linux_wiki:load_balancing_haproxy_and_keepalived

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
linux_wiki:load_balancing_haproxy_and_keepalived [2017/07/07 22:54]
billdozor [Network Addressing Setup] 		linux_wiki:load_balancing_haproxy_and_keepalived [2019/05/25 23:50] (current)
Line 20: Line 20:
   * Server "lb01" -> 10.1.2.1 (eth0)   * Server "lb01" -> 10.1.2.1 (eth0)
   * Server "lb02" -> 10.1.2.2 (eth0)   * Server "lb02" -> 10.1.2.2 (eth0)
-  * "lb" -> 10.1.2.3 (load balancer virtual IP - floats between servers)+  * "lbvip" -> 10.1.2.3 (load balancer virtual IP - floats between servers)
  
 Web Servers (used in haproxy example config) Web Servers (used in haproxy example config)
   * web01 -> 10.1.2.50   * web01 -> 10.1.2.50
   * web02 -> 10.1.2.51   * web02 -> 10.1.2.51
 +
 +\\
 +{{ haproxy_keepalived_example.jpg |}}
 +\\
  
 ---- ----
Line 39: Line 43:
  
 Configuring keepalived and haproxy. Configuring keepalived and haproxy.
 +
 +----
  
 ===== Keepalived ===== ===== Keepalived =====
Line 75: Line 81:
   }   }
 }</code> }</code>
 +
 +----
  
 ===== HA-Proxy ===== ===== HA-Proxy =====
Line 81: Line 89:
  
 Official Site: http://www.haproxy.org/ Official Site: http://www.haproxy.org/
 +
 +==== Main Config ====
  
   * Configure HA-Proxy (/etc/haproxy/haproxy.cfg)   * Configure HA-Proxy (/etc/haproxy/haproxy.cfg)
     * Remove all example frontend and backend config sections (leave default section)     * Remove all example frontend and backend config sections (leave default section)
-    * Add New frontend/backend sections **Example**:<code bash>#--------------------------------------------------------------------- +    * Add a section for the HAProxy Stats page<code bash>#--------------------------------------------------------------------- 
-http-in frontend which proxys to the backends+# HAProxy Stats 
 +#--------------------------------------------------------------------- 
 +listen stats 
 +  # SSL Mode and Cert 
 +  bind *:9000 ssl crt /etc/pki/tls/mycertfiles.pem 
 +  mode http 
 + 
 +  # Enable Stats and Hide Version 
 +  stats enable 
 +  stats hide-version 
 + 
 +  # Authentication realm. This can be set to anything. Escape space characters with a backslash. 
 +  stats realm HAProxy\ Statistics 
 + 
 +  # The virtual URL to access the stats page 
 +  stats uri /haproxy_stats 
 + 
 +  # The user/pass you want to use. Change this password! 
 +  stats auth admin:adminpassword</code> 
 +  * The pem certificate file is a concatenation of the SSL key, cert, and certificate authority. Example<code bash>cat mykey.key mycert.crt myCAs.crt >> mycertfiles.pem</code> 
 + 
 +==== Frontend/Backend Configs ==== 
 + 
 +    * Create new directory to hold frontend/backend config files<code bash>mkdir /etc/haproxy/config.d</code> 
 +    * Create new frontend/backend config files (Example: /etc/haproxy/config.d/http.cfg) 
 +      * Add New frontend/backend sections **Example**:<code bash>#--------------------------------------------------------------------- 
 +fe_http frontend which proxys to the backends
 #--------------------------------------------------------------------- #---------------------------------------------------------------------
-frontend  http-in *:80+frontend  fe_http *:80
     # Log format     # Log format
     option httplog     option httplog
  
 +    # Timeout Settings
 +    #no option http-server-close
 +    #timeout client 1m  #default: 50s
 +    
     #-- ACLs - Match HTTP Requests --#     #-- ACLs - Match HTTP Requests --#
     acl url_web       path_beg    -i /mywebsite     acl url_web       path_beg    -i /mywebsite
  
     #-- Backend Selection based on ACLs --#     #-- Backend Selection based on ACLs --#
-    use_backend web_pool1    if url_web+    use_backend be_web_pool1    if url_web
  
