CN115914226A - Server cluster processing method and device and electronic equipment - Google Patents

Server cluster processing method and device and electronic equipment Download PDF

Info

Publication number
CN115914226A
CN115914226A CN202211346058.2A CN202211346058A CN115914226A CN 115914226 A CN115914226 A CN 115914226A CN 202211346058 A CN202211346058 A CN 202211346058A CN 115914226 A CN115914226 A CN 115914226A
Authority
CN
China
Prior art keywords
server cluster
key distribution
distribution center
reverse proxy
setting
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211346058.2A
Other languages
Chinese (zh)
Inventor
谢泽勇
冯阳
王英旋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Netease Hangzhou Network Co Ltd
Original Assignee
Netease Hangzhou Network Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Netease Hangzhou Network Co Ltd filed Critical Netease Hangzhou Network Co Ltd
Priority to CN202211346058.2A priority Critical patent/CN115914226A/en
Publication of CN115914226A publication Critical patent/CN115914226A/en
Pending legal-status Critical Current

Links

Images

Abstract

The invention provides a processing method and a processing device of a server cluster and electronic equipment, wherein the processing method comprises the following steps: setting a plurality of standby libraries of the key distribution center based on a master library of the key distribution center; setting reverse proxy service to enable management nodes of a first server cluster and a second server cluster to access a main library of a key distribution center, and enabling other nodes of the first server cluster and the second server cluster to access different standby libraries of the key distribution center respectively; wherein, the other nodes are nodes except the management node; the client node accesses the first server cluster or the second server cluster through the key distribution center and the reverse proxy service so that the first server cluster or the second server cluster processes traffic of the client node. By setting the reverse proxy service, the authentication mutual trust of the first server cluster and the second server cluster can be completed, the detailed distribution of services can be realized, the pressure of the key distribution center is reduced, and the abnormal service caused by the pressure of the key distribution center is prevented.

