 异地备份配置 (backup → 阿里云)
备份服务器配置:
# 配置Rsync服务端(参考之前项目)
# 创建定时备份脚本
cat > /server/scripts/backup_to_aliyun.sh << 'EOF'
#!/bin/bash
# 异地备份脚本
BACKUP_SRC="/backup/kodbox"
REMOTE_SERVER="aliyun_backup@your-aliyun-ip::kodbox_dr"
LOG_FILE="/var/log/backup_to_aliyun.log"
DATE_TAG=$(date +%Y%m%d_%H%M%S)
export RSYNC_PASSWORD="YourSecurePassword"
echo "[$DATE_TAG] Starting backup sync..." >> $LOG_FILE
rsync -avz --progress --delete \
--exclude="tmp/" \
--exclude="cache/" \
$BACKUP_SRC/ $REMOTE_SERVER >> $LOG_FILE 2>&1
if [ $? -eq 0 ]; then
echo "[$DATE_TAG] Backup completed successfully" >> $LOG_FILE
else
echo "[$DATE_TAG] Backup failed!" >> $LOG_FILE
# 发送告警邮件
echo "Backup to Aliyun failed at $(date)" | mail -s "Backup Alert" admin@company.com
fi
EOF
chmod +x /server/scripts/backup_to_aliyun.sh
# 添加到定时任务
echo "0 2 * * * /server/scripts/backup_to_aliyun.sh" >> /etc/crontab
监控与维护
服务状态监控
# 创建统一的监控脚本
cat > /server/scripts/cluster_monitor.sh << 'EOF'
#!/bin/bash
# 集群状态监控脚本
SERVERS=("10.0.0.7" "10.0.0.8" "10.0.0.5" "10.0.0.6" "10.0.0.51" "10.0.0.31")
ALERT_EMAIL="admin@company.com"
for server in "${SERVERS[@]}"; do
if ! ping -c 1 -W 3 $server >/dev/null 2>&1; then
echo "ALERT: Server $server is unreachable at $(date)" | \
mail -s "Server Down Alert" $ALERT_EMAIL
fi
done
# 检查VIP状态
if ip addr show ens33 | grep -q "10.0.0.3"; then
echo "VIP is active on local machine"
else
echo "VIP is not active on local machine"
fi
EOF
性能优化建议
Nginx优化:
# 在nginx.conf的http块中添加
keepalive_timeout 65;
keepalive_requests 1000;
client_max_body_size 100m; # 适应大文件上传
PHP优化:
; 在php.ini中调整
memory_limit = 256M
max_execution_time = 300
upload_max_filesize = 100M
post_max_size = 100M
项目成果
技术成果
- 高可用架构:实现服务99.9%可用性
- 线性扩展:支持无缝添加web服务器
- 数据安全:多层次数据保护机制
- 性能优化:智能负载均衡和缓存策略
业务价值
- 业务连续性:消除单点故障,保障服务不中断
- 用户体验:快速响应,支持大文件传输
- 运维效率:自动化监控和备份,降低运维成本
- 成本控制:基于开源技术,性价比极高
