下载文档原格式
安装CentOS7.4全记录⼤学⽤了四年的笔记本快⽤废了,闲来想着⽤来装个centos,当个服务器也⾏,于是装上了CentOS6.9系统,由于最⼩化安装,⽽且在安装时没有安装wpa_supplicant包,笔记本本⾝⽹卡接⼝⼜坏了,结果就不能正常联⽹了,所以⼀直没⽤,后来摸索挂载U盘安装wpa_supplicant终于成功,安装⼀⼤堆软件,在安装mysql时候报错,先是swap交换分区不⾜,通过mkswap命令增加交换分区得以解决,⼜是根磁盘空间不⾜导致安装失败,都是以前安装时候的遗留问题,索性重装系统了。
由于⽬前⼀些软件开始要求CentOS7以上,并且也有越来越多公司开始使⽤CentOS7作为开发环境,所以我最终选择了较新的CentOS7.4版本。
下⾯记录这次安装的全过程:⼀、下载2.通过UltraISO制作启动U盘选择8G或以上U盘,做好U盘备份,后⾯需要格式化数据在菜单栏选择启动-->写⼊磁盘映像,出现下图选择写⼊⼆、安装说明,本次选择最⼩化安装⽅式,独⽴安装,所以不能截屏,那么只好拍照记录了,下⾯以图⽚展⽰所有流程:由于先前就设置了U盘作为第⼀启动项,所以插⼊U盘安装直接出现如下图若⾮如此,请在开机时输⼊命令进⼊bios模式,并设置usb作为启动盘,详情百度⼀下,接下来直接enter,很有可能如下报错原因是centos7上找不到启动盘,需要指定U盘位置,等待程序执⾏完毕,在命令⾏输⼊ls /dev查看所有磁盘名称,找到U盘名称,我的U盘名为/dev/sdb4,接着输⼊reboot重启,这次在上上图处不要直接enter,⽽是输⼊“ e ”进⾏配置,出现下图,图中第⼆⾏记录了当前寻找的启动盘的错误位置对错误位置进⾏修改,修改后如下图,即,将" hd:*** quiet "中“ *** ”部分改为U盘位置“ /dev/sdb4 ”修改后键⼊“ ctrl+x ”就可以开始安装了键盘设置,选择英⽂时区设置,时区选择上海语⾔设置,设置英⽂,添加额外语⾔中⽂安装⽅式,选择最⼩化安装磁盘分区设置由于原先安装了CentOS6.9,占据所有内存,所以先要删除原系统内存,操作找到CentOS6.9的根⽬录“ / ”,点击” - ” 表⽰删除,此时其他分区也会被删除,就能为CentOS7.4分配磁盘空间了/boot作为启动区分配200-500mb,设备类型选择标准,即默认,⽂件系统选择xfs,即默认(不要选择lvm!),据说xfs⽐ext4更⾼效;/boot/efi是因为通过U盘引导安装,必须分配,就给了350mb,设备类型选择默认,⽂件系统默认(不要选择lvm!);/swap作为交换空间,宜分配物理内存1.5倍左右,切忌过⼩,原先分配768mb,导致在安装mysql57编译过程中报内存错误,设备类型选择默认,⽂件系统默认;/home放⼀些项⽬⽂件,也不需要太⼤,但是作为独⽴安装就给了350G,设备类型选LVM,LVM可以在不改变上层逻辑卷,不丢失现有数据下扩展或新增银盘,⽅便磁盘管理,推荐!⽂件系统默认xfs;/作为根⽬录,常⽤的软件和配置⽂件都存在这⾥,空间需求较⼤,所以剩余空间都分配给根⽬录,设备类型选LVM,⽂件系统默认xfs;下图是我的磁盘分配⽅式⽹络设置及主机名设置,由于⽹卡接⼝坏掉,只能选择⽆线⽹了完成后就可以选右下⾓安装了安装过程中可以创建root⽤户(必须)和添加其他⽤户(⾮必需),在输⼊密码可能提⽰密码安全度不够,点左上⾓“ done ”两次即可稍等⼀刻钟,完成安装,选右下⾓reboot重启。
CentOS开发环境搭建一、安装系统1.新建虚拟机2.选择“自定义(高级)”,并点击【下一步】3.选择虚拟机硬件兼容性,并点击【下一步】4.选择“稍后安装操作系统”,并点击【下一步】5.选择操作系统版本,并点击【下一步】6.命名虚拟机,可任意路径,并点击【下一步】7.配置处理器,并点击【下一步】8.设置虚拟机内存大小,并点击【下一步】9.选择“使用网络地址转换(NAT)”,并点击【下一步】10.选择“LSI Logic”,并点击【下一步】11.选择“SCSI”,并点击【下一步】12.创建“新虚拟机磁盘”,并点击【下一步】13.设置磁盘容量20G,选择“将虚磁盘拆分成多个文件”,并点击【下一步】14.指定磁盘文件,并点击【下一步】15.单击完成16.此虚拟机右键选择【设置】或单击【编辑虚拟机设置】17.单击【CD/DVD(IDE)】,右侧选择“使用ISO映像文件”,选择操作系统的镜像文件ISO,并【确定】18.单击【开启此虚拟机】19.选择“Install CentOS 7”,点击回车键20.选择“中文”-“简体中文”,并点击【继续】21.设置安装信息,单击“本地化”-“日期和时间”,设置时间信息,并点击【完成】22.单击“本地化”-“键盘布局”,添加键盘布局,并点击【完成】23.单击“本地化”-“语言支持”,添加支持语音,并点击【完成】24.单击“SECURITY”-“SECURITY POLICY”,选择“Default”,并单击“完成”25.单击“软件”-“安装源”,选择“自动检测的安装介质”,并点击【完成】26.单击“软件”-“软件选择”,服务器选择“最小安装”没有图形化桌面,可根据实际需要或喜好选择,在此我选择“开发及生成工作站”,并点击【完成】27.单击“系统”-“安装位置”,选择“本地标准磁盘”,根据实际情况添加磁盘,并点击【完成】28.单击“系统”-“KDUMP”,选择“启用kdump”和设置内存,并单击【完成】29.单击“系统”-“网络和主机名”,选择【开启】和设置主机名,并点击【完成】30.单击【开始安装】31.单击“用户设置”-“ROOT密码”,输入root用户密码,并点击【完成】32.单击“用户设置”-“创建用户”,填写用户信息,并点击【完成】33.等待系统安装34.安装完成,并点击【完成】35.重启后,出现选择,输入1,并按【回车键】36.继续输入2,并按【回车键】37.继续输入q,并敲击【回车键】38.继续输入yes,并按【回车键】39.进入登陆界面,点击用户或未列出40.进入到系统41.输入startx命令进入到图形桌面设置系统默认进入图形桌面模式vi/etc/inittab#找到id:3:initdefault:#按i键进入编辑模式,将3改为5,然后按esc退出编辑,输入:qw 保存没有安装图形桌面,yum命令安装图形界面yum groupinstall "X Window System"#安装GNOME桌面环境yum groupinstall "GNOME Desktop Environment"#安装KDE桌面环境(KDE和GNOME任选其一都行)yum groupinstall "KDE (K Desktop Environment)"#安装后,按照上面方法开启桌面模式即可。
centos7.4飞思网巡安装步骤
一、概述
本文档是CENTOS 7.4 64位版本的安装过程。
安装过程中选择Intrastructure server(选择此项下的所有项目)安装。
提示:使用CentOS-7-x86_64-Everything光盘(不同版本文件大小为8-11G)安装。
飞思文件目录是/opt,因此默认分区时候务必将/根目录要分足够空间;另外磁盘分区大于1T时候文件系统类型必须是EXT4,不要选择XFS。
二、操作步骤
2.1、安装系统
光盘安装。
要先准备好计算机,安装DVD光盘和光驱或安装U盘,ISO文件等。
务必选择正确的时区
软件选择,选择Intrastructure server(并选择此项下的所有项目)安装。
分区配置:
根据磁盘空间大小可按下面进行分区。
bios boot :2M
/boot : 100G ext4 swap :16G
/ :2.5T ext4
网卡配置:。
安装环境[root@zabbix-srv ~]# cat /etc/redhat-releaseCentOS Linux release 7.4.1708 (Core)关闭防火墙Centos 7.3开始iptables就不存在了改成firewalld了,关闭掉方便点[root@zabbix-srv ~]# systemctl stop firewalld.service[root@zabbix-srv ~]# systemctl disable firewalld.serviceRemoved symlink/etc/systemd/system/multi-user.target.wants/firewalld.service.Removed symlink/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.关闭SElinuxSElinux是美国国家安全局开发的安全子系统,很麻烦,关闭了。
[root@zabbix-srv ~]# vim /etc/selinux/config把SELNUX=enforcing换成SELINUX=disabled,我们修改了SEliunx的配置文件,是重启后的状态,但是不影响现在的状态,所以要关闭当前启用的SElinux[root@zabbix-srv ~]# setenforce 0现在SElinux关闭了数据库安装与配置安装MariaDB数据库[root@zabbix-srv ~]# yum install mariadb-server mariadb –ymariadb数据库相关命令systemctl start mariadb #启动MariaDBsystemctl stop mariadb #停止MariaDBsystemctl restart mariadb #重启MariaDBsystemctl enable mariadb #设置开机启动安装及配置Zabbix3.4安装源码库配置部署包[root@zabbix-srv ~]# rpm-ivh /zabbix/3.4/rhel/7/x86_64/zabbix-release-3. 4-2.el7.noarch.rpm安装Zabbix部署包使用Mysql数据库安装Zabbix server、WEB前端和代理[root@zabbix-srv ~]# yum install zabbix-server-mysqlzabbix-web-mysql zabbix-agent创建数据库[root@zabbix-srv /]# systemctl start mariadb[root@zabbix-srv /]# systemctl enable mariadbCreated symlink from/etc/systemd/system/multi-user.target.wants/mariadb.service to/usr/lib/systemd/system/mariadb.service.[root@zabbix-srv /]# mysql -uroot -pEnter password: #空密码MariaDB [(none)]> create database zabbix character set utf8 collate utf8_bin;MariaDB [(none)]> grant all privileges on zabbix.* tozabbix@localhost identified by ‘zabbix‘;MariaDB [(none)]> flush privileges;MariaDB [(none)]> quit导入初始架构和数据。
如何在虚拟机上安装centos7.4系统—靠谱的centos7.4系统安装教程前几天给大家分享了在虚拟机上安装Centos6.7系统的教程,感兴趣的童鞋们可以点击进去查看。
今天小编给大家分享在虚拟机上安装Centos7.4系统的教程。
虽然都是安装Centos系统,但是因为版本不同的原因,在安装的过程中还是存在部分不一样的地方。
1、打开虚拟机电源,然后点击上方的光盘小标志,选择连接到本地磁盘上的ISO映像,之后选择Centos7.4版本的ISO映像文件即可。
在虚拟机系统中按下enter键,稍等片刻,待系统自动进入下图的界面。
选择第一项,Install Centos Linux7,之后按下enter键。