Description

Server cluster processing method and device and electronic equipment
Technical Field
The present invention relates to the field of data processing technologies, and in particular, to a server cluster processing method and apparatus, and an electronic device.
Background
Kerberos is an identity authentication protocol, is applied to authentication of CDH (cloud's Distribution association Apache Hadoop) clusters, and can access cluster services through a client Keytab (codebook), but the same client defaults to have only one configuration of a service end KDC (Key Distribution Center), so that only one CDH cluster can be accessed through the configuration, and a plurality of clusters cannot be accessed simultaneously, and cross-cluster operation is performed on the clusters.
For cross-cluster operation, the existing cross-cluster access scheme of a plurality of CDH clusters with Kerberos authentication has the problems of over-pressure of KDC, troublesome configuration, incapability of dynamically increasing cluster mutual trust and the like, and has certain limitation.
Disclosure of Invention
In view of this, the present invention provides a server cluster processing method, a server cluster processing apparatus, and an electronic device, so as to reduce the pressure of a key distribution center and prevent the key distribution center from causing abnormal service due to the pressure.
In a first aspect, an embodiment of the present invention provides a method for processing a server cluster, where a client node accesses a first server cluster through a key distribution center, so that the first server cluster processes a service of the client node, and the method includes: setting a plurality of standby libraries of the key distribution center based on a master library of the key distribution center; setting reverse proxy service to enable management nodes of a first server cluster and a second server cluster to access a main library of a key distribution center, and enabling other nodes of the first server cluster and the second server cluster to access different standby libraries of the key distribution center respectively; wherein, the other nodes are nodes except the management node; the client node accesses the first server cluster or the second server cluster through the key distribution center and the reverse proxy service so that the first server cluster or the second server cluster processes traffic of the client node.
In a second aspect, an embodiment of the present invention further provides a processing apparatus for a server cluster, where a client node accesses a first server cluster through a key distribution center, so that the first server cluster processes traffic of the client node, the apparatus including: the backup library setting module of the key distribution center is used for setting a plurality of backup libraries of the key distribution center based on the main library of the key distribution center; the reverse proxy service setting module is used for setting reverse proxy services so that the management nodes of the first server cluster and the second server cluster access the main library of the key distribution center, and other nodes of the first server cluster and the second server cluster respectively access different standby libraries of the key distribution center; wherein, the other nodes are nodes except the management node; and the server cluster access module is used for accessing the first server cluster or the second server cluster by the client node through the key distribution center and the reverse proxy service so as to enable the first server cluster or the second server cluster to process the service of the client node.
In a third aspect, an embodiment of the present invention further provides an electronic device, which includes a processor and a memory, where the memory stores computer-executable instructions that can be executed by the processor, and the processor executes the computer-executable instructions to implement the steps of the processing method of the server cluster described above.
In a fourth aspect, the embodiments of the present invention also provide a computer-readable storage medium, which stores computer-executable instructions, and when the computer-executable instructions are called and executed by a processor, the computer-executable instructions cause the processor to implement the steps of the processing method of the server cluster described above.
The embodiment of the invention has the following beneficial effects:
the embodiment of the invention provides a server cluster processing method, a server cluster processing device and electronic equipment, which can finish authentication mutual trust of a first server cluster and a second server cluster by setting reverse proxy service, can realize detailed traffic distribution of service by jointly processing services of client nodes by the first server cluster and the second server cluster, reduce the pressure of a key distribution center and prevent the key distribution center from causing abnormal service due to the pressure.
Additional features and advantages of the disclosure will be set forth in the description which follows, or in part may be learned by the practice of the above-described techniques of the disclosure, or may be learned by practice of the disclosure.
In order to make the aforementioned objects, features and advantages of the present disclosure more comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is a schematic diagram of a cross-cluster access scheme according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of another cross-cluster access scheme provided by an embodiment of the present invention;
fig. 3 is a flowchart of a processing method of a server cluster according to an embodiment of the present invention;
fig. 4 is a flowchart of another processing method for a server cluster according to an embodiment of the present invention;
fig. 5 is a schematic diagram of a server cluster authentication mutual trust scheme according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of a processing apparatus of a server cluster according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
To make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Kerberos is an identity authentication protocol based on encrypted sockets, is applied to authentication of CDH (cloud's Distribution association Apache Hadoop) clusters, can access cluster services through a client Keytab (codebook), but the same client can only have one server KDC (Key Distribution Center) configuration by default, so that only one CDH cluster can be accessed through the configuration, a plurality of clusters cannot be accessed simultaneously, and cross-cluster operation is performed on the clusters.
For cross-cluster operation, the cross-cluster access scheme for CDH clusters with Kerberos authentication has the following two:
(1) Referring to fig. 1, a schematic diagram of a cross-cluster access scheme is shown, where the same KDC is used, multiple clusters share the same KDC, and all client configurations and cluster Kerberos configurations are the same. Wherein, an individual client configuration file krb5.Conf records a KDC address serving a certain CDH cluster by default. The Keytab codebook is a separate file generated by KDC issuance: keytab is a file containing the principal (for referencing an entry in the authentication service database) and the encrypted principal. The Keytab file is unique for each host because the hostname is contained in the Key. The Keytab file is used for verifying the private IPal on one host computer by Kerberos without manual interaction and pure text password storage.
(2) Referring to fig. 2, another cross-cluster access scheme is shown, where different KDCs are used, but a CDH cluster and clients are required to configure multiple authentication management domains realms, specifying cross-domain mutual trust. The method comprises the following specific steps: and configuring a trust ticket between the two cluster KDCs and adding a princIPal.
And modifying the CDH cluster HDFS configuration, increasing the accessible domains realms, and configuring the mapping rules of the prinIPal and the user. Modify all node clients krb5.Conf, add accessible domains realms.
However, in the two cross-cluster access schemes, if the scheme (1) uses the same KDC, the KDC pressure is too high, cluster authentication delay and authentication failure may occur, which may cause down of cluster service and affect service. The scheme (2) is complex in configuration, mutual trust clusters cannot be dynamically added under the condition that other cluster services are not influenced, and the cross-domain authentication can be realized only by modifying all CDH configuration and KDC bills. In conclusion, the two schemes have the problems of over-pressure of KDC, troublesome configuration, incapability of dynamically increasing cluster mutual trust and the like, and have certain limitations.
