HAProxy:关于Linux下HAProxy自动化部署

举报
山河已无恙 发表于 2022/12/28 10:43:32 2022/12/28
【摘要】 写在前面学习 OKD ,里面的路由组件通过 HAproxy 实现所以这里学习 HAproxy,博文内容涉及手工部署 HAproxy编写 Ansible 角色自动部署 HAproxy理解不足小伙伴帮忙指正 傍晚时分,你坐在屋檐下,看着天慢慢地黑下去,心里寂寞而凄凉,感到自己的生命被剥夺了。当时我是个年轻人,但我害怕这样生活下去,衰老下去。在我看来,这是比死亡更可怕的事。--------王小波H...

写在前面


  • 学习 OKD ,里面的路由组件通过 HAproxy 实现
  • 所以这里学习 HAproxy,博文内容涉及
  • 手工部署 HAproxy
  • 编写 Ansible 角色自动部署 HAproxy
  • 理解不足小伙伴帮忙指正

傍晚时分,你坐在屋檐下,看着天慢慢地黑下去,心里寂寞而凄凉,感到自己的生命被剥夺了。当时我是个年轻人,但我害怕这样生活下去,衰老下去。在我看来,这是比死亡更可怕的事。--------王小波


HAProxy 是一种免费、非常快速且可靠的反向代理,可为基于 TCP 和 HTTP 的应用程序提供 高可用性、 负载平衡和代理。它特别适用于流量非常大的网站,并为世界上访问量最大的网站中的很大一部分提供支持。多年来,它已成为事实上的标准开源负载均衡器,现在随大多数主流 Linux 发行版一起提供,并且通常默认部署在云平台中。

HAProxy 核心团队并行维护多个版本。从1.8版本开始,每年发布两个主要版本。第一个数字通常表示重大更改(配置格式等),但实际上很少更改。第二位数字表示新功能。两者构成一个分支。这些数字后面会出现一个额外的数字,表示错误修复版本。

对应负载均衡来讲性能对比: LVS > HAProxy > Nginx ,一般情况下 HAProxyNginx 做七层代理,因为可以会话保持,LVS 做四层的负载均衡.

手动安装配置

┌──[root@liruilongs.github.io]-[~]
└─$rpm -ql haproxy || yum -y install yum -y install haproxy18.x86_64

安装版本

┌──[root@vms.154.liruilongs.github.io]-[~]
└─$haproxy18 -v
HA-Proxy version 1.8.27-493ce0b 2020/11/06
Copyright 2000-2020 Willy Tarreau <willy@haproxy.org>rpm 

安装之后我们来分析一下配置文件,配置注释写的很清楚,完整的配置文件配置我们可以参考 http://haproxy.1wt.eu/download/1.8/doc/configuration.txt

作为一个代理服务器,配置相对简单。

┌──[root@vms.154.liruilongs.github.io]-[~]
└─$rpm -qc haproxy18
/etc/haproxy18/haproxy.cfg
/etc/logrotate.d/haproxy18
/etc/sysconfig/haproxy18

修改配置文件,配置文件默认有一个配置 Demo。直接修改就可以,同时默认做了动静分离的配置,不同的版本配置文件略有差异,所以要以对应的配置 Demo 为准,

┌──[root@vms.154.liruilongs.github.io]-[~]
└─$cat /etc/haproxy18/haproxy.cfg
#---------------------------------------------------------------------
# Example configuration for a possible web application.  See the
# full configuration options online.
#
#   https://www.haproxy.org/download/1.8/doc/configuration.txt
#
#---------------------------------------------------------------------

#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
    # to have these messages end up in /var/log/haproxy.log you will
    # need to:
    #
    # 1) configure syslog to accept network log events.  This is done
    #    by adding the '-r' option to the SYSLOGD_OPTIONS in
    #    /etc/sysconfig/syslog
    #
    # 2) configure local2 events to go to the /var/log/haproxy.log
    #   file. A line like the following can be added to
    #   /etc/sysconfig/syslog
    #
    #    local2.*                       /var/log/haproxy.log
    #
    log         127.0.0.1 local2

    chroot      /var/lib/haproxy18
    pidfile     /var/run/haproxy18.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon

    # turn on stats unix socket
    stats socket /var/lib/haproxy18/stats

#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000

#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend main
    bind *:5000
    acl url_static       path_beg       -i /static /images /javascript /stylesheets
    acl url_static       path_end       -i .jpg .gif .png .css .js

    use_backend static          if url_static
    default_backend             app

#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
#---------------------------------------------------------------------
backend static
    balance     roundrobin
    server      static 127.0.0.1:4331 check

#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
backend app
    balance     roundrobin #  可以的负载方式 static-rr,rdp-cookie,hdr, url_param ,url,  source,leastconn   
    server  app1 192.168.29.152:5001 check 
    server  app2 192.168.26.152:5002 check

