linux_wiki:load_balancing_haproxy_and_keepalived

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
linux_wiki:load_balancing_haproxy_and_keepalived [2018/03/26 13:21]
billdozor [Reboots] 		linux_wiki:load_balancing_haproxy_and_keepalived [2019/05/25 23:50] (current)
Line 26: Line 26:
   * web02 -> 10.1.2.51   * web02 -> 10.1.2.51
  
-{{ haproxy_keepalived_example.jpg|}}+\\ 
 +{{ haproxy_keepalived_example.jpg |}} 
 +\\
  
 ---- ----
Line 87: Line 89:
  
 Official Site: http://www.haproxy.org/ Official Site: http://www.haproxy.org/
 +
 +==== Main Config ====
  
   * Configure HA-Proxy (/etc/haproxy/haproxy.cfg)   * Configure HA-Proxy (/etc/haproxy/haproxy.cfg)
     * Remove all example frontend and backend config sections (leave default section)     * Remove all example frontend and backend config sections (leave default section)
-    * Add New frontend/backend sections **Example**:<code bash>#--------------------------------------------------------------------- +    * Add a section for the HAProxy Stats page<code bash>#--------------------------------------------------------------------- 
-http-in frontend which proxys to the backends+HAProxy Stats
 #--------------------------------------------------------------------- #---------------------------------------------------------------------
-frontend  http-in *:80+listen stats 
 +  # SSL Mode and Cert 
 +  bind *:9000 ssl crt /etc/pki/tls/mycertfiles.pem 
 +  mode http 
 + 
 +  # Enable Stats and Hide Version 
 +  stats enable 
 +  stats hide-version 
 + 
 +  # Authentication realm. This can be set to anything. Escape space characters with a backslash. 
 +  stats realm HAProxy\ Statistics 
 + 
 +  # The virtual URL to access the stats page 
 +  stats uri /haproxy_stats 
 + 
 +  # The user/pass you want to use. Change this password! 
 +  stats auth admin:adminpassword</code> 
 +  * The pem certificate file is a concatenation of the SSL key, cert, and certificate authority. Example<code bash>cat mykey.key mycert.crt myCAs.crt >> mycertfiles.pem</code> 
 + 
 +==== Frontend/Backend Configs ==== 
 + 
 +    * Create new directory to hold frontend/backend config files<code bash>mkdir /etc/haproxy/config.d</code> 
 +    * Create new frontend/backend config files (Example: /etc/haproxy/config.d/http.cfg) 
 +      * Add New frontend/backend sections **Example**:<code bash>#--------------------------------------------------------------------- 
 +# fe_http frontend which proxys to the backends 
 +#--------------------------------------------------------------------- 
 +frontend  fe_http *:80
     # Log format     # Log format
     option httplog     option httplog
  
 +    # Timeout Settings
 +    #no option http-server-close
 +    #timeout client 1m  #default: 50s
 +    
     #-- ACLs - Match HTTP Requests --#     #-- ACLs - Match HTTP Requests --#
     acl url_web       path_beg    -i /mywebsite     acl url_web       path_beg    -i /mywebsite
  
     #-- Backend Selection based on ACLs --#     #-- Backend Selection based on ACLs --#
-    use_backend web_pool1    if url_web+    use_backend be_web_pool1    if url_web
  
 +    # If not using ACLs for backend selection or to have a fall back selection
 +    #default_backend be_web_pool1
 +    
 #--------------------------------------------------------------------- #---------------------------------------------------------------------
 # Backend Configuration # Backend Configuration
 #--------------------------------------------------------------------- #---------------------------------------------------------------------
-backend web_pool1 +backend be_web_pool1 
-    balance  roundrobin +    # Replace "/mywebsite/" with "/" at the beginning of the request 
-    server  web01 10.1.2.50:80 check +    reqirep ^([^\ ]*\ /)mywebsite[/]?(.*)  \1\2 
-    server  web02 10.1.2.51:80 check</code>+ 
 +    # Backend Protocol 
 +    mode http 
 + 
 +    #-- Timeout Settings --# 
 +    #timeout connect 1m  #default: 5s 
 +    #timeout server 2m  #default: 50s 
 +     
 +    #-- Health check options --# 
 +    # Use http layer 7 check instead of default layer 4 port check 
 +    option httpchk HEAD / 
 +    # inter: How often to execute a health check (default: 2s) 
 +    # rise: Number of consecutive checks before server is UP (default: 2) 
 +    # fall: Number of consecutive checks before server is DOWN (default: 3) 
 +    default-server inter 5s rise 2 fall 3 
 +    # timeout check: Fail health check after x seconds of no response (default: 10s) 
 +    timeout check 12s 
 +     
 +    #-- Balancing --# 
 +    balance  leastconn 
 +    # fullconn: does nothing since we are not using minconn (just makes the dashboard less confusing) 
 +    fullconn 1000 
 +    server  web01 10.1.2.50:80 check maxconn 500 
 +    server  web02 10.1.2.51:80 check maxconn 500</code> 
 +  * Ensure each additional config file in config.d/ is setup in haproxy's environment options(/etc/sysconfig/haproxy)<code bash># Config files specifying frontend/backends 
 +OPTIONS="-f /etc/haproxy/config.d/http.cfg"</code> 
 +    * Multiple config files example:<code bash>OPTIONS="-f /etc/haproxy/config.d/http.cfg -f /etc/haproxy/config.d/otherfrontend.cfg"</code> 
 + 
 +==== Additional Config Examples ==== 
 + 
 +**Session Persistence** 
 +  * Cookies: Application layer persistence (app needs to support cookies)<code bash>    #-- Balancing --# 
 +    balance  leastconn 
 +    # Use Cookie for Session Persistence 
 +    cookie SERVERID insert indirect nocache 
 +    # fullconn: does nothing since we are not using minconn (just makes the dashboard less confusing) 
 +    fullconn 1000 
 +    server  web01 10.1.2.50:80 check cookie web01 maxconn 500 
 +    server  web02 10.1.2.51:80 check cookie web02 maxconn 500</code> 
 +  * Source IP: Affinity based on source IP hash (app doesn't need to know about it)<code bash>    #-- Balancing --# 
 +    balance  source 
 +    # fullconn: does nothing since we are not using minconn (just makes the dashboard less confusing) 
 +    fullconn 1000 
 +    server  web01 10.1.2.50:80 check maxconn 500 
 +    server  web02 10.1.2.51:80 check maxconn 500</code>
  
 ---- ----
Line 162: Line 243:
   * Stop keepalived on the active system in order to force a fail over<code bash>systemctl stop keepalived</code>   * Stop keepalived on the active system in order to force a fail over<code bash>systemctl stop keepalived</code>
     * Verify connections to the frontend listeners go away<code bash>netstat -anpt | grep haproxy | grep -v 9000</code>     * Verify connections to the frontend listeners go away<code bash>netstat -anpt | grep haproxy | grep -v 9000</code>
-    * Reboot the system with keepalived stopped<code bash>reboot</code>+    * Reboot the system with keepalived stopped and no more client connections<code bash>reboot</code>
  
 ---- ----
  
  • linux_wiki/load_balancing_haproxy_and_keepalived.1522084872.txt.gz
  • Last modified: 2019/05/25 23:50
  • (external edit)