Based on this, embodiments of the present invention provide a processing method and apparatus for a server cluster, and an electronic device, and in particular, to a Kerberos authentication mutual trust scheme among multiple CDH clusters, which can implement multiple clusters mutual trust access, is simple in configuration, and can dynamically add mutual trust clusters as needed without affecting other CDH cluster services, and can also implement KDC authentication offload separately according to cluster services, service types, and the like, thereby reducing KDC access pressure.
To facilitate understanding of the embodiment, first, a detailed description is given to a processing method of a server cluster disclosed in the embodiment of the present invention.
The embodiment provides a processing method of a server cluster, wherein a client node accesses a first server cluster through a key distribution center so that the first server cluster processes the service of the client node.
The client node may access a Key Distribution Center (KDC) according to the client profile krb5.Conf, and then access the first server cluster through the KDC, and the first server cluster processes the traffic of the client node.
In this embodiment, the original client node can only access the first server cluster through the key distribution center, and the service of the client node can only be processed by the first server cluster. The embodiment may enable the first server cluster and the second server cluster to authenticate each other, after authenticating each other, the client node may access the first server cluster and the second server cluster through the key distribution center, and the service of the client node may only be processed by the first server cluster or the second server cluster.
Based on the above description, referring to the flowchart of the processing method of the server cluster shown in fig. 3, the processing method of the server cluster includes the following steps:
step S302, a plurality of standby libraries of the key distribution center are set based on the main library of the key distribution center.
A key distribution center is a service that runs on a physically secure server. The KDC maintains a database of account information for all security principals in the domain.
Along with other information for each security principal, the KDC stores encryption keys known only to the security principal and KDC. This key, also known as the long-term key, is used for exchange between the security principal and the KDC. In most implementations, the long-lived key is regenerated from the user login password. When the KDC distributes the key, two hosts which communicate need to apply for the session key to the KDC, and the host and the KDC use the shared permanent session key.
The embodiment can set a plurality of KDC standby libraries (such as KDC1, KDC2 and the like) for the key distribution center KDC for the KDC master library. After the alternate libraries of KDCs are set up, the data of the KDC master library may be synchronized to the alternate libraries of individual KDCs on a timed basis.
Step S304, reverse proxy service is set, so that management nodes of a first server cluster and a second server cluster access a main library of a key distribution center, and other nodes of the first server cluster and the second server cluster respectively access different standby libraries of the key distribution center; wherein the other nodes are nodes other than the management node.
After setting the stock of KDC, this embodiment also needs to set a reverse proxy service, for example: nignx services, which is a high-performance HTTP (hypertext Transfer Protocol) and reverse proxy Web (World Wide Web) service.
The reverse proxy service is located between the user and the target server, but for the user, the reverse proxy server is equivalent to the target server, that is, the user can obtain the resources of the target server by directly accessing the reverse proxy server. Meanwhile, the user does not need to know the address of the target server and does not need to make any setting at the user end. The reverse proxy server can be generally used for Web acceleration, namely, the reverse proxy is used as a front-end processor of the Web server to reduce the load of the network and the server and improve the access efficiency.
In this embodiment, the management nodes of the first server cluster and the second server cluster can access the master library of the key distribution center through the set reverse proxy service, and other nodes of the first server cluster and the second server cluster respectively access different backup libraries of the key distribution center, thereby implementing careful distribution.
Step S306, the client node accesses the first server cluster or the second server cluster through the key distribution center and the reverse proxy service, so that the first server cluster or the second server cluster processes the service of the client node.
In this embodiment, the first server cluster and the second server cluster may perform authentication and mutual trust through the set reverse proxy service, that is, both the first server cluster and the second server cluster may communicate with the client node. The client node can access the first server cluster or the second server cluster through the key distribution center and the reverse proxy service, the accessed first server cluster or the second server cluster is used as a server cluster for processing the traffic, and the traffic of the client node is processed by the accessed first server cluster or the second server cluster.
The embodiment of the invention provides a processing method of a server cluster, which can finish the authentication mutual trust of a first server cluster and a second server cluster by setting a reverse proxy service, can realize the careful distribution of services by jointly processing the services of a client node by the first server cluster and the second server cluster, reduce the pressure of a key distribution center and prevent the abnormal service of the key distribution center caused by the pressure.
As shown in fig. 4, a flowchart of another processing method for a server cluster in an optional embodiment is shown, where the processing method for a server cluster in an optional embodiment includes the following steps:
step S402, a plurality of standby libraries of the key distribution center are set based on the main library of the key distribution center.
In this embodiment, nginx offloading and a scheme of newly adding mutual trust CDH cluster KDC migration are mainly adopted. Mutual trust of the two clusters, i.e. the first server cluster CDH1 and the second server cluster CDH2, needs to be completed first.
Specifically, the embodiment may establish a backup library of a plurality of key distribution centers; and synchronizing the data timing of the master library of the key distribution center to the standby libraries of the plurality of key distribution centers.
Referring to fig. 5, a schematic diagram of a server cluster authentication mutual trust scheme is shown, where a first server cluster CDH1 can be used normally, stock libraries KDC1 and KDC2 of a key distribution center are newly added, and data of a master library (i.e. a KDC master library) of the key distribution center is synchronized to stock libraries KDC1 and KDC2 of multiple key distribution centers at regular time.
Step S404, a first port is set in the reverse proxy service, so that the management nodes of the first server cluster and the second server cluster access a master library of the key distribution center through the first port; setting a second port in the reverse proxy service so that other nodes of the first server cluster access a first standby library of the key distribution center; a third port is provided in the reverse proxy service to enable other nodes of the second server cluster to access a second backup repository of the key distribution center.
In this embodiment, a nginx service may be newly added to one server, and IP (Internet Protocol, internet interconnection Protocol) offload is implemented according to a reverse proxy, as shown in fig. 5, the offload condition may be as follows:
(1) A first port: the management nodes (e.g., SCM Server IP) of the first Server cluster CDH1 and the second Server cluster CDH2 are designated to be accessible, with the first port pointing to the master library of the key distribution center (e.g., 88 port of the KDC master library).
(2) A second port: other nodes of the first server cluster CDH1 (e.g., cluster IP of CDH 1) are designated to be accessible, and the second port points to a first backup repository of the key distribution center (e.g., port 88 of KDC 1).
(3) A third port: other nodes of the second server cluster designated CDH2 (e.g., cluster IP of CDH 2) are accessible and the third port points to a second backup repository of the key distribution center (e.g., 88 port of KDC 2).
