Differences
This shows you the differences between two versions of the page.
linux_wiki:load_balancing_haproxy_and_keepalived [2018/04/09 00:19] billdozor [HA-Proxy] |
linux_wiki:load_balancing_haproxy_and_keepalived [2019/05/25 23:50] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Load Balancing with HAProxy And Keepalived ====== | ||
- | |||
- | **General Information** | ||
- | |||
- | Creating a highly available pair of load balancers with HAProxy and Keepalived. | ||
- | |||
- | **Checklist** | ||
- | * Number of systems | ||
- | * 2 servers to be load balancers | ||
- | * 2 servers for web servers (in the example) | ||
- | * Distro(s): Enterprise Linux 7 | ||
- | |||
- | ---- | ||
- | |||
- | ====== Network Addressing Setup ====== | ||
- | |||
- | Network configuration used in the examples below. | ||
- | |||
- | Load Balancers | ||
- | * Server " | ||
- | * Server " | ||
- | * " | ||
- | |||
- | Web Servers (used in haproxy example config) | ||
- | * web01 -> 10.1.2.50 | ||
- | * web02 -> 10.1.2.51 | ||
- | |||
- | \\ | ||
- | {{ haproxy_keepalived_example.jpg |}} | ||
- | \\ | ||
- | |||
- | ---- | ||
- | |||
- | ====== Install ====== | ||
- | |||
- | Install the required packages on the load balancer servers | ||
- | * KeepAliveD (high availability)< | ||
- | * HA-Proxy (load balancing)< | ||
- | |||
- | ---- | ||
- | |||
- | ====== Configure ====== | ||
- | |||
- | Configuring keepalived and haproxy. | ||
- | |||
- | ---- | ||
- | |||
- | ===== Keepalived ===== | ||
- | |||
- | Keepalived utlizes a Linux kernel implementation of VRRP. (Virtual Router Redundancy Protocol) | ||
- | |||
- | Official Site: http:// | ||
- | |||
- | * Configure all nodes with these keepalive settings (/ | ||
- | |||
- | vrrp_script check_haproxy { | ||
- | script " | ||
- | timeout 1 | ||
- | interval 2 # every 2 seconds | ||
- | weight 2 # add 2 points if OK | ||
- | } | ||
- | |||
- | vrrp_instance VI_1 { | ||
- | state BACKUP | ||
- | interface eth0 | ||
- | virtual_router_id 51 | ||
- | priority 100 # All instances same priority to prevent VIP flapping | ||
- | advert_int 1 | ||
- | |||
- | authentication { | ||
- | auth_type PASS | ||
- | auth_pass PASSWORDHERE | ||
- | } | ||
- | |||
- | virtual_ipaddress { | ||
- | 10.1.2.3 | ||
- | } | ||
- | |||
- | track_script { | ||
- | check_haproxy | ||
- | } | ||
- | }</ | ||
- | |||
- | ---- | ||
- | |||
- | ===== HA-Proxy ===== | ||
- | |||
- | HAProxy is a TCP/HTTP load balancer. | ||
- | |||
- | Official Site: http:// | ||
- | |||
- | ==== Main Config ==== | ||
- | |||
- | * Configure HA-Proxy (/ | ||
- | * Remove all example frontend and backend config sections (leave default section) | ||
- | * Add a section for the HAProxy Stats page< | ||
- | # HAProxy Stats | ||
- | # | ||
- | listen stats | ||
- | # SSL Mode and Cert | ||
- | bind *:9000 ssl crt / | ||
- | mode http | ||
- | |||
- | # Enable Stats and Hide Version | ||
- | stats enable | ||
- | stats hide-version | ||
- | |||
- | # Authentication realm. This can be set to anything. Escape space characters with a backslash. | ||
- | stats realm HAProxy\ Statistics | ||
- | |||
- | # The virtual URL to access the stats page | ||
- | stats uri / | ||
- | |||
- | # The user/pass you want to use. Change this password! | ||
- | stats auth admin: | ||
- | * The pem certificate file is a concatenation of the SSL key, cert, and certificate authority. Example< | ||
- | |||
