关掉所有防火墙

# Close SELinux
sudo setenforce 0
sudo nano  /etc/selinux/config
改
SELINUX=disabled

# Close Firewall
systemctl stop firewalld.service
systemctl disable firewalld.service

替换为国内源

mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
yum makecache

安装Mysql

sudo yum -y install gcc-c++ ncurses-devel cmake make perl gcc autoconf automake zlib libxml libgcrypt libtool bison
tar -zxvf mysqlxxxxx
cd mysqlxxxxx
sudo cmake -DWITH_INNODB_MEMCACHED=ON -DDOWNLOAD_BOOST=1 -DWITH_BOOST=/usr/local/boost
sudo make -j32
sudo make install

配置Mysql

mkdir /home/mes/mysql    
mkdir /home/mes/mysql/data
sudo /usr/local/mysql/bin/mysqld --initialize --user=mes
sudo /usr/local/mysql/bin/mysql_ssl_rsa_setup
# 记住密码

# Mysql config files 
# 将mysqlcnfs文件夹下的文件分别对应目录cp到服务器上
sudo systemctl enable mysql.service
sudo systemctl start mysql.service

# Change password & set mysql for remote access
/usr/local/mysql/bin/mysql -uroot -p
# 输入前面记住的初始密码
mysql>set password for root@localhost = password('Hf123!@#'); 
mysql>GRANT ALL PRIVILEGES ON *.* TO 'root'@'%'IDENTIFIED BY 'Hf123!@#' WITH GRANT OPTION;
mysql>FLUSH PRIVILEGES;

安装screen 和 htop

sudo yum install epel-release -y
sudo yum install screen htop screen -y

安装php

sudo yum -y update
sudo yum -y install epel-release
wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
wget https://centos7.iuscommunity.org/ius-release.rpm
sudo rpm -Uvh ius-release*.rpm
sudo yum -y update
sudo yum -y install php56u php56u-fpm php56u-opcache php56u-xml php56u-mcrypt php56u-gd php56u-devel php56u-mysql php56u-intl php56u-mbstring php56u-apcu php56u-bcmath
sudo yum install composer
##选装 如果使用 phpspreadsheet 的话
composer require cache/simple-cache-bridge cache/apcu-adapter
composer require phpoffice/phpspreadsheet

\# Install memcache PECL Extension for PHP
sudo yum install zlib-devel
sudo pecl install memcache
\# add "extension=memcache.so" to php.ini

安装nginx

sudo yum install nginx

配置nginx和php

# 将mysqlcnfs文件夹下/etc/nginx /etc/php-fpm 分别复制到服务器上
mkdir /home/mes/www
sudo systemctl enable nginx
sudo systemctl enable php-fpm
sudo systemctl start nginx
sudo systemctl start php-fpm

优化nginx文件权限

chmod -R 775 /var/lib/nginx/   #缓存文件权限
chmod 777 /var/lib/php/session #session文件权限

优化nginx php日志，并定时删除

# 将mysqlcnfs文件夹下 /etc/logrotate.d/nginx /etc/logrotate.d/php-fpm 分别复制到服务器上

网口聚合

# 创建team0接口
nmcli con add type team con-name team0 ifname team0 config '{"runner": {"name":"activebackup"}}'
# 修改接口ip 
nano /etc/sysconfig/network-scripts/ifcfg-team0

# 添加
BOOTPROTO=static
BROADCAST=192.168.125.255
DNS1=192.168.0.1
IPADDR=192.168.125.241
NETMASK=255.255.255.0

# 重启
systeamctl restart network
nmcli connection add type team-slave con-name team0-port1 ifname em1 master team0
nmcli connection add type team-slave con-name team0-port2 ifname em2 master team0
nmcli connection up team0-port1;nmcli connection up team0-port2

# 查看team0接口状态
teamdctl team0 state view

安装 iptables servers

sudo yum install iptables-services

安装和配置 Keepalived

sudo yum install keepalived ipvsadm -y
# 换网络地址  192.168.125.241   192.168.125.242 
# 分别将mysqlcnfs下的 /etc/sysconfig/network-scripts/ifcfg-em1 复制到对应241 242的服务器上
service network restart
# 重新ssh上服务器
# 注意：下面是开始配置Keepalived的细节了，比较繁琐和复杂
# 分别将mysqlcnfs下的 /etc/sysconfig/network-scripts/ifcfg-lo-0 复制到对应241 242的服务器上，并改名为ifcfg-lo:0 
# 将/home/mes/realserver 文件复制到对应的服务器上
sudo chmod 777 /home/mes/realserver 
sudo nano /etc/rc.d/rc.local
# 添加一行 sudo /home/mes/realserver start 让服务器每次启动的时候启动realserver脚本
sudo chmod +x /etc/rc.d/rc.local
# 记录主（192.168.125.241） 从（192.168.125.242）设备的MAC地址
# 192.168.125.241: 80:18:44:ec:eb:4c
# 192.168.125.242: 80:18:44:ec:e7:78
# 分别配置以下iptables rules

00:0c:29:0e:f8:5f
00:0c:29:f8:29:21

iptables -t mangle -I PREROUTING -d 192.168.125.240 -p tcp -m tcp --dport 80 -m mac ! --mac-source 00:0c:29:f8:29:21 -j MARK --set-mark 0x5
iptables -t mangle -I PREROUTING -d 192.168.125.240 -p tcp -m tcp --dport 2345 -m mac ! --mac-source 00:0c:29:0e:f8:5f -j MARK --set-mark 0x3

