Disclosure of Invention
Aiming at the problems, the invention provides an optimization method and system of an operation and maintenance auditing system, which solve the problems of poor expandability, poor deployment and low stability in the operation and maintenance auditing system.
In order to achieve the purpose, the invention provides the following technical scheme:
an optimization method of an operation and maintenance auditing system, wherein the operation and maintenance auditing system is respectively connected with terminal equipment and infrastructure equipment, and comprises an authentication login module and a log processing module, and the method comprises the following steps:
the authentication login module is controlled to receive authentication information of the terminal equipment by adopting a preset login process, the authentication information is authenticated, if the authentication is successful, the terminal equipment logs in the operation and maintenance auditing system, the preset login process comprises a single-point login service, and a local login mode is switched when the single-point login service responds to errors;
constructing an object storage structure of the log processing module, so that the operation and maintenance auditing system realizes the capacity expansion of a storage space based on the object storage structure, wherein the object storage structure comprises a programming interface layer, an object storage layer and a physical storage space layer, and the programming interface layer represents calling interfaces of different service modules;
responding to a newly added node in the operation and maintenance auditing system, registering the newly added node information into a preset storage module, and adding the newly added node into a candidate node pool with balanced load when the newly added node is monitored to be added in the storage module, so that a load balancing request is dispatched to the newly added node;
monitoring services on nodes in the candidate node pool, and deleting the nodes from the storage module when the monitored nodes do not meet preset requirements;
when a terminal device initiates a request for accessing infrastructure equipment, analyzing the request, obtaining a machine room where a server corresponding to the request is located, controlling a main load balancing node in the machine room to receive the request, forwarding the request to a board jumper module of the machine room through the main load balancing node, and realizing the connection between the terminal device and the server of the infrastructure equipment by using the board jumper module;
and storing the synchronous data into a message queue, and controlling the operation and maintenance auditing system to acquire the data from the message queue, and synchronizing and updating the data.
Optionally, the controlling the authentication login module to receive authentication information of the terminal device by using a preset login process, and authenticating the authentication information includes:
if the continuous failure frequency of the terminal equipment for logging in the operation and maintenance auditing system does not reach a preset frequency threshold value, judging whether the single sign-on service is in a normal state, if so, skipping the current login interface to the single sign-on service interface, and receiving login information of the terminal equipment through the single sign-on service interface;
responding the login information by using the single sign-on service, and controlling the terminal equipment to log in the operation and maintenance auditing system if the response is successful;
if the single sign-on service is in an abnormal state, skipping a current login interface to a local login interface, and receiving login information of the terminal equipment through the local login interface;
and if the local login is successful, controlling the terminal equipment to log in the operation and maintenance auditing system.
Optionally, the operation and maintenance auditing system further includes a WEB service module and a springboard service module, the programming interface layer includes an access log interface, a log recording interface and a log deleting interface, wherein the WEB service module calls the access log interface to query the log in the log processing module; the board jump machine service module calls the log recording interface to acquire an operation process and a log of the infrastructure equipment; and the deleting service interface is called by the WEB service module to delete the log record.
Optionally, the object storage layer includes an authentication service unit, a cache service unit, an object service unit, a data consistency management unit, and a data model management unit.
Optionally, the physical storage space layer is composed of a plurality of storage servers, the object storage layer manages storage space of the physical storage space layer, and the physical storage space layer is used for storing metadata and content of objects, so as to provide underlying storage space for the object storage.
Optionally, the registering the newly added node information in a preset storage module includes:
responding to the operation and maintenance auditing system, and further comprising a WEB service module and a board jumper service module, and automatically deploying the WEB service module or the board jumper service module on the newly added node through a preset deployment script;
sending a key application request to the WEB service module through the preset deployment script, and generating a key for the newly added node by using the WEB service module;
and registering the information of the newly added node into a storage module through the preset deployment script.
Optionally, the analyzing the request to obtain a machine room where a server corresponding to the request is located, and controlling a primary load balancing node in the machine room to receive the request includes:
responding to an access request initiated by a terminal device to a first server in a first machine room, and processing the access request through a jumper module in the first machine room to enable a main load balancing node in the first machine room to receive the request;
and if the access request cannot be processed by the board jumper module of the first machine room, distributing the access request to the board jumper module of a second machine room.