After the reverse proxy service is set, this embodiment may further configure the first server cluster and the second server cluster, specifically: keeping the service of the first server cluster, stopping the service of the second server cluster, and adjusting the configuration of the second server cluster and the client node; and keeping the service of the second server cluster, stopping the service of the first server cluster, and adjusting the configuration of the first server cluster and the client node.
When the configuration of the second server cluster is adjusted, the host of the key distribution center of the second server cluster may be set as the address of the reverse proxy service, and the domain name configuration of the second server cluster may be set to be the same as the domain name configuration of the first server cluster.
The KDC host of the second server cluster CDH2 may be an nginx address, the configuration of the domain name related to the second server cluster CDH2 is modified to be consistent with that of the first server cluster CDH1, and then the configuration of the client may be redeployed, the Keytab ticket is regenerated, and the service is started.
When the configuration of the first server cluster is adjusted, the host of the key distribution center of the first server cluster may be set as the address of the reverse proxy service. The configuration of the relevant domain name of the first server cluster CDH1 does not need to be modified, and only the KDC host of the first server cluster CDH1 needs to be modified to be the nginx address, and then the configuration of the client can be redeployed, the Keytab bill is regenerated, and the service is started.
Now the first server cluster CDH1 and the second server cluster CDH2 are already accessible across the clusters. The server cluster configuration mode of the embodiment is simple, the CDH clusters can be dynamically added to perform cross-cluster mutual trust access, other cluster configurations do not need to be changed, and other cluster services cannot be influenced.
Step S406, the client node accesses the first server cluster or the second server cluster through the key distribution center and the reverse proxy service, so that the first server cluster or the second server cluster processes the traffic of the client node.
Through the foregoing steps, cross-cluster access of the first server cluster CDH1 and the second server cluster CDH2 can be completed, and thus, the client node can access the first server cluster or the second server cluster through the key distribution center and the reverse proxy service, and the traffic of the client node is processed by the accessed first server cluster or the second server cluster. In addition, the configuration of the embodiment is simple, the CDH clusters can be dynamically added to perform cross-cluster mutual trust access, other cluster configurations do not need to be changed, and other cluster services are not affected.
In this embodiment, a server cluster may be further added, for example: acquiring a third server cluster; establishing a third standby library of a key distribution center; and setting a fourth port in the reverse proxy service so that other nodes of the third server cluster access a third standby library of the key distribution center.
In this embodiment, after the configuration of the first server cluster and the second server cluster is completed, a CDH cluster (for example, a third server cluster CDH 3) may be dynamically added for mutual trusted access, and further detailed distribution may be implemented according to a specific service timing nginx proxy condition.
As shown in fig. 5, a third backup library KDC3 of the key distribution center may be added, the master-slave synchronization is configured, and a fourth port is set in the reverse proxy service (e.g. nginx service): other nodes (e.g., cluster IP of CDH 3) of the designated third server cluster CDH3 (i.e., third party user in fig. 5) are accessible, and the fourth port points to a third backup repository of the key distribution center (e.g., 88 port of KDC 3), and the dynamic load service takes effect. Further, for the first port of the reverse proxy service: the management nodes (e.g., SCM Server IP) of the third Server cluster CDH3, which designates the first Server cluster CDH1, the second Server cluster CDH2, are accessible, the first port pointing to the master library of the key distribution center (e.g., 88 port of KDC master library).
The configuration of the third server cluster may then be adjusted, for example: and keeping the service of the first server cluster and the second server cluster, stopping the service of the third server cluster, and adjusting the configuration of the third server cluster and the client node.
All services of the third server cluster CDH3 cluster can be stopped, the services of the first server cluster CDH1 and the second server cluster CDH2 can be maintained, the KDC host of the third server cluster CDH3 can be set to nginx address, the relevant domain name configuration of the third server cluster CDH3 is modified to be consistent with that of the first server cluster CDH1, then the client configuration can be redeployed, the Keytab bill is regenerated, and the services are started. At this time, the first server cluster CDH1, the second server cluster CDH2, and the third server cluster CDH3 complete the mutual trust configuration operation.
As shown in fig. 5, in addition to the scheme of the newly added third library KDC3, the present application may also enable other nodes of the third server cluster CDH3 to access KDC1 or KDC2, and may also implement mutual trust configuration operations of the first server cluster CDH1, the second server cluster CDH2, and the third server cluster CDH 3.
Through the foregoing steps, cross-cluster access of the first server cluster CDH1, the second server cluster CDH2, and the third server cluster CDH3 can be completed, for example: the client node accesses the first server cluster, the second server cluster or the third server cluster through the key distribution center and the reverse proxy service so that the first server cluster, the second server cluster or the third server cluster processes the traffic of the client node.
The client node can access the first server cluster CDH1, the second server cluster CDH2 or the third server cluster CDH3 through the key distribution center and the reverse proxy service, and the accessed first server cluster CDH1, the second server cluster CDH2 or the third server cluster CDH3 processes the traffic of the client node, so that more detailed distribution is realized.
As shown in fig. 5, in addition to this, the present embodiment may further continue to add server clusters, for example: CDH4, CDH5 … … CDHn, realize more meticulous reposition through more server clusters.
The method provided by the embodiment of the invention can realize mutual trust access of a plurality of clusters, has simple configuration, can dynamically increase mutual trust clusters as required under the condition of not influencing other CDH cluster services, and can also realize KDC authentication and distribution according to cluster services, service types and the like in a separated manner, thereby reducing the KDC access pressure.
The method provided by the embodiment of the invention has the following advantages: the configuration is simple, the CDH cluster can be dynamically added to carry out cross-cluster mutual trust access, other cluster configurations do not need to be changed, and other cluster services cannot be influenced. More detailed distribution can be performed according to the service, the KDC pressure is reduced, and abnormal service caused by the KDC pressure is prevented. KDC related bills can be managed in a unified mode through a KDC main library, and maintenance cost of a plurality of clusters is reduced.
Corresponding to the foregoing method embodiment, an embodiment of the present invention provides a processing apparatus for a server cluster, where a client node accesses a first server cluster through a key distribution center, so that the first server cluster processes a service of the client node. Fig. 6 is a schematic structural diagram of a processing apparatus of a server cluster, where the processing apparatus of the server cluster includes:
the standby library setting module 61 of the key distribution center is used for setting a plurality of standby libraries of the key distribution center based on the main library of the key distribution center;
a reverse proxy service setting module 62, configured to set a reverse proxy service, so that management nodes of the first server cluster and the second server cluster access a master library of the key distribution center, and other nodes of the first server cluster and the second server cluster access different backup libraries of the key distribution center respectively; wherein, the other nodes are nodes except the management node;
and a server cluster access module 63, configured to enable the client node to access the first server cluster or the second server cluster through the key distribution center and the reverse proxy service, so that the first server cluster or the second server cluster processes traffic of the client node.