2、下图是系统的加载页面,不用理会,等待即可。
3、加载完之后进入下面的图形界面,第一步选择语言。
仍然是选择英语English,默认即可,点击continue继续。
4、在这一步选择Installation Destination。
5、进入Installation Destination界面,往下拉,选择I will configure partitioning。
意思是手动进行分区。
在这里我们看到的20 GiB,在之前创建虚拟机的时候就设置了的。
具体的操作流程可以参考这篇文章:在vSphere Client上如何创建虚拟机。
当然,这个磁盘的大小在后期如果有需要还是可以进行扩容的,扩容方法将在后期呈上。
6、在MANUAL PARTITIONING界面中我们可以看到可用的空间是20 GiB。
接下来在partitioning scheme中选择standard Partiton (标准分区),然后点击下方的+号。
7、首先Mount Point选择/swap,和Centos6.7版本一样,分配2048MB即可。
系统默认的单位是MB,所以直接输入2048即可,然后点击Add mount point。
8、设置完swap之后在SYSTEM栏目下有显示,可以看到可用空间还剩下18 GiB,之后再次点击+号。
全新安装Centos7.4操作系统服务器raid配置、服务器开机看到此界”键配置配可以识盘的”键,新拟由物理raid”建按回车键”选择区域。
按“空格”键选择要创硬可以剩余最备,创建。
、直接“回车”已经配我们后置、选择已经创按”键,添加热将最后未使加选择已经硬raid5”退选择保存所已经”安装Centos7.4操作系统系统安装配置、将系统安装务重启按”进入服务、服务器引导启、在启动项引选择光盘进入系统intall、选择要安装择、修改要安装、时区选择为、安装配置。
可以选择是界完成图像选设置硬盘分区自定义硬盘自定义硬盘此处可以选硬建自动创建应用自动手动创建选择创建跟分创建数据将剩余空到创建分区后,选择完成。
应用已经开始安装操作系统开始安装操root设置用户密系统正在安完成安装配置系统以及安需要重未安装图像输入用户登安装图像做最后的配置。
接受协议。
配语设置键盘隐私设置时时区设置为、选择“跳、创建一个设置新创建用户的密码。
配动窗、已经进入到图像界面。
系统已经安装完成。
VMware安装Centos7超详细过程1、安装VMware软件:推荐使⽤VMwear,我⽤的是VMwear 12这⾥也放上百度云盘下载地址:2、新建⼀个虚拟机3、引⽤安装包4、启动新建的虚拟机5、安装CentOS7的步骤选择安装过程中使⽤的语⾔,这⾥选择英⽂、键盘选择美式键盘。
点击Continue⾸先设置时间选择需要安装的软件,默认最⼩安装,不装可视化的选择安装位置,在这⾥可以进⾏磁盘划分。
如下图所⽰,点击加号,选择/boot,给boot分区分200M。
最后点击Add然后以同样的办法给其他三个区分配好空间后点击Done然后会弹出摘要信息,点击AcceptChanges(接受更改)设置主机名与⽹卡信息⾸先要打开⽹卡,然后查看是否能获取到IP地址(我这⾥是桥接),再更改主机名后点击Done。
最后选择Begin Installation(开始安装)设置root密码和创建管理员⽤户等待系统安装完毕重启系统即可以上就是本⽂的全部内容,希望对⼤家的学习有所帮助。
桥接模式⽹络配置1、配置ip地址等信息在/etc/sysconfig/network-scripts/ifcfg-ens33⽂件⾥做如下配置:命令:vi /etc/sysconfig/network-scripts/ifcfg-ens33修改如下:1 TYPE="Ethernet" # ⽹络类型为以太⽹2 BOOTPROTO="static" # ⼿动分配ip3 NAME="ens33" # ⽹卡设备名,设备名⼀定要跟⽂件名⼀致4 DEVICE="ens33" # ⽹卡设备名,设备名⼀定要跟⽂件名⼀致5 ONBOOT="yes" # 该⽹卡是否随⽹络服务启动6 IPADDR="192.168.220.101" # 该⽹卡ip地址就是你要配置的固定IP,如果你要⽤xshell等⼯具连接,220这个⽹段最好和你⾃⼰的电脑⽹段⼀致,否则有可能⽤xshell连接失败7 GATEWAY="192.168.220.2" # ⽹关8 NETMASK="255.255.255.0" # ⼦⽹掩码9 DNS1="8.8.8.8" # DNS,8.8.8.8为Google提供的免费DNS服务器的IP地址2、配置⽹络⼯作(在/etc/sysconfig/network⽂件⾥增加如下配置)命令:vi /etc/sysconfig/network修改:NETWORKING=yes # ⽹络是否⼯作,此处⼀定不能为no3、配置公共DNS服务(可选)在/etc/resolv.conf⽂件⾥增加如下配置命令:nameserver 8.8.8.8修改:NETWORKING=yes # ⽹络是否⼯作,此处⼀定不能为no4、关闭防⽕墙systemctl stop firewalld # 临时关闭防⽕墙systemctl disable firewalld # 禁⽌开机启动5、重启⽹络服务service network restart。
Linux CentOS7.4下安装Oracle 11gR2安装环境:系统:CentOS7.4 4核4G 磁盘50GOracle软件版本:linux.x64_11gR2_database_1of2.ziplinux.x64_11gR2_database_2of2.zip一、下载Oracle官方下载官网下载需要登陆Oracle账号,没有的可以注册一个。
二、关闭安全措施1.关闭防火墙:systemctl stop firewalld(由于是测试环境,为了方便,将防火墙关闭。
但是,在正式的生产环境,千万不要这样做。
)当然我们也可以不关闭防火墙,只需要开放1521端口(oracle默认是1521端口,如果你修改为其它的端口了,这里就要开放对应的端口)firewall-cmd --zone=public --add-port=1521/tcp --permanent //放开1521端口firewall-cmd --reload //在不改变状态的条件下重新加载防火墙配置文件其他常用命令:查看防火墙的状态:systemctl status firewalld启动防火墙服务:systemctl start firewalld禁用防火墙:systemctl disable firewalld重载配置文件:firewall-cmd --reload查看已经开放的端口:firewall-cmd --list-ports2.关闭selinux(需重启生效)selinux提供了很多Linux的系统安全措施,演示系统中,将其关闭,方便操作。
需要注意的是,在正式生产环境下,千万不要这样做。
执行命令getenforce(或者sestatus -v)查看selinux的状态,初始安装的CentOS7是打开状态。
vim /etc/selinux/config,修改SELINUX的值为disabled修改了之后需要重启服务器,selinux才能生效(这一步非常重要),重启后可以通过getenforce(或者sestatus -v)命令来查看,值一定要disabled才行。
详细步骤安装CentOS7系统目录目录 (I)第一章安装前准备 (1)1.1制作U盘启动盘 (1)第二章安装系统 (2)2.1安装CentOS7系统 (2)2.2网络配置 (19)2.3关闭防火墙 (23)2.4设置网卡开机启动 (23)第一章安装前准备1.1制作U盘启动盘CentOS7系统镜像下载,如:CentOS-7-x86_64-DVD-1611.iso 使用UltraISO工具将CentOS7的ISO镜像写入安装U盘。
1、如上图,打开UltraISO软件2、选择菜单“文件->打开”打开CentOS7的ISO镜像。
3、选择菜单“启用->写入硬盘映像”,单击写入,直到写入完成。
第二章安装系统2.1安装CentOS7系统在服务器上插入U盘启动盘后,设置操作系统为U盘启动(步骤略),开机后自动跳转到CentOS 系统安装界面,按以下步骤操作:第一步:CentOS7安装欢迎界面。
显示上图安装欢迎界面,直接按键盘“Enter”键进入到下一个页面。
第二步:如上图,按任意键继续。
第三步:见上图,自检加载系统文件。
第四步:见上图,选择安装语言,此处选择“中文”->“简体中文(中国)”,单击“继续”。
第五步:如上图,单击“软件选择(S)”。
第六步:见上图,选择基本环境为“带GUI的服务器”,单击“完成(N)”。
第七步:如上图,软件选择中显示“带GUI的服务器”。
第八步:如上图,单击“安装位置(D)”。
操作系统磁盘500GB数据盘(RAID5)55TB第九步:选择“我要配置分区(I)”,单击“完成(D)”,如上图。
进入磁盘配置界面,可以看到硬盘驱动器中当前的硬盘,现场安装时需按下表情况来配置。
第十步:如上图,操作“+”,添加分区。
第十一步::如上图,创建swap分区。
期望容量;8192MB为swap分区大小设备类型;统一选择标准分区文件系统;swap设备:注意这里为sda第十二步:如上图,创建系统盘,创建后与上图保持一致。
,注意,生成的证书有密码一、基本安装安装openvpnyum install openvpn安装open-rsaunzip master.zip没有zip命令的用yum install zip unzip将解压得到的文件夹easy-rsa-master重命名为easy-rsamv easy-rsa-master/ easy-rsa/然后将的到的easy-ras文件夹复制到/etc/openvpn/目录下cp -R easy-rsa/ /etc/openvpn/二、开始配置easyrsa3编辑vars文件A:先进入/etc/openvpn/easy-rsa/easyrsa3目录cd /etc/openvpn/easy-rsa/easyrsa3/B:复制vars.example 为varscp vars.example varsC:修改下面字段,命令:vi vars,然后修改,最后wq保存set_var EASYRSA_REQ_COUNTRY “CN” //根据自己情况更改set_var EASYRSA_REQ_PROVINCE “SH” //省份set_v ar EASYRSA_REQ_CITY “Shanghai” //城市set_var EASYRSA_REQ_ORG “DMSD Certificate” //自己起个名字set_varset_var EASYRSA_REQ_OU “Dynamic Times”创建证书服务端证书和keyA:进入/etc/openvpn/easy-rsa/easyrsa3/目录初始化:./easyrsa init-pkiB:创建根证书./easyrsa build-ca如下:注意这一步需要输入PEM密码PEM pass phrase,输入两次。
这个密码是自己创建的,一定要记住!然后还需要起个名字,common name 通用名,自己起个不重名的就可以。
C:创建服务器端证书./easyrsa gen-req server nopass这一步需要输入server的common name,也是自己起一个不重名的就可以,如下:D:签约服务端证书:./easyrsa sign server server注意这一步需要输入之前让你记住的密码,如下:E:创建Diffie-Hellman,确保key穿越不安全网络的命令:./easyrsa gen-dh这一步就是等的时间稍微长一点,其他没啥特别的,如下:创建客户端证书及keyA:进入root目录新建client文件夹,文件夹可随意命名,然后拷贝前面解压得到的easy-ras文件夹到client文件夹,进入下列目录cd /root/ //进入rootmkdir client //新建一个client文件夹cp -R easy-rsa/ client/ //把easy-rsa 拷贝到client下cd client/easy-rsa/easyrsa3/ //进入这个文件夹B:初始化./easyrsa init-pkiC:创建客户端key及生成证书(这里也要输入密码,这个密码是之后客户端要用的,所以不要和之前的重复了。
