===== POUND+keepalived構築 =====
○ 開発環境のインストール
# yum -y install gcc gcc-c++
○ OpenSSLのインストール
# yum -y install openssl openssl-devel
○ SELINUX 設定
SELinux無効化
# setenforce 0
SELinux設定ファイル編集 システム起動時にSELinuxを無効化
# vi /etc/sysconfig/selinux
SELINUX=enforcing
↓
SELINUX=disabled
○ iptables(ファイアウォール)設定
# vi /etc/sysconfig/iptables
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
# /etc/rc.d/init.d/iptables restart
○ keepalived
◆ keepalivedのインストール
# wget http://www.keepalived.org/software/keepalived-1.1.20.tar.gz
# tar zxvf keepalived-1.1.20.tar.gz
# cd keepalived-1.1.20
# ./configure
# make
# make install
◆ keepalivedの設定
# cp /usr/local/etc/keepalived/keepalived.conf /usr/local/etc/keepalived/keepalived.conf.bak
# vi /usr/local/etc/keepalived/keepalived.conf
設定項目は、
・アラートメールの送信先
・アラートメールの送信者
・NICの仮想IP
あたりが必須になります。
stateについて、サーバでプライオリティをつける場合はMASTERが1台、
それ以外がBACKUPになります。
すべてをBACKUPで並列にしていれば、起動順、安定順などで都合の
良いサーバをMASTERに昇格させます。
/* Masterの設定 */
! Configuration File for keepalived
global_defs {
notification_email {
master@example.jp
}
notification_email_from error_reporting@example.jp
smtp_server localhost
smtp_connect_timeout 30
}
vrrp_instance WEB {
state BACKUP
interface eth0
garp_master_delay 5
virtual_router_id 1
priority 100
nopreempt
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.80.250/24 dev eth0
192.168.80.251/24 dev eth1
}
}
/* BackUpの設定 */
! Configuration File for keepalived
global_defs {
notification_email {
master@example.jp
}
notification_email_from error_reporting@example.jp
smtp_server localhost
smtp_connect_timeout 30
}
vrrp_instance WEB {
state BACKUP
interface eth0
garp_master_delay 5
virtual_router_id 1
priority 100
nopreempt
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.80.250/24 dev eth0
192.168.80.251/24 dev eth1
}
}
◆ サービス登録と起動
# ln -s /usr/local/etc/rc.d/init.d/keepalived /etc/init.d/keepalived
# ln -s /usr/local/etc/sysconfig/keepalived /etc/sysconfig/keepalived
# mkdir /etc/keepalived
# ln -s /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/
# ln -s /usr/local/sbin/keepalived /usr/sbin/
# chkconfig --add keepalived
# chkconfig keepalived on
# service keepalived start
◆ 停止
# service keepalived stop
◆ 確認
# ip addr
生きているサーバ(Master)なら、VIPが割り当てられて以下のように表示される
eth0: mtu 1500 qdisc pfifo_fast qlen 1000
inet 192.168.80.99/24 brd 192.168.80.255 scope global eth0
inet 192.168.80.250/32 scope global eth0
◆参考サイト
http://dsas.blog.klab.org/archives/50717278.html
http://blog.technology-knowledge.jp/2008/06/02/183/
http://doruby.kbmj.com/sendriver_log/20091214/keepalived_pound_LB_
○ POUND
◆ 開発ツール
# yum -y install rpm-build
◆ リポジトリ追加
epel リポジトリを登録
# rpm -ivh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noarch.rpm
remi リポジトリを登録
# rpm -ivh http://rpms.famillecollet.com/enterprise/remi-release-5.rpm
◆ 必要なツールのインストール
# yum -y install pcre-devel
# yum -y install google-perftools-devel
# yum -y install pkgconfig
◆ インストール
# wget http://www.invoca.ch/pub/packages/pound/pound-2.5-1.src.rpm
# rpm -ivh pound-2.5-1.src.rpm
# rpmbuild -ba /usr/src/redhat/SPECS/pound.spec
# rpm -ivh /usr/src/redhat/RPMS/x86_64/pound-2.5-1.x86_64.rpm
◆ 設定
# cp /etc/pound/pound.cfg /etc/pound/pound.cfg.bak
# vi /etc/pound/pound.cfg
/* 設定例 */
User "nobody"
Group "nobody"
#RootJail "/usr/share/pound"
Control "/var/run/pound/ctl_socket"
# Main listening ports
ListenHTTP
Address 192.168.80.250
Port 80
xHTTP 1
End
ListenHTTPS
Address 0.0.0.0
Port 444
Cert "/etc/pki/pound/pound.pem"
Ciphers "ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL"
xHTTP 1
End
# Images server(s)
Service
URL ".*.(jpg|gif)"
BackEnd
Address 127.0.0.1
Port 80
End
End
# redirect all requests for /forbidden
Service
Url "/forbidden.*"
Redirect "https://localhost/"
End
# Catch-all server(s)
Service
BackEnd
Address 192.168.80.97
Port 80
Priority 5
End
BackEnd
Address 192.168.80.98
Port 80
Priority 5
End
Session
Type BASIC
TTL 300
End
End
◆ 起動、自動起動
# /etc/rc.d/init.d/pound start
# chkconfig pound on