○ 開発環境のインストール
# yum -y install gcc gcc-c++
○ OpenSSLのインストール
# yum -y install openssl openssl-devel
○ SELINUX 設定
SELinux無効化
# setenforce 0
SELinux設定ファイル編集 システム起動時にSELinuxを無効化
# vi /etc/sysconfig/selinux
SELINUX=enforcing
↓
SELINUX=disabled
○ iptables(ファイアウォール)設定
# vi /etc/sysconfig/iptables
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 443 -j ACCEPT
# /etc/rc.d/init.d/iptables restart
○ keepalived
◆ keepalivedのインストール
# wget http://www.keepalived.org/software/keepalived-1.1.20.tar.gz
# tar zxvf keepalived-1.1.20.tar.gz
# cd keepalived-1.1.20
# ./configure
# make
# make install
◆ keepalivedの設定
# cp /usr/local/etc/keepalived/keepalived.conf /usr/local/etc/keepalived/keepalived.conf.bak
# vi /usr/local/etc/keepalived/keepalived.conf
設定項目は、
・アラートメールの送信先
・アラートメールの送信者
・NICの仮想IP
あたりが必須になります。
stateについて、サーバでプライオリティをつける場合はMASTERが1台、
それ以外がBACKUPになります。
すべてをBACKUPで並列にしていれば、起動順、安定順などで都合の
良いサーバをMASTERに昇格させます。
/* Masterの設定 */ ! Configuration File for keepalived global_defs { notification_email { master@example.jp } notification_email_from error_reporting@example.jp smtp_server localhost smtp_connect_timeout 30 } vrrp_instance WEB { state BACKUP interface eth0 garp_master_delay 5 virtual_router_id 1 priority 100 nopreempt advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.80.250/24 dev eth0 192.168.80.251/24 dev eth1 } } /* BackUpの設定 */ ! Configuration File for keepalived global_defs { notification_email { master@example.jp } notification_email_from error_reporting@example.jp smtp_server localhost smtp_connect_timeout 30 } vrrp_instance WEB { state BACKUP interface eth0 garp_master_delay 5 virtual_router_id 1 priority 100 nopreempt advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.80.250/24 dev eth0 192.168.80.251/24 dev eth1 } }
◆ サービス登録と起動
# ln -s /usr/local/etc/rc.d/init.d/keepalived /etc/init.d/keepalived
# ln -s /usr/local/etc/sysconfig/keepalived /etc/sysconfig/keepalived
# mkdir /etc/keepalived
# ln -s /usr/local/etc/keepalived/keepalived.conf /etc/keepalived/
# ln -s /usr/local/sbin/keepalived /usr/sbin/
# chkconfig –add keepalived
# chkconfig keepalived on
# service keepalived start
◆ 停止
# service keepalived stop
◆ 確認
# ip addr
生きているサーバ(Master)なら、VIPが割り当てられて以下のように表示される
eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
inet 192.168.80.99/24 brd 192.168.80.255 scope global eth0
inet 192.168.80.250/32 scope global eth0
◆参考サイト
http://dsas.blog.klab.org/archives/50717278.html
http://blog.technology-knowledge.jp/2008/06/02/183/
http://doruby.kbmj.com/sendriver_log/20091214/keepalived_pound_LB_
○ POUND
◆ 開発ツール
# yum -y install rpm-build
◆ リポジトリ追加
epel リポジトリを登録
# rpm -ivh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noarch.rpm
remi リポジトリを登録
# rpm -ivh http://rpms.famillecollet.com/enterprise/remi-release-5.rpm
◆ 必要なツールのインストール
# yum -y install pcre-devel
# yum -y install google-perftools-devel
# yum -y install pkgconfig
◆ インストール
# wget http://www.invoca.ch/pub/packages/pound/pound-2.5-1.src.rpm
# rpm -ivh pound-2.5-1.src.rpm
# rpmbuild -ba /usr/src/redhat/SPECS/pound.spec
# rpm -ivh /usr/src/redhat/RPMS/x86_64/pound-2.5-1.x86_64.rpm
◆ 設定
# cp /etc/pound/pound.cfg /etc/pound/pound.cfg.bak
# vi /etc/pound/pound.cfg
/* 設定例 */
User "nobody" Group "nobody" #RootJail "/usr/share/pound" Control "/var/run/pound/ctl_socket" # Main listening ports ListenHTTP Address 192.168.80.250 Port 80 xHTTP 1 End ListenHTTPS Address 0.0.0.0 Port 444 Cert "/etc/pki/pound/pound.pem" Ciphers "ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL" xHTTP 1 End # Images server(s) Service URL ".*.(jpg|gif)" BackEnd Address 127.0.0.1 Port 80 End End # redirect all requests for /forbidden Service Url "/forbidden.*" Redirect "https://localhost/" End # Catch-all server(s) Service BackEnd Address 192.168.80.97 Port 80 Priority 5 End BackEnd Address 192.168.80.98 Port 80 Priority 5 End Session Type BASIC TTL 300 End End
◆ 起動、自動起動
# /etc/rc.d/init.d/pound start
# chkconfig pound on