linux_wiki:load_balancing_haproxy_and_keepalived

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revision Both sides next revision
linux_wiki:load_balancing_haproxy_and_keepalived [2017/07/07 22:54]
billdozor [Network Addressing Setup]
linux_wiki:load_balancing_haproxy_and_keepalived [2018/04/09 00:19]
billdozor [HA-Proxy]
Line 20: Line 20:
   * Server "lb01" -> 10.1.2.1 (eth0)   * Server "lb01" -> 10.1.2.1 (eth0)
   * Server "lb02" -> 10.1.2.2 (eth0)   * Server "lb02" -> 10.1.2.2 (eth0)
-  * "lb" -> 10.1.2.3 (load balancer virtual IP - floats between servers)+  * "lbvip" -> 10.1.2.3 (load balancer virtual IP - floats between servers)
  
 Web Servers (used in haproxy example config) Web Servers (used in haproxy example config)
   * web01 -> 10.1.2.50   * web01 -> 10.1.2.50
   * web02 -> 10.1.2.51   * web02 -> 10.1.2.51
 +
 +\\
 +{{ haproxy_keepalived_example.jpg |}}
 +\\
  
 ---- ----
Line 39: Line 43:
  
 Configuring keepalived and haproxy. Configuring keepalived and haproxy.
 +
 +----
  
 ===== Keepalived ===== ===== Keepalived =====
Line 75: Line 81:
   }   }
 }</code> }</code>
 +
 +----
  
 ===== HA-Proxy ===== ===== HA-Proxy =====
Line 81: Line 89:
  
 Official Site: http://www.haproxy.org/ Official Site: http://www.haproxy.org/
 +
 +==== Main Config ====
  
   * Configure HA-Proxy (/etc/haproxy/haproxy.cfg)   * Configure HA-Proxy (/etc/haproxy/haproxy.cfg)
     * Remove all example frontend and backend config sections (leave default section)     * Remove all example frontend and backend config sections (leave default section)
-    * Add New frontend/backend sections **Example**:<code bash>#--------------------------------------------------------------------- +    * Add a section for the HAProxy Stats page<code bash>#--------------------------------------------------------------------- 
-http-in frontend which proxys to the backends+# HAProxy Stats 
 +#--------------------------------------------------------------------- 
 +listen stats 
 +  # SSL Mode and Cert 
 +  bind *:9000 ssl crt /etc/pki/tls/mycertfiles.pem 
 +  mode http 
 + 
 +  # Enable Stats and Hide Version 
 +  stats enable 
 +  stats hide-version 
 + 
 +  # Authentication realm. This can be set to anything. Escape space characters with a backslash. 
 +  stats realm HAProxy\ Statistics 
 + 
 +  # The virtual URL to access the stats page 
 +  stats uri /haproxy_stats 
 + 
 +  # The user/pass you want to use. Change this password! 
 +  stats auth admin:adminpassword</code> 
 +  * The pem certificate file is a concatenation of the SSL key, cert, and certificate authority. Example<code bash>cat mykey.key mycert.crt myCAs.crt >> mycertfiles.pem</code> 
 + 
 +==== Frontend/Backend Configs ==== 
 + 
 +    * Create new directory to hold frontend/backend config files<code bash>mkdir /etc/haproxy/config.d</code> 
 +    * Create new frontend/backend config files (Example: /etc/haproxy/config.d/http.cfg) 
 +      * Add New frontend/backend sections **Example**:<code bash>#--------------------------------------------------------------------- 
 +fe_http frontend which proxys to the backends
 #--------------------------------------------------------------------- #---------------------------------------------------------------------
-frontend  http-in *:80+frontend  fe_http *:80
     # Log format     # Log format
     option httplog     option httplog
  
 +    # Timeout Settings
 +    #no option http-server-close
 +    #timeout client 1m  #default: 50s
 +    
     #-- ACLs - Match HTTP Requests --#     #-- ACLs - Match HTTP Requests --#
     acl url_web       path_beg    -i /mywebsite     acl url_web       path_beg    -i /mywebsite
  
