Obsidian/Recognition/Programing/Linux/RHEL9/HAProxy HA (High Availabil...

274 lines
7.5 KiB
Markdown

##### HA 구성
``` bash
# keepalived 설치
dnf install keepalived -y
# HAProxy 설치
dnf install haproxy -y
--------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------
# keepalived 기본 구성 파일을 편집
nano /etc/keepalived/keepalived.conf
## MASTER를 BACKUP으로, 110을 100으로 변경
--------------------------------------------------------------------------------------
global_defs {
# Keepalived process identifier
router_id LVS_ELK
}
# Nginx가 실행 중인지 확인하는 스크립트
vrrp_script check_nginx {
script "/etc/keepalived/check_alived.sh"
interval 2
weight 50
}
# Virtual interface - 우선 순위는 장애 조치 시 할당된 인터페이스가 인계받는 순서를 지정합니다.
vrrp_instance VI_01 {
state MASTER
interface bond0
virtual_router_id 151
priority 110
# 가상IP
virtual_ipaddress {
10.200.31.129/24
}
track_script {
check_alived
}
authentication {
auth_type AH
auth_pass secret
}
}
--------------------------------------------------------------------------------------
# keepalived 서비스 확인 스크립트 작성
nano /etc/keepalived/check_alived.sh
--------------------------------------------------------------------------------------
#!/bin/sh
exit 0
if [ -z "`pidof nginx`" ]; then
exit 1
fi
nc -z localhost 8080 &> /dev/null
result1=$?
if [ $result1 == 1 ]; then
exit 1
fi
nc -z localhost 8090 &> /dev/null
result1=$?
if [ $result1 == 1 ]; then
exit 1
fi
--------------------------------------------------------------------------------------
# 스크립트 권한 설정
chmod 755 /etc/keepalived/check_alived.sh
# keepalived 서비스 실행
systemctl enable keepalived &&
systemctl start keepalived &&
systemctl status keepalived
# 가상 ip 설정 상태 확인
ip add show
--------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------
# HAProxy 구성파일 편집 (서비스 포트 Healsh-check)
## 1,2번 서버 모두 동일하게 설정
nano /etc/haproxy/haproxy.cfg
--------------------------------------------------------------------------------------
#---------------------------------------------------------------------
# Example configuration for a possible web application. See the
# full configuration options online.
#
# https://www.haproxy.org/download/1.8/doc/configuration.txt
#
#---------------------------------------------------------------------
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1:514 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
# utilize system-wide crypto-policies
ssl-default-bind-ciphers PROFILE=SYSTEM
ssl-default-server-ciphers PROFILE=SYSTEM
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
defaults
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend http_front
bind *:19200
default_backend http_back
#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
backend http_back
server main 10.200.31.130:9200 check fall 3 rise 2
server backup 10.200.31.132:9200 check fall 3 rise 2 backup
frontend http_front_5601
bind *:15601
default_backend http_back_5601
backend http_back_5601
server main 10.200.31.130:5601 check fall 3 rise 2
server backup 10.200.31.132:5601 check fall 3 rise 2 backup
listen hastats
mode http
bind *:9900
stats enable
stats show-legends
stats uri /haproxy-status
#---------------------------------------------------------------------
# TEST
#---------------------------------------------------------------------
frontend http_front_8080
bind *:18080
default_backend http_back_8080
backend http_back_8080
server main 10.200.31.130:8080 check fall 3 rise 2
server backup 10.200.31.132:8080 check fall 3 rise 2 backup
frontend http_front_9090
bind *:19090
default_backend http_back_9090
backend http_back_9090
server main 10.200.31.130:9090 check fall 3 rise 2
server backup 10.200.31.132:9090 check fall 3 rise 2 backup
--------------------------------------------------------------------------------------
# HAProxy 서비스 실행
systemctl enable haproxy &&
systemctl start haproxy &&
systemctl status haproxy
```
##### HAProxy 로깅
```bash
# rsyslog 구성 파일 수정
nano /etc/rsyslog.conf
--------------------------------------------------------------------------------------
...
## 아래 두줄 주석 해제
module(load="imudp") # needs to be done just once
input(type="imudp" port="514")
## 로깅 경로 추가
local2.* /var/log/haproxy/haproxy.log
local2.notice /var/log/haproxy/haproxy_notice.log
...
--------------------------------------------------------------------------------------
# rsyslog 서비스 재시작
systemctl restart rsyslog
# haproxy 구성 파일 수정
nano /etc/haproxy/haproxy.cfg
-------------------------------------------------------------------------------------
gloal
...
## 포트 추가작성(514, UDP)
log 127.0.0.1:514 local2
...
--------------------------------------------------------------------------------------
# haproxy 재시작
# 로깅파일 rotate
nano /etc/logrotate.d/haproxy
--------------------------------------------------------------------------------------
## 파일명 설정 부분 변경(범용 설정 * )
/var/log/haproxy/haproxy*.log
--------------------------------------------------------------------------------------
systemctl restart haproxy
```