利用keepalived实现多cpu支持的squid3.2高可用性~

 

 

squid a 10.10.10.10

squid b 10.10.10.20

vip     10.10.10.88

 

squid3.2  在别的线上用，性能不错，没有出现卡死或者崩溃的现象~  大家可以一用 ~ 

但是3.2所用的server性能要高于2.7 3.0的配置的~ 

 

yum -y install ntp make openssl openssl-devel pcre pcre-devel libpng libpng-devel libjpeg-6b libjpeg-devel-6b freetype freetype-devel gd gd-devel zlib zlib-devel gcc gcc-c++ libXpm libXpm-devel ncurses ncurses-devel libmcrypt libmcrypt-devel libxml2 libxml2-devel imake autoconf automake screen sysstat compat-libstdc++-33 curl curl-devel
wget http://www.squid-cache.org/Versions/v3/3.2/squid-3.2.0.18.tar.gz
tar -zvxf squid-3.2.0.18.tar.gz
cd squid-3.2.0.18
./configure --prefix=/usr/local/squid --enable-gnuregex --enable-async-io=80 --enable-cache-digests --enable-err-language="zh-cn"--enable-default-err-language="zh-cn" --enable-epoll --disable-internal-dns  --with-filedescriptors=20480 --enable-kill-parent-hack
make
make install

#创建squid相关目录

groupadd squid   #创建squid  squid用户组
useradd -g squid -s /sbin/nologin  #创建squid用户，并加入到squid组里，不允许登录系统
chown -R squid /usr/local/squid/   #修改squid的安装目录所属用户为squid用户
mkdir -p /var/cache1     #创建squid的第一个缓存目录
mkdir -p /var/cache2    #创建squid的第二个缓存目录
chown squid.squid -R /var/cache1 /var/squid2  #设置目录所有者
chmod -R 777 /var/cache1 /var/squid    #设置目录权限

#配置squid

将squid的初始配置文件备份，我们要重新创建配置文件

mv /usr/local/squid/etc/squid.conf /usr/local/squid/etc/squid.conf.bak

vi /usr/local/squid/etc/squid.conf

max_filedescriptors 65535
visible_hostname rui
acl SSL_ports port 443
acl Safe_ports port 80
acl CONNECT method CONNECT
acl myip src localhost
#http_access deny OverConnLimit
#acl web1 src 117.21.227.134
#acl web2 src .....
http_access allow manager localhost
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl OverConnLimit maxconn 300
http_access deny OverConnLimit
http_access allow all
#header_access X-Forwarded-For allow all
#acl_uses_indirect_client  on
#follow_x_forwarded_for allow all
allow_underscore on
half_closed_clients off
cache_peer 222.174.95.21 parent 9011 0 no-query originserver name=web21
cache_peer 122.226.213.41 parent 80 0 no-query originserver name=web41
http_port 80 accel vhost vport
cache_peer_domain  web21  .upbar.net mypig.upbar.net .mypig.net .8goo.com .vitas.com.cn .ibar.cc  .360loss.com .99zyz.com
cache_peer_domain  web21  .grow100.com.cn .jpstore.net .jk0769.com .maxmancapsule.com .maxmancapsule.com.cn .maxmancapsules.com.tw .72sun.com .30jf.com .356jf.com .24jf.com .aidashan.com .she36.com
cache_peer_domain  web21  .grow100.net .gao36.com .gao36.net .way200.com .easy900.com .show1000.com .gft400.com .topgouwu.net
cache_peer_domain  web21  .igaofei.com .igaofei.net .mek123.com .mek123.net .yugutoo.com yututoo.com
cache_peer_domain  web41  .bibe.cn .yein.cc .youxia.cn
cache_peer_access web21 allow all
cache_peer_access web41 allow all
forwarded_for on
acl QUERY urlpath_regex cgi-bin   .cgi .php .avi .wmv .rm .ram .mpg .mpeg .zip .exe .asp .aspx
cache deny QUERY
reload_into_ims on
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320
refresh_pattern -i \.html 1440 100% 129600 reload-into-ims
refresh_pattern -i \.shtml 1440 100% 129600 reload-into-ims
refresh_pattern -i \.htm 1440 100% 129600 reload-into-ims
refresh_pattern -i \.gif 1440 100% 129600 ignore-reload
refresh_pattern -i \.jpg 1440 100% 129600 ignore-reload
refresh_pattern -i \.png 1440 100% 129600 reload-into-ims
refresh_pattern -i \.bmp 1440 100% 129600 reload-into-ims
refresh_pattern -i \.swf 1440 100% 129600 reload-into-ims
refresh_pattern -i \.flv 129600 100% 129600 ignore-reload
refresh_pattern -i \.js 1440 100% 129600 reload-into-ims
refresh_pattern -i \.css 1440 100% 129600 reload-into-ims
pid_filename /usr/local/squid/var/logs/squid.pid
#logformat squid  %ts.%03tu %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt
#cache_log /usr/local/squid/var/logs/cache.log
#access_log /usr/local/squid/var/logs/access.log
access_log /dev/null
cache_log /dev/null
cache_store_log none
#error_directory none
cache_mem 256 MB
memory_pools_limit 312 MB
maximum_object_size_in_memory 4096 KB
max_open_disk_fds 0
minimum_object_size 0 KB
maximum_object_size 4096 KB
maximum_object_size_in_memory 4096 KB
memory_replacement_policy lru
cache_dir ufs /var/cache1 1024 16 256
#cache_dir null /tmp

EOF

 

启动squid

检查 squid 配置文件正确与否

/usr/local/squid/sbin/squid -Nk parse

生成缓存目录

/usr/local/squid/sbin/squid -N �Cz

测试squid

/usr/local/squid/sbin/squid -N -d1

启动squid

/usr/local/squid/sbin/squid

ps -ef |grep squid     # 检查squid是否正常启动

keepalived安装配置~

这个是安装脚本~

server A 的配置

#!/bin/bash
#
#改变下MASTER BACKUP模式    还有优先级的id
#
yum -y install openssl-devel
cd /root
wget http://www.keepalived.org/software/keepalived-1.2.2.tar.gz
tar xzf keepalived-1.2.2.tar.gz
cd keepalived-1.2.2
./configure
make && make install
cp /usr/local/etc/rc.d/init.d/keepalived /etc/init.d/
cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/
chmod +x /etc/init.d/keepalived
chkconfig --add keepalived
chkconfig keepalived on
mkdir /etc/keepalived
ln -s /usr/local/sbin/keepalived /usr/sbin/
cat >> /etc/keepalived/keepalived.conf <<EOF
global_defs {
   notification_email {
     [email protected]
   }
   notification_email_from [email protected]
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id LVS_DEVEL
}
vrrp_script chk_http_port {
                script "/opt/squid_ser.sh"
                interval 2
                weight 2
}
vrrp_instance VI_1 {
    state MASTER        #辅机为 BACKUP
    interface eth0
    virtual_router_id 51
    priority 100                 #权值要比 back 高
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
track_script {
        chk_http_port ### 执行监控的服务
        }
    virtual_ipaddress {
       10.10.10.88
    }
}
EOF
cat >> /opt/squid_ser.sh <<EOF
#!/bin/bash
STATUS=`netstat -nptl | grep squid | grep 80 | wc -l`
if [ "$STATUS" -eq "0" ]; then
/usr/local/squid/sbin/squid -s
STATUS2=`netstat -nptl | grep squid | grep 80 | wc -l`
if [ "$STATUS2" -eq "0"  ]; then
kill -9 $(ps -ef | grep keepalived | grep -v grep | awk ‘{print $2}’)
fi
fi
EOF
service keepalived restart