#server 关键字,指服务器
#web1,web2 为服务器名,可以和主机名相同,也可以不相同
#192.168.2.100:80  真实后端服务器的地址和访问端口
#check  健康检查的关键字
listen haproxystats
    bind  *:5009
    stats refresh 30s
    stats uri /stats
    stats realm Haproxy Manager
    stats auth admin:admin    

这里在原来的配置文件中加了监控页面。启动服务

┌──[root@vms.154.liruilongs.github.io]-[~]
└─$systemctl restart haproxy18.service

然后我们需要做一些准备工作。对应的负载机器使用 python 自带的 httpServer 模块发布服务

192.168.26.152:5002

┌──[root@vms152.liruilongs.github.io]-[~/vms152.liruilongs.github.io]
└─$touch 192.168.26.152:5002
┌──[root@vms152.liruilongs.github.io]-[~/vms152.liruilongs.github.io]
└─$coproc  python -m SimpleHTTPServer 5002
[1] 22913

192.168.29.152:5001

[root@vms152 vm15]# touch 192.168.29.152:5001
[root@vms152 vm15]# coproc python -m SimpleHTTPServer 5001
[1] 14384

当前主机提供静态文件 192.168.26.154:4331

┌──[root@vms.154.liruilongs.github.io]-[~]
└─$coproc  python -m SimpleHTTPServer 4331
[1] 9841

访问测试,默认为加权轮询

┌──[root@liruilongs.github.io]-[~]
└─$ curl 192.168.26.154:5000 -s | grep '<li>'
<li><a href="192.168.26.152%3A5002">192.168.26.152:5002</a>
┌──[root@liruilongs.github.io]-[~]
└─$ curl 192.168.26.154:5000 -s | grep '<li>'
<li><a href="192.168.29.152%3A5001">192.168.29.152:5001</a>
┌──[root@liruilongs.github.io]-[~]
└─$

健康检查,把 192.168.26.152:5002 的服务干掉

┌──[root@vms152.liruilongs.github.io]-[~/vms152.liruilongs.github.io]
└─$kill %1

负载全部到了 192.168.29.155:5001

┌──[root@liruilongs.github.io]-[~]
└─$ curl 192.168.26.154:5000 -s | grep '<li>'
<li><a href="192.168.29.152%3A5001">192.168.29.152:5001</a>
┌──[root@liruilongs.github.io]-[~]
└─$ curl 192.168.26.154:5000 -s | grep '<li>'
<li><a href="192.168.29.152%3A5001">192.168.29.152:5001</a>
┌──[root@liruilongs.github.io]-[~]
└─$ curl 192.168.26.154:5000 -s | grep '<li>'
<li><a href="192.168.29.152%3A5001">192.168.29.152:5001</a>
┌──[root@liruilongs.github.io]-[~]
└─$

监控页面查看

在这里插入图片描述在这里插入图片描述

Ansible自动化部署角色编写

安装比较简单,没有其他的逻辑,所以角色编写简单,这里如果涉及防火墙之类,需要添加角色依赖

角色创建

┌──[root@vms81.liruilongs.github.io]-[~/ansible]
└─$ansible-galaxy init role-haproxy18 --init-path ./roles/
- Role role-haproxy18 was created successfully
┌──[root@vms81.liruilongs.github.io]-[~/ansible]
└─$ansible-galaxy list | grep ha
- role-haproxy18, (unknown version)

任务执行,访问测试

┌──[root@vms81.liruilongs.github.io]-[~/ansible]
└─$echo "192.168.26.154" > haproxy_list
┌──[root@vms81.liruilongs.github.io]-[~/ansible]
└─$ansible-playbook deploy_haproxy.yaml -i haproxy_list
┌──[root@vms81.liruilongs.github.io]-[~/ansible]
└─$curl 192.168.26.154:5000 -s | grep /a
<li><a href="192.168.29.152%3A5001">192.168.29.152:5001</a>
在这里插入图片描述在这里插入图片描述

角色任务执行的剧本

┌──[root@vms81.liruilongs.github.io]-[~/ansible]
└─$cat deploy_haproxy.yaml
- name: Ensure HAProxy is deployed
  hosts: all
  force_handlers: True

  roles:
    - role: role-haproxy18
      haproxy_port: 5000
      haproxy_appservers:
      - name: 192.168.26.152
        ip: 192.168.26.152
        backend_port: 5002
      - name: 192.168.29.152
        ip: 192.168.29.152
        backend_port: 5001

主任务文件

┌──[root@vms81.liruilongs.github.io]-[~/ansible]
└─$cat roles/role-haproxy18/tasks/main.yml
---
# tasks file for role-haproxy18

- name: config aliyun repo
  yum_repository:
    name: aliyunrepo
    description: aliyun repo
    baseurl: http://mirrors.aliyun.com/centos/$releasever/os/$basearch/
    gpgcheck: no