Centos7.4安装配置haproxy和Keepalived补充内容补充⽐较杂1、当master服务恢复正常之后,backup机器收到消息,然后让出vip下⾯是master机器服务恢复正常后,backup机器的Keepalived⽇志收到master的消息通知,对⽅优先级是150,⾃⼰的是100,然后进⼊backup状态,移除vip1 2 3 4 5 6Apr 12 19:10:28 data-1-2 Keepalived_vrrp[13309]: Sending gratuitous ARP on eth0 for10.0.1.63Apr 12 19:10:28 data-1-2 Keepalived_vrrp[13309]: Sending gratuitous ARP on eth0 for10.0.1.63Apr 12 19:10:28 data-1-2 Keepalived_vrrp[13309]: Sending gratuitous ARP on eth0 for10.0.1.63Apr 13 10:40:14 data-1-2 Keepalived_vrrp[13309]: VRRP_Instance(VI_1) Received advert with higher priority 150, ours 100 Apr 13 10:40:14 data-1-2 Keepalived_vrrp[13309]: VRRP_Instance(VI_1) Entering BACKUP STATEApr 13 10:40:14 data-1-2 Keepalived_vrrp[13309]: VRRP_Instance(VI_1) removing protocol VIPs.2、启动Keepalived服务,可以看到3个进程1 2 3 4 5 6 7[root@data-1-1 ~]# ps -ef |grep keeproot 6592 1 0 Apr12 ? 00:00:01 /application/keepalived-1.3.5/sbin/keepalived-D -d -S 0 root 6593 6592 0 Apr12 ? 00:00:01 /application/keepalived-1.3.5/sbin/keepalived-D -d -S 0 root 6594 6592 0 Apr12 ? 00:00:13 /application/keepalived-1.3.5/sbin/keepalived-D -d -S 0 root 6664 6020 0 Apr12 pts/200:00:01 tail-F /var/log/keepalived.logroot 19467 5979 0 10:45 pts/100:00:00 grep--colour=auto keep[root@data-1-1 ~]#3、cat追加内容和覆盖内容,以及内容含有$变量符号的处理⽅式(1)覆盖⽅式11 2 3 4 5 6 7#!/bin/bashcat<< EOF > /root/test.txt Hello!My site is My site is Test for cat and EOF! EOF ⽅式2我喜欢这种1 2 3 4 5 6 7#!/bin/bashcat> /root/test.txt <<EOF Hello!My site is My site is Test for cat and EOF! EOF(2)追加覆盖的写法基本和追加⼀样,不同的是单重定向号变成双重定向号⽅式11 2 3 4 5 6 7#!/bin/bashcat<< EOF >> /root/test.txt Hello!My site is My site is Test for cat and EOF! EOF7⽅式21 2 3 4 5 6 7#!/bin/bashcat>> /root/test.txt <<EOF Hello!My site is My site is Test for cat and EOF! EOF需要注意的是,不论是覆盖还是追加,在涉及到变量操作时是需要进⾏转义的,例如: 1 2 3 4 5 6 7 8 9#!/bin/bashcat<<EOF>> /root/a.txtPATH=\$PATH:\$HOME/binexport ORACLE_BASE=/u01/app/oracleexport ORACLE_HOME=\$ORACLE_BASE/10.2.0/db_1 export ORACLE_SID=yqptexport PATH=\$PATH:\$ORACLE_HOME/binexport NLS_LANG="AMERICAN_AMERICA.AL32UTF8" EOF4、正常安装之后的Keepalived服务启动⽇志可以看到启动读取的配置⽂件和根据配置⽂件打印的详细信息有些配置不在配置⽂件中写,它会⾃动按照默认配置补充上去配置⽂件是单播的启动⽇志下⾯可以看到已经涉及单播了 VRRP check unicast_src = falsevrrp_check_unicast_src:在单播模式中,开启对VRRP数据包的源地址做检查,源地址必须是单播邻居之⼀12345678910111213 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6453]: StoppedApr 12 16:27:12 data-1-2 Keepalived[6451]: Stopped Keepalived v1.3.5 (03/19,2017), git commit v1.3.5-6-g6fa32f2Apr 12 16:27:12 data-1-2 Keepalived[6602]: Starting Keepalived v1.3.5 (03/19,2017), git commit v1.3.5-6-g6fa32f2Apr 12 16:27:12 data-1-2 Keepalived[6602]: Unable to resolve default script username 'keepalived_script'- ignoringApr 12 16:27:12 data-1-2 Keepalived[6602]: Opening file'/etc/keepalived/keepalived.conf'.Apr 12 16:27:12 data-1-2 Keepalived[6603]: Starting Healthcheck child process, pid=6604Apr 12 16:27:12 data-1-2 Keepalived_healthcheckers[6604]: Initializing ipvsApr 12 16:27:12 data-1-2 Keepalived[6603]: Starting VRRP child process, pid=6605Apr 12 16:27:12 data-1-2 Keepalived_healthcheckers[6604]: Opening file'/etc/keepalived/keepalived.conf'.Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Registering Kernel netlink reflectorApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Registering Kernel netlink command channelApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Registering gratuitous ARP shared channelApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Opening file'/etc/keepalived/keepalived.conf'.Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: VRRP_Instance(VI_1) removing protocol VIPs.Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: WARNING - script `killall` resolved by path search to `/usr/bin/killall`. Please specify full path. Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: SECURITY VIOLATION - scripts are being executed but script_security not enabled.Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: ------< Global definitions >------Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Router ID = Haproxy_2Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Smtp server = 127.0.0.128 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Smtp server = 127.0.0.1Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Smtp server port = 25Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Smtp HELO name = data-1-2Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Smtp server connection timeout = 3Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Email notification from = Haproxy_KeepAlived@ Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Email notification = 525031638@Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Default interface = eth0Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: LVS flush = falseApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: VRRP IPv4 mcast group = 224.0.0.18Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: VRRP IPv6 mcast group = ff02::12Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Gratuitous ARP delay = 5Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Gratuitous ARP