最小化安裝centos7
一、 環境說明

站在用戶的角度思考問題，與客戶深入溝通，找到象山網站設計與象山網站推廣的解決方案，憑借多年的經驗，讓設計與互聯網技術結合，創造個性化、用戶體驗好的作品，建站類型包括：網站制作、成都網站制作、企業官網、英文網站、手機端網站、網站推廣、主機域名、虛擬主機、企業郵箱。業務覆蓋象山地區。

1. HA和負載主的IP地址為：10.10.10.111
2. HA和負載備的IP地址為：10.10.10.112

3. HA的虛地址為：10.10.10.110
   二、基礎配置
   1.配置網卡
   vi /etc/sysconfig/network-scripts/ifcfg-ens36
   vi /etc/sysconfig/network-scripts/ifcfg-ens33
   2.安裝net-tools
   注：這個軟件包會安裝ifconfig,route等命令
   [root@localhost ~]# rpm -ql net-tools
   /bin/netstat
   /sbin/arp
   /sbin/ether-wake
   /sbin/ifconfig
   /sbin/ipmaddr
   /sbin/iptunnel
   /sbin/mii-diag
   /sbin/mii-tool
   /sbin/nameif
   /sbin/plipconfig
   /sbin/route
   /sbin/slattach

   mkdir /media/cdrom
   mount /dev/cdrom /media/cdrom
   vi /etc/fstab
   /dev/cdrom /media/cdrom iso9660 defaults 0 0
   cd /media/cdrom/Packages
   rpm -ivh net-tools-….[tab]
   rpm -ivh lrzsz…[tab]
   3.關閉沒必要的服務，禁止開機啟動
   [root@localhost ~]# systemctl disable postfix.service
   [root@localhost ~]# systemctl disable firewalld.service
   [root@localhost ~]# iptables -F
   [root@localhost ~]# iptables -t nat –F
   4.關閉selinux
   [root@localhost sbin]# cat /etc/sysconfig/selinux

   This file controls the state of SELinux on the system.

   SELINUX= can take one of these three values:

   enforcing - SELinux security policy is enforced.

   permissive - SELinux prints warnings instead of enforcing.

   disabled - No SELinux policy is loaded.

   SELINUX=disabled

   SELINUXTYPE= can take one of three two values:

   targeted - Targeted processes are protected,

   minimum - Modification of targeted policy. Only selected processes are protected.

   mls - Multi Level Security protection.

   SELINUXTYPE=targeted
   [root@localhost sbin]# getenforce
   Enforcing
   [root@localhost sbin]# setenforce 0
   [root@localhost sbin]# getenforce
   Permissive
   5.關閉IPv6
   [root@localhost keepalived]# cat /etc/default/grub
   GRUB_TIMEOUT=5
   GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
   GRUB_DEFAULT=saved
   GRUB_DISABLE_SUBMENU=true
   GRUB_TERMINAL_OUTPUT="console"
   GRUB_CMDLINE_LINUX="ipv6.disable=1 crashkernel=auto rhgb quiet"
   GRUB_DISABLE_RECOVERY="true"
   運行grub2-mkconfig -o /boot/grub2/grub.cfg重新生成grub.cfg文件
   注：此操作需要重啟才能生效
   二、安裝keepalived
   下載地址http://www.keepalived.org/download.html

4. 安裝openssl openssl-devel gcc gcc-c++ make pcre-devel bzip2-devel
   [root@localhost src]# cd /usr/local/src/
   [root@localhost src]# yum install -y openssl openssl-devel gcc gcc-c++ make pcre-devel bzip2-devel

2.下載最新版本keepalived并將keepalived-2.0.7.tar.gz放在/usr/local/src/目錄下，安裝會用到openssl openssl-devel
[root@localhost src]# tar -zxvf keepalived-2.0.7.tar.gz
[root@localhost src]#cd /usr/local/src/keepalived-2.0.7

3.安裝并配置keepalived
[root@localhost keepalived-2.0.7]# mkdir /usr/local/keepalived
[root@localhost keepalived-2.0.7]# ./configure --prefix=/usr/local/keepalived/
[root@localhost keepalived-2.0.7]# make && make install
[root@localhost ~]#mkdir /etc/keepalived
[root@localhost ~]#cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived

Killall需要安裝psmisc
yum install –y psmisc

負載主配置：
[root@localhost keepalived]# cat keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {acassen@firewall.loc
br/>acassen@firewall.loc
br/>sysadmin@firewall.loc
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server localhost
smtp_connect_timeout 30
router_id NodeA
}

vrrp_script chk_haproxy {
script "killall -0 haproxy"
interval 2
weight -2
}

vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 51
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_script{
chk_haproxy
}
virtual_ipaddress {
虛擬IP地址
}
}

