274 lines
7.5 KiB
Markdown
274 lines
7.5 KiB
Markdown
##### HA 구성
|
|
``` bash
|
|
|
|
# keepalived 설치
|
|
dnf install keepalived -y
|
|
|
|
# HAProxy 설치
|
|
dnf install haproxy -y
|
|
|
|
--------------------------------------------------------------------------------------
|
|
--------------------------------------------------------------------------------------
|
|
--------------------------------------------------------------------------------------
|
|
|
|
# keepalived 기본 구성 파일을 편집
|
|
nano /etc/keepalived/keepalived.conf
|
|
## MASTER를 BACKUP으로, 110을 100으로 변경
|
|
--------------------------------------------------------------------------------------
|
|
global_defs {
|
|
# Keepalived process identifier
|
|
router_id LVS_ELK
|
|
}
|
|
|
|
# Nginx가 실행 중인지 확인하는 스크립트
|
|
vrrp_script check_nginx {
|
|
script "/etc/keepalived/check_alived.sh"
|
|
interval 2
|
|
weight 50
|
|
}
|
|
|
|
# Virtual interface - 우선 순위는 장애 조치 시 할당된 인터페이스가 인계받는 순서를 지정합니다.
|
|
vrrp_instance VI_01 {
|
|
state MASTER
|
|
interface bond0
|
|
virtual_router_id 151
|
|
priority 110
|
|
|
|
# 가상IP
|
|
virtual_ipaddress {
|
|
10.200.31.129/24
|
|
}
|
|
track_script {
|
|
check_alived
|
|
}
|
|
authentication {
|
|
auth_type AH
|
|
auth_pass secret
|
|
}
|
|
}
|
|
--------------------------------------------------------------------------------------
|
|
|
|
# keepalived 서비스 확인 스크립트 작성
|
|
nano /etc/keepalived/check_alived.sh
|
|
--------------------------------------------------------------------------------------
|
|
#!/bin/sh
|
|
|
|
exit 0
|
|
|
|
if [ -z "`pidof nginx`" ]; then
|
|
exit 1
|
|
fi
|
|
|
|
nc -z localhost 8080 &> /dev/null
|
|
result1=$?
|
|
|
|
if [ $result1 == 1 ]; then
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
nc -z localhost 8090 &> /dev/null
|
|
result1=$?
|
|
|
|
if [ $result1 == 1 ]; then
|
|
|
|
exit 1
|
|
|
|
fi
|
|
--------------------------------------------------------------------------------------
|
|
|
|
# 스크립트 권한 설정
|
|
chmod 755 /etc/keepalived/check_alived.sh
|
|
|
|
# keepalived 서비스 실행
|
|
systemctl enable keepalived &&
|
|
systemctl start keepalived &&
|
|
systemctl status keepalived
|
|
|
|
# 가상 ip 설정 상태 확인
|
|
ip add show
|
|
|
|
--------------------------------------------------------------------------------------
|
|
--------------------------------------------------------------------------------------
|
|
--------------------------------------------------------------------------------------
|
|
|
|
# HAProxy 구성파일 편집 (서비스 포트 Healsh-check)
|
|
## 1,2번 서버 모두 동일하게 설정
|
|
nano /etc/haproxy/haproxy.cfg
|
|
--------------------------------------------------------------------------------------
