6

关于Linux下HAProxy自动化部署的一些笔记整理

 2 years ago
source link: https://liruilongs.github.io/2022/12/21/%E5%BE%85%E5%8F%91%E5%B8%83/%E5%85%B3%E4%BA%8ELinux%E4%B8%8BHAProxy%E8%87%AA%E5%8A%A8%E5%8C%96%E9%83%A8%E7%BD%B2%E7%9A%84%E4%B8%80%E4%BA%9B%E7%AC%94%E8%AE%B0%E6%95%B4%E7%90%86/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

关于Linux下HAProxy自动化部署的一些笔记整理

傍晚时分,你坐在屋檐下,看着天慢慢地黑下去,心里寂寞而凄凉,感到自己的生命被剥夺了。当时我是个年轻人,但我害怕这样生活下去,衰老下去。在我看来,这是比死亡更可怕的事。——–王小波

  • 学习 OKD ,里面的路由组件通过 HAproxy 实现
  • 所以这里学习 HAproxy,博文内容涉及
  • 手工部署 HAproxy
  • 编写 Ansible 角色自动部署 HAproxy
  • 理解不足小伙伴帮忙指正

傍晚时分,你坐在屋檐下,看着天慢慢地黑下去,心里寂寞而凄凉,感到自己的生命被剥夺了。当时我是个年轻人,但我害怕这样生活下去,衰老下去。在我看来,这是比死亡更可怕的事。——–王小波

HAProxy 是一种免费、非常快速且可靠的反向代理,可为基于 TCP 和 HTTP 的应用程序提供 高可用性、 负载平衡和代理。它特别适用于流量非常大的网站,并为世界上访问量最大的网站中的很大一部分提供支持。多年来,它已成为事实上的标准开源负载均衡器,现在随大多数主流 Linux 发行版一起提供,并且通常默认部署在云平台中。

HAProxy 核心团队并行维护多个版本。从1.8版本开始,每年发布两个主要版本。第一个数字通常表示重大更改(配置格式等),但实际上很少更改。第二位数字表示新功能。两者构成一个分支。这些数字后面会出现一个额外的数字,表示错误修复版本。

对应负载均衡来讲性能对比: LVS > HAProxy > Nginx ,一般情况下 HAProxyNginx 做七层代理,因为可以会话保持,LVS 做四层的负载均衡.

手动安装配置

┌──[[email protected]]-[~]
└─$ rpm -ql haproxy || yum -y install yum -y install haproxy18.x86_64
┌──[[email protected]]-[~]
└─$haproxy18 -v
HA-Proxy version 1.8.27-493ce0b 2020/11/06
Copyright 2000-2020 Willy Tarreau <[email protected]>rpm

安装之后我们来分析一下配置文件,配置注释写的很清楚,完整的配置文件配置我们可以参考 http://haproxy.1wt.eu/download/1.4/doc/configuration.txt

作为一个代理服务器,配置相对简单。

┌──[[email protected]]-[~]
└─$rpm -qc haproxy18
/etc/haproxy18/haproxy.cfg
/etc/logrotate.d/haproxy18
/etc/sysconfig/haproxy18

修改配置文件,配置文件默认有一个配置 Demo。直接修改就可以,同时默认做了动静分离的配置,不同的版本配置文件略有差异,所以要以涉及的配置 Demo 为准,

┌──[[email protected]]-[~]
└─$cat /etc/haproxy18/haproxy.cfg
#---------------------------------------------------------------------
# Example configuration for a possible web application.  See the
# full configuration options online.
#
#   https://www.haproxy.org/download/1.8/doc/configuration.txt
#
#---------------------------------------------------------------------

#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
    # to have these messages end up in /var/log/haproxy.log you will
    # need to:
    #
    # 1) configure syslog to accept network log events.  This is done
    #    by adding the '-r' option to the SYSLOGD_OPTIONS in
    #    /etc/sysconfig/syslog
    #
    # 2) configure local2 events to go to the /var/log/haproxy.log
    #   file. A line like the following can be added to
    #   /etc/sysconfig/syslog
    #
    #    local2.*                       /var/log/haproxy.log
    #
    log         127.0.0.1 local2

chroot      /var/lib/haproxy18
    pidfile     /var/run/haproxy18.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon

# turn on stats unix socket
    stats socket /var/lib/haproxy18/stats

#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000

#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend main
    bind *:5000
    acl url_static       path_beg       -i /static /images /javascript /stylesheets
    acl url_static       path_end       -i .jpg .gif .png .css .js

use_backend static          if url_static
    default_backend             app

#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
#---------------------------------------------------------------------
backend static
    balance     roundrobin
    server      static 127.0.0.1:4331 check

#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
backend app
    balance     roundrobin #  可以的负载方式 static-rr,rdp-cookie,hdr, url_param ,url,  source,leastconn   
    server  app1 192.168.29.152:5001 check 
    server  app2 192.168.26.152:5002 check

#server 关键字,指服务器
#web1,web2 为服务器名,可以和主机名相同,也可以不相同
#192.168.2.100:80  真实后端服务器的地址和访问端口
#check  健康检查的关键字
listen haproxystats
    bind  *:5009
    stats refresh 30s
    stats uri /stats
    stats realm Haproxy Manager
    stats auth admin:admin

这里在原来的配置文件中加了监控页面。启动服务

┌──[[email protected]]-[~]
└─$systemctl restart haproxy18.service

然后我们需要做一些准备工作。对应的负载机器使用 python 自带的 httpServer 模块发布服务

192.168.26.152:5002

┌──[[email protected]]-[~/vms152.liruilongs.github.io]
└─$touch 192.168.26.152:5002
┌──[[email protected]]-[~/vms152.liruilongs.github.io]
└─$coproc  python -m SimpleHTTPServer 5002
[1] 22913

192.168.29.152:5001

[root@vms152 vm15]# touch 192.168.29.152:5001
[root@vms152 vm15]# coproc python -m SimpleHTTPServer 5001
[1] 14384

当前主机提供静态文件 192.168.26.154

┌──[[email protected]]-[~]
└─$coproc  python -m SimpleHTTPServer 4331
[1] 9841

访问测试,默认为加权轮询

┌──[[email protected]]-[~]
└─$ curl 192.168.26.154:5000 -s | grep '<li>'
<li><a href="192.168.26.152%3A5002">192.168.26.152:5002</a>
┌──[[email protected]]-[~]
└─$ curl 192.168.26.154:5000 -s | grep '<li>'
<li><a href="192.168.29.152%3A5001">192.168.29.152:5001</a>
┌──[[email protected]]-[~]
└─$

健康检查,把 192.168.26.152:5002 的服务干掉

┌──[[email protected]]-[~/vms152.liruilongs.github.io]
└─$kill %1

负载全部到了 192.168.29.155:5001

┌──[[email protected]]-[~]
└─$ curl 192.168.26.154:5000 -s | grep '<li>'
<li><a href="192.168.29.152%3A5001">192.168.29.152:5001</a>
┌──[[email protected]]-[~]
└─$ curl 192.168.26.154:5000 -s | grep '<li>'
<li><a href="192.168.29.152%3A5001">192.168.29.152:5001</a>
┌──[[email protected]]-[~]
└─$ curl 192.168.26.154:5000 -s | grep '<li>'
<li><a href="192.168.29.152%3A5001">192.168.29.152:5001</a>
┌──[[email protected]]-[~]
└─$

监控页面查看

在这里插入图片描述

在这里插入图片描述

Ansible自动化部署角色编写

安装比较简单,没有其他的逻辑,所以角色编写简单,这里如果涉及防火墙之类,需要添加角色依赖

┌──[[email protected]]-[~/ansible]
└─$ansible-galaxy init role-haproxy18 --init-path ./roles/
- Role role-haproxy18 was created successfully
┌──[[email protected]]-[~/ansible]
└─$ansible-galaxy list | grep ha
- role-haproxy18, (unknown version)

任务执行,访问测试

┌──[[email protected]]-[~/ansible]
└─$echo "192.168.26.154" > haproxy_list
┌──[[email protected]]-[~/ansible]
└─$ansible-playbook deploy_haproxy.yaml -i haproxy_list
┌──[[email protected]]-[~/ansible]
└─$curl 192.168.26.154:5000 -s | grep /a
<li><a href="192.168.29.152%3A5001">192.168.29.152:5001</a>

在这里插入图片描述

在这里插入图片描述

任务执行的剧本

┌──[[email protected]]-[~/ansible]
└─$cat deploy_haproxy.yaml
- name: Ensure HAProxy is deployed
  hosts: all
  force_handlers: True

roles:
    - role: role-haproxy18
      haproxy_port: 5000
      haproxy_appservers:
      - name: 192.168.26.152
        ip: 192.168.26.152
        backend_port: 5002
      - name: 192.168.29.152
        ip: 192.168.29.152
        backend_port: 5001

