MonHun
/
Obsidian
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Obsidian/Recognition/Programing/Linux/RHEL9/HAProxy HA (High Availabil...

7.5 KiB
Raw Permalink Blame History

HA 구성

# keepalived 설치
dnf install keepalived -y

# HAProxy 설치
dnf install haproxy -y

--------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------

# keepalived 기본 구성 파일을 편집
nano /etc/keepalived/keepalived.conf
## MASTER를 BACKUP으로, 110을 100으로 변경
--------------------------------------------------------------------------------------
global_defs {
  # Keepalived process identifier
  router_id LVS_ELK
}

 # Nginx가 실행 중인지 확인하는 스크립트 
vrrp_script check_nginx {
  script "/etc/keepalived/check_alived.sh"
  interval 2
  weight 50
}

 # Virtual interface - 우선 순위는 장애 조치 시 할당된 인터페이스가 인계받는 순서를 지정합니다.
vrrp_instance VI_01 {
  state MASTER
  interface bond0
  virtual_router_id 151
  priority 110

  # 가상IP
  virtual_ipaddress {
    10.200.31.129/24
  }
  track_script {
    check_alived
  }
  authentication {
    auth_type AH
    auth_pass secret
  }
}
--------------------------------------------------------------------------------------

# keepalived 서비스 확인 스크립트 작성
nano /etc/keepalived/check_alived.sh
--------------------------------------------------------------------------------------
#!/bin/sh

exit 0

if [ -z "`pidof nginx`" ]; then
  exit 1
fi

nc -z localhost 8080 &> /dev/null
result1=$?

if [ $result1 == 1 ]; then

 exit 1
 
fi

nc -z localhost 8090 &> /dev/null
result1=$?

if [ $result1 == 1 ]; then

 exit 1
 
fi
--------------------------------------------------------------------------------------

# 스크립트 권한 설정
chmod 755 /etc/keepalived/check_alived.sh

# keepalived 서비스 실행
systemctl enable keepalived &&
systemctl start keepalived &&
systemctl status keepalived

# 가상 ip 설정 상태 확인 
ip add show

--------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------

# HAProxy 구성파일 편집 (서비스 포트 Healsh-check)
## 1,2번 서버 모두 동일하게 설정
nano /etc/haproxy/haproxy.cfg
--------------------------------------------------------------------------------------
#---------------------------------------------------------------------
# Example configuration for a possible web application.  See the
# full configuration options online.
#
#   https://www.haproxy.org/download/1.8/doc/configuration.txt
#
#---------------------------------------------------------------------

#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
    # to have these messages end up in /var/log/haproxy.log you will
    # need to:
    #
    # 1) configure syslog to accept network log events.  This is done
    #    by adding the '-r' option to the SYSLOGD_OPTIONS in
    #    /etc/sysconfig/syslog
    #
    # 2) configure local2 events to go to the /var/log/haproxy.log
    #   file. A line like the following can be added to
    #   /etc/sysconfig/syslog
    #
    #    local2.*                       /var/log/haproxy.log
    #
    log         127.0.0.1:514 local2

    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon

    # turn on stats unix socket
    stats socket /var/lib/haproxy/stats

    # utilize system-wide crypto-policies
    ssl-default-bind-ciphers PROFILE=SYSTEM
    ssl-default-server-ciphers PROFILE=SYSTEM

#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
    defaults
    defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000

#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend http_front
    bind *:19200
    default_backend http_back
    
#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
backend http_back
    server main 10.200.31.130:9200 check fall 3 rise 2
    server backup 10.200.31.132:9200 check fall 3 rise 2 backup

frontend http_front_5601
    bind *:15601
    default_backend http_back_5601

backend http_back_5601
    server main 10.200.31.130:5601 check fall 3 rise 2
    server backup 10.200.31.132:5601 check fall 3 rise 2 backup

listen hastats
    mode  http
    bind  *:9900
    stats  enable
    stats  show-legends
    stats  uri /haproxy-status
    
    
#---------------------------------------------------------------------
# TEST
#---------------------------------------------------------------------
frontend http_front_8080
    bind *:18080
    default_backend http_back_8080
    
    
backend http_back_8080
    server main 10.200.31.130:8080 check fall 3 rise 2
    server backup 10.200.31.132:8080 check fall 3 rise 2 backup 
    
frontend http_front_9090
    bind *:19090
    default_backend http_back_9090
    
    
backend http_back_9090
    server main 10.200.31.130:9090 check fall 3 rise 2
    server backup 10.200.31.132:9090 check fall 3 rise 2 backup          
--------------------------------------------------------------------------------------


# HAProxy 서비스 실행
systemctl enable haproxy &&
systemctl start haproxy &&
systemctl status haproxy
HAProxy 로깅
# rsyslog 구성 파일 수정
nano /etc/rsyslog.conf

--------------------------------------------------------------------------------------
...
## 아래 두줄 주석 해제
module(load="imudp") # needs to be done just once
input(type="imudp" port="514")

## 로깅 경로 추가
local2.*  /var/log/haproxy/haproxy.log
local2.notice /var/log/haproxy/haproxy_notice.log

...
--------------------------------------------------------------------------------------

# rsyslog 서비스 재시작
systemctl restart rsyslog

# haproxy 구성 파일 수정
nano /etc/haproxy/haproxy.cfg
------------------------------------------------------------------------------------- 
gloal
...
  ## 포트 추가작성(514, UDP)
  log         127.0.0.1:514 local2

...
--------------------------------------------------------------------------------------

# haproxy 재시작


# 로깅파일 rotate 
nano /etc/logrotate.d/haproxy
--------------------------------------------------------------------------------------
## 파일명 설정 부분 변경(범용 설정 * )
  /var/log/haproxy/haproxy*.log 

--------------------------------------------------------------------------------------

systemctl restart haproxy