负载均衡服务之HAProxy基础入门
首先我们来了解下haproxy是干嘛的?haproxy是一个法国人名叫Willy Tarreau开发的一个开源软件;这款软件主要用于解决客户端10000以上的同时连接的高性能的TCP和HTTP负载均衡器。其功能是用来提供基于cookie的持久性,基于内容的交换,过载保护的高级流量管制,自动故障切换,以正则表达式为基础的控制运行时间,基于web的报表,高级日志记录以帮助排除故障的应用或网络及其他功能;简单说它就是基于tcp或http协议的负载均衡器;对于负载均衡器这个概念,相信大家了解nginx的都知道吧,其实haproxy类似nginx的upstream功能;它可以基于tcp做四层负载,也可用基于http做七层负载,这一点和nginx一样(nginx是1.9.0后才支持四层代理);有关nginx的负载均衡功能的使用说明,有兴趣的朋友可以参考下本人的博客https://www.cnblogs.com/qiuhom-1874/p/12458159.html和https://www.cnblogs.com/qiuhom-1874/p/12468946.html;
有关haproxy的介绍这里就不过多阐述,有兴趣的朋友可以去参考官方网站的介绍http://www.haproxy.org;
前面聊nginx的时候我们有聊到过nginx的一个重要的功能反向代理,这里再简单回顾下,所谓代理就是“一手托两边”,什么意思呢?就是代理服务器它面向客户端一侧它扮演服务器角色,面向服务器一侧它扮演客户端角色;而反向代理就是代理服务端响应客户端的请求;我们把这种用于代理服务器响应客户端角色叫反向代理;haproxy就是一反向代理实现的软件,在基于反代的模式下,可以对后端服务器做四层或七层的负载均衡;通常情况下haproxy工作在一个流量入口的节点上,用于接收并把客户端的请求分发给不同应用的后端服务器;
简单阐述了haproxy的功能后,我们来看看haproxy的程序组成部分和配置文件;
在redhat系列的Linux上安装haproxy可以yum安装,只不过这种安装方式安装的版本比较旧,如果要使用比较新的版本的haproxy可以选择编辑安装;我们这里先用yum安装先看看haproxy怎么用吧
[root@docker_node1 ~]# yum info haproxy Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirrors.aliyun.com * extras: mirrors.cn99.com * updates: mirrors.aliyun.com Installed Packages Name : haproxy Arch : x86_64 Version : 1.5.18 Release : 9.el7 Size : 2.6 M Repo : installed From repo : base Summary : TCP/HTTP proxy and load balancer for high availability environments URL : http://www.haproxy.org/ License : GPLv2+ Description : HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high : availability environments. Indeed, it can: : - route HTTP requests depending on statically assigned cookies : - spread load among several servers while assuring server persistence : through the use of HTTP cookies : - switch to backup servers in the event a main server fails : - accept connections to special ports dedicated to service monitoring : - stop accepting connections without breaking existing ones : - add, modify, and delete HTTP headers in both directions : - block requests matching particular patterns : - report detailed status to authenticated users from a URI : intercepted by the application [root@docker_node1 ~]#
提示:haproxy在base参考的版本是1.5.18;从上面的信息可以看到haproxy的介绍和功能,有兴趣的朋友自行翻译下;yum安装这里就不多说了,接下来我们来看看haproxy的程序组成;
[root@docker_node1 ~]# rpm -ql haproxy /etc/haproxy /etc/haproxy/haproxy.cfg /etc/logrotate.d/haproxy /etc/sysconfig/haproxy /usr/bin/halog /usr/bin/iprange /usr/lib/systemd/system/haproxy.service /usr/sbin/haproxy /usr/sbin/haproxy-systemd-wrapper /usr/share/doc/haproxy-1.5.18 ……省略部分内容…… /usr/share/haproxy /usr/share/haproxy/400.http /usr/share/haproxy/403.http /usr/share/haproxy/408.http /usr/share/haproxy/500.http /usr/share/haproxy/502.http /usr/share/haproxy/503.http /usr/share/haproxy/504.http /usr/share/haproxy/README /usr/share/man/man1/halog.1.gz /usr/share/man/man1/haproxy.1.gz /var/lib/haproxy [root@docker_node1 ~]#
提示:haproxy的主程序文件是/usr/sbin/haproxy,配置文件是/etc/haproxy/haproxy.cfg,Unit file:/usr/lib/systemd/system/haproxy.service;接下来我们来看看配置文件;