Optionally, the method further comprises:
applying for a corresponding springboard module access domain name for each machine room, and setting the corresponding domain name of each machine room to point to the load balancing node of the machine room, wherein a candidate node pool of the load balancing node of the machine room comprises service nodes of the springboard modules of all operation and maintenance auditing systems, and the priority levels of the load balancing nodes are different.
Optionally, the method further comprises:
when terminal equipment initiates an access request to infrastructure equipment, analyzing the access request to obtain an IP address of the infrastructure equipment and a corresponding machine room;
and initiating access to the infrastructure equipment by using the domain name of the jumper module of the machine room, and acquiring the IP address of the load balancing node of the machine room, so that the access request is distributed to the jumper module of the machine room where the infrastructure equipment is located for service.
An optimization system of an operation and maintenance auditing system, wherein the operation and maintenance auditing system is respectively connected with terminal equipment and infrastructure equipment, and comprises an authentication login module and a log processing module, and the system comprises:
the login control unit is used for controlling the authentication login module to receive authentication information of the terminal equipment by adopting a preset login process, authenticating the authentication information, and enabling the terminal equipment to log in the operation and maintenance auditing system if the authentication is successful, wherein the preset login process comprises single-point login service and is switched to a local login mode when the single-point login service responds to errors;
the storage construction unit is used for constructing an object storage structure of the log processing module, so that the operation and maintenance auditing system realizes the capacity expansion of a storage space based on the object storage structure, the object storage structure comprises a programming interface layer, an object storage layer and a physical storage space layer, and the programming interface layer represents calling interfaces of different service modules;
a node adding unit, configured to register, in response to a newly added node in the operation and maintenance auditing system, the newly added node information in a preset storage module, and when it is monitored that the newly added node is newly added in the storage module, add the newly added node in a candidate node pool for load balancing, so that a load balancing request is scheduled to the newly added node;
the node deleting unit is used for monitoring the service on the nodes in the candidate node pool, and deleting the nodes from the storage module when the monitored nodes do not meet the preset requirement;
the access processing unit is used for analyzing the request to obtain a machine room where a server corresponding to the request is located when the terminal equipment initiates the request for accessing the infrastructure equipment, controlling a main load balancing node in the machine room to receive the request, and forwarding the request to a board jumper module of the machine room through the main load balancing node to realize the connection between the terminal equipment and the server of the infrastructure equipment by using the board jumper module;
and the data synchronization unit is used for storing the synchronization data into a message queue, and controlling the operation and maintenance auditing system to acquire the data from the message queue and perform synchronization and updating.
Compared with the prior art, the invention provides the optimization method and the optimization system of the operation and maintenance auditing system, single sign-on service is adopted in the authentication sign-on module in the operation and maintenance auditing system, and the local sign-on mode is switched when the single sign-on service responds incorrectly, so that the disaster-tolerant unified authentication process is realized; the object storage structure of the log processing module is optimized, so that different service modules can be called, and the problem of capacity expansion of log data storage is solved; and the problems of difficult capacity expansion of the operation and maintenance auditing system and unstable service when a springboard machine room is accessed are solved by using a load balancing scheme capable of automatically identifying the newly added nodes and deploying the nodes, and a data synchronization process is optimized by adopting a data synchronization mode of an asynchronous message queue.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The terms "first" and "second," and the like in the description and claims of the present invention and the above-described drawings are used for distinguishing between different objects and not for describing a particular order. Furthermore, the terms "comprising" and "having," as well as any variations thereof, are intended to cover non-exclusive inclusions. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not set forth for a listed step or element but may include steps or elements not listed.
In order to facilitate the understanding of the embodiment of the invention, the operation and maintenance auditing system is briefly described. The operation and maintenance auditing system is a technical means for collecting and monitoring user operation, system state, security events, network activities and the like of each component in the network environment in real time by various technical means so as to alarm, record, analyze and process in a centralized manner under a specific network environment in order to ensure that servers, network equipment and the like are not damaged by the system and data leakage caused by the non-compliant operation of internal legal users.
Generally, a core module of the operation and maintenance auditing system comprises an authentication authorization module, a log processing module, a WEB service module and a board jumper module, and efficient application of the operation and maintenance auditing system can be ensured only by realizing distributed high-availability deployment of the operation and maintenance auditing system and performing data synchronization and update with other business systems. The embodiment of the invention also optimizes the operation and maintenance auditing system corresponding to the aspects, so that the optimized operation and maintenance auditing system can better meet the actual requirements.