The embodiment of the invention provides a processing device of a server cluster, which can complete authentication mutual trust of a first server cluster and a second server cluster by setting reverse proxy service, can realize detailed traffic distribution of service by jointly processing services of client nodes by the first server cluster and the second server cluster, reduces the pressure of a key distribution center, and prevents abnormal service caused by the pressure of the key distribution center.
The backup library setting module of the key distribution center is used for establishing backup libraries of a plurality of key distribution centers; and synchronizing the data of the master library of the key distribution center to the standby libraries of the plurality of key distribution centers at regular time.
The reverse proxy service setting module is configured to set a first port in the reverse proxy service, so that the management nodes of the first server cluster and the second server cluster access the master library of the key distribution center through the first port; setting a second port in the reverse proxy service so that other nodes of the first server cluster access a first standby library of the key distribution center; a third port is provided in the reverse proxy service to enable other nodes of the second server cluster to access a second backup repository of the key distribution center.
The above-mentioned device still includes: the server cluster configuration module is used for maintaining the service of the first server cluster, stopping the service of the second server cluster and adjusting the configuration of the second server cluster and the client node; and keeping the service of the second server cluster, stopping the service of the first server cluster, and adjusting the configuration of the first server cluster and the client node.
The server cluster configuration module is configured to set a host of a key distribution center of the second server cluster as an address of the reverse proxy service, and set a domain name configuration of the second server cluster as a domain name configuration identical to that of the first server cluster; the server cluster configuration module is configured to set a host of the key distribution center of the first server cluster as an address of the reverse proxy service.
The above-mentioned device still includes: the third server cluster processing module is used for acquiring a third server cluster; establishing a third standby library of a key distribution center; a fourth port is provided in the reverse proxy service to enable other nodes of the third server cluster to access a third backup repository of the key distribution center.
The third server cluster processing module is further configured to maintain the services of the first server cluster and the second server cluster, stop the service of the third server cluster, and adjust the configurations of the third server cluster and the client node.
The third server cluster processing module is further configured to enable the client node to access the first server cluster, the second server cluster, or the third server cluster through the key distribution center and the reverse proxy service, so that the first server cluster, the second server cluster, or the third server cluster processes traffic of the client node.
The processing apparatus for a server cluster provided in the embodiment of the present invention has the same technical features as the processing method for a server cluster provided in the above embodiment, so that the same technical problems can be solved, and the same technical effects can be achieved.
The embodiment of the invention also provides an electronic device, which is used for operating the processing method of the server cluster; referring to fig. 7, a schematic structural diagram of an electronic device includes a memory 100 and a processor 101, where the memory 100 is used for storing one or more computer instructions, and the one or more computer instructions are executed by the processor 101 to perform the following steps:
setting a plurality of standby libraries of the key distribution center based on a master library of the key distribution center; setting reverse proxy service to enable management nodes of a first server cluster and a second server cluster to access a main library of a key distribution center, and enabling other nodes of the first server cluster and the second server cluster to access different standby libraries of the key distribution center respectively; wherein, the other nodes are nodes except the management node; the client node accesses the first server cluster or the second server cluster through the key distribution center and the reverse proxy service so that the first server cluster or the second server cluster processes traffic of the client node.
In an optional embodiment of the present invention, the step of setting a plurality of backup libraries of the key distribution center based on the master library of the key distribution center includes: establishing a standby library of a plurality of key distribution centers; and synchronizing the data timing of the master library of the key distribution center to the standby libraries of the plurality of key distribution centers.
In an optional embodiment of the present invention, the step of setting the reverse proxy service includes: setting a first port in the reverse proxy service so that management nodes of the first server cluster and the second server cluster access a master library of the key distribution center through the first port; setting a second port in the reverse proxy service so that other nodes of the first server cluster access a first standby library of the key distribution center; a third port is provided in the reverse proxy service to enable other nodes of the second server cluster to access a second backup repository of the key distribution center.
In an optional embodiment of the present invention, after the step of setting the reverse proxy service, the method further includes: keeping the service of the first server cluster, stopping the service of the second server cluster, and adjusting the configuration of the second server cluster and the client node; and keeping the service of the second server cluster, stopping the service of the first server cluster, and adjusting the configuration of the first server cluster and the client node.
In an optional embodiment of the present invention, the adjusting the configuration step of the second server cluster includes: setting a host of a key distribution center of a second server cluster as an address of reverse proxy service, and setting the domain name configuration of the second server cluster as the same domain name configuration as that of the first server cluster; adjusting the configuration of the first server cluster, comprising: the host of the key distribution center of the first server cluster is set as the address of the reverse proxy service.
In an optional embodiment of the invention, the method further comprises: acquiring a third server cluster; establishing a third standby library of the key distribution center; and setting a fourth port in the reverse proxy service so that other nodes of the third server cluster access a third standby library of the key distribution center.
In an optional embodiment of the present invention, after the step of setting the fourth port in the reverse proxy service, the method further includes: and keeping the service of the first server cluster and the second server cluster, stopping the service of the third server cluster, and adjusting the configuration of the third server cluster and the client node.
In an optional embodiment of the present invention, after the step of setting the fourth port in the reverse proxy service, the method further includes: the client node accesses the first server cluster, the second server cluster or the third server cluster through the key distribution center and the reverse proxy service so that the first server cluster, the second server cluster or the third server cluster processes the traffic of the client node.
In the implementation of the invention, the authentication mutual trust of the first server cluster and the second server cluster can be completed by setting the reverse proxy service, and the first server cluster and the second server cluster jointly process the service of the client node, so that the detailed distribution of the service can be realized, the pressure of the key distribution center is reduced, and the abnormal service caused by the pressure of the key distribution center is prevented.
Further, the electronic device shown in fig. 7 further includes a bus 102 and a communication interface 103, and the processor 101, the communication interface 103, and the memory 100 are connected through the bus 102.