# 主机设置(防火墙接收到192.168.125.240发过来的数据包检测，如果报文的mac地址是80:18:44:ec:e7:78的则丢弃，并标记报文为0x5)
iptables -t mangle -I PREROUTING -d 192.168.125.240 -p tcp -m tcp --dport 80 -m mac ! --mac-source 80:18:44:ec:e7:78 -j MARK --set-mark 0x5
iptables -t mangle -I PREROUTING -d 192.168.125.240 -p tcp -m tcp --dport 2345 -m mac ! --mac-source 80:18:44:ec:e7:78 -j MARK --set-mark 0x3
iptables -I INPUT -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -p tcp --dport 2345 -j ACCEPT
sudo service iptables save
sudo service iptables restart
sudo systemctl enable iptables

# 从机设置
iptables -t mangle -I PREROUTING -d 192.168.125.240 -p tcp -m tcp --dport 80 -m mac ! --mac-source 80:18:44:ec:eb:4c -j MARK --set-mark 0x6
iptables -t mangle -I PREROUTING -d 192.168.125.240 -p tcp -m tcp --dport 2345 -m mac ! --mac-source 80:18:44:ec:eb:4c -j MARK --set-mark 0x4
iptables -I INPUT -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -p tcp --dport 2345 -j ACCEPT
sudo service iptables save
sudo service iptables restart
sudo systemctl enable iptables

# 分别将 /etc/keepalived/keepalived.conf 复制到对应的服务器中
# 修改keepalive中的interface 指向team0
# 两边服务器
service keepalived start
systemctl enable keepalived

# 以下是调试keepalived和lvs的常用命令
sudo ipvsadm -L -n
sudo ipvsadm -L -c
sudo ipvsadm -Lcn |awk '{print $3}'|sort  |uniq -c |sort -rn
ip addr show
grep keepalived /var/log/messages
tail -f /var/log/messages
sudo tcpdump -v -i em1 host 192.168.125.240
# windows下的ab命令，主要考察负载均衡
ab -n 100000 -c 10 http://192.168.125.240/test.php

注:默认FIN_WAIT是120秒
修改成30
ipvsadm --set 900 30 300

安装ioncube

分别将ioncube文件夹复制到241 242里的/home/mes/www
访问http://192.168.125.x/ioncube/loader-wizard.php
按提示操作
sudo cp /home/mes/www/ioncube/ioncube_loader_lin_5.6.so /usr/lib64/php/modules
在/etc/php.ini上加上

zend_extension = /usr/lib64/php/modules/ioncube_loader_lin_5.6.so
sudo service php-fpm restart
sudo service nginx restart

刷新http://192.168.125.x/ioncube/loader-wizard.php
php -v检查是否有with the ionCube PHP Loader (enabled)字样

Mysql做互为正备

241 登陆mysql后操作

grant replication slave on *.* to 'repl_user'@'192.168.125.242' identified by 'hj34$%&mnkb';
show master status\G

记住File 和 Pos值
242 登陆mysql后操作

CHANGE MASTER TO MASTER_HOST='192.168.125.241',MASTER_USER='repl_user', MASTER_PASSWORD='hj34$%&mnkb',
       MASTER_LOG_FILE='mysql-bin.000016', 
       MASTER_LOG_POS=495;

重启242Mysql
show slave status\G 查看 Slave_IO_Running Slave_SQL_Running 是否 Yes

242 登陆mysql后操作

grant replication slave on *.* to 'repl_user'@'192.168.125.241' identified by 'hj34$%&mnkb';
show master status\G

记住File 和 Pos值
241 登陆mysql后操作

CHANGE MASTER TO MASTER_HOST='192.168.125.242',MASTER_USER='repl_user', MASTER_PASSWORD='hj34$%&mnkb',
       MASTER_LOG_FILE='mysql-bin.000014', 
       MASTER_LOG_POS=154;

重启241Mysql

查看 Slave_IO_Running Slave_SQL_Running 是否 Yes

show slave status\G

配置ntp

# 在主机上

sudo nano /etc/ntp.conf
# 屏蔽4个server
# 添加
restrict 192.168.125.0 mask 255.255.255.0
server 127.127.1.0

sudo systemctl restart ntpd
sudo systemctl enable ntpd

# 在从机上

sudo nano /etc/ntp.conf
# 屏蔽4个server
# 添加
server 192.168.125.241
sudo ntpdate 192.168.125.241
sudo systemctl restart ntpd
sudo systemctl enable ntpd

配置autofs自动挂载

1. 编辑
   sudo nano /etc/autofs.master
2. 屏蔽
   /misc /etc/auto.misc
3. 添加
   /- /etc/auto.nfs --timeout=60，保存退出
4. 新创一个文件
   sudo nano /etc/auto.nfs
5. 添加
   /home/mes/hf-data -rw 192.168.125.243:/CurveData

sudo systemctl restart autofs.service
sudo systemctl enable autofs.service

开启gitbook服务

cd /gitbook目录
gitbook serve mes_interface_doc --port 9090

安装配置lftp客户端

sudo yum install lftp –y

mount磁盘整列

# 开启一个挂载线程
$mount_worker = new Worker();
$mount_worker->count = 1;
$mount_worker->onWorkerStart = function($worker){
       $mount_time_interval = 10;
       //require_once IA_ROOT . "/../test.py";
       Timer::add($mount_time_interval,function(){
          exec("python ".IA_ROOT."/../test.py");
      });
};