The authentication and authorization module receives a login request of a user, performs identity verification on the user and logs the user into the system. When the user uses the system, the authentication and authorization module judges the operation of the user according to the role of the user and a policy defined in advance, and allows or forbids the operation of the user.
The log processing module records and stores all operations of the user logging in the infrastructure equipment, and is a whole-course record of the user operation process.
In order to improve the high availability and expandability of the WEB service module and the jumper module of the operation and maintenance auditing system, cluster-type multi-service node deployment is often adopted, that is, a plurality of server nodes are deployed, each node is provided with a complete service module, and then a load balancing technology is combined to reasonably distribute user requests according to strategies.
And real-time data synchronization and updating are realized by mutual calling of interfaces among systems. The method is based on the HTTP protocol in implementation, meaning that each invocation is synchronous. In addition, the method requires tight coupling between systems in terms of implementation, and other business systems need to be developed according to interface definitions of the operation and maintenance management system. An asynchronous message queue is an interprocess communication means for asynchronously processing a series of inputs. Message queues provide an asynchronous communication protocol, and data containing specifications, such as time, specific input parameters, etc., are recorded in the queues. The sender and receiver of the message need not interact with the message queue at the same time. The message is kept in the queue until the recipient retrieves the message. The mode can realize the decoupling between systems and is beneficial to expansion.
Referring to fig. 1, an optimization method of an operation and maintenance auditing system provided in an embodiment of the present invention includes:
s101, controlling the authentication login module to receive authentication information of the terminal equipment by adopting a preset login process, authenticating the authentication information, and enabling the terminal equipment to log in the operation and maintenance auditing system if the authentication is successful.
The preset login process comprises single sign-on service, and the local login mode is switched to when the single sign-on service responds to errors.
When the authentication login module of the operation and maintenance auditing system is optimized, a preset login process is adopted, namely, a single sign-on service is combined with a local login mode, and the problems of low safety, low expandability, insufficient flexibility, poor distributed deployment support and the like of the existing authentication login module of the operation and maintenance auditing system are solved.
The process specifically comprises the following steps:
if the continuous failure frequency of the terminal equipment for logging in the operation and maintenance auditing system does not reach a preset frequency threshold value, judging whether the single sign-on service is in a normal state, if so, skipping the current login interface to the single sign-on service interface, and receiving login information of the terminal equipment through the single sign-on service interface;
responding the login information by using the single sign-on service, and controlling the terminal equipment to log in the operation and maintenance auditing system if the response is successful;
if the single sign-on service is in an abnormal state, skipping a current login interface to a local login interface, and receiving login information of the terminal equipment through the local login interface;
and if the local login is successful, controlling the terminal equipment to log in the operation and maintenance auditing system.
Namely, the disaster-tolerant unified authentication provided by the embodiment of the invention means that when a single sign-on service fails, the traditional local sign-on mode based on a database can be automatically switched to, so that the high availability and stability of the authentication log-in module are ensured.
Referring to fig. 2, a schematic flowchart of an authentication mechanism provided in an embodiment of the present invention specifically includes the following steps:
s201, judging whether login attempts of a user fail for three times continuously, if so, executing a step S212, otherwise, executing a step S202;
s202, displaying a login home page;
s203, judging whether the single sign-on service is in a normal health state, if so, executing S204, otherwise, executing S209;
s204, jumping to a login home page of single sign-on;
s205, a user inputs a user name and a password of the single sign-on system on a sign-on home page of the single sign-on and clicks a sign-on button;
s206, judging whether the response of the single sign-on is error, if not, executing S207, otherwise, executing S209;
s207, judging whether the response of the single sign-on is a successful sign-on response, if so, executing S208, otherwise, returning to execute S201;
s208, the user logs in successfully, enters the system and the process is finished;
s209, jumping to a login page of local login;
s210, inputting a user name and a password for local login, and clicking a login button;
s211, judging whether the local login is successful, if so, executing S208, and if not, returning to execute S201;
s212, prompting that the user is locked and can not log in.