# tasks file for haproxydd
- name: Ensure haproxy packages are present
  yum:
    name:
      - haproxy18
      - socat
    state: present

- name: Ensure haproxy is started and enabled
  service:
    name: haproxy18
    state: started
    enabled: yes

- name: Ensure haproxy configuration is set
  template:
    src: haproxy.cfg.j2
    dest: /etc/haproxy18/haproxy.cfg
  notify: reload haproxy

处理器文件

┌──[root@vms81.liruilongs.github.io]-[~/ansible]
└─$cat roles/role-haproxy18/handlers/main.yml
---
# handlers file for role-haproxy18

- name: restart haproxy
  service:
    name: haproxy18
    state: restarted

- name: reload haproxy
  service:
    name: haproxy18
    state: reloaded

默认变量

┌──[root@vms81.liruilongs.github.io]-[~/ansible]
└─$cat roles/role-haproxy18/defaults/main.yml
---
# defaults file for role-haproxy18
# Log-level for HAProxy logs
haproxy_log_level: info

# Port exposed to clients
haproxy_port: 80

# Name for the default backend
haproxy_backend_name: app

# Port backend is exposed to
haproxy_backend_port: 80

# The appservers variable is a list
# of backend servers that provide
# the web service that is proxied
# haproxy.  Each server must define:
# name, address, port. Below is
# and example structure:
# haproxy_appservers: []
#   - name: serverb.lab.example.com
#     ip_address: 1.2.3.4
#     port: 5000
#   - name: serverc.lab.example.com
#     ip_address: 1.2.3.5
#     port: 5000
# The default is no defined backend servers.
haproxy_appservers: []

# Haproxy Manager
haproxy_stats_port: 29999
stats_url: /stats
stats_user: admin
stats_pass: admin

# Socket used to communicate with haproxy service. DO NOT CHANGE
haproxy_socket: /var/run/haproxy.sock

配置文件模板文件

┌──[root@vms81.liruilongs.github.io]-[~/ansible]
└─$cat roles/role-haproxy18/templates/haproxy.cfg.j2
#---------------------------------------------------------------------
# Example configuration for a possible web application.  See the
# full configuration options online.
#
#   https://www.haproxy.org/download/1.8/doc/configuration.txt
#
#---------------------------------------------------------------------

#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
    # to have these messages end up in /var/log/haproxy.log you will
    # need to:
    #
    # 1) configure syslog to accept network log events.  This is done
    #    by adding the '-r' option to the SYSLOGD_OPTIONS in
    #    /etc/sysconfig/syslog
    #
    # 2) configure local2 events to go to the /var/log/haproxy.log
    #   file. A line like the following can be added to
    #   /etc/sysconfig/syslog
    #
    #    local2.*                       /var/log/haproxy.log
    #
    log         127.0.0.1 local2 {{ haproxy_log_level }}

    chroot      /var/lib/haproxy18
    pidfile     /var/run/haproxy18.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon

    # turn on stats unix socket
    stats socket {{ haproxy_socket }} level admin

#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000

#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend main
    bind *:{{ haproxy_port }}
  # acl url_static       path_beg       -i /static /images /javascript /stylesheets
  # acl url_static       path_end       -i .jpg .gif .png .css .js

   # use_backend static          if url_static
    default_backend              {{ haproxy_backend_name }}

#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
#---------------------------------------------------------------------
#backend static
   # balance     roundrobin
   # server      static 127.0.0.1:4331 check

#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------

backend {{ haproxy_backend_name }}
    balance     roundrobin
{% for server in haproxy_appservers %}
    server {{ server.name }} {{ server.ip }}:{{ server.backend_port }} check
{% endfor %}


listen haproxystats
    bind  *:{{ haproxy_stats_port }}
    stats refresh 30s
    stats uri {{ stats_url  }}
    stats realm Haproxy Manager
    stats auth {{ stats_user }}:{{ stats_pass }}


┌──[root@vms81.liruilongs.github.io]-[~/ansible]
└─$

博文参考


https://www.haproxy.org/

【版权声明】本文为华为云社区用户原创内容,转载时必须标注文章的来源(华为云社区)、文章链接、文章作者等基本信息, 否则作者和本社区有权追究责任。如果您发现本社区中有涉嫌抄袭的内容,欢迎发送邮件进行举报,并提供相关证据,一经查实,本社区将立刻删除涉嫌侵权内容,举报邮箱: cloudbbs@huaweicloud.com
  • 点赞
  • 收藏
  • 关注作者

评论(0

0/1000
抱歉,系统识别当前为高风险访问,暂不支持该操作

全部回复

上滑加载中

设置昵称

在此一键设置昵称,即可参与社区互动!

*长度不超过10个汉字或20个英文字符,设置后3个月内不可修改。

*长度不超过10个汉字或20个英文字符,设置后3个月内不可修改。