The Memory 100 may include a Random Access Memory (RAM) and a non-volatile Memory (non-volatile Memory), such as at least one disk Memory. The communication connection between the network element of the system and at least one other network element is realized through at least one communication interface 103 (which may be wired or wireless), and the internet, a wide area network, a local network, a metropolitan area network, and the like can be used. The bus 102 may be an ISA bus, a PCI bus, an EISA bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one double-headed arrow is shown in FIG. 7, but this does not indicate only one bus or one type of bus.
The processor 101 may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuits of hardware or instructions in the form of software in the processor 101. The Processor 101 may be a general-purpose Processor, and includes a Central Processing Unit (CPU), a Network Processor (NP), and the like; the Integrated Circuit may also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic device, or discrete hardware components. The various methods, steps and logic blocks disclosed in the embodiments of the present invention may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of the method disclosed in connection with the embodiments of the present invention may be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software modules in the decoding processor. The software modules may be located in ram, flash, rom, prom, or eprom, registers, etc. as is well known in the art. The storage medium is located in the memory 100, and the processor 101 reads the information in the memory 100, and completes the steps of the method of the foregoing embodiment in combination with the hardware thereof.
An embodiment of the present invention further provides a computer-readable storage medium, where the computer-readable storage medium stores computer-executable instructions, and when the computer-executable instructions are called and executed by a processor, the computer-executable instructions cause the processor to implement the processing method of the server cluster, where the method may perform the following steps:
setting a plurality of spare libraries of the key distribution center based on a main library of the key distribution center; setting reverse proxy service to enable management nodes of a first server cluster and a second server cluster to access a main library of a key distribution center, and enabling other nodes of the first server cluster and the second server cluster to access different standby libraries of the key distribution center respectively; wherein, the other nodes are nodes except the management node; the client node accesses the first server cluster or the second server cluster through the key distribution center and the reverse proxy service so that the first server cluster or the second server cluster processes the traffic of the client node.
In an optional embodiment of the present invention, the step of setting a plurality of backup libraries of the key distribution center based on the master library of the key distribution center includes: establishing a standby library of a plurality of key distribution centers; and synchronizing the data of the master library of the key distribution center to the standby libraries of the plurality of key distribution centers at regular time.
In an optional embodiment of the present invention, the step of setting the reverse proxy service includes: setting a first port in the reverse proxy service so that management nodes of the first server cluster and the second server cluster access a master library of the key distribution center through the first port; setting a second port in the reverse proxy service so that other nodes of the first server cluster access a first standby library of the key distribution center; a third port is provided in the reverse proxy service to enable other nodes of the second server cluster to access a second backup repository of the key distribution center.
In an optional embodiment of the present invention, after the step of setting the reverse proxy service, the method further includes: keeping the service of the first server cluster, stopping the service of the second server cluster, and adjusting the configuration of the second server cluster and the client node; and keeping the service of the second server cluster, stopping the service of the first server cluster, and adjusting the configuration of the first server cluster and the client node.
In an optional embodiment of the present invention, the adjusting the configuration step of the second server cluster includes: setting a host of a key distribution center of a second server cluster as an address of reverse proxy service, and setting domain name configuration of the second server cluster as the same domain name configuration as that of a first server cluster; adjusting the configuration of the first server cluster, comprising: the host of the key distribution center of the first server cluster is set as the address of the reverse proxy service.
In an optional embodiment of the present invention, the method further comprises: acquiring a third server cluster; establishing a third standby library of a key distribution center; and setting a fourth port in the reverse proxy service so that other nodes of the third server cluster access a third standby library of the key distribution center.
In an optional embodiment of the present invention, after the step of setting the fourth port in the reverse proxy service, the method further includes: and keeping the service of the first server cluster and the second server cluster, stopping the service of the third server cluster, and adjusting the configuration of the third server cluster and the client node.
In an optional embodiment of the present invention, after the step of setting the fourth port in the reverse proxy service, the method further includes: the client node accesses the first server cluster, the second server cluster or the third server cluster through the key distribution center and the reverse proxy service so that the first server cluster, the second server cluster or the third server cluster processes the traffic of the client node.
In the implementation of the invention, the authentication mutual trust of the first server cluster and the second server cluster can be completed by setting the reverse proxy service, and the first server cluster and the second server cluster jointly process the service of the client node, so that the detailed distribution of the service can be realized, the pressure of the key distribution center is reduced, and the abnormal service caused by the pressure of the key distribution center is prevented.
The processing method and apparatus for a server cluster and the computer program product of an electronic device provided in the embodiments of the present invention include a computer-readable storage medium storing a program code, where instructions included in the program code may be used to execute the method in the foregoing method embodiments, and specific implementations may refer to the method embodiments and are not described herein again.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the system and/or the apparatus described above may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In addition, in the description of the embodiments of the present invention, unless otherwise explicitly specified or limited, the terms "mounted," "connected," and "connected" are to be construed broadly, e.g., as being fixedly connected, detachably connected, or integrally connected; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meanings of the above terms in the present invention can be understood in specific cases to those skilled in the art.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, an electronic device, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
In the description of the present invention, it should be noted that the terms "center", "upper", "lower", "left", "right", "vertical", "horizontal", "inner", "outer", etc., indicate orientations or positional relationships based on the orientations or positional relationships shown in the drawings, and are only for convenience of description and simplicity of description, but do not indicate or imply that the device or element being referred to must have a particular orientation, be constructed and operated in a particular orientation, and thus, should not be construed as limiting the present invention. Furthermore, the terms "first," "second," and "third" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance.
Finally, it should be noted that: although the present invention has been described in detail with reference to the foregoing embodiments, those skilled in the art will understand that: those skilled in the art can still make modifications or changes to the embodiments described in the foregoing embodiments, or make equivalent substitutions for some features, within the scope of the disclosure; such modifications, changes or substitutions do not depart from the spirit and scope of the embodiments of the present invention, and they should be construed as being included therein. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (11)