[root@docker_node1 ~]# cat /etc/haproxy/haproxy.cfg #--------------------------------------------------------------------- # Example configuration for a possible web application. See the # full configuration options online. # # http://haproxy.1wt.eu/download/1.4/doc/configuration.txt # #--------------------------------------------------------------------- #--------------------------------------------------------------------- # Global settings #--------------------------------------------------------------------- global # to have these messages end up in /var/log/haproxy.log you will # need to: # # 1) configure syslog to accept network log events. This is done # by adding the '-r' option to the SYSLOGD_OPTIONS in # /etc/sysconfig/syslog # # 2) configure local2 events to go to the /var/log/haproxy.log # file. A line like the following can be added to # /etc/sysconfig/syslog # # local2.* /var/log/haproxy.log # log 127.0.0.1 local2 chroot /var/lib/haproxy pidfile /var/run/haproxy.pid maxconn 4000 user haproxy group haproxy daemon # turn on stats unix socket stats socket /var/lib/haproxy/stats #--------------------------------------------------------------------- # common defaults that all the 'listen' and 'backend' sections will # use if not designated in their block #--------------------------------------------------------------------- defaults mode http log global option httplog option dontlognull option http-server-close option forwardfor except 127.0.0.0/8 option redispatch retries 3 timeout http-request 10s timeout queue 1m timeout connect 10s timeout client 1m timeout server 1m timeout http-keep-alive 10s timeout check 10s maxconn 3000 #--------------------------------------------------------------------- #main frontend which proxys to the backends #--------------------------------------------------------------------- frontend main *:5000 acl url_static path_beg -i /static /images /javascript /stylesheets acl url_static path_end -i .jpg .gif .png .css .js use_backend static if url_static default_backend app #--------------------------------------------------------------------- # static backend for serving up images, stylesheets and such #--------------------------------------------------------------------- backend static balance roundrobin server static 127.0.0.1:4331 check #--------------------------------------------------------------------- # round robin balancing between the various backends #--------------------------------------------------------------------- backend app balance roundrobin server app1 127.0.0.1:5001 check server app2 127.0.0.1:5002 check server app3 127.0.0.1:5003 check server app4 127.0.0.1:5004 check [root@docker_node1 ~]#
提示:以上是haproxy yum安装的配置文件,其中配置文件大致分全局配置段和代理配置段,全局配置段主要配置进程及安全配置相关的参数以及性能调整相关参数;代理配置段主要有defaults配置段,该配置段主要配置frontend,backend,listen配置段默认配置,如果在后面的frontend、backend、listen中配置段有defaults配置段参数,后者生效,没有配置则继承defaults配置段的参数配置;frontend配置段主要配置前端面向客户端提供访问的接口,比如监听在那个地址的那个端口呀,相当于nginx中的server的概念;backend配置段用于定义后端服务器主机的,相当于nginx里的upstream配置段概念;而listen是同时配置前端监听端口信息和后端被代理服务器;
