Chinaunix首页 | 论坛 | 博客
  • 博客访问: 632835
  • 博文数量: 151
  • 博客积分: 4010
  • 博客等级: 上校
  • 技术积分: 1664
  • 用 户 组: 普通用户
  • 注册时间: 2009-08-13 16:37
文章分类

全部博文(151)

文章存档

2010年(16)

2009年(135)

我的朋友

分类: LINUX

2009-11-23 17:18:14

我写这篇文章所用的测试环境,vmvare6.0,模拟两个linux,用的是centos5.1
squid-1(192.168.211.128)
squid-2(192.168.211.130)
Vip(192.168.211.135)
实现方式lvs-dr
1,lvs配置部分
安装lvs所需要的软件

yum -y install

yum -y install heartbeat-ldirectord

yum -y install heartbeat-devel

yum -y install ipvsadm

配置Ldirector
vi /etc/ha.d/ldirectord.cf设置如下内容,两台机器文件内容相同

# Global Directives

checktimeout=3

checkinterval=1

autoreload=yes

logfile="/var/log/ldirectord.log"

logfile="local0"

#emailalert="admin@x.y.z"

#emailalertfreq=3600

#emailalertstatus=all

quiescent=yes

# Sample for an http virtual service

virtual=192.168.211.135:3128

real=192.168.211.128:3128 gate

real=192.168.211.130:3128 gate

scheduler=rr

#persistent=600

#netmask=255.255.255.255

protocol=tcp

checktype=negotiate

checkport=3128

配置heartbeat

vi /etc/ha.d/ha.cf

debugfile /var/log/ha-debug

logfile /var/log/ha-log

logfacility local0

keepalive 2

deadtime 30

warntime 10

initdead 120

udpport 694

ucast eth0 192.168.211.130 #另外一台这里要设置成另外的ip

auto_failback on

node contos5-1-1 #通过uanme -n得到

node contos5-1-2

ping_group group1 192.168.211.128 192.168.211.130

respawn hacluster /usr/lib/heartbeat/ipfail

这里之所以使用ucast而不用bcast是因为,如果同网段你还有另外的一套lvs的话,bcast广播也会发到这套lvs里,虽说应用上不会给另外一套lvs带来影响,但日志里会出现很多错误

cp /usr/share/doc/heartbeat-2.1.3/authkeys /etc/ha.d/

vi /etc/ha.d/authkeys,将如下两行的注释去掉

# crc adds no security , except from packet corruption.

# Use only on physically secure networks.

#

auth 1

1 crc

#2 sha1

#3 md5

chomd 600 /etc/ha.d/authkeys

vi /etc/ha.d/haresources文件,加入

contos5-1-1 closelo 192.168.211.135 ldirectord::ldirectord.cf startlo

在/etc/ha.d/resource.d下建立closelo脚本,内容如下

#!/bin/sh

VIP=192.168.211.135

case "$1" in

start)

# close lo:0 interface

echo $"Close lo:0 interface"

/sbin/route del -host $VIP dev lo:0

/sbin/ifconfig lo:0 down

echo "0" > /proc/sys/net/ipv4/conf/all/arp_announce

echo "0" > /proc/sys/net/ipv4/conf/all/arp_ignore

echo "0" > /proc/sys/net/ipv4/conf/lo/arp_announce

echo "0" > /proc/sys/net/ipv4/conf/lo/arp_ignore

;;

stop)

# start lo:0 interface

echo $"Start lo:0 interface"

/sbin/ifconfig lo:0 $VIP/32 broadcast $VIP up

/sbin/route add -host $VIP dev lo:0

echo "2" > /proc/sys/net/ipv4/conf/all/arp_announce

echo "1" > /proc/sys/net/ipv4/conf/all/arp_ignore

echo "2" > /proc/sys/net/ipv4/conf/lo/arp_announce

echo "1" > /proc/sys/net/ipv4/conf/lo/arp_ignore

;;

*)

echo $"Usage: $0 (start|stop)"

exit 1

;;

esac

/etc/ha.d/resource.d下建立startlo脚本

# ! /bin/sh

VIP=192.168.211.135

case "$1" in

stop)

# close lo:0 interface

echo $"Close lo:0 interface"

/sbin/route del -host $VIP dev lo:0

/sbin/ifconfig lo:0 down

echo "0" > /proc/sys/net/ipv4/conf/all/arp_announce

echo "0" > /proc/sys/net/ipv4/conf/all/arp_ignore

echo "0" > /proc/sys/net/ipv4/conf/lo/arp_announce

echo "0" > /proc/sys/net/ipv4/conf/lo/arp_ignore

; ;

start)

# start lo:0 interface

echo $"Start lo:0 interface"

/sbin/ifconfig lo:0 $VIP/32 broadcast $VIP up

/sbin/route add -host $VIP dev lo:0

echo "2" > /proc/sys/net/ipv4/conf/all/arp_announce

echo "1" > /proc/sys/net/ipv4/conf/all/arp_ignore

echo "2" > /proc/sys/net/ipv4/conf/lo/arp_announce

echo "1" > /proc/sys/net/ipv4/conf/lo/arp_ignore

; ;

* )

echo $"Usage: $0 (start|stop)"

exit 1

; ;

esac

到此,lvs部分就全部完成了,接下来说squid的设置,具体配置我就不写了,网上这方面的文章很多,我仅仅完成一个可以做正向代理的出来

squid我使用的是3.0stable8
./configure --prefix=/usr/local/squid
make && make install
完成安装后,配置文件内容如下

visible_hostname 2

acl manager proto cache_object

acl localhost src 127.0.0.1/32

acl to_localhost dst 127.0.0.0/8

acl localnet src 10.0.0.0/8 # RFC1918 possible internal network

acl localnet src 172.16.0.0/12 # RFC1918 possible internal network

acl localnet src 192.168.0.0/16 # RFC1918 possible internal network

acl SSL_ports port 443

acl Safe_ports port 80 # http

acl Safe_ports port 21 # ftp

acl Safe_ports port 443 # https

acl Safe_ports port 70 # gopher

acl Safe_ports port 210 # wais

acl Safe_ports port 1025-65535 # unregistered ports

acl Safe_ports port 280 # http-mgmt

acl Safe_ports port 488 # gss-http

acl Safe_ports port 591 # filemaker

acl Safe_ports port 777 # multiling http

acl CONNECT method CONNECT

acl purge method PURGE

http_access allow manager localhost

http_access deny manager

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

http_access allow purge localhost

http_access allow localnet

http_access deny all

icp_access allow localnet

icp_access deny all

htcp_access allow localnet

htcp_access deny all

#always_direct allow all

#http_port 80 accel vhost vport

http_port 3128

hierarchy_stoplist cgi-bin ?

access_log /usr/local/squid/var/logs/access.log squid

cache_dir ufs /usr/local/squid/cache 10 2 4

refresh_pattern ^ftp: 1440 20% 10080

refresh_pattern ^gopher: 1440 0% 1440

refresh_pattern (cgi-bin|?) 0 0% 0

refresh_pattern . 0 20% 4320

cache_effective_user squid

cache_effective_group squid

然后启动squid,接下来就可以测试了,到此一个可用的而且强健的双机squid就完成了(除非两台机器同时挂掉)

注:每次启动heartbeat前,请先执行 /etc/ha.d/resource.d/closelo脚本,使得lo:o网卡启动,不然这套配置将不起作用了,我目前还没有找到更好的解决办法如对以上配置有何不明了的还请提出共同讨论

原文
阅读(709) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~