1. A method for processing a server cluster, wherein a client node accesses a first server cluster through a key distribution center to enable the first server cluster to process traffic of the client node, the method comprising:
setting a plurality of standby libraries of the key distribution center based on a main library of the key distribution center;
setting reverse proxy service so that management nodes of the first server cluster and the second server cluster access a main library of the key distribution center, and other nodes of the first server cluster and the second server cluster respectively access different standby libraries of the key distribution center; wherein the other nodes are nodes other than the management node;
the client node accesses the first server cluster or the second server cluster through the key distribution center and the reverse proxy service to cause the first server cluster or the second server cluster to process traffic of the client node.
2. The method according to claim 1, wherein the step of setting up a plurality of spare libraries of the key distribution center based on the master library of the key distribution center comprises:
establishing a plurality of standby libraries of the key distribution center;
and synchronizing the data of the master library of the key distribution center to a plurality of standby libraries of the key distribution center at regular time.
3. The method of claim 1, wherein the step of setting up the reverse proxy service comprises:
setting a first port in a reverse proxy service, so that management nodes of the first server cluster and the second server cluster access a master library of the key distribution center through the first port;
setting a second port in the reverse proxy service so that other nodes of the first server cluster access a first standby library of the key distribution center;
and setting a third port in the reverse proxy service so that other nodes of the second server cluster access a second standby library of the key distribution center.
4. The method of claim 1, wherein after the step of setting up the reverse proxy service, the method further comprises:
maintaining the service of the first server cluster and stopping the service of the second server cluster, and adjusting the configuration of the second server cluster and the client node;
maintaining the service of the second server cluster and stopping the service of the first server cluster, and adjusting the configuration of the first server cluster and the client node.
5. The method of claim 4, wherein adjusting the configuration of the second server cluster comprises: setting a host of a key distribution center of the second server cluster as an address of the reverse proxy service, and setting the domain name configuration of the second server cluster as the same domain name configuration as that of the first server cluster;
adjusting the configuration of the first server cluster, comprising: setting a host of a key distribution center of the first server cluster as an address of the reverse proxy service.
6. The method of claim 3, further comprising:
acquiring a third server cluster;
establishing a third standby library of the key distribution center;
and setting a fourth port in the reverse proxy service so that other nodes of the third server cluster access a third standby library of the key distribution center.
7. The method of claim 6, wherein after the step of setting a fourth port in the reverse proxy service, the method further comprises:
maintaining the service of the first server cluster and the second server cluster and stopping the service of the third server cluster, and adjusting the configuration of the third server cluster and the client node.
8. The method of claim 6, wherein after the step of setting a fourth port in the reverse proxy service, the method further comprises:
the client node accesses the first server cluster, the second server cluster or the third server cluster through the key distribution center and the reverse proxy service to cause the first server cluster, the second server cluster or the third server cluster to process traffic of the client node.
9. A server cluster processing apparatus, wherein a client node accesses a first server cluster through a key distribution center to cause the first server cluster to process traffic of the client node, the apparatus comprising:
the backup library setting module of the key distribution center is used for setting a plurality of backup libraries of the key distribution center based on a main library of the key distribution center;
a reverse proxy service setting module, configured to set a reverse proxy service, so that management nodes of the first server cluster and the second server cluster access a master library of the key distribution center, and other nodes of the first server cluster and the second server cluster access different backup libraries of the key distribution center respectively; wherein the other nodes are nodes other than the management node;
a server cluster access module, configured to access, by the client node, the first server cluster or the second server cluster through the key distribution center and the reverse proxy service, so that the first server cluster or the second server cluster processes traffic of the client node.
10. An electronic device comprising a processor and a memory, the memory storing computer-executable instructions executable by the processor for performing the steps of the method of processing of a server cluster of any one of claims 1-8.
11. A computer-readable storage medium, characterized in that it stores computer-executable instructions which, when invoked and executed by a processor, cause the processor to carry out the steps of the processing method of a server cluster according to any one of claims 1 to 8.
CN202211346058.2A 2022-10-31 2022-10-31 Server cluster processing method and device and electronic equipment Pending CN115914226A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211346058.2A CN115914226A (en) 2022-10-31 2022-10-31 Server cluster processing method and device and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211346058.2A CN115914226A (en) 2022-10-31 2022-10-31 Server cluster processing method and device and electronic equipment

