全部博文(151)
分类: LINUX
2009-11-23 17:18:14
yum -y install heartbeat-ldirectord
yum -y install ipvsadm |
配置Ldirector
vi /etc/ha.d/ldirectord.cf设置如下内容,两台机器文件内容相同
checktimeout=3 checkinterval=1 autoreload=yes logfile="/var/log/ldirectord.log" logfile="local0" #emailalert="admin@x.y.z" #emailalertfreq=3600 #emailalertstatus=all quiescent=yes # Sample for an http virtual service virtual=192.168.211.135:3128 real=192.168.211.128:3128 gate real=192.168.211.130:3128 gate scheduler=rr #persistent=600 #netmask=255.255.255.255 protocol=tcp checktype=negotiate checkport=3128 |
配置heartbeat
logfile /var/log/ha-log logfacility local0 keepalive 2 deadtime 30 warntime 10 initdead 120 udpport 694 ucast eth0 192.168.211.130 #另外一台这里要设置成另外的ip auto_failback on node contos5-1-1 #通过uanme -n得到 node contos5-1-2 ping_group group1 192.168.211.128 192.168.211.130 respawn hacluster /usr/lib/heartbeat/ipfail |
这里之所以使用ucast而不用bcast是因为,如果同网段你还有另外的一套lvs的话,bcast广播也会发到这套lvs里,虽说应用上不会给另外一套lvs带来影响,但日志里会出现很多错误
|
vi /etc/ha.d/authkeys,将如下两行的注释去掉
# Use only on physically secure networks. # auth 1 1 crc #2 sha1 #3 md5 |
chomd 600 /etc/ha.d/authkeys
|
VIP=192.168.211.135 case "$1" in start) # close lo:0 interface echo $"Close lo:0 interface" /sbin/route del -host $VIP dev lo:0 /sbin/ifconfig lo:0 down echo "0" > /proc/sys/net/ipv4/conf/all/arp_announce echo "0" > /proc/sys/net/ipv4/conf/all/arp_ignore echo "0" > /proc/sys/net/ipv4/conf/lo/arp_announce echo "0" > /proc/sys/net/ipv4/conf/lo/arp_ignore ;; stop) # start lo:0 interface echo $"Start lo:0 interface" /sbin/ifconfig lo:0 $VIP/32 broadcast $VIP up /sbin/route add -host $VIP dev lo:0 echo "2" > /proc/sys/net/ipv4/conf/all/arp_announce echo "1" > /proc/sys/net/ipv4/conf/all/arp_ignore echo "2" > /proc/sys/net/ipv4/conf/lo/arp_announce echo "1" > /proc/sys/net/ipv4/conf/lo/arp_ignore ;; *) echo $"Usage: $0 (start|stop)" exit 1 ;; esac |
/etc/ha.d/resource.d下建立startlo脚本
VIP=192.168.211.135 case "$1" in stop) # close lo:0 interface echo $"Close lo:0 interface" /sbin/route del -host $VIP dev lo:0 /sbin/ifconfig lo:0 down echo "0" > /proc/sys/net/ipv4/conf/all/arp_announce echo "0" > /proc/sys/net/ipv4/conf/all/arp_ignore echo "0" > /proc/sys/net/ipv4/conf/lo/arp_announce echo "0" > /proc/sys/net/ipv4/conf/lo/arp_ignore ; ; start) # start lo:0 interface echo $"Start lo:0 interface" /sbin/ifconfig lo:0 $VIP/32 broadcast $VIP up /sbin/route add -host $VIP dev lo:0 echo "2" > /proc/sys/net/ipv4/conf/all/arp_announce echo "1" > /proc/sys/net/ipv4/conf/all/arp_ignore echo "2" > /proc/sys/net/ipv4/conf/lo/arp_announce echo "1" > /proc/sys/net/ipv4/conf/lo/arp_ignore ; ; * ) echo $"Usage: $0 (start|stop)" exit 1 ; ; esac |
到此,lvs部分就全部完成了,接下来说squid的设置,具体配置我就不写了,网上这方面的文章很多,我仅仅完成一个可以做正向代理的出来
acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT acl purge method PURGE http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow purge localhost http_access allow localnet http_access deny all icp_access allow localnet icp_access deny all htcp_access allow localnet htcp_access deny all #always_direct allow all #http_port 80 accel vhost vport http_port 3128 hierarchy_stoplist cgi-bin ? access_log /usr/local/squid/var/logs/access.log squid cache_dir ufs /usr/local/squid/cache 10 2 4 refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern (cgi-bin|?) 0 0% 0 refresh_pattern . 0 20% 4320 cache_effective_user squid cache_effective_group squid |
然后启动squid,接下来就可以测试了,到此一个可用的而且强健的双机squid就完成了(除非两台机器同时挂掉)
注:每次启动heartbeat前,请先执行 /etc/ha.d/resource.d/closelo脚本,使得lo:o网卡启动,不然这套配置将不起作用了,我目前还没有找到更好的解决办法如对以上配置有何不明了的还请提出共同讨论