squid代理+ss5代理+keepalived模式之keepalived配置

1、下载源码包

cd /usr/local/src/
wget  http://www.keepalived.org/software/keepalived-1.2.7.tar.gz

2、安装环境依赖包

yum -y install kernel-devel gcc make openssl-devel popt-devel libnl-devel

3、解压并编译安装keepalived服务

cd /usr/local/src/
tar xvf keepalived-1.2.7.tar.gz
cd keepalived-1.2.7
./configure --with-kernel-dir=/usr/src/kernels/2.6.32-71.el6.x86_64/ --prefix=/opt/keepalive
make
make install

4、配置运行环境

ln -s /opt/keepalive/etc/rc.d/init.d/keepalived /etc/init.d/
ln -s /opt/keepalive/etc/keepalived/ /etc/
ln -s /opt/keepalive/sbin/keepalived /usr/sbin/
ln -s /opt/keepalive/etc/sysconfig/keepalived /etc/sysconfig/
#设置开机自启动
chkconfig keepalived --add
chkconfig keepalived --list
chkconfig keepalived on

5、修改keepalived配置

 cd /etc/keepalived/
 cp keepalived.conf keepalived.conf-bak
 >keepalived.conf
 cat >> keepalived.conf << eof
 ! Configuration File for keepalived

global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   #notification_email_from Alexandre.Cassen@firewall.loc
   #smtp_server 192.168.200.1
   #smtp_connect_timeout 30
   router_id LVS_DEVEL
}

#检测本机端口是否正常
vrrp_script chk_squid_port {
    script "</dev/tcp/127.0.0.1/8080"
    interval 1
}

vrrp_instance VI_1 {
    state MASTER  #MASTER主  备 BACKUP
    interface eth0
    virtual_router_id 51  #主备必须一致
    priority 100 		  # 主为100 备用 90 主备不相同  主的值大于备用
    advert_int 1
    authentication {
    auth_type PASS
    auth_pass 1111
    }
    virtual_ipaddress {
    10.205.103.33   #配置虚ip地址
    }
	#如果端口不正常，则keepalived 切换到备用
    track_script {
    chk_squid_port
    }
}

eof

6、启动服务

service keepalived reload  #修改keepalived.conf配置后重新加载
service keepalived start   #启动keepalived
service keepalived restart 
service keepalived stop

7、防火墙设置

-A INPUT -i  eth0 -p vrrp -s 10.205.103.170 -j ACCEPT
-A INPUT -d 224.0.0.0/8 -i eth0 -p vrrp -j ACCEPT
-A OUTPUT -d 224.0.0.0/8 -o eth0 -p vrrp -j ACCEPT
-A INPUT -p vrrp  -j ACCEPT

***以下配置为测试过的squid代理+ss5+keepalived模式之keepalived配置***

! Configuration File for keepalived

global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   #notification_email_from Alexandre.Cassen@firewall.loc
   #smtp_server 192.168.200.1
   #smtp_connect_timeout 30
   router_id LVS_DEVEL
}

vrrp_script chk_squid_port {
    script "</dev/tcp/127.0.0.1/8080"
    interval 1
}

vrrp_script chk_ss5_port {
    script "</dev/tcp/127.0.0.1/1080"
    interval 1
}

vrrp_instance VI_1 {
    state MASTER
    interface eth2
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.0.6/24
    }
    
    track_script {
    chk_squid_port
    }
}

vrrp_instance VI_2 {
    state BACKUP
    interface eth2
    virtual_router_id 151
    priority 70
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.0.7/24
    }

    track_script {
    chk_ss5_port
    }
}

转载于:https://blog.51cto.com/531117978/2311583