repeat = 5Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Gratuitous ARP refresh timer = 0Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Gratuitous ARP refresh repeat = 1Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Gratuitous ARP lower priority delay = 5Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Gratuitous ARP lower priority repeat = 5Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Send advert after receive lower priority advert = trueApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Send advert after receive higher priority advert = falseApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Gratuitous ARP interval = 0Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Gratuitous NA interval = 0Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: VRRP default protocol version = 2Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Iptables input chain = INPUTApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: VRRP check unicast_src = falseApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: VRRP skip check advert addresses = falseApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: VRRP strict mode = falseApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: VRRP process priority = 0Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: VRRP don't swap = falseApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Checker process priority = 0Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Checker don't swap = falseApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Network namespace = (default)Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Script security disabledApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Default script uid:gid 0:0Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: ------< VRRP Topology >------Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: VRRP Instance = VI_1Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Using VRRPv2Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Want State = BACKUPApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Running on device = eth0Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Skip checking advert IP addresses = noApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Enforcing strict VRRP compliance = noApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Using src_ip = 10.0.1.62Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Gratuitous ARP delay = 5Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Gratuitous ARP repeat = 5Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Gratuitous ARP refresh timer = 0Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Gratuitous ARP refresh repeat = 1Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Gratuitous ARP lower priority delay = 5Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Gratuitous ARP lower priority repeat = 5Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Send advert after receive lower priority advert = trueApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Send advert after receive higher priority advert = falseApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Virtual Router ID = 80Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Priority = 100Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Advert interval = 5 secApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Accept enabledApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Promote_secondaries disabledApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Authentication type= SIMPLE_PASSWORDApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Password = ha_keepApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Tracked scripts = 1Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: chk_haproxy weight 0Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Unicast Peer = 1Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: 10.0.1.61Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Virtual IP = 1Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: 10.0.1.63/24dev eth0 scope globalApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: ------< VRRP Scripts >------Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: VRRP Script = chk_haproxyApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Command = /usr/bin/killall-0 haproxyApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Interval = 3 secApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Timeout = 0 secApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Weight = 0Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Rise = 1Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Fall = 1Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Insecure = noApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Status = INITApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: ------< NIC >------Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Name = eth0Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: index = 2Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: IPv4 address = 10.0.1.62Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: IPv6 address = ::Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: MAC = 00:50:56:9d:50:d7Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: is UPApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: is RUNNINGApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: MTU = 1500Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: HW Type = ETHERNETApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: Using LinkWatch kernel netlink reflector...Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: VRRP_Instance(VI_1) Entering BACKUP STATEApr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: VRRP sockpool: [ifindex(2), proto(112), unicast(1), fd(10,11)]96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: VRRP sockpool: [ifindex(2), proto(112), unicast(1), fd(10,11)]Apr 12 16:27:12 data-1-2 Keepalived_vrrp[6605]: VRRP_Script(chk_haproxy) succeededApr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: ------< Global definitions >------Apr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: Router ID = Haproxy_2Apr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: Smtp server = 127.0.0.1Apr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: Smtp server port = 25Apr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: Smtp HELO name = data-1-2Apr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: Smtp server connection timeout = 3Apr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: Email notification from = Haproxy_KeepAlived@ Apr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: Email notification = 525031638@Apr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: Default interface = eth0Apr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: LVS flush = falseApr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: VRRP IPv4 mcast group = 224.0.0.18Apr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: VRRP IPv6 mcast group = ff02::12Apr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: Gratuitous ARP delay = 5Apr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: Gratuitous ARP repeat = 5Apr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: Gratuitous ARP refresh timer = 0Apr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: Gratuitous ARP refresh repeat = 1Apr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: Gratuitous ARP lower priority delay = 4294Apr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: Gratuitous ARP lower priority repeat = -1Apr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: Send advert after receive lower priority advert = true Apr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: Send advert after receive higher priority advert = false Apr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: Gratuitous ARP interval = 0Apr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: Gratuitous NA interval = 0Apr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: VRRP default protocol version = 2Apr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: Iptables input chain = INPUTApr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: VRRP check unicast_src = falseApr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: VRRP skip check advert addresses = falseApr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: VRRP strict mode = falseApr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: VRRP process priority = 0Apr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: VRRP don't swap = falseApr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: Checker process priority = 0Apr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: Checker don't swap = falseApr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: Network namespace = (default)Apr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: Script security disabledApr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: Default script uid:gid 0:0Apr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: ------< SSL definitions >------Apr 12 16:27:13 data-1-2 Keepalived_healthcheckers[6604]: Using autogen SSL context5、配置单播和组播通信区别配置两个节点之间为单播⽅式,backup收到的数据包是下⾯形式1 2 3 4 5 6 7 8 9 10 11 12 13[root@data-1-2 keepalived]# tcpdump -vvv -i any host 10.0.1.61tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes13:11:21.084843 IP (tos 0xc0, ttl 255, id3, offset 0, flags [none], proto VRRP (112), length 40)10.0.1.61 > data-1-2: vrrp 10.0.1.61 > data-1-2: VRRPv2, Advertisement, vrid 80, prio 150, authtype simple, intvl 5s, length 20, addrs: 10.0.1.63 auth "ha_keep^@" 13:11:26.085600 IP (tos 0xc0, ttl 255, id4, offset 0, flags [none], proto VRRP (112), length 40)10.0.1.61 > data-1-2: vrrp 10.0.1.61 > data-1-2: VRRPv2, Advertisement, vrid 80, prio 150, authtype simple, intvl 5s, length 20, addrs: 10.0.1.63 auth "ha_keep^@" 13:11:31.086772 IP (tos 0xc0, ttl 255, id5, offset 0, flags [none], proto VRRP (112), length 40)10.0.1.61 > data-1-2: vrrp 10.0.1.61 > data-1-2: VRRPv2, Advertisement, vrid 80, prio 150, authtype simple, intvl 5s, length 20, addrs: 10.0.1.63 auth "ha_keep^@" ^C3 packets captured3 packets received by filter0 packets dropped by kernel[root@data-1-2 keepalived]#配置两个节点为组播,backup机器收到的数据包是下⾯形式可以看到是1 2 3 4 5 6 7 8 9 10 11 12 13[root@data-1-2 keepalived]# tcpdump -vvv -i any host 10.0.1.61tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes13:08:15.571761 IP (tos 0xc0, ttl 255, id1455, offset 0, flags [none], proto VRRP (112), length 40)10.0.1.61 > : vrrp 10.0.1.61 > : VRRPv2, Advertisement, vrid 80, prio 150, authtype simple, intvl 5s, length 20, addrs: 10.0.1.63 auth "ha_keep^@"13:08:20.572496 IP (tos 0xc0, ttl 255, id1456, offset 0, flags [none], proto VRRP (112), length 40)10.0.1.61 > : vrrp 10.0.1.61 > : VRRPv2, Advertisement, vrid 80, prio 150, authtype simple, intvl 5s, length 20, addrs: 10.0.1.63 auth "ha_keep^@"13:08:25.573351 IP (tos 0xc0, ttl 255, id1457, offset 0, flags [none], proto VRRP (112), length 40)10.0.1.61 > : vrrp 10.0.1.61 > : VRRPv2, Advertisement, vrid 80, prio 150, authtype simple, intvl 5s, length 20, addrs: 10.0.1.63 auth "ha_keep^@"^C3 packets captured3 packets received by filter0 packets dropped by kernel[root@data-1-2 keepalived]#6、查看Keepalived编译参数⼤部分⽤不到123456789 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46[root@data-1-1 tools]# tar xfz keepalived-1.3.5.tar.gz[root@data-1-1 tools]# cd keepalived-1.3.5[root@data-1-1 keepalived-1.3.5]# ./configure --help`configure' configures Keepalived 1.3.5 to adapt to many kinds of systems. Usage: ./configure[OPTION]... [VAR=VALUE]...To assign environment variables (e.g., CC, CFLAGS...), specify them as VAR=VALUE. See below for descriptions of some of the useful variables. Defaults for the options are specified in brackets.Configuration:-h, --help display this help and exit--help=short display options specific to this package--help=recursive display the short help of all the included packages -V, --version display version information and exit-q, --quiet, --silent do not print `checking ...' messages--cache-file=FILE cache test results in FILE [disabled]-C, --config-cache alias for`--cache-file=config.cache'-n, --no-create do not create output files--srcdir=DIR find the sources in DIR [configure dir or `..'] Installation directories:--prefix=PREFIX install architecture-independent files in PREFIX[/usr/local]--exec-prefix=EPREFIX install architecture-dependent files in EPREFIX [PREFIX]By default, `make install' will install all the files in`/usr/local/bin', `/usr/local/lib'etc. You can specifyan installation prefix other than `/usr/local' using `--prefix',for instance `--prefix=$HOME'.For better control, use the options below.Fine tuning of the installation directories:--bindir=DIR user executables [EPREFIX/bin]--sbindir=DIR system admin executables [EPREFIX/sbin]--libexecdir=DIR program executables [EPREFIX/libexec]--sysconfdir=DIR read-only single-machine data [PREFIX/etc]47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]--localstatedir=DIR modifiable single-machine data [PREFIX/var]--runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run]--libdir=DIR object code libraries [EPREFIX/lib]--includedir=DIR C header files [PREFIX/include]--oldincludedir=DIR C header files for non-gcc[/usr/include]--datarootdir=DIR read-only arch.-independent data root [PREFIX/share]--datadir=DIR read-only architecture-independent data [DATAROOTDIR]--infodir=DIR info documentation [DATAROOTDIR/info]--localedir=DIR locale-dependent data [DATAROOTDIR/locale]--mandir=DIR man documentation [DATAROOTDIR/man]--docdir=DIR documentation root [DATAROOTDIR/doc/keepalived]--htmldir=DIR html documentation [DOCDIR]--dvidir=DIR dvi documentation [DOCDIR]--pdfdir=DIR pdf documentation [DOCDIR]--psdir=DIR ps documentation [DOCDIR]Program names:--program-prefix=PREFIX prepend PREFIX to installed program names--program-suffix=SUFFIX append SUFFIX to installed program names--program-transform-name=PROGRAM run sed PROGRAM on installed program names Optional Features:--disable-option-checking ignore unrecognized --enable/--with options--disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no)--enable-FEATURE[=ARG] include FEATURE [ARG=yes]--enable-silent-rules less verbose build output (undo: "make V=1")--disable-silent-rules verbose build output (undo: "make V=0")--disable-lvs-syncd do not use LVS synchronization daemon--disable-lvs do not use the LVS framework--disable-lvs-64bit-statsdo not use the LVS 64-bit stats--disable-vrrp do not use the VRRP framework--disable-fwmark compile without SO_MARK support--enable-snmp compile with SNMP support--enable-snmp-vrrp compile with SNMP vrrp support--enable-snmp-keepalivedobsolete - use --enable-snmp-vrrp--enable-snmp-checker compile with SNMP checker support--enable-snmp-rfc compile with SNMP RFC2787 (VRRPv2) and SNMP RFC6527(VRRPv3) support--enable-snmp-rfcv2 compile with SNMP RFC2787 (VRRPv2) support--enable-snmp-rfcv3 compile with SNMP RFC6257 (VRRPv3) support--disable-snmp-reply-v3-for-v2disable RFC6257 responses for VRRPv2 instances--enable-dbus compile with dbus support--enable-dbus-create-instancecompile with dbus support for creating instances--enable-sha1 compile with SHA1 support--disable-vrrp-auth compile without VRRP authentication--disable-routes compile without ip rules/routes--enable-dynamic-linkingcompile with/without dynamically linkedlibiptc/libipset--enable-libiptc-dynamiccompile with libiptc dynamically linked--disable-libipset-dynamiccompile