S102, constructing an object storage structure of the log processing module, so that the operation and maintenance auditing system realizes the capacity expansion of a storage space based on the object storage structure;
the object storage structure comprises a programming interface layer, an object storage layer and a physical storage space layer, wherein the programming interface layer represents calling interfaces of different service modules.
When the log processing module is optimized in the embodiment of the invention, a log processing and editing interface layer for the operation and maintenance auditing system is constructed on the log processing module based on the object storage technology, so that the high availability and expandability of log data storage are realized, the reading, writing and deleting operations are supported, and the method is suitable for being applied to the log processing module of the operation and maintenance auditing system to record and store all operations of a user logging in infrastructure equipment.
Referring to fig. 3, a schematic diagram of an object storage structure applied to a log processing module according to an embodiment of the present invention is provided. The object storage structure is divided into three component layers, and mainly comprises a programming interface layer which provides a convenient and available programming interface for operation log recording for other core modules of the operation and maintenance auditing system. The object storage layer realizes an object storage mechanism, and the physical storage space layer is composed of a plurality of storage type servers and provides a stratum storage space for object storage. The method comprises the following specific steps:
the programming interface layer provides three types of interfaces for operating log records to be used by other core modules, generally, an access log interface is called by a WEB service module, and convenient and available log query service is provided for an administrator; the log recording interface is called by a springboard service module, and the operation process and the log of the user on the infrastructure equipment are recorded in real time; the log deleting interface is called by the WEB service module, and an administrator can configure a certain strategy to delete log records which are no longer interested at regular intervals.
And the object storage layer is a core implementation part of the object storage technology. The object storage layer comprises an authentication service unit, a cache service unit, an object service unit, a data consistency management unit and a data model management unit, namely mainly comprising the authentication service, the cache service, the object service, the data consistency management and the data module management. The authentication service is used for verifying the identity information of a user accessing the object storage programming interface layer and obtaining an object access token which is valid within a certain time; the cache service user cache comprises an object service token, and the existence information of the position of the object is not cached but the data of the object per se is not cached; the caching service can be implemented by adopting a common caching service cluster. The object service provides object metadata and a content service, the content of each object is stored in a file system of the physical storage space in the form of a file, and the metadata is stored as a file attribute. The data consistency management is to ensure that the metadata and the content of the object stored in the physical storage space maintain final consistency, and any general consistency algorithm may be adopted in a specific implementation manner. The data model manages a logical structure for constructing object storage, and reasonably organizes objects on a logical level.
And the physical storage space layer is composed of a plurality of common storage servers, manages the storage space by an upper object storage layer, is used for storing metadata and content of the object and provides a bottom storage space for object storage. Generally, 3 or more storage servers are required for implementing a three-copy object backup strategy. When capacity expansion is needed, a new storage server can be added into the physical storage space layer, the object storage layer can replan the existing object storage, and finally the objects are uniformly distributed on all the storage servers.
S103, responding to a newly added node in the operation and maintenance auditing system, registering the newly added node information into a preset storage module, and adding the newly added node into a candidate node pool with balanced load when the newly added node is monitored to be added in the storage module, so that a load balancing request is dispatched to the newly added node;
s104, monitoring services on the nodes in the candidate node pool, and deleting the nodes from the storage module when the monitored nodes do not meet the preset requirements;
s105, when the terminal equipment initiates a request for accessing the infrastructure equipment, analyzing the request, obtaining a machine room where a server corresponding to the request is located, controlling a main load balancing node in the machine room to receive the request, forwarding the request to a board jumper module of the machine room through the main load balancing node, and achieving the purpose of establishing connection between the terminal equipment and the server of the infrastructure equipment by using the board jumper module.
In order to solve the problems of poor stability, poor expandability and unstable service of the existing operation and maintenance auditing system in the aspect of distributed deployment, the embodiment of the invention adopts an intelligent load balancing scheme, namely the steps S103-S105 are included, and the intelligent load balancing scheme mainly comprises two aspects, namely automatic discovery and elimination of service and DNS based on an access target. The first aspect is to solve the problem of capacity expansion and disaster tolerance of the operation and maintenance auditing system under the condition of continuously increasing load, and the second aspect is to solve the problem that the trigger tripping module of the operation and maintenance auditing system accesses infrastructure equipment across a machine room.
