HAproxy 配置
简介
HAProxy是一个使用C语言编写的自由及开放源代码软件,其提供高可用性、负载均衡,以及基于TCP和HTTP的应用程序代理 |
HAProxy特别适用于那些负载特大的web站点,这些站点通常又需要会话保持或七层处理。HAProxy运行在当前的硬件上,完全可以支持数以万计的并发连接。并且它的运行模式使得它可以很简单安全地整合进用户当前的架构中, 同时可以保护用户的web服务器不被暴露到网络上 |
HAProxy实现了一种事件驱动, 单一进程模型,此模型支持非常大的并发连接数。多进程或多线程模型受内存限制 、系统调度器限制以及无处不在的锁限制,很少能处理数千并发连接。事件驱动模型因为在有更好的资源和时间管理的用户空间(User-Space) 实现所有这些任务,所以没有这些问题。此模型的弊端是,在多核系统上,这些程序通常扩展性较差。这就是为什么他们必须进行优化以 使每个CPU时间片(Cycle)做更多的工作 |
主机配置信息
主机节点 | 安装的服务 | IP配置 | 操作系统 |
---|---|---|---|
k8s-master | haproxy | Net:10.10.20.10 | Centos8-Stream |
k8s-worker01 | httpd | Net:10.10.20.20 | Centos8-Stream |
k8s-worker02 | httpd | Net:10.10.20.30 | Centos8-Stream |
配置主机名和主机IP映射
#k8s-master
[root@localhost ~]# hostnamectl set-hostname k8s-master
[root@localhost ~]# bash
[root@k8s-master ~]# cat >>/etc/hosts<<EOF
10.10.20.10 k8s-master
10.10.20.20 k8s-worker01
10.10.20.30 k8s-worker02
EOF
#k8s-worker01
[root@localhost ~]# hostnamectl set-hostname k8s-worker01
[root@localhost ~]# bash
[root@k8s-worker01 ~]# cat >>/etc/hosts<<EOF
10.10.20.10 k8s-master
10.10.20.20 k8s-worker01
10.10.20.30 k8s-worker02
EOF
#k8s-worker02
[root@localhost ~]# hostnamectl set-hostname k8s-worker02
[root@localhost ~]# bash
[root@k8s-worker02 ~]# cat >>/etc/hosts<<EOF
10.10.20.10 k8s-master
10.10.20.20 k8s-worker01
10.10.20.30 k8s-worker02
EOF
关闭防火墙和selinux
#三个节点均执行,这里以master演示
[root@k8s-master ~]# systemctl disable --now firewalld
[root@k8s-master ~]# vi /etc/selinux/config
SELINUX=disabled
[root@k8s-master ~]# reboot
配置yum源
#使用阿里云yum源,三个节点均执行,这里以master演示
[root@k8s-master ~]# mkdir /etc/yum.repos.d/Centos8
[root@k8s-master ~]# mv /etc/yum.repos.d/CentOS-Stream-* /etc/yum.repos.d/Centos8
[root@k8s-master ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-vault-8.5.2111.repo
[root@k8s-master ~]# sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
[root@k8s-master ~]# yum clean all
0 files removed
[root@k8s-master ~]# yum makecache
Worker节点安装httpd服务
k8s-worker01:
[root@k8s-worker01 ~]# dnf -y install httpd
[root@k8s-worker01 ~]# echo 'I,forgive all sentient beings!' > /var/www/html/index.html
[root@k8s-worker01 ~]# cat /var/www/html/index.html
I,forgive all sentient beings!
[root@k8s-worker01 ~]# systemctl enable --now httpd
k8s-worker02:
[root@k8s-worker02 ~]# dnf -y install httpd
[root@k8s-worker02 ~]# echo 'What is a dream?' > /var/www/html/index.html
[root@k8s-worker02 ~]# cat /var/www/html/index.html
What is a dream?