|
|
#---------------------------------------------------------------------
|
|
# Example configuration for a possible web application. See the
|
|
# full configuration options online.
|
|
#
|
|
# https://www.haproxy.org/download/1.8/doc/configuration.txt
|
|
#
|
|
#---------------------------------------------------------------------
|
|
|
|
#---------------------------------------------------------------------
|
|
# Global settings
|
|
#---------------------------------------------------------------------
|
|
global
|
|
# to have these messages end up in /var/log/haproxy.log you will
|
|
# need to:
|
|
#
|
|
# 1) configure syslog to accept network log events. This is done
|
|
# by adding the '-r' option to the SYSLOGD_OPTIONS in
|
|
# /etc/sysconfig/syslog
|
|
#
|
|
# 2) configure local2 events to go to the /var/log/haproxy.log
|
|
# file. A line like the following can be added to
|
|
# /etc/sysconfig/syslog
|
|
#
|
|
# local2.* /var/log/haproxy.log
|
|
#
|
|
log 127.0.0.1:514 local2
|
|
|
|
chroot /var/lib/haproxy
|
|
pidfile /var/run/haproxy.pid
|
|
maxconn 4000
|
|
user haproxy
|
|
group haproxy
|
|
daemon
|
|
|
|
# turn on stats unix socket
|
|
stats socket /var/lib/haproxy/stats
|
|
|
|
# utilize system-wide crypto-policies
|
|
ssl-default-bind-ciphers PROFILE=SYSTEM
|
|
ssl-default-server-ciphers PROFILE=SYSTEM
|
|
|
|
#---------------------------------------------------------------------
|
|
# common defaults that all the 'listen' and 'backend' sections will
|
|
# use if not designated in their block
|
|
#---------------------------------------------------------------------
|
|
defaults
|
|
defaults
|
|
defaults
|
|
mode http
|
|
log global
|
|
option httplog
|
|
option dontlognull
|
|
option http-server-close
|
|
option forwardfor except 127.0.0.0/8
|
|
option redispatch
|
|
retries 3
|
|
timeout http-request 10s
|
|
timeout queue 1m
|
|
timeout connect 10s
|
|
timeout client 1m
|
|
timeout server 1m
|
|
timeout http-keep-alive 10s
|
|
timeout check 10s
|
|
maxconn 3000
|
|
|
|
#---------------------------------------------------------------------
|
|
# main frontend which proxys to the backends
|
|
#---------------------------------------------------------------------
|
|
frontend http_front
|
|
bind *:19200
|
|
default_backend http_back
|
|
|
|
#---------------------------------------------------------------------
|
|
# round robin balancing between the various backends
|
|
#---------------------------------------------------------------------
|
|
backend http_back
|
|
server main 10.200.31.130:9200 check fall 3 rise 2
|
|
server backup 10.200.31.132:9200 check fall 3 rise 2 backup
|
|
|
|
frontend http_front_5601
|
|
bind *:15601
|
|
default_backend http_back_5601
|
|
|
|
backend http_back_5601
|
|
server main 10.200.31.130:5601 check fall 3 rise 2
|
|
server backup 10.200.31.132:5601 check fall 3 rise 2 backup
|
|
|
|
listen hastats
|
|
mode http
|
|
bind *:9900
|
|
stats enable
|
|
stats show-legends
|
|
stats uri /haproxy-status
|
|
|
|
|
|
#---------------------------------------------------------------------
|
|
# TEST
|
|
#---------------------------------------------------------------------
|
|
frontend http_front_8080
|
|
bind *:18080
|
|
default_backend http_back_8080
|
|
|
|
|
|
backend http_back_8080
|
|
server main 10.200.31.130:8080 check fall 3 rise 2
|
|
server backup 10.200.31.132:8080 check fall 3 rise 2 backup
|
|
|
|
frontend http_front_9090
|
|
bind *:19090
|
|
default_backend http_back_9090
|
|
|
|
|
|
backend http_back_9090
|
|
server main 10.200.31.130:9090 check fall 3 rise 2
|
|
server backup 10.200.31.132:9090 check fall 3 rise 2 backup
|
|
--------------------------------------------------------------------------------------
|
|
|
|
|
|
# HAProxy 서비스 실행
|
|
systemctl enable haproxy &&
|
|
systemctl start haproxy &&
|
|
systemctl status haproxy
|
|
|
|
|
|
|
|
```
|
|
|
|
##### HAProxy 로깅
|
|
```bash
|
|
# rsyslog 구성 파일 수정
|
|
nano /etc/rsyslog.conf
|
|
|
|
--------------------------------------------------------------------------------------
|
|
...
|
|
## 아래 두줄 주석 해제
|
|
module(load="imudp") # needs to be done just once
|
|
input(type="imudp" port="514")
|
|
|
|
## 로깅 경로 추가
|
|
local2.* /var/log/haproxy/haproxy.log
|
|
local2.notice /var/log/haproxy/haproxy_notice.log
|
|
|
|
...
|
|
--------------------------------------------------------------------------------------
|
|
|
|
# rsyslog 서비스 재시작
|
|
systemctl restart rsyslog
|
|
|
|
# haproxy 구성 파일 수정
|
|
nano /etc/haproxy/haproxy.cfg
|
|
-------------------------------------------------------------------------------------
|
|
gloal
|
|
...
|
|
## 포트 추가작성(514, UDP)
|
|
log 127.0.0.1:514 local2
|
|
|
|
...
|
|
--------------------------------------------------------------------------------------
|
|
|
|
# haproxy 재시작
|
|
|
|
|
|
# 로깅파일 rotate
|
|
nano /etc/logrotate.d/haproxy
|
|
--------------------------------------------------------------------------------------
|
|
## 파일명 설정 부분 변경(범용 설정 * )
|
|
/var/log/haproxy/haproxy*.log
|
|
|
|
--------------------------------------------------------------------------------------
|
|
|
|
systemctl restart haproxy
|
|
|
|
|
|
|
|
``` |