了解了上面配置文件的大概配置,我们接下来配置下,让haproxy代理三台web服务响应客户端请求;
首先说下实验环境,宿主机haproxy的地址是192.168.0.22:80代理172.17.0.2、3、4这三台主机(为了节省虚拟机资源,我们这里分别用docker容器来模拟三台web服务器)
后端服务器环境搭建
1、安装docker-ce
[root@docker_node1 ~]# yum install -y docker-ce
提示:安装之前需要去配置好docker的yum源仓库,推荐去阿里云yum仓库
2、拉取镜像
[root@docker_node1 ~]# docker pull httpd:2.4.37-alpine Error response from daemon: Get https://registry-1.docker.io/v2/library/httpd/manifests/2.4.37-alpine: net/http: TLS handshake timeout [root@docker_node1 ~]#
提示:这是没有配置docker加速,所以导致超时;
3、配置docker加速器
提示:登录自己的账号去阿里云控制台里找容器镜像服务-->镜像加速,右边有个操作文档,根据自己的系统选择相应的配置,然后复制下来到你自己的Linux上执行即可;配置好加速器后,在拉取镜像就比较快了;
4、运行三个不同名称的容器
提示:可以看到三个不同名称的实例运行起来了,为了区分各容器我们故意把主页的内容更改为不同的名称以示区分;
提示:把三个容器的主页更改后,需要在docker宿主机上测试是否能够访问
提示:容器运行的服务已经能够正常访问,到此后端server就准备就绪,接下来就是配置haproxy来反代这三个容器就可以了;
配置haproxy反代后端服务器
提示:以上红框中的名字必须相同,什么意思呢?就是前端调用哪个后端服务器组,后端服务器组必须得存在,否则haproxy起不来;这里说一下以上配置,以上配置表示前端myweb这个服务监听在该主机的所有地址的80端口,并把客户端的请求反代至webservers这个后端服务器组上进行响应;后端服务器webservers,定义了三个server分别是172.17.0.2、3、4;如果前端监听端口和后端服务器监听端口相同的情况下,后端服务器上可以不用谢端口的;
提示:启动haproxy后,为了验证配置文件是否有问题,需要查看下对应监听的端口是否起来了,如果配置文件有问题,启动haproxy是不会有任何提示的,我们只有查看端口来判断haproxy是否配置正确和成功启动;从上面的的信息看,我们配置的haproxy没有问题,对应80端口都启动起来了;
测试:用浏览器对192.168.0.22:80进行访问,看看是否能够响应后端服务器的主页?
提示:可以看到haproxy能够正常的把客户端的请求以轮询的方式向后端服务器反代;
以上就是haproxy最简单的使用方式,作为反代服务器代理服务端响应客户端的请求;接下来我们来说说编译安装haproxy
1、首先我们要把自己的编译环境搭建好
[root@haproxy_node1 ~]# yum groupinstall "development tools" -y
提示:通常编译环境所需要的包,在development tools这个包组中都有,所以通常我们源码编译安装都是把这个包组装上,然后编译,如果中途有报错提示我们没有哪个包,我们在安装相应的包就可以了
2、下载haproxy源码包
提示:我这个是从官网上下载后,然后上传上来的,官网是国外的一个网站,想要访问它,我们需要FQ出去才可以;
3、解压源码包,并进入到源码目录查看编译手册
[root@haproxy_node1 src]# tar xf haproxy-1.8.20.tar.gz oot@haproxy_node1 src]# cd haproxy-1.8.20 [root@haproxy_node1 haproxy-1.8.20]# ls CHANGELOG CONTRIBUTING ebtree include MAINTAINERS README ROADMAP src tests VERSION contrib doc examples LICENSE Makefile reg-tests scripts SUBVERS VERDATE [root@haproxy_node1 haproxy-1.8.20]#
提示:README就是编译手册,里面告诉我们怎么去编译安装haproxy,需要指定的那些参数等等说明;我们需要关心的是我们系统上什么架构,内核版本信息;编译的时候我们需要用ARCH来指定系统架构,用TARGET来指定内核版本,Linux2.6以上的内核版本需要指定TARGET=linux2628;其他版本信息可以对照README里的说明信息对照来指定对应的参数;除此以外我们还需要指定是否支持openssl、zip压缩、以及是否使用systemd的方式来管理服务等等信息,根据自己的需要定制编译参数;
4、指定编译参数,编译haproxy
[root@haproxy_node1 haproxy-1.8.20]# make ARCH=x86_64 TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_SYSTEMD=1 USE_CPU_AFFINITY=1 gcc -Iinclude -Iebtree -Wall -m64 -march=x86-64 -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement -fwrapv -Wno-unused-label -DCONFIG_HAP_LINUX_SPLICE -DTPROXY -DCONFIG_HAP_LINUX_TPROXY -DCONFIG_HAP_CRYPT -DUSE_ZLIB -DENABLE_POLL -DENABLE_EPOLL -DUSE_CPU_AFFINITY -DASSUME_SPLICE_WORKS -DUSE_ACCEPT4 -DNETFILTER -DUSE_THREAD -DUSE_OPENSSL -DUSE_SYSCALL_FUTEX -DUSE_SYSTEMD -DUSE_PCRE -I/usr/local/include -DCONFIG_HAPROXY_VERSION=\"1.8.20\" -DCONFIG_HAPROXY_DATE=\"2019/04/25\" -c -o src/ev_poll.o src/ev_poll.c In file included from include/types/global.h:32:0, from src/ev_poll.c:26: include/types/listener.h:29:25: fatal error: openssl/ssl.h: No such file or directory #include <openssl/ssl.h> ^ compilation terminated. make: *** [src/ev_poll.o] Error 1 [root@haproxy_node1 haproxy-1.8.20]#