[root@k8s-worker02 ~]# systemctl enable --now httpd
HAproxy(仅在master上安装)
官方安装包网址:https://www.haproxy.org/download/
源码安装包网址:https://src.fedoraproject.org/repo/pkgs/haproxy/ (这个可能下载的快一点)
编译环境
dnf -y install make wget gcc pcre-devel bzip2-devel openssl-devel systemd-devel --allowerasing
下载haproxy包,此次采用2.8.0版本
wget https://src.fedoraproject.org/repo/pkgs/haproxy/haproxy-2.8.0.tar.gz /sha512/4197e94df3d4ab8b27487146181335422358a097f7d50188b40ae23263c58ddeab6d17d9ed91e93d239a7fccec2fa58319e3f2cf07ac589c79fd78a3839c2b81/haproxy-2.8.0.tar.gz
解压安装包,编译,安装
[root@k8s-master ~]# tar xf haproxy-2.8.0.tar.gz
[root@k8s-master ~]# cd haproxy-2.8.0
[root@k8s-master haproxy-2.8.0]# ls
addons BSDmakefile dev include MAINTAINERS reg-tests SUBVERS VERSION
admin CHANGELOG doc INSTALL Makefile scripts tests
BRANCHES CONTRIBUTING examples LICENSE README src VERDATE
[root@k8s-master haproxy-2.8.0]# make clean
make -j $(grep 'processor' /proc/cpuinfo |wc -l) \
TARGET=linux-glibc \
USE_OPENSSL=1 \
USE_ZLIB=1 \
USE_PCRE=1 \
USE_SYSTEMD=1
[root@k8s-master haproxy-2.8.0]# make install PREFIX=/usr/local/haproxy
[root@k8s-master haproxy-2.8.0]# cp haproxy /usr/sbin/
设置Linux内核参数
[root@k8s-master haproxy-2.8.0]# cat >>/etc/sysctl.conf<<EOF
net.ipv4.ip_nonlocal_bind = 1
net.ipv4.ip_forward = 1
EOF
#注意空格
创建haproxy用户
[root@k8s-master ~]# useradd -r -M -s /sbin/nologin haproxy
编写haproxy服务
[root@k8s-master ~]# mkdir /etc/haproxy
[root@k8s-master ~]# vi /etc/haproxy/haproxy.cfg
global
log 127.0.0.1 local0 info
#log loghost local0 info
maxconn 20480
#chroot /usr/local/haproxy
pidfile /var/run/haproxy.pid
#maxconn 4000
user haproxy
group haproxy
daemon
#---------------------------------------------------------------------
#common defaults that all the 'listen' and 'backend' sections will
#use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option dontlognull
option httpclose
option httplog
#option forwardfor
option redispatch
balance roundrobin
timeout connect 10s
timeout client 10s
timeout server 10s
timeout check 10s
maxconn 60000
retries 3
#--------------统计页面配置------------------#
listen admin_stats
bind 0.0.0.0:8084
stats enable
mode http
log global
stats uri /haproxy-stats #设置访问网页后缀URL
stats realm Haproxy\ Statistics
stats auth admin:admin #设置用户名和密码
#stats hide-version
stats admin if TRUE
stats refresh 30s
#---------------web设置-----------------------#
listen webcluster
bind 0.0.0.0:80
mode http
#option httpchk GET /index.html
log global
maxconn 3000
balance roundrobin
cookie SESSION_COOKIE insert indirect nocache
server k8s-worker01 10.10.20.20:80 check inter 2000 fall 5
server k8s-worker02 10.10.20.30:80 check inter 2000 fall 5
编写haproxy.service服务单元
[root@k8s-master ~]# vi /usr/lib/systemd/system/haproxy.service
[Unit]
Description=HAProxy Load Balancer
After=syslog.target network.target
[Service]
ExecStartPre=/usr/local/haproxy/sbin/haproxy -f /etc/haproxy/haproxy.cfg -c -q
ExecStart=/usr/local/haproxy/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid
ExecReload=/bin/kill -USR2 $MAINPID
[Install]
WantedBy=multi-user.target
#保存所有配置
[root@k8s-master ~]# systemctl daemon-reload
配置日志信息
[root@k8s-master ~]# vi /etc/rsyslog.conf
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
local0.* /var/log/haproxy.log #在这里加这一行
#重启日志
[root@k8s-master ~]# systemctl restart rsyslog
[root@k8s-master ~]# systemctl enable rsyslog
启动haproxy服务
#直接启动
[root@k8s-master ~]# systemctl enable --now haproxy.service
Created symlink /etc/systemd/system/multi-user.target.wants/haproxy.service → /usr/lib/systemd/system/haproxy.service.
#用haproxy命令启动
[root@k8s-master ~]# haproxy -f /etc/haproxy/haproxy.cfg -c
Configuration file is valid #上述命令的执行结果
#查看端口
[root@k8s-master ~]# ss -antlup | grep haproxy
tcp LISTEN 0 2048 0.0.0.0:80 0.0.0.0:* users:(("haproxy",pid=18772,fd=8))
tcp LISTEN 0 2048 0.0.0.0:8084 0.0.0.0:* users:(("haproxy",pid=18772,fd=7))
测试效果
[root@k8s-master ~]# curl http://10.10.20.10
I,forgive all sentient beings!
[root@k8s-master ~]# curl http://10.10.20.10
What is a dream?
[root@k8s-master ~]# curl http://10.10.20.10
I,forgive all sentient beings!
[root@k8s-master ~]# curl http://10.10.20.10
What is a dream?
[root@k8s-master ~]# curl http://10.10.20.10
I,forgive all sentient beings!
[root@k8s-master ~]# curl http://10.10.20.10
What is a dream?
Web界面访问
地址为:http://10.10.20.10:8084/haproxy-stats 用户和密码均为:admin