Haproxy安装和配置
docker>Evan2017年7月29日 (六) 06:28的版本
总的为
搭建keepalived+haproxy双主高可用负载均衡系统
haproxy安装
master and backup 都要 https://www.haproxy.org/download/ wget -c https://www.haproxy.org/download/1.5/src/haproxy-1.5.9.tar.gz tar xvf haproxy-1.5.9.tar.gz && cd haproxy-1.5.9 make TARGET=linux2628 PREFIX=/usr/local/haproxy -j3 make install PREFIX=/usr/local/haproxy mkdir /usr/local/haproxy/conf cp examples/haproxy.cfg /usr/local/haproxy/conf/ # - linux26 for Linux 2.6 and above #- linux2628 for Linux 2.6.28, 3.x, and above (enables splice and tproxy) #这个脚本不好用 跳过 可能要改一下相关的 bin config 路径就行 了 #cp examples/init.haproxy /etc/init.d/haproxy ==haproxy配置== ===配置文件=== <pre> global ## 20170617 am 参考了 http://nmshuishui.blog.51cto.com/1850554/1405486 log 127.0.0.1 local0 info maxconn 4096 user nobody group nobody daemon nbproc 2 pidfile /var/run/haproxy.pid defaults mode http retries 3 timeout connect 10s timeout client 20s timeout server 30s timeout check 5s listen admin_stats bind 0.0.0.0:8888 mode http log 127.0.0.1 local0 err stats refresh 30s stats uri /haproxy-status stats realm welcome login\ Haproxy stats auth evan:evan stats hide-version stats admin if TRUE frontend www bind 192.168.30.88:80 #bind *:80 mode http option httplog option forwardfor #option httpclose log global acl host_www hdr_dom(host) -i www.zb.com acl host_static hdr_dom(host) -i static.zb.com # acl host_video hdr_dom(host) -i video.zb.com use_backend server_www if host_www use_backend server_static if host_static # use_backend server_video if host_video #here 0617 backend server_www mode http option redispatch option abortonclose balance roundrobin #cookie SERVERID option httpchk GET /index.html server webapp1 192.168.30.71:80 weight 6 check inter 2000 rise 2 fall 3 server webapp2 192.168.30.72:80 weight 6 check inter 2000 rise 2 fall 3 #上面是两台 real web vm # #server iivey234 192.168.81.234:8080 cookie server2 weight 3 check inter 2000 rise 2 fall 3 ## here 20160616 backend server_static mode http option redispatch option abortonclose balance roundrobin option httpchk GET /index.html server webapp2 192.168.30.72:80 weight 6 check inter 2000 rise 2 fall 3 #backend server_video # mode http # option redispatch # option abortonclose # balance roundrobin # option httpchk GET /index.html # server 237server 192.168.30.71:80 cookie server1 weight 6 check inter 2000 rise 2 fall 3
启动脚本
#!/bin/sh # chkconfig 2345 on # cat /etc/init.d/haproxy # description: HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high availability environments. if [ -f /etc/init.d/functions ]; then . /etc/init.d/functions elif [ -f /etc/rc.d/init.d/functions ] ; then . /etc/rc.d/init.d/functions else exit 0 fi # Source networking configuration. . /etc/sysconfig/network # Check that networking is up. #[ ${NETWORKING} = "no" ] && exit 0 [ "${NETWORKING}" = "no" ] && exit 0 config="/usr/local/haproxy/conf/haproxy.cfg" exec="/usr/local/haproxy/sbin/haproxy" prog=$(basename $exec) lockfile=/var/lock/subsys/haproxy PID="/var/run/haproxy.pid" check(){ $exec -c -V -f $config } #[ -f $config ] || exit 1 #RETVAL=0 start() { $exec -c -q -f $config #daemon $exec -c -q -f $config # daemon $exec -f $config if [ $? -ne 0 ]; then echo "Errors found in configuration file." return 1 fi echo -n "Starting HAproxy: " daemon $exec -D -f $config -p $PID RETVAL=$? echo [ $RETVAL -eq 0 ] && touch /var/lock/subsys/haproxy return $RETVAL } stop() { echo -n "Shutting down HAproxy: " #kill $(cat $PID) killproc haproxy RETVAL=$? echo [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/haproxy [ $RETVAL -eq 0 ] && rm -f $PID return $RETVAL } restart() { $exec -c -q -f $config if [ $? -ne 0 ]; then echo "Errors found in configuration file, check it with 'haproxy check'." return 1 fi stop start } reload(){ $exec -c -q -f $config if [ $? -ne 0 ]; then echo "Errors found in configuration file, check it with 'haproxy check'." return 1 fi echo -n $"reloading haproxy:" $exec -D -f $config -p $PID -sf $(cat $PID) RETVAL=$? echo return $RETVAL } force_reload(){ restart } fdr_status(){ status $prog } ## rhstatus() { status haproxy } # See how we were called. case "$1" in start) start ;; stop) stop ;; restart) restart ;; check) check ;; status) rhstatus ;; *) echo $"Usage: haproxy {start|stop|restart|status}" RETVAL=1 esac exit $RETVAL
