読者です 読者をやめる 読者になる 読者になる

labunix's blog

labunixのラボUnix

1台のsqueeze(apache2)でHAProxyを導入

1台のsqueeze(apache2)でHAProxyを導入
 ぼっちで試す。

$ sudo apt-get install -y haproxy apache2
$ grep Usage /etc/init.d/haproxy
	echo "Usage: /etc/init.d/haproxy {start|stop|reload|restart|status}"

■「0」で無く無ければ「exit 0」って普通にやろうよw。

$ test "$ENABLED" == "1" || exit 0

$ grep ENABLE /etc/default/haproxy /etc/init.d/haproxy 
/etc/default/haproxy:# Set ENABLED to 1 if you want the init script to start haproxy.
/etc/default/haproxy:ENABLED=0
/etc/init.d/haproxy:ENABLED=0
/etc/init.d/haproxy:test "$ENABLED" != "0" || exit 0

■バランシングするIPを生成

 Wheezy/Squeezeにkeepalivedを導入、VRRPで仮想IPにアクセス。
 http://d.hatena.ne.jp/labunix/20130618

 Wheezy/SqueezeでKeepalived+LVS(IPVS)構成(NAT)にする
 http://d.hatena.ne.jp/labunix/20130624

$ sudo sysctl -p
net.ipv4.ip_forward = 1

$ sudo apt-get install -y keepalived
$ sudo cp /usr/share/doc/keepalived/samples/keepalived.conf.vrrp \
    /etc/keepalived/keepalived.conf

$ cat /etc/keepalived/keepalived.conf 
! Configuration File for keepalived

global_defs {
   notification_email {
     labunix
   }
   notification_email_from lvs_51
   smtp_server 192.168.152.11
   smtp_connect_timeout 30
   #router_id LVS_DEVEL
}


vrrp_instance VI_1 {
    state MASTER
    interface eth0
    garp_master_delay 10
    smtp_alert
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.152.16
        192.168.152.17
        192.168.152.18

	# optional label. should be of the form "realdev:sometext" for
	# compatibility with ifconfig.
	#192.168.200.18 label eth0:1
    }
}

include /etc/keepalived/with_lvs.conf

■LVSは監視間隔を甘めに。また、DRのラウンドロビン構成で行う。

$ cat /etc/keepalived/with_lvs.conf 
virtual_server_group HTTP51 {
    192.168.152.16 80
    192.168.152.17 80
    192.168.152.18 80
}

virtual_server group HTTP51 {
    delay_loop 3
    lb_algo rr
    lb_kind DR
    protocol TCP

    real_server 192.168.152.11 80 {
        weight 1
        HTTP_GET {
            url {
                path /check.html
                status_code 200
            }
            connect_timeout 30
            nb_get_retry 3
            delay_before_retry 10
        }
    }
}

■チェック用コンテンツの準備とログの抑制

$ sudo touch /var/www/check.html
$ sudo sed -i s/"CustomLog.*"/'SetEnvIf Request_URI "/check.html" nolog'"\n\t"'SetEnvIf Request_URI "\\\*" nolog'"\n\t&"' env=!nolog'/ \
  /etc/apache2/sites-available/default
$ grep -A 2 "Set.*check" /etc/apache2/sites-available/default
        SetEnvIf Request_URI "/check.html" nolog
        SetEnvIf Request_URI "\*" nolog
        CustomLog ${APACHE_LOG_DIR}/access.log combined env=!nolog

$ sudo /etc/init.d/apache2 restart


■ipvsadmの構成と再起動
 keepalivedのinitスクリプトの最後にipvsadmコマンドを空実行するよう書くだけでも出来たりする。

$ sudo dpkg-reconfigure ipvsadm
$ sudo /etc/init.d/ipvsadm restart

■keepalivedを再起動

$ sudo /etc/init.d/keepalived restart

■haproxy.cfgを最小構成にする。
 細かいことは抜きにして。

$ sudo cp /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.org
$ cat /etc/haproxy/haproxy.cfg
# this config needs haproxy-1.1.28 or haproxy-1.2.1

global
	log 127.0.0.1	local0 debug
	maxconn 4096
	#chroot /usr/share/haproxy
	user haproxy
	group haproxy
	daemon
	#debug
	#quiet

defaults
	log	global
	mode	http
	option	httplog
	option	dontlognull
	retries	3
	option redispatch
	maxconn	2000
	contimeout	5000
	clitimeout	50000
	srvtimeout	50000

listen	appli5-backup 0.0.0.0:10005
	option	httpchk /check.html
	balance	roundrobin
	cookie	SERVERID insert indirect nocache
	server	inst1 192.168.152.16:80 cookie server01 check inter 2000 fall 3
	server	inst2 192.168.152.17:80 cookie server02 check inter 2000 fall 3
	server	inst3 192.168.152.18:80 backup check inter 2000 fall 3
	capture cookie ASPSESSION len 32
	srvtimeout	20000

	option	httpclose		# disable keep-alive
	option  checkcache		# block response if set-cookie & cacheable

	rspidel ^Set-cookie:\ IP=	# do not let this cookie tell our internal IP address
	
	errorfile	400	/etc/haproxy/errors/400.http
	errorfile	403	/etc/haproxy/errors/403.http
	errorfile	408	/etc/haproxy/errors/408.http
	errorfile	500	/etc/haproxy/errors/500.http
	errorfile	502	/etc/haproxy/errors/502.http
	errorfile	503	/etc/haproxy/errors/503.http
	errorfile	504	/etc/haproxy/errors/504.http

$ grep ^ENABLE /etc/default/haproxy 
ENABLED=1
$ sudo /etc/init.d/haproxy restart
Restarting haproxy: haproxy.
$ sudo /etc/init.d/haproxy status
haproxy is running.

$ netstat -an | grep 10005
tcp        0      0 0.0.0.0:10005           0.0.0.0:*               LISTEN     

■チェック

$ for n in `seq 16 18`;do echo -n "$n,";w3m -dump -no-proxy http://192.168.152.${n} | head -1;done
16,It works!
17,It works!
18,It works!

$ for n in `seq 16 18`;do echo -n "$n,";w3m -dump -no-proxy http://192.168.152.${n}:10005 | head -1;done
16,Received cookie: SERVERID=server01
It works!
17,Received cookie: SERVERID=server02
It works!
18,Received cookie: SERVERID=server01
It works!