Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
linux_wiki:load_balancing_haproxy_and_keepalived [2017/07/07 23:24] billdozor [Network Addressing Setup] |
linux_wiki:load_balancing_haproxy_and_keepalived [2018/04/09 00:19] billdozor [HA-Proxy] |
||
---|---|---|---|
Line 26: | Line 26: | ||
* web02 -> 10.1.2.51 | * web02 -> 10.1.2.51 | ||
- | {{ haproxy_keepalived_example.jpg|}} | + | \\ |
+ | {{ haproxy_keepalived_example.jpg |}} | ||
+ | \\ | ||
---- | ---- | ||
Line 41: | Line 43: | ||
Configuring keepalived and haproxy. | Configuring keepalived and haproxy. | ||
+ | |||
+ | ---- | ||
===== Keepalived ===== | ===== Keepalived ===== | ||
Line 77: | Line 81: | ||
} | } | ||
}</ | }</ | ||
+ | |||
+ | ---- | ||
===== HA-Proxy ===== | ===== HA-Proxy ===== | ||
Line 83: | Line 89: | ||
Official Site: http:// | Official Site: http:// | ||
+ | |||
+ | ==== Main Config ==== | ||
* Configure HA-Proxy (/ | * Configure HA-Proxy (/ | ||
* Remove all example frontend and backend config sections (leave default section) | * Remove all example frontend and backend config sections (leave default section) | ||
- | * Add New frontend/ | + | |
- | # http-in | + | # HAProxy Stats |
+ | # | ||
+ | listen stats | ||
+ | # SSL Mode and Cert | ||
+ | bind *:9000 ssl crt / | ||
+ | mode http | ||
+ | |||
+ | # Enable Stats and Hide Version | ||
+ | stats enable | ||
+ | stats hide-version | ||
+ | |||
+ | # Authentication realm. This can be set to anything. Escape space characters with a backslash. | ||
+ | stats realm HAProxy\ Statistics | ||
+ | |||
+ | # The virtual URL to access the stats page | ||
+ | stats uri / | ||
+ | |||
+ | # The user/pass you want to use. Change this password! | ||
+ | stats auth admin: | ||
+ | * The pem certificate file is a concatenation of the SSL key, cert, and certificate authority. Example< | ||
+ | |||
+ | ==== Frontend/ | ||
+ | |||
+ | * Create new directory to hold frontend/ | ||
+ | * Create new frontend/ | ||
+ | | ||
+ | # fe_http | ||
# | # | ||
- | frontend | + | frontend |
# Log format | # Log format | ||
option httplog | option httplog | ||
+ | # Timeout Settings | ||
+ | #no option http-server-close | ||
+ | #timeout client 1m #default: 50s | ||
+ | | ||
#-- ACLs - Match HTTP Requests --# | #-- ACLs - Match HTTP Requests --# | ||
acl url_web | acl url_web | ||
#-- Backend Selection based on ACLs --# | #-- Backend Selection based on ACLs --# | ||
- | use_backend | + | use_backend |
+ | # If not using ACLs for backend selection or to have a fall back selection | ||
+ | # | ||
+ | | ||
# | # | ||
# Backend Configuration | # Backend Configuration | ||
# | # | ||
- | backend | + | backend |
- | balance | + | # Replace "/ |
- | server | + | reqirep ^([^\ ]*\ / |
- | server | + | |
+ | # Backend Protocol | ||
+ | mode http | ||
+ | |||
+ | #-- Timeout Settings --# | ||
+ | #timeout connect 1m #default: 5s | ||
+ | #timeout server 2m #default: 50s | ||
+ | |||
+ | #-- Health check options --# | ||
+ | # Use http layer 7 check instead of default layer 4 port check | ||
+ | option httpchk HEAD / | ||
+ | # inter: How often to execute a health check (default: 2s) | ||
+ | # rise: Number of consecutive checks before server is UP (default: 2) | ||
+ | # fall: Number of consecutive checks before server is DOWN (default: 3) | ||
+ | default-server inter 5s rise 2 fall 3 | ||
+ | # timeout check: Fail health check after x seconds of no response (default: 10s) | ||
+ | timeout check 12s | ||
+ | |||
+ | #-- Balancing --# | ||
+ | balance | ||
+ | # fullconn: does nothing since we are not using minconn (just makes the dashboard less confusing) | ||
+ | fullconn 1000 | ||
+ | server | ||
+ | server | ||
+ | * Ensure each additional config file in config.d/ is setup in haproxy' | ||
+ | OPTIONS=" | ||
+ | * Multiple config files example:< | ||
+ | |||
+ | ---- | ||
===== Logging ===== | ===== Logging ===== | ||
Line 151: | Line 220: | ||
* Load Balancers (lb01, lb02) can be rebooted 1 at a time to avoid service interruption. | * Load Balancers (lb01, lb02) can be rebooted 1 at a time to avoid service interruption. | ||
- | * Determine the inactive system (the system that does NOT have the virtual IP as a secondary address< | + | * Determine the **inactive system** (the system that does NOT have the virtual IP as a secondary address< |
- | * Reboot the inactive system< | + | * Reboot the **inactive system**<code bash> |
* Once the inactive system is up, verify keepalived and haproxy are running< | * Once the inactive system is up, verify keepalived and haproxy are running< | ||
* Stop keepalived on the active system in order to force a fail over< | * Stop keepalived on the active system in order to force a fail over< | ||
- | * Reboot the system with keepalived stopped< | + | |
+ | | ||
---- | ---- | ||