配置日志
HAProxy 不会直接输出文件日志,需要借助 Linux 的 rsyslog 来让 HAProxy 输出日志。 0) emerg 0 系统不可用 alert 1 必须马上采取行动的事件 crit 2 关键的事件 err 3 错误事件 warning 4 警告事件 notice 5 普通但重要的事件 info 6 有用的信息 debug 7 调试信息 1)修改 haproxy.cfg 在配置文件的 global 和 defaults 域中添加以下字段: global ... log 127.0.0.1 local0 info log 127.0.0.1 local1 warning ... defaults ... log global ... 意思是将 info 级(及以上)的日志推送到 rsyslog 的 local0 接口,将 warn 级(及以上)的日志推送到 rsyslog 的 local1 接口,并且所有 frontend 都默认使用 global 中的日志配置。 注意:info 级的日志会打印 HAProxy 处理的每一条请求,会占用很大的磁盘空间,在生产环境中,建议将日志级别调整为 notice。 2)为 rsyslog 添加 haproxy 日志的配置 vi /etc/rsyslog.d/haproxy.conf #配置文件内容如下: $ModLoad imudp $UDPServerRun 514 $FileCreateMode 0644 #日志文件的权限 $FileOwner root #日志文件的owner local0.* /var/log/haproxy.log #local0接口对应的日志输出文件 local1.* /var/log/haproxy_warn.log #local1接口对应的日志输出文件 3)修改 rsyslog 的启动参数 vi /etc/sysconfig/rsyslog # 置文件内容如下: # Options for rsyslogd # Syslogd options are deprecated since rsyslog v3. # If you want to use them, switch to compatibility mode 2 by "-c 2" # See rsyslogd(8) for more details SYSLOGD_OPTIONS="-c 2 -r -m 0" 4)重启 rsyslog service rsyslog restart 5)用 logrotate 进行日志切分 通过 rsyslog 输出的日志是不会切分的,所以需要通过 Linux 提供的 logrotate 来对日志文件进行切分。 使用 root 用户,创建 haproxy 日志切分配置文件: # mkdir /root/logrotate # vi /root/logrotate/haproxy 配置文件内容如下: /var/log/haproxy.log /var/log/haproxy_warn.log { #切分的两个文件名 daily #按天切分 rotate 7 #保留7份 create 0644 root root #创建新文件的权限、用户、用户组 compress #压缩旧日志 delaycompress #延迟一天压缩 missingok #忽略文件不存在的错误 dateext #旧日志加上日志后缀 sharedscripts #切分后的重启脚本只运行一次 postrotate #切分后运行脚本重载rsyslog,让rsyslog向新的日志文件中输出日志 /bin/kill -HUP $(/bin/cat /var/run/syslogd.pid 2>/dev/null) &>/dev/null endscript } 6)将 logrotate 配置在 crontab 中: 0 0 * * * /usr/sbin/logrotate /root/logrotate/haproxy
chmod +x /etc/init.d/haproxy 手工启动 config="/usr/local/haproxy/conf/haproxy.cfg" exec="/usr/local/haproxy/sbin/haproxy" #检查配置文件 语法 $exec -c -f $config #Configuration file is valid #run $exec -f $config ha1 http://192.168.30.76:8888/haproxy-status ha2 http://192.168.30.76:8888/haproxy-status
问题及解决回顾
搞了一个早上 看书才知道 原来是要这样直接打开的 不能不加 haproxy-status http://192.168.30.75:8888/haproxy-status 在其它机器 telnet 不通ha2 80 and 888 port systemctl stop firewalld : Starting frontend www: cannot bind socket [192.168.30.88:80] frontend www bind 192.168.30.88:80 先改为 bind *:80 或者先启动keepalived 关闭selinux 或者 echo 'net.ipv4.ip_nonlocal_bind=1' >>/etc/sysctl.conf sysctl -p 下面是解说 Add net.ipv4.ip_nonlocal_bind=1 on /etc/sysctl.conf sysctl -p Restart the haproxy service(service restart haproxy). it will work. nbproc 2 只能是一个提示而已 [root@localhost conf]# $exec -c -f $config [WARNING] 165/230507 (26045) : Proxy 'admin_stats': in multi-process mode, stats will be limited to process assigned to the current request. [WARNING] 165/230507 (26045) : Proxy 'admin_stats': stats admin will not work correctly in multi-process mode. Configuration file is valid
参考
haproxy 配置详解good http://freehat.blog.51cto.com/1239536/1347882
haproxy日志配置 http://www.zhengdazhi.com/archives/1360
HAproxy均衡负载部署和配置文件详解 https://my.oschina.net/duxuefeng/blog/35232
负载均衡工具haproxy安装,配置,使用 http://blog.51yip.com/server/868.html
[HAProxy]实现haproxy启动/关闭/重启SHELL脚本 http://lxsym.blog.51cto.com/1364623/852363
HAproxy均衡负载部署和配置文件详解 https://my.oschina.net/duxuefeng/blog/35232
haproxy配置详解
http://leejia.blog.51cto.com/4356849/1421882
负载均衡工具haproxy安装,配置,使用 http://blog.51yip.com/server/868.html
haproxy日志配置 + rsyslog https://www.ttlsa.com/linux/haproxy-log-configuration-syslog/