2010年12月6日月曜日
Pound with HA
== Pound with heartbeat on 64bit CentOS 5
== Install heartbeat
2回yumを実行
yum -y install heartbeat
yum -y install heartbeat
cp /usr/share/doc/heartbeat-2.1.3/ha.cf /etc/ha.d/.
cp /usr/share/doc/heartbeat-2.1.3/haresources /etc/ha.d/.
cp /usr/share/doc/heartbeat-2.1.3/authkeys /etc/ha.d/.
外側と内側のケーブルが抜けた時を想定し、両インタフェースをucastで監視する。
[# test1] vi /etc/ha.d/ha.cf
logfacility local0
ucast eth0 10.1.1.3 #<------- other server's IP
ucast eth1 192.168.2.242 #<------- other server's IP
auto_failback on
node test1.com
node test2.com
respawn hacluster /usr/lib64/heartbeat/ipfail
[# test2] vi /etc/ha.d/ha.cf
logfacility local0
ucast eth0 10.1.1.2 #<------- other server's IP
ucast eth1 192.168.2.241 #<------- other server's IP
auto_failback on
node test1.com
node test2.com
respawn hacluster /usr/lib64/heartbeat/ipfail
chmod 600 /etc/ha.d/authkeys
vi /etc/ha.d/authkeys
auth 2
2 sha1 PASSWORD
以下のtest1.comはプライマリーにするサーバーを設定
vi /etc/ha.d/haresources
test1.com IPaddr::10.1.1.1/24/eth0 IPaddr::192.168.2.240/24/eth1 pound
== Pound
/etc/yum.repos.d/CentOS-Base.repo
[dag]
name=Dag RPM Repository for Red Hat Enterprise Linux
baseurl=http://ftp.riken.jp/Linux/dag/redhat/el$releasever/en/$basearch/dag
wget http://dag.wieers.com/packages/RPM-GPG-KEY.dag.txt
rpm --import RPM-GPG-KEY.dag.txt
yum -y install pound
vi /etc/pound.cfg
User "nobody"
Group "nobody"
#RootJail "/var/pound/jail"
#Alive 60
ListenHTTP
Address 10.1.1.10
Port 80
End
Service
HeadRequire "Host: .*test.com.*"
BackEnd
Address 192.168.2.236
Port 80
Priority 5
End
BackEnd
Address 192.168.2.237
Port 80
Priority 5
End
BackEnd
Address 192.168.2.238
Port 80
Priority 5
End
End
heartbeatで Poundが起動するので、PoundはOFFにしておく。
# chkconfig --list | grep pound
pound 0:off 1:off 2:off 3:off 4:off 5:off 6:off
# chkconfig --list | grep heartbeat
heartbeat 0:off 1:off 2:on 3:on 4:on 5:on 6:off
以下で起動
/etc/rc.d/init.d/heartbeat start
以下でインタフェースに割り振られたIPを確認
#ip addr show
設定変更後
/etc/rc.d/init.d/pound reload でセッションは切れる。
内側のサーバーからPoundを通してNATで外にいくには以下masueradeの設定必要。
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [53:4708]
:OUTPUT ACCEPT [706:49104]
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A INPUT -p esp -j ACCEPT
-A INPUT -p ah -j ACCEPT
-A INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p udp -m udp --dport 631 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
*nat
:PREROUTING ACCEPT [26:3695]
:POSTROUTING ACCEPT [288:17280]
:OUTPUT ACCEPT [289:17372]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
[client] 10.1.1.24
|
-------------------------------------------------------------------
| 10.1.1.10 (VIP for web) |
| |
| |
|10.1.1.2(eth0) |10.1.1.3(eth0)
[Pound1] [Pound2]
|192.168.2.241(eth1) |192.168.20.109(eth1)
| |
| 192.168.20.240(VIP of pound gw) |
| |
| |
----------------------------------------------------------------------------
| | |
| | |
|192.168.2.236(eth0) | 192.168.2.237(eth0) |192.168.2.238(eth0)
[web1] [web2] [web3]
== Install heartbeat
2回yumを実行
yum -y install heartbeat
yum -y install heartbeat
cp /usr/share/doc/heartbeat-2.1.3/ha.cf /etc/ha.d/.
cp /usr/share/doc/heartbeat-2.1.3/haresources /etc/ha.d/.
cp /usr/share/doc/heartbeat-2.1.3/authkeys /etc/ha.d/.
外側と内側のケーブルが抜けた時を想定し、両インタフェースをucastで監視する。
[# test1] vi /etc/ha.d/ha.cf
logfacility local0
ucast eth0 10.1.1.3 #<------- other server's IP
ucast eth1 192.168.2.242 #<------- other server's IP
auto_failback on
node test1.com
node test2.com
respawn hacluster /usr/lib64/heartbeat/ipfail
[# test2] vi /etc/ha.d/ha.cf
logfacility local0
ucast eth0 10.1.1.2 #<------- other server's IP
ucast eth1 192.168.2.241 #<------- other server's IP
auto_failback on
node test1.com
node test2.com
respawn hacluster /usr/lib64/heartbeat/ipfail
chmod 600 /etc/ha.d/authkeys
vi /etc/ha.d/authkeys
auth 2
2 sha1 PASSWORD
以下のtest1.comはプライマリーにするサーバーを設定
vi /etc/ha.d/haresources
test1.com IPaddr::10.1.1.1/24/eth0 IPaddr::192.168.2.240/24/eth1 pound
== Pound
/etc/yum.repos.d/CentOS-Base.repo
[dag]
name=Dag RPM Repository for Red Hat Enterprise Linux
baseurl=http://ftp.riken.jp/Linux/dag/redhat/el$releasever/en/$basearch/dag
wget http://dag.wieers.com/packages/RPM-GPG-KEY.dag.txt
rpm --import RPM-GPG-KEY.dag.txt
yum -y install pound
vi /etc/pound.cfg
User "nobody"
Group "nobody"
#RootJail "/var/pound/jail"
#Alive 60
ListenHTTP
Address 10.1.1.10
Port 80
End
Service
HeadRequire "Host: .*test.com.*"
BackEnd
Address 192.168.2.236
Port 80
Priority 5
End
BackEnd
Address 192.168.2.237
Port 80
Priority 5
End
BackEnd
Address 192.168.2.238
Port 80
Priority 5
End
End
heartbeatで Poundが起動するので、PoundはOFFにしておく。
# chkconfig --list | grep pound
pound 0:off 1:off 2:off 3:off 4:off 5:off 6:off
# chkconfig --list | grep heartbeat
heartbeat 0:off 1:off 2:on 3:on 4:on 5:on 6:off
以下で起動
/etc/rc.d/init.d/heartbeat start
以下でインタフェースに割り振られたIPを確認
#ip addr show
設定変更後
/etc/rc.d/init.d/pound reload でセッションは切れる。
内側のサーバーからPoundを通してNATで外にいくには以下masueradeの設定必要。
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [53:4708]
:OUTPUT ACCEPT [706:49104]
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A INPUT -p esp -j ACCEPT
-A INPUT -p ah -j ACCEPT
-A INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p udp -m udp --dport 631 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
*nat
:PREROUTING ACCEPT [26:3695]
:POSTROUTING ACCEPT [288:17280]
:OUTPUT ACCEPT [289:17372]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
ラベル: Load balancer
# RINA さんの投稿 : 2:54
登録 投稿 [Atom]
コメントを投稿