Shulou(Shulou.com)06/02 Report--

Minimize installation of centos7

I. Environmental description

The IP address of HA and load master is: 10.10.10.111HA and the IP address of load backup is: the virtual address of 10.10.10.112HA is 10.10.10.110

II. Basic configuration

1. Configure the network card

Vi / etc/sysconfig/network-scripts/ifcfg-ens36

Vi / etc/sysconfig/network-scripts/ifcfg-ens33

two。 Install net-tools

Note: commands such as ifconfig,route will be installed in this package

[root@localhost ~] # rpm-ql net-tools

/ bin/netstat

/ sbin/arp

/ sbin/ether-wake

/ sbin/ifconfig

/ sbin/ipmaddr

/ sbin/iptunnel

/ sbin/mii-diag

/ sbin/mii-tool

/ sbin/nameif

/ sbin/plipconfig

/ sbin/route

/ sbin/slattach

Mkdir / media/cdrom

Mount / dev/cdrom / media/cdrom

Vi / etc/fstab

/ dev/cdrom / media/cdrom iso9660 defaults 0 0

Cd / media/cdrom/Packages

Rpm-ivh net-tools-... . [tab]

Rpm-ivh lrzsz... [tab]

3. Turn off unnecessary services and prohibit boot.

[root@localhost ~] # systemctl disable postfix.service

[root@localhost ~] # systemctl disable firewalld.service

[root@localhost] # iptables-F

[root@localhost] # iptables-t nat-F

4. Close selinux

[root@localhost sbin] # cat / etc/sysconfig/selinux

This file controls the state of SELinux on the system.SELINUX= can take one of these three values:enforcing-SELinux security policy is enforced.permissive-SELinux prints warnings instead of enforcing.disabled-No SELinux policy is loaded.

SELINUX=disabled

SELINUXTYPE= can take one of three two values:targeted-Targeted processes are protected,minimum-Modification of targeted policy. Only selected processes are protected.mls-Multi Level Security protection.

SELINUXTYPE=targeted

[root@localhost sbin] # getenforce

Enforcing

[root@localhost sbin] # setenforce 0

[root@localhost sbin] # getenforce

Permissive

5. Close IPv6

[root@localhost keepalived] # cat / etc/default/grub

GRUB_TIMEOUT=5

GRUB_DISTRIBUTOR= "$(sed's, release. * $, g' / etc/system-release)"

GRUB_DEFAULT=saved

GRUB_DISABLE_SUBMENU=true

GRUB_TERMINAL_OUTPUT= "console"

GRUB_CMDLINE_LINUX= "ipv6.disable=1 crashkernel=auto rhgb quiet"

GRUB_DISABLE_RECOVERY= "true"

Run grub2-mkconfig-o / boot/grub2/grub.cfg to regenerate the grub.cfg file

Note: this operation requires a restart to take effect.

Second, install keepalived

Download address http://www.keepalived.org/download.html

Install openssl openssl-devel gcc gcc-c++ make pcre-devel bzip2-devel

[root@localhost src] # cd / usr/local/src/

[root@localhost src] # yum install-y openssl openssl-devel gcc gcc-c++ make pcre-devel bzip2-devel

two。 Download the latest version of keepalived and put keepalived-2.0.7.tar.gz in the / usr/local/src/ directory. Openssl openssl-devel will be used for installation.

[root@localhost src] # tar-zxvf keepalived-2.0.7.tar.gz

[root@localhost src] # cd / usr/local/src/keepalived-2.0.7

3. Install and configure keepalived

[root@localhost keepalived-2.0.7] # mkdir / usr/local/keepalived

[root@localhost keepalived-2.0.7] #. / configure-prefix=/usr/local/keepalived/

[root@localhost keepalived-2.0.7] # make & & make install

[root@localhost ~] # mkdir / etc/keepalived

[root@localhost ~] # cp / usr/local/keepalived/etc/keepalived/keepalived.conf / etc/keepalived

Killall requires psmisc to be installed

Yum install-y psmisc

Load master configuration:

[root@localhost keepalived] # cat keepalived.conf

! Configuration File for keepalived

Global_defs {

Notification_email {acassen@firewall.locbr/ > acassen@firewall.loc

Br/ > sysadmin@firewall.loc

Notification_email_from Alexandre.Cassen@firewall.loc

Smtp_server localhost

Smtp_connect_timeout 30

Router_id NodeA

}

Vrrp_script chk_haproxy {

Script "killall-0 haproxy"

Interval 2

Weight-2

}

Vrrp_instance VI_1 {

State MASTER

Interface eth0

Virtual_router_id 51

Priority 99

Advert_int 1

Authentication {

Auth_type PASS

Auth_pass 1111

}

Track_script {

Chk_haproxy

}

Virtual_ipaddress {

Virtual IP address

}

}

Load standby configuration:

[root@localhost keepalived] # vim keepalived.conf

! Configuration File for keepalived

Global_defs {

Notification_email {acassen@firewall.locbr/ > acassen@firewall.loc

Br/ > sysadmin@firewall.loc

Notification_email_from Alexandre.Cassen@firewall.loc

Smtp_server localhost

Smtp_connect_timeout 30

Router_id NodeA

}

Vrrp_script chk_haproxy {

Script "killall-0 haproxy"

Interval 2

Weight-2

}

Vrrp_instance VI_1 {

State BACKUP

Interface eth0

Virtual_router_id 51

Priority 99

Advert_int 1

Authentication {

Auth_type PASS

Auth_pass 1111

}

Track_script {

Chk_haproxy

}

Virtual_ipaddress {

Virtual IP address (same as master)

}

}

4. Start two keepalive respectively

[root@localhost /] # / usr/local/keepalived/sbin/keepalived-D

5. View process: ps aux | grep keepalived

[root@localhost ~] # ps aux | grep keepalived

Root 828 0.0 0.0 40848 676? Ss 09:45 0:00 / usr/local/keepalived/sbin/keepalived-D

Root 829 0.0 0.0 40848 1200? S 09:45 0:00 / usr/local/keepalived/sbin/keepalived-D

Root 1101 0.0 112704 972 pts/0 S + 09:46 0:00 grep-color=auto keepalived

Add enable Startup:

[root@localhost /] # echo "/ usr/local/keepalived/sbin/keepalived-D" > > / etc/rc.d/rc.local

[root@localhost /] # chmod + x / etc/rc.d/rc.local

Test:

Win7 ping 10.10.10.110-t

Drop the load 1 network card down to 10.10.10.110 and you can still get through.

Win7 arp-a mac address is the same as payload 1

Down the load 1 network card with the same mac address as load 2

So far, the HA test is successful.

Third, install Haproxy

Download address http://pkgs.fedoraproject.org/repo/pkgs/haproxy/

Download the latest version of hpproxy and put haproxy-1.8.13.tar.gz in the / usr/local/src/ directory. Pcre-devel bzip2-devel will be used for installation.

[root@localhost ~] # cd / usr/local/src/

[root@localhost src] # tar-zxvf haproxy-1.8.13.tar.gz

[root@localhost src] # cd haproxy-1.8.13

[root@localhost haproxy-1.8.13] # make TARGET=linux2628

[root@localhost haproxy-1.8.13] # make install

[root@localhost haproxy-1.8.13] # mkdir / etc/haproxy

[root@localhost haproxy-1.8.13] # mkdir / usr/local/haproxy

[root@localhost haproxy-1.8.13] # groupadd haproxy

[root@localhost haproxy-1.8.13] # useradd-s / sbin/nologin-M-g haproxy haproxy

[root@localhost haproxy-1.8.13] # id haproxy

Uid=1000 (haproxy) gid=1000 (haproxy) groups=1000 (haproxy)

3. Add a profile (the master / slave configuration is the same)

[root@localhost haproxy-1.8.13] # vim / etc/haproxy/haproxy.cfg

Global

Log 127.0.0.1 local0 info

# log 127.0.0.1 local3

# log 127.0.0.1 local1 notice

# log loghost local0 info

Maxconn 4096

Chroot / usr/local/haproxy

Uid 99

Gid 99

Daemon

Nbproc 2

Pidfile / var/run/haproxy.pid

# debug

# quiet

Defaults

# log global

Log 127.0.0.1 local3

Mode http

Option httplog

Option dontlognull

Option forwardfor

Option httpclose

Retries 3

Option redispatch

Maxconn 5000

Contimeout 20000

Clitimeout 80000

Srvtimeout 80000

Stats uri / haproxy-admin

Stats auth admin: (password for administrative interface)

Stats hide-version

Frontend http-in

Bind *: 80

Mode http

Option httplog

Log global

Default_backend (Custom name)

Backend (Custom name)

Balance roundrobin

Cookie SESSION_COOKIE insert indirect nocache

Option httpchk HEAD / loginkey.aspx HTTP/1.0

Server name 01 10.10.10.20 weight 80 cookie name 1 weight 5 check inter 2000 rise 2 fall 3

Server name 02 10.10.10.30 weight 80 cookie name 2 weight 3 check inter 2000 rise 2 fall 3

4. Add boot boot

[root@localhost examples] # cp / usr/local/src/haproxy-1.8.13/examples/haproxy.init / etc/init.d/haproxy

[root@localhost examples] # chmod 755 / etc/init.d/haproxy

[root@localhost examples] # chkconfig-- add haproxy

[root@localhost examples] # ln-s / usr/local/sbin/haproxy / usr/sbin/haproxy

[root@localhost examples] # service haproxy start

Starting haproxy (via systemctl): [OK]

[root@localhost examples] # chkconfig haproxy on

[root@localhost examples] # netstat-anpt | grep haproxy

Tcp 0 0 0.0.0.0:80 0.0.0.0: LISTEN 6836/haproxy

Tcp 01 10.10.10.111:60196...: 80 SYN_SENT 6836/haproxy

Tcp 01 10.10.11.1purl 60198... *: 80 SYN_SENT 6837/haproxy

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.