The automatic capacity expansion process of intelligent load balancing, namely step S103, mainly includes:
s1031, responding to the operation and maintenance auditing system, further comprising a WEB service module and a board jumper service module, and automatically deploying the WEB service module or the board jumper service module on the newly added node through a preset deployment script;
s1032, sending a key application request to the WEB service module through the preset deployment script, and generating a key for the newly added node by using the WEB service module;
s1033, registering the information of the newly added node into a storage module through the preset deployment script.
In actual use, when the number of users and devices of the operation and maintenance auditing system is increased, the load is gradually increased, when the number of users and devices exceeds a certain preset warning value, the service needs to be expanded, and the service capacity of the operation and maintenance auditing system is improved by adding a new service node. The storage module may be a central storage system, which may be implemented by a database, a key-value type cache system, and the like, and is intended to maintain a current online service node list. The information at least includes a machine room where the node is located, an IP address of the node, a service type that the node can provide, and the like.
In addition, in another embodiment of the present invention, an automatic service discovery process is further provided, where the process further includes:
s1034, monitoring that a new node is added in the storage module by an automatic discovery program on the load balancing node;
s1035, adding the new node information into a candidate node pool of the load balancing software by the automatic discovery program;
s1036, the load balancing software starts to dispatch the request to a new node according to a certain strategy.
The embodiment of the invention also provides an intelligent load balancing automatic service removing process, which comprises the following steps:
s1041, the service detection script on the load balancing node regularly carries out health monitoring on the service on the node in the candidate node pool.
The service monitoring script can carry out multi-dimensional monitoring on the service nodes of the operation and maintenance auditing system, and generally comprises a port monitoring state, a service health state, key interface accessibility and the like.
S1042, after the service monitoring script finds out the node with the problem, the node is deleted in the central storage system.
After the node information is deleted, the request distribution to the problem node may be stopped by updating the candidate node pool similar to that described in the above-mentioned flow, and the description is not repeated here.
In another embodiment of the present invention, the analyzing the request to obtain a machine room where a server corresponding to the request is located, and controlling a primary load balancing node in the machine room to receive the request includes:
responding to an access request initiated by a terminal device to a first server in a first machine room, and processing the access request through a jumper module in the first machine room to enable a main load balancing node in the first machine room to receive the request;
and if the access request cannot be processed by the board jumper module of the first machine room, distributing the access request to the board jumper module of a second machine room.
On the basis of the above embodiment, the method further includes:
applying for a corresponding springboard module access domain name for each machine room, and setting the corresponding domain name of each machine room to point to the load balancing node of the machine room, wherein a candidate node pool of the load balancing node of the machine room comprises service nodes of the springboard modules of all operation and maintenance auditing systems, and the priority levels of the load balancing nodes are different.
On the basis of the above embodiment, the method further includes:
when terminal equipment initiates an access request to infrastructure equipment, analyzing the access request to obtain an IP address of the infrastructure equipment and a corresponding machine room;
and initiating access to the infrastructure equipment by using the domain name of the jumper module of the machine room, and acquiring the IP address of the load balancing node of the machine room, so that the access request is distributed to the jumper module of the machine room where the infrastructure equipment is located for service.
For example, referring to fig. 4, a simplified diagram of a DNS based access target for intelligent load balancing according to an embodiment of the present invention is provided. An access request initiated by a user to a server A located in the machine room 1 is preferentially processed by a server of a jumper module cluster located in the machine room 1, and the request is distributed to the jumper module cluster of other machine rooms (such as the machine room 2) for processing only when the jumper module cluster of the machine room 1 has a problem, so that the problem that the service is unstable when the jumper module crosses the machine room to access infrastructure equipment is solved. The technical means adopts a multi-domain name mode, namely, a corresponding springboard module is applied for accessing a domain name for each machine room, and the corresponding domain name of each machine room is set to point to a load balancing node of the machine room. The candidate node pool of the load balancing node of the computer room comprises the service nodes of the springboard module of all the operation and maintenance auditing systems. But the priorities are different, and the priority of the service node positioned in the machine room is higher than that of the service nodes positioned in other machine rooms. When a user accesses a target infrastructure device, a self-written script is used for packaging and modifying an access command (such as ssh, telnet and the like), the IP address of the target infrastructure device is firstly analyzed, a machine room to which the target infrastructure device belongs is determined, then, access is initiated to the domain name of the jumper module of the machine room, and the IP address of the load balancing node of the machine room is further analyzed, so that the condition that a request is preferentially distributed to the jumper module service of the machine room where the infrastructure device is located can be ensured (when the jumper module service of the machine room is unavailable, the request is distributed to the jumper module service of other machine rooms, and high availability is ensured). The specific process is as follows:
step 1: a request to access an infrastructure device, such as server a, is initiated by a user. Wherein, assume that the IP address of server a is a.
