You've already forked www.colben.cn
update
This commit is contained in:
175
content/post/haproxy.md
Normal file
175
content/post/haproxy.md
Normal file
@@ -0,0 +1,175 @@
|
||||
---
|
||||
title: "Haproxy 笔记"
|
||||
date: 2019-10-30T11:40:20+08:00
|
||||
lastmod: 2019-10-30T11:40:20+08:00
|
||||
tags: ["haproxy", "高可用", "负载均衡"]
|
||||
categories: ["ha/lb"]
|
||||
---
|
||||
|
||||
# CentOS7 下安装
|
||||
- CentOS7 自带的 haproxy 版本太低,这里通过 cheese 源安装最新版本
|
||||
- 安装 cheese repo,详细参考[这里](http://www.nosuchhost.net/~cheese/fedora/packages/epel-7/x86_64/cheese-release.html)
|
||||
```bash
|
||||
wget http://www.nosuchhost.net/~cheese/fedora/packages/epel-7/x86_64/cheese-release-7-1.noarch.rpm
|
||||
rpm -Uvh cheese-release-7-1.noarch.rpm
|
||||
```
|
||||
- 安装 haproxy
|
||||
```bash
|
||||
yum install haproxy
|
||||
```
|
||||
- 修改 sysctl.conf
|
||||
```bash
|
||||
cat >> /etc/sysctl.conf <<-END
|
||||
net.ipv4.ip_forward=1
|
||||
net.ipv4.tcp_syncookies = 1
|
||||
net.ipv4.tcp_tw_reuse = 1
|
||||
net.ipv4.tcp_tw_recycle = 1
|
||||
net.ipv4.tcp_fin_timeout = 8
|
||||
END
|
||||
sysctl -p
|
||||
```
|
||||
- 禁用 selinux
|
||||
```bash
|
||||
sed -i '/^SELINUX=/cSELINUX=disabled' /etc/selinux/config
|
||||
setenforce 0
|
||||
```
|
||||
|
||||
# 全局配置
|
||||
```
|
||||
global
|
||||
log 127.0.0.1 local2 info
|
||||
chroot /var/lib/haproxy # 如果需要外部检查脚本,则需注释该行
|
||||
#external-check # 如果需要外部检查脚本,则取消注释
|
||||
pidfile /var/run/haproxy.pid
|
||||
maxconn 102400
|
||||
user haproxy
|
||||
group haproxy
|
||||
daemon
|
||||
stats socket /var/lib/haproxy/stats
|
||||
```
|
||||
|
||||
# 默认配置
|
||||
```
|
||||
defaults
|
||||
log global
|
||||
option dontlognull
|
||||
option redispatch
|
||||
option abortonclose
|
||||
timeout check 8s
|
||||
```
|
||||
|
||||
# tcp 连接多个 ceph-radosgw
|
||||
```
|
||||
frontend ceph-radosgw
|
||||
bind *:7480
|
||||
timeout client 8s
|
||||
default_backend ceph-radosgw
|
||||
backend ceph-radosgw
|
||||
mode tcp
|
||||
balance roundrobin
|
||||
timeout connect 8s
|
||||
timeout server 8s
|
||||
retries 2
|
||||
#option external-check
|
||||
#external-check command /var/lib/haproxy/health_check.sh
|
||||
server cpeh240 10.9.10.234:7480 check
|
||||
server ceph241 10.9.10.235:7480 check
|
||||
server ceph243 10.9.10.236:7480 check
|
||||
```
|
||||
|
||||
# tcp 连接 mysql galera cluster
|
||||
```
|
||||
frontend mysql
|
||||
bind *:3306
|
||||
timeout client 1800s
|
||||
default_backend mysql
|
||||
backend mysql
|
||||
balance source
|
||||
option tcpka
|
||||
timeout connect 8s
|
||||
timeout server 1800s
|
||||
retries 2
|
||||
server mysql231 10.9.10.231:3306 check inter 4s
|
||||
server mysql232 10.9.10.232:3306 check inter 4s
|
||||
server mysql233 10.9.10.233:3306 check inter 4s
|
||||
```
|
||||
|
||||
# tcp 连接 redis 主库
|
||||
```
|
||||
frontend redis
|
||||
bind *:6379
|
||||
timeout client 1800s
|
||||
default_backend redis
|
||||
backend redis
|
||||
balance roundrobin
|
||||
timeout connect 8s
|
||||
timeout server 1800s
|
||||
retries 2
|
||||
option tcp-check
|
||||
tcp-check connect
|
||||
tcp-check send PING\r\n
|
||||
tcp-check expect string +PONG
|
||||
tcp-check send info\ replication\r\n
|
||||
tcp-check expect string role:master
|
||||
tcp-check send QUIT\r\n
|
||||
tcp-check expect string +OK
|
||||
server redis87 10.1.14.87:6379 check inter 4s
|
||||
server redis88 10.1.14.88:6379 check inter 4s
|
||||
server redis89 10.1.14.89:6379 check inter 4s
|
||||
```
|
||||
|
||||
# 状态页面
|
||||
```
|
||||
listen admin_stats
|
||||
bind 0.0.0.0:10080
|
||||
mode http
|
||||
maxconn 100
|
||||
timeout client 1m
|
||||
timeout connect 4s
|
||||
timeout server 4s
|
||||
stats refresh 30s
|
||||
stats uri /
|
||||
stats auth username:password
|
||||
stats realm haproxy for private user, enter username/password
|
||||
stats hide-version
|
||||
```
|
||||
|
||||
# 通过 rsyslog 生成日志
|
||||
```bash
|
||||
sed -i -e '/ModLoad imudp/s/^#//' \
|
||||
-e '/UDPServerRun 514/s/^#//' /etc/rsyslog.conf
|
||||
cat > /etc/rsyslog.d/haproxy.conf <<EOF
|
||||
# haproxy log
|
||||
template(name="HaproxyTime" type="list"){
|
||||
property(name="timereported" dateformat="year")
|
||||
constant(value="-")
|
||||
property(name="timereported" dateformat="month")
|
||||
constant(value="-")
|
||||
property(name="timereported" dateformat="day")
|
||||
constant(value=" ")
|
||||
property(name="timereported" dateformat="hour")
|
||||
constant(value=":")
|
||||
property(name="timereported" dateformat="minute")
|
||||
constant(value=":")
|
||||
property(name="timereported" dateformat="second")
|
||||
constant(value=" ")
|
||||
property(name="msg" droplastlf="on")
|
||||
constant(value="\n")
|
||||
}
|
||||
template(name="DynFile" type="list"){
|
||||
constant(value="/var/log/haproxy/haproxy-")
|
||||
property(name="timereported" dateformat="year")
|
||||
property(name="timereported" dateformat="month")
|
||||
property(name="timereported" dateformat="day")
|
||||
constant(value=".log")
|
||||
}
|
||||
local2.* action(type="omfile" dynaFile="DynFile" template="HaproxyTime")
|
||||
EOF
|
||||
systemctl restart rsyslog
|
||||
systemctl restart haproxy
|
||||
```
|
||||
|
||||
# 参考
|
||||
- [详解地址](http://blog.haohtml.com/archives/7959)
|
||||
- [官网](https://www.haproxy.com/documentation/hapee/1-5r2/traffic-management/health-checking/)
|
||||
|
||||
Reference in New Issue
Block a user