with libipset statically linked--enable-libxtables-dynamiccompile with libxtables dynamically linked--enable-libnl-dynamic compile with libnl dynamically linked--disable-libiptc compile without libiptc--disable-libipset compile without libipset--disable-libnl compile without libnl--enable-mem-check compile with memory alloc checking--enable-mem-check-log compile with memory alloc checking wriging to syslog--enable-debug compile with debugging flags--enable-stacktrace compile with stacktrace support--enable-profile compile with profiling flags--enable-conversion-checkscompile with conversion warnings if sensible--enable-force-conversion-checkscompile with conversion warnings--enable-Werror compile with warnings being errors--enable-dependency-trackingdo not reject slow dependency extractors--disable-dependency-trackingspeeds up one-time build115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150Optional Packages:--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]--without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) --with-kernel-dir=DIR path to linux kernel source directory--with-init=(upstart|systemd|SYSV|SUSE|openrc)specify init type--with-systemdsystemunitdir=DIRDirectory for systemd service filesSome influential environment variables:PKG_CONFIG path to pkg-config utilityPKG_CONFIG_PATHdirectories to add to pkg-config's search pathPKG_CONFIG_LIBDIRpath overriding pkg-config's built-in search pathCC C compiler commandCFLAGS C compiler flagsLDFLAGS linker flags, e.g. -L<lib dir> if you have libraries in anonstandard directory <lib dir>LIBS libraries to pass to the linker, e.g. -l<library>CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I<include dir> ifyou have headers in a nonstandard directory <include dir>CPP C preprocessorUse these variables to override the choices made by `configure' or to helpit to find libraries and programs with nonstandard names/locations.Report bugs to <keepalived-devel@>.Keepalived home page: </>.[root@data-1-1 keepalived-1.3.5]#7、Keepalived修改⽇志⽂件输出路径keepalived默认输出的⽇志在/var/log/messages这⾥修改,让它输出到/var/log/keepalived.log编译安装的1.3.5版本看到启动脚本默认读取的是/application/keepalived-1.3.5/etc/sysconfig/keepalived这个⽂件但是别的⼀些默认读取的是/etc/sysconfig/keepalived都改了最下⾯添加⼀⾏-S指定⼀个syslog设备接收,0表⽰local0设备-D是详细⽇志-d是dump配置⽂件内容到⽇志中1 2sed-i s#'KEEPALIVED_OPTIONS="-D"'#'KEEPALIVED_OPTIONS="-D -d -S 0"'#g /etc/sysconfig/keepalived /bin/cp/application/keepalived/etc/sysconfig/keepalived/etc/sysconfig/配置完毕后需要在syslog.conf⽂件⾥添加⼀⾏,如下上⾯配置⽂件表⽰syslog让local0接收,local0接收后往后⾯的/var/log/keepalived.log⾥⾯接收.* 表⽰所有状态都打1 2 3 4 5cat>> /etc/rsyslog.conf << EOF#keepalivedlocal0.* /var/log/keepalived.log EOF67 8 9 10[root@data-1-1 keepalived]# tail -2 /etc/rsyslog.conf #keepalivedlocal0.* /var/log/keepalived.log[root@data-1-1 keepalived]#重启rsyslog服务1 2[root@data-1-1 keepalived]# systemctl restart rsyslog [root@data-1-1 keepalived]#8、安装⼀些⼯具安装tcpdump,它是个抓包⼯具,有时候会⽤到安装psmisc包,安装之后多了 fuser, killall,pstree等命令,Keepalived的配置⽂件中健康检查能⽤到它1 2yum install tcpdump -y yum install psmisc -y9、为同⼀个虚拟IP服务的实例,虚拟路由id必须⼀致同⼀集群的keepalived的主、备机的virtual_router_id 必须相同,取值0-255但是同⼀内⽹中不应有相同virtual_router_id的集群10、多实例的Keepalived配置⽂件参考这样两个机器都在⼯作,不⾄于类似单实例有资源浪费的情况机器1的Keepalived配置VI_1是master,VI_2是backup12345 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28! Configuration File for keepalivedglobal_defs {notification_email {12345@}notification_email_from Alexandre.Cassen@firewall.loc smtp_server 10.0.0.1smtp_connect_timeout 30router_id LVS_1}vrrp_instance VI_1 {state MASTERinterface eth0virtual_router_id 51priority 150advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {10.0.0.136/2410.0.0.137/2410.0.0.138/24}}29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44vrrp_instance VI_2 { state BACKUPinterface eth0virtual_router_id 52 priority 50advert_int 1authentication {auth_type PASS auth_pass 1111 }virtual_ipaddress { 10.0.0.140/24 10.0.0.141/24 }}机器2的Keepalived配置VI_1是backup,VI_2是master 12345 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44! Configuration File for keepalivedglobal_defs {notification_email {12345@}notification_email_from Alexandre.Cassen@firewall.loc smtp_server 10.0.0.1smtp_connect_timeout 30router_id LVS_2}vrrp_instance VI_1 {state BACKUPinterface eth0virtual_router_id 51priority 100advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {10.0.0.136/2410.0.0.137/2410.0.0.138/24}}vrrp_instance VI_2 {state MASTERinterface eth0virtual_router_id 52priority 150advert_int 1authentication {auth_type PASSauth_pass 1111}virtual_ipaddress {10.0.0.140/2410.0.0.141/24}}11、编译Keepalived中出现如下warning不⽤理会系统出现警告信息“*** WARNING - this build will not support IPVS with IPv6. Please install libnl/libnl-3 dev libraries to support IPv6 with IPVS.”,具体⽇志如下1234 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35Keepalived configuration------------------------Keepalived version : 1.3.5Compiler : gccPreprocessor flags :Compiler flags : -Wall -Wunused -Wstrict-prototypes -Wextra -g -O2Linker flags :Extra Lib : -lcrypto -lsslUse IPVS Framework : YesIPVS use libnl : NoIPVS syncd attributes : NoIPVS 64 bit stats : Nofwmark socket support : YesUse VRRP Framework : YesUse VRRP VMAC : YesUse VRRP authentication : YesWith ip rules/routes: YesSNMP vrrp support : NoSNMP checker support : NoSNMP RFCv2 support : NoSNMP RFCv3 support : NoDBUS support : NoSHA1 support : NoUse Debug flags : NoStacktrace support : NoMemory alloc check : Nolibnl version : NoneUse IPv4 devconf : NoUse libiptc : NoUse libipset : Noinit type: upstartBuild genhash : YesBuild documentation : No*** WARNING - this build will not support IPVS with IPv6. Please install libnl/libnl-3dev libraries to support IPv6 with IPVS.很多⼈通过安装下⾯依赖解决它,我觉得没必要,因为压根⽤不到ipv6的东西解决⽅案⼀:(在线安装)执⾏yum命令yum -y install libnl libnl-devel解决上述警告问题执⾏yum命令yum install -y libnfnetlink-devel解决上述错误问题12、阿⾥云下载镜像得路径注意下,是isos。