Publications (1)

Publication Number Publication Date
CN115914226A true CN115914226A (en) 2023-04-04

Family

ID=86477006

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211346058.2A Pending CN115914226A (en) 2022-10-31 2022-10-31 Server cluster processing method and device and electronic equipment

Country Status (1)

Country Link
CN (1) CN115914226A (en)

Similar Documents

Publication Publication Date Title
CN108616596B (en) Block chain self-adaptive consensus method based on dynamic authorization and network environment perception
US9621355B1 (en) Securely authorizing client applications on devices to hosted services
US11563567B2 (en) Secure shared key establishment for peer to peer communications
US7308502B2 (en) Method and architecture to provide client session failover
US20230056432A1 (en) Service communication method, system, apparatus, electronic device, and storage medium
Bush et al. The resource public key infrastructure (RPKI) to router protocol
US9237021B2 (en) Certificate grant list at network device
CN111277543B (en) Information synchronization method, authentication method and device
WO2019099149A1 (en) Decentralized enrollment and revocation of devices
US9325697B2 (en) Provisioning and managing certificates for accessing secure services in network
CN112149105A (en) Data processing system, method, related device and storage medium
US9635024B2 (en) Methods for facilitating improved user authentication using persistent data and devices thereof
US11552953B1 (en) Identity-based authentication and access control mechanism
CN114143108B (en) Session encryption method, device, equipment and storage medium
US10791119B1 (en) Methods for temporal password injection and devices thereof
US20200236032A1 (en) Blockchain Routing Protocols
Faizullah et al. Permissioned blockchain-based security for SDN in IoT cloud networks
CN112152778A (en) Node management method and device and electronic equipment
US9118487B1 (en) Asymmetric encryption scheme with expiring revocable certificates having a predefined validity period
US10931662B1 (en) Methods for ephemeral authentication screening and devices thereof
CN115914226A (en) Server cluster processing method and device and electronic equipment
US20200236031A1 (en) Blockchain Routing Protocols
CN116388998A (en) Audit processing method and device based on white list
CN111628960B (en) Method and apparatus for connecting to network services on a private network
CN111600884B (en) Network authentication smart card and method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination