常用配置

########## 关掉所有防火墙 ###############

Close SELinux

sudo setenforce 0
sudo nano /etc/selinux/config
改
SELINUX=disabled

Close Firewall

systemctl stop firewalld.service
systemctl disable firewalld.service

########## 安装Mysql ###############
sudo yum -y install gcc-c++ ncurses-devel cmake make perl gcc autoconf automake zlib libxml libgcrypt libtool bison
tar -zxvf mysqlxxxxx
cd mysqlxxxxx
sudo cmake -DWITH_INNODB_MEMCACHED=ON -DDOWNLOAD_BOOST=1 -DWITH_BOOST=/usr/local/boost
sudo make -j32
sudo make install

########## 配置Mysql ###############
mkdir /home/mes/mysql
mkdir /home/mes/mysql/data
sudo /usr/local/mysql/bin/mysqld --initialize --user=mes
sudo /usr/local/mysql/bin/mysql_ssl_rsa_setup

记住密码

Mysql config files

将mysqlcnfs文件夹下的文件分别对应目录cp到服务器上

sudo systemctl enable mysql.service
sudo systemctl start mysql.service

Change password & set mysql for remote access

/usr/local/mysql/bin/mysql -uroot -p

输入前面记住的初始密码

mysql>set password for root@localhost = password('xxxxxxxx');
mysql>GRANT ALL PRIVILEGES ON . TO 'root'@'%'IDENTIFIED BY 'xxxxxxxx' WITH GRANT OPTION;
mysql>FLUSH PRIVILEGES;

########## 安装screen 和 htop ###############
sudo yum install epel-release -y
sudo yum install screen htop screen -y

########## 安装php ###############
sudo yum -y update
sudo yum -y install epel-release
wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
wget https://centos7.iuscommunity.org/ius-release.rpm
sudo rpm -Uvh ius-release*.rpm
sudo yum -y update
sudo yum -y install php56u php56u-fpm php56u-opcache php56u-xml php56u-mcrypt php56u-gd php56u-devel php56u-mysql php56u-intl php56u-mbstring php56u-apcu php56u-bcmath
sudo yum install composer

选装 如果使用 phpspreadsheet 的话

composer require cache/simple-cache-bridge cache/apcu-adapter
composer require phpoffice/phpspreadsheet

Install memcache PECL Extension for PHP

sudo yum install zlib-devel
sudo pecl install memcache

add "extension=memcache.so" to php.ini

########## 安装nginx ###############
sudo yum install nginx

########## 配置nginx和php ###############

将mysqlcnfs文件夹下/etc/nginx /etc/php-fpm 分别复制到服务器上

mkdir /home/mes/www
sudo systemctl enable nginx
sudo systemctl enable php-fpm
sudo systemctl start nginx
sudo systemctl start php-fpm

########## 优化nginx文件权限 ######
chmod -R 775 /var/lib/nginx/ #缓存文件权限

chmod 777 /var/lib/php/session #session文件权限

########## 优化nginx php日志，并定时删除 ######

将mysqlcnfs文件夹下 /etc/logrotate.d/nginx /etc/logrotate.d/php-fpm 分别复制到服务器上

########## 网口聚合 ###############

创建team0接口

nmcli con add type team con-name team0 ifname team0 config '{"runner": {"name":"activebackup"}}'

修改接口ip

nano /etc/sysconfig/network-scripts/ifcfg-team0

添加

BOOTPROTO=static

BROADCAST=192.168.125.255

DNS1=192.168.0.1

IPADDR=192.168.125.241

NETMASK=255.255.255.0

重启

systeamctl restart network

nmcli connection add type team-slave con-name team0-port1 ifname em1 master team0

nmcli connection add type team-slave con-name team0-port2 ifname em2 master team0

nmcli connection up team0-port1;nmcli connection up team0-port2

查看team0接口状态

teamdctl team0 state view

########## 安装 iptables servers ###############
sudo yum install iptables-services

########## 安装和配置 Keepalived ##########
sudo yum install keepalived ipvsadm -y

换网络地址 192.168.125.241 192.168.125.242

分别将mysqlcnfs下的 /etc/sysconfig/network-scripts/ifcfg-em1 复制到对应241 242的服务器上

service network restart

重新ssh上服务器

注意：下面是开始配置Keepalived的细节了，比较繁琐和复杂

分别将mysqlcnfs下的 /etc/sysconfig/network-scripts/ifcfg-lo-0 复制到对应241 242的服务器上，并改名为ifcfg-lo:0

将/home/mes/realserver 文件复制到对应的服务器上

sudo chmod 777 /home/mes/realserver
sudo nano /etc/rc.d/rc.local

添加一行 sudo /home/mes/realserver start 让服务器每次启动的时候启动realserver脚本

sudo chmod +x /etc/rc.d/rc.local

记录主（192.168.125.241） 从（192.168.125.242）设备的MAC地址

192.168.125.241: 80:18:44:ec:eb:4c

192.168.125.242: 80:18:44:ec:e7:78

分别配置以下iptables rules

00:0c:29:0e:f8:5f
00:0c:29:f8:29:21

iptables -t mangle -I PREROUTING -d 192.168.125.240 -p tcp -m tcp --dport 80 -m mac ! --mac-source 00:0c:29:f8:29:21 -j MARK --set-mark 0x5
iptables -t mangle -I PREROUTING -d 192.168.125.240 -p tcp -m tcp --dport 2345 -m mac ! --mac-source 00:0c:29:0e:f8:5f -j MARK --set-mark 0x3

主机设置(防火墙接收到192.168.125.240发过来的数据包检测，如果报文的mac地址是80:18:44:ec:e7:78的则丢弃，并标记报文为0x5)
iptables -t mangle -I PREROUTING -d 192.168.125.240 -p tcp -m tcp --dport 80 -m mac ! --mac-source 80:18:44:ec:e7:78 -j MARK --set-mark 0x5
iptables -t mangle -I PREROUTING -d 192.168.125.240 -p tcp -m tcp --dport 2345 -m mac ! --mac-source 80:18:44:ec:e7:78 -j MARK --set-mark 0x3
iptables -I INPUT -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -p tcp --dport 2345 -j ACCEPT
sudo service iptables save
sudo service iptables restart
sudo systemctl enable iptables

从机设置
iptables -t mangle -I PREROUTING -d 192.168.125.240 -p tcp -m tcp --dport 80 -m mac ! --mac-source 80:18:44:ec:eb:4c -j MARK --set-mark 0x6
iptables -t mangle -I PREROUTING -d 192.168.125.240 -p tcp -m tcp --dport 2345 -m mac ! --mac-source 80:18:44:ec:eb:4c -j MARK --set-mark 0x4
iptables -I INPUT -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -p tcp --dport 2345 -j ACCEPT
sudo service iptables save
sudo service iptables restart
sudo systemctl enable iptables

分别将 /etc/keepalived/keepalived.conf 复制到对应的服务器中

修改keepalive中的interface 指向team0

两边服务器
service keepalived start
systemctl enable keepalived

以下是调试keepalived和lvs的常用命令

sudo ipvsadm -L -n
sudo ipvsadm -L -c
sudo ipvsadm -Lcn |awk '{print $3}'|sort |uniq -c |sort -rn
ip addr show
grep keepalived /var/log/messages
tail -f /var/log/messages
sudo tcpdump -v -i em1 host 192.168.125.240

windows下的ab命令，主要考察负载均衡

ab -n 100000 -c 10 http://192.168.125.240/test.php

注:默认FIN_WAIT是120秒
修改成30
ipvsadm --set 900 30 300

########## 安装ioncube ##########
分别将ioncube文件夹复制到241 242里的/home/mes/www
访问http://192.168.125.x/ioncube/loader-wizard.php
按提示操作
sudo cp /home/mes/www/ioncube/ioncube_loader_lin_5.6.so /usr/lib64/php/modules
在/etc/php.ini上加上
zend_extension = /usr/lib64/php/modules/ioncube_loader_lin_5.6.so
sudo service php-fpm restart
sudo service nginx restart
刷新http://192.168.125.x/ioncube/loader-wizard.php
php -v检查是否有with the ionCube PHP Loader (enabled)字样

########## Mysql做互为正备 ##########
241 登陆mysql后操作
grant replication slave on . to 'repl_user'@'192.168.125.242' identified by 'hj34%&mnkb',
MASTER_LOG_FILE='mysql-bin.000016',
MASTER_LOG_POS=495;
重启242Mysql
show slave status\G 查看 Slave_IO_Running Slave_SQL_Running 是否 Yes

===========================

242 登陆mysql后操作
grant replication slave on . to 'repl_user'@'192.168.125.241' identified by 'hj34%&mnkb',
MASTER_LOG_FILE='mysql-bin.000014',
MASTER_LOG_POS=154;
重启241Mysql
show slave status\G 查看 Slave_IO_Running Slave_SQL_Running 是否 Yes

########## 配置ntp ##########

在主机上

sudo nano /etc/ntp.conf

屏蔽4个server

添加

restrict 192.168.125.0 mask 255.255.255.0
server 127.127.1.0

sudo systemctl restart ntpd
sudo systemctl enable ntpd

在从机上

sudo nano /etc/ntp.conf

屏蔽4个server

添加

server 192.168.125.241

sudo ntpdate 192.168.125.241
sudo systemctl restart ntpd
sudo systemctl enable ntpd

########## 配置autofs自动挂载 ###############

1、sudo nano /etc/autofs.master
2、#屏蔽
/misc /etc/auto.misc
3、#添加
/- /etc/auto.nfs --timeout=60，保存退出
4、#新创一个文件
sudo nano /etc/auto.nfs
5、#添加
/home/mes/hf-data -rw 192.168.125.243:/CurveData

sudo systemctl restart autofs.service
sudo systemctl enable autofs.service

########## 开启gitbook服务 ###############
cd /gitbook目录
gitbook serve mes_interface_doc --port 9090

########## 安装配置lftp客户端 ###############

sudo yum install lftp –y

########## mount磁盘整列 ###############

开启一个挂载线程

mount_worker->count = 1;
worker){
mount_time_interval,function(){

      exec("python ".IA_ROOT."/../test.py");

  });

};