POUND+keepalived構築

○ 開発環境のインストール
 # yum -y install gcc gcc-c++

○ OpenSSLのインストール
 # yum -y install openssl openssl-devel

○ SELINUX 設定
 SELinux無効化
 # setenforce 0
 SELinux設定ファイル編集 システム起動時にSELinuxを無効化
 # vi /etc/sysconfig/selinux
 SELINUX=enforcing
 ↓
 SELINUX=disabled

○ iptables(ファイアウォール)設定
 # vi /etc/sysconfig/iptables
 
 -A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT
 -A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 443 -j ACCEPT
 
 # /etc/rc.d/init.d/iptables restart

○ keepalived

 ◆ keepalivedのインストール
 # wget http://www.keepalived.org/software/keepalived-1.1.20.tar.gz
 # tar zxvf keepalived-1.1.20.tar.gz
 # cd keepalived-1.1.20
 # ./configure
 # make
 # make install
 
 ◆ keepalivedの設定
 # cp /usr/local/etc/keepalived/keepalived.conf /usr/local/etc/keepalived/keepalived.conf.bak
 # vi /usr/local/etc/keepalived/keepalived.conf
 
 設定項目は、
 ・アラートメールの送信先
 ・アラートメールの送信者
 ・NICの仮想IP
 あたりが必須になります。
 stateについて、サーバでプライオリティをつける場合はMASTERが1台、
 それ以外がBACKUPになります。
 すべてをBACKUPで並列にしていれば、起動順、安定順などで都合の
 良いサーバをMASTERに昇格させます。
 

 /* Masterの設定 */
	! Configuration File for keepalived
	
	global_defs {
	   notification_email {
	     master@example.jp
	   }
	   notification_email_from error_reporting@example.jp
	   smtp_server localhost
	   smtp_connect_timeout 30
	}
	
	vrrp_instance WEB {
	    state BACKUP
	    interface eth0
	    garp_master_delay 5
	    virtual_router_id 1
	    priority 100
	    nopreempt
	    advert_int 1
	    authentication {
	        auth_type PASS
	        auth_pass 1111
	    }
	    virtual_ipaddress {
	        192.168.80.250/24   dev eth0
	        192.168.80.251/24   dev eth1
	    }
	}
	
 /* BackUpの設定 */
	! Configuration File for keepalived
	
	global_defs {
	   notification_email {
	     master@example.jp
	   }
	   notification_email_from error_reporting@example.jp
	   smtp_server localhost
	   smtp_connect_timeout 30
	}
	
	vrrp_instance WEB {
	    state BACKUP
	    interface eth0
	    garp_master_delay 5
	    virtual_router_id 1
	    priority 100
	    nopreempt
	    advert_int 1
	    authentication {
	        auth_type PASS
	        auth_pass 1111
	    }
	    virtual_ipaddress {
	        192.168.80.250/24   dev eth0
	        192.168.80.251/24   dev eth1
	    }
	}
	

 ◆ サービス登録と起動
 # ln -s /usr/local/etc/rc.d/init.d/keepalived /etc/init.d/keepalived
 # ln -s /usr/local/etc/sysconfig/keepalived /etc/sysconfig/keepalived
 # mkdir /etc/keepalived
 # ln -s /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/
 # ln -s /usr/local/sbin/keepalived /usr/sbin/
 # chkconfig –add keepalived
 # chkconfig keepalived on
 # service keepalived start
 
 ◆ 停止
 # service keepalived stop
 
 ◆ 確認
 # ip addr
 
 生きているサーバ(Master)なら、VIPが割り当てられて以下のように表示される
 eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
  inet 192.168.80.99/24 brd 192.168.80.255 scope global eth0
  inet 192.168.80.250/32 scope global eth0
 
 ◆参考サイト
 http://dsas.blog.klab.org/archives/50717278.html
 http://blog.technology-knowledge.jp/2008/06/02/183/
 http://doruby.kbmj.com/sendriver_log/20091214/keepalived_pound_LB_

○ POUND

 ◆ 開発ツール
 # yum -y install rpm-build
 
 ◆ リポジトリ追加
 epel リポジトリを登録
 # rpm -ivh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noarch.rpm
 remi リポジトリを登録
 # rpm -ivh http://rpms.famillecollet.com/enterprise/remi-release-5.rpm
 
 ◆ 必要なツールのインストール
 # yum -y install pcre-devel
 # yum -y install google-perftools-devel
 # yum -y install pkgconfig
 
 ◆ インストール
 # wget http://www.invoca.ch/pub/packages/pound/pound-2.5-1.src.rpm
 # rpm -ivh pound-2.5-1.src.rpm
 # rpmbuild -ba /usr/src/redhat/SPECS/pound.spec
 # rpm -ivh /usr/src/redhat/RPMS/x86_64/pound-2.5-1.x86_64.rpm
 
 ◆ 設定
 # cp /etc/pound/pound.cfg /etc/pound/pound.cfg.bak
 # vi /etc/pound/pound.cfg

 /* 設定例 */

	User "nobody"
	Group "nobody"
	#RootJail "/usr/share/pound"
	Control "/var/run/pound/ctl_socket"
	
	# Main listening ports
	ListenHTTP
	    Address 192.168.80.250
	    Port    80
	    xHTTP   1
	End
	ListenHTTPS
	    Address 0.0.0.0
	    Port    444
	    Cert    "/etc/pki/pound/pound.pem"
	    Ciphers "ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL"
	    xHTTP   1
	End
	
	# Images server(s)
	Service
	    URL ".*.(jpg|gif)"
	    BackEnd
	        Address 127.0.0.1
	        Port    80
	    End
	End
	
	# redirect all requests for /forbidden
	Service
	    Url         "/forbidden.*"
	    Redirect    "https://localhost/"
	End
	
	# Catch-all server(s)
	Service
	    BackEnd
	        Address 192.168.80.97
	        Port    80
	        Priority 5
	    End
	    BackEnd
	        Address 192.168.80.98
	        Port    80
	        Priority 5
	    End
	    Session
	        Type    BASIC
	        TTL     300
	    End
	End

 
 ◆ 起動、自動起動
 # /etc/rc.d/init.d/pound start
 # chkconfig pound on