主任务文件

┌──[[email protected]]-[~/ansible]
└─$cat roles/role-haproxy18/tasks/main.yml
---
# tasks file for role-haproxy18

- name: config aliyun repo
  yum_repository:
    name: aliyunrepo
    description: aliyun repo
    baseurl: http://mirrors.aliyun.com/centos/$releasever/os/$basearch/
    gpgcheck: no


# tasks file for haproxydd
- name: Ensure haproxy packages are present
  yum:
    name:
      - haproxy18
      - socat
    state: present

- name: Ensure haproxy is started and enabled
  service:
    name: haproxy18
    state: started
    enabled: yes

- name: Ensure haproxy configuration is set
  template:
    src: haproxy.cfg.j2
    dest: /etc/haproxy18/haproxy.cfg
  notify: reload haproxy

处理器文件

┌──[[email protected]]-[~/ansible]
└─$cat roles/role-haproxy18/handlers/main.yml
---
# handlers file for role-haproxy18

- name: restart haproxy
  service:
    name: haproxy18
    state: restarted

- name: reload haproxy
  service:
    name: haproxy18
    state: reloaded
┌──[[email protected]]-[~/ansible]
└─$cat roles/role-haproxy18/defaults/main.yml
---
# defaults file for role-haproxy18
# Log-level for HAProxy logs
haproxy_log_level: info

# Port exposed to clients
haproxy_port: 80

# Name for the default backend
haproxy_backend_name: app

# Port backend is exposed to
haproxy_backend_port: 80

# The appservers variable is a list
# of backend servers that provide
# the web service that is proxied
# haproxy.  Each server must define:
# name, address, port. Below is
# and example structure:
# haproxy_appservers: []
#   - name: serverb.lab.example.com
#     ip_address: 1.2.3.4
#     port: 5000
#   - name: serverc.lab.example.com
#     ip_address: 1.2.3.5
#     port: 5000
# The default is no defined backend servers.
haproxy_appservers: []

# Haproxy Manager
haproxy_stats_port: 29999
stats_url: /stats
stats_user: admin
stats_pass: admin

# Socket used to communicate with haproxy service. DO NOT CHANGE
haproxy_socket: /var/run/haproxy.sock

配置文件模板文件

┌──[[email protected]]-[~/ansible]
└─$cat roles/role-haproxy18/templates/haproxy.cfg.j2
#---------------------------------------------------------------------
# Example configuration for a possible web application.  See the
# full configuration options online.
#
#   https://www.haproxy.org/download/1.8/doc/configuration.txt
#
#---------------------------------------------------------------------

#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
    # to have these messages end up in /var/log/haproxy.log you will
    # need to:
    #
    # 1) configure syslog to accept network log events.  This is done
    #    by adding the '-r' option to the SYSLOGD_OPTIONS in
    #    /etc/sysconfig/syslog
    #
    # 2) configure local2 events to go to the /var/log/haproxy.log
    #   file. A line like the following can be added to
    #   /etc/sysconfig/syslog
    #
    #    local2.*                       /var/log/haproxy.log
    #
    log         127.0.0.1 local2 {{ haproxy_log_level }}

chroot      /var/lib/haproxy18
    pidfile     /var/run/haproxy18.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon

# turn on stats unix socket
    stats socket {{ haproxy_socket }} level admin

#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000

#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend main
    bind *:{{ haproxy_port }}
  # acl url_static       path_beg       -i /static /images /javascript /stylesheets
  # acl url_static       path_end       -i .jpg .gif .png .css .js

# use_backend static          if url_static
    default_backend              {{ haproxy_backend_name }}

#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
#---------------------------------------------------------------------
#backend static
   # balance     roundrobin
   # server      static 127.0.0.1:4331 check

#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------

backend {{ haproxy_backend_name }}
    balance     roundrobin
{% for server in haproxy_appservers %}
    server {{ server.name }} {{ server.ip }}:{{ server.backend_port }} check
{% endfor %}


listen haproxystats
    bind  *:{{ haproxy_stats_port }}
    stats refresh 30s
    stats uri {{ stats_url  }}
    stats realm Haproxy Manager
    stats auth {{ stats_user }}:{{ stats_pass }}


┌──[[email protected]]-[~/ansible]
└─$

https://www.haproxy.org/


report

Recommend

  • 7
    • liruilongs.github.io 2 years ago
    • Cache

    关于Linux中自动化配置网络Team的一些笔记

    关于Linux中自动化配置网络Team的一些笔记 傍晚时分,你坐在屋檐下,看着天慢慢地黑下去,心里寂寞而凄凉,感到自己的生命被剥夺了。当时我是个年轻人,但我害怕这样生活下去,衰老下去。在我看来,这是比死亡更可怕的事。——–王小波...