負載備配置：
[root@localhost keepalived]# vim keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {acassen@firewall.loc
br/>acassen@firewall.loc
br/>sysadmin@firewall.loc
notification_email_from Alexandre.Cassen@firewall.loc
smtp_server localhost
smtp_connect_timeout 30
router_id NodeA
}

vrrp_script chk_haproxy {
script "killall -0 haproxy"
interval 2
weight -2
}

vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 51
priority 99
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
track_script{
chk_haproxy
}
virtual_ipaddress {
虛擬IP地址(同主)
}
}

4.分別啟動兩個keepalive
[root@localhost /]# /usr/local/keepalived/sbin/keepalived -D

5.查看進程：ps aux | grep keepalived
[root@localhost ~]# ps aux | grep keepalived
root 828 0.0 0.0 40848 676 ? Ss 09:45 0:00 /usr/local/keepalived/sbin/keepalived -D
root 829 0.0 0.0 40848 1200 ? S 09:45 0:00 /usr/local/keepalived/sbin/keepalived -D
root 1101 0.0 0.0 112704 972 pts/0 S+ 09:46 0:00 grep --color=auto keepalived

6. 添加開啟啟動：
   [root@localhost /]# echo "/usr/local/keepalived/sbin/keepalived -D" >> /etc/rc.d/rc.local
   [root@localhost /]# chmod +x /etc/rc.d/rc.local

測試：
Win7 ping 10.10.10.110 -t
將負載1網卡down掉10.10.10.110還能通
Win7 arp –a mac地址和負載1相同
將負載1網卡down掉 mac地址和負載2相同
至此HA測試成功

三、安裝Haproxy

1. 下載地址 http://pkgs.fedoraproject.org/repo/pkgs/haproxy/

2. 下載最新版本hpproxy并將haproxy-1.8.13.tar.gz放在/usr/local/src/目錄下,安裝會用到pcre-devel bzip2-devel
   [root@localhost ~]# cd /usr/local/src/
   [root@localhost src]# tar -zxvf haproxy-1.8.13.tar.gz
   [root@localhost src]# cd haproxy-1.8.13
   [root@localhost haproxy-1.8.13]# make TARGET=linux2628
   [root@localhost haproxy-1.8.13]# make install
   [root@localhost haproxy-1.8.13]# mkdir /etc/haproxy
   [root@localhost haproxy-1.8.13]# mkdir /usr/local/haproxy
   [root@localhost haproxy-1.8.13]# groupadd haproxy
   [root@localhost haproxy-1.8.13]# useradd -s /sbin/nologin -M -g haproxy haproxy
   [root@localhost haproxy-1.8.13]# id haproxy
   uid=1000(haproxy) gid=1000(haproxy) groups=1000(haproxy)

3.添加配置文件(主備配置相同)
[root@localhost haproxy-1.8.13]# vim /etc/haproxy/haproxy.cfg
global
log 127.0.0.1 local0 info
#log 127.0.0.1 local3
#log 127.0.0.1 local1 notice
#log loghost local0 info
maxconn 4096
chroot /usr/local/haproxy
uid 99
gid 99
daemon
nbproc 2
pidfile /var/run/haproxy.pid
#debug
#quiet

defaults
#log global
log 127.0.0.1 local3
mode http
option httplog
option dontlognull
option forwardfor
option httpclose
retries 3
option redispatch
maxconn 5000
contimeout 20000
clitimeout 80000
srvtimeout 80000
stats uri /haproxy-admin
stats auth admin:（管理界面的密碼)
stats hide-version

frontend http-in
bind *:80
mode http
option httplog
log global
default_backend (自定義名稱)

backend (自定義名稱)
balance roundrobin
cookie SESSION_COOKIE insert indirect nocache
option httpchk HEAD /loginkey.aspx HTTP/1.0
server 名稱01 10.10.10.20:80 cookie 名稱1 weight 5 check inter 2000 rise 2 fall 3
server 名稱02 10.10.10.30:80 cookie 名稱2 weight 3 check inter 2000 rise 2 fall 3

4.添加開機啟動
[root@localhost examples]# cp /usr/local/src/haproxy-1.8.13/examples/haproxy.init /etc/init.d/haproxy
[root@localhost examples]# chmod 755 /etc/init.d/haproxy
[root@localhost examples]# chkconfig --add haproxy
[root@localhost examples]# ln -s /usr/local/sbin/haproxy /usr/sbin/haproxy
[root@localhost examples]# service haproxy start
Starting haproxy (via systemctl): [ OK ]
[root@localhost examples]# chkconfig haproxy on
[root@localhost examples]# netstat -anpt | grep haproxy
tcp 0 0 0.0.0.0:80 0.0.0.0: LISTEN 6836/haproxy
tcp 0 1 10.10.10.111:60196 ...:80 SYN_SENT 6836/haproxy
tcp 0 1 10.10.10.111:60198 ...*:80 SYN_SENT 6837/haproxy