== Ultra Moneky L7 (heartbeat,l7directord) [client] 10.1.1.24 | ------------------------------------------------------------------- | 10.1.1.10 (VIP for web) | | | | | |10.1.1.2(eth0) |10.1.1.3(eth0)       [LVS1] [LVS2]      |192.168.2.241(eth1) |192.168.20.109(eth1) | | | 192.168.2.240 (VIP for VRRP) | | | | | ---------------------------------------------------------------------------- | | | | | | |192.168.2.236(eth0) | 192.168.2.237(eth0) |192.168.2.238(eth0) [web1] [web2] [web3] 192.168.2.240(GW) 192.168.2.240(GW) 192.168.2.240(GW) == Install heartbeat 2回yumを実行 yum -y install heartbeat yum -y install heartbeat cp /usr/share/doc/heartbeat-2.1.3/ha.cf /etc/ha.d/. cp /usr/share/doc/heartbeat-2.1.3/haresources /etc/ha.d/. cp /usr/share/doc/heartbeat-2.1.3/authkeys /etc/ha.d/. 外側と内側のケーブルが抜けた時を想定し、両インタフェースをucastで監視する。 [# test1] vi /etc/ha.d/ha.cf logfacility local0 ucast eth0 10.1.1.3 #<------- other server's IP ucast eth1 192.168.2.242 #<------- other server's IP auto_failback on node test1.com node test2.com respawn hacluster /usr/lib64/heartbeat/ipfail [# test2] vi /etc/ha.d/ha.cf logfacility local0 ucast eth0 10.1.1.2 #<------- other server's IP ucast eth1 192.168.2.241 #<------- other server's IP auto_failback on node test1.com node test2.com respawn hacluster /usr/lib64/heartbeat/ipfail chmod 600 /etc/ha.d/authkeys vi /etc/ha.d/authkeys auth 2 2 sha1 PASSWORD 以下のtest1.comはプライマリーにするサーバーを設定 vi /etc/ha.d/haresources test1.com IPaddr::10.1.1.10/24/eth0 IPaddr::192.168.2.240/24/eth1 l7vsd l7directord == UltraMokey-L7 yum -y install apr* cpan install Crypt::SSLeay wget http://mirror.jimbojay.com/apache/logging/log4cxx/0.10.0/apache-log4cxx-0.10.0.tar.gz cd apache-log4cxx-0.10.0 ./autogen.sh ./configure --prefix=/usr --libdir=/usr/lib64 make make install tar zxvf ultramonkey-l7-2.0.0-0.tar.gz cd ultramonkey-l7-2.0.0-0 ./configure automake --add-missing --copy ./configure make make install cat /etc/ha.d/conf/l7directord.cf checktimeout=3 checkinterval=1 autoreload=yes logfile="/var/log/l7directord.log" quiescent=yes virtual=10.1.1.10:80 real=192.168.2.236:80 masq 1 real=192.168.2.237:80 masq 1 real=192.168.2.238:80 masq 1 module=cinsert --cookie-name 'monkey' scheduler=wrr checktype=negotiate request="index.html" receive="ok" # chkconfig --list | grep heart heartbeat 0:off 1:off 2:on 3:on 4:on 5:on 6:off 以下で起動 /etc/rc.d/init.d/heartbeat start 以下で接続状況確認 l7vsadm -l 内側のサーバーからNATで外にアクセスしたい場合はMasqueradeの設定を以下のように/etc/rc.d/init.d/iptablesに設定する。 *nat :PREROUTING ACCEPT [60:3408] :POSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [3:243] -A POSTROUTING -o eth0 -j MASQUERADE COMMIT *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [301:35162] -A INPUT -i lo -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT -A INPUT -p esp -j ACCEPT -A INPUT -p ah -j ACCEPT -A INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT -A INPUT -p udp -m udp --dport 631 -j ACCEPT -A INPUT -p tcp -m tcp --dport 631 -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT == stone (SSL Acceleration) wget http://www.gcd.org/sengoku/stone/stone-2.3e.tar.gz tar zxvf stone-2.3e.tar.gz cd stone-2.3d-2.3.2.7 make linux-ssl mv stone /usr/local/bin/stone makedir /etc/stone/ cd /etc/stone/ openssl req -new -nodes -x509 -keyout key.pem -out cert.pem -days 36500 stone -z sid_ctx='test.com:443' -z key=/etc/stone/key.pem -z cert=/etc/stone/cert.pem 10.1.1.10:80 443/ssl