Hiroshi Kouda wrote: > I want to make High Availability place from ultramonkey and squid. > > ----------------- ----------------- > | ultramonkey 1| | ultramonkey 2| > | (active) | | (standby) | > ----------------- ----------------- > | | > | | > ---------------------------- > | > | > ---------------------------- > | | > | | > ----------------- ----------------- > | squid 1 | | squid 2 | > ----------------- ----------------- > | | > | | > ---------------------------- > | > | > ----------------- > | web | > ----------------- > > ultramonkey VIP 192.168.4.104 > squid 1 192.168.4.12 VIP 192.168.4.104 > squid 1 192.168.4.13 VIP 192.168.4.104 > web 1 192.168.4.11 VIP 192.168.4.104 > > > > ↑ This composition can't connect web server > > > > > ----------------- > | squid | > ----------------- > | > | > ----------------- > | web | > ----------------- > > > ↑but,This composition can connect web server > > > > > why It is not possible to connect it when ultramonkey passing ? > Perhapse ultramonkey does not know what to do with requests for: http://192.168.4.11/foo when they are forced into 192.168.4.104. Squid being configured as an open proxy does not care. Just passes everything to the peer without security checks. > > > config are > > > ■ultramonkey 1 > > > /etc/sysconfig/network-scripts/ifcfg-lo:0 > ---------------------------- > DEVICE=lo:0 > TYPE=Ethernet > BOOTPROTO=static > BROADCAST=192.168.4.255 > IPADDR=192.168.4.104 > NETMASK=255.255.255.255 > NETWORK=192.168.4.0 > ONBOOT=yes > NAME=loopback > ---------------------------- > > > /etc/ha.d/ha.cf > ----------------------------------------------------------------- > logfile /var/log/ha-log > logfacility local0 > keepalive 2 > deadtime 30 > warntime 10 > initdead 120 > udpport 694 > baud 19200 > > ucast bond0 192.168.4.101 > auto_failback on > watchdog /dev/watchdog > > node barancer1 barancer2 > respawn root /usr/local/bin/check_network # check script > ------------------------------------------------------------------- > > > /etc/ha.d/ldirectord.cf > ------------------------------------------------------------------- > checktimeout=3 > checkinterval=10 > autoreload=yes > logfile="/var/log/ldirectord.log" > quiescent=yes > > > virtual=192.168.4.104:80 > real=192.168.4.12:80 gate #squid1 > real=192.168.4.13:80 gate #squid2 > scheduler=wrr > service=none > persistent=100 > protocol=tcp > checktype=connect > ------------------------------------------------------------------- > > > /etc/sysctl.conf > ------------------------------------------------------------------- > # Kernel sysctl configuration file for Red Hat Linux > # > # For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and > # sysctl.conf(5) for more details. > > # Controls IP packet forwarding > net.ipv4.ip_forward = 1 > > # Controls source route verification > net.ipv4.conf.default.rp_filter = 1 > > # Do not accept source routing > net.ipv4.conf.default.accept_source_route = 0 > > # Controls the System Request debugging functionality of the kernel > kernel.sysrq = 0 > > # Controls whether core dumps will append the PID to the core filename. > # Useful for debugging multi-threaded applications. > kernel.core_uses_pid = 1 > > net.ipv4.vs.expire_quiescent_template = 1 > net.ipv4.conf.all.arp_ignore = 1 > net.ipv4.conf.bond0.arp_ignore = 1 > net.ipv4.conf.all.arp_announce = 2 > net.ipv4.conf.bond0.arp_announce = 2 > ------------------------------------------------------------------- > > > > > > ■ squid 1 > > /etc/sysconfig/network-scripts/ifcfg-lo:0 > ---------------------------- > DEVICE=lo:0 > TYPE=Ethernet > BOOTPROTO=static > BROADCAST=192.168.4.255 > IPADDR=192.168.4.104 > NETMASK=255.255.255.255 > NETWORK=192.168.4.0 > ONBOOT=yes > NAME=loopback > ---------------------------- > > /usr/local/squid/etc/squid.conf > ------------------------------------------------------------------- > cache_effective_user squid > cache_effective_group squid > > cache_dir coss /usr/local/squid/var/cache 1024 block-size=512 max-size=1048576 > cache_swap_log /usr/local/squid/var/cache/cache_swap_log > > http_port 192.168.4.104:80 accel defaultsite=192.168.4.11 > cache_peer 192.168.4.11 parent 80 0 no-query originserver > > > cache_mem 64 MB > > refresh_pattern data/mails/.* 0 25% 43200 ignore-reload > refresh_pattern data/.* 0 0 0 > refresh_pattern . 0 25% 4320 ignore-reload > > client_persistent_connections off > server_persistent_connections off > > acl all src 0.0.0.0/0.0.0.0 > http_access allow all > > emulate_httpd_log on > > access_log /usr/local/squid/var/logs/access.log common > cache_log /usr/local/squid/var/logs/cache.log > cache_store_log /usr/local/squid/var/logs/store.log > > forwarded_for off > > header_access X-Cache deny all > header_access X-Squid-Error deny all > header_access Via deny all > ------------------------------------------------------------------- > > > > /etc/sysctl.conf > ------------------------------------------------------------------- > # Kernel sysctl configuration file for Red Hat Linux > # > # For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and > # sysctl.conf(5) for more details. > > # Controls IP packet forwarding > net.ipv4.ip_forward = 0 > > # Controls source route verification > net.ipv4.conf.default.rp_filter = 1 > > # Do not accept source routing > net.ipv4.conf.default.accept_source_route = 0 > > # Controls the System Request debugging functionality of the kernel > kernel.sysrq = 0 > > # Controls whether core dumps will append the PID to the core filename. > # Useful for debugging multi-threaded applications. > kernel.core_uses_pid = 1 > > net.ipv4.conf.all.arp_ignore = 1 > net.ipv4.conf.bond0.arp_ignore = 1 > net.ipv4.conf.all.arp_announce = 2 > net.ipv4.conf.bond0.arp_announce = 2 > ------------------------------------------------------------------- > > > ■ web > > /usr/local/apache2/conf/extra/httpd-vhosts.conf > ------------------------------------------------------------------- > NameVirtualHost 192.168.4.11:80 > > <VirtualHost 192.168.4.11:80> > ServerName images.hogehoge.com > DocumentRoot /var/www/webroot/common/images > </VirtualHost> > ------------------------------------------------------------------- > > > > > > > > > > > ↓ I think that this IP is wrong. ...? > > > > /usr/local/squid/etc/squid.conf > ------------------------------------------------------------------- > http_port 192.168.4.104:80 accel defaultsite=192.168.4.11 > cache_peer 192.168.4.11 parent 80 0 no-query originserver > ------------------------------------------------------------------- > > > /usr/local/apache2/conf/extra/httpd-vhosts.conf > ------------------------------------------------------------------- > NameVirtualHost 192.168.4.11:80 > > <VirtualHost 192.168.4.11:80> > ------------------------------------------------------------------- -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE15 Current Beta Squid 3.1.0.7