And 2, step: and analyzing the access command initiated by the user by the self-written script, analyzing the IP address A to obtain the machine room where the server A is located according to the machine room network segment rule, and assuming that the analysis result is the machine room 1. The script then initiates a request to the domain name jiflang 1.example. com to access server a.
And step 3: the DNS service resolves the domain name jiflang 1.example. com to the IP of the main load balancing node of the machine room 1, the main load balancing node receives the request of the user for accessing the server A, and preferentially distributes the request to one server in the jumper module cluster of the machine room 1 according to the set load balancing strategy.
And 4, step 4: the jumper module node which is really used for processing the request initiates access to the server A, establishes an access tunnel from the user terminal to the server A, and realizes the access of the user to the server A.
And S106, storing the synchronous data into a message queue, and controlling the operation and maintenance auditing system to acquire the data from the message queue, and synchronizing and updating the data.
When the data synchronization and updating are carried out with other business systems in an enterprise, the data updating is frequent frequently and the updating time is uncertain, the technical means is to use the message queue service to complete the data synchronization and updating operation between the operation and maintenance auditing system and other business systems, the decoupling requirement under a distributed deployment environment is met, the problems of untimely and unstable existing data synchronization modes can be solved, and the message queue service can be expanded as required when the load is high.
As shown in fig. 5, fig. 5 is a schematic diagram of data synchronization using an asynchronous message queue according to an embodiment of the present invention. And other business systems are used as producers, when data is updated, the data details and the change details of the data are put into the message queue service, the operation and maintenance auditing system is used as a consumer to read the information from the message queue service, and corresponding operation is carried out on self-managed resources according to the change details.
The invention provides an optimization method of an operation and maintenance auditing system, which adopts single sign-on service in an authentication sign-on module in the operation and maintenance auditing system, and switches to a local sign-on mode when the single sign-on service responds incorrectly, thereby realizing a unified authentication flow capable of tolerating disasters; the object storage structure of the log processing module is optimized, so that different service modules can be called, and the problem of capacity expansion of log data storage is solved; and the problems of difficult capacity expansion of the operation and maintenance auditing system and unstable service during access of a springboard machine room are solved by using a load balancing scheme capable of automatically identifying the newly added nodes and deploying the nodes, and a data synchronization process is optimized by adopting a data synchronization mode of an asynchronous message queue.
Referring to fig. 6, in an embodiment of the present invention, an optimization system of an operation and maintenance auditing system is further provided, where the operation and maintenance auditing system is respectively connected to a terminal device and an infrastructure device, and the operation and maintenance auditing system includes an authentication login module and a log processing module, and the system includes:
the login control unit 10 is configured to control the authentication login module to receive authentication information of the terminal device by using a preset login process, authenticate the authentication information, and enable the terminal device to log in the operation and maintenance auditing system if the authentication is successful, where the preset login process includes a single-point login service and is switched to a local login mode when the single-point login service responds incorrectly;
the storage construction unit 20 is configured to construct an object storage structure of the log processing module, so that the operation and maintenance auditing system implements capacity expansion of a storage space based on the object storage structure, where the object storage structure includes a programming interface layer, an object storage layer, and a physical storage space layer, and the programming interface layer represents call interfaces of different service modules;
the node adding unit 30 is configured to register newly added node information in a preset storage module in response to a newly added node in the operation and maintenance auditing system, and when it is monitored that the newly added node is newly added in the storage module, add the newly added node to a candidate node pool for load balancing so that a load balancing request is scheduled to the newly added node;
a node deleting unit 40, configured to monitor a service on a node in the candidate node pool, and delete the node from the storage module when it is monitored that the node does not meet a preset requirement;
the access processing unit 50 is configured to, when a terminal device initiates a request for accessing an infrastructure device, parse the request to obtain a machine room where a server corresponding to the request is located, control a main load balancing node in the machine room to receive the request, and forward the request to a jumper module of the machine room through the main load balancing node, so as to establish a connection between the terminal device and the server of the infrastructure device by using the jumper module;
and the data synchronization unit 60 is configured to store the synchronization data in a message queue, and control the operation and maintenance auditing system to acquire data from the message queue, synchronize and update the data.
