### Keepalived install
mkdir /root/src
cd /root/src
wget http://keepalived.org/software/keepalived-1.2.20.tar.gz
tar xfz keepalived-1.2.20.tar.gz
cd keepalived-1.2.20
./configure && make && make install
ln -s /usr/local/etc/keepalived /etc/keepalived
ln -s /usr/local/etc/rc.d/init.d/keepalived /etc/rc.d/init.d/keepalived
ln -s /usr/local/etc/sysconfig/keepalived /etc/sysconfig/keepalived
vi /etc/rc.d/init.d/keepalived
daemon /usr/local/sbin/keepalived
PATH=/sbin:/bin:/usr/bin:/usr/sbin:/usr/local/sbin
# 설정 파일
global_defs {
router_id haproxy-01
}
vrrp_script haproxy {
script "killall -0 haproxy"
interval 2
weight 2
}
vrrp_instance 임의로 {
state MASTER
interface eth0
virtual_router_id 50
priority 200
advert_int 1
virtual_ipaddress {
10.0.0.100 (사용할 VIP)
}
track_script {
haproxy
}
}
### haproxy install
useradd haproxy -s /sbin/nologin
wget http://www.haproxy.org/download/1.6/src/haproxy-1.6.4.tar.gz
tar xfz haproxy-1.6.4.tar.gz
cd haproxy-1.6.4
make TARGET=linux2628 && make install
cp /usr/local/sbin/haproxy /usr/sbin/
cp ./examples/haproxy.init /etc/init.d/haproxy
chmod 755 /etc/init.d/haproxy
mkdir -p /etc/haproxy
mkdir -p /run/haproxy
mkdir -p /var/lib/haproxy
touch /var/lib/haproxy/stats
vi /etc/haproxy/haproxy.cfg
###
global
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
defaults
option redispatch
retries 3
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout check 10s
maxconn 3000
listen http
bind *:80
acl rose_acl hdr_beg(host) -i rose
use_backend rose if rose_acl
backend rose
mode http
cookie SERVERID insert indirect nocache
option forwardfor header X-Real-IP
option http-server-close
option httplog
balance roundrobin
server rose1 서버01:80 check cookie rose1
server rose2 서버02:80 check cookie rose2
server rose3 서버03:80 check cookie rose3
### 커널 튜닝
sysctl.conf
net.ipv4.ip_forward = 1
net.ipv4.conf.eth0.arp_ignore = 1
net.ipv4.conf.eth0.arp_announce = 2
### DNS
yum -y install bind bind-utils bind-libs bind-chroot
vi /etc/named.conf
acl trust {
사용할대역;
10.0.0.0/24;
};
options {
listen-on port 53 { any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
allow-query-cache { any; };
allow-transfer { any; };
recursion no;
allow-recursion { trust; };
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
vi /etc/named.rfc1912.zones
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};
vi 존파일
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS 사용할도메인.
IN A 도메인IP
ns IN A 네임서버IP
rose IN A 도메인IP
'Linux > Document' 카테고리의 다른 글
| swap size (0) | 2017.03.09 |
|---|---|
| mmm (0) | 2016.05.09 |
| mariadb galera cluster 10.0 centos 6.x + LVS(LB) (0) | 2016.03.25 |
| ubuntu banner 설정 (0) | 2016.03.04 |
| glusterFS (0) | 2016.03.04 |