提示:以上报错说没有openssl这个头文件,我们需要安装openssl-devel这个包即可
[root@haproxy_node1 haproxy-1.8.20]# yum install -y openssl-devel Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirrors.aliyun.com * extras: mirrors.huaweicloud.com * updates: mirrors.aliyun.com Resolving Dependencies --> Running transaction check ---> Package openssl-devel.x86_64 1:1.0.2k-19.el7 will be installed --> Processing Dependency: openssl-libs(x86-64) = 1:1.0.2k-19.el7 for package: 1:openssl-devel-1.0.2k-19.el7.x86_64 --> Processing Dependency: zlib-devel(x86-64) for package: 1:openssl-devel-1.0.2k-19.el7.x86_64 --> Processing Dependency: krb5-devel(x86-64) for package: 1:openssl-devel-1.0.2k-19.el7.x86_64 ……省略部分信息…… Installed: openssl-devel.x86_64 1:1.0.2k-19.el7 Dependency Installed: keyutils-libs-devel.x86_64 0:1.5.8-3.el7 krb5-devel.x86_64 0:1.15.1-37.el7_7.2 libcom_err-devel.x86_64 0:1.42.9-16.el7 libkadm5.x86_64 0:1.15.1-37.el7_7.2 libselinux-devel.x86_64 0:2.5-14.1.el7 libsepol-devel.x86_64 0:2.5-10.el7 libverto-devel.x86_64 0:0.2.5-4.el7 pcre-devel.x86_64 0:8.32-17.el7 zlib-devel.x86_64 0:1.2.7-18.el7 Dependency Updated: e2fsprogs.x86_64 0:1.42.9-16.el7 e2fsprogs-libs.x86_64 0:1.42.9-16.el7 krb5-libs.x86_64 0:1.15.1-37.el7_7.2 libcom_err.x86_64 0:1.42.9-16.el7 libselinux.x86_64 0:2.5-14.1.el7 libselinux-python.x86_64 0:2.5-14.1.el7 libselinux-utils.x86_64 0:2.5-14.1.el7 libsepol.x86_64 0:2.5-10.el7 libss.x86_64 0:1.42.9-16.el7 openssl.x86_64 1:1.0.2k-19.el7 openssl-libs.x86_64 1:1.0.2k-19.el7 zlib.x86_64 0:1.2.7-18.el7 Complete! [root@haproxy_node1 haproxy-1.8.20]#
提示:通常编译的时候报错,我们要注意看它提示我们什么,通常都是缺少某些包引起的,对应我们安装devel版包都能够解决;安装了openssl-devel这个包后,再次编译,上面的报错就不会有了;
APROXY_DATE=\"2019/04/25\" \ -DBUILD_TARGET='"linux2628"' \ -DBUILD_ARCH='"x86_64"' \ -DBUILD_CPU='"generic"' \ -DBUILD_CC='"gcc"' \ -DBUILD_CFLAGS='"-m64 -march=x86-64 -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement -fwrapv -Wno-unused-label"' \ -DBUILD_OPTIONS='"USE_ZLIB=1 USE_CPU_AFFINITY=1 USE_OPENSSL=1 USE_SYSTEMD=1 USE_PCRE=1"' \ -c -o src/haproxy.o src/haproxy.c src/haproxy.c:66:31: fatal error: systemd/sd-daemon.h: No such file or directory #include <systemd/sd-daemon.h> ^ compilation terminated. make: *** [src/haproxy.o] Error 1 [root@haproxy_node1 haproxy-1.8.20]#
提示:以上报错提示我们缺少systemd/sd-daemon.h,我们安装systemd-devel即可解决