CentOS 7.4安装Redis 4.0.9集群介绍●Redis从3.0板本开始支持集群(我们使用Redis 4.0.9)●集群几点数量至少6个才能保证组成完整高可用的集群测试环境我们使用3台虚拟机模拟6个节点,使用端口区分,每台虚拟机2个节点Redis默认端口6379,这里为了方便,所以使用7001-7006来进行区分安装步骤环境准备下面的配置,每台机器都要做修改主机名[root@localhost ~]# vim /etc/hostname配置yum源我们使用网易的yum源,速度快root@redis1 ~]# cd /etc/yum.repos.d/[root@redis1 yum.repos.d]# mkdir old[root@redis1 yum.repos.d]# mv CentOS-* old/[root@redis1 yum.repos.d]# wget /.help/CentOS6-Base-163.repo [root@redis1 yum.repos.d]# mv CentOS6-Base-163.repo CentOS7-Base-163.repo [root@redis1 yum.repos.d]# vim CentOS7-Base-163.repo把里面的所有baseurl属性值的$releasever为对应的OS主版本号(5,6,7)改成下图清理yum[root@redis1 yum.repos.d]# yum clean all[root@redis1 yum.repos.d]# yum makecache关闭SElinux[root@redis1 yum.repos.d]# vim /etc/selinux/config[root@redis1 yum.repos.d]# setenforce 0[root@redis1 yum.repos.d]# getenforce升级yum都升级下到最新[root@redis1 yum.repos.d]# yum update正式安装安装编译环境[root@redis1 yum.repos.d]# yum -y install gcc gcc-c++ libstdc++-devel zlib-devel 安装Redis[root@redis3 yum.repos.d]# cd /usr/local/[root@redis3 local]# wget http://download.redis.io/releases/redis-4.0.9.tar.gz [root@redis3 local]# tar zxvf redis-4.0.9.tar.gz改下文件名[root@redis3 local]# mv redis-4.0.9 redis[root@redis3 local]# rm -rf redis-4.0.9.tar.gz进行编译[root@redis3 local]# cd redis/[root@redis3 redis]# make[root@redis3 redis]# make install进入/usr/local/bin可以看到下面几个东西。
CentOS7安装教程(步骤齐全)第⼀步:选择Install CentOS7来进⾏安装
第⼆步:选择安装语⾔,建议选择English,然后点击继续
第三步:依次进⾏ [软件选择]和[分区操作]
3.1、软件安装选择,刚开始建议选择GNOME桌⾯,环境附加选择GNOME应⽤程序、互联⽹应⽤程序、和开发⼯具
第四步:分区操作,也可以选择⾃动分区
4.1、⼿动分区操作
4.2、进⾏⼿动分区配置,点击[我要配置分区]后点击完成
4.3、进⼊⼿动配置分区界⾯
点击+ 新增⼀个分区;
挂载点选择swap交换分区(相当于Windwos中的虚拟内存),并设置容量为2G
然后点击挂载
点击+ 新增第⼆个分区;
挂载点选择 / 根⽬录(相当于Windwos中的C盘),并设置容量为18G
然后点击挂载
添加挂载点后
点击完成
第五步:开始安装系统
创建⼀个普通⽤户⽤来登录系统
创建root密码⽤来⾼级操作
点击ROOT密码,输⼊后点击完成(ROOT密码需要⼀定的密码强度否则不会通过)
创建登录⽤户(此⽤户⽤来登录系统所⽤)
完成后等待安装继续
重启后配置许可证和⽹络
点击同意此协议
点击完成
配置⽹络连接
⽹络的配置⽅式可以选择动态IP或者静态IP 我这⾥选择的是静态IP
IP地址⼀定要和上⽅路由处于同⼀⽹段
点击安装时创建的⽤户
系统安装完成,接下来就可以正式使⽤了。
Vmware虚拟机中centOS7安装图⽂教程本教程为⼤家分享了Vmware虚拟机中centOS7安装步骤,供⼤家参考,具体内容如下
1、安装VMware
下载⼀个软件安装:
2、新建⼀个虚拟机
3、引⽤安装包
4、启动新建的虚拟机
5、安装CentOS7的步骤
配置系统语⾔:
配置系统时间:
配置系统键盘:
配置键盘切换的快捷键:
配置键盘的多种:
语⾔⽀持:
默认⾃动使⽤安装源:
配置软件环境,需要及时添加的软件,这⾥我开启图形界⾯GUI:这⾥勾上,就默认启动图形界⾯。
配置安装⽬标位置:
选择配置分区点击完成就会进⼊⼿动分区页⾯:
配置kdump:
配置⽹络:查看VMware的默认路由(DNS)以及⽹关:在Window的cmd中输⼊:ipconfig -all
要是在mac系统中是输⼊:ifconfig 命令。
配置⽹络:
点击安装:
需要配置root密码,⽤户密码可以不配置.
再配置⼀个⽤户:
安装完毕后,重启.
6、简单的安装⽅式:
在配置全局哪⾥,只是配置系统时间,系统语⾔,和⽹络配置就⾏了(如果不配置就上不了⽹,以后需要在命令⾏配置),这样就可以了,可以不⽤⾃定义分区的配置(默认⾃动)。
这样只能是终端⽅式显⽰,没有图像界⾯,后⾯需要在添加,所有操作都是命令⾏形式。
以上就是本⽂的全部内容,希望对⼤家的学习有所帮助,也希望⼤家多多⽀持。
,easy-rsa3.0,并且共享网络,注意,生成的证书有密码一、基本安装安装openvpncd/etc/openvpn/easy-rsa/easyrsa3/B:复制vars.example为varscpvars.examplevarsC:修改下面字段,命令:vivars,然后修改,最后wq保存set_varEASYRSA_REQ_COUNTRY“CN”//根据自己情况更改set_varEASYRSA_REQ_PROVINCE“SH”//省份set_varEAS YRSA_REQ_CITY“Shanghai”//城市set_varEASYRSA_REQ_ORG“DMSDCertificate”//自己起个名字set_varEASYRSA_REQ_EMAILset_varEASYRSA_REQ_OU“DynamicTimes”创建证书服务端证书和key注意这一步需要输入之前让你记住的密码,如下:E:创建Diffie-Hellman,确保key穿越不安全网络的命令:./easyrsagen-dh这一步就是等的时间稍微长一点,其他没啥特别的,如下:创建客户端证书及keyA:进入root目录新建client文件夹,文件夹可随意命名,然后拷贝前面解压得到的easy-ras文件夹到client文件夹,进入下列目录cd/root///进入rootmkdirclient//新建一个client文件夹cp-Reasy-rsa/client///把easy-rsa拷贝到client下cdclient/easy-rsa/easyrsa3///进入这个文件夹B:初始化)拷贝文件到各自位置a.这一步就是拷贝这些文件放入到相应位置。
将下列文件放到/etc/openvpn/目录执行命令:cp/etc/openvpn/easy-rsa/easyrsa3/pki/ca.crt/etc/openvpncp/etc/openvpn/easy-rsa/easyrsa3/pki/private/server.key/etc/openvpncp/etc/openvpn/easy-rsa/easyrsa3/pki/issued/server.crt/etc/openvpncp/etc/openvpn/easy-rsa/easyrsa3/pki/dh.pem/etc/openvpn这样就将上述四个文件放入到了/etc/openvpn目录下b.这一步将下列文件放到/root/client目录下执行命令:cp/etc/openvpn/easy-rsa/easyrsa3/pki/ca.crt/root/clientcp/etc/openvpn/easy-rsa/easyrsa3/pki/issued/clientone.crt/root/clientcp/root/client/easy-rsa/easyrsa3/pki/private/clientone.key/root/client这样就将上述三个文件复制到了/root/client目录,包括:ca.crt、clientone.crt、clientone.keyserverifconfig-pool-persistipp.txtpush"redirect-gatewaydef1bypass-dhcp"push"dhcp-optionDNSpush"dhcp-optionDNSkeepalive10120cipherAES-256-CBC comp-lzomax-clients100 persist-key persist-tundevtunprotoudp remoteip端口resolv-retryinfinite nobindpersist-keypersist-tuncaca.crtcertclientone.crtkeyclientone.keycipherAES-256-CBCsystemctlstopfirewalld#关闭firewall防火墙,我的OS没有预装防火墙,因此这条命令不用输,systemctlstartiptables#启动iptablesiptables-F#清空默认的iptables规则iptables-tnat-APOSTROUTING-s-jMASQUERADE#设置iptablesNAT转发规则serviceiptablessave#保存防火墙规则echo1>/proc/sys/net/ipv4/ip_forward#临时开启路由转发vi/etc/sysctl.conf#编辑配置文件,修改以下配置,设置永久路由转发=1启动openvpnsystemctl-fenable#设置启动文件systemctlstart#启动openvpn的命令#注意,这里如果启动报错,说明你前面的server.conf配置文件有误,需要调试配置文件。