 +    # If not using ACLs for backend selection or to have a fall back selection
 +    #default_backend be_web_pool1
 +    
 #--------------------------------------------------------------------- #---------------------------------------------------------------------
 # Backend Configuration # Backend Configuration
 #--------------------------------------------------------------------- #---------------------------------------------------------------------
-backend web_pool1 +backend be_web_pool1 
-    balance  roundrobin +    # Replace "/mywebsite/" with "/" at the beginning of the request 
-    server  web01 10.1.2.50:80 check +    reqirep ^([^\ ]*\ /)mywebsite[/]?(.*)  \1\2 
-    server  web02 10.1.2.51:80 check</code>+ 
 +    # Backend Protocol 
 +    mode http 
 + 
 +    #-- Timeout Settings --# 
 +    #timeout connect 1m  #default: 5s 
 +    #timeout server 2m  #default: 50s 
 +     
 +    #-- Health check options --# 
 +    # Use http layer 7 check instead of default layer 4 port check 
 +    option httpchk HEAD / 
 +    # inter: How often to execute a health check (default: 2s) 
 +    # rise: Number of consecutive checks before server is UP (default: 2) 
 +    # fall: Number of consecutive checks before server is DOWN (default: 3) 
 +    default-server inter 5s rise 2 fall 3 
 +    # timeout check: Fail health check after x seconds of no response (default: 10s) 
 +    timeout check 12s 
 +     
 +    #-- Balancing --# 
 +    balance  leastconn 
 +    # fullconn: does nothing since we are not using minconn (just makes the dashboard less confusing) 
 +    fullconn 1000 
 +    server  web01 10.1.2.50:80 check maxconn 500 
 +    server  web02 10.1.2.51:80 check maxconn 500</code> 
 +  * Ensure each additional config file in config.d/ is setup in haproxy's environment options(/etc/sysconfig/haproxy)<code bash># Config files specifying frontend/backends 
 +OPTIONS="-f /etc/haproxy/config.d/http.cfg"</code> 
 +    * Multiple config files example:<code bash>OPTIONS="-f /etc/haproxy/config.d/http.cfg -f /etc/haproxy/config.d/otherfrontend.cfg"</code> 
 + 
 +==== Additional Config Examples ==== 
 + 
 +**Session Persistence** 
 +  * Cookies: Application layer persistence (app needs to support cookies)<code bash>    #-- Balancing --# 
 +    balance  leastconn 
 +    # Use Cookie for Session Persistence 
 +    cookie SERVERID insert indirect nocache 
 +    # fullconn: does nothing since we are not using minconn (just makes the dashboard less confusing) 
 +    fullconn 1000 
 +    server  web01 10.1.2.50:80 check cookie web01 maxconn 500 
 +    server  web02 10.1.2.51:80 check cookie web02 maxconn 500</code> 
 +  * Source IP: Affinity based on source IP hash (app doesn't need to know about it)<code bash>    #-- Balancing --# 
 +    balance  source 
 +    # fullconn: does nothing since we are not using minconn (just makes the dashboard less confusing) 
 +    fullconn 1000 
 +    server  web01 10.1.2.50:80 check maxconn 500 
 +    server  web02 10.1.2.51:80 check maxconn 500</code> 
 + 
 +----
  
 ===== Logging ===== ===== Logging =====
Line 149: Line 238:
  
   * Load Balancers (lb01, lb02) can be rebooted 1 at a time to avoid service interruption.   * Load Balancers (lb01, lb02) can be rebooted 1 at a time to avoid service interruption.
-  * Determine the inactive system (the system that does NOT have the virtual IP as a secondary address<code bash>ip addr sh</code> +  * Determine the **inactive system** (the system that does NOT have the virtual IP as a secondary address<code bash>ip addr sh</code> 
-    * Reboot the inactive system<code bash>reboot</code>+    * Reboot the **inactive system**<code bash>reboot</code>
     * Once the inactive system is up, verify keepalived and haproxy are running<code bash>systemctl status keepalived haproxy</code>     * Once the inactive system is up, verify keepalived and haproxy are running<code bash>systemctl status keepalived haproxy</code>
   * Stop keepalived on the active system in order to force a fail over<code bash>systemctl stop keepalived</code>   * Stop keepalived on the active system in order to force a fail over<code bash>systemctl stop keepalived</code>
-    * Reboot the system with keepalived stopped<code bash>reboot</code>+    * Verify connections to the frontend listeners go away<code bash>netstat -anpt | grep haproxy | grep -v 9000</code> 
 +    * Reboot the system with keepalived stopped and no more client connections<code bash>reboot</code>
  
 ---- ----
  
  • linux_wiki/load_balancing_haproxy_and_keepalived.1499482466.txt.gz
  • Last modified: 2019/05/25 23:50
  • (external edit)