[root@haproxy_node1 ~]# yum install -y systemd-devel Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirrors.aliyun.com * extras: mirrors.huaweicloud.com * updates: mirrors.aliyun.com Resolving Dependencies --> Running transaction check ---> Package systemd-devel.x86_64 0:219-67.el7_7.4 will be installed --> Processing Dependency: systemd-libs = 219-67.el7_7.4 for package: systemd-devel-219-67.el7_7.4.x86_64 --> Processing Dependency: systemd = 219-67.el7_7.4 for package: systemd-devel-219-67.el7_7.4.x86_64 --> Running transaction check ---> Package systemd.x86_64 0:219-42.el7 will be updated --> Processing Dependency: systemd = 219-42.el7 for package: systemd-sysv-219-42.el7.x86_64 ---> Package systemd.x86_64 0:219-67.el7_7.4 will be an update --> Processing Dependency: libcryptsetup.so.12(CRYPTSETUP_2.0)(64bit) for package: systemd-219-67.el7_7.4.x86_64 --> Processing Dependency: liblz4.so.1()(64bit) for package: systemd-219-67.el7_7.4.x86_64 --> Processing Dependency: libcryptsetup.so.12()(64bit) for package: systemd-219-67.el7_7.4.x86_64 ---> Package systemd-libs.x86_64 0:219-42.el7 will be updated ---> Package systemd-libs.x86_64 0:219-67.el7_7.4 will be an update --> Running transaction check ---> Package cryptsetup-libs.x86_64 0:1.7.4-3.el7 will be updated ---> Package cryptsetup-libs.x86_64 0:2.0.3-5.el7 will be an update ---> Package lz4.x86_64 0:1.7.5-3.el7 will be installed ---> Package systemd-sysv.x86_64 0:219-42.el7 will be updated ---> Package systemd-sysv.x86_64 0:219-67.el7_7.4 will be an update --> Finished Dependency Resolution Dependencies Resolved ==================================================================================================================== Package Arch Version Repository Size ==================================================================================================================== Installing: systemd-devel x86_64 219-67.el7_7.4 updates 208 k Installing for dependencies: lz4 x86_64 1.7.5-3.el7 base 99 k Updating for dependencies: cryptsetup-libs x86_64 2.0.3-5.el7 base 338 k systemd x86_64 219-67.el7_7.4 updates 5.1 M systemd-libs x86_64 219-67.el7_7.4 updates 411 k systemd-sysv x86_64 219-67.el7_7.4 updates 89 k Transaction Summary ==================================================================================================================== Install 1 Package (+1 Dependent package) Upgrade ( 4 Dependent packages) Total download size: 6.2 M Downloading packages: Delta RPMs disabled because /usr/bin/applydeltarpm not installed. (1/6): systemd-libs-219-67.el7_7.4.x86_64.rpm | 411 kB 00:00:00 (2/6): systemd-devel-219-67.el7_7.4.x86_64.rpm | 208 kB 00:00:00 (3/6): cryptsetup-libs-2.0.3-5.el7.x86_64.rpm | 338 kB 00:00:00 (4/6): lz4-1.7.5-3.el7.x86_64.rpm | 99 kB 00:00:00 (5/6): systemd-sysv-219-67.el7_7.4.x86_64.rpm | 89 kB 00:00:00 (6/6): systemd-219-67.el7_7.4.x86_64.rpm | 5.1 MB 00:00:01 -------------------------------------------------------------------------------------------------------------------- Total 5.4 MB/s | 6.2 MB 00:00:01 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : lz4-1.7.5-3.el7.x86_64 1/10 Updating : systemd-libs-219-67.el7_7.4.x86_64 2/10 Updating : cryptsetup-libs-2.0.3-5.el7.x86_64 3/10 Updating : systemd-219-67.el7_7.4.x86_64 4/10 Installing : systemd-devel-219-67.el7_7.4.x86_64 5/10 Updating : systemd-sysv-219-67.el7_7.4.x86_64 6/10 Cleanup : systemd-sysv-219-42.el7.x86_64 7/10 Cleanup : systemd-219-42.el7.x86_64 8/10 Cleanup : cryptsetup-libs-1.7.4-3.el7.x86_64 9/10 Cleanup : systemd-libs-219-42.el7.x86_64 10/10 Verifying : systemd-libs-219-67.el7_7.4.x86_64 1/10 Verifying : systemd-devel-219-67.el7_7.4.x86_64 2/10 Verifying : cryptsetup-libs-2.0.3-5.el7.x86_64 3/10 Verifying : systemd-219-67.el7_7.4.x86_64 4/10 Verifying : lz4-1.7.5-3.el7.x86_64 5/10 Verifying : systemd-sysv-219-67.el7_7.4.x86_64 6/10 Verifying : systemd-libs-219-42.el7.x86_64 7/10 Verifying : systemd-sysv-219-42.el7.x86_64 8/10 Verifying : systemd-219-42.el7.x86_64 9/10 Verifying : cryptsetup-libs-1.7.4-3.el7.x86_64 10/10 Installed: systemd-devel.x86_64 0:219-67.el7_7.4 Dependency Installed: lz4.x86_64 0:1.7.5-3.el7 Dependency Updated: cryptsetup-libs.x86_64 0:2.0.3-5.el7 systemd.x86_64 0:219-67.el7_7.4 systemd-libs.x86_64 0:219-67.el7_7.4 systemd-sysv.x86_64 0:219-67.el7_7.4 Complete! [root@haproxy_node1 ~]#
再次编译
-Wno-unused-label -DCONFIG_HAP_LINUX_SPLICE -DTPROXY -DCONFIG_HAP_LINUX_TPROXY -DCONFIG_HAP_CRYPT -DUSE_ZLIB -DENABLE_POLL -DENABLE_EPOLL -DUSE_CPU_AFFINITY -DASSUME_SPLICE_WORKS -DUSE_ACCEPT4 -DNETFILTER -DUSE_THREAD -DUSE_OPENSSL -DUSE_SYSCALL_FUTEX -DUSE_SYSTEMD -DUSE_PCRE -I/usr/include -DCONFIG_HAPROXY_VERSION=\"1.8.20\" -DCONFIG_HAPROXY_DATE=\"2019/04/25\" -c -o src/hash.o src/hash.c gcc -m64 -march=x86-64 -g -o haproxy src/ev_poll.o src/ev_epoll.o src/ssl_sock.o ebtree/ebtree.o ebtree/eb32sctree.o ebtree/eb32tree.o ebtree/eb64tree.o ebtree/ebmbtree.o ebtree/ebsttree.o ebtree/ebimtree.o ebtree/ebistree.o src/proto_http.o src/cfgparse.o src/server.o src/stream.o src/flt_spoe.o src/stick_table.o src/stats.o src/mux_h2.o src/checks.o src/haproxy.o src/log.o src/dns.o src/peers.o src/standard.o src/sample.o src/cli.o src/stream_interface.o src/proto_tcp.o src/backend.o src/proxy.o src/tcp_rules.o src/listener.o src/flt_http_comp.o src/pattern.o src/cache.o src/filters.o src/vars.o src/acl.o src/payload.o src/connection.o src/raw_sock.o src/proto_uxst.o src/flt_trace.o src/session.o src/ev_select.o src/channel.o src/task.o src/queue.o src/applet.o src/map.o src/frontend.o src/freq_ctr.o src/lb_fwlc.o src/mux_pt.o src/auth.o src/fd.o src/hpack-dec.o src/memory.o src/lb_fwrr.o src/lb_chash.o src/lb_fas.o src/hathreads.o src/chunk.o src/lb_map.o src/xxhash.o src/regex.o src/shctx.o src/buffer.o src/action.o src/h1.o src/compression.o src/pipe.o src/namespace.o src/sha1.o src/hpack-tbl.o src/hpack-enc.o src/uri_auth.o src/time.o src/proto_udp.o src/arg.o src/signal.o src/protocol.o src/lru.o src/hdr_idx.o src/hpack-huff.o src/mailers.o src/h2.o src/base64.o src/hash.o -lcrypt -lz -ldl -lpthread -lssl -lcrypto -ldl -lsystemd -L/usr/lib -lpcreposix -lpcre [root@haproxy_node1 haproxy-1.8.20]#
提示:再次编译就没有提示任何错误了,说明我们的编译通过了,接下来我们就可以make install 了