The invention provides an optimization system of an operation and maintenance auditing system, which adopts single sign-on service in an authentication sign-on module in the operation and maintenance auditing system, and switches to a local sign-on mode when the single sign-on service responds incorrectly, thereby realizing a unified authentication flow capable of tolerating disasters; the object storage structure of the log processing module is optimized, so that different service modules can be called, and the problem of capacity expansion of log data storage is solved; and the problems of difficult capacity expansion of the operation and maintenance auditing system and unstable service when a springboard machine room is accessed are solved by using a load balancing scheme capable of automatically identifying the newly added nodes and deploying the nodes, and a data synchronization process is optimized by adopting a data synchronization mode of an asynchronous message queue.
On the basis of the above embodiment, the login control unit includes:
the first judgment subunit is used for judging whether the single sign-on service is in a normal state or not if the continuous failure frequency of the terminal equipment for logging in the operation and maintenance auditing system does not reach a preset frequency threshold value, skipping the current login interface to the single sign-on service interface if the single sign-on service is in the normal state, and receiving login information of the terminal equipment through the single sign-on service interface;
the response judgment subunit is used for responding to the login information by using the single sign-on service, and if the response is successful, the terminal equipment is controlled to log in the operation and maintenance auditing system;
an interface skip subunit, configured to skip a current login interface to a local login interface if the single sign-on service is in an abnormal state, and receive login information of a terminal device through the local login interface;
and the login control subunit is used for controlling the terminal equipment to log in the operation and maintenance auditing system if the local login is successful.
On the basis of the embodiment, the operation and maintenance auditing system further comprises a WEB service module and a springboard service module, wherein the programming interface layer comprises an access log interface, a log recording interface and a log deleting interface, and the WEB service module calls the access log interface to inquire logs in the log processing module; the board jump machine service module calls the log recording interface to acquire an operation process and a log of the infrastructure equipment; and the deleting service interface is called by the WEB service module to delete the log record.
On the basis of the above embodiment, the object storage layer includes an authentication service unit, a cache service unit, an object service unit, a data consistency management unit, and a data model management unit.
On the basis of the above embodiment, the physical storage space layer is composed of a plurality of storage servers, the object storage layer manages the storage space of the physical storage space layer, and the physical storage space layer is used for storing metadata and content of an object, so as to provide a bottom storage space for the object storage.
On the basis of the above embodiment, the node adding unit is specifically configured to:
responding to the operation and maintenance auditing system, and further comprising a WEB service module and a board jumper service module, and automatically deploying the WEB service module or the board jumper service module on the newly added node through a preset deployment script;
sending a key application request to the WEB service module through the preset deployment script, and generating a key for the newly added node by using the WEB service module;
and registering the information of the newly added node into a storage module through the preset deployment script.
On the basis of the above embodiment, the access processing unit further includes:
the first response subunit is configured to, in response to a request issued by a terminal device to a first server in a first machine room, process the access request through the jumper module in the first machine room, so that a primary load balancing node in the first machine room receives the request;
and the distribution subunit is configured to distribute the access request to a board jumper module of a second machine room if the board jumper module of the first machine room cannot process the access request.
On the basis of the above embodiment, the system further includes:
and the setting subunit is used for applying for the corresponding springboard module access domain name for each machine room and setting the corresponding domain name of each machine room to point to the load balancing node of the machine room, wherein a candidate node pool of the load balancing node of the machine room contains all springboard module service nodes of the operation and maintenance auditing system, and the priority levels of the load balancing nodes are different.
On the basis of the above embodiment, the system further includes:
the request analysis subunit is used for analyzing the access request to obtain the IP address of the infrastructure equipment and the corresponding machine room when the terminal equipment initiates the access request to the infrastructure equipment;
and the request distribution subunit is used for initiating access to the infrastructure equipment by using the domain name of the jumper module of the machine room, obtaining the IP address of the load balancing node of the machine room, and distributing the access request to the jumper module of the machine room where the infrastructure equipment is located for service.
The embodiments in the present description are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.