- | ==== Frontend/ | ||
- | |||
- | * Create new directory to hold frontend/ | ||
- | * Create new frontend/ | ||
- | * Add New frontend/ | ||
- | # fe_http frontend which proxys to the backends | ||
- | # | ||
- | frontend | ||
- | # Log format | ||
- | option httplog | ||
- | |||
- | # Timeout Settings | ||
- | #no option http-server-close | ||
- | #timeout client 1m #default: 50s | ||
- | | ||
- | #-- ACLs - Match HTTP Requests --# | ||
- | acl url_web | ||
- | |||
- | #-- Backend Selection based on ACLs --# | ||
- | use_backend be_web_pool1 | ||
- | |||
- | # If not using ACLs for backend selection or to have a fall back selection | ||
- | # | ||
- | | ||
- | # | ||
- | # Backend Configuration | ||
- | # | ||
- | backend be_web_pool1 | ||
- | # Replace "/ | ||
- | reqirep ^([^\ ]*\ / | ||
- | |||
- | # Backend Protocol | ||
- | mode http | ||
- | |||
- | #-- Timeout Settings --# | ||
- | #timeout connect 1m #default: 5s | ||
- | #timeout server 2m #default: 50s | ||
- | | ||
- | #-- Health check options --# | ||
- | # Use http layer 7 check instead of default layer 4 port check | ||
- | option httpchk HEAD / | ||
- | # inter: How often to execute a health check (default: 2s) | ||
- | # rise: Number of consecutive checks before server is UP (default: 2) | ||
- | # fall: Number of consecutive checks before server is DOWN (default: 3) | ||
- | default-server inter 5s rise 2 fall 3 | ||
- | # timeout check: Fail health check after x seconds of no response (default: 10s) | ||
- | timeout check 12s | ||
- | | ||
- | #-- Balancing --# | ||
- | balance | ||
- | # fullconn: does nothing since we are not using minconn (just makes the dashboard less confusing) | ||
- | fullconn 1000 | ||
- | server | ||
- | server | ||
- | * Ensure each additional config file in config.d/ is setup in haproxy' | ||
- | OPTIONS=" | ||
- | * Multiple config files example:< | ||
- | |||
- | ---- | ||
- | |||
- | ===== Logging ===== | ||
- | |||
- | Setup logging for HAProxy. | ||
- | |||
- | * Create a Rsyslog drop in file for HA-Proxy (/ | ||
- | |||
- | # Load UDP Modules | ||
- | $ModLoad imudp | ||
- | |||
- | # Run UDP server | ||
- | $UDPServerRun 514 | ||
- | |||
- | # Allow only localhost | ||
- | $AllowedSender UDP, 127.0.0.1 | ||
- | |||
- | # Send local2 haproxy logs to / | ||
- | local2.none | ||
- | local2.* | ||
- | * Restart rsyslog< | ||
- | |||
- | ---- | ||
- | |||
- | ====== Operate ====== | ||
- | |||
- | Operating the load balancers. | ||
- | |||
- | ---- | ||
- | |||
- | ===== Services ===== | ||
- | |||
- | Start and enable the services on each node. | ||
- | |||
- | * HA-Proxy< | ||
- | systemctl enable haproxy</ | ||
- | * Keepalived< | ||
- | systemctl enable keepalived</ | ||
- | |||
- | ---- | ||
- | |||
- | ===== Reboots ===== | ||
- | |||
- | Reboot procedure and dependencies. | ||
- | |||
- | * Load Balancers (lb01, lb02) can be rebooted 1 at a time to avoid service interruption. | ||
- | * Determine the **inactive system** (the system that does NOT have the virtual IP as a secondary address< | ||
- | * Reboot the **inactive system**< | ||
- | * Once the inactive system is up, verify keepalived and haproxy are running< | ||
- | * Stop keepalived on the active system in order to force a fail over< | ||
- | * Verify connections to the frontend listeners go away< | ||
- | * Reboot the system with keepalived stopped and no more client connections< | ||
- | |||
- | ---- | ||