     #-- Backend Selection based on ACLs --#     #-- Backend Selection based on ACLs --#
-    use_backend web_pool1    if url_web+    use_backend be_web_pool1    if url_web
  
 +    # If not using ACLs for backend selection or to have a fall back selection
 +    #default_backend be_web_pool1
 +    
 #--------------------------------------------------------------------- #---------------------------------------------------------------------
 # Backend Configuration # Backend Configuration
 #--------------------------------------------------------------------- #---------------------------------------------------------------------
-backend web_pool1 +backend be_web_pool1 
-    balance  roundrobin +    # Replace "/mywebsite/" with "/" at the beginning of the request 
-    server  web01 10.1.2.50:80 check +    reqirep ^([^\ ]*\ /)mywebsite[/]?(.*)  \1\2 
-    server  web02 10.1.2.51:80 check</code>+ 
 +    # Backend Protocol 
 +    mode http 
 + 
 +    #-- Timeout Settings --# 
 +    #timeout connect 1m  #default: 5s 
 +    #timeout server 2m  #default: 50s 
 +     
 +    #-- Health check options --# 
 +    # Use http layer 7 check instead of default layer 4 port check 
 +    option httpchk HEAD / 
 +    # inter: How often to execute a health check (default: 2s) 
 +    # rise: Number of consecutive checks before server is UP (default: 2) 
 +    # fall: Number of consecutive checks before server is DOWN (default: 3) 
 +    default-server inter 5s rise 2 fall 3 
 +    # timeout check: Fail health check after x seconds of no response (default: 10s) 
 +    timeout check 12s 
 +     
 +    #-- Balancing --# 
 +    balance  leastconn 
 +    # fullconn: does nothing since we are not using minconn (just makes the dashboard less confusing) 
 +    fullconn 1000 
 +    server  web01 10.1.2.50:80 check maxconn 500 
 +    server  web02 10.1.2.51:80 check maxconn 500</code> 
 +  * Ensure each additional config file in config.d/ is setup in haproxy's environment options(/etc/sysconfig/haproxy)<code bash># Config files specifying frontend/backends 
 +OPTIONS="-f /etc/haproxy/config.d/http.cfg"</code> 
 +    * Multiple config files example:<code bash>OPTIONS="-f /etc/haproxy/config.d/http.cfg -f /etc/haproxy/config.d/otherfrontend.cfg"</code> 
 + 
 +----
  
 ===== Logging ===== ===== Logging =====
Line 149: Line 220:
  
   * Load Balancers (lb01, lb02) can be rebooted 1 at a time to avoid service interruption.   * Load Balancers (lb01, lb02) can be rebooted 1 at a time to avoid service interruption.
-  * Determine the inactive system (the system that does NOT have the virtual IP as a secondary address<code bash>ip addr sh</code> +  * Determine the **inactive system** (the system that does NOT have the virtual IP as a secondary address<code bash>ip addr sh</code> 
-    * Reboot the inactive system<code bash>reboot</code>+    * Reboot the **inactive system**<code bash>reboot</code>
     * Once the inactive system is up, verify keepalived and haproxy are running<code bash>systemctl status keepalived haproxy</code>     * Once the inactive system is up, verify keepalived and haproxy are running<code bash>systemctl status keepalived haproxy</code>
   * Stop keepalived on the active system in order to force a fail over<code bash>systemctl stop keepalived</code>   * Stop keepalived on the active system in order to force a fail over<code bash>systemctl stop keepalived</code>
-    * Reboot the system with keepalived stopped<code bash>reboot</code>+    * Verify connections to the frontend listeners go away<code bash>netstat -anpt | grep haproxy | grep -v 9000</code> 
 +    * Reboot the system with keepalived stopped and no more client connections<code bash>reboot</code>
  
 ---- ----
  
  • linux_wiki/load_balancing_haproxy_and_keepalived.txt
  • Last modified: 2019/05/25 23:50
  • (external edit)