server B的配置

#!/bin/bash
#
#改变下MASTER BACKUP模式    还有优先级的id
#
yum -y install openssl-devel
cd /root
wget http://www.keepalived.org/software/keepalived-1.2.2.tar.gz
tar xzf keepalived-1.2.2.tar.gz
cd keepalived-1.2.2
./configure
make && make install
cp /usr/local/etc/rc.d/init.d/keepalived /etc/init.d/
cp /usr/local/etc/sysconfig/keepalived /etc/sysconfig/
chmod +x /etc/init.d/keepalived
chkconfig --add keepalived
chkconfig keepalived on
mkdir /etc/keepalived
ln -s /usr/local/sbin/keepalived /usr/sbin/
cat >> /etc/keepalived/keepalived.conf <<EOF
global_defs {
   notification_email {
     [email protected]
   }
   notification_email_from [email protected]
   smtp_server 127.0.0.1
   smtp_connect_timeout 30
   router_id LVS_DEVEL
}
vrrp_script chk_http_port {
                script "/opt/squid_ser.sh"
                interval 2
                weight 2
}
vrrp_instance VI_1 {
    state BACKUP
    interface eth0
    virtual_router_id 51
    priority 99
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
track_script {
        chk_http_port ### 执行监控的服务
        }
    virtual_ipaddress {
       10.10.10.88
    }
}
EOF
cat >> /opt/squid_ser.sh <<EOF
#!/bin/bash
STATUS=`netstat -nptl | grep squid | grep 80 | wc -l`
if [ "$STATUS" -eq "0" ]; then
/usr/local/squid/sbin/squid -s
STATUS2=`netstat -nptl | grep squid | grep 80 | wc -l`
if [ "$STATUS2" -eq "0"  ]; then
kill -9 $(ps -ef | grep keepalived | grep -v grep | awk ‘{print $2}’)
fi
fi
EOF
service keepalived restart

#############################################################################

数据的双向同步

1  下载安装~

wget http://apt.sw.be/redhat/el6/en/x86_64/rpmforge/RPMS/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
rpm -Uvh rpmforge-release*rpm
unison

2  
两服务器之间做ssh信任

 

ssh-keygen -t rsa
rsync -av id_rsa.pub [email protected]:///root/.ssh/id_rsa.pub_10
ssh-keygen -t rsa
rsync -av id_rsa.pub [email protected]:///root/.ssh/id_rsa.pub_20
cd /root/.ssh/
cat id_rsa.pub_10 > authorized_keys
cd /root/.ssh/
cat id_rsa.pub_20 > authorized_keys

3 运行同步

通过直接的命令的方式

/usr/local/bin/unison /var/www/html/ ssh://[email protected]//var/www/html/  > /dev/null 2>&1 &
/usr/local/bin/unison /var/www/html/ ssh://[email protected]//var/www/html/ > /dev/null 2>&1  &

同过配置文件来使用unison

尽管可以完全通过命令行的方式来指定unison运行所需要的参数，但我还是推荐使用配置文件来进行配置使用unison，原因很简单，看配置文件比看命令行容易理解，而且可管理性更强。
默认的配置文件夹位于~currentuser/.unison，即当前用户的home目录下，windows则位于C:Documents and Settingscurrentuser.unison，默认的配置文件名是default.prf.
运行这样的命令：
# unison config
Unison将读取~currentuser/.unison/config.prf文件里的配置。
下面是一个简单的配置文件例子（用于bbs应用中两个文件夹同步）：
root = /var/www/html
root = ssh://[email protected]//var/www/html
force = /var/www/html
ignore = Path WEB-INF/tmp
auto = true
log = true
logfile = /home/support/.unison/itbbs_239.172.log
两个root表示需要同步的文件夹。
force表示以本地的/var/www/html文件夹为标准，将该目录同步到远端。
ignore = Path表示忽略root下面的WEB-INF/tmp目录，即同步时不同步它。
Auto表示自动应用默认的更新规则。应为这里是以本地文件夹为准，不会出现更新冲突现象，可以使用默认更新规则。
log = true表示在终端输出运行信息。
logfile则指定了同时将输出写入log文件。

 

更多的参数：

――root表示需要同步的目录；

 

――force表示使用unison单项同步功能，注释掉以便启用双向同步；

――ignore = Path表示同步/mnt目录时不同步tmp；

――batch = true,表示全自动模式，接受缺省动作；

――fastcheck = true，表示同步时使用文件的创建时间来比较两地文件，如果这个选项为false，unison则将比较两地文件的内容.建议设置为true；

――log = true；

――logfile则指定了同时将输出写入log文件。

更多参数的详细介绍，请参考unison的使用手册。

/usr/local/bin/unison -help

 

 

 

本文出自 “峰云，就她了。” 博客，谢绝转载！