General Information
Creating a highly available pair of load balancers with HAProxy and Keepalived.
Checklist
Network configuration used in the examples below.
Load Balancers
Web Servers (used in haproxy example config)
Install the required packages on the load balancer servers
yum install keepalived
yum install haproxy
Configuring keepalived and haproxy.
Keepalived utlizes a Linux kernel implementation of VRRP. (Virtual Router Redundancy Protocol)
Official Site: http://www.keepalived.org/
! Configuration File for keepalived vrrp_script check_haproxy { script "killall -0 haproxy" # check the haproxy process timeout 1 interval 2 # every 2 seconds weight 2 # add 2 points if OK } vrrp_instance VI_1 { state BACKUP # All instances 'BACKUP' to prevent VIP flapping interface eth0 virtual_router_id 51 priority 100 # All instances same priority to prevent VIP flapping advert_int 1 authentication { auth_type PASS auth_pass PASSWORDHERE } virtual_ipaddress { 10.1.2.3 } track_script { check_haproxy } }
HAProxy is a TCP/HTTP load balancer.
Official Site: http://www.haproxy.org/
#--------------------------------------------------------------------- # HAProxy Stats #--------------------------------------------------------------------- listen stats # SSL Mode and Cert bind *:9000 ssl crt /etc/pki/tls/mycertfiles.pem mode http # Enable Stats and Hide Version stats enable stats hide-version # Authentication realm. This can be set to anything. Escape space characters with a backslash. stats realm HAProxy\ Statistics # The virtual URL to access the stats page stats uri /haproxy_stats # The user/pass you want to use. Change this password! stats auth admin:adminpassword
cat mykey.key mycert.crt myCAs.crt >> mycertfiles.pem
mkdir /etc/haproxy/config.d
#--------------------------------------------------------------------- # fe_http frontend which proxys to the backends #--------------------------------------------------------------------- frontend fe_http *:80 # Log format option httplog # Timeout Settings #no option http-server-close #timeout client 1m #default: 50s #-- ACLs - Match HTTP Requests --# acl url_web path_beg -i /mywebsite #-- Backend Selection based on ACLs --# use_backend be_web_pool1 if url_web # If not using ACLs for backend selection or to have a fall back selection #default_backend be_web_pool1 #--------------------------------------------------------------------- # Backend Configuration #--------------------------------------------------------------------- backend be_web_pool1 # Replace "/mywebsite/" with "/" at the beginning of the request reqirep ^([^\ ]*\ /)mywebsite[/]?(.*) \1\2 # Backend Protocol mode http #-- Timeout Settings --# #timeout connect 1m #default: 5s #timeout server 2m #default: 50s #-- Health check options --# # Use http layer 7 check instead of default layer 4 port check option httpchk HEAD / # inter: How often to execute a health check (default: 2s) # rise: Number of consecutive checks before server is UP (default: 2) # fall: Number of consecutive checks before server is DOWN (default: 3) default-server inter 5s rise 2 fall 3 # timeout check: Fail health check after x seconds of no response (default: 10s) timeout check 12s #-- Balancing --# balance leastconn # fullconn: does nothing since we are not using minconn (just makes the dashboard less confusing) fullconn 1000 server web01 10.1.2.50:80 check maxconn 500 server web02 10.1.2.51:80 check maxconn 500
# Config files specifying frontend/backends OPTIONS="-f /etc/haproxy/config.d/http.cfg"
OPTIONS="-f /etc/haproxy/config.d/http.cfg -f /etc/haproxy/config.d/otherfrontend.cfg"
Session Persistence
#-- Balancing --# balance leastconn # Use Cookie for Session Persistence cookie SERVERID insert indirect nocache # fullconn: does nothing since we are not using minconn (just makes the dashboard less confusing) fullconn 1000 server web01 10.1.2.50:80 check cookie web01 maxconn 500 server web02 10.1.2.51:80 check cookie web02 maxconn 500
#-- Balancing --# balance source # fullconn: does nothing since we are not using minconn (just makes the dashboard less confusing) fullconn 1000 server web01 10.1.2.50:80 check maxconn 500 server web02 10.1.2.51:80 check maxconn 500
Setup logging for HAProxy.
## HA-Proxy Rsyslog Config ## # Load UDP Modules $ModLoad imudp # Run UDP server $UDPServerRun 514 # Allow only localhost $AllowedSender UDP, 127.0.0.1 # Send local2 haproxy logs to /var/log/haproxy.log local2.none /var/log/messages local2.* /var/log/haproxy.log
systemctl restart rsyslog
Operating the load balancers.
Start and enable the services on each node.
systemctl start haproxy
systemctl enable haproxy
systemctl start keepalived
systemctl enable keepalived
Reboot procedure and dependencies.
ip addr sh
reboot
systemctl status keepalived haproxy
systemctl stop keepalived
netstat -anpt | grep haproxy | grep -v 9000
reboot