[root@haproxy_node1 haproxy-1.8.20]# make install PREFIX=/usr/local/haproxy install -d "/usr/local/haproxy/sbin" install haproxy "/usr/local/haproxy/sbin" install -d "/usr/local/haproxy/share/man"/man1 install -m 644 doc/haproxy.1 "/usr/local/haproxy/share/man"/man1 install -d "/usr/local/haproxy/doc/haproxy" for x in configuration management architecture peers-v2.0 cookie-options lua WURFL-device-detection proxy-protocol linux-syn-cookies network-namespaces DeviceAtlas-device-detection 51Degrees-device-detection netscaler-client-ip-insertion-protocol peers close-options SPOE intro; do \ install -m 644 doc/$x.txt "/usr/local/haproxy/doc/haproxy" ; \ done [root@haproxy_node1 haproxy-1.8.20]#
提示:安装的时候我们需要用PREFIX来指定安装的目录,其实安装的过程不外乎就是把编译好的二进制文件拷本到我们指定的目录;到此编译安装就完成了,接下来据说创建UNIT 文件
提示:该unit file 可以参考haproxy的用法来写,主要是看haproxy的选项,-f表示指定配置文件,如果-f指定的是文件,表示使用对应文件当作配置文件,如果指定目录,表示把目录下的所有文件当作配置文件;有点类似include的功能;haproxy支持同时指定多个配置文件运行;-c表示检查模式,-q表示静默模式,之所以我们即便配置文件有错我们启动的时候都不报错的原因就是启用了静默模式,我们可以不用指定该参数;-Ws表示master-worker支持单主多子进程;-p表示指定pid文件;根据上面的脚本信息,我们还需要在对应目录下创建一个配置文件,并根据haproxy的配置文件指定的用户来创建用户;
指定多个配置文件的unit file
[Unit] Description=HAProxy Load Balancer After=syslog.target network.target [Service] ExecStartPre=/usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -f /etc/haproxy/conf -c -q ExecStart=/usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -f /etc/haproxy/conf -p /run/haproxy.pid ExecReload=/bin/kill -USR2 $MAINPID [Install] WantedBy=multi-user.target
[root@haproxy_node1 haproxy]# cat haproxy.cfg global maxconn 100000 chroot /usr/local/haproxy user haproxy group haproxy daemon # nbproc 4 # cpu-map 1 0 # cpu-map 2 1 # cpu-map 3 2 # cpu-map 4 3 pidfile /run/haproxy.pid log 127.0.0.1 local3 info defaults option http-keep-alive option forwardfor maxconn 100000 mode http timeout http-request 10s timeout queue 1m timeout connect 10s timeout client 1m timeout server 1m timeout http-keep-alive 10s listen web_port bind 0.0.0.0:80 mode http log global server web1 192.168.0.22:80 check inter 3000 fall 2 rise 5 [root@haproxy_node1 haproxy]#
提示:以上配置信息,在后续的博客中会着重去说,这里先不解释,先把服务跑起来再说;从上面的配置看,我们还需要在系统上创建一个haproxy的用户;当然如果你不想创建用户你可以选择一个你系统上现有用户即可;建议用haproxy用户去启动haproxy;并且把haproxy用户的shell类型设置成/sbin/nologin
[root@haproxy_node1 haproxy]# useradd -s /sbin/nologin haproxy [root@haproxy_node1 haproxy]# id haproxy uid=1000(haproxy) gid=1000(haproxy) groups=1000(haproxy) [root@haproxy_node1 haproxy]#
接下来我们尝试用systemctl start haproxy来启动服务看看对应的80服务是否能够起来
提示:在启动前,我们还需要把/usr/local/haproxy/sbin/haproxy 给软连接至/usr/sbin/下,因为我们在unit file里写的是这个路径;除此之外还要执行systemctl daemon-reload 让systemctl 把haproxy加载到systemd管理;
测试:我们用浏览器访问192.168.0.21:80,看看是否访问得到我们之前的三台httpd服务?
提示:以上能够访问到的原因是,我在上面的配置文件中用listen 指令指定了监听*:80对应的后端主机上192.168.0.22:80;在最开始的时候我们就用192.168.0.22:80反代后面三台容器;这里相当于是两层反代结构,用户请求发送到192.168.0.21:80,然后192.168.0.21把用户请求反代之192.168.0.22:80,然后192.168.0.22把请求反代之后端的172.17.0.2、3、4这三台容器上,所以我们在浏览器看到的就是后端容器响应的结果;到此haproxy编译安装就完成了;后续我会持续更新haproxy的其他配置相关博客,有兴趣的朋友可以点点关注,共同学习;