  • 5
    • liruilongs.github.io 2 years ago
    • Cache

    关于Kubernetes中资源限制的一些笔记整理

    关于Kubernetes中资源限制的一些笔记整理 我们的痛苦来源于“夸父追日”一般的对“更好”的追求,也来自于自己的自卑与狂妄。——–duoduokk 今天和小伙伴们分享K8s中pod资源限制的一些笔记 博文内存涉及pod中通过...

  • 4
    • liruilongs.github.io 2 years ago
    • Cache

    关于Linux中Keepalived高可用热备自动化部署的一些笔记

    关于Linux中Keepalived高可用热备自动化部署的一些笔记 傍晚时分,你坐在屋檐下,看着天慢慢地黑下去,心里寂寞而凄凉,感到自己的生命被剥夺了。当时我是个年轻人,但我害怕这样生活下去,衰老下去。在我看来,这是比死亡更可怕的事。——–王小波

  • 6
    • liruilongs.github.io 2 years ago
    • Cache

    关于K8s中Ansible AWX(awx-operator 0.30.0)平台Helm部署的一些笔记

    关于K8s中Ansible AWX(awx-operator 0.30.0)平台Helm部署的一些笔记 嗯,希望疫情快点结束吧 ^_^ 整理一些K8s中通过Helm的方式部署AWX的笔记分享给小伙伴...

  • 8
    • liruilongs.github.io 2 years ago
    • Cache

    关于Linux下Redis自动化部署的一些笔记

    关于Linux下Redis自动化部署的一些笔记 傍晚时分,你坐在屋檐下,看着天慢慢地黑下去,心里寂寞而凄凉,感到自己的生命被剥夺了。当时我是个年轻人,但我害怕这样生活下去,衰老下去。在我看来,这是比死亡更可怕的事。——–王小波

  • 4
    • liruilongs.github.io 2 years ago
    • Cache

    关于 Linux 中 firewalld 的一些笔记整理

    关于 Linux 中 firewalld 的一些笔记整理 傍晚时分,你坐在屋檐下,看着天慢慢地黑下去,心里寂寞而凄凉,感到自己的生命被剥夺了。当时我是个年轻人,但我害怕这样生活下去,衰老下去。在我看来,这是比死亡更可怕的事。——–王小波...

  • 8
    • liruilongs.github.io 2 years ago
    • Cache

    关于Linux 网络抓包的一些笔记整理

    关于Linux 网络抓包的一些笔记整理 这世界的存在完全只是就它对一个其他事物的,一个进行 “表象者” 的关系来说的,这个进行 “表象者” 就是人自己 —–《作为意志和表象的世界》(第一篇 世界作为表象初论) 遇到一个...

  • 7
    • liruilongs.github.io 2 years ago
    • Cache

    关于Git分支高级合并的一些笔记整理

    关于Git分支高级合并的一些笔记整理 傍晚时分,你坐在屋檐下,看着天慢慢地黑下去,心里寂寞而凄凉,感到自己的生命被剥夺了。当时我是个年轻人,但我害怕这样生活下去,衰老下去。在我看来,这是比死亡更可怕的事。——–王小波

  • 10
    • liruilongs.github.io 2 years ago
    • Cache

    关于 K8s 中 Open Kruise 的一些笔记整理

    关于 K8s 中 Open Kruise 的一些笔记整理 对每个人而言,真正的职责只有一个:找到自我。然后在心中坚守其一生,全心全意,永不停息。所有其它的路都是不完整的,是人的逃避方式,是对大众理想的懦弱回归,是随波逐流,是对内心的恐惧 ——赫尔曼·黑...

  • 12
    • liruilongs.github.io 2 years ago
    • Cache

    Ceph:关于Linux Ceph 存储架构的一些笔记整理

    Ceph:关于Linux Ceph 存储架构的一些笔记整理 对每个人而言,真正的职责只有一个:找到自我。然后在心中坚守其一生,全心全意,永不停息。所有其它的路都是不完整的,是人的逃避方式,是对大众理想的懦弱回归,是随波逐流,是对内心的恐惧 ——赫尔...

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK